Department of Homeland Security: Progress Made in Implementation 
of Management and Mission Functions, but More Work Remains	 
(13-FEB-08, GAO-08-457T).					 
                                                                 
The Department of Homeland Security (DHS) began operations in	 
March 2003 with missions that include preventing terrorist	 
attacks from occurring within the United States, reducing U.S.	 
vulnerability to terrorism, minimizing damages from attacks that 
occur, and helping the nation recover from any attacks. GAO has  
reported that the implementation and transformation of DHS is an 
enormous management challenge and that the size, complexity, and 
importance of the effort make the challenge especially daunting  
and critical to the nation's security. GAO's prior work on	 
mergers and acquisitions found that successful transformations of
large organizations, even those faced with less strenuous	 
reorganizations than DHS, can take at least 5 to 7 years to	 
achieve. This testimony is based on GAO's August 2007 report	 
evaluating DHS's progress between March 2003 and July 2007,	 
selected reports issued since July 2007, and our institutional	 
knowledge of homeland security issues.				 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-08-457T					        
    ACCNO:   A80732						        
  TITLE:     Department of Homeland Security: Progress Made in	      
Implementation of Management and Mission Functions, but More Work
Remains 							 
     DATE:   02/13/2008 
  SUBJECT:   Accountability					 
	     Agency missions					 
	     Combating terrorism				 
	     Critical infrastructure				 
	     Critical infrastructure protection 		 
	     Emergency management				 
	     Emergency preparedness				 
	     Emergency response 				 
	     Emergency response plans				 
	     Federal agency reorganization			 
	     Financial management				 
	     Homeland security					 
	     Internal controls					 
	     Performance measures				 
	     Program management 				 
	     Risk assessment					 
	     Risk management					 
	     Strategic planning 				 
	     Terrorism						 
	     Terrorists 					 
	     Program goals or objectives			 
	     Program implementation				 
	     Transparency					 
	     GAO High Risk Series				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-08-457T

   

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Subcommittee on Homeland Security, Committee on 
Appropriations, House of Representatives: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 10:00 a.m. EST: 

Wednesday, February 13, 2008: 

Department Of Homeland Security: 

Progress Made in Implementation of Management and Mission Functions, 
but More Work Remains: 

Statement of David M. Walker: 

Comptroller General of the United States: 

GAO-08-457T: 

GAO Highlights: 

Highlights of GAO-08-457T, testimony before the Subcommittee on 
Homeland Security, Committee on Appropriations, House of 
Representatives. 

Why GAO Did This Study: 

The Department of Homeland Security (DHS) began operations in March 
2003 with missions that include preventing terrorist attacks from 
occurring within the United States, reducing U.S. vulnerability to 
terrorism, minimizing damages from attacks that occur, and helping the 
nation recover from any attacks. GAO has reported that the 
implementation and transformation of DHS is an enormous management 
challenge and that the size, complexity, and importance of the effort 
makes the challenge especially daunting and critical to the nationï¿½s 
security. GAOï¿½s prior work on mergers and acquisitions found that 
successful transformations of large organizations, even those faced 
with less strenuous reorganizations than DHS, can take at least 5 to 7 
years to achieve. This testimony is based on GAOï¿½s August 2007 report 
evaluating DHSï¿½s progress between March 2003 and July 2007; selected 
reports issued since July 2007; and our institutional knowledge of 
homeland security issues. 

What GAO Found: 

Since its establishment, DHS has made progress in implementing its 
management and mission functions in the areas of acquisition, 
financial, human capital, information technology, and real property 
management; border security; immigration enforcement and services; 
aviation, surface transportation, and maritime security; emergency 
preparedness and response; critical infrastructure protection; and 
science and technology. In general, DHS has made more progress in its 
mission areas than in its management areas, reflecting an initial focus 
on protecting the homeland. While DHS has made progress in implementing 
its functions in each management and mission area, we identified 
challenges remaining in each of these areas. These challenges include 
providing appropriate oversight for contractors; improving financial 
management and controls; implementing a performance-based human capital 
management system; implementing information technology management 
controls; balancing trade facilitation and border security; improving 
enforcement of immigration laws, enhancing transportation security; and 
effectively coordinating the mitigation and response to all hazards. 

Key issues that have affected DHSï¿½s implementation efforts include 
agency transformation, strategic planning and results management, risk 
management, information sharing, partnerships and coordination, and 
accountability and transparency. For example, GAO designated DHSï¿½s 
implementation and transformation as high-risk. While DHS has made 
progress in transforming its component agencies into a fully 
functioning department, it has not yet addressed key elements of the 
transformation process, such as developing a comprehensive 
transformation strategy. DHS must also develop a transition and 
succession plan to guide the transition of management functions to a 
new Administration, as required by legislation. DHS has set a target 
time frame for completing this plan. DHS also has not always 
implemented effective strategic planning efforts and has not yet fully 
developed performance measures for some of its programs. DHS has begun 
to develop performance goals and measures in an effort to strengthen 
its ability to measures its progress in key areas. We commend DHSï¿½s 
efforts and have agreed to work with the department to provide input to 
help strengthen established measures. DHS also has not yet fully 
adopted and applied a risk management approach in implementing its 
mission functions. Although some DHS components have taken steps to do 
so, this approach has not yet been implemented departmentwide. 

DHSï¿½s 5 year anniversary provides an opportunity for the department to 
review how it has matured as an organization. As part of our broad 
range of work reviewing DHS management and mission programs, GAO will 
continue to assess DHSï¿½s progress in addressing high-risk issues. In 
particular, GAO will continue to assess the progress made by the 
department in its transformation and information sharing efforts, and 
assessing whether any progress made is sustainable over the long term. 

What GAO Recommends: 

While this testimony contains no new recommendations, GAO has made 
approximately 900 recommendations to DHS to strengthen departmental 
operations. DHS has implemented some of these recommendations and taken 
actions to address others. 

To view the full product, including the scope and methodology, click on 
[hyperlink, http://www.GAO-08-457T]. For more information, contact Norm 
Rabkin at (202) 512-8777. 

[End of section] 

Mr. Chairman and Members of the Subcommittee: 

I appreciate the opportunity to appear today to discuss the Department 
of Homeland Security's (DHS) efforts to implement its management and 
mission functions. DHS began operations in March 2003 with missions 
that include preventing terrorist attacks from occurring within the 
United States, reducing U.S. vulnerability to terrorism, minimizing 
damages from attacks that occur, and helping the nation recover from 
any attacks. The department has initiated and continued the 
implementation of various policies and programs to address these 
missions as well as its nonhomeland security functions.[Footnote 1] DHS 
has also taken a number of actions designed to integrate its management 
functions and to transform its component agencies into an effective 
cabinet-level department. Prior to the creation of DHS, we testified on 
whether the reorganization of government agencies might better address 
the nation's homeland security needs.[Footnote 2] At that time, we 
identified that the nation had a unique opportunity to create an 
effective and performance-based organization to strengthen the nation's 
ability to protect its borders and citizens. We noted that the 
magnitude of the challenges that the new department would face would 
require substantial time and effort to overcome and that the 
implementation of the new department would be extremely complex. 

In 2003 we designated the implementation and transformation of DHS as 
high-risk because it represented an enormous undertaking that would 
require time to achieve in an effective and efficient manner.[Footnote 
3] We further identified that the components that became part of the 
department already faced a wide array of existing challenges, and any 
failure to effectively carry out its mission would expose the nation to 
potentially serious consequences. In designating the implementation and 
transformation of DHS as high-risk, we noted that building an effective 
department would require consistent and sustained leadership from top 
management to ensure the needed transformation of disparate agencies, 
programs, and missions into an integrated organization. Our prior work 
on mergers and acquisitions, undertaken before the creation of DHS, 
found that successful transformations of large organizations, even 
those faced with less strenuous reorganizations than DHS, can take at 
least 5 to 7 years to achieve. 

Given our nation's current fiscal condition, it is critically important 
for federal departments--including DHS--to operate as efficiently as 
possible in carrying out their missions. I have spoken extensively 
about the fiscal crisis our nation faces with the coming retirement of 
the baby boom generation and the related growth in entitlement 
spending. The current financial condition in the United States is worse 
than is widely understood and is not sustainable. Meeting the long-term 
fiscal challenge will require (1) significant entitlement reform; (2) 
reprioritizing, restructuring, and constraining other spending 
programs; and (3) additional revenues--such as through a reformed tax 
system. These efforts will require bipartisan cooperation and 
compromise. 

In August 2007, we reported on the progress DHS had made since its 
inception in implementing its management and mission 
functions.[Footnote 4] We identified specific actions that DHS was to 
achieve based on legislation, homeland security presidential 
directives, DHS strategic planning documents, and other sources, and 
reported on the progress the department made in implementing these 
actions. 

My testimony addresses the progress made by DHS in implementing its 
management and mission functions in the areas of acquisition, 
financial, human capital, information technology, and real property 
management; border security; immigration enforcement; immigration 
services; aviation, surface transportation, and maritime security; 
emergency preparedness and response; critical infrastructure and key 
resources protection; and science and technology. My testimony also 
addresses key issues that have affected the department's implementation 
efforts. These key issues include agency transformation, strategic 
planning and results management, risk management, information sharing, 
partnerships and coordination, and accountability and transparency. My 
statement is based on the results of our August 2007 report evaluating 
the extent to which DHS has achieved congressional and Administration 
expectations set out for DHS in its management and mission areas; 
selected products we issued on DHS since July 2007; and our 
institutional knowledge of homeland security and various government 
organizational and management issues. For our August 2007 report on DHS 
progress, we conducted our work from September 2006 to July 2007. We 
updated this work with selected reports in February 2008. We conducted 
our work in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives. 

Summary: 

DHS has made progress in implementing its management and mission 
functions. For example, in its management areas DHS has made progress 
in: 

* implementing a strategic sourcing program to increase the 
effectiveness of its buying power; 

* taking steps to prepare corrective action plans for its internal 
control weaknesses; 

* issuing plans for its human capital system; 

* taking actions to establish and institutionalize information 
technology management controls; and: 

* developing an asset management plan for its real property. 

In its mission areas, DHS has made progress in: 

* refining the screening of foreign visitors to the United States and 
providing training for border personnel; 

* conducting immigration enforcement actions at worksites and reducing 
its backlog of immigration benefit applications; 

* strengthening passenger, baggage, and air cargo screening at 
airports; 

* establishing security standards and conducting assessments and 
inspections of surface transportation modes; 

* developing programs for collecting information on incoming ships and 
working with the private sector to improve and validate supply chain 
security; 

* enhancing emergency preparedness and response capabilities, such as 
issuing a revised National Response Framework; 

* identifying and assessing critical infrastructure threats and 
vulnerabilities; and: 

* coordinating with federal, state, local, and private sector entities 
on homeland security technologies. 

However, we identified challenges remaining in each of these areas. 
These challenges include: 

* providing appropriate oversight for contractors; 

* improving financial management controls and correcting internal 
control weaknesses; 

* implementing a performance-based human capital management system; 

* refining and implementing controls for information technology 
management; 

* improving the regulation of commercial trade while ensuring 
protection against the entry of illegal goods and dangerous visitors at 
U.S. ports of entry; 

* improving enforcement of immigration laws, including worksite 
immigration laws, and the provision of immigration services; 

* fully integrating risk-based decision-making into some transportation 
security programs; and: 

* coordinating with states and first responders as they train and 
practice under a revised National Response Framework. 

A variety of cross-cutting issues have affected DHS's efforts to 
implement its management and mission functions. These key issues are 
agency transformation, strategic planning and results management, risk 
management, information sharing, partnerships and coordination, and 
accountability and transparency. 

* We initially designated the implementation and transformation of DHS 
as a high-risk area because it represented an enormous undertaking that 
would require time to achieve and the components that were merged into 
DHS already faced a wide array of existing challenges. We continued 
this designation in 2005 and 2007 in part because DHS's management 
systems and functions were not yet fully integrated and wholly 
operational.[Footnote 5] We have recommended, among other things, that 
agencies on the high-risk list produce a corrective action plan that 
defines the root causes of identified problems, identifies effective 
solutions to those problems, and provides for substantially completing 
corrective measures in the near term. As of February 2008, DHS had not 
yet completed such a corrective action plan. Moving forward, it will 
also be important for DHS to develop comprehensive plans for managing 
the upcoming transition between administrations to ensure continuity in 
operations and minimize vulnerabilities, as required by legislation. 

& DHS has not always implemented effective strategic planning efforts 
and has not yet fully developed performance measures or put in place 
structures to help ensure that the agency is managing for results. For 
example, we have reported that some DHS component agencies have 
encountered challenges in developing outcome-based goals and measures 
to assess the performance of its programs. Since issuance of our August 
2007 report, DHS has begun to develop performance goals and measures 
for some areas in an effort to strengthen its ability to measures its 
progress in key management and mission areas. We commend DHS's efforts 
to measure its progress in these areas and have agreed to work with the 
department to provide input to help strengthen established measures. 

* Although the Secretary of Homeland Security has identified risk-based 
decision making as a cornerstone of departmental policy, we have 
reported that DHS can strengthen its efforts in applying risk-based 
principles in support of its investment decisions. Some DHS component 
agencies, such as the Coast Guard, have taken steps to apply risk-based 
decision making in implementing some of its mission functions. However, 
other components have not utilized such an approach or could strengthen 
risk management efforts. To help support the application of risk-based 
principles in homeland security investment decisions, I convened an 
expert forum on risk management in October 2007 to discuss effective 
risk management practices, challenges in implementing risk management 
in homeland security, and solutions to address existing challenges. We 
expect to share the results of this forum over the next few months. 

* We designated information sharing for homeland security as high-risk 
in part because the nation lacked an implemented set of governmentwide 
policies and processes for sharing terrorism-related information. The 
federal government has issued a strategy for how it will put in place 
the overall framework and policies for sharing information with 
critical partners and an implementation plan for the "information 
sharing environment" required by the Intelligence Reform and Terrorism 
Prevention Act of 2004, as amended. However, this environment remains 
in the planning stage, and we have noted that completing the 
environment is a complex task that will take multiple years and long- 
term administration and congressional support and oversight and will 
pose cultural, operational, and technical challenges that will require 
a collaborated response. DHS has taken some steps to implement its 
information sharing responsibilities, such as providing support for 
information "fusion" centers.[Footnote 6] 

* DHS has faced some challenges in developing effective partnerships 
with other federal, state, local, private and nonprofit sector, and 
international stakeholders, and in clarifying the roles and 
responsibilities of these various partners. The National Strategy for 
Homeland Security underscores the importance of DHS partnering with 
other stakeholders. DHS has taken action to strengthen partnerships and 
coordination efforts with public and private sector entities, such as 
partnering with the Department of Transportation to strengthen the 
security of surface modes of transportation, airlines to improve 
aviation passenger and cargo screening, and the maritime shipping 
industry to facilitate containerized cargo inspections. However, more 
work remains as DHS seeks to form effective partnerships to leverage 
resource and effectively carry out its homeland security 
responsibilities. 

* Accountability and transparency are critical to the department 
effectively integrating its management functions and implementing its 
mission responsibilities. We have reported that it is important that 
DHS make its management or operational decisions transparent enough so 
that Congress can be sure that it is effectively, efficiently, and 
economically using the funding it receives annually[Footnote 7]. We 
have encountered delays at DHS in obtaining access to needed 
information. Over the past year, we have discussed ways to resolve 
access issues with DHS, and our access has improved in certain areas. 
For example, TSA has worked with us to improve their process for 
providing us access to documentation. However, we continue to believe 
that DHS needs to make systematic changes to its policies and 
procedures for providing information to GAO to increase the 
transparency of its efforts. Legislation enacted in December 2007 
reinforces this position by restricting a portion of funds appropriated 
to the DHS Office of Secretary and Executive Management until DHS 
certifies and reports that it has revised its departmental guidance for 
working with GAO and the DHS Office of Inspector General (IG) and 
directing DHS to make these revisions in consultation with GAO and the 
DHS I[Footnote 8]G. We look forward to collaborating with the 
department on proposed revisions to its guidance. 

Background: 

In July 2002 President Bush issued the National Strategy for Homeland 
Security. The strategy set forth overall objectives to prevent 
terrorist attacks within the United States, reduce America's 
vulnerability to terrorism, and minimize the damage and assist in the 
recovery from attacks that occur. The strategy further identified a 
plan to strengthen homeland security through the cooperation and 
partnering of federal, state, local, and private sector organizations 
on an array of functions. It also specified a number of federal 
departments, as well as nonfederal organizations, that have important 
roles in securing the homeland, with DHS having key responsibilities in 
implementing established homeland security mission areas. This strategy 
was updated and reissued in October 2007. 

In November 2002 the Homeland Security Act of 2002 was enacted into 
law, creating DHS. The act defined the department's missions to include 
preventing terrorist attacks within the United States; reducing U.S. 
vulnerability to terrorism; and minimizing the damages and assisting in 
the recovery from attacks that occur within the United States. The act 
further specified major responsibilities for the department, including 
the analysis of information and protection of infrastructure; 
development of countermeasures against chemical, biological, 
radiological, and nuclear, and other emerging terrorist threats; 
securing U.S. borders and transportation systems; and organizing 
emergency preparedness and response efforts. DHS began operations in 
March 2003. Its establishment represented a fusion of 22 federal 
agencies to coordinate and centralize the leadership of many homeland 
security activities under a single department.[Footnote 9] 

We have evaluated many of DHS's management functions and programs since 
the department's establishment and have issued over 400 related 
products. In particular, in August 2007 we reported on the progress DHS 
had made since its inception in implementing its management and mission 
functions.[Footnote 10] We also reported on broad themes that have 
underpinned DHS's implementation efforts, such as agency 
transformation, strategic planning, and risk management. Over the past 
5 years, we have made approximately 900 recommendations to DHS on ways 
to improve operations and address key themes, such as to develop 
performance measures and set milestones for key programs and implement 
internal controls to help ensure program effectiveness. DHS has 
implemented some of these recommendations, taken actions to address 
others, and taken other steps to strengthen its mission activities and 
facilitate management integration. 

DHS Has Made Progress in Implementing Its Management and Mission 
Functions but Has Faced Challenges in Its Implementation Efforts: 

DHS has made progress in implementing its management and mission 
functions in the areas of acquisition, financial, human capital, 
information technology, and real property management; border security; 
immigration enforcement; immigration services; aviation, surface 
transportation, and maritime security; emergency preparedness and 
response; critical infrastructure and key resources protection; and 
science and technology. Overall, DHS made more progress in implementing 
its mission functions than its management functions, reflecting an 
initial focus on implementing efforts to secure the homeland. DHS has 
had to undertake these critical missions while also working to 
transform itself into a fully functioning cabinet department--a 
difficult undertaking for any organization and one that can take, at a 
minimum, 5 to 7 years to complete even under less daunting 
circumstances. As DHS continues to mature as an organization, we have 
reported that it will be important that it works to strengthen its 
management areas since the effectiveness of these functions will 
ultimately impact its ability to fulfill its mission to protect the 
homeland. 

Management Areas: 

Acquisition Management. DHS's acquisition management efforts include 
managing the use of contracts to acquire goods and services needed to 
fulfill or support the agency's missions, such as information systems, 
new technologies, aircraft, ships, and professional services. Overall, 
DHS has made progress in implementing a strategic sourcing program to 
increase the effectiveness of its buying power and in creating a small 
business program. However, DHS's progress toward creating a unified 
acquisition organization has been hampered by various policy decisions. 
In September 2007 we reported on continued acquisition oversight issues 
at DHS, identifying that the department had not fully ensured proper 
oversight of its contractors providing services closely supporting 
inherently government functions.[Footnote 11] For example, we found 
that DHS program officials did not assess the risk that government 
decisions may be influenced by, rather than independent from, 
contractor judgments. Federal acquisitions policy requires enhanced 
oversight of contractors providing professional and management support 
services that can affect government decision making, support or 
influence policy development, or affect program management. However, 
most of the DHS program officials and contracting officers we spoke 
with were unaware of this requirement, and, in general, did not believe 
that their professional and management support service contracts 
required enhanced oversight. We made several recommendations to DHS to 
address these issues, including that DHS establish strategic-level 
guidance for determining the appropriate mix of government and 
contractor employees to meet mission needs; assess program office staff 
and expertise necessary to provide sufficient oversight of selected 
contractor services; and review contracts for selected services as part 
of the acquisition oversight program. 

Financial Management. DHS's financial management efforts include 
consolidating or integrating component agencies' financial management 
systems. In general, since its establishment, DHS has been unable to 
obtain an unqualified or "clean" audit opinion on its financial 
statements. For fiscal year 2007, the independent auditor issued a 
disclaimer on DHS's financial statements and identified eight 
significant deficiencies in DHS's internal controls over financial 
reporting, seven of which were so serious that they qualified as 
material weaknesses. DHS has taken steps to prepare corrective action 
plans for its internal control weaknesses by, for example, developing 
and issuing a departmentwide strategic plan for the corrective action 
plan process and holding workshops on corrective action plans. Until 
these weaknesses are resolved, DHS will not be in a position to provide 
reliable, timely, and useful financial data to support day-to-day 
decision making. 

Human Capital Management. DHS's key human capital management areas 
include pay, performance management, classification, labor relations, 
adverse actions, employee appeals, and diversity management. Congress 
provided DHS with significant flexibility to design a modern human 
capital management system, and in October 2004 DHS issued its human 
capital strategic plan. DHS and the Office of Personnel Management 
jointly released the final regulations on DHS's new human capital 
system in February 2005. Although DHS intended to implement the new 
personnel system in the summer of 2005, court decisions enjoined the 
department from implementing certain labor management portions of the 
system. DHS has since taken actions to implement its human capital 
system. In July 2005 DHS issued its first departmental training plan, 
and in April 2007, it issued its Fiscal Year 2007 and 2008 Human 
Capital Operational Plan. However, more work remains for DHS to fully 
implement its human capital system, including developing a market-based 
and performance-oriented pay system. 

Information Technology Management. DHS's information technology 
management efforts should include developing and using an enterprise 
architecture, or corporate blueprint, as an authoritative frame of 
reference to guide and constrain system investments; defining and 
following a corporate process for informed decision making by senior 
leadership about competing information technology investment options; 
applying system and software development and acquisition discipline and 
rigor when defining, designing, developing, testing, deploying, and 
maintaining systems; establishing a comprehensive, departmentwide 
information security program to protect information and systems; having 
sufficient people with the right knowledge, skills, and abilities to 
execute each of these areas now and in the future; and centralizing 
leadership for extending these disciplines throughout the organization 
with an empowered Chief Information Officer. DHS has undertaken efforts 
to establish and institutionalize the range of information technology 
management controls and capabilities noted above that our research and 
past work have shown are fundamental to any organization's ability to 
use technology effectively to transform itself and accomplish mission 
goals. However, the department has significantly more to do before each 
of its management controls and capabilities is fully in place and is 
integral to how each system investment is managed. For example, in 
September 2007 we reported on our assessment of DHS's information 
technology human capital plan.[Footnote 12] We found that DHS's plan 
was largely consistent with federal guidance and associated best 
practices. In particular, the plan fully addressed 15 and partially 
addressed 12 of 27 practices set forth in the Office of Personnel 
Management's human capital framework. However, we reported that DHS's 
overall progress in implementing the plan had been limited. We 
recommended, among other things, that roles and responsibilities for 
implementing the information technology human capital plan and all 
supporting plans be clearly defined and understood. Moreover, DHS has 
not fully implemented a comprehensive information security program. 
While it has taken actions to ensure that its certification and 
accreditation activities are completed, the department has not shown 
the extent to which it has strengthened incident detection, analysis, 
and reporting and testing activities. 

Real Property Management. DHS's responsibilities for real property 
management are specified in Executive Order 13327, "Federal Real 
Property Asset Management," and include the establishment of a Senior 
Real Property Officer, development of an asset inventory, and 
development and implementation of an asset management plan and 
performance measures. In June 2006, the Office of Management and Budget 
(OMB) upgraded DHS's Real Property Asset Management Score from red to 
yellow after DHS developed an Asset Management Plan, developed a 
generally complete real property data inventory, submitted this 
inventory for inclusion in the governmentwide real property inventory 
database, and established performance measures consistent with Federal 
Real Property Council standards.[Footnote 13] DHS also designated a 
Senior Real Property Officer. 

Mission Areas: 

Border Security. DHS's border security mission includes detecting and 
preventing terrorists and terrorist weapons from entering the United 
States; facilitating the orderly and efficient flow of legitimate trade 
and travel; interdicting illegal drugs and other contraband; 
apprehending individuals who are attempting to enter the United States 
illegally; inspecting inbound and outbound people, vehicles, and cargo; 
and enforcing laws of the United States at the border. DHS has made 
some progress in, for example, refining the screening of foreign 
visitors to the United States and providing training and personnel 
necessary to fulfill border security missions. In particular, as of 
December 2006 DHS had a pre-entry screening capability in place in 
overseas visa issuance offices and an entry identification capability 
at 115 airports, 14 seaports, and 154 of 170 land ports of 
entry.[Footnote 14] Furthermore, in November 2007 we reported on 
traveler inspections at ports of entry and found that U.S. Customs and 
Border Protection (CBP) had some success in identifying inadmissible 
aliens and other violators.[Footnote 15] However, we also identified 
weaknesses in CBP's operations at ports of entry and have reported on 
challenges DHS faced in implementing its comprehensive border 
protection system, called SBInet, and in leveraging technology, 
personnel, and information to secure the border. For example, in our 
November 2007 report on traveler inspections, we identified weaknesses 
in CBP's operations, including not verifying the nationality and 
admissibility of each traveler, which could increase the potential that 
terrorists and inadmissible travelers could enter the United States. In 
July 2007, CBP issued detailed procedures for conducting inspections, 
including requiring field office managers to assess compliance with 
these procedures. However, CBP had not established internal controls to 
ensure that field office managers share their assessments with CBP 
headquarters to help ensure that the new procedures were consistently 
implemented across all ports of entry and reduced the risk of failed 
traveler inspections. We recommended that DHS implement internal 
controls to help ensure that field office directors communicate to 
agency management the results of their monitoring and assessment 
efforts and formalize a performance measure for the traveler inspection 
program that identifies CBP's effectiveness in apprehending 
inadmissible aliens and other violators. 

Immigration Enforcement. DHS's immigration enforcement mission includes 
apprehending, detaining, and removing criminal and illegal aliens; 
disrupting and dismantling organized smuggling of humans and contraband 
as well as human trafficking; investigating and prosecuting those who 
engage in benefit and document fraud; blocking and removing employers' 
access to undocumented workers; and enforcing compliance with programs 
to monitor visitors. Over the past several years, DHS has strengthened 
some aspects of immigration enforcement. For example, since fiscal year 
2004 U.S. Immigration and Customs Enforcement (ICE) has reported 
increases in the number of criminal arrests and indictments for 
worksite enforcement violations. ICE also has begun to introduce 
principles of risk management into the allocation of its investigative 
resources. However, ICE has faced challenges in ensuring the removal of 
criminal aliens from the United States. The agency has also lacked 
outcome-based performance goals and measures for some its programs, 
making it difficult for the agency and others to fully determine 
whether its programs are achieving their desired outcomes. 

Immigration Services. DHS's immigration services mission includes 
administering immigration benefits and working to reduce immigration 
benefit fraud. Although DHS has made progress in reducing its backlog 
of immigration benefit applications, improvements are still needed in 
the provision of immigration services, particularly by strengthening 
internal controls to prevent fraud and inaccuracy. U.S. Citizenship and 
Immigration Services (USCIS) has established a focal point for 
immigration fraud, outlined a fraud control strategy that relies on the 
use of automation to detect fraud, and has performed some fraud 
assessments to identify the extent and nature of fraud for certain 
benefits. However, USCIS has faced challenges in establishing a case 
management system to manage applications and provide management 
information and making other technological enhancements to its 
application and adjudication processes, such as collecting and storing 
biometric information on applicants and expanding its online 
application filing capabilities. In July 2007, we reported on USCIS's 
transformation efforts, noting that USCIS's transformation plans 
partially or fully addressed most key practices for organizational 
transformations.[Footnote 16] For example, USCIS had taken initial 
steps in addressing problems identified during past efforts to 
modernize by establishing a Transformation Program Office that reports 
directly to the USCIS Deputy Director to ensure leadership commitment; 
dedicating people and resources to the transformation; establishing a 
mission, vision, and integrated strategic goals; focusing on a key set 
of priorities and defining core values; and involving employees. 
However, we found that more attention was needed in the areas of 
performance management, strategic human capital management, 
communications, and information technology management. We recommended 
that DHS document specific performance measures and targets, increase 
focus on strategic human capital management, complete a comprehensive 
communications strategy, and continue developing sufficient information 
technology management practices. 

Aviation Security. DHS's aviation security mission includes 
strengthening airport security; providing and training a screening 
workforce; prescreening passengers against terrorist watch lists; and 
screening passengers, baggage, and cargo. Since the Transportation 
Security Administration (TSA) was established in 2001, it has focused 
much of its effort on aviation security and has developed and 
implemented a variety of programs and procedures to secure commercial 
aviation. For example, TSA has undertaken efforts to strengthen airport 
security; hire and train a screening workforce; prescreen passengers 
against terrorist watch lists; and screen passengers, baggage, and 
cargo. TSA has implemented these efforts in part to meet numerous 
mandates for strengthening aviation security placed on the agency 
following the September 11, 2001, terrorist attacks. However, DHS has 
faced challenges in developing and implementing a program to match 
domestic airline passenger information against terrorist watch lists; 
fielding needed technologies to screen airline passengers for 
explosives; and fully integrating risk-based decision making into some 
of its programs. In November 2007, we reported that TSA continued to 
face challenges in preventing unauthorized items from being taken 
through airport checkpoints.[Footnote 17] Our independent testing 
identified that while in most cases transportation security officers 
appeared to follow TSA's procedures and used technology appropriately, 
weaknesses and other vulnerabilities existed in TSA's screening 
procedures. 

Surface Transportation Security. DHS's surface transportation security 
mission includes establishing security standards and conducting 
assessments and inspections of surface transportation modes, including 
passenger and freight rail, mass transit, highways, commercial 
vehicles, and pipelines. Although TSA initially focused much of its 
effort and resources on meeting legislative mandates to strengthen 
commercial aviation security after September 11, 2001, TSA has more 
recently placed additional focus on securing surface modes of 
transportation, including establishing security standards and 
conducting assessments and inspections of surface transportation modes 
such as passenger and freight rail. However, more work remains for DHS 
in developing and issuing security standards for all surface 
transportation modes and in more fully defining the roles and missions 
of its inspectors in enforcing security requirements. 

Maritime Security. DHS's maritime security responsibilities include 
port and vessel security, maritime intelligence, and maritime supply 
chain security. DHS has developed national and regional plans for 
maritime security and response and a national plan for recovery, and it 
has ensured the completion of vulnerability assessments and security 
plans for port facilities and vessels. DHS has also developed programs 
for collecting information on incoming ships and working with the 
private sector to improve and validate supply chain security. However, 
DHS has faced challenges in implementing certain maritime security 
responsibilities including, for example, a program to control access to 
port secure areas and to screen incoming cargo for radiation. In 
October 2007, we testified on DHS's overall maritime security efforts 
as they related to the Security and Accountability for Every (SAFE) 
Port Act of 2006.[Footnote 18] In that testimony we noted that DHS had 
improved security efforts by establishing committees to share 
information with local port stakeholders and taking steps to establish 
interagency operations centers to monitor port activities, conducting 
operations such as harbor patrols and vessel escorts, writing port- 
level plans to prevent and respond to terrorist attacks, testing such 
plans through exercises, and assessing security at foreign ports. We 
further reported that DHS had strengthened the security of cargo 
containers through enhancements to its system for identifying high-risk 
cargo and expanding partnerships with other countries to screen 
containers before they are shipped to the United States. However, we 
reported on challenges faced by DHS in its cargo security efforts, such 
as CBP's requirement to test and implement a new program to screen 100 
percent of all incoming containers overseas--a departure from its 
existing risk-based programs. Among our recommendations were that DHS 
develop strategic plans, better plan the use of its human capital, 
establish performance measures, and otherwise improve program 
operations. 

Emergency Preparedness and Response. DHS's emergency management 
mission, now primarily consolidated in the Federal Emergency Management 
Agency (FEMA), includes prevention, mitigation, preparedness for, 
response to, and immediate recovery from major disasters and 
emergencies of all types, whether the result of nature or acts of man. 
The goal is to minimize damage from major disasters and emergencies by 
working with other federal agencies, state and local governments, 
nongovernment organizations, and the private sector to plan, equip, 
train, and practice needed skills and capabilities to build a national, 
coordinated system of emergency management. The Post-Katrina Emergency 
Management Reform Act of 2006 specifies a number of responsibilities 
for FEMA and DHS in the area of emergency preparedness and response 
designed to address many of the problems identified in the various 
assessments of the preparation for and response to Hurricane Katrina. 
It addresses such issues as roles and responsibilities, operational 
planning, capabilities assessments, and exercises to test needed 
capabilities. DHS has taken some actions intended to improve readiness 
and response based on our work and the work of congressional committees 
and the Administration. For example, in January 2008 DHS issued a 
revised National Response Framework intended to further clarify federal 
roles and responsibilities and relationships among federal, state, and 
local governments and responders, among others. However, these 
revisions have not yet been tested. DHS has also made structural 
changes in response to the Post-Katrina Emergency Management Reform Act 
that, among other things, are designed to strengthen FEMA. DHS has also 
announced a number of other actions to improve readiness and response. 
However, until states and first responders have an opportunity to train 
and practice under some of these changes, it is unclear what impact, if 
any, they will have on strengthening DHS's emergency preparedness and 
response capabilities. 

Critical Infrastructure and Key Resources Protection. DHS's critical 
infrastructure and key resources protection activities include 
developing and coordinating implementation of a comprehensive national 
plan for critical infrastructure protection, developing partnerships 
with stakeholders and information sharing and warning capabilities, and 
identifying and reducing threats and vulnerabilities. DHS has developed 
a national plan for critical infrastructure and key resources 
protection and undertaken efforts to develop partnerships and to 
coordinate with other federal, state, local and private sector 
stakeholders. DHS has also made progress in identifying and assessing 
critical infrastructure threats and vulnerabilities. For example, in 
July and October 2007 we reported on critical infrastructure sectors' 
sector-specific plans.[Footnote 19] We reported that although nine of 
the sector-specific plans we reviewed generally met National 
Infrastructure Protection Plan requirements and DHS's sector-specific 
plan guidance, eight plans did not address incentives the sectors would 
use to encourage owners to conduct risk assessments, and some plans 
were more comprehensive than others when discussing their physical, 
human, and cyber assets, systems, and functions. We recommended that 
DHS better (1) define its critical infrastructure information needs and 
(2) explain how the information will be used to attract more users. We 
also reported that the extent to which the sectors addressed aspects of 
cyber security in their sector-specific plans varied and that none of 
the plans fully addressed all 30 cyber security-related criteria. DHS 
officials said that the variance in the plans can primarily be 
attributed to the levels of maturity and cultures of the sectors, with 
the more mature sectors--sectors with preexisting relationships and a 
history of working together--generally having more comprehensive and 
complete plans than more newly established sectors without similar 
prior relationships. Regarding cyber security, we recommended a 
September 2008 deadline for sector-specific agency plans to fully 
address cyber-related criteria. Although DHS has made progress in these 
areas, it has faced challenges in sharing information and warnings on 
attacks, threats, and vulnerabilities and in providing and coordinating 
incident response and recovery planning efforts. For example, we 
identified a number of challenges to DHS's Homeland Security 
Information Network, including its coordination with state and local 
information sharing initiatives.[Footnote 20] 

Science and Technology. DHS's science and technology efforts include 
coordinating the federal government's civilian efforts to identify and 
develop countermeasures to chemical, biological, radiological, nuclear, 
and other emerging terrorist threats. DHS has taken steps to coordinate 
and share homeland security technologies with federal, state, local, 
and private sector entities. However, DHS has faced challenges in 
assessing threats and vulnerabilities and developing countermeasures to 
address those threats. With regard to nuclear detection capabilities, 
in September 2007 we reported on DHS's testing of next generation 
radiation detection equipment.[Footnote 21] In particular, we reported 
that the Domestic Nuclear Detection Office (DNDO) used biased test 
methods that enhanced the performance of the next generation equipment 
and that, in general, the tests did not constitute an objective and 
rigorous assessment of this equipment. We recommended that DNDO delay 
any purchase of this equipment until all tests have been completed, 
evaluated, and validated. 

Cross-cutting Issues Have Hindered DHS's Implementation Efforts: 

Our work has identified cross-cutting issues that have hindered DHS's 
progress in its management and mission areas. We have reported that 
while it is important that DHS continue to work to strengthen each of 
its core management and mission functions, it is equally important that 
these key issues be addressed from a comprehensive, departmentwide 
perspective to help ensure that the department has the structure and 
processes in place to effectively address the threats and 
vulnerabilities that face the nation. These issues are: (1) 
transforming and integrating DHS's management functions; (2) engaging 
in effective strategic and transition planning efforts and establishing 
baseline performance goals and measures; (3) applying and improving a 
risk management approach for implementing missions and making resource 
allocation decisions; (4) sharing information with key stakeholders; 
and (5) coordinating and partnering with federal, state, local, and 
private sector agencies entities. In addition, accountability and 
transparency are critical to the department effectively integrating its 
management functions and implementing its mission responsibilities. 

Agency Transformation: 

DHS has faced an enormous management challenge in its transformation 
efforts as it works to integrate 22 component agencies. Each component 
agency brought differing missions, cultures, systems, and procedures 
that the new department had to efficiently and effectively integrate 
into a single, functioning unit. At the same time it has weathered 
these growing pains, DHS has had to fulfill its various homeland 
security and other missions. DHS has developed a strategic plan, is 
working to integrate some management functions, and has continued to 
form necessary partnerships to achieve mission success. Nevertheless, 
in 2007 we reported that DHS's implementation and transformation 
remained high-risk because DHS had not yet developed a comprehensive 
management integration strategy and its management systems and 
functionsï¿½especially related to acquisition, financial, human capital, 
and information managementï¿½were not yet fully integrated and wholly 
operational. We identified that this array of management and 
programmatic challenges continued to limit DHS's ability to carry out 
its roles under the National Strategy for Homeland Security in an 
effective, risk-based way. 

We have recommended, among other things, that agencies on the high-risk 
list produce a corrective action plan that defines the root causes of 
identified problems, identifies effective solutions to those problems, 
and provides for substantially completing corrective measures in the 
near term. Such a plan should include performance metrics and 
milestones, as well as mechanisms to monitor progress. OMB has stressed 
to agencies the need for corrective action plans for individual high- 
risk areas to include specific goals and milestones. GAO has said that 
such a concerted effort is critical and that our experience has shown 
that perseverance is critical to resolving high-risk issues. In the 
spring of 2006, DHS provided us with a draft corrective action plan 
that did not contain key elements we have identified as necessary for 
an effective corrective action plan, including specific actions to 
address identified objectives. As of February 2008, DHS had not yet 
completed a corrective action plan. According to DHS, the department 
plans to use its revised strategic plan, which is at OMB for final 
review, as the basis for its corrective action plan. 

The significant challenges DHS has experienced in integrating its 
disparate organizational cultures and multiple management processes and 
systems make it an appropriate candidate for a Chief Operating Officer/ 
Chief Management Officer (COO/CMO) as a second deputy position or 
alternatively as a principal undersecretary for management position. 
Designating the Undersecretary for Management at DHS as the CMO at an 
Executive Level II is a step in the right direction, but this change 
does not go far enough. A COO/CMO for DHS with a limited term that does 
not transition across administrations will not help to ensure the 
continuity of focus and attention needed to protect the security of our 
nation. A COO/CMO at the appropriate organizational level at DHS, with 
a term appointment, would provide the elevated senior leadership and 
concerted and long-term attention required to marshal its 
transformation efforts. 

As part of its transformation efforts, it will be especially important 
for the department to effectively manage the approaching transition 
between administrations and sustain its transformation through this 
transition period. Due to its mission's criticality and the increased 
risk of terror attacks during changes in administration as witnessed in 
the United States and other countries, it is important that DHS take 
steps to help ensure a smooth transition to new leadership. According 
to the Homeland Security Act of 2002, as amended, DHS is required to 
develop a transition and succession plan to guide the transition of 
management functions to a new Administration by December 2008.[Footnote 
22] DHS is working to develop and implement plans and initiatives for 
managing the transition. Moreover, the Homeland Security Advisory 
Council issued a report in January 2008 on the pending transition, 
making recommendations in the broad categories of threat awareness, 
leadership, congressional oversight/action, policy, operations, 
succession, and training. DHS is taking action to address some 
challenges of the approaching transition period, including filling some 
leadership positions traditionally held by political appointees with 
career professionals. The department is also undertaking training and 
cross-training of senior career personnel that would address the 
council's concerns for leadership and operational continuity. However, 
some other Homeland Security Advisory Council recommendations, such as 
building a consensus among current DHS officers regarding priority 
policy issues, could prove more difficult for DHS to implement, 
particularly in light of the need to clarify roles and responsibilities 
across the department and its ongoing transformation efforts. 

Strategic Planning and Results Management: 

Strategic planning is one of the critical factors necessary for the 
success of new organizations. This is particularly true for DHS, given 
the breadth of its responsibility and the need to clearly identify how 
stakeholders' responsibilities and activities align to address homeland 
security efforts. However, DHS has not always implemented effective 
strategic planning efforts and has not yet fully developed performance 
measures or put into place structures to help ensure that the agency is 
managing for results. DHS has developed performance goals and measures 
for some of its programs and reports on these goals and measures in its 
Annual Performance Report. However, some of DHS's components have not 
developed adequate outcome-based performance measures or comprehensive 
plans to monitor, assess, and independently evaluate the effectiveness 
of their plans and performance. Since the issuance of our August 2007 
report, DHS has begun to develop performance goals and measures for 
some areas in an effort to strengthen its ability to measures its 
progress in key management and mission areas. We commend DHS's efforts 
to measure its progress in these areas and have agreed to work with the 
department to provide input to help strengthen established measures. 

Risk Management: 

DHS cannot afford to protect everything against all possible threats. 
As a result, the department must make choices about how to allocate its 
resources to most effectively manage risk. Risk management has been 
widely supported by the President and Congress as a management approach 
for homeland security, and the Secretary of Homeland Security has made 
it the centerpiece of departmental policy. A risk management approach 
can help DHS make decisions more systematically and is consistent with 
the National Strategy for Homeland Security and DHS's strategic plan, 
which have all called for the use of risk-based decisions to prioritize 
DHS's resource investments regarding homeland security-related 
programs. DHS and several of its component agencies have taken steps 
toward integrating risk-based principles into their decision-making 
processes. On a component agency level, the Coast Guard, for example, 
has developed security plans for seaports, facilities, and vessels 
based on risk assessments. TSA has also incorporated risk-based 
decision making into a number of its programs, such as programs for 
securing air cargo, but has not yet completed these efforts. 

In October 2007, I convened an expert forum on risk management to 
assist Congress and federal agencies, including DHS, by advancing the 
national dialogue on risk management challenges in homeland security 
and by helping to identify potential solutions to these complex 
challenges. The forum brought together a diverse array of experts, 
including representatives from DHS, other government agencies, 
nonprofit organizations, industry, and academia. The purpose of the 
forum was to identify: (1) lessons learned from leading organizations 
regarding the effective use of risk management practices; (2) key 
challenges faced by public and private organizations in adopting and 
implementing a risk-based approach for homeland security; and (3) 
actions that should be taken in the near-and long-term to address the 
most pressing of these challenges. Several themes emerged from the 
discussion, including the idea of creating a chief risk officer for 
government, the need to improve risk communication, and overcoming 
political obstacles to risk management. The plurality of the 
participants agreed that improving risk communication was the single 
greatest challenge in applying principles of risk management to 
homeland security and suggested a number of ways to use risk 
communication practices to better educate and inform the public. The 
participants also proposed a number of steps that could be taken in the 
near future to strengthen risk management practices and to stimulate 
public discussion and awareness of risk management concepts. We are 
working with the department to share ideas raised at the forum to 
assist them as they work to strengthen their risk-based efforts. We 
will be issuing a summary of this forum in the coming months. 

Information Sharing: 

In 2005, we designated information sharing for homeland security as 
high-risk and continued that designation in 2007. In doing so, we 
reported that the nation had not implemented a set of governmentwide 
policies and processes for sharing terrorism-related information but 
had issued a strategy on how it would put in place the overall 
framework, policies, and architecture for sharing with all critical 
partners--actions that we and others have recommended. The Intelligence 
Reform and Terrorism Prevention Act of 2004, as amended, requires that 
the President create an "information sharing environment" to facilitate 
the sharing of terrorism-related information, yet this environment 
remains in the planning stage. An implementation plan for the 
environment, which was released in November 2006, defines key tasks and 
milestones for developing the information sharing environment, 
including identifying barriers and ways to resolve them, as we 
recommended. We have noted that completing the information sharing 
environment is a complex task that will take multiple years and long- 
term administration and congressional support and oversight and will 
pose cultural, operational, and technical challenges that will require 
a collaborated response. 

DHS has taken some steps to implement its information sharing 
responsibilities and support other information sharing efforts. For 
example, states and localities are creating their own information 
fusion centers, some with DHS support. In October 2007 we reported that 
some state and local fusion centers had DHS personnel assigned to them; 
access to DHS's unclassified information networks or systems, such as 
the Homeland Security Information Network; and support from DHS grant 
programs.[Footnote 23] However, some state and local fusion centers 
reported challenges to accessing DHS's information systems and 
identified issues in understanding and using federal grant funds. To 
improve efforts to create a national network of fusion centers, we 
recommended that the federal government determine and articulate its 
role in, and whether it expects to provide resources to, fusion centers 
over the long term to help ensure their sustainability. 

Partnerships and Coordination: 

To secure the nation, DHS realizes it must form effective and sustained 
partnerships among its component agencies and with a range of other 
entities, including other federal agencies, state and local 
governments, private and nonprofit sectors, and international partners. 
The National Strategy for Homeland Security recognizes the importance 
of partnerships as the foundation for establishing a shared 
responsibility for homeland security among stakeholders. We have 
reported on difficulties faced by DHS in its coordination efforts. For 
example, in September 2005 we reported that TSA did not effectively 
involve private sector stakeholders in its decision-making process for 
developing security standards for passenger rail assets. We recommended 
that DHS develop security standards that reflect industry best 
practices and can be measured, monitored, and enforced by TSA rail 
inspectors and, if appropriate, rail asset owners. DHS agreed with 
these recommendations. DHS has worked to strengthen partnerships and 
has undertaken a number of coordination efforts with public and private-
sector entities. These include, for example, partnering with the 
Department of Transportation to strengthen the security of surface 
modes of transportation, airlines to improve aviation passenger and 
cargo screening, the maritime shipping industry to facilitate 
containerized cargo inspection, and the chemical industry to enhance 
critical infrastructure protection at such facilities. In addition, 
FEMA has worked with other federal, state, and local entities to 
improve planning for disaster response and recovery. Although DHS has 
taken action to strengthen partnerships and improve coordination, we 
found that more work remains to support the leveraging of resources and 
the effective implementation of its homeland security responsibilities. 

Accountability and Transparency: 

Accountability and transparency are critical to the department 
effectively integrating its management functions and implementing its 
mission responsibilities. We have reported that it is important that 
DHS make its management and operational decisions transparent enough so 
that Congress can be sure that it is effectively, efficiently, and 
economically using the billions of dollars in funding it receives 
annually.[Footnote 24] We have encountered delays at DHS in obtaining 
access to needed information, which has impacted our ability to conduct 
our work in a timely manner. Since we highlighted this issue last year 
to this subcommittee, our access to information at DHS has improved. 
For example, TSA has worked with us to improve their process for 
providing us with access to documentation. DHS also provided us with 
access to its national level preparedness exercise. However, we 
continue to experience some delays in obtaining information from DHS, 
and we continue to believe that DHS needs to make systematic changes to 
its policies and procedures for how DHS officials are to interact with 
GAO. We appreciate the Subcommittee's assistance in helping us seek 
improved access to DHS information and support the provision in the 
Consolidated Appropriations Act, 2008, that restricts a portion of 
DHS's funding until DHS reports on revisions to its guidance for 
working with GAO and the DHS IG. We look forward to collaborating with 
the department on proposed revisions to its GAO guidance. 

Concluding Observations: 

Next month DHS will be 5 years old, a key milestone for the department. 
Since its establishment, DHS has had to undertake actions to secure the 
border and the transportation sector and defend against, prepare for, 
and respond to threats and disasters while simultaneously working to 
transform itself into a fully functioning cabinet department. Such a 
transformation is a difficult undertaking for any organization and can 
take, at a minimum, 5 to 7 years to complete even under less daunting 
circumstances. 

Nevertheless, DHS's 5-year anniversary provides an opportunity for the 
department to review how it has matured as an organization. As part of 
our broad range of work reviewing DHS management and mission programs, 
we will continue to assess in the coming months DHS's progress in 
addressing high-risk issues. In particular, we will continue to assess 
the progress made by the department in its transformation and 
information sharing efforts. Further, as DHS continues to evolve and 
transform, we will review its progress and performance and provide 
information to Congress and the public on its efforts. 

This concludes my prepared statement. I would be pleased to answer any 
questions you and the Subcommittee Members may have. 

GAO Contact and Staff Acknowledgments: 

For further information about this testimony, please contact Norman J. 
Rabkin, Managing Director, Homeland Security and Justice, at 202-512- 
8777 or [email protected]. Other key contributors to this statement were 
Jason Barnosky, Cathleen A. Berrick, Kathryn Bolduc, Anthony 
Cheesebrough, Rebecca Gambler, Kathryn Godfrey, Christopher Keisling, 
Thomas Lombardi, Octavia Parks, and Sue Ramanathan. 

[End of section] 

Footnotes: 

[1] Examples of nonhomeland security functions include Coast Guard 
search and rescue and naturalization services. 

[2] GAO, Homeland Security: Critical Design and Implementation Issues, 
GAO-02-957T (Washington, D.C.: July 17, 2002). 

[3] GAO, High-Risk Series: An Update, GAO-03-119 (Washington, D.C.: 
January 2003). 

[4] GAO, Department of Homeland Security: Progress Report on 
Implementation of Mission and Management Functions, GAO-07-454 
(Washington, D.C.: August 17, 2007). 

[5] GAO, High-RiskSeries: An Update, GAO-05-207 (Washington, D.C.: 
January 2005) and GAO, High-Risk Series: An Update, GAO-07-310 
(Washington, D.C.: January 2007). 

[6] In general, a fusion center is a collaborative effort to detect, 
prevent, investigate, and respond to criminal and terrorist activity. 
GAO, Homeland Security: Federal Efforts Are Helping to Alleviate Some 
Challenges Encountered by State and Local Information Fusion Centers, 
GAO-08-35 (Washington, D.C.: Oct. 30, 2007). 

[7] GAO-07-454. 

[8] Consolidated Appropriations Act, 2008, Pub. L. No. 110-161, Div. E, 
121 Stat. 1844 (2007). 

[9] These 22 agencies, offices, and programs were U.S. Customs Service; 
U.S. Immigration and Naturalization Service; Federal Protective 
Service; Transportation Security Administration; Federal Law 
Enforcement Training Center; Animal and Plant Health Inspection 
Service; Office for Domestic Preparedness; Federal Emergency Management 
Agency; Strategic National Stockpile and the National Disaster Medical 
System; Nuclear Incident Response Team; Domestic Emergency Support 
Team; National Domestic Preparedness Office; Chemical, Biological, 
Radiological, and Nuclear Countermeasures Program; Environmental 
Measures Laboratory; National BW Defense Analysis Center; Plum Island 
Animal Disease Center; Federal Computer Incident Response Center; 
National Communications System; National Infrastructure Protection 
Center; Energy Security and Assurance Program; Secret Service; and U.S. 
Coast Guard. 

[10] GAO-07-454. 

[11] GAO, Department of Homeland Security: Improved Assessment and 
Oversight Needed to Manage Risk of Contracting for Selected Services, 
GAO-07-990 (Washington, D.C.: Sept. 17, 2007). 

[12] GAO, Information Technology: DHS's Human Capital Plan Is Largely 
Consistent with Relevant Guidance, but Improvements and Implementation 
Steps Are Still Needed, GAO-07-425 (Washington, D.C.: Sept. 10, 2007). 

[13] The Administration's agency scorecard for real property management 
was established in fiscal year 2004 to measure each agency's progress 
in implementing Executive Order 13327 on "Federal Real Property Asset 
Management." 

[14] A port of entry is generally a physical location, such as a 
pedestrian walkway and/or a vehicle plaza with booths, and associated 
inspection and administration buildings, at a land border crossing 
point, or a restricted area inside an airport or seaport, where entry 
into the country by persons and cargo arriving by air, land, or sea is 
controlled by U.S. Customs and Border Protection. 

[15] GAO, Border Security: Despite Progress, Weaknesses in Traveler 
Inspections Exist at Our Nation's Ports of Entry, GAO-08-219 
(Washington, D.C.: Nov. 5, 2007). 

[16] GAO, USICS Transformation: Improvements to Performance, Human 
Capital, and Information Technology Management Needed as Modernization 
Proceeds, GAO-07-1013R (Washington, D.C.: July 17, 2007). 

[17] GAO, Aviation Security: Vulnerabilities Exposed through Covert 
Testing of TSA's Passenger Screening Process, GAO-08-48T (Washington, 
D.C.: Nov. 15, 2007). 

[18] GAO, Maritime Security: The SAFE Port Act: Status and 
Implementation One Year Later, GAO-08-126T (Washington, D.C.: Oct. 30, 
2007). 

[19] GAO, Critical Infrastructure Protection: Sector Plans and Sector 
Councils Continue to Evolve, GAO-07-706R (Washington, D.C.: July 10, 
2007) and GAO, Critical Infrastructure Protection: Sector-Specific 
Plans' Coverage of Key Cyber Security Elements Varies, GAO-08-113 
(Washington, D.C.: Oct. 31, 2007). 

[20] The Homeland Security Information Network is DHS's primary conduit 
for sharing information on domestic terrorist threats, suspicious 
activity reports, and incident management. 

[21] GAO, Combating Nuclear Smuggling: Additional Actions Needed to 
Ensure Adequate Testing of Next Generation Radiation Detection 
Equipment, GAO-07-1247T (Washington, D.C.: Sept. 18, 2007). 

[22] See 6 U.S.C. ï¿½ 341(a)(9)(B). 

[23] GAO-08-35. 

[24] GAO-07-454.

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability.  

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "Subscribe to Updates."  

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:  

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548:  

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061:  

To Report Fraud, Waste, and Abuse in Federal Programs:  

Contact:  

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: [email protected]: 
Automated answering system: (800) 424-5454 or (202) 512-7470:  

Congressional Relations:  

Ralph Dawn, Managing Director, [email protected]: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548:  

Public Affairs: 

Chuck Young, Managing Director, [email protected]: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: 

*** End of document. ***