This is the accessible text file for GAO report number GAO-04-509 
entitled 'Information Technology: Homeland Security Should Better 
Balance Need for System Integration Strategy with Spending for New and 
Enhanced Systems' which was released on May 21, 2004.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

Report to the Chairman, Committee on Transportation and Infrastructure, 
House of Representatives: 

May 2004: 

INFORMATION TECHNOLOGY: 

Homeland Security Should Better Balance Need for System Integration 
Strategy with Spending for New and Enhanced Systems: 

GAO-04-509: 

GAO Highlights: 

Highlights of GAO-04-509, a report to the Chairman, Committee on 
Transportation and Infrastructure, House of Representatives 

Why GAO Did This Study: 

The Department of Homeland Security (DHS) faces the daunting task of 
bringing together 22 diverse agencies to lead efforts to protect the 
homeland. Among the challenges posed by this transformation is 
integrating these agencies’ diverse information technology (IT) 
systems: mission support, administration, and infrastructure (e.g., 
networks). GAO was asked to determine (1) whether DHS has defined its 
IT systems integration strategy and (2) how DHS is ensuring that IT 
investments made by component agencies (specifically focusing on the 
Federal Emergency Management Agency, the Transportation Security 
Administration, and the Coast Guard) are aligned with the department’s 
strategic direction.

What GAO Found: 

DHS is developing an IT systems integration strategy through its 
ongoing efforts to finalize and implement an IT strategic plan, an 
enterprise architecture, and IT capital planning and investment control 
processes. According to the department, these three elements—which are 
essential parts of a framework for achieving effective systems 
integration—are areas of focus and planned to be fully in place before 
the end of 2004. The DHS Chief Information Officer (CIO) attributed the 
limited progress on the systems integration framework to date to (1) 
insufficient staffing, (2) higher priority demands (such as 
establishing a departmentwide e mail system), and (3) near-term high-
payoff opportunities (such as consolidating wireless communication 
capabilities).

In the interim, DHS and its components have taken steps intended to 
promote the alignment of its components’ ongoing and planned IT 
investments with the department’s strategic direction. The steps 
include (1) subjecting major investments to review and approval by 
various departmental investment review boards, (2) continuing to have 
component agencies follow the IT strategic management structures and 
processes that they had before the department was formed, and (3) 
having meetings between component staff responsible for IT investments 
and staff working on the department’s IT strategic management 
framework. GAO corroborated the department’s use of this approach 
through analysis of IT investments being pursued by three DHS 
components, which the components indicated were representative of their 
general approach to aligning investments with the department’s evolving 
strategic direction. 

While these steps have merit, they do not provide adequate assurance of 
strategic alignment across the department. For example, the second step 
simply continues the various approaches that produced the diverse 
systems that the department inherited, while the third relies too 
heavily on oral communication about complex IT strategic issues that 
are not yet fully defined—which increases the chances of 
misunderstanding and missed opportunities for integration. Moreover, 
the DHS CIO does not have authority and control over departmentwide IT 
spending—although such control is important for effective systems 
integration, as shown by GAO’s research on successful private and 
public sector organizations and experience at federal agencies. Until 
its IT strategic framework is fully defined and effectively 
implemented, DHS runs the risk that the component agencies’ ongoing 
investments—collectively costing billions of dollars in fiscal year 
2004—will need to be reworked in the future, so that they can be 
effectively integrated and provide maximum value across DHS.

What GAO Recommends: 

GAO is making recommendations to the Secretary aimed at limiting the 
department’s investment in IT systems until the department’s IT 
strategic management framework is sufficiently defined and the 
department’s CIO has sufficient authority to effectively implement 
it. 

GAO provided a draft of this report to DHS for comment. In its 
comments, DHS did not agree or disagree with our findings, conclusions, 
or recommendations. Rather, the comments provided information on DHS’s 
IT challenges and priorities that is consistent with our report.

[End of section]

Contents: 

Letter: 

Results in Brief: 

Background: 

DHS Is in the Process of Defining Its Systems Integration Strategy: 

DHS's Interim Steps to Reduce Risk of Rework for Ongoing IT Investments 
Are Not Sufficient: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendixes: 

Appendix I: Scope and Methodology: 

Appendix II: Strategic Information Technology Management Framework 
Components: 

Appendix III: Comments from the Department of Homeland Security: 

Appendix IV: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Acknowledgments: 

Figures: 

Figure 1: Simplified DHS Organization Chart: 

Abbreviations: 

CIO: Chief Information Officer: 

DHS: Department of Homeland Security: 

FEMA: Federal Emergency Management Agency: 

IT: information technology: 

OMB: Office of Management and Budget: 

TSA: Transportation Security Administration: 

Letter May 21, 2004: 

The Honorable Don Young: 
Chairman, Committee on Transportation and Infrastructure: 
House of Representatives: 

Dear Mr. Chairman: 

When the Department of Homeland Security (DHS) began operations in 
March 2003, it faced the daunting task of bringing together 22 diverse 
agencies. Not since the creation of the Department of Defense had the 
federal government undertaken a transformation of this magnitude. As we 
previously reported,[Footnote 1] such a transformation poses 
significant management and leadership challenges, one of which is 
integrating the 22 agencies' respective mission support, 
administrative, and infrastructure (e.g., networks) information 
technology (IT) systems.

In response to your request to review this system integration 
challenge, we agreed with your office to determine (1) whether DHS has 
defined its systems integration strategy and (2) how DHS is ensuring 
that component agency system investments are aligned with the 
department's strategic direction. In performing our work on the second 
objective, as you requested, we focused on three DHS component 
agencies: the Federal Emergency Management Agency, the Transportation 
Security Administration, and the Coast Guard. Our work at DHS and 
component agencies was performed in accordance with generally accepted 
government auditing standards. Details of our scope and methodology are 
in appendix I.

Results in Brief: 

DHS is in the process of defining its systems integration strategy. The 
department has several efforts under way: finalizing a draft IT 
strategic plan, institutionalizing its recently revised IT capital 
planning and investment control processes, and developing the next 
version of its enterprise architecture.[Footnote 2] DHS initiated these 
efforts shortly after it began operations, and it plans to have them 
fully in place before the end of 2004. If defined and implemented 
properly, these efforts could go a long way toward providing the 
necessary strategic IT management framework for, among other things, 
integrating DHS's current and future systems and aligning them with the 
department's strategic goals and mission. According to DHS's Chief 
Information Officer (CIO), who is responsible for leading these 
efforts, progress to date on the systems integration strategy has been 
impeded by (1) insufficient staffing; (2) higher priority demands, such 
as establishing a departmentwide e-mail system; and (3) near-term, 
high-payoff opportunities, such as consolidating wireless 
communication capabilities. Nevertheless, the CIO stated that 
completing DHS's strategic IT management framework is important and an 
area of focus in 2004 because the longer the department's component 
organizations continue to invest in systems without such an effectively 
implemented framework, the greater the risk that these component 
systems will later require costly rework to integrate.

Until the framework has been completed, DHS is taking interim steps 
that are intended to address ongoing and planned component IT 
investments' integration and alignment with the evolving framework. 
These steps include (1) departmental assessment and approval of certain 
major investments, (2) component agencies' continued use of the same 
strategic IT management structures and processes that they had before 
the department was formed, and (3) meetings between persons in these 
components who are responsible for ongoing and planned IT investments 
and those persons who are putting in place the department's strategic 
IT management framework. While these steps have merit, they do not 
provide adequate assurance of strategic alignment across the 
department, and thus the risk is increased that the component agencies' 
ongoing investments, collectively costing billions of dollars in fiscal 
year 2004, will need to be reworked at some future point to be 
effectively integrated and maximize departmentwide value. For example, 
the second step continues reliance on the components' various 
approaches that produced the diverse set of systems that the department 
inherited, while the third relies too heavily on oral communication 
about strategic contexts and frames of reference that have not yet been 
fully defined, thus increasing the chances of both misunderstanding and 
missed integration opportunities. Moreover, they do not provide the 
department's CIO with the level of IT spending authority and control 
that our research at leading organizations and past work at federal 
departments and agencies has shown is important for effective 
integration of systems across organizational components.

To help DHS better manage the risks that it faces, we are making 
recommendations to the Secretary aimed at limiting the department's 
near-term investment in new and existing IT systems until the 
department's strategic IT management framework is sufficiently defined 
and the department's CIO has sufficient authority to effectively 
implement it. Examples of our recommended areas of near-term investment 
are cost-effective efforts that are congressionally directed, take 
advantage of relatively small, low-risk opportunities to leverage 
technology in satisfying a compelling homeland security need, or 
support operations and maintenance of existing systems critical to 
DHS's mission.

In commenting on a draft of this report, DHS did not agree or disagree 
with our findings, conclusions, or recommendations. Rather, the 
department described DHS's IT challenges and priorities and provided 
documentation on them, including efforts to achieve its priorities. The 
information conveyed in DHS's comments is consistent with information 
obtained during our review that showed progress and plans for 
institutionalizing the department's strategic IT management framework.

Background: 

In the aftermath of the terrorist attacks of September 11, 2001, 
responding to potential and real threats to homeland security became 
one of the federal government's most significant challenges. To address 
this challenge, the Congress passed, and the President signed, the 
Homeland Security Act of 2002, which merged 22 federal agencies and 
organizations into DHS, making it the third largest federal department, 
with an annual budget of about $40 billion.[Footnote 3] As we 
previously reported,[Footnote 4] one of the department's key challenges 
will be integrating the 22 components' respective IT organizations and 
the approximately 700 mission support, administrative, and 
infrastructure IT systems.

DHS Mission and Organization: 

In establishing the new department, the Congress defined a seven-point 
mission for DHS: 

* prevent terrorist attacks within the United States;

* reduce the vulnerability of the United States to terrorism;

* minimize the damage and assist in the recovery from terrorist 
attacks;

* carry out all functions of entities transferred to the department, 
including acting as a focal point regarding natural and man-made crises 
and emergency planning;

* ensure that the functions of the components within the department 
that are not directly related to securing the homeland are not 
diminished or neglected;

* ensure that the overall economic security of the United States is not 
diminished by efforts aimed at securing the homeland; and: 

* monitor connections between illegal drug trafficking and terrorism, 
coordinate efforts to sever such connections, and otherwise contribute 
to efforts to interdict illegal drug trafficking.

To help accomplish this integrated homeland security mission, the 
various mission areas and associated programs of 22 federal agencies 
were merged, in whole or in part, into DHS. The department's 
organizational structure generally consists of eight major entities, 
the U.S. Secret Service, the U.S. Coast Guard, the Bureau of 
Citizenship and Immigration Services, and five directorates--Border and 
Transportation Security, Emergency Preparedness and Response, Science 
and Technology, Information Analysis and Infrastructure Protection, and 
Management (see fig. 1).

Figure 1: Simplified DHS Organization Chart: 

[See PDF for image]

[End of figure]

Within the Management Directorate is the DHS Office of the CIO, which 
is assigned primary responsibility for addressing departmentwide system 
integration issues. According to the CIO, this office is responsible 
for, among other things, developing and facilitating the implementation 
of such integration enablers as the department's IT strategic plan, key 
aspects of the IT investment management process, and enterprise 
architecture. (Each of these three system integration enablers is 
discussed in greater detail in app. II.) According to the CIO, his 
office was authorized 65 positions[Footnote 5] and provided $245 
million in funding for fiscal year 2004.[Footnote 6]

DHS Predecessor Agencies and Programs Have Varying Characteristics: 

The 22 agencies and agency components that were merged into DHS vary in 
a number of ways, including their time in existence, size, and mission 
focus, the latter ranging from law enforcement and border security to 
biological research, computer security, and disaster mitigation. The 
Federal Emergency Management Agency (FEMA), the Transportation Security 
Administration (TSA), and the U.S. Coast Guard illustrate this variety: 

* FEMA: This agency was formed about 25 years ago to consolidate 
emergency and disaster relief functions that were spread across several 
federal agencies. FEMA's mission is to help the United States prepare 
for, prevent, respond to, and recover from disasters. FEMA, which is 
now in DHS's Emergency Preparedness and Response directorate, has about 
2,500 full-time employees, an additional 5,000 stand-by disaster 
reservists, and an annual operating budget of about $4.8 billion.

* TSA: This agency was established about 2˝ years ago as part of the 
U.S. Department of Transportation in response to the September 11 
terrorist attacks. TSA's mission includes ensuring safety in civil 
aviation and at airports through screening, intelligence, education, 
and regulation. Now in DHS's Border and Transportation Security 
directorate, TSA has about 53,000 employees and an annual operating 
budget of about $5.3 billion.

* Coast Guard: This agency was established over 200 years ago, and in 
time of war is under the direction of the Department of the Navy. The 
Coast Guard's mission is to protect the public, the environment, and 
U.S. economic and security interests in international waters and 
America's coasts, ports, and inland waterways. The Coast Guard, which 
is an agency that reports directly to the DHS Secretary, has 
approximately 39,000 full-time military personnel, 6,000 full-time 
permanent civilian employees, and an operating budget of about $7.5 
billion.

Each of the 22 agencies or agency components also brought with it its 
individual IT management organization. In particular, FEMA, TSA, and 
the Coast Guard each have CIO organizations to perform IT management 
functions, such as investment management, information security, and 
enterprise architecture. According to FEMA, its CIO organization has 
about 262 permanent employees and approximately 70 temporary (disaster-
related) employees. TSA reports that its CIO organization has roughly 
145 employees. The Coast Guard reports that its CIO organization has 
approximately 140 employees. Collectively, these three CIO 
organizations account for about 600 authorized positions and control 
about $3.6 billion in fiscal year 2004 IT budget and spending.

Integrating 22 Component Organizations' Numerous and Diverse IT Systems 
Poses a Formidable Challenge: 

In addition to the aforementioned differences among the 22 agencies and 
agency components, the 22 agencies also brought their respective IT 
systems. DHS inherited about 700 of these systems, and, according to 
the DHS CIO, the department has categorized them into three groups: 
direct mission support, back office, and infrastructure. In fiscal year 
2004, DHS requested about $4.1 billion--the third largest IT budget in 
the federal government[Footnote 7]--to manage these systems, including 
operating and maintaining existing systems and acquiring new systems 
that were being initiated or were under way within the 22 agencies and 
agency components before the department was formed. Examples of new 
system investments include the following in the Border and 
Transportation Security directorate: 

* Integrated Surveillance Intelligence System: This system is to 
provide full-time border coverage through ground-based sensors, fixed 
cameras, and computer-aided detection capabilities. For fiscal year 
2004, funding for the system is about $55.7 million. The life-cycle 
cost for the system is estimated to be about $1.17 billion.

* Computer Assisted Passenger Prescreening System II: This system, 
better known as CAPPS II, is to identify airline passengers requiring 
additional security attention. For fiscal year 2004, funding for the 
system is about $45 million. The life-cycle cost of the system through 
fiscal year 2008 is estimated to be about $380 million.[Footnote 8]

* Automated Commercial Environment: This system, also known as ACE, is 
to be a new trade processing system that is planned to support 
effective and efficient movement of goods into the United States. For 
fiscal year 2004, funding for the system is about $318.7 million. The 
life-cycle cost of the system is estimated to be about $1.5 
billion.[Footnote 9]

* United States Visitor and Immigrant Status Indicator Technology: This 
system, commonly called US-VISIT, is to strengthen management of the 
pre-entry, entry, status, and exit of foreign nationals who travel to 
the United States. For fiscal year 2004, funding for US-VISIT is about 
$330 million. The department did not provide us with an estimated life-
cycle cost for the system.[Footnote 10]

Control over the department's IT budget is vested primarily with the 
CIO organizations within each of its component organizations. These 
component CIO organizations are accountable to the heads of DHS's 
respective organizational components. For example, the CIO for the 
Bureau of Customs and Border Protection, which is a component of the 
Border and Transportation Security directorate, reports to the 
Commissioner of Customs and Border Protection, not to the DHS CIO.

To maximize its mission performance, DHS faces the enormous task of 
integrating and consolidating its roughly 700 systems. This includes 
exploiting opportunities to eliminate and consolidate systems in order 
to improve mission support and reduce system costs. As we recently 
reported,[Footnote 11] OMB, before DHS's formation, reviewed the IT 
investments within the department's predecessor agencies and agency 
components to identify, among other things, whether savings could be 
realized through integration and consolidation. In July 2002, OMB 
reported that 2-year savings of between $165 million and $285 million 
could be possible through consolidation of the components' IT 
investments in infrastructure and business systems alone. OMB also 
acknowledged that at the time of its review, the anticipated budgetary 
savings had not yet occurred, and for that reason, it assigned DHS 
responsibility for executing the consolidations and tracking savings 
when they are realized. Accordingly, we recommended, among other 
things, that DHS periodically report to its congressional committees 
the budgetary savings that result from department consolidation and 
integration efforts.

DHS Is in the Process of Defining Its Systems Integration Strategy: 

Our research on successful public and private sector organizations and 
our experience in reviewing the management of agency integration 
efforts shows that those entities that were successful in such 
integration relied on effective strategic IT management frameworks to 
guide their efforts, including developing IT strategic plans, 
implementing effective IT investment management and decision-making 
practices, and developing and enforcing an enterprise 
architecture.[Footnote 12] Moreover, we have previously reported that 
the effective integration of new and existing IT systems is a critical 
success factor for DHS because this integration is a means to (1) more 
efficient operations, through, for example, elimination of system 
redundancies and overlap, and (2) more effective operations, through, 
for example, increased information sharing within DHS and between it 
and other agencies involved in homeland security (e.g., the Federal 
Bureau of Investigation and the Central Intelligence Agency).[Footnote 
13] The tenets of developing and using a strategic management framework 
are described in our prior research on best practices in private-sector 
firms and government organizations[Footnote 14] and are called for in 
federal IT management laws and guidance, such as the Clinger-Cohen 
Act[Footnote 15] and OMB Circular No. A-130.[Footnote 16] Jointly, the 
act and circular direct federal agencies to develop and implement 
systems integration strategies through a comprehensive strategic IT 
management framework that, among other things, includes: 

* developing and implementing an IT strategic plan that defines how IT 
will be managed to support agency missions;

* establishing and implementing an IT investment management process 
that is linked to budget formulation and execution, and provides for 
continuous and informed investment decision-making based on the 
relative costs, benefits, and risks of competing investment options; 
and: 

* developing and implementing an enterprise architecture that describes 
the current and future operational and technological states and 
provides a plan for sequencing between the two states that can be used 
for system acquisition and investment decision-making purposes.

(Each of these framework components is described in more detail in app. 
II.) The processes and tools associated with these strategic management 
disciplines serve to provide a common, authoritative understanding of 
both the desired ends, such as systems integration, and the means to 
these ends.

DHS has not yet completed a systems integration strategy, but it is in 
the process of doing so through its ongoing efforts to finalize a draft 
IT strategic plan, institutionalize a recently revised IT investment 
management process, and develop a more complete enterprise 
architecture. Each is discussed below.

* IT strategic plan. DHS is in the process of finalizing a draft plan. 
According to a March 2004 draft,[Footnote 17] which department 
officials told us was current, the plan is to be the driving force in 
establishing DHS's strategic IT management framework. Its stated 
purpose is to discuss how the department plans to manage and use IT to 
achieve strategic mission goals.

To achieve mission goals, the plan identifies eight priorities for 
2004: information sharing, mission rationalization, portfolio 
management, security, single infrastructure, enterprise architecture, 
governance, and human capital. DHS officials said that, when completed, 
the plan is to define the associated steps to achieve each priority. 
For example, to achieve the priority of a single infrastructure, which 
calls for the establishment of a single wide area network and 
associated infrastructure connecting the department's components, the 
plan identifies eight initiatives--such as establishing enterprise 
information assurance, implementing a standard desktop computing 
environment, and consolidating data centers. The plan also provides for 
establishing key IT management processes and products--namely, 
investment management and enterprise architecture, respectively--that 
the department views as essential to implementing the plan. According 
to the CIO, the department has recently identified a senior DHS 
business sponsor and a member of the CIO's office to develop detailed 
plans for each priority, and these plans are to be completed by mid-
2004.

* Investment management process. DHS has developed and has begun 
implementing a departmental IT investment management process. 
Specifically, in May 2003, DHS issued an investment review management 
directive and an IT capital planning and investment control guide, 
which specify investment documentation and review requirements. The 
stated purpose of the management directive includes ensuring that 
spending on IT investments directly supports DHS's mission goals and 
objectives, and that duplicative spending on system investments is 
identified for cost-saving consolidation. Among other things, this 
directive requires that system investments support the department's 
mission goals and objectives, including those identified in the IT 
strategic plan, enterprise architecture, other department policies and 
strategies (e.g., business strategic plan), and federal strategies and 
guidance (e.g., the National Strategy for Homeland Security[Footnote 
18]). The directive also requires that as part of the investment 
approval process, component organizations demonstrate to executive 
management that proposed project requirements are consistent with DHS's 
strategic plans and enterprise architecture.

We reported in February 2004[Footnote 19] that this process was being 
refined and institutionalized. For example, while DHS had established a 
departmentwide IT Investment Review Board for managing and overseeing 
expensive and mission-critical system investments, the board had only 
reviewed 9 investments, while about 100 investments were eligible for 
review. Accordingly, we recommended that DHS develop a schedule for 
reviewing the investments under its control and oversight. According to 
the CIO, DHS has since refined its investment review and control 
process by, for example, creating a hierarchy of investment review 
boards, adjusting the criteria governing the level of board review 
needed for projects, and developing templates and other tools to aid in 
the review process. The CIO stated that the potential effect of these 
changes will be to expedite the backlog of project reviews. DHS is now 
focusing on institutionalizing this process, including developing 
review schedules for the respective boards.

* Enterprise architecture: DHS is in the process of developing the next 
version of its enterprise architecture. In August 2003, DHS issued the 
first version of its architecture, which DHS officials described as 
conceptual and high-level. Nevertheless, DHS officials said the 
department has been able to use the architecture on a limited basis to, 
for example, consolidate investments into related areas in developing 
the department's fiscal year 2005 budget request, including identifying 
opportunities to merge proposals. DHS plans to continue evolving the 
architecture and issue another version in September 2004. We are 
currently reviewing the initial version of the architecture at the 
request of the Chairman of the House Subcommittee on Technology, 
Information Policy, Intergovernmental Relations and the Census, 
Committee on Government Reform.

According to the CIO, although DHS started working on its strategic IT 
management framework soon after the department began operation, 
progress to date on completing the framework--which would provide, 
among other things, a departmentwide systems integration strategy--has 
been impeded by (1) insufficient staffing; (2) higher priority demands, 
such as establishing a departmentwide e-mail system and linking and 
consolidating existing DHS component networks; and (3) near-term, high-
payoff opportunities, such as consolidating wireless communication and 
computer operations capabilities, and linking DHS networks with partner 
agencies outside the department.

Of these three issues, the CIO stated that insufficient staffing is 
currently the biggest obstacle. More specifically, the CIO said that 
his office received substantially less staff than he requested when the 
department was originally established in 2003. To illustrate his 
statement, the CIO said that after studying other comparably sized 
federal department CIO organizations, he requested approximately 163 
positions. However, he said that his office received about 65 
positions. The CIO also said that his office does not have authority 
over the hundreds of staff in the component CIO offices and billions of 
dollars that the 22 agencies and agency components control, and he 
acknowledged that DHS components often each have substantially more IT 
staff resources than his office. In contrast, according to our research 
on leading private and public sector organizations and experience at 
federal agencies, leading organizations adopt and use an enterprisewide 
approach under the leadership of a CIO or comparable senior executive 
who has the responsibility and authority, including budgetary and 
spending control, for IT across the entity.[Footnote 20]

Additionally, the CIO told us that completing the department's 
strategic IT management framework and implementing the kind of IT 
budgetary control and authority model needed for its effective 
implementation and enforcement is important and is an area of focus in 
2004. The CIO added that completing this effort is important because 
the department continues to make substantial IT investments without the 
strategic management framework and the IT spending authority and 
control model needed to effectively integrate new and existing systems 
across the department. Our research on leading organizations and our 
experience at federal agencies show that proceeding in this manner 
increases the risk that investments may later require expensive rework 
to be effectively integrated and brought into alignment with the 
framework.[Footnote 21]

DHS's Interim Steps to Reduce Risk of Rework for Ongoing IT Investments 
Are Not Sufficient: 

OMB has issued guidance to federal agencies directing them to develop 
and implement management structures and processes to ensure proper 
alignment between IT system investments and mission goals, strategic 
visions, plans, and future architectural states.[Footnote 22] 
Additionally, our prior reviews at federal agencies and research on 
enterprise IT management have shown that attempts to align new and 
existing systems without an effective strategic management framework 
increase the risk of investing in system solutions that are 
duplicative, are not well integrated, are unnecessarily costly to 
maintain and interface, and do not effectively optimize mission 
performance.[Footnote 23] Accordingly, until agencies develop 
strategic management frameworks, we have recommended[Footnote 24] 
limiting IT spending to cost-effective efforts that are congressionally 
directed; are near-term, relatively small, and low-risk opportunities 
to leverage technology in satisfying a compelling agency need; support 
operations and maintenance of existing mission-critical systems; 
involve deploying an already developed and fully tested system; or 
support the establishment of an agency's strategic IT management 
framework.

Although DHS has defined and is institutionalizing structures and 
processes for IT investment management that are intended to align 
investments with the department's strategic direction, these investment 
management structures and processes are not yet fully implemented. 
Moreover, two key ingredients to effective investment management--a 
departmentwide IT strategic plan and the next version of the enterprise 
architecture--are not yet in place. In the interim, DHS has relied on 
its evolving investment management structures and processes. In 
addition, DHS officials told us that component agencies and 
organizations have followed the respective investment management 
approaches, strategic plans, and architectures that existed within 
their pre-DHS organizations, augmented by informal contacts with 
department-level strategic planners and architects, and consideration 
of the President's National Strategy for: 

Homeland Security[Footnote 25] and statutory provisions related to 
homeland security, such as the Maritime Transportation Security Act. 
The use of these respective approaches is evident in the following 
three IT system investments from FEMA, TSA, and Coast Guard. According 
to the three components, these are illustrative of how each is ensuring 
that its IT investments are aligned with the department's strategic 
direction: 

* Grant Business Management System. FEMA began acquiring this system in 
2003 to automate its end-to-end grant management processes. According 
to FEMA, the system is to be fully operational by fiscal year 2009, and 
about $8.2 million is to be spent on it in fiscal year 2004. Currently, 
FEMA reports that the system's requirements have been defined and 
system design activities are under way. To justify its 2004 investment 
in the system, agency officials told us that they followed internal 
FEMA investment management processes, including explicitly mapping the 
system's functions to the goals and objectives in the National Strategy 
for Homeland Security, the President's Management Agenda,[Footnote 26] 
and the FEMA Strategic Plan. These officials also told us that they 
have since begun to justify the system's fiscal year 2005 request 
following DHS's capital planning and investment control guidance, 
augmented by meetings with DHS's enterprise architecture team to 
discuss the system's alignment with the department's strategic 
direction. According to the officials, these meetings were not 
documented, but they said a discussion topic was the system's mission-
needs statement, and whether it could be linked to the DHS enterprise 
architecture.

* Integrated Intermodal Information System. TSA began developing this 
system in 2003 to integrate selected multimodal passenger and cargo 
data for the purpose of identifying suspicious or anomalous situations. 
During fiscal year 2004, TSA plans to spend about $1 million for the 
concept development phase of the system. In proposing the system, 
agency officials stated that they followed TSA internal investment 
management processes, including linking the system's mission needs 
statement and its requirements with the goals and objectives specified 
in the National Strategy on Homeland Security and the President's 
Management Agenda. However, system initiation documents show only that 
TSA linked the system to TSA's draft strategic plan. The officials said 
that as the system acquisition progresses, they plan to follow the DHS 
investment management process, including the appropriate steps to 
ensure that the system is aligned with DHS's strategic plans and 
enterprise architecture.

* Aviation Logistics Management Information System. The Coast Guard 
began acquiring this system in 2001 to support aircraft operations, 
logistics, and maintenance. In 2002, and after about $12.3 million was 
invested, the system began operating; the Coast Guard reports that it 
spends about $5 million each year to operate and maintain it. Coast 
Guard officials told us that they followed internal Coast Guard capital 
planning and investment control guidance, along with OMB guidance, in 
justifying this and other IT investments as part of the annual budget 
cycle. Project documentation shows that system performance goals and 
measures have been mapped to the Coast Guard's annual performance plan 
and strategic plan. The Coast Guard Chief Knowledge Officer said that 
since the Coast Guard became a separate component agency within DHS, it 
has continued to monitor the system's strategic alignment using this 
same capital planning and investment control guidance.

In summary, these examples show that to align their ongoing system 
investments with DHS's evolving systems integration strategy, the 
component organizations have thus far relied primarily on the 
respective investment management approaches, strategic plans, and 
architectures that existed within their pre-DHS organizations, 
augmented by informal contacts with department-level strategic planners 
and architects, and consideration of the President's National Strategy 
on Homeland Security. However, this approach continues reliance on the 
components' individual IT strategies, investment processes, and 
architectures that produced the diverse set of systems that the 
department inherited when it was established. In addition, using 
informal communication relies too heavily on oral discussions of 
complex strategic contexts and frames of reference that are still being 
explicitly defined, thus increasing the chances of both 
misunderstanding and misinformed decisions.

According to the DHS CIO and officials within the three component 
organizations, this approach was adopted to permit the department to 
pursue mission need-based system capabilities while the department's 
strategic IT management framework was being developed. DHS officials 
said that as the framework is institutionalized, component agencies are 
beginning to use DHS processes. Nevertheless, the longer the department 
continues to invest in major IT systems without the completed framework 
and sufficient department-level CIO authority over component IT 
organizations' resources and spending, the greater the risk is that new 
and existing system investments will later require rework to be 
properly aligned with the framework.

Conclusions: 

Having a well-defined and executed departmentwide strategic IT 
management framework is critical to DHS's ability to effectively and 
efficiently integrate its components' new and existing systems. DHS's 
CIO recognizes this and has stated his commitment to ensuring that the 
framework is put in place. However, DHS-wide allocation of resources 
across the department has yet to reflect this criticality; huge sums 
are going to component IT management organizations and investments, 
while relatively fewer resources are being invested in the department's 
strategic IT framework. Moreover, DHS has yet to assign the 
department's CIO explicit authority over all of its IT spending. It is 
important that DHS strike the proper balance between component 
organizations' pursuit of new and enhanced systems and establishing the 
means for achieving its departmentwide systems environment--a 
homogeneous family of systems that optimally support departmentwide 
operations and mission performance. Steps taken thus far have yet to 
strike this balance, which increases the risk that today's IT system 
investments will have to be redone tomorrow to produce the target 
systems environment.

Recommendations for Executive Action: 

Until DHS's strategic IT management framework is completed and 
available to effectively guide and constrain the billions of dollars 
that it is spending on IT investments, we recommend that the Secretary 
of Homeland Security direct the heads of the department's directorates 
and agencies to limit spending on their respective IT investments to 
cost-effective efforts that: 

* are congressionally directed;

* take advantage of near-term, relatively small, low-risk opportunities 
to leverage technology in satisfying a compelling homeland security 
need;

* support operations and maintenance of existing systems critical to 
DHS's mission;

* involve deploying an already developed and fully tested system; or: 

* support establishment of a DHS strategic IT management framework, 
including IT strategic planning, enterprise architecture, and 
investment management.

We also recommend that in determining the cost-effectiveness of these 
IT investments, the Secretary direct the heads of DHS's directorates 
and agencies to ensure that full consideration be given to the 
estimated cost of any future system rework that would be needed to 
later align the system with the department's emerging systems 
integration strategy.

Further, we recommend that the Secretary examine the sufficiency of IT 
spending authority vested in the CIO and take appropriate steps to 
correct any limitations in authority that constrain the CIO's ability 
to effectively integrate IT investments in support of departmentwide 
mission goals.

Agency Comments and Our Evaluation: 

In written comments on a draft of this report, which are reprinted in 
appendix III, the DHS Assistant Secretary for Legislative Affairs did 
not agree or disagree with our findings, conclusions, or 
recommendations. Rather, the Assistant Secretary described DHS's IT 
challenges and priorities, and provided documentation on them, 
including efforts to achieve its priorities. Specifically, the 
Assistant Secretary stated that three major IT challenges face DHS: 
ensuring that homeland security employees have system-enabled solutions 
and tools to safeguard our country, integrating existing IT systems 
within the context of the department's enterprise architecture, and 
identifying and eliminating IT system overlap and redundancy while not 
hampering ongoing mission activities. In addition, the Assistant 
Secretary (1) identified eight departmentwide priorities (e.g., IT 
portfolio management, enterprise architecture, and information 
sharing) that the DHS and component CIOs have set and (2) described 
efforts under way to develop business cases and other plans needed to 
address the eight. The information conveyed in DHS's comments is 
consistent with information obtained during the course of our review 
that showed progress and plans for institutionalizing the department's 
strategic IT management framework.

As agreed with your staff, unless you publicly announce the contents of 
this report earlier, we plan no distribution of it until 30 days from 
the date of this report. At that time we will send copies of this 
report to the Secretary of Homeland Security, and the Director, OMB. We 
will also make copies available to others upon request. In addition, 
the report will be available at no charge on the GAO Web site at 
[Hyperlink, http: //www.gao.gov]. If you have any questions on matters 
discussed in this report, please contact me at (202) 512-3439 or at 
[Hyperlink, hiter@gao.gov]. Key contributors to this report are listed 
in appendix IV.

Sincerely yours,

Signed by: 

Randolph C. Hite, 
Director, Information Technology Architecture and Systems Issues: 

[End of section]

Appendixes: 

[End of section]

Appendix I: Scope and Methodology: 

To evaluate whether the Department of Homeland Security (DHS) has 
defined a systems integration strategy, we requested and reviewed 
relevant plans and documents from the department, including policies, 
procedures, guidance, and other business and information technology 
(IT) strategic documents. Because these documents were being developed, 
we did not evaluate their quality or completeness. We also interviewed 
DHS officials, including the Chief Information Officer (CIO) and other 
department and selected component agency officials responsible for 
strategic planning to, among other things, identify the status of their 
efforts to develop an IT strategic plan, to refine its capital planning 
and investment control process, and to develop an enterprise 
architecture.

To determine how DHS is ensuring that component agency IT investments 
are aligned with the department's strategic direction, we reviewed 
department investment management policies and procedures and other 
associated documents. We also interviewed DHS's CIO and other 
department officials responsible for IT planning and investment 
management, including strategic investment alignment. As requested, we 
focused on three DHS components agencies: the Federal Emergency 
Management Agency (FEMA), the Transportation Security Administration 
(TSA), and the U.S. Coast Guard. We requested that each of these 
components provide a representative example of an IT system investment 
that best demonstrated the interim steps that it was taking to align 
system investments with DHS's evolving strategic IT management 
framework. The examples provided were FEMA's Grant Business Management 
System, TSA's Integrated Intermodal Information System, and the Coast 
Guard's Aviation Logistics Management Information System. We reviewed 
available documentation for the examples to determine how each 
component is ensuring that investments are aligned with DHS's strategic 
direction. We also interviewed FEMA, TSA, and Coast Guard officials as 
necessary to understand the steps they had taken to strategically align 
these investments.

We performed our work at DHS and component agency facilities in the 
Washington, D.C., area from September 2003 through March 2004, in 
accordance with generally accepted government auditing standards.

[End of section]

Appendix II: Strategic Information Technology Management Framework 
Components: 

The tenets of a strategic information technology (IT) management 
framework are described in our prior research on best practices in 
private-sector firms and government organizations[Footnote 27] and are 
called for in federal management laws and guidance, such as the 
Clinger-Cohen Act[Footnote 28] and Office of Management and Budget 
(OMB) Circular No. A-130.[Footnote 29] Three key components of such a 
framework are an IT strategic plan, an IT investment management 
process, and an enterprise architecture.

An IT strategic plan serves as a vision or road map for implementing 
effective management controls and marshalling resources in a manner 
that will facilitate leveraging of IT to support mission goals and 
outcomes. The strategic plan should be tied to and support the agency 
strategic plan and provide for establishing and implementing IT 
management processes. Among other things, the plan should describe the 
management processes required for the IT function to execute its roles 
and responsibilities, thereby facilitating achievement of agency 
missions.

An IT investment management process provides a systematic method for 
agencies to minimize risks while maximizing return on investment. A 
central element of the federal approach to investment management has 
been the select/control/evaluate model. This model was initially 
identified in our Strategic Information Management Executive 
Guide,[Footnote 30] expanded in OMB's investment guidance,[Footnote 31] 
and then refined in our subsequent guidance.[Footnote 32] During the 
select phase, the organization (1) identifies and analyzes each 
project's risks and returns before committing significant funds to any 
project and (2) selects those projects that will best support its 
mission needs. During the control phase, the organization ensures that, 
as projects develop and investment expenditures continue, the project 
continues to meet mission needs at the expected levels of cost and 
risk. If the project is not meeting expectations or if problems have 
arisen, steps are quickly taken to address the deficiencies. If mission 
needs have changed, the organization is able to adjust its objectives 
for the project and appropriately modify expected project outcomes. 
During the evaluate phase, actual versus expected results are compared 
after a project has been fully implemented. This is done to (1) assess 
the project's impact on mission performance, (2) identify any changes 
or modifications to the project that may be needed, and (3) revise the 
investment management process based on lessons learned.

As discussed in our framework for assessing and improving enterprise 
architecture management,[Footnote 33] an enterprise architecture 
provides a clear and comprehensive picture of the structure of an 
entity, whether an organization or a functional or mission area. It is 
an essential tool for effectively and efficiently engineering business 
processes and for implementing and evolving supporting systems. More 
specifically, enterprise architectures are systematically derived and 
captured blueprints or descriptions--in useful models, diagrams, and 
narrative--of the mode of operation for a given enterprise. This mode 
of operation is described in both (1) logical terms, such as 
interrelated business processes and business rules, information needs 
and flows, data models, work locations, and users, and (2) technical 
terms, such as hardware, software, data, communications, security 
attributes, and performance standards. They provide these perspectives 
both for the enterprise's current, or "as is," environment and for its 
target, or "to be," environment, as well as a transition plan for 
moving from the "as is" to the "to be" environment.

[End of section]

Appendix III: Comments from the Department of Homeland Security: 

U.S. Department of Homeland Security 
Washington, DC 20528:

MAY 11 2004:

Homeland Security:

Mr. Randolph Hite:

Director, Architecture and Systems Issues: 
General Accounting Office:

Washington, DC 20548:

Dear Mr. Hite:

Thank you for the opportunity to review the draft report entitled 
Homeland Security Should Better Balance Need for System Integration 
Strategy with Spending for New and Enhanced Systems (GAO-04-509). This 
letter is prepared pursuant to 31 U.S.C. 720.

GAO Recommendations:

Until DHS's strategic IT management framework is completed and 
available to effectively guide and constrain the billions of dollars 
that it is spending on IT investments, we recommend that the Secretary 
of Homeland Security direct the heads of the department's directorates 
and agencies to limit spending on their respective IT investments to 
cost-effective efforts that:

* are congressionally directed;

* take advantage of near-term, relatively small, low-risk opportunities 
to leverage technology in satisfying a compelling homeland security 
need;

* support operations and maintenance of existing systems critical to 
DHS's mission; involve deploying an already developed and fully tested 
system, or:

* support establishment of a DHS strategic IT management framework, 
including IT strategic planning, enterprise architecture, and 
investment management.

We also recommend that in determining the cost-effectiveness of these 
IT investments, the Secretary direct the heads of DHS's directorates 
and agencies to ensure that full consideration be given to the 
estimated cost of any future system rework that would be needed to 
later align the system with the department's emerging systems 
integration strategy.

Further, we recommend that the Secretary examine the sufficiency of IT 
spending authority vested in the CIO and take appropriate steps to 
correct any limitations in authority that constrain the CIO's ability 
to effectively integrate IT investments in support of department-wide 
mission goals.

Response:

The challenge facing those who comprise the IT function of DHS is 
complex. There are three major areas of focus:

* The first is to ensure that the women and men on the front lines of 
the Department have all the IT enabled solutions and tools they need to 
safeguard the United States and to deliver our safety and service 
related operational functions and capabilities. The war on terrorism is 
real, and the Department must deliver new mission solutions with 
quality and speed in a cost-effective manner, while maintaining already 
existing mission solutions that it inherited when the department was 
formed.

* The second area addresses the integration of existing IT enabled 
solutions. Guided by the Homeland Security Enterprise Architecture, the 
Department is identifying opportunities to consolidate and streamline 
mission solutions. In mission areas such as threat identification and 
management, identity credentialing, and collaboration, the Department 
has identified multiple solutions in use within the various 
organizational elements of the Department. Our role is to help 
facilitate and support the operators and subject matter experts in our 
business units in determining the optimal number and nature of mission 
solutions needed.

* The third area is to realize efficiencies and economies of scale that 
the President and Congress have set forth in creating DHS. Here the 
Department must rapidly identify and eliminate existing overlap or 
redundancy within the IT infrastructure of the Department. However, DHS 
must ensure that it "does no harm" to mission solutions while it 
restructures and consolidates its infrastructure.

IT Priorities:

In order to guide the IT function in achieving success in these three 
overarching focus areas, the Department, in concert with its DHS CIO 
Council, set 8 priorities for the IT function:

* Information Sharing:

* Mission Rationalization:

* IT Portfolio Management:

* Information Security:

* Infrastructure Transformation * Enterprise Architecture:

* IT Governance:

* IT Human Capital:

These priorities are aligned with the Strategic Priorities of the 
Department set forth by Secretary Ridge and Deputy Secretary Loy. For 
each priority, DHS is in the process of developing the case for change, 
the business case, a roadmap that outlines the activities, tasks, and 
deliverables needed to achieve the desired objectives, and metrics by 
which it will measure success. I have enclosed the initial products of 
that work, the roadmaps and case for change documents, for our 
initiatives: Information Sharing, Mission Rationalization, IT 
Portfolio Management, Information Security, Infrastructure 
Transformation, and Enterprise Architecture. These documents represent 
our first drafts and will be updated and revised over time.

I appreciate your interest in the Department of Homeland Security, and 
I look forward to working with you on future homeland security issues. 
If I may be of further assistance, please contact the Office of 
Legislative Affairs at (202) 205-4412.

Sincerely,

Pamela J. Turner
Assistant Secretary for Legislative Affairs:

Enclosures:

1. Information Sharing Roadmap:

2. Mission Rationalization Roadmap:

3. DHS IT Portfolio Management Roadmap 

4. Information Security Roadmap:

5. Infrastructure Transformation Office Roadmap 

6. EA Roadmap:

[End of section]

Appendix IV: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Gary Mountjoy, (202) 512-6367: 

Acknowledgments: 

Barbara Collier, Vijay D'Souza, and Carl Urie made key contributions to 
this report.

(310263): 

FOOTNOTES

[1] For example, see U.S. General Accounting Office, Major Management 
Challenges and Program Risk: Department of Homeland Security, GAO-03-
102 (Washington, D.C.: January 2003) and Homeland Security: Proposal 
for Cabinet Agency Has Merit, but Implementation Will be Pivotal to 
Success, GAO-02-886T (Washington, D.C.: June 25, 2002).

[2] An enterprise architecture is the explicit description and 
documentation of the current and desired relationships among business 
and management processes and information technology. It describes the 
"current architecture" and "target architecture."

[3] U.S. Department of Homeland Security, Budget in Brief: Fiscal Year 
2005. 

[4] See GAO-03-102 and GAO-02-886T.

[5] Of these positions, 14 are currently vacant, and 9 are in the 
process of being filled.

[6] Of this amount, $185 million is for new systems, and $60 million is 
for operation and maintenance of existing systems.

[7] Office of Management and Budget, Budget of the U.S. Government, 
Fiscal Year 2005, Report on IT Spending for the Federal Government for 
Fiscal Years 2003, 2004, and 2005. According to this document, the 
Departments of Defense and Health and Human Services have the first and 
second largest IT budgets, respectively. 

[8] U.S. General Accounting Office, Aviation Security: Computer-
Assisted Passenger Prescreening System Faces Significant 
Implementation Challenges, GAO-04-385 (Washington, D.C.: February 
2004).

[9] U.S. General Accounting Office, Automated Commercial Environment 
Progressing, but Further Acquisition Management Improvements Needed, 
GAO-03-406 (Washington, D.C.: February 2003).

[10] U.S. General Accounting Office, Risks Facing Key Border and 
Transportation Security Program Need to Be Addressed, GAO-03-1083 
(Washington, D.C.: September 2003).

[11] For more information, see U.S. General Accounting Office, 
Information Technology: OMB and Department of Homeland Security 
Investment Reviews, GAO-04-323 (Washington, D.C.: February 2004).

[12] For example, see U.S. General Accounting Office, Information 
Technology: A Framework for Assessing and Improving Enterprise 
Architecture Management (Version 1.1), GAO-03-584G (Washington, D.C.: 
Apr. 1, 2003); Information Technology Investment Management: A 
Framework for Assessing and Improving Process Maturity (Version 1.1), 
GAO-04-394G (Washington, D.C.: March 2004); and Executive Guide: 
Improving Mission Performance through Strategic Information Management 
and Technology, GAO/AIMD-94-115 (Washington, D.C.: May 1994).

[13] For example, see U.S. General Accounting Office, Major Management 
Challenges and Program Risks: Department of Homeland Security, GAO-03-
102 (Washington, D.C.: January 2003).

[14] We have issued guidance to agencies related to enterprise 
architecture, IT investment management, and other management issues. 
For example, see GAO-03-584G and GAO-04-394G.

[15] Clinger-Cohen Act, 40 U.S.C. 11101-11703. 

[16] Office of Management and Budget, Management of Federal Information 
Resources, Circular No. A-130. 

[17] Department of Homeland Security, Information Resources Management 
Strategic Plan 2003-2008 v. 1.0, draft (Washington, D.C.: March 2004).

[18] Office of Homeland Security, The White House, National Strategy 
for Homeland Security (Washington, D.C.: July 2002).

[19] For more information, see U.S. General Accounting Office, 
Information Technology: OMB and Department of Homeland Security 
Investment Reviews, GAO-04-323 (Washington, D.C.: February 2004).

[20] For example, see U.S. General Accounting Office, Architect of the 
Capitol: Management and Accountability Framework Needed for 
Organizational Transformation, GAO-03-231 (Washington, D.C.: January 
2003) and Maximizing the Success of Chief Information Officers: 
Learning from Leading Organizations, GAO-01-376G (Washington, D.C.: 
February 2001). 

[21] For example, see GAO-03-231 and GAO-01-376G. 

[22] OMB Circulars No. A-130 and No. A-11.

[23] GAO/AIMD-10.1.23.

[24] For example, see U.S. General Accounting Office, Tax Systems 
Modernization: Blueprint Is a Good Start, but Not Yet Sufficiently 
Complete to Build or Acquire Systems, GAO/AIMD/GGD-98-54 (Washington, 
D.C.: February 1998).

[25] Office of Homeland Security, The White House, National Strategy 
for Homeland Security (Washington, D.C.: July 2002).

[26] The agenda points out important challenges for the federal 
government. It is intended to focus agencies' efforts on making 
progress in achieving management and performance improvements. 

[27] We have issued guidance to agencies related to enterprise 
architecture, IT investment management, and other management issues. 
For example, see U.S. General Accounting Office, Information 
Technology: A Framework for Assessing and Improving Enterprise 
Architecture Management (Version 1.1), GAO-03-584G (Washington, D.C.: 
April, 2003) and Information Technology Investment Management: A 
Framework for Assessing and Improving Process Maturity (Version 1.1), 
GAO-04-394G (Washington, D.C.: March 2004).

[28] Clinger-Cohen Act, 40 U.S.C. 11101-11703. 

[29] Office of Management and Budget, Management of Federal Information 
Resources, Circular No. A-130. 

[30] U.S. General Accounting Office, Executive Guide: Improving Mission 
Performance through Strategic Information Management and Technology, 
GAO/AIMD-94-115 (Washington, D.C.: May 1994).

[31] Executive Office of the President, Office of Management and 
Budget, Evaluating Information Technology Investments, A Practical 
Guide (Washington, D.C.: November 1995).

[32] GAO-04-394G.

[33] GAO-03-584G.

GAO's Mission: 

The General Accounting Office, the investigative arm of Congress, 
exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO's commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains 
abstracts and full-text files of current reports and testimony and an 
expanding archive of older products. The Web site features a search 
engine to help you locate documents using key words and phrases. You 
can print these documents in their entirety, including charts and other 
graphics.

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as "Today's Reports," on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order 
GAO Products" heading.

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. General Accounting Office

441 G Street NW,

Room LM Washington,

D.C. 20548: 

To order by Phone: 

Voice: (202) 512-6000: 

TDD: (202) 512-2537: 

Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov

Automated answering system: (800) 424-5454 or (202) 512-7470: 

Public Affairs: 

Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.

General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.

20548: