This is the accessible text file for GAO report number GAO-10-210T 
entitled 'Financial Management Systems: DHS Faces Challenges to 
Successfully Consolidate Its Existing Disparate Systems' which was 
released on October 29, 2009. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Subcommittee on Management, Investigations, and Oversight, 
Committee on Homeland Security, House of Representatives: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 10:00 a.m. EDT: 

Thursday, October 29, 2009: 

Financial Management Systems: 

DHS Faces Challenges to Successfully Consolidate Its Existing Disparate 
Systems: 

Statement of Kay L. Daly, Director: 

Financial Management and Assurance: 

Nabajyoti Barkakati: 

Chief Technologist, Applied Research and Methods: 

Center for Technology and Engineering: 

DHS Financial Systems Consolidation: 

GAO-10-210T: 

GAO Highlights: 

Highlights of [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-10-
210T], a testimony to Subcommittee on Management, Investigations, and 
Oversight, Committee on Homeland Security, House of Representatives. 

Why GAO Did This Study: 

In June 2007, GAO reported that the Department of Homeland Security 
(DHS) had made little progress in integrating its existing financial 
management systems and made six recommendations focused on the need for 
DHS to define a departmentwide strategy and embrace disciplined 
processes. In June 2007, DHS announced its new financial management 
systems strategy, called the Transformation and Systems Consolidation 
(TASC) program. 

GAO’s testimony provides preliminary analysis of the status of its 
prior recommendations and whether there were additional issues 
identified that pose challenges to the successful implementation of the 
TASC program. GAO reviewed relevant documentation, such as the January 
2009 Request for Proposal and its attachments, and interviewed key 
officials to obtain additional information. 

GAO provided a draft report that this testimony is based on to DHS on 
September 29, 2009, for review and comment. After reviewing and 
considering DHS’ comments, GAO plans to finalize and issue the report 
including providing appropriate recommendations aimed at improving the 
department’s implementation of the TASC program. 

What GAO Found: 

GAO’s preliminary analysis shows that DHS has begun to take actions to 
implement four of the six recommendations made in the 200; however, 
none of these recommendations have been fully implemented. GAO 
recognizes that DHS cannot fully implement some of the recommendations 
aimed at reducing the risk in accordance with best practices until the 
contract for TASC is awarded. DHS has taken, but not completed, actions 
to (1) define its financial management strategy and plan, (2) develop a 
comprehensive concept of operations, (3) incorporate disciplined 
processes, and (4) implement key human capital practices and plans for 
such a systems implementation effort. DHS has not taken the necessary 
actions on the remaining two recommendations, to standardize business 
processes across the department, including applicable internal control, 
and to develop detailed consolidation and migration plans since DHS 
will not know the information necessary to develop these items until a 
contractor is selected. While some of the details of the department’s 
standardization of business processes and migration plans depend on the 
selected new system, DHS would benefit from performing critical 
activities, such as identifying all of its affected current business 
processes so that DHS can analyze how closely the proposed system will 
meet the department’s needs. 

GAO’s preliminary analysis during this review also identified two 
issues that pose challenges to the TASC program—DHS’ significant risks 
related to the reliance on contractors to define and implement the new 
system and the lack of independence of the contractor hired to perform 
the verification and validation (V&V) function for TASC. DHS plans to 
rely on the selected contractor to complete key process documents for 
TASC such as detailed documentation that governs activities such as 
requirements management, testing, data conversion, and quality 
assurance. The extent of DHS’ reliance on contractors to define and 
implement key processes needed by the TASC program, without the 
necessary oversight mechanisms to ensure that (1) the processes are 
properly defined and (2) effectively implemented, could result in 
system efforts plagued with serious performance and management 
problems. Further, GAO identified that DHS’ V&V contractor was not 
independent with regard to the TASC program. DHS management agreed that 
the V&V function should be performed by an entity that is technically, 
managerially, and financially independent of the organization in charge 
of the system development and/or acquisition it is assessing. 
Accordingly, DHS officials indicated that they have restructured the 
contract to address our concerns by changing the organization that is 
responsible for managing the V&V function. 

View [hyperlink, http://www.gao.gov/products/GAO-10-210T] or key 
components. For more information, contact Kay L. Daly at (202); 
Nabajyoti Barkakati (202) 512-4499. 

[End of section] 

Mr. Chairman and Members of the Subcommittee: 

Thank you for the opportunity to discuss the Department of Homeland 
Security's (DHS) current effort--the Transformation and Systems 
Consolidation (TASC) program--to implement a consolidated 
departmentwide financial management system. Since DHS began operations 
in March 2003, it has faced the daunting task of bringing together 22 
diverse agencies and developing an integrated financial management 
system. DHS officials have long recognized the need to integrate their 
financial management systems, which are used to account for over $40 
billion in annual appropriated funds. The department's prior effort, 
known as the Electronically Managing Enterprise Resources for 
Government Effectiveness and Efficiency (eMerge2) project,[Footnote 1] 
was expected to integrate financial management systems departmentwide 
and address existing financial management weaknesses. However, DHS 
officials terminated the eMerge2 project in December 2005, 
acknowledging that this project had not been successful. In June 2007, 
we reported[Footnote 2] the department had made little progress since 
December 2005 in integrating its existing financial management systems, 
and that, from an overall perspective, the decision to halt its eMerge2 
project was prudent. We made six recommendations focused on the need 
for DHS to define a departmentwide strategy and embrace disciplined 
processes to reduce risk to acceptable levels.[Footnote 3] 

In June 2007, DHS officials announced its new financial management 
systems strategy, called the TASC program. At that time, the TASC 
program was described as the migration of other DHS component systems 
to two existing financial management systems already in use at several 
components. After a bid protest was filed regarding the proposed 
approach, the TASC request for proposal was revised to acquire an 
integrated commercial off-the-shelf software (COTS) system to be 
implemented departmentwide. In January 2009 DHS issued its TASC request 
for proposal for the provision of an integrated financial, acquisition, 
and asset management commercial off-the-shelf software (COTS) system 
already in use at a federal agency to be implemented departmentwide. 
DHS is currently evaluating the proposals received and expects to award 
a contract in January 2010. 

Today, our testimony will focus on our preliminary observations related 
to our audit of (1) DHS' implementation of the six recommendations we 
made in June 2007, and (2) two issues that have surfaced that pose 
challenges to the TASC program. We have discussed the preliminary 
observations included in this testimony with DHS officials. To address 
these objectives, we reviewed the January 2009 request for proposal and 
its attachments, such as the Statement of Objectives and Solution 
Process Overview, to understand DHS' plans for implementing the TASC 
program. We also reviewed other available planning documents, such as 
the Acquisition Plan and the draft concept of operations, and 
determined the status of these plans and others to see if DHS had fully 
implemented our recommendations. We interviewed key officials from DHS' 
Office of the Chief Financial Officer and its Resource Management 
Transformation Office (RMTO), including its Director and Deputy 
Director for elaboration and to provide additional perspectives to the 
information contained in these documents. We also reviewed the 
Statement of Work for an independent verification and validation (IV&V) 
contractor and confirmed key information about this contract with the 
Director of RMTO. 

We recently provided our draft report, including recommendations, on 
the results of our audit to the Secretary of Homeland Security for 
review and comment. We plan to incorporate DHS' comments as appropriate 
and issue our final report as a follow-up to this testimony. We 
conducted this performance audit from March through October 2009 in 
accordance with generally accepted government auditing standards. Those 
standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe that 
the evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives. 

Background: 

Bid protests and related litigation have resulted in changes to DHS' 
approach for the TASC program and have contributed to a significant 
delay in awarding a contract. The initial TASC approach was to migrate 
its component systems to two financial management systems--Oracle 
Federal Financials and SAP--that were already in use by several DHS 
components.[Footnote 4] Figure 1 shows the key events that have 
occurred affecting the TASC program. One of these key events was the 
filing of a bid protest regarding DHS' initial TASC approach to migrate 
its components to two financial management systems already in use. DHS 
subsequently issued its January 2009 TASC request for proposal for the 
provision of an integrated financial, acquisition, and asset management 
COTS system already in use at a federal agency to be implemented 
departmentwide. A second bid protest was filed over this January 2009 
request for proposal and the U.S. Court of Federal Claims dismissed the 
protestor's complaint, allowing DHS to proceed with this request for 
proposal. However, the protestor filed an appeal of this dismissal in 
July 2009. DHS responded to the July 2009 appeal in September 2009 and 
DHS officials indicated that the protestor responded to DHS' response 
in October 2009. 

Figure 1: Key Events Affecting the TASC Program: 

[Refer PDF for image: chart] 

2007: A, S, O, N, D: 

8/07: DHS issued a request for proposal for managing the migration of 
DHS’ five different financial management software solutions to a shared 
system baseline (Oracle or SAP systems). 

10/07: DHS canceled the request for proposal because no offerors had 
submitted proposals. 

11/07: DHS issued a new, revised request for proposal with the same 
purpose as the 8/07 proposal.

2009: J, F, M, A, M, J, J, A, S, O, N, D:  

1/08: A financial services company, who was a potential offeror to DHS’ 
2007 request for proposal, filed a bid protest with the U.S. Court of 
Federal Claims.[A] 

3/08: The Court enjoined DHS from proceeding with the November 2007 
request for proposal until DHS conducted a “competitive procurement,” 
in accordance with the law.[B] 

9/08: DHS issued a notice concerning a new request for proposal to be 
issued shortly. 

10/08: DHS issued a draft of a new request for proposal for public 
comment. 

11/08: The original protestor filed a motion with the Court to enforce 
the March 2008 injunction.[C] 

2009: J, F, M, A, M, J, J, A, S, O: 

1/09: DHS issued a new TASC request for proposal for provision of “an 
integrated financial management, asset management and acquisition 
management systems solution and performance of TASC support services.”
[D] 

2/09: The original protestor filed a new bid protest with the Court, 
alleging that DHS violated the March 2008 injunction by proceeding with 
the January 2009 request for proposal. 

4/09: The Court dismissed the bid protestor’s complaint, which allowed 
DHS to proceed with its TASC request for proposal. 

7/09: The original protestor filed an appeal of the Court’s April 2009 
judgment. 

9/09: DHS responded to the July 2009 appeal. 

10/09: The protestor responded to the DHS September 2009 response. 

Source: DHS. 

[A] The offeror alleged that DHS had conducted an improper sole source 
procurement. 

[B] Under 28 U.S.C. § 1491(b), the U.S. Court of Federal Claims has 
jurisdiction to render judgments and award relief to an interested 
party objecting to a request for proposal issued by federal agencies. 
The U.S. Court of Federal Claims issued an order enjoining DHS from 
proceeding with this procurement until DHS conducted a competitive 
procurement, in accordance with the Competition in Contracting Act (41 
U.S.C. § 253), which generally requires executive agencies to procure 
property and services through the use of competitive procedures that 
allow for full and open competition. 

[C] The potential offeror filed a motion with the U.S. Court of Federal 
Claims alleging that DHS had violated the Court's March 2008 injunction 
against proceeding with the original request for proposal. 

[D] Unlike the first two TASC request for proposals, this request was 
issued to the public in anticipation of a new contract. The first two 
requests for proposals were issued only to awardees of existing 
indefinite delivery, indefinite quantity contracts with the expectation 
of awarding a task order under one of the existing contracts. 

[End of figure] 

DHS Has Made Limited Progress in Implementing Our Prior 
Recommendations: 

In June 2007, we made six recommendations[Footnote 5] to DHS to help 
the department reduce the risks associated with acquiring and 
implementing a departmentwide financial management system. Our 
preliminary analysis indicates that DHS has begun to take actions 
toward the implementation of four of the recommendations, as shown in 
table 1. However, all six recommendations remain open. We do recognize 
that DHS cannot fully implement all of our recommendations until a 
contract is awarded because of its selected acquisition approach. 

Table 1: DHS' Progress toward Addressing GAO's Recommendations: 

Recommendation: Clearly define and document a departmentwide financial 
management strategy and plan to move forward with its financial 
management system integration; 
Some actions taken. 

Recommendation: Develop a comprehensive concept of operations 
document;  
Some actions taken. 

Recommendation: Utilize and implement these specific disciplined 
processes to minimize project risk: (1) requirements management, (2) 
testing, (3) data conversion and system interfaces, (4) risk 
management, (5) configuration management, (6) project management, and 
(7) quality as; 
Some actions taken. 

Recommendation: Reengineer business processes and standardize them 
across the department, including applicable internal; 
No action taken. 

Recommendation: Develop a detailed plan for migrating and consolidating 
various DHS components to an internal shared services approach if this 
approach is sustained. 
No action taken. 

Recommendation: Carefully consider key human capital practices as DHS 
moves forward with its financial management transformation efforts so 
that the right people with the right skills are in place at the right 
time; 
Some actions taken. 

Source: GAO analysis of DHS information. 

[End of table] 

DHS Faces Significant Challenges To Implement Its Financial Management 
Strategy and Plan: 

DHS has developed certain elements for its financial management 
strategy and plan for moving forward with its financial system 
integration efforts but it faces significant challenges in completing 
and implementing its strategy. DHS has defined its vision for the TASC 
program, which is to consolidate and integrate departmentwide mission- 
essential financial, acquisition, and asset management systems, by 
providing a seamless, real-time, web-based system to execute mission- 
critical end-to-end integrated business processes. DHS has also 
established several major program goals for TASC which include, but are 
not limited to: 

* creating and refining end-to-end standard business processes and a 
standard line of accounting, 

* supporting timely, complete, and accurate financial management and 
reporting, 

* enabling DHS to acquire goods and services of the best value that 
ensure that the department's mission and program goals are met, and: 

* enabling consolidated asset management across all components. 

DHS officials stated that this system acquisition is expected to take a 
COTS-based system already configured and being used at a federal agency 
as a starting point for its efforts. This approach is different than 
other financial management system implementation efforts reviewed by 
GAO where an agency acquired a COTS product and then performed the 
actions necessary to configure the product to meet the agency's 
specific requirements.[Footnote 6] 

Our review found that the strategy being taken by DHS does not contain 
the elements needed to evaluate whether the acquired system will 
provide the needed functionality or meet users' needs. For example, it 
does not require DHS to (1) perform an analysis of the current 
processes to define the user requirements to be considered when 
evaluating the various systems, (2) perform a gap analysis[Footnote 7] 
before the system is selected[Footnote 8] and (3) assess the extent to 
which the COTS-based system used at another agency has been customized 
for the respective federal entities. Studies have shown that when an 
effective gap analysis was not performed, program offices and 
contractors later discovered that the selected system lacked essential 
capabilities. Furthermore, adding these capabilities required expensive 
custom development, and resulted in cost and schedule overruns that 
could have been avoided.[Footnote 9] Without a comprehensive strategy 
and plan that considers these issues, DHS risks implementing a 
financial management system that will be unnecessarily costly to 
maintain. 

DHS Has Recently Developed a Concept of Operations for the TASC 
Program: 

The January 2009 request for proposal states that the selected 
contractor will be required to provide a concept of operations for 
TASC. This concept of operations is expected to provide an operational 
view of the new system from the end users' perspective and outline the 
business processes as well as the functional and technical architecture 
for their proposed systems. On October 21, 2009, DHS provided us with a 
concept of operations for the TASC program that we have not had the 
opportunity to fully evaluate to assess whether it comprehensively 
describes the new system's operations and characteristics. According to 
DHS officials, this concept of operations document was prepared in 
accordance with the Institute of Electrical and Electronics Engineers 
(IEEE) standards.[Footnote 10] However, it is unclear how the DHS- 
prepared concept of operations document will relate to the selected 
contractor's concept of operations document called for in the request 
for proposal. 

According to the IEEE standards, a concept of operations is a user- 
oriented document that describes the characteristics of a proposed 
system from the users' viewpoint. A concept of operations document also 
describes the operations that must be performed, who must perform them, 
and where and how the operations will be carried out. The concept of 
operations for TASC should, among other things: 

* define how DHS' day-to-day financial management operations are and 
will be carried out to meet mission needs; 

* clarify which component and departmentwide systems are considered 
financial management systems; 

* include a transition strategy that is useful for developing an 
understanding of how and when changes will occur; 

* develop an approach for obtaining reliable information on the costs 
of its financial management systems investments; and: 

* link DHS' concept of operations for the TASC program to its 
enterprise architecture. 

A completed concept of operations prior to issuance of the request for 
proposal would have benefited the vendors in developing their proposals 
so that they could identify and propose systems that more closely align 
with DHS' vision and specific needs. 

DHS Has Not Fully Incorporated Disciplined Processes into the TASC 
Program: 

While DHS has draft risk management, project management, and 
configuration management plans, DHS officials told us that other key 
plans relating to disciplined processes generally considered to be best 
practices will not be completed until after the TASC contract is 
awarded. These other plans include the requirements 
management,[Footnote 11] data conversion and system 
interfaces,[Footnote 12] quality assurance, and testing plans.[Footnote 
13] Offerors were instructed in the latest request for proposal to 
describe their testing, risk management, and quality assurance 
approaches as well as component migration and training approaches. The 
approaches proposed by the selected contractor will become the basis 
for the preparation of these plans. While we recognize that the actual 
development and implementation of these plans cannot be completed until 
the TASC contractor and system have been selected, it will be critical 
for DHS to ensure that these plans are completed and effectively 
implemented prior to moving forward with the implementation of the new 
system. 

Disciplined processes represent best practices in systems development 
and implementation efforts that have been shown to reduce the risks 
associated with software development and acquisition efforts to 
acceptable levels and are fundamental to successful system 
implementations. The key to having a disciplined system development 
effort is to have disciplined processes in multiple areas, including 
project planning and management, requirements management, configuration 
management, risk management, quality assurance, and testing. Effective 
processes should be implemented in each of these areas throughout the 
project life cycle because change is constant. Effectively implementing 
the disciplined processes necessary to reduce project risks to 
acceptable levels is hard to achieve because a project must effectively 
implement several best practices, and inadequate implementation of any 
one may significantly reduce or even eliminate the positive benefits of 
the others. 

DHS Has Not Yet Identified All Business Processes Needing Reengineering 
and Standardization Across the Department: 

Although, DHS has identified nine end-to-end business 
processes[Footnote 14] that will be addressed as part of the TASC 
program, the department has not yet identified all of its existing 
business processes that will be reengineered and standardized as part 
of the TASC program. It is important for DHS to identify all of its 
business processes so that the department can analyze the offerors' 
proposed systems to assess how closely each of these systems aligns 
with DHS' business processes. Such an analysis would position DHS to 
determine whether a proposed system would work well in its future 
environment or whether the department should consider modifying its 
business processes. Without this analysis, DHS will find it challenging 
to assess the difficulties of implementing the selected system to meet 
DHS' unique needs. 

For the nine processes identified, DHS has not yet begun the process of 
reengineering and standardizing those processes. DHS has asked offerors 
to describe their proposed approaches for the standardization of these 
nine processes to be included in the TASC system. According to an 
attachment to the TASC request for proposal, there will be additional 
unique business processes or sub-processes, beyond the nine standard 
business processes identified, within DHS and its components that also 
need to be supported by the TASC system. For DHS' implementation of the 
TASC program, reengineering and standardizing these unique business 
processes and sub-processes will be critical because the department was 
created from 22 agencies with disparate processes. A standardized 
process that addresses, for example, the procurement processes at the 
U.S. Coast Guard, Federal Emergency Management Agency (FEMA), and the 
Secret Service, as well as the other DHS components, is essential when 
implementing the TASC system and will be useful for training and the 
portability of staff. 

DHS Has Not Yet Developed Plans for Migrating the New System to its DHS 
Components: 

Although DHS officials have stated that they plan to migrate the new 
system first to its smaller components and have recently provided a 
high-level potential approach it might use, DHS has not outlined a 
conceptual approach or plan for accomplishing this goal throughout the 
department. Instead, DHS has requested that TASC offerors describe 
their migration approaches for each of the department's components. 

While the actual migration approach will depend on the selected system 
and events that occur during the TASC program implementation, critical 
activities include (1) developing specific criteria requiring component 
agencies to migrate to the new system rather than attempting to 
maintain legacy business; (2) defining and instilling new values, 
norms, and behaviors within component agencies that support new ways of 
doing work and overcoming resistance t; (3) building consensus among 
customers and stakeholders on specific changes designed to better meet 
the; and (4) planning, testing, and implementing all aspects of the 
migration of the new system. For example, a critical part of a 
migration plan for the new system would describe how DHS will ensure 
that the data currently in legacy systems is fully prepared to be 
migrated to the new system. 

An important element of a migration plan is the prioritizing of the 
conversion of the old systems to the new systems. For example, a FEMA 
official stated that the component has not replaced its outdated 
financial management system because it is waiting for the 
implementation of the TASC program. However, in the interim, FEMA's 
auditors are repeatedly reporting weaknesses in its financial systems 
and reporting, an important factor to be considered by DHS when 
preparing its migration plan. Because of the known weaknesses at DHS 
components, it will important for DHS to prioritize its migration of 
components to the new system and address known weaknesses prior to 
migration where possible. Absent a comprehensive migration strategy, 
components within DHS may seek other financial management systems to 
address their existing weaknesses. This could result in additional 
disparate financial management systems instead of the integrated 
financial management system that DHS needs. 

DHS Has Begun Hiring, But Has Not Developed a Human Capital Plan for 
the TASC Program: 

While DHS' RMTO has begun recruiting and hiring employees and 
contractors to help with the TASC program, the department has not 
identified the gaps in needed skills for the acquisition and 
implementation of the new system. DHS officials have said that the 
department is unable to determine the adequate staff levels necessary 
for the full implementation of the TASC program because the integrated 
system is not y; however, as of May 2009, the department had budgeted 
72 full-time equivalents (FTE)[Footnote 15] for fiscal year 2010. The 
72 FTEs include 38 government employees and 34 contract employees, 
(excluding an IV&V contractor). DHS officials told us that this level 
of FTEs may be sufficient for the first deployments of the new system. 

According to RMTO officials, as of August 2009, RMTO had 21 full-time 
federal employees with expertise in project management, financial 
business processes, change management, acquisition management, business 
intelligence, accounting services, and systems engineering. In 
addition, RMTO officials stated that there are seven contract workers 
supporting various aspects of the TASC program. RMTO also utilizes the 
services of the Office of the Chief Financial Officer and component 
staff. According to RMTO officials, some of DHS' larger components, 
such as Immigration and Customs Enforcement have dedicated staff to 
work on the TASC program. 

Many of the department's past and current difficulties in financial 
management and reporting can be attributed to the original stand-up of 
a large, new, and complex executive branch agency without adequate 
organizational expertise in financial management and accounting. Having 
sufficient human resources with the requisite training and experience 
to successfully implement a financial management system is a critical 
success factor for the TASC program. 

Planned TASC Implementation Efforts Pose Unnecessary Risks: 

While updating the status of the six prior recommendations, we 
identified two issues that pose unnecessary risks to the success of the 
TASC program. These risks are DHS' significant reliance on contractors 
to define and implement the new system and the lack of independence of 
DHS' V&V function[Footnote 16] for the TASC program. 

Significant Reliance Placed on Contractors to Define and Implement the 
TASC Program: 

The department plans to have the selected contractor prepare a number 
of key documents including plans needed to carry out disciplined 
processes, define additional business processes to be standardized, and 
propose a migration approach. However, DHS has not developed the 
necessary contractor oversight mechanisms to ensure that its 
significant reliance on contractors for the TASC program does not 
result in an unfavorable outcome. 

Work with other systems acquisition and implementation efforts have 
shown that placing too much reliance on contractors can result in 
systems efforts plagued with serious performance and management 
problems. For example, DHS' Office of Inspector General (OIG) recently 
reported[Footnote 17] that the U.S. Customs and Border Protection (CBP) 
had not established adequate controls and effective oversight of 
contract workers responsible for providing Secure Border Initiative 
(SBI) program support services. Given the department's aggressive SBI 
program schedule and shortages of program managers and acquisition 
specialists, CBP relied on contractors to fill the staffing needs and 
get the program underway. However, CBP had not clearly distinguished 
between roles and responsibilities that were appropriate for 
contractors and those that must be performed by government employees. 
CBP also had not provided an adequate number of contracting officer's 
technical representatives (COTR) to oversee support services 
contractors' performance. As a result, according to the OIG report, 
contractors were performing functions that should have been performed 
by government workers. According to the OIG, this heavy reliance on 
contractors increased the risk of CBP relinquishing its 
responsibilities for SBI program decisions to support contractors, 
while remaining responsible and accountable for program outcomes. 

Verification and Validation (V&V) Review Function for the TASC Program 
Was Not Independent: 

DHS' V&V contractor was not an independent reviewer because RMTO was 
responsible for overseeing the contractor's work and authorizing 
payment of the V&V invoices. On October 21, 2009, DHS officials 
indicated that they have restructured the V&V contract to address our 
concerns by changing the reporting relationship and the organization 
that is responsible for managing the V&V contract. Under the previous 
arrangement, the V&V contractor was reporting on work of the RMTO, the 
program manager for the TASC program and the RMTO Director was serving 
as the COTR[Footnote 18] for the V&V contract. As part of the COTR's 
responsibilities, RMTO approved the V&V contractor's invoices for 
payment. The independence of the V&V contractor is a key component to a 
reliable verification and validation function. 

Use of the V&V function is a recognized best practice for large and 
complex system development and acquisition projects, such as the TASC 
program. The purpose of the V&V function is to provide management with 
objective insight into the program's processes and associated work 
products. For example, the V&V contractor would review system strategy 
documents that provide the foundation for the system development and 
operations. According to industry best practices, the V&V activity 
should be independent of the project and report directly to senior 
management to provide added assurance that reported results on the 
project's status are unbiased.[Footnote 19] An effective V&V review 
process should provide an objective assessment to DHS management of the 
overall status of the project, including a discussion of any existing 
or potential revisions to the project with respect to cost, schedule, 
and performance. The V&V reports should identify to senior management 
the issues or weaknesses that increase the risks associated with the 
project or portfolio so that they can be promptly addressed. DHS 
management has correctly recognized the importance of such a function 
and advised us that they have taken prompt steps so that the V&V 
function is now being overseen by officials in DHS' Office of the Chief 
Information Officer. It is important that V&V is technically, 
managerially, and financially independent of the organization in charge 
of the system development and/or acquisition it is assessing. 

In conclusion, Mr. Chairman, six years after the department was 
established, DHS has yet to implement a departmentwide, integrated 
financial management system. DHS has started, but not completed 
implementation of the six recommendations we made in June 2007, aimed 
at helping the department to reduce risk to acceptable levels, while 
acquiring and implementing an integrated departmentwide financial 
management system. The open recommendations from our prior report 
continue to be vital to the success of the TASC program. In addition, 
as DHS moves toward acquiring and implementing a departmentwide 
financial management system, it has selected a path whereby it is 
relying heavily on contractors to define and implement the TASC 
program. Therefore, adequate DHS oversight of key elements of the 
system acquisition and implementation will be critical to reducing 
risk. Given the approach that DHS has selected, it will be paramount 
that DHS develop oversight mechanisms to minimize risks associated with 
contractor-developed documents such as the migration plans, and plans 
associated with a disciplined development effort including requirements 
management plans, quality assurance plans, and testing plans. DHS faces 
a monumental challenge in consolidating and modernizing its financial 
management systems. Failure to minimize the risks associated with this 
challenge could lead to acquiring a system that does not meet cost, 
schedule, and performance goals. 

To that end, our draft report includes specific recommendations, 
including a number of actions that, if effectively implemented, should 
mitigate the risks associated with DHS' heavy reliance on contractors 
for acquiring and implementing an integrated departmentwide financial 
management system. In addition, we also recommended that DHS designate 
a COTR for the IV&V contractor that is not in RMTO, but at a higher 
level of departmental management, in order to achieve the independence 
needed for the V&V function. As discussed earlier, DHS officials 
advised us that they have already taken steps to address this 
recommendation and we look forward to DHS expeditiously addressing our 
other recommendations too. 

Mr. Chairman, this completes our prepared statement. We would be happy 
to respond to any questions you or other Members of the Subcommittee 
may have at this time. 

GAO Contacts: 

For more information regarding this testimony, please contact Kay L. 
Daly, Director, Financial Management and Assurance, at (202) 512-9095 
or dalykl@gao.gov, or Nabajyoti Barkakati, Chief Technologist, at (202) 
512-4499 or barkakatin@gao.gov. Contact points for our Offices of 
Congressional Relations and Public Affairs may be found on the last 
page of this testimony. In addition to the contacts name above, other 
team members include John C. Martin, Senior Level Tech; Chanetta R. 
Reed, Assistant; and Sandra Silzer, Auditor-in- Charge. 

[End of section] 

Footnotes:  

[1] The eMerge2 project was expected to establish the strategic 
direction for migration, modernization, and integration of DHS' 
financial, accounting, procurement, personnel, asset management, and 
travel systems, processes, and policies. 

[2] GAO, Homeland Security: Departmentwide Integrated Financial 
Management Systems Remain a Challenge, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-536] (Washington, D.C.: June 
2; and GAO, Homeland Security: Transforming Departmentwide Financial 
Management Systems Remains a Challenge, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-1041T] (Washington, D.C.: June 
28, 2007). 

[3] The use of the term "acceptable levels" acknowledges the fact that 
any systems acquisition has risks and can suffer the adverse 
consequences associated with defects. 

[4] Oracle Federal Financials was already in use within the U.S. Coast 
Guard, the Transportation Security Administration, and the Domestic 
Nuclear Detection Office. SAP was already in use within the U.S. 
Customs and Border Protection. 

[5] [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-536]. 

[6] GAO, Business Modernization: Improvements Needed in Management of 
NASA's Integrated Financial Management Program, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-03-507] (Washington, D.C.: April 
3; and GAO, DOD Business Systems Modernization: Navy ERP Adherence to 
Best Business Practices Critical to Avoid Past Failures, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-05-858] (Washington, D.C.: Sept. 
29, 2005). 

[7] A gap analysis is an evaluation performed to identify the gaps 
between needs and system capabilities. 

[8] Software Engineering Institute, Rules of Thumb for the Use of COTS 
Products, CMU/SEI-2002-TR-032 (Pittsburgh, PA: December 2002). 

[9] U.S. Department of Defense, Commercial Item Acquisition: 
Considerations and Lessons Learned (Washington, D.C.: June 26, 2000). 

[10] IEEE Guide for Information Technology - System Definition - 
Concept of Operations (ConOps) Document, Standard 1362-1998. 

[11] According to the Software Engineering Institute, requirements 
management is a process that establishes a common understanding between 
the customer and the software project manager regarding the customer's 
business needs that will be addressed by a project. A critical part of 
this process is to ensure that the requirements development portion of 
the effort documents, at a sufficient level of detail, the problems 
that need to be solved and the objectives that need to be achieved. 

[12] Data conversion is defined as the modification of existing data to 
enable it to operate with similar functional capability in a different 
environment. 

[13] Testing is the process of executing a program with the intent of 
finding errors. 

[14] These nine processes are Request to Procure, Procure to Pay, 
Acquire to Dispose, Bill to Collect, Record to Report, Budget 
Formulation to Execution, Grants Management, Business Intelligence 
Reporting, and Reimbursable Management. 

[15] According to OMB guidance, an FTE or work year generally includes 
260 compensable days or 2,080 hours. These hours include straight-time 
hours only and exclude overtime and holiday hours. 

[16] Institute of Electrical and Electronics Engineers Standard 1012- 
2004--Standard for Software Verification and Validation (June 8, 2005) 
states that the verification and validation processes for projects are 
used to determine whether (1) the products of a given activity conform 
to the requirements of that activity and (2) the software satisfies its 
intended use and user needs. This determination may include analyzing, 
evaluating, reviewing, inspecting, assessing, and testing software 
products and processes. The verification and validation processes 
should assess the software in the context of the system, including the 
operational environment, hardware, interfacing software, operators, and 
users. 

[17] Department of Homeland Security, Office of Inspector General, 
Better Oversight Needed of Support Services Contractors in Secure 
Border Initiative Programs, OIG-09-80 (Washington, D.C.: June 17, 
2009). 

[18] COTRs are responsible for monitoring the contractor's progress in 
fulfilling the technical requirements specified in the contract. COTRs 
often approve invoices submitted by contractors for payment. 

[19] To provide this objective evidence, V&V contractors analyze, 
evaluate, review, inspect, assess, and test software products and 
processes. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: