This is the accessible text file for GAO report number GAO-13-478T entitled 'Information Technology: DHS Needs to Enhance Management of Major Investments' which was released on March 19, 2013. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony before the Subcommittee on Oversight and Management Efficiency, Committee on Homeland Security, House of Representatives: For release on delivery: Expected at 2:00 p.m. EDT: Tuesday, March 19, 2013: Information Technology: DHS Needs to Enhance Management of Major Investments: GAO-13-478T: GAO Highlights: Highlights of GAO-13-478T, a testimony before the Subcommittee on Oversight and Management Efficiency, Committee on Homeland Security, House of Representatives. Why GAO Did This Study: DHS has responsibility for the development and operation of the IT systems for the agencies and offices under its jurisdiction that are key to, among other things, securing the nation’s borders and enforcing immigration laws. DHS reported having 363 such IT investments. Of these investments, 68—-with budgeted annual costs of about $4 billion-—were under development and classified by DHS as a “major” investment requiring special management attention because of its mission importance. GAO was asked to testify on the progress DHS has made and challenges it faces in meeting cost and schedule commitments for its major IT investments, including those for Customs and Border Protection, Immigration and Customs Enforcement, and U.S. Citizenship and Immigration Services. Specifically, GAO was asked to focus on its September 2012 report that determined (1) the extent to which DHS investments are meeting their cost and schedule commitments, (2) the primary causes of any commitment shortfalls, and (3) the adequacy of DHS’s efforts to address these shortfalls and their associated causes. What GAO Found: Approximately two-thirds of the Department of Homeland Security’s (DHS) major IT investments were meeting their cost and schedule commitments. Specifically, out of 68 major IT investments in development, 47 were meeting cost and schedule commitments. The remaining 21—-which DHS had estimated to cost about $1 billion—-had one or more subsidiary projects that were not meeting cost and/or schedule commitments (i.e., they exceeded their goals by at least 10 percent, which is the level at which the Office of Management and Budget (OMB) considers projects to be at increased risk of not being able to deliver planned capabilities on time and within budget.) The primary causes for the cost and schedule shortfalls were (in descending order of frequency): * inaccurate preliminary cost and schedule estimates, * technical issues in the development phase, * changes in agency priorities, * lack of understanding of user requirements, and, * dependencies on other investments that had schedule shortfalls. Eight of the investments had inaccurate cost and schedule estimates. For example, DHS’s Critical Infrastructure Technology investment had a project where actual costs were about 16 percent over the estimated cost, due in part to project staff not fully validating cost estimates before proceeding with the project. In addition, six investments had technical issues in the development phase that caused cost or schedule slippages. For example, DHS’s Land Border Integration investment had problems with wireless interference at certain sites during deployment of handheld devices used for scanning license plates, which caused a project to be more than 2 months’ late. DHS often did not adequately address cost and schedule shortfalls and their causes. GAO’s investment management framework calls for agencies to develop and document corrective efforts to address underperforming investments and DHS policy requires documented corrective efforts when investments experience cost or schedule variances. Although 12 of the 21 investments with shortfalls had defined and documented corrective efforts, the remaining 9 had not. Officials responsible for 3 of the 9 investments said they took corrective efforts but were unable to provide plans or any other related documentation showing such action had been taken. Officials for the other 6 investments cited criteria in DHS’s policy that excluded their investments from the requirement to document corrective efforts. This practice is inconsistent with the direction of OMB guidance and related best practices that stress developing and documenting corrective efforts to address problems in such circumstances. Until DHS addresses its guidance shortcomings and ensures each of these underperforming investments has defined and documented corrective efforts, these investments are at risk of continued cost and schedule shortfalls. What GAO Recommends: In its report, GAO recommended that the Secretary of Homeland Security direct the appropriate officials to address guidance shortcomings and develop corrective actions for all major IT investment projects having cost and schedule shortfalls. In commenting on a draft of the report, DHS concurred with GAO’s recommendations. View [hyperlink, http://www.gao.gov/products/GAO-13-478T]. For more information, contact David A.Powner at (202) 512-9286 or pownerd@gao.gov. [End of section] March 19, 2013: Chairman Duncan, Ranking Member Barber, and Members of the Subcommittee, I am pleased to be here today to discuss our past work examining the Department of Homeland Security's (DHS) progress and challenges in acquiring, developing, and managing the information technology investments and systems used by its agencies and offices, including those used by U.S. Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), and U.S. Citizenship and Immigration Services (USCIS). Since its creation in 2002, DHS has spent billions of dollars on IT infrastructure used to fulfill its mission to ensure a homeland that is safe, secure, and resilient against terrorism and other hazards. We recently reported[Footnote 1] that, during fiscal year 2012, DHS planned to spend about $5.6 billion on approximately 363 ongoing IT investments. Of these 363 investments, 68 were under development and were classified by DHS as a 'major' investment[Footnote 2] that required special management attention because of its importance to the department's mission. My testimony today focuses on the key findings of that work, including (1) the extent to which DHS investments are meeting their cost and schedule commitments, (2) the primary causes of any commitment shortfalls, and (3) the adequacy of DHS's efforts to address these shortfalls and their associated causes. This statement is based on our report of September 2012. In that report, we discussed how each of the 68 major investments was performing against its cost and schedule commitments as reported by the department to the Office of Management and Budget (OMB). We also reviewed project plans and related documentation and interviewed responsible DHS officials to identify the primary causes for the shortfalls and whether any corrective efforts had been developed and documented to address the shortfalls. We conducted the performance audit from October 2011 to September 2012 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. Background: DHS spends billions of dollars each year on IT investments to perform both mission-critical and support functions that frequently must be coordinated among components and external entities. Of the $5.6 billion that DHS planned to spend on 363 IT-related investments in fiscal year 2012, $4.4 billion was planned for the 83 the agency considers to be a major investment; namely, costly, complex, and/or mission critical. Of these 83 major IT investments, 68 are under development and were estimated to cost approximately $4 billion for fiscal year 2012. Examples of major investments under development that are being undertaken by DHS and its components include: * CBP--The Automated Commercial Environment/International Trade Data System is to incrementally replace existing cargo processing technology systems with a single system for land, air, rail, and sea cargo and serve as the central data collection system for federal agencies needing access to international trade data in a secure, paper-free, web-enabled environment. * ICE and CBP--TECS Modernization is to replace the legacy mainframe system developed by the U.S. Customs Service in the 1980s to support its inspections and investigations. Following the creation of DHS, those activities were assigned to CBP and ICE, respectively. CBP and ICE are now working to modernize their respective portions of the system in a coordinated effort with separate funding and schedules. For example, ICE's portion of the investment will include modernizing the investigative case management and related support modules of the legacy system. We have previously reported on the cost and schedule challenges associated with major DHS IT investments, such as those with CBP's Secure Border Network (SBInet) and NPPD's United States Visitor and Immigrant Status Indicator Technology (US-VISIT).[Footnote 3] In these reports, we made recommendations to address these challenges and keep these investments on schedule and within cost. DHS Met Cost and Schedule Commitments for Most Major IT Investments: The success of major IT investments are judged by, among other things, the extent to which they deliver promised system capabilities and mission benefits on time and within cost. Our research in best practices and extensive experience working with federal agencies and Office of Management and Budget (OMB) guidance stress the importance of federal IT investments meeting cost and schedule milestones. Approximately two-thirds of DHS's IT investments met their cost and schedule commitments; the remaining one-third had at least one subsidiary project that was not meeting its commitments. Specifically, out of the 68 major investments under development, 47 were meeting their cost and schedule commitments. The remaining 21 investments--which totaled about $1 billion as of March 2012--had one or more subsidiary projects that were not meeting cost and/or schedule commitments (i.e., they had exceeded their goals by at least 10 percent, which is the level at which OMB considers projects to be at an increased risk of not being able to deliver planned capabilities on time and within budget.) Table 1 lists the major investments with a cost and/or schedule shortfall. Specifically, of the 21 investments with a shortfall, 5 had one or more subsidiary project with a cost shortfall, 18 had one or more project with a schedule shortfall, and 2 had a project with both a cost and schedule shortfall. These shortfalls place these investments at increased risk of not delivering promised capabilities on time and within budget, which, in turn, pose a risk to DHS's ability to fully meet its mission of securing the homeland. Table 1: DHS Major IT Investments with Cost and Schedule Shortfalls: Component: CBP: Investment: Automated Commercial Environment/International Trade Data System; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $124.26 million. Investment: Land Border Integration; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $20.9 million. Investment: Non-intrusive Inspection Systems Program; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $332.3 million. Investment: Northern Border, Remote Video Surveillance System; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $8.2 million. Investment: TECS Modernization; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $43.03 million. Component: DHS Office of the Chief Information Officer: Investment: Human Resources IT; One or more projects with a cost shortfall: [Check]; One or more projects with a schedule shortfall: [Empty]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $8.52 million. Component: FEMA: Investment: Disaster Assistance Improvement Plan; One or more projects with a cost shortfall: [Check]; One or more projects with a schedule shortfall:[Check]; One or more projects with a cost and schedule shortfall: [Check]; Total planned project cost[A]: $50.5 million. Component: ICE: Investment: Detention and Removal Operations Modernization; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $8.62 million. Component: NPPD: Investment: Critical Infrastructure Technology and Architecture; One or more projects with a cost shortfall: [Check]; One or more projects with a schedule shortfall: [Empty]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $20.55 million. Investment: Infrastructure Security Compliance-Chemical Security Assessment Tool; One or more projects with a cost shortfall: [Check]; One or more projects with a schedule shortfall: [Empty]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $72.76 million. Investment: National Cybersecurity Protection System; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $262.6 million. Investment: Next Generation Networks Priority Services; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: 63.06 million. Investment: US-VISIT: Arrival and Departure Information System; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $7.18 million. Investment: US-VISIT: Automated Biometric Identification System; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $33.24 million. Component: TSA: Investment: Air Cargo Security; One or more projects with a cost shortfall: [Check]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Check]; Total planned project cost[A]: $4.09 million. Investment: Federal Air Marshal Service Mission Scheduling and Notification System; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $5.43 million. Investment: Hazmat Threat Assessment Program; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $4.09 million. Investment: Security Technology Integrated Program; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $27.99 million. Component: USCG: Investment: CG Business Intelligence; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $0.86 million. Component: USCIS: Investment: Naturalization: CLAIMS 4; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $2.36 million. Component: USSS: Investment: Information Integration and Technology Transformation; One or more projects with a cost shortfall: [Empty]; One or more projects with a schedule shortfall: [Check]; One or more projects with a cost and schedule shortfall: [Empty]; Total planned project cost[A]: $43.61 million. Component: Total; Investment: 21; One or more projects with a cost shortfall: 5; One or more projects with a schedule shortfall: 18; One or more projects with a cost and schedule shortfall: 2; Total planned project cost[A]: $1.144 billion[B]. Source: GAO analysis of OMB's federal IT Dashboard data. [A] These are the total planned costs of all investment projects in development as of March 8, 2012. [B] Differences in total are rounded off. [End of table] Causes of Investment Cost and Schedule Shortfalls Varied: The primary causes of the shortfalls in cost and schedule associated with DHS's 21 major IT investments were (in descending order of frequency): inaccurate preliminary cost and schedule estimates, technical issues in the development phase, changes in agency priorities, lack of understanding of user requirements, and dependencies on other investments that had schedule shortfalls. A summary of these causes by investment and component are shown in table 2. Table 2: Primary Causes of Shortfalls Experienced by Major DHS IT Investments (in descending order of frequency): Component: CBP; Investment: Automated Commercial Environment/International Trade Data System; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Check]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]; Investment: Land Border Integration; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Check]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Investment: Non-Intrusive Inspection Systems Program; Causes: Inaccurate preliminary cost/schedule estimates: [Check]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Investment: Northern Border, Remote Video Surveillance System; Causes: Inaccurate preliminary cost/schedule estimates: [Check]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Investment: TECS Modernization; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Check]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Component: DHS Office of the Chief Information Officer; Investment: Human Resources IT; Causes: Inaccurate preliminary cost/schedule estimates: [Check]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Component: FEMA; Investment: Disaster Assistance Improvement Plan; Causes: Inaccurate preliminary cost/schedule estimates: [Check]; Technical issues in development phase: [Check]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Check]; Other causes: [Empty]. Component: ICE; Investment: Detention and Removal Operations Modernization; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Check]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Check]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Component: NPPD; Investment: Critical Infrastructure Technology and Architecture; Causes: Inaccurate preliminary cost/schedule estimates: [Check]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Investment: Infrastructure Security Compliance: Chemical Security Assessment Tool; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Check]. Investment: National Cybersecurity Protection System; Causes: Inaccurate preliminary cost/schedule estimates: [Check]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Investment: Next Generation Networks Priority Services; Causes: Inaccurate preliminary cost/schedule estimates: [Check]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Check]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Investment: US-VISIT: Arrival and Departure Information System; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Check]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Investment: US-VISIT: Automated Biometric Identification System; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Check]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Component: TSA; Investment: Air Cargo Security; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Check]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Check]; Other causes: [Empty]. Investment: Federal Air Marshal Service Mission Scheduling and Notification System; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Check]. Investment: Hazmat Threat Assessment Program; Causes: Inaccurate preliminary cost/schedule estimates: [Check]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Investment: Security Technology Integrated Program; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Check]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Component: USCG; Investment: CG Business Intelligence; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Check]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Component: USCIS; Investment: Naturalization-CLAIMS 4; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Check]; Dependencies on other investments: [Empty]; Other causes: [Empty]. Component: USSS; Investment: Information Integration and Technology Transformation; Causes: Inaccurate preliminary cost/schedule estimates: [Empty]; Technical issues in development phase: [Empty]; Changes in agency priorities: [Empty]; Lack of understanding of user requirements: [Empty]; Dependencies on other investments: [Check]; Other causes: [Empty]. Component: Totals; Causes: Inaccurate preliminary cost/schedule estimates: 9 Technical issues in development phase: 6 Changes in agency priorities: 3 Lack of understanding of user requirements: 3 Dependencies on other investments: 3 Other causes: 2. Source: GAO analysis of agency data. [End of table] In our past work on DHS's investments and related IT management processes, we have identified some of these same causes and made recommendations to strengthen management in these areas. For example, with regard to cost estimating, we reported that forming a reliable estimate of costs provides a sound basis for measuring against actual cost performance and that the lack of such a basis contributes to variances.[Footnote 4] To help agencies establish such a capability, we issued a guide in March 2009[Footnote 5] that was based on the practices of leading organizations. In a July 2012 report[Footnote 6] examining how well DHS is implementing these practices, we reported that the department had weaknesses in cost estimating. Accordingly, we made recommendations to DHS to strengthen its cost estimating capabilities, and the department has plans and efforts under way to implement our recommendations. We have also reported[Footnote 7] that developing sufficient requirements is key to effectively delivering systems on time and within budget and that DHS has experienced project delays and cost overruns resulting from initial requirements not being defined properly. To address this challenge, DHS had begun, as part of defining and implementing a new IT governance process, to establish Centers of Excellence to provide investment officials with expert assistance in requirements development and other essential IT management disciplines.[Footnote 8] About Half of DHS's Projects with Shortfalls Did Not Have Well- Developed Corrective Efforts: A variety of best practices exist to guide the successful acquisition of IT investments, including how to develop and document corrective actions for projects experiencing cost and schedule shortfalls. In particular, GAO's Information Technology Investment Management framework[Footnote 9] calls for agencies to develop and document corrective efforts for underperforming projects. It also states that agencies are to ensure that, as projects develop and costs rise, the project continues to meet mission needs at the expected levels of cost and risk; if projects are not meeting expectations or if problems have arisen, agencies are to quickly take steps to address the deficiencies. DHS developed and documented corrective efforts for 12 of the 21 major investments with a shortfall, but the remaining 9 did not have corrective efforts documented. Table 3 depicts the investments with shortfalls and whether corrective efforts had been developed and documented. Table 3: Extent to Which DHS Had Developed and Documented Corrective Efforts for Investment Shortfalls: Component: CBP; Investment: Automated Commercial Environment/International Trade Data System; Adequately developed and documented corrective efforts? Yes. Investment: Land Border Integration; Adequately developed and documented corrective efforts? Yes. Investment: Non-Intrusive Inspection Systems Program; Adequately developed and documented corrective efforts? Yes. Investment: Northern Border, Remote Video Surveillance System; Adequately developed and documented corrective efforts? Yes. Investment: TECS Modernization; Adequately developed and documented corrective efforts? Yes. Component: DHS Office of the Chief Information Officer; Investment: Human Resources IT; Adequately developed and documented corrective efforts? No. Component: FEMA; Investment: Disaster Assistance Improvement Plan; Adequately developed and documented corrective efforts? Yes. Component: ICE; Investment: Detention and Removal Operations Modernization; Adequately developed and documented corrective efforts? Yes. Component: NPPD; Investment: Critical Infrastructure Technology and Architecture; Adequately developed and documented corrective efforts? Yes. Investment: Infrastructure Security Compliance: Chemical Security Assessment Tool; Adequately developed and documented corrective efforts? Yes. Investment: National Cybersecurity Protection System; Adequately developed and documented corrective efforts? No. Investment: Next Generation Networks Priority Services; Adequately developed and documented corrective efforts? No. Investment: US-VISIT: Arrival and Departure Information System; Adequately developed and documented corrective efforts? No. Investment: US-VISIT: Automated Biometric Identification System; Adequately developed and documented corrective efforts? No. Component: TSA; Investment: Air Cargo Security; Adequately developed and documented corrective efforts? No. Investment: Federal Air Marshal Service Mission Scheduling and Notification System; Adequately developed and documented corrective efforts? No. Investment: Hazmat Threat Assessment Program; Adequately developed and documented corrective efforts? Yes. Investment: Security Technology Integrated Program; Adequately developed and documented corrective efforts? Yes. Component: USCG; Investment: Coast Guard Business Intelligence; Adequately developed and documented corrective efforts? No. Component: USCIS; Investment: Naturalization-CLAIMS 4; Adequately developed and documented corrective efforts? No. Component: USSS; Investment: Information Integration and Technology Transformation; Adequately developed and documented corrective efforts? Yes. Component: Total; Adequately developed and documented corrective efforts? Yes: 12; No: 9. Source: GAO analysis of DHS data. [End of table] With regard to the investments with shortfalls, three were unable to provide us with documentation, even though project officials stated that they had developed some corrective efforts, and six did not engage in corrective efforts to address shortfalls. Of the three investments, officials from TSA's Federal Air Marshal Service Mission Scheduling and Notification System investment, for example, reported that they had addressed the project's schedule shortfall--which was due, in part, to a support contractor not having adequate staffing--by performing the work within the agency instead of relying on the contractor. Further, according to TSA officials, the cost and schedule shortfalls on the Air Cargo Security investment, which were due to technical complications and dependencies on other investments, were addressed by establishing a new cost and schedule baseline. Nonetheless, this lack of documentation is inconsistent with the direction of DHS's guidance and related best practices, and it shows a lack of process discipline and attention to key details, which raises concerns about the thoroughness of corrective efforts. Of the six investments without any corrective efforts, officials from these investments (namely, the Office of the Chief Information Officer's Human Resources IT investment, NPPD's US-VISIT Automated Biometric Identification System and Arrival and Departure Information System investments, USCG's Business Intelligence investment, NPPD's National Cybersecurity Protection System, and USCIS's Claims 4 investment), stated that they did not develop and document corrective efforts because they believed DHS's guidance does not call for it in their circumstances. Specifically, the officials said that although DHS's guidance[Footnote 10] calls for corrective actions to be developed and documented when an investment experiences a life cycle cost or schedule variance, the variances on their project activities thus far were not large enough to constitute such a variance. The impact of this approach is that multiple projects can continue to experience shortfalls--which increases the risk that investments will experience serious life cycle cost and schedule variances--without having to develop and document corrective actions to alert top management about potential problems and associated risks. This is inconsistent with the direction of OMB, which requires agencies to report (via the IT Dashboard) on the cost and schedule performance of their projects and considers those projects with a 10 percent or greater variance to be at an increased level of risk of not being able to deliver promised capabilities on time and within budget, and thus they require special attention from management. It is also inconsistent with our best practices research and experience at federal agencies, which stresses that agencies report to management when projects are not meeting expectations or when problems arise and quickly develop and document corrective efforts to address the problems. Further, our research and work at agencies has shown that waiting to act until significant life cycle variances occur can sometimes be risky and costly, as life cycle schedules are typically for multiyear periods, allowing the potential for underperforming projects to continue to vary from their cost and schedule goals for an extended amount of time without any requirement for corrective efforts. Consequently, until these guidance shortcomings have been addressed and each underperforming project has defined and documented corrective actions, the department's major investments these projects support will be at an increased risk of cost and schedule shortfalls. DHS Needs to Address Guidance and Cost and Schedule Shortfalls: To help ensure that DHS investments meet their cost and schedule commitments, we recommended that the Secretary of Homeland Security direct the appropriate officials to (1) establish guidance that provides for developing corrective efforts for major IT investment projects that are experiencing cost and schedule shortfalls of 10 percent or greater, similar to those identified in our report and (2) ensure that such major projects have defined and documented corrective efforts. DHS concurred with our recommendations and estimated that they would implement the first recommendation by September 30, 2013, and the second one immediately. We are currently in the process of following up with DHS to assess the extent to which these recommendations have been implemented. In summary, most of the projects comprising DHS's 68 major IT investments were meeting their cost and schedule commitments, but 21 major investments--integral to DHS's mission and costing approximately $1 billion--had projects experiencing significant cost and schedule shortfalls. These shortfalls place these investments at increased risk of not delivering promised capabilities on time and within budget, which, in turn, pose a risk to DHS's ability to fully meet its mission of securing the homeland. DHS guidance does not require projects experiencing significant cost and schedule shortfalls to develop and document corrective efforts until they cause a life-cycle cost and schedule variance. This increases risk and is contrary to effective IT investment practices. Given that DHS is currently establishing and implementing new IT governance processes, the department is positioned to address the guidance shortfalls. Chairman Duncan and Ranking Member Barber and Members of the Subcommittee, this completes my prepared statement. I would be pleased to respond to any questions that you may have at this time. GAO Contact and Staff Acknowledgments: If you or your staff have any questions about this testimony, please contact me at (202) 512-9286 or by e-mail at pownerd@gao.gov. Individuals who made key contributions to this testimony are Gary Mountjoy (assistant director), Scott Borre, Camille Chaires, and Nancy Glover. [End of section] Footnotes: [1] GAO, Information Technology: DHS Needs to Enhance Management of Cost and Schedule for Major Investments, [hyperlink, http://www.gao.gov/products/GAO-12-904] (Washington, D.C.: Sept. 2012). [2] DHS defines a major IT investment as one with a cost of $50 million or more and is complex and/or mission critical. [3] See, for example, GAO, Secure Border Initiative: SBInet Expenditure Plan Needs to Better Support Oversight and Accountability, [hyperlink, http://www.gao.gov/products/GAO-07-309] (Washington, D.C.: Feb. 15, 2007); Secure Border Initiative: DHS Needs to Reconsider Its Proposed Investment in Key Technology Program, [hyperlink, http://www.gao.gov/products/GAO-10-340] (Washington, D.C.: May 5, 2010); and Homeland Security: Key US- VISIT Components at Varying Stages of Completion, but Integrated and Reliable Schedule Needed, [hyperlink, http://www.gao.gov/products/GAO-10-13] (Washington, D.C.: Nov. 19, 2009). [4] GAO, Information Technology Cost Estimation: Agencies Need to Address Significant Weaknesses in Policies and Practices, [hyperlink, http://www.gao.gov/products/GAO-12-629] (Washington, D.C.: July 2012). [5] GAO, GAO Cost Estimating and Assessment Guide: Best Practices for Developing and Managing Capital Program Costs, [hyperlink, http://www.gao.gov/products/GAO-09-3SP] (Washington, D.C.: March 2009). [6] [hyperlink, http://www.gao.gov/products/GAO-12-629]. [7] GAO, Department of Homeland Security: Assessments of Selected Complex Acquisitions, [hyperlink, http://www.gao.gov/products/GAO-10-588SP] (Washington, D.C.: June 2010). [8] [hyperlink, http://www.gao.gov/products/GAO-12-818]. [9] GAO, Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity (version 1.1), [hyperlink, http://www.gao.gov/products/GAO-04-394G] (Washington, D.C.: March 2004). [10] Department of Homeland Security, Acquisition Management Directive 102-01 and Capital Planning and Investment Control Guide, version 7.2. [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E-mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]