This is the accessible text file for GAO report number GAO-07-990 entitled 'Department Of Homeland Security: Improved Assessment and Oversight Needed to Manage Risk of Contracting for Selected Services' which was released on October 17, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to Congressional Requesters: September 2007: Department Of Homeland Security: Improved Assessment and Oversight Needed to Manage Risk of Contracting for Selected Services: GAO-07-990: GAO Highlights: Highlights of GAO-07-990, a report to congressional requesters. Why GAO Did This Study: In fiscal year 2005, the Department of Homeland Security (DHS) obligated $1.2 billion to procure four types of professional and management support services—program management and support, engineering and technical, other professional, and other management support. While contracting for such services can help DHS meet its needs, there is risk associated with contractors closely supporting inherently governmental functions—functions that should be performed only by government employees. This report (1) describes the contracted services, (2) identifies potential risk and the extent to which DHS considered risk when deciding to contract for these services, and (3) assesses DHS’s approach to managing and overseeing these services. GAO analyzed 117 judgmentally selected statements of work and 9 cases in detail for contracts awarded in fiscal year 2005 by the Coast Guard, the Office of Procurement Operations (OPO), and the Transportation Security Administration (TSA). What GAO Found: More than half of the 117 statements of work that GAO reviewed provided for reorganization and planning activities, policy development, and acquisition support—services that closely support the performance of inherently governmental functions. Other such services supporting a broad range of programs and operations at Coast Guard, OPO, and TSA included budget preparation, regulation development, and employee relations. Decisions to contract for professional and management support services were driven by the need for staff and expertise to get programs and operations up and running. However, for the nine cases we reviewed, program officials did not assess the risk that government decisions may be influenced by, rather than independent from, contractor judgments. These cases included services that have the potential to increase this risk. For example, contractors directly supported DHS missions and performed on an ongoing basis work comparable to that of government employees. Most of the nine contracts also lacked detail or covered a wide range of services. Conditions such as these need to be carefully monitored to ensure the government does not lose control over and accountability for mission-related decisions. DHS has not explored ways to manage the risk of these contractor services, such as through total workforce deployment across the organization. The level of oversight DHS provided did not always ensure accountability for decisions or the ability to judge whether the contractor was performing as required. Federal acquisition policy requires enhanced oversight of contracts for services that can affect government decision making, policy development, or program management. While contracting officers and program officials acknowledged their professional and management support services contracts closely supported inherently governmental functions, they did not see a need for increased oversight. Insufficient oversight increases the potential for a loss of management control and the ability to ensure intended outcomes are achieved. Range of Contracted Services and Related Risk Level: Low risk level: Basic services: * Custodial; * Food; * Landscaping; * Snow removal; * Storage; * Trash collection. Medium risk level: Professional and management support services that do not closely support inherently governmental functions: * Advertising; * Banking; * Parking; * Records maintenance. High risk level: Professional and management support services that closely support inherently governmental functions: * Acquisition support; * Budget preparation; * Developing or interpreting regulations; * Engineering and technical services; * Intelligence services; * Policy development; * Reorganization and planning. Source: GAO analysis. What GAO Recommends: GAO recommends that DHS take actions to improve its ability to manage risk and ensure government control over and accountability for decisions resulting from services that closely support inherently governmental functions. DHS generally agreed with these recommendations. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-990]. To view the full product, including the scope and methodology, click on the link above. For more information, contact John Hutton at (202) 512- 4841 or huttonj@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: DHS Contracts for Selected Services Covered a Range of Activities Closely Supporting Inherently Governmental Functions: DHS Did Not Consider Risk when Deciding to Contract for Selected Services: Management of Contracts for Selected Services May Not Have Been Sufficient to Mitigate Risk: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Scope and Methodology: Appendix II: Examples of Inherently Governmental and Approaching Inherently Governmental Functions: Appendix III: Department of Homeland Security Inspector General Oversight: Appendix IV: Comments from the Department of Homeland Security: Tables: Table 1: Range of Contracted Services and Related Risk Level: Table 2: Examples of Limited Control over and Accountability for Contracts for Selected Services: Table 3: Requested Fiscal Year 2005 Contract Statements of Work: Table 4: Fiscal Year 2005 Contracts Reviewed: Table 5: Examples of Inherently Governmental Functions: Table 6: Examples of Services That May Approach Being Inherently Governmental Functions: Figures: Figure 1: DHS Contracting in Fiscal Year 2005: Figure 2: Coast Guard, OPO, and TSA Contracting for Selected Professional and Management Support Services in Fiscal Year 2005: Figure 3: Professional and Management Support Services Closely Supporting Inherently Governmental Functions in Nine Cases Reviewed: Figure 4: Inspector General Coverage of DHS Offices and Management Challenges: Abbreviations: COTR: Contracting Officer's Technical Representative: DHS: Department of Homeland Security: DOD: Department of Defense: DOE: Department of Energy: FAR: Federal Acquisition Regulation: FEMA: Federal Emergency Management Agency: FPDS-NG: Federal Procurement Data System-Next Generation: OFPP: Office of Federal Procurement Policy: OMB: Office of Management and Budget: OPO: Office of Procurement Operations: TSA: Transportation Security Administration: [End of section] United States Government Accountability Office: Washington, DC 20548: September 17, 2007: The Honorable Joseph I. Lieberman: Chairman: The Honorable Susan M. Collins: Ranking Member: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Daniel K. Akaka: Chairman: The Honorable George V. Voinovich: Ranking Member: Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Bennie G. Thompson: Chairman: Committee on Homeland Security: House of Representatives: In fiscal year 2006, the Department of Homeland Security (DHS) obligated $15.7 billion for the procurement of goods and services,[Footnote 1] making it the third largest department in terms of procurement spending in the federal government. Of this amount, DHS obligated over $5 billion on contracts for services categorized as professional and management support, such as strategic planning, human resources development, and acquisition support. While there are benefits to using contractors to perform services for the government--such as increased flexibility in fulfilling immediate needs--GAO and others have raised concerns about the federal government's increasing reliance on contractor services. Of key concern is the risk associated with contractors providing services that closely support inherently governmental functions: the loss of government control over and accountability for mission-related policy and program decisions. Federal guidance requires agencies to assess this risk and provide oversight accordingly. Given the dollars obligated for professional and management support services contracts and the associated risk, you asked us to review DHS's use of contracts for services that closely support inherently governmental functions. Specifically, you asked us to (1) describe the types of services DHS requested through these contracts, (2) identify potential risk in these contracts and the extent to which DHS considered risk when deciding to use these contracts, and (3) assess DHS's approach to managing and overseeing contracts for these types of services. To conduct our work, we reviewed applicable federal procurement policies and data from the Federal Procurement Data System-Next Generation (FPDS-NG) for fiscal year 2005, the most recent year for which complete data were available at the time we began our review. To identify services that closely support inherently governmental functions, we reviewed federal acquisition guidance that describes these functions and FPDS-NG service codes. We selected the four professional and management support services for which DHS obligated the most dollars in fiscal year 2005--program management and support services, engineering and technical services, other professional services, and other management support services. Because FPDS-NG does not provide definitions for service codes, to better understand the services provided, we judgmentally selected 125 contract statements of work for the four types of professional and management support services. We selected contracts and orders[Footnote 2] awarded by DHS components, excluding the Federal Emergency Management Agency (FEMA)[Footnote 3] that had obligated the most on these services at the time we began our review--the Coast Guard, the Office of Procurement Operations (OPO), and the Transportation Security Administration (TSA). From our selected statements of work, we received and reviewed 117 statements and judgmentally selected and conducted a more detailed review of 9 cases from the three components. These cases totaled over $82.1 million, ranging in value from $1.3 million to $42.4 million, and represented a variety of services that closely support inherently governmental functions. For the 9 cases, we reviewed contract files and interviewed contracting officers, program officials, and contractors. In addition, we interviewed staff from the Office of Management and Budget's (OMB) Office of Federal Procurement Policy (OFPP), the component heads of contracting activity at OPO and TSA, and the Chief of the Office of Procurement Policy at the Coast Guard. Appendix I provides more information on our scope and methodology. We conducted our review between April 2006 and August 2007 in accordance with generally accepted government auditing standards. Results in Brief: More than half of the 117 statements of work we reviewed provided for reorganization and planning activities, policy development, and acquisition support--services that closely support the performance of inherently governmental functions. For example, contractors provided reorganization and planning services for the Coast Guard's fleet modernization effort--the Integrated Deepwater System. In another case, contractors provided a range of professional services including strategic planning and legislative support for TSA's Transportation Worker Identification Credential Program. Employee relations, budget preparation, and regulation development were also among the services provided at the Coast Guard, OPO, and TSA. Decisions to contract for professional and management support services were driven by the need for staff and expertise to get programs and operations up and running. However, for the nine cases we reviewed, program officials did not assess the risk that government decisions may be influenced by, rather than independent from, contractor judgments. Long-standing federal procurement policy requires attention to this risk. Each of the nine cases we reviewed included services that have the potential to increase this risk. Specifically, the contracts included services that directly supported DHS missions; in some cases, contractors were performing on an ongoing basis work also performed by government employees, such as intelligence analysis and strategic planning. And in most cases, we found the original justification for contracting, such as immediate need, had changed, but components continued to use contractors without reassessing who--private companies or federal employees--should perform a given function. In addition, six of the nine contracts lacked detail or covered a wide range of services. These conditions need to be carefully monitored to ensure the government does not lose control over and accountability for mission- related decisions. DHS has not explored ways to manage the risk of contracting for these services, such as through total workforce deployment across the organization, which includes the flexible use of the workforce to reduce skill gaps. DHS management and oversight of contracts for selected services did not provide assurance that DHS had adequately mitigated the related risk. Federal acquisition policy requires enhanced oversight of contractors providing professional and management support services that can affect government decision making, support or influence policy development, or affect program management. However, most contracting officers and program officials we spoke with were unaware of this requirement and, in general, did not see a need for enhanced oversight of their professional and management support services contracts--even though they acknowledged these contracts closely supported inherently governmental functions. According to some officials, their contracting experience and training enabled them to determine if enhanced oversight was needed. However, we found the level of oversight provided did not always ensure accountability for decisions or the ability to judge whether the contractor was performing as required. In addition, training was not targeted to provide the necessary skills to determine whether enhanced oversight was needed. Failure to ensure appropriate oversight increases the potential for a loss of management control and ability to ensure intended outcomes are achieved. To improve DHS's ability to manage the risk of selected services that closely support inherently governmental functions as well as government control over and accountability for decisions, we are recommending that the Secretary of Homeland Security take several actions. These actions include establishing strategic-level guidance on and routinely assessing the risk of using contractors for selected services, more clearly defining contract requirements, and assessing the ability of the workforce to provide sufficient oversight when using selected services. In written comments on a draft of this report, DHS concurred with most of our recommendations and provided information on what action would be taken to address them. However, DHS partially concurred with our recommendation to assess the risk of selected services as part of the acquisition planning process and modify existing guidance and training, noting that its acquisition planning guidance already provides for the assessment of risk. However, our review found that this guidance does not address the specific risk of services that closely support the performance of inherently governmental functions. DHS also partially concurred with our recommendation to review selected services contracts as part of the acquisition oversight program, stating that instead, the Chief Procurement Officer will direct a special investigation on selected issues as needed. We did not intend for the formal oversight plan to be modified and leave it to the discretion of the Chief Procurement Officer to determine how to implement the recommendation. DHS's comments are reproduced in their entirety in appendix IV. Background: Governmentwide, spending on services contracts has grown substantially over the past several years. At DHS, in fiscal year 2005 services accounted for $7.9 billion, or 67 percent, of total procurement obligations,[Footnote 4] with $1.2 billion obligated for four types of professional and management support services: program management and support, engineering and technical, other professional, and other management support (see fig. 1). More than two-thirds of DHS's obligations for these services ($805 million) were to support the Coast Guard, OPO, and TSA. Figure 1: DHS Contracting in Fiscal Year 2005: [See PDF for image] This figure is a pie-chart depicting the following data: Services: $7.9 billion; Products: $3.9 billion; Four selected professional and management support services: $1.2 billion. Source: GAO analysis of FPDS-NG data. [End of figure] The services federal agencies buy are organized under more than 300 codes in FPDS-NG and range from basic services, such as custodial and landscaping, to more complex professional and management support services, which may closely support the performance of inherently governmental functions. Inherently governmental functions require discretion in applying government authority or value judgments in making decisions for the government; as such, they should be performed by government employees, not private contractors.[Footnote 5] The Federal Acquisition Regulation (FAR) provides 20 examples of functions considered to be, or to be treated as, inherently governmental, including: * determining agency policy and priorities for budget requests, * directing and controlling intelligence operations, * approving contractual requirements, and: * selecting individuals for government employment. The closer contractor services come to supporting inherently governmental functions, the greater the risk of their influencing the government's control over and accountability for decisions that may be based, in part, on contractor work. This may result in decisions that are not in the best interest of the government, and may increase vulnerability to waste, fraud, or abuse. The FAR provides 19 examples of services and actions that may approach the category of inherently governmental because of the nature of the function, the manner in which the contractor performs the contracted services, or the manner in which the government administers contractor performance.[Footnote 6] Table 1 provides examples of these services and their relative risk of influencing government decision making. Table 1: Range of Contracted Services and Related Risk Level: Low risk level: Basic services: * Custodial; * Food; * Landscaping; * Snow removal; * Storage; * Trash collection. Medium risk level: Professional and management support services that do not closely support inherently governmental functions: * Advertising; * Banking; * Parking; * Records maintenance. High risk level: Professional and management support services that closely support inherently governmental functions: * Acquisition support; * Budget preparation; * Developing or interpreting regulations; * Engineering and technical services; * Intelligence services; * Policy development; * Reorganization and planning. Source: GAO analysis of selected FPDS-NG and FAR subpart 7.5 categories of services, and OFPP Policy Letter 93-1. Note: Professional and management support services consists of 42 codes in FPDS-NG. [End of table] FAR and OFPP guidance address contracting for services that closely support the performance of inherently governmental functions, including professional and management support services, due to their potential for influencing the authority, accountability, and responsibilities of government officials. In particular, the guidance states that services that tend to affect government decision making, support or influence policy development, or affect program management are susceptible to abuse and require a greater level of scrutiny. Such services include advisory and assistance, which includes expert advice, opinions, and other types of consulting services. The guidance requires agencies to provide greater scrutiny of these services and an enhanced degree of management oversight. This would include assigning a sufficient number of qualified government employees to provide oversight and to ensure that agency officials retain control over and remain accountable for policy decisions that may be based in part on a contractor's performance and work products.[Footnote 7] The potential for the loss of government management control associated with contracting for services that closely support the performance of inherently governmental functions or that should be performed by government employees is a long-standing governmentwide concern. For example, in 1981, GAO found that contractors' level of involvement in management functions at the Departments of Energy (DOE) and Defense (DOD) was so extensive that the agencies' ability to develop options other than those proposed by the contractors was limited.[Footnote 8] A decade later, in 1991, GAO reported that DOE had contracted extensively for support in planning, managing, and carrying out its work because it lacked sufficient resources to perform the work itself.[Footnote 9] We noted that while support service contracts are appropriate for fulfilling specialized needs or needs of a short-term or intermittent nature, the contracts we reviewed at DOE were not justified on these bases. In that same year, GAO reported that three agencies--DOE, the Environmental Protection Agency, and the National Aeronautics and Space Administration--may have relinquished government control and relied on contractors to administer some functions that may have been governmental in nature.[Footnote 10] More recently, government, industry, and academic participants in GAO's 2006 forum on federal acquisition challenges and opportunities[Footnote 11] and the congressionally mandated Acquisition Advisory Panel[Footnote 12] noted how an increasing reliance on contractors to perform services for core government activities challenges the capacity of federal officials to supervise and evaluate the performance of these activities. The panel also noted that contracts for professional services are often performed with close contact between the federal government and contractor employees, which approaches the line between personal and nonpersonal services. Personal services are prohibited by the FAR, unless specifically authorized, and are indicated when the government exercises relatively continuous supervision and control over the contractor. Both the panel and GAO acquisition forum participants noted the large growth in contracting for complex and sophisticated services has increased attention to the appropriate use of contractors. DHS Contracts for Selected Services Covered a Range of Activities Closely Supporting Inherently Governmental Functions: A broad range of activities related to specific programs and administrative operations was performed under the professional and management support services contracts we reviewed. In most cases, the services provided--such as policy development, reorganization and planning activities, and acquisition support--closely supported the performance of inherently governmental functions. Contractor involvement in the nine cases we reviewed in detail ranged from providing two to three supplemental personnel to staffing an entire office. Of the $805 million obligated by the Coast Guard, OPO, and TSA in fiscal year 2005 to procure four types of professional and management support services, more than one-half of the obligations was for engineering and technical services--most of which was contracted by the Coast Guard and OPO. Figure 2 provides a breakdown of contracting dollars for the four selected professional and management support services by the three DHS components. Figure 2: Coast Guard, OPO, and TSA Contracting for Selected Professional and Management Support Services in Fiscal Year 2005: [See PDF for image] This figure is a vertical bar graph with three bars depicted in each of four categories. The vertical axis of the graph represents dollars in millions from 0 to 250. The horizontal axis of the graph represents the four categories. The following data is depicted: Program management/support services: Coast Guard: $12.3; Office of Procurement Operations: $76.4; Transportation Security Administration: $42.5. Engineering and technical services: Coast Guard: $201.2; Office of Procurement Operations: $183.3; Transportation Security Administration: $30.7. Other professional services: Coast Guard: $38.1; Office of Procurement Operations: $32.7; Transportation Security Administration: $17. Other management services: Coast Guard: $15.8; Office of Procurement Operations: $74.1; Transportation Security Administration: $81.2. Source: GAO analysis of FPDS-NG data. [End of figure] Some of the 117 statements of work we reviewed were for services that did not closely support inherently governmental functions. These included a TSA contract for employee parking services at airports and a Coast Guard contract to maintain historic human resource records and perform data entry. However, most of the selected statements of work we reviewed did request reorganization and planning activities, acquisition support, and policy development--services that closely supported inherently governmental functions.[Footnote 13] Of the 117 statements of work that we reviewed, 71 included a total of 122 services that fell into these three categories--with reorganization and planning activities requested most often. For example, the Coast Guard obligated $500,000 for a contractor to provide services for the Nationwide Automatic Identification System to identify and monitor vessels approaching or navigating in U.S. waters. The services included advising and providing recommendations on strategies for project planning, risk management, and measuring the performance and progress of the system. Additionally, the tasks included assisting with the development of earned value management reviews, life-cycle cost estimates, and cost-benefit analyses. In another example, TSA obligated $1.2 million to acquire contractor support for its Acquisition and Program Management Support Division, which included assisting with the development of acquisition plans and hands-on assistance to program offices to prepare acquisition documents. Because contract statements of work can be broad, or contain requirements that the contractor may not ultimately perform, we conducted a more detailed review of nine cases to verify the work performed. In these nine cases, we found that contractors provided a broad array of services to sustain a range of programs and administrative operations, with the categories of reorganization and planning, policy development, and acquisition support requested most often. For example, $2.1 million in orders supporting the Coast Guard's fleet modernization effort--the Integrated Deepwater System--included modeling and simulation services to analyze the operational performance and effectiveness of various fleet scenarios for program planning. A $42.4 million OPO order for professional, technical, and administrative services for multiple offices in DHS's Information Analysis and Infrastructure Protection Directorate[Footnote 14] included tasks to assist in developing policies, budget formulation, and defining information technology requirements.[Footnote 15] Specifically, contractor personnel provided general acquisition advice and support to the Information Analysis and Infrastructure Protection business office, which included the management, execution, process improvement, and status reporting of procurement requests. For another office, the contractor provided an analysis of intelligence threats. A $7.9 million OPO human capital services order provided a full range of personnel and staffing services to support DHS's headquarters offices, including writing position descriptions, signing official offer letters, and meeting new employees at DHS headquarters for their first day of work. The extent of contractor involvement in the nine case studies varied from providing two to three supplemental personnel to staffing an entire office, and in most cases contractor staff performed services on- site at DHS facilities. Figure 3 shows the type and range of services provided in the nine case studies and the location of contractor performance. Figure 3: Professional and Management Support Services Closely Supporting Inherently Governmental Functions in Nine Cases Reviewed: [See PDF for image] DHS program or office supported, by component, Coast Guard: Integrated Deepwater System, Modeling and Simulation Services: Total[a] dollars in billions: $2.1; Service provided: Budget preparation: [Empty]; Service provided: Policy developent: [Empty]; Service provided: Acquisition support: [Empty]; Service provided: Developing or interpreting regulations: [Empty]; Service provided: Reorganization and planning: [Check]; Service provided: Contractor representing component[b]: [Empty]; Service provided: Contractor responding to Freedom of Information Act request: [Empty]; Service type: Program support: [Check]; Service type: Administrative operations: [Empty]; Location: Performed on-site at DHS: [Empty]; Location: Performed at contractor facility: [Check]. DHS program or office supported, by component, Coast Guard: Competitive Sourcing Program: Total[a] dollars in billions: $1.7; Service provided: Budget preparation: [Check]; Service provided: Policy development: [Check]; Service provided: Acquisition support: [Check]; Service provided: Developing or interpreting regulations: [Empty]; Service provided: Reorganization and planning: [Check]; Service provided: Contractor representing component[b]: [Empty]; Service provided: Contractor responding to Freedom of Information Act request: [Empty]; Service type: Program support: [Check]; Service type: Administrative operations: [Empty]; Location: Performed on-site at DHS: [Check]; Location: Performed at contractor facility: [Empty]. DHS program or office supported, by component, Coast Guard: Office of Standards, Evaluation, and Development: Total[a] dollars in billions: $1.3; Service provided: Budget preparation: [Empty]; Service provided: Policy development: [Check]; Service provided: Acquisition support: [Empty]; Service provided: Developing or interpreting regulations: [Check]; Service provided: Reorganization and planning: [Empty]; Service provided: Contractor representing component[b]: [Empty]; Service provided: Contractor responding to Freedom of Information Act request: [Empty]; Service type: Program support: [Check]; Service type: Administrative operations: [Empty]; Location: Performed on-site at DHS: [Check]; Location: Performed at contractor facility: [Empty]. DHS program or office supported, by component, Office of Procurement Operations: Information Analysis and Infrastructure Protection Directorate: Total[a] dollars in billions: $42.4; Service provided: Budget preparation: [Check]; Service provided: Policy development: [Check]; Service provided: Acquisition support: [Check]; Service provided: Developing or interpreting regulations: [Check]; Service provided: Reorganization and planning: [Check]; Service provided: Contractor representing component[b]: [Check]; Service provided: Contractor responding to Freedom of Information Act request: [Check]; Service type: Program support: [Check]; Service type: Administrative operations: [Check]; Location: Performed on-site at DHS: [Check]; Location: Performed at contractor facility: [Empty]. DHS program or office supported, by component, Office of Procurement Operations: U.S. Visitor and Immigration Status Indicator Technology: Total[a] dollars in billions: $11.8; Service provided: Budget preparation: [Empty]; Service provided: Policy development: [Empty]; Service provided: Acquisition support: [Check]; Service provided: Developing or interpreting regulations: [Empty]; Service provided: Reorganization and planning: [Check]; Service provided: Contractor representing component[b]: [Empty]; Service provided: Contractor responding to Freedom of Information Act request: [Empty]; Service type: Program support: [Check]; Service type: Administrative operations: [Empty]; Location: Performed on-site at DHS: [Empty]; Location: Performed at contractor facility: [Check]. DHS program or office supported, by component, Office of Procurement Operations: DHS Headquarters Human Capital Services: Total[a] dollars in billions: $7.9; Service provided: Budget preparation: [Empty]; Service provided: Policy development: [Empty]; Service provided: Acquisition support: [Empty]; Service provided: Developing or interpreting regulations: [Empty]; Service provided: Reorganization and planning: [Check]; Service provided: Contractor representing component[b]: [Check]; Service provided: Contractor responding to Freedom of Information Act request: [Empty]; Service type: Program support: [Empty]; Service type: Administrative operations: [Check]; Location: Performed on-site at DHS: [Check]; Location: Performed at contractor facility: [Check]. DHS program or office supported, by component, Transportation Security Administration: Transportation Worker Identification Credential Program: Total[a] dollars in billions: $7.9; Service provided: Budget preparation: [Check]; Service provided: Policy development: [Check]; Service provided: Acquisition support: [Check]; Service provided: Developing or interpreting regulations: [Check]; Service provided: Reorganization and planning: [Check]; Service provided: Contractor representing component[b]: [Check]; Service provided: Contractor responding to Freedom of Information Act request: [Empty]; Service type: Program support: [Check]; Service type: Administrative operations: [Empty]; Location: Performed on-site at DHS: [Check]; Location: Performed at contractor facility: [Empty]. DHS program or office supported, by component, Transportation Security Administration: Employee Relations Support Services: Total[a] dollars in billions: $5.4; Service provided: Budget preparation: [Empty]; Service provided: Policy development: [Check]; Service provided: Acquisition support: [Empty]; Service provided: Developing or interpreting regulations: [Empty]; Service provided: Reorganization and planning: [Empty]; Service provided: Contractor representing component[b]: [Check]; Service provided: Contractor responding to Freedom of Information Act request: [Empty]; Service type: Program support: [Empty]; Service type: Administrative operations: [Check]; Location: Performed on-site at DHS: [Check]; Location: Performed at contractor facility: [Empty]. DHS program or office supported, by component, Transportation Security Administration: Secure Flight: Total[a] dollars in billions: $1.6; Service provided: Budget preparation: [Check]; Service provided: Policy development: [Empty]; Service provided: Acquisition support: [Check]; Service provided: Developing or interpreting regulations: [Check]; Service provided: Reorganization and planning: [Check]; Service provided: Contractor representing component[b]: [Check]; Service provided: Contractor responding to Freedom of Information Act request: [Empty]; Service type: Program support: [Check]; Service type: Administrative operations: [Check]; Location: Performed on-site at DHS: [Check]; Location: Performed at contractor facility: [Empty]. Source: GAO analysis. Note: Categories are based on services that approach being inherently governmental in FAR subpart 7.5 and therefore may not include all the services provided by contractors in each of the nine cases. [A] Obligations based on information provided by DHS at the time of our review. [B] Situations in which contractors might be assumed to be agency employees or representatives. FAR section 7.503(d)(13). [End of figure] DHS Did Not Consider Risk when Deciding to Contract for Selected Services: A lack of staff and expertise to get programs and operations up and running drove decisions to contract for professional and management support services. While program officials generally acknowledged that these contracts closely supported the performance of inherently governmental functions, they did not assess the risk that government decisions may be influenced by, rather than independent from, contractor judgments. In the nine cases we reviewed, we found contractors providing services integral to an agency's mission and comparable to those provided by government employees, and contracts with broadly defined requirements. These conditions need to be carefully monitored to ensure the government does not lose control over and accountability for mission related decisions. DHS has not explored ways to manage the risk of contracting for these services such as determining the right mix of government-performed and contractor- performed services or assessing total workforce deployment across the department. DHS's human capital strategic plan notes the department has identified core mission critical occupations and plans to reduce skill gaps in core and key competencies. However, it is unclear how this will be achieved and whether it will inform the department's use of contractors for services that closely support inherently governmental functions. DHS Contracting Decisions Were Largely Driven by a Lack of Staff and Expertise and Immediacy of Need: The reasons most often cited by program officials for contracting for services was the need for employees--to start up a new program or administrative operation, provide specific expertise, or meet immediate mission needs. When DHS was established in 2003, it was charged with developing strategies, programs, and projects to meet a new mission while facing skill gaps in core and key competencies. For example, at TSA--a component built from the ground up--according to program officials, the lack of federal staff to provide acquisition support led to hiring contractors for its Secure Flight program. Federal staff limitations was also a reason for TSA's contract for employee relations support services. Many TSA, DHS human capital, and Information Analysis and Infrastructure Protection program officials said that contracting for services was necessary because they were under pressure to get program and administrative offices up and running quickly, and they did not have enough time to hire staff with the right expertise through the federal hiring process. In another case, in prior work we found that when OPO was established, the office had only seven staff to serve more than 20 organizations.[Footnote 16] Since that time, OPO has expanded and adjusted the use of contractors for specific functions, such as acquisition support. In the case of TSA, the agency needed to immediately establish an employee relations office capable of serving 60,000 newly hired airport screeners--an undertaking TSA Office of Human Resources officials said would have taken several years to accomplish if they hired qualified federal employees. In another case, DHS human capital officials said there were only two staff to manage human resources for approximately 800 employees, and it would have taken 3 to 5 years to hire and train federal employees to provide the necessary services. Similarly, the Coast Guard, a more established agency, lacked the personnel needed to address new requirements for its competitive sourcing program. According to Coast Guard program officials, only one federal employee was in place when the new requirements were established. An acquisition plan for modeling and simulation services in support of the Coast Guard's Integrated Deepwater System cited the need for technological expertise as one of the reasons for hiring contractors. According to program officials, contracting for such technological capabilities is routine at the Coast Guard. Several officials also described a perception of a management preference for contracting. For example, an OPO contracting officer said governmentwide strategies to use contractors influenced program decisions to award services contracts. TSA program and senior officials also said decisions to contract were in keeping with a conscious decision to build a lean organization. For example, in prior work, we found that TSA contracted extensively to manage human resource needs, develop and manufacture screening equipment, and provide the information technology systems it uses to manage day-to-day operations. In fact, such service contracts represented about 48 percent of TSA's fiscal year 2003 budget.[Footnote 17] Selected Cases May Have Been at Risk of Contractors Influencing Government Decisions: To ensure the government does not lose control over and accountability for mission-related decisions, long-standing federal procurement policy requires attention to the risk that government decisions may be influenced by, rather than independent from, contractor actions when contracting for services that closely support inherently governmental functions. Distinguishing roles and responsibilities of contractors and government employees and carefully defining requirements for contractor services become especially important when contracting for professional and management support services since contractors often work closely with government employees to provide these services. To manage risk, participants in GAO's acquisition forum stated that agencies need to determine the right mix of government-performed and contractor- performed work in particular settings, and that planning for contracting outcomes and measurable results is a critical element in managing a multisector workforce of government employees and contractors. The nine cases we reviewed provided examples of contractors performing services integral to an agency's mission and comparable to those performed by government employees, contractors providing ongoing support, and broadly defined contract requirements-- conditions that need to be carefully monitored to ensure the government does not lose control over and accountability for mission-related decisions. Contractor Services Integral to DHS's Mission and Comparable to Work Performed by Government Employees: In seven of the nine cases, contractors provided services that were integral to DHS's mission or comparable to work performed by government employees. For example: * A contractor directly supported DHS efforts to hire federal employees, including signing offer letters. * The contractor for the component's employee relations office provided advice to supervisors on cases, a function also performed by federal employees in that office. * A contractor provided acquisition advice and support to the Information Analysis and Infrastructure Protection Directorate business office, working alongside federal employees and performing the same tasks. In some of these cases officials said contractors were used to fill staff shortages. We also found that government employees may have supervised contractor employees. For example, one contractor performed mission-related budget, program management, and acquisition services and was located at government operations centers to provide opportunities for direct review of the contractor's activities. This type of close supervision of contractor personnel may constitute personal services--a contracting arrangement that is prohibited by the FAR, unless specifically authorized.[Footnote 18] Ongoing Contractor Support: In all nine cases, the contractor provided services that lasted for more than 1 year. Given the risk of contracting for selected services, it is appropriate to periodically reexamine who--private companies or federal employees--should perform certain services. However, in five of the nine cases, the original justification for contracting--to quickly establish a new office or function--had changed, but the components extended or recompeted services without considering this change. For example: * To establish a competitive sourcing program, the Coast Guard hired a contractor to provide budget, policy, acquisition support, and reorganization and planning for more than 5 years. These services have been extended through August 2009. * OPO established a temporary "bridge" arrangement without competition to avoid disruption of critical support including budget, policy, and intelligence services. Although this arrangement was intended to be temporary, the order was modified 20 times and extended for almost 18 months. Subsequently, these services were competed and awarded to the original contractor under six separate contracts. DHS provided information stating that five of the six contracts expire by the end of September 2007. However, as of August 2007 DHS had yet to provide a plan for carrying out these services in the future. * In another OPO case, a contractor was hired to develop a strategic plan for the US-VISIT program. While the task was completed in less than a year, the contractor continued to provide related services in two subsequent orders. Continuing to contract for these types of services is particularly risky since the initial contracting decisions did not include an assessment of risk. Broadly Defined Requirements: Describing in detail the work to be performed under a contract helps to minimize the risk of paying too much for services provided, acquiring services that do not meet needs, or entering too quickly into sensitive arrangements. Well-defined contract requirements can also help minimize the risk of contractors performing inherently governmental functions. Defining requirements is a part of the acquisition planning process and prior GAO work has emphasized the importance of clearly defined requirements to obtain the right outcome.[Footnote 19] Broadly defined requirements were also apparent in the 117 statements of work that we reviewed. For example, at TSA we found multiple statements of work requesting a similar set of services--including acquisition and strategic planning, contingency planning, program oversight, and government cost estimating--in support of different program offices. In six of our nine case studies, the requirements as written in the statements of work were often broadly defined. In four cases, the statements of work lacked specific details about activities that closely support inherently governmental functions. For example, the initial statement of work for a $7.9 million OPO order for human resources support broadly stated that the contractor would rank candidates for DHS positions. Without specifying how the contractor was to perform this task, it was unclear how OPO would hold the contractor accountable for outcomes. The later contract specified how the contractor was to rank candidates, including the criteria, processes, and policies to be used. In the other two cases, the statements of work included an indiscriminate mix of services. * A $7.9 million TSA contract included program management support activities, including professional and technical advice, strategic planning, performance monitoring, conference support, briefing preparation, project documentation, technical research and analysis, and stakeholder relations. Some of these activities fit the description of advisory and assistance services. * Similarly, a single $42.4 million OPO order included 58 tasks to provide a diverse range of services throughout the Information Analysis and Infrastructure Protection Directorate in support of over 15 program offices and 10 separate directoratewide administrative efforts. Services included providing strategic communications planning expertise and representing the directorate as a member of the DHS-wide Homeland Security Operations Center, providing intelligence analysis for Immigration and Customs Enforcement and Customs and Border Protection, supporting administrative functions such as acquisition planning and human capital management, and defining information technology requirements for the directorate. Other services included helping respond to congressional and Freedom of Information Act requests and preparing budget justification documents and related briefing materials. Several program officials noted that the statements of work did not accurately reflect the program's needs or the work the contractors actually performed. For example, one statement of work for a $1.7 million Coast Guard order included advisory and assistance services. However, program officials said the contractor never provided these services. Another Coast Guard statement of work for a $1.3 million order initially included developing policy, conducting cost-benefit analyses, and conducting regulatory assessments, though program officials told us the contractors provided only technical regulatory writing and editing support. The statement of work was revised in a later contract to better define requirements. Officials Generally Did Not Address Risk when Contracting for Selected Services: Contracting officers and program officials for the nine case studies generally acknowledged that their professional and management support services contracts closely supported the performance of inherently governmental functions. However, none assessed whether these contracts could result in the loss of control over and accountability for mission- related decisions. DHS has not explored ways to address the risk of contracting for these services such as determining the right mix of government performed or contractor performed services or assessing total workforce deployment across the department. Federal acquisition guidance highlights the risk inherent in service contracting--particularly those for professional and management support--and federal internal control standards require assessment of risks. Internal control standards provide a framework to identify and address areas at greatest risk of mismanagement, waste, fraud, and abuse.[Footnote 20] OFPP staff we met with also emphasized the importance of assessing the risk associated with contracting for services that closely support the performance of inherently governmental functions and establishing effective internal management controls to ensure agency staff are aware of this risk consistent with the OFPP guidance. While DHS acquisition planning guidance requires identification of such acquisition risks as cost, schedule, and performance, or political or organizational factors, it does not address the specific risk of services that closely support the performance of inherently governmental functions.[Footnote 21] Prior GAO work has found that cost, schedule, and performance--common measures for products or major systems--may not be the most effective measures for assessing services.[Footnote 22] DHS's human capital strategic plan notes the department has identified core mission critical occupations and plans to reduce skill gaps in core and key competencies. However, prior GAO work found that DHS had not provided details on the specific human capital resources needed to achieve its long-term strategic goals.[Footnote 23] Human capital planning strategies should be linked to current and future human capital needs, including the total workforce of federal employees and contractors; its deployment across the organization; and the knowledge, skills, and abilities needed by agencies.[Footnote 24] Deployment includes the flexible use of the workforce, such as putting the right employees in the right roles according to their skills, and relying on staff drawn from various organizational components and functions and using "just-in-time" or "virtual" teams to focus the right talent on specific tasks. We have also noted the importance of focusing greater attention on which types of functions and activities should be contracted out and which ones should not while considering other reasons for using contractors, such as a limited number of federal employees. DHS's human capital plan is unclear as to how this could be achieved and whether it will inform the department's use of contractors for services that closely support the performance of inherently governmental functions. Management of Contracts for Selected Services May Not Have Been Sufficient to Mitigate Risk: None of the program officials and contracting officers we spoke with were aware of the federal acquisition policy requirement for enhanced oversight of contracts for services that closely support the performance of inherently governmental functions. Further, few believed that their professional and management support service contracts required an enhanced level of scrutiny. For the nine cases we reviewed, the level of oversight DHS provided did not always ensure accountability for decisions--as called for in federal guidance--or the ability to judge whether contractors were performing as required. DHS's Chief Procurement Officer and Inspector General each have ongoing efforts to improve procurement oversight. These efforts have the potential to include reviews of contracting for services that closely support the performance of inherently governmental functions. Officials Did Not Provide Required Oversight of Contracts for Selected Services: The FAR and OFPP require agencies to provide enhanced oversight of contracts for services that closely support the performance of inherently governmental functions to ensure these services do not compromise the independence of government decision making.[Footnote 25] DHS contracting officers and program officials from our nine case studies were unaware of these oversight policies. While these officials acknowledged the professional and management support services provided under these contracts closely supported the performance of inherently governmental functions, most did not believe enhanced oversight of the contracts was warranted. According to DHS contracting officers and program officials, cost, complexity, and visibility are risk factors that trigger the need for enhanced oversight. Neither these officials nor DHS acquisition planning guidance cite services that closely support the performance of inherently governmental functions as a risk factor. In five of the nine cases we reviewed, contract documents outlined routine oversight responsibilities for the Contracting Officer's Technical Representative (COTR) but did not address the need for enhanced oversight as a result of the type of service. Prior GAO work has found that because services involve a wide range of activities, management and oversight of service acquisitions may need to be tailored to the specific circumstances, including developing different measures of quality or performance.[Footnote 26] In four of the case studies, contracting officers and program officials believed their experience and training enabled them to determine whether or not enhanced oversight was needed. However, none of the training policies and documents we reviewed--including DHS's directive for COTR certification and the Defense Acquisition University's training curriculum--alerted COTRs to federal policy requiring enhanced oversight for contracts that closely support inherently governmental functions or to the risk of such contracts. Control and Accountability Were Limited: Federal acquisition guidance requires agencies to retain control over and remain accountable for decisions that may be based, in part, on a contractor's performance and work products. This includes making sound judgments on requirements, costs, and contractor performance. Both the FAR and OFPP policy state that when contracting for services-- particularly for professional and management support services that closely support the performance of inherently governmental functions-- a sufficient number of qualified government employees assigned to plan and oversee contractor activities is needed to maintain control and accountability. However, we found cases in which the components lacked the capacity to oversee contractor performance due to limited expertise and workload demands (see table 2). These deficiencies may have resulted in a lack of control over and accountability for decisions. Table 2: Examples of Limited Control over and Accountability for Contracts for Selected Services: DHS program or office supported, by component: Coast Guard: Integrated Deepwater System, Modeling and Simulation Services; Total dollars (in millions): $2.1; Example of limited control and accountability: Coast Guard program officials said they lacked the technical expertise needed to determine what it would take to perform a particular task. In one case, they anticipated that it would take about 4 hours to modify a simulation. Later, the contractor estimated the modification would take 120 hours. Such a discrepancy illustrates the potential problems that can occur --such as underestimating costs--when government personnel lack the expertise needed to independently plan for contracted work. DHS program or office supported, by component: Office of Procurement Operations: Information Analysis and Infrastructure Protection Directorate; Total dollars (in millions): 42.4; Example of limited control and accountability: One COTR was assigned to oversee 58 different tasks, ranging from acquisition support to intelligence analysis to budget formulation and planning, across multiple offices and locations. Program and contracting officials noted the resulting oversight was likely insufficient. To provide better oversight for one of the follow-on contracts, the program official assigned a new COTR to oversee just the intelligence work and established monthly meetings between the COTR and program office to discuss the contract. However, according to the program official, this change was made to ensure that the contract deliverables and payments were in order rather than to address the inherent risk of the services performed. DHS program or office supported, by component: Office of Procurement Operations: DHS Headquarters Human Capital Services; Total dollars (in millions): 7.9; Example of limited control and accountability: The COTR assigned to oversee the extensive range of personnel services provided by the contractor lacked technical expertise, which the program manager believed affected the quality of oversight provided. To improve oversight for the follow-on contract, the program manager assigned a COTR with more human resources experience along with an employee with human resources expertise to assist the COTR. Source: GAO analysis. [End of table] Prior GAO work has shown similar examples of oversight deficiencies that can contribute to poor outcomes. For example, in work examining contracts undertaken in support of response and recovery efforts for Hurricanes Katrina and Rita, we found that the number of monitoring staff available at DHS was not always sufficient or effectively deployed to provide oversight.[Footnote 27] Similarly, in work at DOD, we have found cases of insufficient numbers of trained contracting oversight personnel, and cases in which personnel were not provided enough time to complete surveillance tasks, in part due to limited staffing.[Footnote 28] Establishing measurable outcomes for services contracts and assessing contractor performance are necessary to ensure control and accountability. DHS components were limited in their ability to assess contractor performance in a way that addressed the risk of contracting for professional and management support services that closely support the performance of inherently governmental functions. Assessing contractor performance requires a plan that outlines how services will be delivered. However, none of the related oversight plans and contract documents we reviewed contained specific measures for assessing contractors' performance of these services. DHS Is Implementing Oversight Initiatives: DHS's Chief Procurement Officer and the Inspector General each have ongoing efforts to assess DHS contract management. The Chief Procurement Officer is in the process of implementing an acquisition oversight program, which is intended to assess (1) compliance with federal acquisition guidance, (2) contract administration, and (3) business judgment.[Footnote 29] This program was designed with flexibility to address specific procurement issues, as necessary, and is based on a series of reviews at the component level. For example, the on-site review incorporates assessments of individual procurement actions. These reviews have potential to include contracting for services that closely support inherently governmental functions. The Inspector General also has recently increased its procurement oversight (see app. III). Common themes and risks emerged from this work, primarily the dominant influence of expediency, poorly defined requirements, and inadequate oversight that contributed to ineffective or inefficient results and increased costs. Inspector General reviews also noted that many DHS procurement offices reported that their lack of staffing prevents proper procurement planning and severely limits their ability to monitor contractor performance and conduct effective contract administration. While these findings have broad application to services, OFPP Policy Letter 93-1 encourages the Inspectors General to also conduct vulnerability assessments of services contracting--which would include services that closely support inherently governmental functions--to ensure compliance with related guidance. Conclusions: When DHS was established in 2003, it faced an enormous challenge to quickly set up numerous offices and programs that would provide wide- ranging and complex services critical to ensuring the nation's security. With limited staffing options, the department relied on contractors to perform mission-related services that closely support the performance of inherently governmental functions. However, the tasks assigned to contractors were not always clearly defined up front, and the breadth and depth of contractor involvement were extensive in some cases. Four years later, the department continues to rely heavily on contractors to fulfill its mission with little emphasis on assessing the risk and ensuring management control and accountability. Given its use of contractors to provide selected services, it is critical for DHS to strategically address workforce deployment and determine the appropriate role of contractors in meeting its mission. Until the department emplaces the staff and expertise needed to oversee selected services, it will continue to risk transferring government responsibility to contractors. Recommendations for Executive Action: To improve the department's ability to manage the risk of selected services that closely support inherently governmental functions as well as government control over and accountability for decisions, we recommend that the Secretary of Homeland Security implement the following five actions: * establish strategic-level guidance for determining the appropriate mix of government and contractor employees to meet mission needs; * assess the risk of selected contractor services as part of the acquisition planning process, and modify existing acquisition guidance and training to address when to use and how to oversee those services in accordance with federal acquisition policy; * define contract requirements to clearly describe roles, responsibilities, and limitations of selected contractor services as part of the acquisition planning process; * assess program office staff and expertise necessary to provide sufficient oversight of selected contractor services; and: * review contracts for selected services as part of the acquisition oversight program. Agency Comments and Our Evaluation: We provided a draft of this report to OMB and DHS for review and comment. In written comments, DHS generally concurred with our recommendations and provided information on what action would be taken to address them. The department's comments are reprinted in appendix IV. OMB did not comment on the findings or conclusions of this report. DHS concurred with three of our recommendations, and partially concurred with the other two. Regarding the first recommendation, to establish strategic guidance for determining the appropriate mix of government and contractor employees, DHS agreed and stated that its Chief Human Capital and Chief Procurement Officers plan to initiate staffing studies and recommend the number and skill sets of federal employees required to successfully manage its long-term projects and programs. We agree that such action should provide the basis for developing a strategic approach to managing the risk of contracting for selected services. DHS partially concurred with our recommendation to assess the risk of selected contractor services as part of the acquisition planning process and to modify existing acquisition guidance and training accordingly. DHS agreed that its training for contracting officers and contracting officer's technical representatives should include the guidance in OFPP Policy Letter 93-1. DHS stated the Chief Procurement Officer plans to emphasize this requirement to the component Heads of Contracting Activity and to department contracting personnel and to coordinate with the Defense Acquisition University to ensure that guidance is also included in its training. However, DHS stated that its Acquisition Planning Guide already provides for the assessment of risk. Our review of the acquisition planning guidance found that it addresses risk factors such as cost, schedule, and performance, but it does not address the specific risk of services that closely support the performance of inherently governmental functions. As we note in our report, these types of services carry additional risk that should be considered when making contracting decisions. Concerning the third recommendation, to define contract requirements to clearly describe roles, responsibilities, and limitations of selected contractor services, DHS concurred and anticipated that the risk of contracting for selected services will be appropriately addressed more often in the future. However, DHS did not specify related initiatives. Because developing well-defined requirements can be challenging but is essential for obtaining the right outcome, we believe this effort will require sustained attention from DHS. DHS also concurred with our fourth recommendation, to assess the program office staff and expertise necessary to provide sufficient oversight of selected contractor services. DHS stated that this process has already begun at TSA and that it plans to proceed on a larger-scale initiative as part of its overall human capital planning. With respect to our recommendation that DHS review selected services contracts as part of the acquisition oversight program, DHS agreed that these types of services require special assessment, but stated that the Chief Procurement Officer will direct a special investigation on selected issues as needed rather than as part of the routine acquisition oversight reviews. We did not intend that the formal oversight plan be modified. Rather, we recognize that the acquisition oversight program was designed with flexibility to address specific procurement issues as necessary. We leave it to the discretion of the Chief Procurement Officer to determine how to implement the recommendation to ensure proper oversight. As agreed with your offices, unless you publicly announce the contents of this report, we plan no further distribution for 30 days from the report date. At that time, we will send copies of this report to the Secretary of Homeland Security, the Director of the Office of Management and Budget, and other interested congressional committees. We will also make copies available to others upon request. In addition, this report will be available at no charge on the GAO Web site at [hyperlink, http://www.gao.gov]. If you have questions about this report or need additional information, please contact me at (202) 512-4841 or huttonj@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Other staff making key contributions to this report were Amelia Shachoy, Assistant Director; Katherine Trimble; Jennifer Dougherty; Cardell Johnson; Matthew Saradjian; David Schilling; Karen Sloan; Julia Kennon; Alison Martin; Noah Bleicher; and Kenneth Patton. Signed by: John P. Hutton: Director: Acquisition and Sourcing Management: [End of section] Appendix I: Scope and Methodology: To describe the types of services the Department of Homeland Security (DHS) requested through these contracts, we compiled information from the Federal Procurement Data System-Next Generation (FPDS-NG) on procurement spending at DHS and its components for fiscal years 2005 and 2006. To supplement our review of information from FPDS-NG, we reviewed 117 statements of work and conducted more detailed reviews of nine cases from fiscal year 2005--the year for which the most complete data were available at the time we began our review. For the 117 statements of work, we used federal acquisition guidance on services that closely support the performance of inherently governmental functions as criteria to describe the types of services DHS requested. Within those services, we selected three broad categories for more detailed review--reorganization and planning activities, policy development, and acquisition support. To identify potential risk and the extent to which DHS considered risk when deciding to use contracts for selected professional and management support services that closely support the performance of inherently governmental functions, and to assess DHS's management and oversight of contracts for these types of services, we conducted a detailed review of nine case studies--three at each component. For each case study, we reviewed contract documentation, including available acquisition plans, oversight plans, and records, and interviewed procurement and program officials at the three components about the decision to use contractors and contractor oversight, including any processes and guidance used. We interviewed contractors for seven of the nine cases about their working relationship with the component offices, the work performed, and the oversight provided by the component. For the other two cases, we requested interviews, but the contractors were not available. We also spoke with the heads of contracting activity at the Office of Procurement Operations (OPO) and the Transportation Security Administration (TSA), the Chief of the Office of Procurement Policy at the Coast Guard, and staff at the Office of Management and Budget's (OMB) Office of Federal Procurement Policy (OFPP). Selection of Services and Contracts: To develop criteria for services that closely support the performance of inherently governmental functions, we reviewed Federal Acquisition Regulation (FAR) subpart 7.5 on inherently governmental functions and FAR section 37.114 on special acquisition requirements, and the Office of Management and Budget's Office of Federal Procurement Policy Letter 93-1 on management oversight of service contracts.[Footnote 30] To select services to review, a GAO contracting officer reviewed the FPDS-NG Product and Service Codes Manual and identified over 30 services considered to closely support the performance of inherently governmental functions across the following categories: research and development; special studies and analyses; professional, administrative, and management support services; and education and training. To confirm the selection, we then compared each of the services to federal acquisition guidance that describes inherently governmental functions and services approaching inherently governmental functions. On the basis of this review, we gathered and analyzed data from the FPDS-NG on DHS's fiscal year 2005 obligations for 29 services. Sixteen of the 29 services fell into the professional, administrative, and management support services category. From this category, we selected the 4 services for which DHS obligated the most in fiscal year 2005--program management and support services, engineering and technical services, other professional services, and other management support services. We reviewed these criteria with DHS acquisition policy and oversight officials, focusing on the link between the 4 selected services and federal acquisition guidance. Finally, we selected the three DHS components, excluding the Federal Emergency Management Agency (FEMA), that had obligated the most for those services at the time we began our review--the Coast Guard, OPO, and TSA.[Footnote 31] To select contracts to review, we compiled data from FPDS-NG on all fiscal year 2005 contract actions as of the time we began our review for the 4 services at the three components. Using the brief contract description available through FPDS-NG, we used FAR guidance to identify services that closely support the performance of inherently governmental functions to select a total of 125 statements of work for the 4 services: 42 from Coast Guard, 43 from OPO, and 40 from TSA (see table 3). Table 3: Requested Fiscal Year 2005 Contract Statements of Work: Component: Coast Guard; Program management/support services: 8; Engineering and technical services: 14; Other professional services: 11; Other management support services: 9; Total by component: 42. Component: OPO; Program management/support services: 6; Engineering and technical services: 8; Other professional services: 6; Other management support services: 23; Total by component: 43. Component: TSA; Program management/support services: 17; Engineering and technical services: 1; Other professional services: 10; Other management support services: 12; Total by component: 40. Component: Total by service type; Program management/support services: 31; Engineering and technical services: 23; Other professional services: 27; Other management support services: 44; Total by component: 125. Source: GAO analysis of fiscal year 2005 FPDS-NG data. [End of table] Of the 125 requested, we received 117 statements of work within the 11- week time period we allowed. In some cases, DHS was unable to locate files or FPDS-NG entries were unclear or incorrect. Using the more detailed description of services included in the 117 statements of work, we again used FAR guidance to identify services that appeared to closely support the performance of inherently governmental functions to select three contracts from each component on which to perform a total of nine case studies. The nine cases we reviewed in detail represented the 4 types of professional and management support services and ranged in value from $1.3 million to $42.4 million. Table 4 provides details on the case study selection process and the cases reviewed. Table 4: Fiscal Year 2005 Contracts Reviewed: Dollars in millions. For Coast Guard, OPO, and TSA: Contracts for four selected professional and management support services; Cases: 942; Total dollars: $805.6; Selection criteria: All contracts with dollars obligated in fiscal year 2005, as reported in FPDS-NG. For Coast Guard, OPO, and TSA: Statements of work for four selected professional and management support services; Cases: 125; Total dollars: $229.2; Selection criteria: Nonprobability sample selected from 942 contracts in FPDS-NG. Selection based on comparing the contract description with FAR guidance for services closely supporting inherently governmental functions. We selected 110 contracts as potentially supporting inherently governmental functions and an additional 15 contracts based on the contract description and to represent a range of dollar values. For Coast Guard, OPO, and TSA: Case studies for four selected professional and management support services; Cases: 9; Total dollars: $82.1; Selection criteria: Nonprobability sample selected from 117 statements of work received from DHS. Selection based on comparing the statement of work description to FAR guidance that describes services closely supporting inherently governmental functions. Cases represent a variety of services and dollar values among the three components. Source: GAO. Note: Of the 125 statements of work requested, DHS provided 117, totaling $207.1 million. [End of table] We conducted our review between April 2006 and August 2007 in accordance with generally accepted government auditing standards. [End of section] Appendix II: Examples of Inherently Governmental and Approaching Inherently Governmental Functions: Federal Acquisition Regulation section 7.503 provides examples of inherently governmental functions and services or actions that are not inherently governmental, but may approach being inherently governmental functions based on the nature of the function, the manner in which the contractor performs the contract, or the manner in which the government administers contractor performance. These examples are listed in tables 5 and 6 below. Table 5: Examples of Inherently Governmental Functions: 1: Directly conduct criminal investigations; 2: Control prosecutions and perform adjudicatory functions other than arbitration; 3: Command military forces; 4: Conduct foreign relations and determine foreign policy; 5: Determine agency policy, including regulations; 6: Determine federal program priorities for budget requests; 7: Direct and control federal employees; 8: Direct and control intelligence and counterintelligence operations; 9: Select individuals for federal government employment; 10: Approve position descriptions and performance standards for federal employees; 11: Determine the disposal of government property; 12: In federal procurement activities with respect to prime contracts: Determine the supplies or services acquired by the government; participate as a voting member on any source selection boards; approve contractual documents, including documents defining requirements, incentive plans, and evaluation criteria; award contracts; administer contracts; terminate contracts; determine whether contract costs are reasonable, allocable, and allowable; and participate as a voting member on performance evaluation boards; 13: Approve agency responses to Freedom of Information Act requests; 14: Conduct administrative hearings to determine eligibility for security clearances, or that affect personal reputation or eligibility to participate in government programs; 15: Approve federal licensing actions and inspections; 16: Determine budget policy, guidance, and strategy; 17: Collect, control, and disburse public funds, unless authorized by statute. Does not include the collection of public charges to mess halls, national parks, and similar entities and routine voucher and invoice examination; 18: Control treasury accounts; 19: Administer public trusts; 20: Draft congressional testimony, responses to congressional correspondence, or agency responses to audit reports. Source: GAO analysis of FAR section 7.503(c). [End of table] Table 6: Examples of Services That May Approach Being Inherently Governmental Functions: 1: Involve or relate to budget preparation; 2: Involve or relate to reorganization and planning activities; 3: Involve or relate to analyses, feasibility studies, and strategy options to be used in developing policy; 4: Involve or relate to developing regulations; 5: Involve or relate to evaluating another contractor's performance; 6: Support acquisition planning; 7: Assist in contract management; 8: Provide technical evaluation of contract proposals; 9: Assist in developing statements of work; 10: Support the preparation of responses to Freedom of Information Act requests; 11: Work in situations that may permit access to confidential business information; 12: Provide information regarding agency policies or regulations; 13: Participate in situations where contractors may be assumed to be agency employees or representatives; 14: Participate as technical advisors to source selection boards or as members of a source evaluation board; 15: Serve as arbitrators or provide alternative methods of dispute resolution; 16: Construct buildings intended to be secure; 17: Provide inspection services; 18: Provide legal advice and interpret regulations and statutes for government officials; 19: Provide non-law enforcement security activities that do not directly involve criminal investigations. Source: GAO analysis of FAR section 7.503(d): [End of table] [End of section] Appendix III: Department of Homeland Security Inspector General Oversight: GAO designated DHS as a high-risk organization in 2003 due to the serious implications for our national security that result from the management challenges and program risks associated with implementing and transforming the department from 22 agencies. In addition, the DHS Inspector General has identified major management challenges facing the department, which are updated annually as required by the Reports Consolidation Act of 2000.[Footnote 32] Acquisition and contract management are included as a management challenge identified by the Inspector General. Other management challenges identified by the Inspector General include catastrophic disaster response and recovery including FEMA activities and grants management; financial management; information technology management, including the National Asset Database to coordinate infrastructure protection activity; border security; transportation security; and trade operations and security mainly through the work of customs and border protection. The Inspector General provided oversight coverage of DHS and the identified management challenges during fiscal years 2005 and 2006 through audits, inspections, memos, management reports, and investigations. The Inspector General issued 106 reports during fiscal year 2005 and closed 639 investigations. In fiscal year 2006 the Inspector General issued 133 reports and closed 507 investigations. As a result, the Inspector General reported over $271.7 million in questioned costs, unsupported costs, and better use of funds, and over $157 million in recoveries, fines, and restitutions resulting from investigations over the 2-year period. On August 29, 2005, Hurricane Katrina hit the Gulf Coast states, causing catastrophic damage to the region, and by September 2005, Congress had passed legislation that provided approximately $63 billion for disaster relief, the bulk of which went to the Federal Emergency Management Agency. Consequently, the DHS Inspector General issued a significant number of reports that addressed FEMA operations and grantees (see fig. 4). The DHS Inspector General increased the number of reports related to contract and acquisition management from 3 in fiscal year 2005 to 32 in fiscal year 2006 (see fig. 4). These reports ranged from audits of specific contracts to overall acquisition management by DHS. For example, the Inspector General reviewed individual contracts for disaster recovery from Hurricane Katrina, including debris removal, and also provided a review of the weaknesses in the procurement and program management operations throughout DHS. In addition to the DHS Inspector General's reports, the Defense Contract Audit Agency increased the number of DHS contract audits from 83 reports to 121 reports over the same fiscal years. Figure 4: Inspector General Coverage of DHS Offices and Management Challenges: [See PDF for image] This figure is a vertical bar graph with bars depicting number of reports in ten categories for fiscal years 2005 and 2006. The vertical axis of the graph represents number of reports from 0 to 80. The horizontal axis of the graph represents fiscal year 2005 and 2006 reports in the ten categories. The data depicted is as follows: Acquisition and contract management: Number of reports, fiscal year 2005: 3; Number of reports, fiscal year 2006: 32; Citizenship and Immigrations Services (CIS): Number of reports, fiscal year 2005: 5; Number of reports, fiscal year 2006: 7; Coast Guard: Number of reports, fiscal year 2005: 7; Number of reports, fiscal year 2006: 7; Customs and Border Protection (CBP): Number of reports, fiscal year 2005: 10; Number of reports, fiscal year 2006: 20; FEMA Operations: Number of reports, fiscal year 2005: 57; Number of reports, fiscal year 2006: 76; FEMA grants management: Number of reports, fiscal year 2005: 53; Number of reports, fiscal year 2006: 54; Immigration and Customs Enforcement (ICE): Number of reports, fiscal year 2005: 6; Number of reports, fiscal year 2006: 9; Information technology: Number of reports, fiscal year 2005: 18; Number of reports, fiscal year 2006: 24; Secret Service: Number of reports, fiscal year 2005: 3; Number of reports, fiscal year 2006: 3; Transportation Security Administration (TSA): Number of reports, fiscal year 2005: 12; Number of reports, fiscal year 2006: 16. Source: GAO analysis of DHS Inspector General audits, memos, and management reports. [End of figure] [End of section] Appendix IV: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: [hyperlink, http://www.dhs.gov]: Washington, DC 20528: September 10, 2007: Mr. John P. Hutton: Director, Acquisition and Sourcing Management: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Mr. Hutton: RE: Draft Report GAO-07-990, Department of Homeland Security: Improved Assessment and Oversight Needed to Manage Risk of Contracting for Selected Services (GAO Job Code 120544): The Department of Homeland Security (DHS) appreciates the opportunity to review and comment on the draft report referenced above. The U.S. Government Accountability Office (GAO) makes five recommendations to improve the Department's ability to manage the risk of selected services that closely support inherently governmental functions as well as government control over and accountability for decisions. As detailed below, we agree with three recommendations and partially agree with the other two. Recommendation 1: Establish strategic level guidance for determining the appropriate mix of government and contractor employees to meet mission needs. We agree with the recommendation. In concert with the DHS Chief Human Capital Officer, personnel within the Office of the Chief Procurement Officer (OCPO) plan to initiate staffing studies related to the skill sets of individuals and staffing levels of programs under the purview of the Department. The outcome of this study will include recommendations for the number and skill sets of federal employees required to successfully manage long term projects and programs at the Department. This effort, in conjunction with overall human capital planning at the Department, should address the concerns relative to this recommendation. Recommendation 2: Assess the risk of selected contractor services as part of the acquisition planning process, and modify existing acquisition guidance and training to address when to use and how to oversee those services in accordance with federal acquisition policy. We partially agree with the recommendation. The DHS Acquisition Planning Guide already provides for the assessment of risk with respect to the planned acquisition processes and this requirement will be emphasized during OCPO discussions with the Heads of Contracting Activities as well as through an acquisition alert to Department contracting personnel. As a result of the information provided by the GAO during the engagement, the application of OFPP Letter 93-1, Management Oversight of Service Contracting (May 18, 1994) was brought to the Department's attention. Further research on the part of OCPO officials led to the realization that this particular guidance was not part of the regular training process for acquisition personnel, not only at DHS but also at the Defense Acquisition University (DAU). We have taken steps to ensure that this guidance is disseminated and discussed during DHS training for Contracting Officers and Contracting Officer Technical Representatives (COTRs) prior to the certification of the COTRs. DHS officials have also coordinated with the DAU course director for the COTR training to ensure that OFPP Letter 91.3 guidance is included in training at the university. Since DHS officials rely on DAU training and certification to a certain extent for COTRs, we intend to follow-up on the inclusion of the guidance in OFPP Letter 93-1 in the DAU training regimen. Recommendation 3: Define contract requirements to clearly describe roles, responsibilities, and limitations of selected contractor services as part of the acquisition planning process. OCPO officials agree that implementing this recommendation is the key to the eventual success of the efforts to address the risks of contracts for services. As part of the initiatives begun by DHS in the areas of program and project management, and in conjunction with the staffing studies discussed above, OCPO officials anticipate that an increased awareness and understanding of the risks associated with contracted services will be appropriately addressed more often in the future. There has already been evidence of this recognition occurring at the Coast Guard, where the Statement of Work for the contract for the Office of Standards Evaluation and Development support was completely revised for the most recent award in order to address the very issue covered in this report. Better requirements definition for service contracts will lead to fewer Time and Materials type contracts and more effective use of Performance Based Service Contracts throughout DHS. This objective will be very difficult to achieve, and it is far too early to place such progress on a timeline for completion. Nevertheless, DHS officials recognize the criticality of the need and have begun to chart a way forward on the broad front of requirements definition. Recommendation 4: Assess program office staff and expertise necessary to provide sufficient oversight of selected contractor services. We agree. This process has already begun at the Transportation Security Administration (TSA). The TSA Assistant Administrator for Acquisition has developed a notional staffing plan for program and project offices that incorporates both ethical aspects, such as conflicts of interest, and the examination of inherently governmental functions in the development of a staffing plan for a program office. The notional plan is accompanied by a training program as well as guides to the numbers, skill sets and assignments of federal employees necessary to maintain program control, provide oversight and ensure that no inherently governmental functions are performed by service contractors. While this effort is being implemented on a component scale at TSA, the Department is proceeding on a larger scale initiative to address many of the same issues as mentioned in our response to the first recommendation. Recommendation 5: Review contracts for selected services as part of the acquisition oversight program. We partially agree with the recommendation in so far as to agree that the Director of Acquisition Oversight at the direction of the Chief Procurement Officer intends to specifically assess the issue raised in the report and related recommendation. DHS does not concur that the recommended practice should be incorporated into the routine acquisition oversight reviews contemplated, planned and executed in accordance with DHS Directive 0784, Acquisition Oversight Plan and Guidance. It would be counterproductive to modify the formal Oversight Plan for each issue raised by an individual GAO or DHS Office of Inspector General engagement. To do so would disrupt the workflow of routine oversight assessments and inevitably result in the devolution of the corporate wide plan into a series of special reports and jeopardize the intended planned assessments. OCPO senior personnel agree that the issue of the appropriate use of service contracts is worthy of special interest as the rest of the responses to this report are implemented and will direct a special investigation on selected issues at the appropriate time. Sincerely, Signed by: Steven J. Pecinovsky: Director: Departmental GAO/OIG Liaison Office: [End of section] Footnotes: [1] This amount includes procurement obligations as reported by DHS in the Federal Procurement Data System-Next Generation, the governmentwide database for federal procurement spending. This system does not include all actions, such as those under interagency agreements. [2] Order refers to a task order for services placed against an established contract. [3] FEMA obligated the third highest amount for the selected services in fiscal year 2005. We excluded FEMA from our sample because of atypical fiscal year 2005 spending on hurricane relief efforts. [4] In fiscal year 2006, obligations for services increased to 82 percent of DHS's total procurement obligations, largely due to spending by FEMA for Gulf Coast hurricane relief efforts. [5] Federal acquisition policy states that contracts shall not be used for the performance of inherently governmental functions. [6] FAR section 7.503 includes examples of both inherently governmental functions and services that may approach being inherently governmental. See appendix II for a complete list of these services. [7] FAR section 37.114, Special acquisition requirements; OFPP Policy Letter 93-1: Management Oversight of Service Contracting, Office of Federal Procurement Policy, May 18, 1994. [8] GAO, Civil Servants and Contract Employees: Who Should Do What for the Federal Government? FPCD-81-43 (Washington, D.C.: June 19, 1981). [9] GAO, Energy Management: Using DOE Employees Can Reduce Costs for Some Support Services, GAO/RCED-91-186 (Washington, D.C.: Aug. 16, 1991). [10] GAO, Government Contractors: Are Service Contractors Performing Inherently Governmental Functions? GAO/GGD-92-11 (Washington, D.C.: Nov. 18, 1991). [11] GAO, Highlights of a GAO Forum: Federal Acquisition Challenges and Opportunities in the 21st Century, GAO-07-45SP (Washington, D.C.: Oct. 6, 2006). [12] Report of the Acquisition Advisory Panel to the Office of Federal Procurement Policy and the United States Congress, January 2007; see Services Acquisition Reform Act of 2003, Pub. L. No. 108-136, Title XIV, § 1423. [13] For the purposes of our review, acquisition support includes assisting with acquisition planning, contract management, and developing contract requirements such as statements of work. [14] In July 2005, DHS announced that the information analysis function of the Information Analysis and Infrastructure Protection Directorate would be moved to the newly created Office of Intelligence and Analysis in an effort to strengthen intelligence functions and information sharing. Infrastructure protection became a component within the National Protection and Programs Directorate. [15] The Department of Veterans Affairs awarded and originally managed this order on behalf of DHS; OPO assumed administration duties for DHS in December 2004. [16] GAO, Homeland Security: Successes and Challenges in DHS's Efforts to Create an Effective Acquisition Organization, GAO-05-179 (Washington, D.C.: Mar. 29, 2005). [17] GAO, Transportation Security Administration: High-Level Attention Needed to Strengthen Acquisition Function, GAO-04-544 (Washington, D.C.: May 28, 2004). [18] See FAR section 37.104 regarding personal services. Under certain circumstances, DHS is authorized to procure personal services; the contracts we reviewed were not awarded under this authority. [19] GAO, Defense Acquisitions: Tailored Approach Needed to Improve Service Acquisition Outcomes, GAO-07-20 (Washington, D.C.: Nov. 9, 2006), and GAO, Interagency Contracting: Franchise Funds Provide Convenience, but Value to DOD Is Not Demonstrated, GAO-05-456 (Washington, D.C.: July 29, 2005). [20] GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999). [21] DHS requires acquisition planning and documentation for all procurements and a formal, written, and approved plan for acquisitions exceeding $5 million. [22] GAO-07-20. [23] GAO, Results-Oriented Government: Improvements to DHS's Planning Process Would Enhance Usefulness and Accountability, GAO-05-300 (Washington, D.C.: Mar. 31, 2005). [24] GAO, Human Capital: A Self-Assessment Checklist for Agency Leaders, GAO/GGD-99-179 (Washington, D.C.: September 1999). [25] FAR subpart 37.5 and OFPP Policy Letter 93-1 state that contracting officers should ensure that "best practices" techniques are used when contracting for services and in contract management and administration. [26] GAO-07-20. [27] GAO, Hurricane Katrina: Improving Federal Contracting Practices in Disaster Recovery Operations, GAO-06-714T (Washington, D.C.: May 4, 2006). [28] GAO, Contract Management: Opportunities to Improve Surveillance on Department of Defense Service Contracts, GAO-05-274 (Washington, D.C.: Mar. 17, 2005). [29] GAO, Department of Homeland Security: Progress and Challenges in Implementing the Department's Acquisition Oversight Plan, GAO-07-900 (Washington, D.C.: June 13, 2007). [30] While TSA is exempt from the FAR, it follows the Acquisition Management System, developed by the Federal Aviation Administration, which adheres as a matter of policy to certain governmentwide laws, regulations, and executive agency requirements. [31] The Federal Emergency Management Agency obligated the third highest amount for the selected services in fiscal year 2005. We excluded FEMA from our sample because of atypical fiscal year 2005 spending on hurricane relief efforts. [32] Pub. L. No. 106-531, 114 Stat. 2537 (Nov. 22, 2000). [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Susan Becker, Acting Manager, Beckers@GAO.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: