Chemical, Biological, Radiological, and Nuclear Risk Assessments:

DHS Should Establish More Specific Guidance for Their Use

GAO-12-272: Published: Jan 25, 2012. Publicly Released: Jan 25, 2012.

Additional Materials:

Contact:

Stephen L. Caldwell
(202) 512-8777
jenkinswo@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

Since 2004, DHS’s use of its CBRN risk assessments to inform its CBRN response plans has varied, from directly influencing information in the plans to not being used at all. DHS guidance states that response planning and resource decisions should be informed by risk information. GAO’s analysis showed that DHS used its CBRN risk assessments to directly inform 2 of 12 CBRN response plans GAO identified because planners considered the risk assessments to be more accurate than earlier DHS planning assumptions. For another 7 of the 12 plans, DHS officials said that the assessments indirectly informed the plans by providing background information prior to plan development. However, GAO could not independently verify this because DHS officials could not document how the risk assessments influenced the information contained in the plans. GAO’s analysis found general consistency between the risk assessments and the plans. For the remaining 3 plans, DHS officials did not use the risk assessments to inform the plans; for 2 of the 3 plans DHS officials told GAO they were not aware of the assessments. DHS officials also noted that there was no departmental guidance on when or how the CBRN risk assessments should be used when developing such plans.

Since 2004, DHS’s use of its CBRN risk assessments to inform its CBRN-specific capabilities has varied, from directly impacting its capabilities to not being used at all. Of the 7 capabilities GAO reviewed, one was directly informed by the risk assessments; DHS used its biological agent risk assessments to confirm that its BioWatch program could generally detect the biological agents posing the greatest risk. For 5 of the 7 capabilities, DHS officials said they used the risk assessments along with other information sources to partially inform these capabilities. For example, DHS used its chemical agent risk assessments to determine whether its chemical detectors and the risk assessments were generally aligned for the highest risk agents. For 3 of these 5 capabilities, GAO could not independently verify that they were partially informed by the risk assessments because DHS officials could not document how the risk assessments influenced the capabilities. DHS did not use its CBRN risk assessments to inform the remaining CBRN capability because the assessments were not needed to meet the capability’s mission.

DHS and its components do not have written procedures to institutionalize their use of DHS’s CBRN risk assessments for CBRN response planning and capability investment decisions. Standards for internal control in the federal government call for written procedures to better ensure management’s directives are enforced. DHS does not have procedures that stipulate when and how DHS officials should use the department’s CBRN risk assessments to inform CBRN response planning and capability investment decisions, and GAO found variation in the extent to which they were used. DHS officials agree with GAO that without written procedures, the consistent use of the department’s CBRN risk assessments by DHS officials may not be ensured beyond the tenure of any given agency official. DHS could better help to ensure that its CBRN response plans and capabilities are consistently informed by the department’s CBRN risk assessments by establishing written procedures detailing when and how DHS officials should consider using the risk assessments to inform their activities.

Why GAO Did This Study

The 2001 anthrax attacks in the United States highlighted the need to develop response plans and capabilities to protect U.S. citizens from chemical, biological, radiological, and nuclear (CBRN) agents. Since 2004, the Department of Homeland Security (DHS) has spent at least $70 million developing more than 20 CBRN risk assessments. GAO was requested to assess, from fiscal year 2004 to the present, the extent to which DHS has used its CBRN risk assessments to inform CBRN response plans and CBRN capabilities, and has institutionalized their use. GAO examined relevant laws, Homeland Security Presidential Directives, an Executive Order, DHS guidance, and all 12 relevant interagency CBRN response plans developed by DHS. Based on a review of a United States governmentwide CBRN database and DHS interviews, among other things, GAO selected a nongeneralizable set of seven DHS capabilities used specifically for detecting or responding to CBRN incidents to identify examples of DHS’s use of its CBRN risk assessments. GAO also interviewed relevant DHS officials. This is a public version of a classified report that GAO issued in October 2011. Information DHS deemed sensitive or classified has been redacted.

What GAO Recommends

GAO recommends that DHS develop more specific guidance, including written procedures, that details when and how DHS components should consider using the department’s CBRN risk assessments to inform related response planning efforts and capability investment decision making. DHS agreed with the recommendation.

For more information, contact William O. Jenkins, Jr. at (202) 512-8777 or jenkinswo@gao.gov.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendation for Executive Action

    Recommendation: To better ensure the consistent use of DHS's CBRN risk assessments at the department's components and agencies, the Secretary of Homeland Security should establish more specific guidance, including written procedures, that details when and how DHS components should consider using the department's CBRN risk assessments to inform related response plan and capability investment decision making.

    Agency Affected: Department of Homeland Security

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Jun 27, 2014

    Jun 24, 2014

    Jun 23, 2014

    Jun 18, 2014

    Jun 16, 2014

    Jun 11, 2014

    Jun 10, 2014

    Jun 5, 2014

    Looking for more? Browse all our products here