Port Security Grant Program:
Risk Model, Grant Management, and Effectiveness Measures Could Be Strengthened
GAO-12-47: Published: Nov 17, 2011. Publicly Released: Dec 19, 2011.
From fiscal years 2006 through 2010, the Department of Homeland Security (DHS) has awarded nearly $1.7 billion dollars to port areas through its Port Security Grant Program (PSGP) to protect critical maritime infrastructure and the public from terrorist attacks. The Federal Emergency Management Agency (FEMA)--a DHS component agency--is the agency responsible for distributing grant funds. GAO was asked to evaluate the extent to which DHS has (1) allocated PSGP funds in accordance with risk; (2) encountered challenges in administering the grant program and what actions, if any, DHS has taken to overcome these challenges; and (3) evaluated the effectiveness of the PSGP. To address these objectives, GAO reviewed the PSGP risk model, funding allocation methodology, grant distribution data, and program documents, such as PSGP guidance. Additionally, GAO interviewed DHS and port officials about grant processes, funding distribution, and program challenges, among other things.
In 2010 and 2011, PSGP allocations were based largely on port risk and determined through a combination of a risk analysis model and DHS implementation decisions. DHS uses a risk analysis model to allocate PSGP funding to port areas that includes all three elements of risk--threat, vulnerability, and consequence--and DHS made modifications to enhance the model's vulnerability element for fiscal year 2011. For example, DHS modified the vulnerability equation to recognize that different ports can have different vulnerability levels. However, the vulnerability equation is not responsive to changes in port security--such as the implementation of PSGP-funded security projects. Additionally, the vulnerability equation does not utilize the most precise data available in all cases. DHS addressed prior GAO recommendations for strengthening the vulnerability element of grant risk models, but the PSGP model's vulnerability measure could be further strengthened by incorporating the results of past security investments and by refining other data inputs. FEMA has faced several challenges in distributing PSGP grant funds, and FEMA has implemented specific steps to overcome these challenges. Only about one-quarter of awarded grant funding has been drawn down by grantees, and an additional one-quarter remains unavailable (see table below). Funding is unavailable--meaning that grantees cannot begin using the funds to work on projects--for two main reasons: federal requirements have not been met (such as environmental reviews), or the port area has not yet identified projects to fund with the grant monies. Several challenges contributed to funds being unavailable. For example, DHS was slow to review cost-share waiver requests--requests from grantees to forego the cost-share requirement. Without a more expedited waiver review process, grant applicants that cannot afford the cost-share may not apply for important security projects. Other challenges included managing multiple open grant rounds, complying with program requirements, and using an antiquated grants management system. FEMA has taken steps to address these challenges. For example FEMA and DHS have, among other things, increased staffing levels, introduced project submission time frames, implemented new procedures for environmental reviews, and implemented phase one of a new grants management system. However, it is too soon to determine how successful these efforts will be in improving the distribution of grant funds. FEMA is developing performance measures to assess its administration of the PSGP but it has not implemented measures to assess PSGP grant effectiveness. Although FEMA has taken initial steps to develop measures to assess the effectiveness of its grant programs, it does not have a plan and related milestones for implementing measures specifically for the PSGP. Without such a plan, it may be difficult for FEMA to effectively manage the process of implementing measures to assess whether the PSGP is achieving its stated purpose of strengthening critical maritime infrastructure against risks associated with potential terrorist attacks. GAO recommends that DHS strengthen its methodology for measuring vulnerability in ports by accounting for how past security investments reduce vulnerability and by using the most precise data available. GAO also recommends that DHS evaluate the cost-share waiver review process and take steps to expedite the process where appropriate and develop a plan with milestones for implementing performance measures for the PSGP. DHS concurred with GAO's recommendations.
- Review Pending
- Closed - implemented
- Closed - not implemented
Recommendations for Executive Action
Recommendation: To help strengthen the implementation and oversight of the PSGP, and to ensure that waiver requests--including those submitted under previous cost-share years in which money remains unassigned and those that may be submitted in future grant rounds if a cost-share requirement is applied--are evaluated promptly, the FEMA Administrator---in conjunction with the Office of the Secretary of Homeland Security should evaluate the waiver review process to identify sources of delay and take measures to expedite the process.
Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
Status: Closed - Implemented
Comments: On March 2, 2012, the Secretary of the Department of Homeland Security (DHS) signed a delegation to provide the Administrator of the Federal Emergency Management Agency (FEMA) with the authority to approve cost-share adjustments for Port Security Grants pursuant to section 102(a) of the Maritime Transportation Security Act of 2002 (Pub. L. No. 107-295). This action fulfills our recommendation because it resulted in an expedited review process for cost-share waiver requests. We reported that the cost-share waiver approval process in effect at the time of our review required 22 separate steps, a process that took 126 days to complete, on average. As a result of the Secretary delegating approval authority to the FEMA Administrator, 6 of the 22 review steps have been eliminated. This recommendation has been implemented.
Recommendation: To help strengthen the implementation and oversight of the PSGP, to strengthen DHS's methodology for measuring vulnerability in ports, and to improve the precision of grant allocations to high-risk port areas, the Secretary of Homeland Security should direct the FEMA Administrator to coordinate with the Coast Guard to determine the most precise data available to populate the data elements within the vulnerability index and to utilize these data as an interim measure, until a revised vulnerability index is developed.
Agency Affected: Department of Homeland Security
Status: Closed - Implemented
Comments: DHS concurred with our recommendation that FEMA coordinate with the Coast Guard to determine the most precise data available to populate the data elements within the vulnerability index and to utilize this data as an interim measure until a revised vulnerability index is developed. Specifically, DHS stated that FEMA will continue to coordinate with subject matter experts, including the Coast Guard, to determine the best data available for use in the vulnerability index. Further, DHS stated that FEMA and the Coast Guard will continue discussions regarding data elements to be used in future grant years, and that these meetings will focus on what data elements are currently available for use as an interim measure while additional enhancements to the vulnerability component are developed. This action should address the intent of the recommendation; however, the recommendation will remain open until such time that FEMA submits documentation to indicate that these meetings have occurred. In February 2013, FEMA provided an update to this recommendation. They noted that in FY12, in consultation with the USCG, FEMA updated its vulnerability component to incorporate not only Foreign Vessel Data but a count of vessels identified as High Interest Vessels (HIV). The High Interest Vessel Program uses a risk-based targeting tool that applies relative ranking based on maritime security concerns to designate non-U.S. vessels as an HIV. USCG provides the extract from the HIV Program on an annual basis for the PSGP risk analysis. Additionally, in FY12, FEMA also coordinated with USCG to discuss more appropriate options for defining PSGP port boundaries to more accurately capture vulnerabilities to ports. After discussion about the limitations of the single-point latitude and longitude port definitions used in previous iterations of the PSGP risk formula, FEMA and USCG decided to implement multiple-point latitude and longitude locations for each eligible PSGP port, derived from the United States Army Corps of Engineers (USACE) Master Docks Plus Public Extract database. This enhancement captures a more accurate measure of the people at risk from an attack on a vessel carrying hazardous materials within the HAZMAT Population data element. Based on these improvements to the model, this recommendation can be closed.
Recommendation: To help strengthen the implementation and oversight of the PSGP, to strengthen DHS's methodology for measuring vulnerability in ports, and to improve the precision of grant allocations to high-risk port areas, the Secretary of Homeland Security should direct the FEMA Administrator to develop a vulnerability index that accounts for how security improvements affect port vulnerability, and incorporate these changes into future iterations of the PSGP risk model.
Agency Affected: Department of Homeland Security
Comments: The Department of Homeland Security (DHS) concurred with our recommendation that it develop a vulnerability index that accounts for how security improvements affect port vulnerability, and incorporate these changes into future iterations of the Port Security Grant Program (PSGP) risk model. DHS stated that although incorporating the effects of completed security projects on vulnerability is complex, it remains a key goal of the PSGP risk methodology and is revisited annually. However, DHS did not provide details regarding its plan to implement this recommendation. As such, this recommendation will remain open until such time that FEMA demonstrates that it has modified the vulnerability index of the PSGP risk model to account for the effects of completed security projects. FEMA's February 2013 recommendation update noted that the agency remains committed to working with its partners, including USCG, to improve the measure of vulnerability within the PSGP risk methodology by capturing changes in port vulnerability due to the implementation of security enhancements. FEMA officials noted that they had worked with USCG and FEMA's National Preparedness Directorate's (NPD) National Preparedness Assessment Division (NPAD) to review existing assessments of port vulnerability and performance measurement data to determine if they are suitable for inclusion in the PSGP risk formula. However, FEMA officials stated that the ability to incorporate the effects of completed security projects on the vulnerability measure is complex and not currently achievable. This recommendation remains open.
Recommendation: To help strengthen the implementation and oversight of the PSGP, and to strengthen the administration, oversight, and internal controls of the PSGP, and to streamline processes, the Secretary of Homeland Security should direct the FEMA Administrator to develop---in collaboration with the Coast Guard---time frames and related milestones for implementing performance measures to monitor the effectiveness of the PSGP.
Agency Affected: Department of Homeland Security
Comments: DHS concurred with our recommendation that it develop time frames and related milestones for implementing performance measures to monitor the effectiveness of the PSGP. Specifically, DHS stated that FEMA's Grant Programs Directorate is in the process of developing external measures to determine how effective grantees are in managing and administering the grants and that these external measures would be completed by January 1, 2012. Further, DHS stated that FEMA is also developing performance objectives for core capabilities, as required by Presidential Policy Directive 8 and the new National Preparedness Goal, and will be reviewing all prevention and protection measures, including those for PSGP. Finally, DHS stated that FEMA's National Preparedness Directorate planned to work with GPD and the Coast Guard in fiscal year 2012 to develop some specific measures towards building and sustaining capabilities. We are awaiting an update from FEMA on the status of these efforts, which are important steps towards implementing this recommendation. This recommendation remains open.