Strengthening Department of Homeland Security Management Functions
The Department of Homeland Security’s (DHS) top leadership, including the Secretary and Deputy Secretary of Homeland Security, has demonstrated exemplary commitment and support for addressing the department’s management challenges. However, DHS needs to continue implementing its Integrated Strategy for High Risk Management and maintain engagement with us to show measurable, sustainable progress in implementing corrective actions and achieving outcomes. In 2003, we designated implementing and transforming DHS as high risk because DHS had to transform 22 agencies—several with major management challenges—into one department. Further, failure to effectively address DHS’s management and mission risks could have serious consequences for U.S. national and economic security. Given the significant effort required to build and integrate a department as large and complex as DHS, our initial high-risk designation addressed the department’s implementation and transformation efforts to include associated management and programmatic challenges. At that time, we reported that the creation of DHS was an enormous undertaking that would take time to achieve, and that successfully transforming large organizations, even those undertaking less strenuous reorganizations, could take years to implement.
Over the past 14 years, the focus of this high-risk area has evolved in tandem with DHS’s maturation and evolution. The overriding tenet has consistently remained DHS’s ability to build a single, cohesive, and effective department that is greater than the sum of its parts—a goal that requires effective collaboration and integration of its various components and management functions. In 2007, in reporting on DHS’s progress since its creation, as well as in our 2009 high-risk update, we reported that DHS had made more progress in implementing its range of missions than its management functions—acquisition, information technology (IT), financial, and human capital—and that continued work was needed to address an array of management and programmatic challenges. As we reported in September 2011, DHS’s initial focus on mission implementation was understandable given the critical homeland security needs facing the nation after the department’s establishment, and the challenges posed by creating, integrating, and transforming it.
As DHS continued to mature, and as we reported in our assessment of DHS’s progress and challenges in the 10 years following 9/11, we found that the department implemented key homeland security operations and achieved important goals in many areas to create and strengthen a foundation to reach its potential. For example, DHS developed strategic and operational plans to guide its efforts—such as the National Response Framework that outlines disaster response guiding principles—and successfully hired, trained, and deployed workforces, including the federal screening workforce to assume screening responsibilities at airports nationwide.
However, we also found that more work remained for DHS to address weaknesses in other areas of its operational and implementation efforts. For example, we reported in 2011 that DHS had not yet determined how to implement a biometric exit capability, had taken action to address a small portion of the estimated overstay population in the United States, and needed to strengthen efforts to assess national capabilities for all-hazards preparedness. We further reported that continuing weaknesses in implementing and integrating DHS’s management functions continued to affect the department’s implementation efforts.
Recognizing DHS’s progress in mission implementation and transformation, our 2011 high-risk update focused on the department’s continued need to strengthen and integrate its management functions. In our 2013 high-risk update, we found that DHS had made considerable progress in strengthening and integrating its management functions, but that challenges remained and progress was needed to mitigate the risks that management weaknesses posed to DHS’s ability to accomplish its mission and use its resources efficiently and effectively. Therefore, in 2013 we narrowed the scope of the high-risk area and changed the name from Implementing and Transforming the Department of Homeland Security to Strengthening Department of Homeland Security Management Functions to reflect this focus. In our 2015 high-risk update, we found that DHS’s top leadership had continued to demonstrate exemplary commitment to and support for addressing the department’s management challenges and that DHS had made important progress in strengthening its management functions. However, we also found that DHS continued to face significant management challenges that hindered its ability to achieve its missions and concluded that DHS needed to continue to demonstrate sustainable, measureable progress in addressing key challenges that remained within and across its management functions.
 GAO, Department of Homeland Security: Progress Made and Work Remaining in Implementing Homeland Security Missions 10 Years after 9/11, GAO-11-881 (Washington, D.C.: Sept. 7, 2011). This report addressed DHS’s progress in implementing its homeland security missions since it began operations, work remaining, and issues affecting implementation efforts. Drawing from more than 1,000 GAO reports and congressional testimony issued related to DHS programs and operations, and approximately 1,500 recommendations made to strengthen mission and management implementation, this report addressed progress and remaining challenges in such areas as border security and immigration, transportation security, and emergency management, among others.
DHS’s continued efforts to strengthen and integrate its acquisition, IT, financial, and human capital management functions have resulted in the department meeting three criteria for removal from the High-Risk List (leadership commitment, a corrective action plan, and a framework to monitor progress) and partially meeting the remaining two criteria (capacity and demonstrated, sustained progress). DHS’s top leadership, including the Secretary and Deputy Secretary of Homeland Security, has demonstrated exemplary commitment and support for addressing the department’s management challenges. For instance, the department’s Deputy Secretary, Under Secretary for Management, and other senior management officials have frequently met with us to discuss the department’s plans and progress, which serves as a model for senior-level engagement and helps ensure a common understanding of the remaining work needed to address our high-risk designation. Further, DHS established a framework for monitoring its progress in its Integrated Strategy for High Risk Management, in which it has included performance measures to track the implementation of key management initiatives since June 2012. In addition, since our 2015 high-risk update, DHS has strengthened its monitoring efforts for financial system modernization programs that are key to effectively supporting the department’s financial management operations, resulting in DHS meeting the monitoring criteria for the first time.
DHS has also issued updated versions of its Integrated Strategy for High Risk Management, demonstrating a continued focus on addressing this high-risk designation, and made important progress in identifying and putting in place the people and resources needed to resolve departmental management risks. The integrated strategy includes key management initiatives and related corrective action plans for achieving 30 outcomes, which we identified and DHS agreed are critical to addressing the challenges within the department’s management areas, and to integrating those functions across the department. DHS has continued to make important progress across all of its management functions, fully addressing 13 of these outcomes, 9 of which it has sustained as fully implemented for at least 2 years. For example, DHS fully addressed one outcome for the first time by demonstrating improvement in human capital management by linking workforce planning efforts to strategic and program planning efforts.
DHS also sustained full implementation of two other outcomes by obtaining a clean audit opinion on its financial statements for 4 consecutive fiscal years. Further, DHS has mostly addressed an additional eight outcomes, meaning that a small amount of work remains to fully address them. Considerable work remains, however, in several areas for DHS to fully achieve the remaining 17 outcomes and thereby strengthen its management functions. Addressing some of these outcomes, such as those pertaining to improving employee morale and modernizing the department’s financial management systems, are significant undertakings that will likely require multiyear efforts. DHS needs to make additional progress identifying and allocating resources in certain areas to sufficiently demonstrate that it has the capacity (that is, the people and resources) to achieve and sustain all 30 outcomes, as well as demonstrate additional sustainable and measurable progress in addressing key challenges that remain within and across these management functions.
Congress has taken a number of actions to support and oversee DHS’s progress in strengthening its management functions, including the following examples:
- The National Defense Authorization Act for Fiscal Year 2017 includes a mandate that the DHS Under Secretary for Management report to us every 6 months to demonstrate measurable, sustainable progress made in implementing DHS’s corrective action plans to address the Strengthening DHS Management Functions high-risk area until we submit written notification of the area’s removal from the high-risk list to the appropriate congressional committees. Similar provisions were included in the DHS Headquarters Reform and Improvement Act of 2015, the DHS Accountability Act of 2016, and the DHS Reform and Improvement Act.
- House Report 114-215, which accompanied H.R. 3128 (DHS appropriations bill for fiscal year 2016) and later became effective under the Consolidated Appropriations Act, 2016, includes mandates related to DHS’s financial management system modernization projects, which relate to three high-risk financial management outcomes. Specifically, the committee directed GAO to assess the risks of DHS utilizing the Department of Interior’s Business Center (IBC), whether IBC is capable of expanding its services to additional federal agencies, and a comparison of the services and capabilities of federal and commercial shared service providers. In addition, the committee directed the DHS Office of the Chief Financial Officer to update the lifecycle cost estimate to reflect all contract awards and projected overall costs, including those for every component that plans to migrate to a federal shared service provider.
- The Border Patrol Agent Pay Reform Act of 2014, enacted on December 18, 2014, includes a mandate related to cybersecurity workforce assessments, which relates to one human capital management outcome. Specifically, DHS must identify all cybersecurity workforce positions and identify positions and areas of critical need.
Congress also held a number of oversight hearings related to addressing DHS’s management challenges:
- U.S. Senate, Committee on Homeland Security and Governmental Affairs Hearing: DHS Management and Acquisition Reform. March 16, 2016.
- U.S. House of Representatives, Committee on Homeland Security, Subcommittee on Oversight and Management Efficiency Hearing: Assessing DHS’s Performance: Watchdog Recommendations to Improve Homeland Security. February 26, 2015.
- U.S. House of Representatives, Committee on Homeland Security Hearing: Preventing Waste, Fraud, Abuse and Mismanagement in Homeland Security – A GAO High-Risk List Review. May 7, 2014.
- U.S. Senate, Committee on Homeland Security and Governmental Affairs Hearing: The Department of Homeland Security at 10 Years: A Progress Report on Management. March 21, 2013.
 Pub. L. No. 114-328, § 1903(b) (codified at 6 U.S.C. § 341(a)(11)).
 H.R.3572, 114th Cong. (as passed by House, Oct. 20, 2015).
 S. 2976, 114th Cong. § 101(b) (as reported by S. Comm. on Homeland Sec. and Gov’tal Affairs, June 28, 2016).
 H.R. 6381, 114th Cong. (2016).
 H.R. Rep. No. 114-215 (2015); Pub. L. No. 114-113, 129 Stat. 2242 (2015). The explanatory statement accompanying the Consolidated Appropriations Act, 2016, provided that House Report 114-215 carries the same weight as language included in the explanatory statement, unless specifically addressed to the contrary in the bill or the explanatory statement.
 Pub. L. No. 113-277, § 4,128 Stat. 2995, 3008-3010 (2014).
In the coming years, DHS needs to continue implementing its Integrated Strategy for High Risk Management and maintain engagement with us to show measurable, sustainable progress in implementing corrective actions and achieving outcomes. In doing so, it will be important for DHS to
- maintain its current level of top leadership support and sustained commitment to ensure continued progress in executing its corrective actions through completion;
- continue to identify the people and resources necessary to make progress towards achieving outcomes, work to mitigate shortfalls and prioritize initiatives, as needed, and communicate to senior leadership critical resource gaps;
- continue to implement its plan for addressing this high-risk area and periodically provide assessments of its progress to us and Congress;
- closely track and independently validate the effectiveness and sustainability of its corrective actions, and make midcourse adjustments as needed; and
- make continued progress in achieving the 17 outcomes it has not fully addressed and demonstrate that systems, personnel, and policies are in place to ensure that progress can be sustained over time.
We will continue to monitor DHS’s efforts in this high-risk area to determine if the outcomes are achieved and sustained over the long term. Further, in order to address the outcomes, DHS must implement our prior recommendations listed below.
- DHS should address employee morale problems through comprehensively examining root causes and establishing clear metrics of success within DHS and its components’ action plans.
- DHS should ensure that its Human Resources IT Program (HRIT), of which the Performance and Learning Management System is the primary active project, receives necessary oversight and attention by ensuring the HRIT Executive Steering Committee is consistently involved. DHS should also address HRIT’s poor progress and ineffective management by: (1) updating and maintaining a schedule estimate for when DHS plans to implement each of the strategic improvement opportunities; (2) developing a complete life-cycle cost estimate for the implementation of HRIT; (3) documenting and tracking all costs, including components’ costs, associated with HRIT; and (4) updating and maintaining the department’s human resources system inventory, among other things.
- To more accurately communicate DHS’s funding plans for U.S. Coast Guard’s major acquisitions programs, DHS should ensure the funding plans presented to Congress are comprehensive and clearly account for all operations and maintenance funding DHS plans to allocate to each of the programs.
- DHS should enhance its leadership’s ongoing efforts to improve the affordability of the department’s major acquisitions portfolio by requiring components to submit funding certification memorandums for all major acquisition programs that have not been reviewed at an Acquisition Decision Event; and convening Acquisition Review Boards to discuss affordability and make tradeoffs between cost, schedule, and performance, as necessary. In addition, DHS should ensure that the Fiscal Year 2017 Future Years Homeland Security Program report reflects the results of any tradeoffs stemming from the acquisition affordability reviews; and require components to establish formal, repeatable processes for addressing major acquisition affordability issues.
- DHS’s Chief Information Officer should use accurate and reliable information, such as operational assessments of the new architecture and cost and schedule parameters approved by the Under Secretary of Management, to help ensure that assessments prepared by the Office of the Chief Information Officer in support of the department’s updates to the federal IT Dashboard more fully reflect the current status of the Transformation Program.
- DHS should continue to work to address its IT mission critical skills gaps, such as those related to its cybersecurity workforce. Further, DHS needs to remediate the material weakness in information security controls reported by its financial statement auditor in fiscal year 2016 by effectively addressing weaknesses in controls related to access, configuration management, and segregation of duties.
- DHS should ensure consistent, effective oversight of DHS’s acquisition programs and make the Comprehensive Acquisition Status Report (CASR) more useful by adjusting CASR to enable DHS to hold programs accountable for maintaining their cost, schedule, and performance data. For example, CASR could report an individual rating for each program’s cost, schedule, and technical risks, and the level at which the program’s life-cycle cost estimate was approved.
GAO-17-171: Published: Oct 24, 2016. Publicly Released: Oct 24, 2016.
GAO found that the Department of Homeland Security's (DHS) Joint Requirements Council's (JRC) structure and management approach—informed by assessments of requirements processes, guidance, and lessons learned from DHS components and the Department of Defense—are generally consistent with key practices for mergers and organizational transformations. However, although 24 of DHS's 36 major acquis...
GAO-16-338SP: Published: Mar 31, 2016. Publicly Released: Mar 31, 2016.
During 2015, 11 of the 25 Department of Homeland Security (DHS) programs GAO reviewed remained on track to meet their current schedule and cost goals. Eight programs experienced schedule slips, cost growth, or both, including 5 programs with life-cycle cost estimates that increased by a total of 18 percent. For the remaining six programs, DHS leadership had not approved baselines establishing thei...
GAO-16-507T: Published: Mar 16, 2016. Publicly Released: Mar 16, 2016.
The Department of Homeland Security's (DHS) efforts to strengthen and integrate its management functions have resulted in it meeting three and partially meeting two of GAO's criteria for removal from the high-risk list (see table).Assessment of DHS Progress in Addressing the Strengthening DHS Management Functions High-Risk Area, as of March 2016Criterion for removal from high-risk list Meta Partia...
GAO-16-253: Published: Feb 11, 2016. Publicly Released: Feb 25, 2016.
The Department of Homeland Security (DHS) has made very little progress in implementing its Human Resources Information Technology (HRIT) investment in the last several years. This investment includes 15 improvement opportunities; as of November 2015, DHS had fully implemented only 1, see table below.Status and Planned Completion Dates for Implementing the 15 Strategic Improvement Opportunities, a...
GAO-15-415: Published: May 18, 2015. Publicly Released: Jun 17, 2015.
The U.S. Citizenship and Immigration Services' (USCIS) currently expects that its Transformation Program will cost up to $3.1 billion and be fully deployed no later than March 2019, which is an increase of approximately $1 billion and delay of over 4 years from its initial July 2011 baseline. In March 2012, the program began to significantly change its acquisition strategy to address various techn...
GAO-15-292: Published: Mar 12, 2015. Publicly Released: Mar 16, 2015.
The Department of Homeland Security (DHS) has taken steps to improve oversight of major acquisition programs, but it lacks written guidance for a consistent approach to day-to-day oversight. Federal Standards for Internal Control call for organizations to define and document key areas of responsibility in order to effectively plan, direct, and control operations to achieve agency objectives. DHS h...
GAO-15-388T: Published: Feb 26, 2015. Publicly Released: Feb 26, 2015.
As GAO reported in its 2015 high-risk update report earlier this month, the Department of Homeland Security's (DHS) efforts to strengthen and integrate its management functions have resulted in the department meeting two and partially meeting three of GAO's criteria for removal from the high-risk list (see table).Assessment of Department of Homeland Security (DHS) Progress in Addressing the Streng...
GAO-14-688: Published: Sep 10, 2014. Publicly Released: Sep 10, 2014.
The Department of Homeland Security (DHS) has processes to evaluate training, track resources, and assess leader development. However, various actions could better position the department to maximize the impact of its training efforts.Training evaluation: All five DHS components in GAO's review—U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, the U.S. Coast Guard, t...
GAO-14-106T: Published: Nov 15, 2013. Publicly Released: Nov 15, 2013.
GAO reported that the Department of Homeland Security (DHS) had made considerable progress toward obtaining a clean opinion on its financial statements. For example, DHS reduced the number of audit qualifications from 11 in 2005 to 1 in 2010. DHS is working to resolve the deficiencies in the U.S. Coast Guard's (USCG) ability to complete certain reconciliations and provide evidence supporting certa...
GAO-13-561: Published: Sep 30, 2013. Publicly Released: Nov 14, 2013.
The Department of Homeland Security (DHS) has made considerable progress toward obtaining a clean opinion on its financial statements but limited progress in obtaining a clean opinion on its internal control over financial reporting. DHS continues to rely on compensating controls and complex manual work-arounds rather than sound internal control over financial reporting and effective financial man...