Key Issues > High Risk > Strengthening Department of Homeland Security Management Functions
High Risk Medallion

Strengthening Department of Homeland Security Management Functions

This information appears as published in the 2017 High Risk Report.

View the 2017 Report

  1. Share with Facebook 
  2. Share with Twitter 
  3. Share with LinkedIn 
  4. Share with mail 

The Department of Homeland Security’s (DHS) top leadership, including the Secretary and Deputy Secretary of Homeland Security, has demonstrated exemplary commitment and support for addressing the department’s management challenges. However, DHS needs to continue implementing its Integrated Strategy for High Risk Management and maintain engagement with us to show measurable, sustainable progress in implementing corrective actions and achieving outcomes. In 2003, we designated implementing and transforming DHS as high risk because DHS had to transform 22 agencies—several with major management challenges—into one department. Further, failure to effectively address DHS’s management and mission risks could have serious consequences for U.S. national and economic security. Given the significant effort required to build and integrate a department as large and complex as DHS, our initial high-risk designation addressed the department’s implementation and transformation efforts to include associated management and programmatic challenges. At that time, we reported that the creation of DHS was an enormous undertaking that would take time to achieve, and that successfully transforming large organizations, even those undertaking less strenuous reorganizations, could take years to implement.

Over the past 14 years, the focus of this high-risk area has evolved in tandem with DHS’s maturation and evolution. The overriding tenet has consistently remained DHS’s ability to build a single, cohesive, and effective department that is greater than the sum of its parts—a goal that requires effective collaboration and integration of its various components and management functions. In 2007, in reporting on DHS’s progress since its creation, as well as in our 2009 high-risk update, we reported that DHS had made more progress in implementing its range of missions than its management functions—acquisition, information technology (IT), financial, and human capital—and that continued work was needed to address an array of management and programmatic challenges. As we reported in September 2011, DHS’s initial focus on mission implementation was understandable given the critical homeland security needs facing the nation after the department’s establishment, and the challenges posed by creating, integrating, and transforming it.[1]

As DHS continued to mature, and as we reported in our assessment of DHS’s progress and challenges in the 10 years following 9/11, we found that the department implemented key homeland security operations and achieved important goals in many areas to create and strengthen a foundation to reach its potential. For example, DHS developed strategic and operational plans to guide its efforts—such as the National Response Framework that outlines disaster response guiding principles—and successfully hired, trained, and deployed workforces, including the federal screening workforce to assume screening responsibilities at airports nationwide.

However, we also found that more work remained for DHS to address weaknesses in other areas of its operational and implementation efforts. For example, we reported in 2011 that DHS had not yet determined how to implement a biometric exit capability, had taken action to address a small portion of the estimated overstay population in the United States, and needed to strengthen efforts to assess national capabilities for all-hazards preparedness. We further reported that continuing weaknesses in implementing and integrating DHS’s management functions continued to affect the department’s implementation efforts.

Recognizing DHS’s progress in mission implementation and transformation, our 2011 high-risk update focused on the department’s continued need to strengthen and integrate its management functions. In our 2013 high-risk update, we found that DHS had made considerable progress in strengthening and integrating its management functions, but that challenges remained and progress was needed to mitigate the risks that management weaknesses posed to DHS’s ability to accomplish its mission and use its resources efficiently and effectively. Therefore, in 2013 we narrowed the scope of the high-risk area and changed the name from Implementing and Transforming the Department of Homeland Security to Strengthening Department of Homeland Security Management Functions to reflect this focus. In our 2015 high-risk update, we found that DHS’s top leadership had continued to demonstrate exemplary commitment to and support for addressing the department’s management challenges and that DHS had made important progress in strengthening its management functions. However, we also found that DHS continued to face significant management challenges that hindered its ability to achieve its missions and concluded that DHS needed to continue to demonstrate sustainable, measureable progress in addressing key challenges that remained within and across its management functions.


[1] GAO, Department of Homeland Security: Progress Made and Work Remaining in Implementing Homeland Security Missions 10 Years after 9/11, GAO-11-881 (Washington, D.C.: Sept. 7, 2011). This report addressed DHS’s progress in implementing its homeland security missions since it began operations, work remaining, and issues affecting implementation efforts. Drawing from more than 1,000 GAO reports and congressional testimony issued related to DHS programs and operations, and approximately 1,500 recommendations made to strengthen mission and management implementation, this report addressed progress and remaining challenges in such areas as border security and immigration, transportation security, and emergency management, among others.

Strengthening Department of Homeland Security Management Functions

DHS’s continued efforts to strengthen and integrate its acquisition, IT, financial, and human capital management functions have resulted in the department meeting three criteria for removal from the High-Risk List (leadership commitment, a corrective action plan, and a framework to monitor progress) and partially meeting the remaining two criteria (capacity and demonstrated, sustained progress). DHS’s top leadership, including the Secretary and Deputy Secretary of Homeland Security, has demonstrated exemplary commitment and support for addressing the department’s management challenges. For instance, the department’s Deputy Secretary, Under Secretary for Management, and other senior management officials have frequently met with us to discuss the department’s plans and progress, which serves as a model for senior-level engagement and helps ensure a common understanding of the remaining work needed to address our high-risk designation. Further, DHS established a framework for monitoring its progress in its Integrated Strategy for High Risk Management, in which it has included performance measures to track the implementation of key management initiatives since June 2012. In addition, since our 2015 high-risk update, DHS has strengthened its monitoring efforts for financial system modernization programs that are key to effectively supporting the department’s financial management operations, resulting in DHS meeting the monitoring criteria for the first time.

DHS has also issued updated versions of its Integrated Strategy for High Risk Management, demonstrating a continued focus on addressing this high-risk designation, and made important progress in identifying and putting in place the people and resources needed to resolve departmental management risks. The integrated strategy includes key management initiatives and related corrective action plans for achieving 30 outcomes, which we identified and DHS agreed are critical to addressing the challenges within the department’s management areas, and to integrating those functions across the department. DHS has continued to make important progress across all of its management functions, fully addressing 13 of these outcomes, 9 of which it has sustained as fully implemented for at least 2 years. For example, DHS fully addressed one outcome for the first time by demonstrating improvement in human capital management by linking workforce planning efforts to strategic and program planning efforts.

DHS also sustained full implementation of two other outcomes by obtaining a clean audit opinion on its financial statements for 4 consecutive fiscal years. Further, DHS has mostly addressed an additional eight outcomes, meaning that a small amount of work remains to fully address them. Considerable work remains, however, in several areas for DHS to fully achieve the remaining 17 outcomes and thereby strengthen its management functions. Addressing some of these outcomes, such as those pertaining to improving employee morale and modernizing the department’s financial management systems, are significant undertakings that will likely require multiyear efforts. DHS needs to make additional progress identifying and allocating resources in certain areas to sufficiently demonstrate that it has the capacity (that is, the people and resources) to achieve and sustain all 30 outcomes, as well as demonstrate additional sustainable and measurable progress in addressing key challenges that remain within and across these management functions.

Congress has taken a number of actions to support and oversee DHS’s progress in strengthening its management functions, including the following examples:

  • The National Defense Authorization Act for Fiscal Year 2017 includes a mandate that the DHS Under Secretary for Management report to us every 6 months to demonstrate measurable, sustainable progress made in implementing DHS’s corrective action plans to address the Strengthening DHS Management Functions high-risk area until we submit written notification of the area’s removal from the high-risk list to the appropriate congressional committees.[1] Similar provisions were included in the DHS Headquarters Reform and Improvement Act of 2015,[2] the DHS Accountability Act of 2016,[3] and the DHS Reform and Improvement Act.[4]
  • House Report 114-215, which accompanied H.R. 3128 (DHS appropriations bill for fiscal year 2016) and later became effective under the Consolidated Appropriations Act, 2016, includes mandates related to DHS’s financial management system modernization projects, which relate to three high-risk financial management outcomes.[5] Specifically, the committee directed GAO to assess the risks of DHS utilizing the Department of Interior’s Business Center (IBC), whether IBC is capable of expanding its services to additional federal agencies, and a comparison of the services and capabilities of federal and commercial shared service providers. In addition, the committee directed the DHS Office of the Chief Financial Officer to update the lifecycle cost estimate to reflect all contract awards and projected overall costs, including those for every component that plans to migrate to a federal shared service provider.
  • The Border Patrol Agent Pay Reform Act of 2014, enacted on December 18, 2014, includes a mandate related to cybersecurity workforce assessments, which relates to one human capital management outcome.[6] Specifically, DHS must identify all cybersecurity workforce positions and identify positions and areas of critical need.

Congress also held a number of oversight hearings related to addressing DHS’s management challenges:

  • U.S. Senate, Committee on Homeland Security and Governmental Affairs Hearing: DHS Management and Acquisition Reform. March 16, 2016.
  • U.S. House of Representatives, Committee on Homeland Security, Subcommittee on Oversight and Management Efficiency Hearing: Assessing DHS’s Performance: Watchdog Recommendations to Improve Homeland Security. February 26, 2015.
  • U.S. House of Representatives, Committee on Homeland Security Hearing: Preventing Waste, Fraud, Abuse and Mismanagement in Homeland Security – A GAO High-Risk List Review. May 7, 2014.
  • U.S. Senate, Committee on Homeland Security and Governmental Affairs Hearing: The Department of Homeland Security at 10 Years: A Progress Report on Management. March 21, 2013.

[1] Pub. L. No. 114-328, § 1903(b) (codified at 6 U.S.C. § 341(a)(11)).

[2] H.R.3572, 114th Cong. (as passed by House, Oct. 20, 2015).

[3] S. 2976, 114th Cong. § 101(b) (as reported by S. Comm. on Homeland Sec. and Gov’tal Affairs, June 28, 2016).

[4] H.R. 6381, 114th Cong. (2016).

[5] H.R. Rep. No. 114-215 (2015); Pub. L. No. 114-113, 129 Stat. 2242 (2015). The explanatory statement accompanying the Consolidated Appropriations Act, 2016, provided that House Report 114-215 carries the same weight as language included in the explanatory statement, unless specifically addressed to the contrary in the bill or the explanatory statement.

[6] Pub. L. No. 113-277, § 4,128 Stat. 2995, 3008-3010 (2014).

Additional Details on What GAO Found are in the full report.

In the coming years, DHS needs to continue implementing its Integrated Strategy for High Risk Management and maintain engagement with us to show measurable, sustainable progress in implementing corrective actions and achieving outcomes. In doing so, it will be important for DHS to

  • maintain its current level of top leadership support and sustained commitment to ensure continued progress in executing its corrective actions through completion;
  • continue to identify the people and resources necessary to make progress towards achieving outcomes, work to mitigate shortfalls and prioritize initiatives, as needed, and communicate to senior leadership critical resource gaps;
  • continue to implement its plan for addressing this high-risk area and periodically provide assessments of its progress to us and Congress;
  • closely track and independently validate the effectiveness and sustainability of its corrective actions, and make midcourse adjustments as needed; and
  • make continued progress in achieving the 17 outcomes it has not fully addressed and demonstrate that systems, personnel, and policies are in place to ensure that progress can be sustained over time.

We will continue to monitor DHS’s efforts in this high-risk area to determine if the outcomes are achieved and sustained over the long term. Further, in order to address the outcomes, DHS must implement our prior recommendations listed below.

  • DHS should address employee morale problems through comprehensively examining root causes and establishing clear metrics of success within DHS and its components’ action plans.
  • DHS should ensure that its Human Resources IT Program (HRIT), of which the Performance and Learning Management System is the primary active project, receives necessary oversight and attention by ensuring the HRIT Executive Steering Committee is consistently involved. DHS should also address HRIT’s poor progress and ineffective management by: (1) updating and maintaining a schedule estimate for when DHS plans to implement each of the strategic improvement opportunities; (2) developing a complete life-cycle cost estimate for the implementation of HRIT; (3) documenting and tracking all costs, including components’ costs, associated with HRIT; and (4) updating and maintaining the department’s human resources system inventory, among other things.
  • To more accurately communicate DHS’s funding plans for U.S. Coast Guard’s major acquisitions programs, DHS should ensure the funding plans presented to Congress are comprehensive and clearly account for all operations and maintenance funding DHS plans to allocate to each of the programs.
  • DHS should enhance its leadership’s ongoing efforts to improve the affordability of the department’s major acquisitions portfolio by requiring components to submit funding certification memorandums for all major acquisition programs that have not been reviewed at an Acquisition Decision Event; and convening Acquisition Review Boards to discuss affordability and make tradeoffs between cost, schedule, and performance, as necessary. In addition, DHS should ensure that the Fiscal Year 2017 Future Years Homeland Security Program report reflects the results of any tradeoffs stemming from the acquisition affordability reviews; and require components to establish formal, repeatable processes for addressing major acquisition affordability issues.
  • DHS’s Chief Information Officer should use accurate and reliable information, such as operational assessments of the new architecture and cost and schedule parameters approved by the Under Secretary of Management, to help ensure that assessments prepared by the Office of the Chief Information Officer in support of the department’s updates to the federal IT Dashboard more fully reflect the current status of the Transformation Program.
  • DHS should continue to work to address its IT mission critical skills gaps, such as those related to its cybersecurity workforce. Further, DHS needs to remediate the material weakness in information security controls reported by its financial statement auditor in fiscal year 2016 by effectively addressing weaknesses in controls related to access, configuration management, and segregation of duties.
  • DHS should ensure consistent, effective oversight of DHS’s acquisition programs and make the Comprehensive Acquisition Status Report (CASR) more useful by adjusting CASR to enable DHS to hold programs accountable for maintaining their cost, schedule, and performance data. For example, CASR could report an individual rating for each program’s cost, schedule, and technical risks, and the level at which the program’s life-cycle cost estimate was approved.
Looking for our recommendations? Click on any report to find each associated recommendation and its current implementation status.
  • portrait of Rebecca Gambler
    • Rebecca Gambler
    • Director, Homeland Security and Justice
    • gamblerr@gao.gov
    • (202) 512-8777