This is the accessible text file for GAO report number GAO-12-1041T 
entitled 'Department of Homeland Security: Continued Progress Made 
Improving and Integrating Management Areas, but More Work Remains' 
which was released on September 20, 2012. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Testimony: 

Before the Committee on Homeland Security, House of Representatives: 

For Release on Delivery: 
Expected at 10:00 a.m. EST:
Thursday, September 20, 2012: 

Department of Homeland Security: 

Continued Progress Made Improving and Integrating Management Areas, 
but More Work Remains: 

Statement of David C. Maurer, Director: 
Homeland Security and Justice Issues: 

GAO-12-1041T: 

Chairman King, Ranking Member Thompson, and Members of the Committee: 

I am pleased to be here today to discuss the Department of Homeland 
Security's (DHS) efforts to strengthen and integrate its management 
functions. DHS now has more than 200,000 employees and an annual 
budget of almost $60 billion, and its transformation is critical to 
achieving its homeland security and other missions. Since 2003, GAO 
has designated the implementation and transformation of DHS as high 
risk because DHS had to combine 22 agencies--several with major 
management challenges--into one department, and failure to effectively 
address DHS's management and mission risks could have serious 
consequences for our national and economic security.[Footnote 1] This 
high-risk area includes challenges in strengthening DHS's management 
functions--financial management, acquisition management, human 
capital, and information technology (IT)--the effect of those 
challenges on DHS's mission implementation, and challenges in 
integrating management functions within and across the department and 
its components. 

In November 2000, we published our criteria for removing areas from 
the high-risk list.[Footnote 2] Specifically, agencies must have (1) a 
demonstrated strong commitment and top leadership support to address 
the risks; (2) the capacity (that is, the people and other resources) 
to resolve the risks; (3) a corrective action plan that identifies the 
root causes, identifies effective solutions, and provides for 
substantially completing corrective measures in the near term, 
including but not limited to steps necessary to implement solutions we 
recommended; (4) a program instituted to monitor and independently 
validate the effectiveness and sustainability of corrective measures; 
and (5) the ability to demonstrate progress in implementing corrective 
measures. 

On the basis of our prior work, in a September 2010 letter to DHS, we 
identified, and DHS agreed to achieve, 31 actions and outcomes that 
are critical to addressing the challenges within the department's 
management areas and in integrating those functions across the 
department to address the high-risk designation.[Footnote 3] These key 
actions and outcomes include, among others, obtaining and then 
sustaining unqualified audit opinions for at least 2 consecutive years 
on the departmentwide financial statements; validating required 
acquisition documents in accordance with a department-approved, 
knowledge-based acquisition process; and demonstrating measurable 
progress in implementing its IT human capital plan and accomplishing 
defined outcomes.[Footnote 4] In January 2011, DHS issued its initial 
Integrated Strategy for High Risk Management, which included key 
management initiatives (e.g., financial management controls, IT 
program governance, and procurement staffing model) to address 
challenges and the outcomes we identified for each management area. 
DHS provided updates of its progress in implementing these initiatives 
in later versions of the strategy--June 2011, December 2011, and June 
2012. Achieving and sustaining progress in these management areas 
would demonstrate the department's ability and ongoing commitment to 
addressing our five criteria for removing issues from the high-risk 
list. 

My testimony this morning, as requested, will discuss our 
observations, based on prior and ongoing work, on DHS's progress in 
achieving outcomes critical to addressing its high-risk designation 
for the implementation and transformation of the department. 

This statement is based on prior reports and testimonies we issued 
from June 2007 through September 2012 and letters we submitted to DHS 
in March and November 2011 providing feedback on the department's 
January and June 2011 versions of its Integrated Strategy for High 
Risk Management.[Footnote 5] For the past products, among other 
methodologies, we interviewed DHS officials; analyzed DHS strategies 
and other documents related to the department's implementation and 
transformation high-risk area; and reviewed our past reports, issued 
since DHS began its operations in March 2003. All of this work was 
conducted in accordance with generally accepted government auditing 
standards; more-detailed information on the scope and methodology from 
our prior work can be found within each specific report. This 
statement is also based on observations from our ongoing work related 
to DHS IT investments.[Footnote 6] For this work, we analyzed recent 
cost and schedule performance for DHS's major IT investments as 
reported to the Office of Management and Budget as of March 2012. We 
will report on the final results of this review later this month. We 
are conducting this work in accordance with generally accepted 
government auditing standards. Those standards require that we plan 
and perform the audit to obtain sufficient, appropriate evidence to 
provide a reasonable basis for our findings and conclusions based on 
our audit objectives. We believe that the evidence obtained provides a 
reasonable basis for our findings and conclusions based on our audit 
objectives. 

DHS Has Made Progress in Addressing Its Management Challenges, but Has 
Significant Work Ahead to Achieve High-Risk Outcomes: 

Since we designated the implementation and transformation of DHS as 
high risk in 2003, DHS has made progress addressing management 
challenges and senior department officials have demonstrated 
commitment and top leadership support for addressing the department's 
management challenges. However, the department has significant work 
ahead to achieve positive outcomes in resolving high-risk issues. For 
example, DHS faces challenges in modernizing its financial systems, 
implementing acquisition management controls, and improving employee 
satisfaction survey results, among other things. As DHS continues to 
mature as an organization, it will be important for the department to 
continue to strengthen its management functions, since the 
effectiveness of these functions affects its ability to fulfill its 
homeland security and other missions. 

Financial management. DHS has made progress in addressing its 
financial management and internal controls weaknesses, but has been 
unable to obtain an unqualified audit opinion on its financial 
statements since the department's creation and faces challenges in 
modernizing its financial management systems. DHS has, among other 
things, 

* reduced the number of material weaknesses in internal controls from 
18 in 2003 to 5 in fiscal year 2011;[Footnote 7] 

* achieved its goal of receiving a qualified audit opinion on its 
fiscal year 2011 consolidated balance sheet and statement of custodial 
activity for the first time since the department's creation;[Footnote 
8] 

* established a goal of obtaining an audit opinion on all of its 
fiscal year 2012 financial statements; and: 

* expanded the scope of the annual financial audit to the complete set 
of fiscal year 2012 financial statements, which DHS believes will help 
it to obtain an unqualified opinion for fiscal year 2013.[Footnote 9] 

However, DHS continues to face challenges in financial management. For 
example, DHS anticipates difficulties in providing its auditors 
transaction-level detail to support balances reported in its fiscal 
year 2012 financial statements in order to obtain an opinion on its 
financial statements. This is due to, among other things, components 
not retaining original acquisition documentation or enforcing policies 
related to recording purchases and making payments. DHS also 
anticipates its auditors issuing a disclaimer in their fiscal year 
2012 report on internal controls over financial reporting due to 
material weaknesses in internal controls, such as lack of effective 
controls over the recording of financial transactions related to 
property, plant, and equipment. 

In addition, in December 2011, DHS reported that the Federal Emergency 
Management Agency (FEMA), U.S. Coast Guard (USCG), and U.S. 
Immigration and Customs Enforcement (ICE) have an essential business 
need to replace their financial management systems, but DHS has not 
fully developed its plans for upgrading existing or implementing new 
financial systems at these agencies. According to DHS's June 2012 
version of its Integrated Strategy for High Risk Management, the 
department plans to extend the useful life of FEMA's current system by 
about 3 years, while FEMA proceeds with a new financial management 
system solution, and is in the process of identifying the specific 
approach, necessary resources, and time frames for upgrading existing 
or implementing new financial systems at USCG and ICE. Without sound 
processes, controls, and systems, DHS faces long-term challenges in 
obtaining and sustaining an unqualified opinion on both its financial 
statements and internal controls over financial reporting, and 
ensuring its financial management systems generate reliable, useful, 
timely information for day-to-day decision making. We currently have 
ongoing work related to DHS's efforts to improve its financial 
reporting that we expect to report on in the spring of 2013.[Footnote 
10] 

Acquisition management. DHS has made progress in the acquisition 
management area by enhancing the department's ability to oversee major 
acquisition programs. For example: 

* DHS has established eight Centers of Excellence for cost estimating, 
systems engineering, and other disciplines to bring together program 
managers, senior leadership staff, and subject matter experts to 
promote best practices, provide expert counsel, technical guidance, 
and acquisition management tools; and each DHS component has 
established a Component Acquisition Executive (CAE) to provide 
oversight and support to programs within the component's portfolio. 

* According to DHS, as of June 2012, 75 percent of the core CAE 
support positions were filled. 

* In March 2012, DHS completed the development of a Procurement 
Staffing Model to determine optimal numbers of personnel to properly 
award and administer contracts. In June 2012, DHS reported that it is 
taking steps to implement the staffing model throughout headquarters 
and the components. 

* DHS included a new initiative (strategic sourcing) in its December 
2011 Integrated Strategy for High Risk Management to increase savings 
and improve acquisition efficiency by consolidating contracts 
departmentwide for the same kinds of products and services. The Office 
of Management and Budget's Office of Federal Procurement Policy has 
cited DHS's efforts among best practices for implementing federal 
strategic sourcing initiatives. Earlier this month, we reported that 
the department has implemented 42 strategically sourced efforts since 
the department's inception.[Footnote 11] According to DHS data, the 
department's spending through strategic sourcing contract vehicles has 
increased steadily from $1.8 billion in fiscal year 2008 to almost $3 
billion in fiscal year 2011, representing about 20 percent of DHS's 
procurement spending for that year. 

However, DHS continues to face significant challenges in managing its 
acquisitions. For example: 

* Earlier this week, we reported that 68 of the 71 program offices we 
surveyed from January through March 2012 responded that they 
experienced funding instability, workforce shortfalls, and/or changes 
to their planned capabilities over the programs' duration.[Footnote 
12] We have previously reported that these challenges increase the 
likelihood acquisition programs will cost more and take longer to 
deliver capabilities than expected.[Footnote 13] 

* Our recent review of DHS acquisition management also identified that 
while DHS's acquisition policy reflects many key program management 
practices that could help mitigate risks and increase the chances for 
successful outcomes, it does not fully reflect several key portfolio 
management practices, such as allocating resources 
strategically.[Footnote 14] DHS plans to develop stronger portfolio 
management policies and processes, but until it does so, DHS programs 
are more likely to experience additional funding instability, which 
will increase the risk of further cost growth and schedule slips. We 
recommended that DHS take a number of actions to help mitigate the 
risk of poor acquisition outcomes and strengthen the department's 
investment management activities. DHS concurred with all of our 
recommendations and noted actions it had taken or planned to address 
them. 

Human capital management. DHS has taken a number of actions to 
strengthen its human capital management. For example: 

* DHS issued human capital-related plans, guidance, and tools to 
address its human capital challenges, including a Workforce Strategy 
for 2011-2016; a revised Workforce Planning Guide, issued in March 
2011, to help the department plan for its workforce needs; and a 
Balanced Workforce Strategy tool, which some components have begun 
using to help achieve the appropriate mix of federal and contractor 
skills. 

* The department implemented two programs to address senior leadership 
recruitment and hiring, as we reported in February 2012.[Footnote 15] 
While DHS's senior leadership vacancy rate was as high as 25 percent 
in fiscal year 2006, it varied between 2006 and 2011 and declined 
overall to 10 percent at the end of fiscal year 2011.[Footnote 16] 

* DHS developed outreach plans to appeal to veterans and other 
underrepresented groups. 

While these initiatives are promising, DHS continues to face 
challenges in human capital management. For example: 

* As we reported in March 2012, based on our preliminary observations 
of DHS's efforts to improve employee morale, federal surveys have 
consistently found that DHS employees are less satisfied with their 
jobs than the government-wide average.[Footnote 17] DHS has taken 
steps to identify where it has the most significant employee 
satisfaction problems and developed plans to address those problems, 
such as establishing a departmentwide Employee Engagement Executive 
Steering Committee, but has not yet improved employee satisfaction 
survey results. We plan to issue a final report on our findings later 
this month.[Footnote 18] 

* As we reported in April 2012, changes in FEMA's workforce, workload, 
and composition have created challenges in FEMA's ability to meet the 
agency's varied responsibilities and train its staff 
appropriately.[Footnote 19] For example, FEMA has not developed 
processes to systematically collect and analyze agencywide workforce 
and training data that could be used to better inform its decision 
making. We recommended that FEMA, among other things, identify long-
term quantifiable mission-critical goals, establish lines of authority 
for agencywide workforce planning and training efforts, and develop 
systematic processes to collect and analyze workforce and training 
data. DHS concurred with our recommendations and reported actions 
underway to address them. 

Information technology management. DHS has made progress in 
strengthening its IT management, but the department has much more work 
to do to fully address its IT management weaknesses. Among other 
accomplishments, DHS has: 

* strengthened its enterprise architecture;[Footnote 20] 

* defined and begun to implement a vision for a tiered governance 
structure intended to improve program and portfolio management, as we 
reported in July 2012;[Footnote 21] and: 

* established a formal IT Program Management Development Track and 
staffed Centers of Excellence with subject matter experts to assist 
major and non-major programs. 

Based on preliminary observations from our review of DHS's major at-
risk IT acquisitions we are performing for the committee, these 
improvements may be having a positive effect. Specifically, as of 
March 2012, approximately two-thirds of the department's major IT 
investments we reviewed (47 of 68) were meeting current cost and 
schedule commitments (i.e. goals). 

DHS has made progress, but the department has much more work to do to 
fully address its IT management weaknesses. For example, the 
department needs to: 

* finalize the policies and procedures associated with its new tiered 
governance structure and continue to implement this structure, as we 
recommended in our July 2012 report;[Footnote 22] 

* continue to implement its IT human capital plan, which DHS believed 
would take 18 months to fully implement as of June 2012; and: 

* continue its efforts to enhance IT security by, among other things, 
effectively addressing material weaknesses in financial systems 
security, developing a plan to track and promptly respond to known 
vulnerabilities, and implementing key security controls and activities. 

Management integration. DHS has made progress in integrating its 
individual management functions across the department and its 
component agencies. For example, DHS has put into place common 
policies, procedures, and systems within individual management 
functions, such as human capital, that help to integrate its component 
agencies, as we reported in September 2011.[Footnote 23] To strengthen 
this effort, in May 2012, the Secretary of Homeland Security modified 
the delegations of authority between the Management Directorate and 
their counterparts at the component level. According to DHS, this 
action will provide increased standardization of operating guidelines, 
policies, structures, and oversight of programs. Additionally, DHS has 
taken steps to standardize key data elements for the management areas 
across the department to enhance its decision-making. For example, in 
April 2012, the Under Secretary for Management appointed an executive 
steering committee and tasked this committee with creating a "Data 
Mart" to integrate data from disparate sources and allow the 
dissemination of timely and reliable information by March 2013. 
Further, consistent with our prior recommendations, DHS has 
implemented mechanisms to promote accountability for management 
integration among department and component management chiefs by, among 
other things, having the department chiefs develop written objectives 
that explicitly reflect priorities and milestones for that management 
function.[Footnote 24] 

Although these actions are important, DHS needs to continue to 
demonstrate sustainable progress in integrating its management 
functions within and across the department and its components and take 
additional actions to further and more effectively integrate the 
department. For example, DHS recognizes the need to better integrate 
its lines of business. The Integrated Investment Life Cycle Model 
(IILCM), which the department is establishing to manage investments 
across the department's components and management functions, is an 
attempt at doing that. DHS identified the IILCM as one of its most 
significant management integration initiatives in January 2011. 
However, the June 2012 update reported that this initiative is in its 
early planning stages, will be phased in over multiple budget cycles, 
and requires additional resources to fully operationalize. In 
September 2012, DHS reported that it has developed draft policy and 
procedural guidance to support implementation of the IILCM and now 
plans to begin using aspects of this new approach to develop portions 
of the department's fiscal years 2015 through 2019 budget. 

DHS strategy for addressing GAO's high-risk designation. In January 
2011, DHS issued an agencywide management integration strategy--the 
Integrated Strategy for High Risk Management--as we recommended in our 
March 2005 report on DHS's management integration efforts.[Footnote 
25] DHS's most recent version of the strategy, issued in June 2012, 
greatly improved upon prior versions and addressed feedback we 
previously provided by, for example, identifying key measures and 
progress ratings for the 18 initiatives included in the strategy and 
the 31 outcomes.[Footnote 26] We believe the June 2012 strategy, if 
implemented and sustained, provides a path for DHS to address our high-
risk designation. 

DHS can further strengthen or clarify its Integrated Strategy for High 
Risk Management to better enable DHS, Congress, and GAO to assess the 
department's progress in implementing its management initiatives by, 
among other things: determining the resource needs for all of the 
corrective actions in the strategy; communicating to senior leadership 
critical resource gaps across all initiatives; and identifying program 
and project risks in a supporting risk mitigation plan for all 
initiatives. 

Going forward, DHS needs to continue implementing its Integrated 
Strategy for High Risk Management and show measurable, sustainable 
progress in implementing its key management initiatives and corrective 
actions and achieving outcomes. We will continue to monitor, assess, 
and provide feedback on DHS's implementation and transformation 
efforts through our ongoing and planned work, including the 2013 high-
risk update that we expect to issue in January 2013. 

Chairman King, Ranking Member Thompson, and Members of the Committee, 
this concludes my prepared statement. I would be pleased to respond to 
any questions that you may have. 

GAO Contact and Staff Acknowledgments: 

For questions about this statement, please contact David C. Maurer at 
(202) 512-9627 or maurerd@gao.gov. Contact points for our Offices of 
Congressional Relations and Public Affairs may be found on the last 
page of this statement. Individuals making key contributions to this 
statement include Maria Strudwick, Assistant Director; Victoria 
Miller, Analyst-in-Charge; and Chloe Brown. Other contributors 
include: David Alexander, Michael LaForge, Tom Lombardi, Anjalique 
Lawrence, Gary Mountjoy, Sabine Paul, and Katherine Trimble. Key 
contributors for the previous work that this testimony is based on are 
listed within each individual product. 

[End of section] 

Appendix I: Summary of Actions and Outcomes for Addressing the 
Implementing and Transforming the Department of Homeland Security High-
Risk Area: 

On the basis of our prior work, in a September 2010 letter to the 
Department of Homeland Security (DHS), we identified 31 actions and 
outcomes that are critical to addressing the challenges within the 
department's management areas and in integrating those functions 
across the department, thus addressing the high-risk designation. This 
appendix provides a summary of the 31 actions and outcomes. 

Financial management: 

1. Maintain top management commitment to correcting weaknesses: 

2. Address internal control, business process, and systems weaknesses: 

3. Commit sufficient resources to implement financial system 
modernization and complete a full-scope audit of the department's 
basic financial statements: 

4. Expand scope of financial statement audit to include an opinion on 
all of the department's basic financial statements: 

5. Sustain clean opinions for at least 2 consecutive years: 

6. Comply with the Federal Financial Management Improvement Act of 
1996: 

7. Embrace best practices for financial system modernization: 

8. Establish contractor oversight mechanisms for financial system 
modernization: 

9. Successfully implement new or upgrade existing financial systems as 
needed throughout the department, including the U.S. Coast Guard 
(USCG), Federal Emergency Management Agency (FEMA), and U.S. 
Immigration and Customs Enforcement (ICE): 

Acquisition management: 

1. Validate required acquisition documents in a timely manner at major 
milestones, including life-cycle cost estimates, in accordance with a 
department-approved, knowledge-based acquisition process: 

2. Improve component acquisition capability: 

3. Establish a Joint Requirements Council or a similar body: 

4. Ensure a sufficient number of trained acquisition personnel are in 
place at the department and component levels: 

5. Establish and demonstrate measurable progress in achieving goals 
that improve programs' compliance with the department's established 
processes and policies. For major acquisitions, demonstrate that 
actual cost and schedule performance are within baseline thresholds. 

Human capital management: 

1. Implement a human capital strategic plan: 

2. Link workforce planning to other department planning efforts: 

3. Enhance recruiting to meet current and long-term needs: 

4. Base human capital decisions on competencies and performance: 

5. Seek employees' input to strengthen human capital approaches and 
activities: 

6. Improve scores on the Office of Personnel Management's Federal 
Employee Viewpoint Survey: 

7. Assess and improve training, education, and development programs: 

Information technology management: 

1. Demonstrate achievement of stage 4 of GAO's Enterprise Architecture 
Management Maturity Framework (that is, completing and using an 
enterprise architecture for targeted results): 

2. Establish and implement information technology (IT) investment 
management best practices: 

3. Establish and implement IT system acquisition management processes: 

4. Show progress in implementing the IT strategic human capital plan: 

5. Demonstrate for at least two consecutive investment increments that 
cost and schedule performance is within the established threshold 
baseline for major investments: 

6. Enhance the security of internal IT systems and networks: 

Management integration: 

1. Implement actions and outcomes in each management area: 

2. Revise management integration strategy to address characteristics 
we previously recommended, such as set implementation goals and a 
timeline to monitor progress: 

3. Establish performance measures to assess progress made in achieving 
departmentwide management integration: 

4. Promote accountability for management integration among department 
and management chiefs through the performance management system: 

[End of section] 

Related GAO Reports: 

Homeland Security: DHS Requires More Disciplined Investment Management 
to Help Meet Mission Needs. [hyperlink, 
http://www.gao.gov/products/GAO-12-833]. Washington, D.C.: September 
18, 2012. 

Department of Homeland Security: Oversight and Coordination of 
Research and Development Should Be Strengthened. [hyperlink, 
http://www.gao.gov/products/GAO-12-837]. Washington, D.C.: September 
12, 2012. 

Homeland Security: DHS Has Enhanced Procurement Oversight Efforts, but 
Needs to Update Guidance. [hyperlink, 
http://www.gao.gov/products/GAO-12-947]. Washington, D.C.: September 
10, 2012. 

Information Technology: DHS Needs to Further Define and Implement Its 
New Governance Process. [hyperlink, 
http://www.gao.gov/products/GAO-12-818]. Washington, D.C.: July 25, 
2012. 

Federal Emergency Management Agency: Workforce Planning and Training 
Could Be Enhanced by Incorporating Strategic Management Principles. 
[hyperlink, http://www.gao.gov/products/GAO-12-487]. Washington, D.C.: 
April 26, 2012. 

Department of Homeland Security: Preliminary Observations on DHS's 
Efforts to Improve Employee Morale. [hyperlink, 
http://www.gao.gov/products/GAO-12-509T]. Washington, D.C.: March 22, 
2012. 

Department of Homeland Security: Continued Progress Made Improving and 
Integrating Management Areas, but More Work Remains. [hyperlink, 
http://www.gao.gov/products/GAO-12-365T]. Washington, D.C.: March 1, 
2012. 

Information Technology: Departments of Defense and Energy Need to 
Address Potentially Duplicative Investments. [hyperlink, 
http://www.gao.gov/products/GAO-12-241]. Washington D.C.: February 17, 
2012. 

DHS Human Capital: Senior Leadership Vacancy Rates Generally Declined, 
but Components' Rates Varied. [hyperlink, 
http://www.gao.gov/products/GAO-12-264]. Washington, D.C.: February 
10, 2012. 

Department of Homeland Security: Additional Actions Needed to 
Strengthen Strategic Planning and Management Functions. [hyperlink, 
http://www.gao.gov/products/GAO-12-382T]. Washington D.C.: February 3, 
2012. 

Department of Homeland Security: Progress Made and Work Remaining in 
Implementing Homeland Security Missions 10 Years after 9/11. 
[hyperlink, http://www.gao.gov/products/GAO-11-881]. Washington D.C.: 
September 7, 2011. 

High-Risk Series: An Update. [hyperlink, 
http://www.gao.gov/products/GAO-11-278]. Washington, D.C.: February 
2011. 

Information Security: Federal Agencies Have Taken Steps to Secure 
Wireless Networks, but Further Actions Can Mitigate Risk. [hyperlink, 
http://www.gao.gov/products/GAO-11-43]. Washington, D.C.: November 30, 
2010. 

Department of Homeland Security: Assessments of Selected Complex 
Acquisitions. [hyperlink, http://www.gao.gov/products/GAO-10-588SP]. 
Washington, D.C.: June 30, 2010. 

Information Security: Agencies Need to Implement Federal Desktop Core 
Configuration Requirements. [hyperlink, 
http://www.gao.gov/products/GAO-10-202]. Washington, D.C.: March 12, 
2010. 

Financial Management Systems: DHS Faces Challenges to Successfully 
Consolidating Its Existing Disparate Systems. [hyperlink, 
http://www.gao.gov/products/GAO-10-76]. Washington, D.C.: December 4, 
2009. 

Department of Homeland Security: Actions Taken Toward Management 
Integration, but a Comprehensive Strategy Is Still Needed. [hyperlink, 
http://www.gao.gov/products/GAO-10-131]. Washington, D.C.: November 
20, 2009. 

Homeland Security: Despite Progress, DHS Continues to Be Challenged in 
Managing Its Multi-Billion Dollar Annual Investment in Large-Scale 
Information Technology Systems. [hyperlink, 
http://www.gao.gov/products/GAO-09-1002T]. Washington, D.C.: September 
15, 2009. 

Department of Homeland Security: Billions Invested in Major Programs 
Lack Appropriate Oversight. [hyperlink, 
http://www.gao.gov/products/GAO-09-29]. Washington, D.C.: November 18, 
2008. 

Department of Homeland Security: Better Planning and Assessment Needed 
to Improve Outcomes for Complex Service Acquisitions. [hyperlink, 
http://www.gao.gov/products/GAO-08-263]. Washington, D.C.: April 22, 
2008. 

Homeland Security: Departmentwide Integrated Financial Management 
Systems Remain a Challenge. [hyperlink, 
http://www.gao.gov/products/GAO-07-536]. Washington, D.C.: June 21, 
2007. 

Information Technology Investment Management: A Framework for 
Assessing and Improving Process Maturity, version 1.1. [hyperlink, 
http://www.gao.gov/products/GAO-04-394G]. Washington, D.C.: March 2004. 

High-Risk Series: Strategic Human Capital Management. [hyperlink, 
http://www.gao.gov/products/GAO-03-120]. Washington, D.C.: January 
2003. 

Determining Performance and Accountability Challenges and High Risks. 
[hyperlink, http://www.gao.gov/products/GAO-01-159SP]. Washington, 
D.C.: November 2000. 

[End of section] 

Footnotes: 

[1] GAO, High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-03-119] (Washington, D.C.: January 
2003); GAO High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: January 
2009); High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-07-310] (Washington, D.C.: January 
2007); and High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-05-207] (Washington, D.C.: January 
2005). 

[2] GAO, Determining Performance and Accountability Challenges and 
High Risks, [hyperlink, http://www.gao.gov/products/GAO-01-159SP] 
(Washington, D.C.: November 2000). 

[3] See appendix I for a summary of the 31 actions and outcomes. 

[4] An unqualified opinion states that the audited financial 
statements present fairly, in all material respects, the financial 
position, results of operations, and cash flows of the entity in 
conformity with generally accepted accounting principles. 

[5] See the related products list at the end of this statement. 

[6] This review is being conducted at the request of this Committee's 
Subcommittee on Oversight, Investigations, and Management; and Senator 
Thomas Carper, Chairman, Subcommittee on Federal Financial Management, 
Government Information, Federal Services and International Security of 
the Senate Committee on Homeland Security and Governmental Affairs. 

[7] A material weakness is a significant deficiency, or a combination 
of significant deficiencies, in internal control such that there is a 
reasonable possibility that a material misstatement of the entity's 
financial statements will not be prevented or detected and corrected 
on a timely basis. A significant deficiency is a deficiency, or 
combination of deficiencies, in internal control that is less severe 
than a material weakness, yet important enough to merit attention by 
those charged with governance. A deficiency in internal control exists 
when the design or operation of a control does not allow management or 
employees, in the normal course of performing their assigned 
functions, to prevent, or detect and correct, misstatements on a 
timely basis. 

[8] A qualified opinion states that, except for the effects of the 
matter(s) to which the qualification relates, the audited financial 
statements present fairly, in all material respects, the financial 
position, results of operations, and cash flows of the entity in 
conformity with generally accepted accounting principles. The 
matter(s) to which the qualification relates could be due to a scope 
limitation, or the audited financial statements containing a material 
departure from generally accepted accounting principles, or both. 

[9] DHS's complete set of financial statements consist of the Balance 
Sheet, Statement of Net Cost, Statement of Changes in Net Position, 
Statement of Budgetary Resources, and Statement of Custodial Activity. 

[10] We are doing this work at the request of the Subcommittee on 
Federal Financial Management, Government Information, Federal Services 
and International Security of the Senate Committee on Homeland 
Security and Governmental Affairs. 

[11] GAO, Homeland Security: DHS Has Enhanced Procurement Oversight 
Efforts, but Needs to Update Guidance, [hyperlink, 
http://www.gao.gov/products/GAO-12-947] (Washington, D.C.: Sept. 10, 
2012). 

[12] GAO, Homeland Security: DHS Requires More Disciplined Investment 
Management to Help Meet Mission Needs, [hyperlink, 
http://www.gao.gov/products/GAO-12-833] (Washington, D.C.: Sept. 18, 
2012). 

[13] GAO, Department of Homeland Security: Assessments of Complex 
Acquisitions, [hyperlink, http://www.gao.gov/products/GAO-10-588SP] 
(Washington, D.C.: June 30, 2010). 

[14] [hyperlink, http://www.gao.gov/products/GAO-12-833]. 

[15] GAO, DHS Human Capital: Senior Leadership Vacancy Rates Generally 
Declined, but Components' Rates Varied, [hyperlink, 
http://www.gao.gov/products/GAO-12-264] (Washington, D.C.: Feb. 10, 
2012). 

[16] [hyperlink, http://www.gao.gov/products/GAO-12-264]. 

[17] GAO, Department of Homeland Security: Preliminary Observations on 
DHS's Efforts to Improve Employee Morale. [hyperlink, 
http://www.gao.gov/products/GAO-12-509T] (Washington, D.C.: Mar. 22, 
2012). 

[18] We are doing this work at the request of this Committee's 
Subcommittee on Oversight, Investigations, and Management; and Senator 
Susan Collins, Ranking Member of the Senate Committee on Homeland 
Security and Governmental Affairs. 

[19] GAO, Federal Emergency Management Agency: Workforce Planning and 
Training Could Be Enhanced by Incorporating Strategic Management 
Principles, [hyperlink, http://www.gao.gov/products/GAO-12-487] 
(Washington, D.C.: Apr. 26, 2012). 

[20] An enterprise architecture can be viewed as a blueprint for 
organizational transformation and IT modernization. 

[21] GAO, Information Technology: DHS Needs to Further Define and 
Implement Its New Governance Process, [hyperlink, 
http://www.gao.gov/products/GAO-12-818] (Washington, D.C.: July 25, 
2012). 

[22] [hyperlink, http://www.gao.gov/products/GAO-12-818]. 

[23] GAO, Department of Homeland Security: Progress Made and Work 
Remaining in Implementing Homeland Security Missions 10 Years after 
9/11, [hyperlink, http://www.gao.gov/products/GAO-11-881] (Washington 
D.C.: Sept. 7, 2011). 

[24] GAO, Department of Homeland Security: Actions Taken Toward 
Management Integration, but a Comprehensive Strategy Is Still Needed, 
[hyperlink, http://www.gao.gov/products/GAO-10-131] (Washington, D.C.: 
Nov. 20, 2009). 

[25] GAO, Department of Homeland Security: A Comprehensive and 
Sustained Approach Needed to Achieve Management Integration, 
[hyperlink, http://www.gao.gov/products/GAO-05-139] (Washington, D.C.: 
Mar. 16, 2005). 

[26] [hyperlink, http://www.gao.gov/products/GAO-10-131]. 

[End of section] 

GAO�s Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the 
performance and accountability of the federal government for the 
American people. GAO examines the use of public funds; evaluates 
federal programs and policies; and provides analyses, recommendations, 
and other assistance to help Congress make informed oversight, policy, 
and funding decisions. GAO�s commitment to good government is 
reflected in its core values of accountability, integrity, and 
reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO�s website [hyperlink, http://www.gao.gov]. Each 
weekday afternoon, GAO posts on its website newly released reports, 
testimony, and correspondence. To have GAO e-mail you a list of newly 
posted products, go to [hyperlink, http://www.gao.gov] and select 
�E-mail Updates.� 

Order by Phone: 

The price of each GAO publication reflects GAO�s actual cost of 
production and distribution and depends on the number of pages in the 
publication and whether the publication is printed in color or black 
and white. Pricing and ordering information is posted on GAO�s 
website, [hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or 
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card, 
MasterCard, Visa, check, or money order. Call for additional 
information. 

Connect with GAO: 

Connect with GAO on facebook, flickr, twitter, and YouTube.
Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts.
Visit GAO on the web at [hyperlink, http://www.gao.gov]. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; 
E-mail: fraudnet@gao.gov; 
Automated answering system: (800) 424-5454 or (202) 512-7470. 

[End of document] 

Congressional Relations: 

Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-4400
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, DC 20548. 

Public Affairs: 
Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, DC 20548.