This is the accessible text file for GAO report number GAO-10-131 entitled 'Department of Homeland Security: Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed' which was released on December 15, 2009. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, Committee on Homeland Security and Governmental Affairs, U.S. Senate: United States Government Accountability Office: GAO: November 2009: Department of Homeland Security: Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed: GAO-10-131: GAO Highlights: Highlights of GAO-10-131, a report to the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, Committee on Homeland Security and Governmental Affairs, U.S. Senate. Why GAO Did This Study: Significant management challenges exist for the Department of Homeland Security (DHS) as it continues to integrate its varied management processes, policies, and systems in areas such as financial management and information technology. These activities are primarily led by the Under Secretary for Management (USM), department management chiefs, and management chiefs in DHS’s seven components. GAO was asked to examine: (1) the extent to which DHS has developed a comprehensive strategy for management integration that includes the characteristics recommended in GAO’s 2005 report; (2) how DHS is implementing management integration; and (3) the extent to which the USM is holding the department and component management chiefs accountable for implementing management integration through reporting relationships. GAO reviewed DHS plans and interviewed management officials in DHS’s headquarters and in all components. What GAO Found: DHS has not yet developed a comprehensive strategy for management integration as required by the 9/11 Commission Act of 2007 and with the characteristics GAO recommended in a 2005 report. Although DHS stated in response to the 2005 report that it was developing an integration strategy, it has not yet done so, in part because it has focused on building operations capacity within functional management areas. In the absence of a comprehensive management integration strategy, DHS officials stated that documents such as management directives and strategic plans address aspects of a management integration strategy and can help the department to manage its integration efforts. However, they do not generally include all of the strategy characteristics GAO identified, such as identifying the critical links that must occur among management initiatives and time lines for monitoring the progress of these initiatives. In addition, DHS has increased the number of performance measures for the Management Directorate, but has not yet established measures for assessing management integration across the department, although DHS officials stated that the department intends to do so. Without these measures DHS cannot assess its progress in implementing and achieving management integration. In the absence of a comprehensive strategy, DHS’s Management Directorate has implemented management integration through certain initiatives and mechanisms to communicate and consolidate management policies, processes, and systems. The directorate uses councils to communicate information related to the implementation of management initiatives, among other things. The directorate has also established governance boards and processes to manage specific activities. Further, the directorate is in the process of consolidating certain management systems. However, without a documented management integration strategy, it is difficult for DHS, Congress, and other key stakeholders to understand and monitor the critical linkages and prioritization among these various efforts. The USM and department and component management chiefs are held accountable for implementing management integration through reporting relationships at three levels—between the Secretary and the USM, the USM and department chiefs, and the department and component chiefs—in which, among other things, the Secretary of Homeland Security, USM, and department chiefs are required to provide input into performance plans and evaluations. The Deputy Secretary—through delegation from the Secretary—and the USM have provided input into the USM’s and department chiefs’ plans and evaluations, respectively. Although department chiefs are required by management directives to provide component chiefs with written objectives at the start of the annual performance cycle, in fiscal year 2009 only two out of six department chiefs provided such input to component chiefs. Without ensuring that the management chiefs provide input into component chiefs’ performance plans and evaluations as required, the directorate cannot be sure that component chiefs are fully implementing management integration. What GAO Recommends: Once DHS develops a management integration strategy, GAO recommends that it establish performance measures for assessing management integration, and that it fully implement its current performance management policies between the department and component management chiefs. DHS’s USM commented that DHS is taking certain actions to address our recommendations. View GAO-10-131 or key components. For more information, contact Bernice Steinhardt at (202) 512-6543 or steinhardtb@gao.gov, or David Maurer at (202) 512-8777 or maurerd@gao.gov. [End of section] Contents: Letter: Background: Departmental Documents Address Aspects of Management Integration, but DHS Has Not Yet Developed a Comprehensive Strategy: DHS's Management Directorate Has Taken Actions to Communicate and Consolidate Management Policies, Processes, and Systems: Performance Management Practices Could Be More Consistently Applied Departmentwide to Strengthen Reporting Relationships between Department and Component Management Chiefs: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Comments from the Department of Homeland Security: Appendix II: GAO Contact and Staff Acknowledgments: Related GAO Products: Tables: Table 1: Assessment of the Extent to Which DHS Documents Include GAO- Recommended Characteristics of a Management Integration Strategy: Table 2: DHS Management Directorate Fiscal Years 2008 and 2009 Performance Measures: Table 3: DHS's Management Councils: Table 4: DHS Governance Boards: Figures: Figure 1: DHS Organizational Structure: Figure 2: DHS Management Directorate's Organizational Structure: Figure 3: Line of Sight Linking Organizational and Individual Goals and Objectives for DHS Data Consolidation: Abbreviations: ARB: Acquisition Review Board: CAO: Chief Administrative Officer: CBP: Customs and Border Protection: CFO: Chief Financial Officer: CHCO: Chief Human Capital Officer: CIO: Chief Information Officer: CMO: Chief Management Officer: COO: Chief Operating Officer: CPO: Chief Procurement Officer: CSO: Chief Security Officer: DHS: Department of Homeland Security: EAB: Enterprise Architecture Board: eMerge2: Electronically Managing Enterprise Resources for Government Effectiveness and Efficiency: FEMA: Federal Emergency Management Agency: FYHSP: Future Years Homeland Security Program: HCA: Head of Contract Authority: HCLC: Human Capital Leadership Council: ICE: Immigration and Customs Enforcement: IG: Inspector General: NPPD: National Protection and Programs Directorate: PPBE: Planning, Programming, Budget, and Execution: PRB: Program Review Board: QHSR: Quadrennial Homeland Security Review: SES: Senior Executive Service: SMC: Senior Management Council: TASC: Transformation and Systems Consolidation: TSA: Transportation Security Administration: USCIS: United States Citizenship and Immigration Services: USM: Under Secretary for Management: [End of section] United States Government Accountability Office: Washington, DC 20548: November 20, 2009: The Honorable Daniel K. Akaka: Chairman: The Honorable George V. Voinovich: Ranking Member: Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia: Committee on Homeland Security and Governmental Affairs: United States Senate: The creation of the Department of Homeland Security (DHS) represented one of the largest reorganizations and consolidations of government agencies, personnel, programs, and operations in recent history, initially bringing together approximately 180,000 employees from 22 originating agencies.[Footnote 1] DHS is now the third largest federal government agency with more than 200,000 employees and an annual budget of more than $40 billion. DHS began operations in March 2003 with missions that included preventing terrorist attacks from occurring within the United States, reducing U.S. vulnerability to terrorism, minimizing damages from attacks that occur, and helping the nation recover from any attacks. The department has initiated and continued the implementation of various policies and programs to address these missions as well as missions that are not directly related to securing the homeland, such as Coast Guard search and rescue. At the same time, it is critically important that DHS works to unify and strengthen its management functions because the effectiveness of these functions will ultimately affect its ability to fulfill its various missions.[Footnote 2] In 2005, we assessed DHS efforts to integrate its various management processes, systems, and people, both within and across areas such as information technology, financial management, procurement, and human capital, as well as in its administrative services--using as criteria selected key practices we have reported are consistently found to be at the center of successful mergers and organizational transformations. [Footnote 3] We noted that DHS had made progress in addressing its departmentwide management integration through the issuance of guidance and plans to assist the integration of each individual management function within the department. However, we observed that DHS had the opportunity to expand those efforts by implementing a more comprehensive and sustained approach to management integration departmentwide. In particular, we recommended that DHS develop an overarching strategy for management integration. In response to the 2005 report, DHS stated that it was developing an integration strategy. We also suggested that Congress might want to consider whether DHS's Under Secretary for Management (USM)--who heads the department's Management Directorate--has the authority to drive, implement, and ensure accountability for management integration departmentwide. You asked us to review the status of DHS management integration efforts since our 2005 report. Specifically, we assessed (1) the extent to which DHS has developed a comprehensive strategy for management integration that includes the characteristics recommended in our 2005 report; (2) how DHS is implementing management integration; and (3) the extent to which the USM is holding the department and component management chiefs accountable for implementing management integration through reporting relationships. To address our first objective, we considered whether DHS had developed a strategy for departmentwide management integration, as required by law. Specifically, we assessed whether DHS documents included the characteristics recommended in our 2005 report for a management integration strategy, which required that the strategy: * look across the initiatives within each of the management functional units; * clearly identify the critical links that must occur among these initiatives; * identify tradeoffs and set priorities; * set implementation goals and a time line to monitor the progress of these initiatives to ensure the necessary links occur when needed; and: * identify potential efficiencies, and ensure that they are achieved. In order to assess these characteristics, we reviewed various departmental documents identified by DHS as comprising its management integration strategy, including DHS documents related to management, strategic planning, and departmental guidance and policy. We examined legislation, including the Homeland Security Act of 2002[Footnote 4] and the Implementing Recommendations of the 9/11 Commission Act of 2007,[Footnote 5] which identifies requirements and authorities relating to transition, reorganization, and developing and implementing a management integration strategy. We also interviewed departmental and component management officials and chiefs to obtain information on the extent to which DHS has developed a strategy for departmentwide management integration. Additionally, we reviewed DHS's performance goals and measures for fiscal years 2008 and 2009, as reported in DHS's Annual Performance Report for fiscal years 2008 through 2010. We assessed these goals and measures against Government Performance and Results Act of 1993 (GPRA) requirements to determine the extent to which they provided a framework for assessing management integration across the department.[Footnote 6] For our third objective, we met with the USM as well as department and component management chiefs, and reviewed DHS performance agreements and performance management activities against requirements set forth in law and in DHS policies. These requirements include the need for input from senior to subordinate officials for performance agreements and evaluations, and the alignment of goals and objectives in a "line of sight" that shows how individual performance contributes to organizational goals. For all three objectives, we interviewed and gathered documents from the USM, the USM's Chief of Staff, the six departmental management chiefs or acting chiefs--the Chief Procurement Officer (CPO), the Chief Financial Officer (CFO), the Chief Human Capital Officer (CHCO), the Chief Information Officer (CIO), the Chief Administrative Officer (CAO), and the Chief Security Officer (CSO)--and the chiefs, acting chiefs, or deputy chiefs from DHS's seven component agencies and one directorate--the National Protection and Programs Directorate (NPPD). [Footnote 7] DHS's seven component agencies include the Transportation Security Administration (TSA), U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement (ICE), U.S. Citizenship and Immigration Services (USCIS), U.S. Secret Service, U.S. Coast Guard, and the Federal Emergency Management Agency (FEMA). We also spoke with officials from DHS's Office of Policy. We observed meetings of DHS's Management Council, Human Capital Leadership Council and CIO Council. In addition, we reviewed prior GAO reports on DHS management in areas such as information technology, financial management, procurement, acquisition, human capital, and mergers and organizational transformations to determine the status of DHS management integration. We also examined reports from DHS's Office of Inspector General (IG) related to the status of DHS's management initiatives. We conducted this performance audit from September 2008 through November 2009 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Background: Not since the creation of the Department of Defense in 1947 has the federal government undertaken an organizational merger of the magnitude of DHS. In 2003, we designated the implementation and transformation of DHS as one of the high-risk areas across the federal government because it represented an enormous undertaking that would require time to achieve in an effective and efficient manner.[Footnote 8] Moreover, the components that became part of the department already faced a wide array of existing challenges, and any failure to effectively carry out their missions would expose the nation to potentially serious consequences. The department has remained on our high-risk list since 2003.[Footnote 9] Most recently, in our January 2009 high-risk update, we reported that, although DHS had made progress in transforming into a fully functioning department, its transformation remained high risk because it had not yet developed a comprehensive plan to address the transformation, integration, management, and mission challenges we identified in 2003.[Footnote 10] In designating the implementation and transformation of DHS as high risk, we noted that building an effective department would require consistent and sustained leadership from top management to ensure the needed transformation of disparate agencies, programs, and missions into an integrated organization. Our prior work on mergers and organizational transformations, undertaken before the creation of DHS, found that successful transformations of large organizations can take at least 5 to 7 years to achieve.[Footnote 11] Definition of Management Integration: A definition of management integration provides a starting point for understanding the needs and requirements for integrating management functions. Based on our 2005 work, we define management integration as the development of consistent and/or consolidated processes, systems, and people--in areas such as information technology, financial management, procurement, and human capital--as well as in its security and administrative services, for greater efficiency and effectiveness. [Footnote 12] * On one level, management integration refers to integration of the elements mentioned above--processes, systems, and people--within management functions (sometimes referred to as vertical integration), from the department level down through each of the corresponding management functions in the component agencies. An example of this is the use of consistent human capital management policies at the DHS CHCO level and for each of the corresponding component agency human capital management functions. * On another level, management integration refers to integration of the elements mentioned across management functions (sometimes referred to as horizontal integration), such as the integration of human capital management and financial management activities in areas related to payroll. In February 2009, DHS's Management Directorate provided us with a definition of its approach and responsibilities for implementing management integration in the department. According to the Management Directorate, DHS defines management integration as including three different levels of activities: (1) strategic integration, (2) operational coordination, and (3) functional integration. The directorate further stated that the first level, strategic integration, consists of efforts to ensure that all component activities and acquisitions align with DHS mission goals through appropriate leadership oversight and policies and procedures. The second level, operational coordination, consists of the delivery of management services in order to increase cross-component collaboration and reduce costs by achieving efficiencies for managing assets such as real property, for procuring volume discounts of supplies and services, and acquiring common technology platforms through shared information technology infrastructure. The third level, functional integration, consists of, among other things, management oversight of component- level internal controls and standard operating policies to ensure departmentwide compliance with presidential directives, congressional mandates, and other legal requirements and DHS policies; and consistent business practices that support financial reporting and operational assurance statements. DHS Management Roles and Responsibilities: The Management Directorate includes the CFO, the CSO, the CHCO, the CAO, the CPO, and the CIO. They are referred to as the departmental management chiefs. In addition to the department's Management Directorate, each of the seven DHS component agencies has its own component management chief for the procurement, financial, human capital, information technology, administrative, and security management areas.[Footnote 13] Figures 1 and 2 show the DHS and DHS Management Directorate's organizational structures. Figure 1: DHS Organizational Structure: [Refer to PDF for image: organizational chart] Top level: Secretary; * Deputy Secretary; * Chief of Staff. Second level, reporting to the Office of the Secretary: * Management: Under Secretary; * Science &Technology: Under Secretary; * National Protection & Programs: Under Secretary; * Policy: Under Secretary; * General Counsel; * Legislative Affairs: Assistant Secretary; * Public Affairs: Assistant Secretary; * Inspector General. Third level, reporting to the Office of the Secretary: * Health Affairs: Assistant Secretary/Chief Medical Officer; * Intelligence & Analysis: Under Secretary; * Operations Coordination: Under Secretary; * Citizenship & Immigration Services Ombudsman; * Chief Privacy Officer; * Civil Rights & Civil Liberties: Officer; * Counternarcotics Enforcement: Director. Fourth level, reporting to the Office of the Secretary: * Federal Law Enforcement Training Center: Director; * Domestic Nuclear Detection Office: Director; * National Cyber Security Center: Director; Fifth level, reporting to the Office of the Secretary: * Transportation Security Administration: Assistant Secretary/Administrator; * U.S. Customs & Border Protection: Commissioner; * U.S. Citizenship & Immigration Services: Director; * U.S. Immigration& Customs Enforcement: Assistant Secretary; * U.S. Secret Service: Director; * Federal Emergency Management Agency: Administrator; * U.S. Coast Guard: Commandant. Source: GAO analysis of DHS documents. [End of figure] Figure 2: DHS Management Directorate's Organizational Structure: [Refer to PDF for image: organizational chart] Top level: Under Secretary for Management; * Deputy Under Secretary; * Chief of Staff. Second level, reporting to the Office of the Under Secretary for Management: * Chief Financial Officer[A]; * Chief Security Officer; * Chief Human Capital Officer; * Chief Administrative Officer; * Chief Procurement Officer; * Chief Information Officer. Source: GAO analysis of DHS documents. [A] The Department of Homeland Security Financial Accountability Act (§ 3 of Pub. L. No. 108-330, 118 Stat. 1275, 1276 (Oct. 16, 2004)) made DHS subject to the Chief Financial Officers Act of 1990 (Pub. L. No. 101-576, 104 Stat. 2838, Nov. 15, 1990), which requires the DHS CFO to also report directly to the Secretary of Homeland Security. [End of figure] The Homeland Security Act of 2002 gave DHS's USM responsibility for the management and administration of the department, including the transition and reorganization process, among other things.[Footnote 14] The Implementing Recommendations of the 9/11 Commission Act of 2007 (9/ 11 Commission Act) enhanced the USM position by designating the USM as the Chief Management Officer (CMO) of DHS and principal advisor to the Secretary on matters related to the management of the department, including management integration and transformation.[Footnote 15] DHS also defined the USM responsibilities for integration in department management directives following the creation of the department. For example, a DHS management directive assigns the USM responsibility and accountability for designing departmentwide integrated systems to improve mission support. Within the Management Directorate, the management chiefs' roles and responsibilities for the integration of the department are established in DHS management directives. For example, DHS management directives give the departmental management chiefs responsibility to ensure the integration of their management function and to review their programs in order to recommend program improvements and corrective actions where appropriate. DHS management directives also require the departmental management chiefs to annually establish milestones for the integration of their management function's activities. Component management chiefs are to implement initiatives within their respective functional areas that relate to management integration. In 2004, the Secretary of Homeland Security issued a departmentwide memo on DHS efforts to integrate management functions. In order to ensure that both department and component personnel took responsibility for supporting performance of management functions, the memo describes the concept of dual accountability in which both the heads of component agencies, such as TSA or CBP, and the DHS management chiefs, such as CPO or CIO, share responsibility for implementing management functions. For example, the TSA Administrator and DHS's CPO are both responsible to the DHS Secretary, through their respective chains, for procurement performance at TSA. An accompanying memo from the Deputy Secretary of Homeland Security in 2004 noted that component agency heads would be responsible for accomplishing the mission of their component agencies, and management chiefs would be responsible for providing the support systems to help components accomplish their mission. The memos also set out the "dotted line" reporting relationship of the component management chiefs, such as TSA's CPO or CBP's CIO, to the department management chiefs, DHS's CPO or DHS's CIO. Resulting management directives were developed for each DHS management function in 2004 as principal documents for leading, governing, integrating, and managing the management functions throughout DHS. These management directives require DHS management chiefs to collaborate with component agency heads on the recruiting and selection of key component management officials, and provide input into component management chiefs' performance agreement and evaluation, among other things. Departmental Documents Address Aspects of Management Integration, but DHS Has Not Yet Developed a Comprehensive Strategy: The 9/11 Commission Act requires DHS to develop a strategy for management integration as part of the department's integration and transformation to create a more efficient and orderly consolidation of functions and personnel in the department.[Footnote 16] In our 2005 report, we recommended that DHS develop an overarching management integration strategy for the department that would, at a minimum, have the following characteristics: * look across the initiatives within each of the management functional units; * clearly identify the critical links that must occur among these initiatives; * identify trade-offs and set priorities; * set implementation goals and a time line to monitor the progress of these initiatives to ensure the necessary links occur when needed; and: * identify potential efficiencies, and ensure that they are achieved. [Footnote 17] We pointed out that a comprehensive management integration strategy would, among other things, help the department look across initiatives within each of the functional units to clearly identify the links that must occur among initiatives and develop specific departmentwide goals and milestones that would allow DHS to track critical phases and essential activities. By including these characteristics in DHS's management integration strategy, we said that Congress, DHS employees, and other key stakeholders would have access to more transparent information regarding departmental integration goals, needed resources, critical links, cost savings, and status documentation, thereby providing a means by which DHS could be held accountable for its management integration efforts. In commenting on our 2005 report, DHS discussed actions it was taking to address our recommendation that it develop a management integration strategy, stating that it was establishing an integrated project plan/integration strategy that would define roles and responsibilities and identify key deliverables and milestones. Although DHS Identified Various Documents That Support Management Integration, These Documents Do Not Contain All the Characteristics of a Comprehensive Strategy: DHS has not yet developed a comprehensive strategy for management integration that is consistent with statute and that contains all of the characteristics we identified in 2005. According to DHS's USM, the department has not yet developed a comprehensive management integration strategy because, in part, the Management Directorate has focused on building the management operations capacity within the functional areas, such as financial management and information technology. As a result, the Management Directorate has not yet focused on integration across the functional areas and has not clearly or systematically identified trade-offs and linkages among initiatives in different functional areas. In the absence of a comprehensive management integration strategy, DHS's USM, Chief of Staff, and department and component management chiefs stated that various departmental documents collectively contribute to the department's strategy for implementing and achieving management integration. In particular, DHS officials identified (1) departmentwide documents that provide guidance that relate to management integration across the department; and (2) documents for management of functional areas. With regard to the departmentwide documents, DHS officials included the following as particularly relevant to aspects of management integration: * DHS Integrated Strategy for High Risk Management. This document is intended to be a corrective action plan outlining the department's framework for its transformation efforts and methods by which the department will seek to improve performance in high-risk areas we have identified since 2003.[Footnote 18] For the high-risk area of DHS implementation and transformation, the document discusses five areas of focus for the department--utilizing a management framework to unify 22 disparate organizations, creating joint requirements planning and risk assessment processes, instituting an Investment Review Board, implementing a corrective action plan, and consolidating and integrating a financial management system. * Management Directorate Strategic Plan Fiscal Years 2009 through 2014. This plan sets out the Management Directorate's vision, core values, guiding principles, goals and objectives, as well as the organizational structure and responsibilities of the Management Directorate and department management chiefs. The plan provides the following four objectives for the Management Directorate: (1) provide structure (strengthen unified organizational governance to enhance departmentwide communication, decision making, and oversight); (2) optimize processes and systems (integrate functional operations to facilitate cross- component synergies and streamline coordination ensuring reliable and efficient support of mission objectives); (3) foster leadership (adhere to core values and guiding principles of DHS in performing duties, effecting progress, and leading with commitment for the mission); and (4) leverage culture (leverage the benefits of commonalities and differences across components to promote cooperative intra-and inter- agency networks and implement best practices). The plan also discusses four methods that the Management Directorate will use to achieve the plan's objectives--provide guidance, offer representation, deliver tools, and manage services. * Integrated Planning Guidance Fiscal Years 2011 through 2015. This document describes the DHS Secretary's policy and planning priorities for the 5-year budget time frames, such as for fiscal years 2011 through 2015. The Integrated Planning Guidance is part of the DHS strategic planning process and, among other things, provides general risk management guidance for prioritizing programming and budget proposals within the department. * Future Years Homeland Security Program (FYHSP) Fiscal Years 2009 through 2013. This document provides a summary and breakdown of DHS program resources over a 5-year period; including resource alignment by goals, component appropriations, and component programs, as well as program descriptions, milestones, performance measures, and targets. In the fiscal year 2009 through 2013 FYHSP, DHS projected funding for 65 priority programs within 13 components in support of the five goals of the DHS Strategic Plan. Internal Control Playbook Fiscal Year 2009. This document comprises DHS's plan to design and implement departmentwide internal controls with respect to three areas: (1) internal controls over financial reporting (which provides an overview of efforts to establish reliable financial reporting); (2) internal controls over operations (which outlines plans to maximize the effectiveness and efficiency of operations); and (3) conformity with financial management system requirements (which summarizes efforts to strengthen the internal controls over the department's financial systems). Specific examples of these internal control areas include: integrating internal control assessments across component lines of business, integrating financial system security assessments through tests of operating effectiveness, and incorporating results into plans of action and milestones. With regard to functional area documents, DHS officials indicated that both management directives and functional area strategic plans contain elements of the department's strategy for achieving management integration. DHS issued management directives for each of the six department management chiefs--the CAO, CFO, CHCO, CIO, and CPO management directives were issued in 2004 (with updates for the CIO and CPO in 2007 and 2008, respectively); the management directive for CSO was issued in 2006. These directives communicate standard definitions of the management chiefs' respective roles and responsibilities; define the concept of dual accountability for both mission accomplishment and functional integration as the shared responsibility of the heads of DHS's individual agencies or components and the department management chiefs; and establish the need for the department management chiefs, along with the heads of agencies, to annually recommend and establish integration milestones for the consolidation of the chiefs' functions. Functional area strategic plans generally discuss, among other things, the missions and goals of the department management chiefs and the link between the goals and objectives in each functional area strategic plan and the goals and objectives in DHS's Strategic Plan. Among the six department chiefs, four have issued strategic plans for their functional areas--the CAO, CIO, CHCO, and CSO.[Footnote 19] While some of the documents DHS officials identified as contributing to the department's strategy for implementing and achieving management integration address some of the characteristics we have previously identified for such a strategy, these documents, either individually or taken together, do not include all of the characteristics we have identified. These documents described by DHS officials as contributing to the department's strategy for achieving management integration can provide high-level guidance for integration efforts and can help the department to manage those efforts. For example, two of the functional area strategic plans set goals, objectives, and milestones for implementing certain initiatives within functional areas. Moreover, the Management Directorate Strategic Plan and other departmentwide documents, for example, set performance goals, measures, and targets for achieving certain management initiatives. Such elements as goals, objectives, milestones, performance targets, and priorities documented in these plans and strategies can help the department to manage, implement, and monitor the specific initiatives to which these elements apply. They can also help to guide efforts to consolidate policies, processes, and systems within each management functional area. However, among the documents cited by DHS officials as being part of the department's management integration strategy, DHS has not yet looked across the management initiatives within management functional areas to identify the critical links that must occur among these initiatives to integrate the department's management functions both within and across functional areas. Furthermore, the documents generally do not identify the priorities, trade-offs, and potential efficiencies among management initiatives, nor do they set implementation goals and a time line for monitoring the progress of initiatives to ensure the critical links occur when needed. Thus, when considered either individually or together these documents do not constitute a management integration strategy containing all of the characteristics we have identified. See table 1 for more detailed information on the plans. Table 1: Assessment of the Extent to Which DHS Documents Include GAO- Recommended Characteristics of a Management Integration Strategy: GAO-recommended characteristics of a management integration strategy: Departmentwide documents: DHS documents: DHS Integrated Strategy for High Risk Management; Look across initiatives within each of the management functional units: The strategy identifies various management initiatives, such as the Investment Review Board and consolidation of the department's various financial management systems. However, the strategy does not look across initiatives within all of the management functional areas; Clearly identify the critical links that must occur among these initiatives: The strategy does not identify the critical links that must occur among initiatives; Identify trade-offs and set priorities: The strategy identifies the five areas of focus, or priorities, for the department to address the GAO high-risk area, implementing and transforming DHS: (1) a management framework, (2) joint requirements planning and risk assessment processes, (3) the Investment Review Board, (4) corrective action plans, and (5) financial management systems. However, the strategy does not discuss trade-offs among management initiatives; Set implementation goals and a time line to monitor the progress of these initiatives to ensure the necessary links occur when needed: Under each of the five areas of focus, the strategy identifies expected outcomes, accomplishments and actions to be completed, and high-level milestones for completing those actions. However, the strategy does not identify a time line for monitoring the progress of the initiatives that would allow the department to ensure necessary links occur when needed; Identify potential efficiencies and ensure that they are achieved: Departmentwide documents: The strategy does not identify potential efficiencies. DHS documents: Management Directorate Strategic Plan 2009 through 2014; Look across initiatives within each of the management functional units: This strategic plan identifies initiatives for each management objective. However, the strategic plan does not look across initiatives within all of the management functional areas; Clearly identify the critical links that must occur among these initiatives: This strategic plan does not identify the critical links that must occur among initiatives; Identify trade-offs and set priorities: This strategic plan identifies four overall objectives for the Management Directorate--provide structure, optimize processes and systems, foster leadership, and leverage culture--and sets priorities such as aligning investments to the department's enterprise architecture under the objectives. The strategic plan does not identify trade-offs; Set implementation goals and a time line to monitor the progress of these initiatives to ensure the necessary links occur when needed: Under each objective, the strategic plan includes performance measures and targets for specific management initiatives for fiscal years 2009 through 2014. The strategic plan does not include a time line for monitoring the progress of the initiatives that would allow the department to ensure necessary links occur when needed; Identify potential efficiencies and ensure that they are achieved: The strategic plan does not discuss potential efficiencies. DHS documents: Integrated Planning Guidance, Fiscal Years 2011 through 2015; Look across initiatives within each of the management functional units: The Integrated Planning Guidance provides a description of departmentwide initiatives, such as asset management and mail operations. However, the guidance does not look across the initiatives that occur within each management functional area; Clearly identify the critical links that must occur among these initiatives: The guidance does not identify the critical links that must occur among initiatives; Identify trade-offs and set priorities: The guidance does not identify priorities or trade-offs for management initiatives; Set implementation goals and a time line to monitor the progress of these initiatives to ensure the necessary links occur when needed: The guidance does not set implementation goals or a time line for monitoring the progress of management initiatives to ensure necessary links occur when needed; Identify potential efficiencies and ensure that they are achieved: The guidance does not discuss potential efficiencies. DHS documents: FYHSP, Fiscal Years 2009 through 2013; Look across initiatives within each of the management functional units: The FYHSP identifies initiatives such as establishment of a DHS consolidated headquarters facility and the consolidation of component agencies' financial management systems, but does not look across initiatives within each management functional area; Clearly identify the critical links that must occur among these initiatives: The FYHSP does not identify the critical links that must occur among initiatives; Identify trade-offs and set priorities: The FYHSP discusses actions and priorities for the department management chiefs to implement for fiscal years 2009 through 2013, such as for the CFO to maintain and update a comprehensive financial management policy manual and for the CAO to design and complete various phases of the St. Elizabeths' construction for the consolidation of DHS headquarters facilities. The FYHSP does not identify trade-offs; Set implementation goals and a time line to monitor the progress of these initiatives to ensure the necessary links occur when needed: The FYHSP identifies the performance goals and measures for the Management Directorate and sets performance targets for fiscal years 2009 through 2013. The FYHSP also identifies actions to be completed in each fiscal year by the Management Directorate. The FYHSP does not set implementation goals or a time line for monitoring the progress of management initiatives to ensure necessary links occur between initiatives when needed; Identify potential efficiencies and ensure that they are achieved: The FYHSP does not discuss potential efficiencies. DHS documents: Internal Control Playbook, Fiscal Year 2009; Look across initiatives within each of the management functional units: The playbook identifies initiatives and actions for management improvement, with an emphasis on strengthening component management functions. Corrective action plans are included for areas such as, human capital management, acquisition management, and administrative management, but does not look across initiatives in each functional area; Clearly identify the critical links that must occur among these initiatives: The playbook does not identify the critical links that must occur among initiatives; Identify trade-offs and set priorities: Within corrective action plans for each area, the playbook addresses corrective actions to be implemented and identifies strategies to mitigate risk to those corrective actions. However, the playbook does not identify priorities and trade-offs among the initiatives; Set implementation goals and a time line to monitor the progress of these initiatives to ensure the necessary links occur when needed: Within corrective actions for each area, the playbook identifies key strategies and milestones for implementing corrective actions. However, these goals and milestones do not allow the department to ensure that the necessary links occur when needed among the initiatives; Identify potential efficiencies and ensure that they are achieved: Some corrective action plans identify potential efficiencies that relate to the DHS mission, but none of the corrective action plans identify potential efficiencies across functional areas. Functional area documents: DHS documents: Management directives; Look across initiatives within each of the management functional units: The management directives are focused on management functions, but do not look across initiatives within each functional area; Clearly identify the critical links that must occur among these initiatives: The management directives do not identify the critical links that must occur among initiatives; Identify trade-offs and set priorities: The management directives do not identify trade-offs and priorities for or across management initiatives; Set implementation goals and a time line to monitor the progress of these initiatives to ensure the necessary links occur when needed: The management directives do not identify implementation goals and a time line for monitoring the progress of specific initiatives to ensure necessary links occur when needed. The management directives indicate that management chiefs are to establish integration milestones for the consolidation of the chiefs' functions and develop performance metrics for the respective functions; Identify potential efficiencies and ensure that they are achieved: The management directives do not identify potential efficiencies. DHS documents: Functional area strategic plans; Look across initiatives within each of the management functional units: The plans cite functional areas' management initiatives, but do not look across the initiatives that occur within each of the functional areas; Clearly identify the critical links that must occur among these initiatives: The plans do not identify the critical links that must occur among initiatives; Identify trade-offs and set priorities: Two functional area strategic plans--CIO and CHCO, for example--provide priorities within each functional area. A third strategic plan, for the CAO, does not specify particular priority areas, although it speaks to the importance of developing such priorities. The CSO strategic plan does not identify priorities, and none of the functional area strategic plans discusses trade-offs; Set implementation goals and a time line to monitor the progress of these initiatives to ensure the necessary links occur when needed: Three functional area strategic plans--CIO, CHCO, and CAO--provide strategic/implementation goals. Two of these plans also provide time lines for completing individual initiatives. None of the plans identify time lines for monitoring the progress of the initiatives to ensure necessary links occur when needed; Identify potential efficiencies and ensure that they are achieved: Two functional area strategic plans--CIO and CHCO--identify potential efficiencies within each functional area, but do not identify potential efficiencies across functional areas. The CAO strategic plan provides a more generic statement that DHS is seeking to analyze and optimize existing structures to generate efficiencies. Source: GAO analysis of DHS documents. [End of table] In addition to these functional area and departmentwide documents, DHS officials identified three other documents that are related to management integration: (1) the DHS Strategic Plan; (2) the Quadrennial Homeland Security Review (QHSR); and (3) the Business Operations Manual. The DHS Strategic Plan includes, among other things, the department's vision, mission, core values, and guiding principles, as well as the goals and objectives by which the department will continually assess performance.[Footnote 20] The department's latest strategic plan for fiscal years 2008 through 2013 includes five strategic-level goals related to the department's mission and management functions. Goal 5 of this plan--"Strengthen and Unify DHS Operations and Management"--sets out the department's goal for its management functions; information and intelligence sharing; and policy, planning, and coordination functions.[Footnote 21] Under this goal, the first objective describes what the department plans to achieve for its management functions, through the Management Directorate, and includes a reference to achieving management integration.[Footnote 22] Specifically, Objective 5.1--"Improve Department Governance and Performance"--states that the department will lead efforts that provide structure to enhance departmentwide governance, decision making, and oversight, including internal controls and performance management tracking, and optimize processes and systems to facilitate integration and coordination. DHS's Strategic Plan sets out strategic-level goals and objectives for the department's overall mission and management functions but is not intended to constitute a management integration strategy. As we have previously reported, a management integration strategy goes beyond what is contained in an agency strategic plan, as it provides the more specific operational and tactical information to manage the integration effort.[Footnote 23] A strategic plan contains the high-level goals and mission for an agency, while a management integration strategy would provide the activities and time lines needed for accomplishing the goals of the integration effort. As required by the 9/11 Commission Act, DHS is developing its first QHSR to conduct a comprehensive examination of the homeland security strategy for the nation, including recommendations regarding the long- term strategy, priorities for homeland security, and guidance on the programs, assets, capabilities, budget, policies, and authorities of the department.[Footnote 24] The QHSR includes five principal study areas, based on the Secretary's priorities for homeland security, one of which is maturing and unifying DHS and the homeland security enterprise.[Footnote 25] DHS is also developing a Business Operations Manual that, according to DHS officials, will provide an overview of the key DHS processes including strategic requirements planning, risk assessment, programming, budgeting, acquisition, and performance assessment, and will also show how these processes link together to ensure coordinated decision making. As the QHSR and Business Operations Manual are still under development, it is too soon to tell whether or how these documents will contribute to DHS's management integration efforts. DHS Has Expanded Its Performance Measures for Individual Management Functions, but Has Not Yet Established Measures for Departmentwide Management Integration: DHS has developed some performance goals and measures to measure management activities, but has not yet established measures for assessing management integration across the department. For example, DHS has increased the number of departmentwide performance measures for the Management Directorate in support of Goal 5 of its strategic plan. Specifically, since fiscal year 2008, DHS has added 13 new measures and retired 3 others for the Management Directorate in support of Objective 5.1 of the strategic plan, going from 5 performance measures for the Management Directorate in fiscal year 2008 to 15 measures in fiscal year 2009, as shown in table 2.[Footnote 26] These measures relate to activities in functional areas but do not help to measure management integration. Table 2: DHS Management Directorate Fiscal Years 2008 and 2009 Performance Measures: DHS Strategic Plan goal: Strategic Goal 5: Strengthen and unify DHS operations and management; DHS Strategic Plan objective: Objective 5.1: Improve department governance and performance; Fiscal year 2008 performance measure: * Number of internal control processes tested for design and operational effectiveness; * Percentage of major information technology projects that are within 10 per cent of cost/schedule/performance objectives; * Percentage of President's Management Agenda (PMA) initiatives that receive a green progress score from the Office of Management and Budget[A]; * Percentage of favorable responses by DHS employees on the annual employee survey; * Total instances of material weakness conditions identified by the independent auditor in its report on the DHS financial statements. Fiscal year 2009 performance measure: * Percentage of favorable responses by DHS employees on the annual employee survey; * Total instances of material weakness conditions identified by the independent auditor in its report on the DHS financial statements; * Percentage of major investments currently aligned to Agency Enterprise Architecture; * Percentage of DHS workforce (employees and contractors) with advanced identification cards; * Percentage of major acquisition projects that do not exceed 10 per cent of cost/schedule/performance objectives; * Interest penalties paid on all invoices (in millions); * Percentage of vendors paid electronically; * Percentage of non-credit card invoices paid on-time; * Percentage of accounts receivable from the public delinquent over 180 days; * Percentage of improper payments collected; * Number of civilian employees serving in the DHS interagency and intradepartmental Rotation Training Program; * Percentage of civilian employees in designated positions that are qualified as National Security Professionals; * Attrition rate for career senior executive service personnel; * Percentage annual reduction in petroleum-based fuel consumption by DHS owned or leased vehicles; * Percentage of major information technology systems with full Federal Information Security Management Act compliance. Source: GAO analysis of information in DHS Annual Performance Report. [A] The prior administration's Office of Management and Budget developed a President's Management Agenda scorecard that gave a "green," "yellow," or "red" score by agency. Green indicates success, yellow indicates mixed results, and red indicates unsatisfactory results. [End of table] The Government Performance and Results Act of 1993 (GPRA) provides a framework for strategic planning and reporting intended to improve federal agencies' performance and hold them accountable for achieving results.[Footnote 27] Effective implementation of this framework requires agencies to, among other things, clearly establish performance goals for which they will be held accountable and measure progress toward those goals. Although DHS has added measures for the Management Directorate since fiscal year 2008, DHS has not yet clearly communicated what the linkages, if any, are between these measures and the management integration of the department. DHS officials told us that the department's current measures do not allow the department to gauge the status of management integration and that the department has focused on the development of measures for departmental components, offices, and directorates--such as a measure for the attrition rate for career Senior Executive Service (SES) personnel and a measure for the percentage of improper payments collected. However, these performance measures do not allow the department to assess its progress in achieving departmental goals for management integration within and across functional areas. DHS officials stated that the department's goal is to develop a set of measures that will help the department assess its management integration. Without such a set of measures, DHS cannot assess its progress in implementing and achieving management integration both within and across its functional areas. A comprehensive strategy for management integration that clearly sets implementation goals and time lines could help the department establish measures for assessing its management integration. DHS's Management Directorate Has Taken Actions to Communicate and Consolidate Management Policies, Processes, and Systems: Through various management councils, the Management Directorate shares information related to the implementation of management initiatives, solicits feedback from the components, and provides a forum for coordination between component management offices. The Management Directorate has several councils that it uses to communicate through the department, as shown in table 3. Each management chief chairs a functional council to address issues pertaining to that management function. For example, the DHS CFO leads a council that includes component or agency CFOs across DHS and addresses and coordinates departmentwide financial management issues, such as financial management internal controls. Likewise, the USM chairs a Management Council made up of the DHS management chiefs and a representative from each component that discusses issues of departmentwide importance, such as training and development programs. DHS management directives give five of six functional councils responsibility for developing and executing formal communications programs for internal and external stakeholders. The functional councils also have charters that generally define the role of the councils to communicate information and provide input on goals or priorities within their management function. The Management Council does not have a formal charter. Table 3: DHS's Management Councils: Council: Management Council; Chair: USM; Membership: Cross-functional. Council: Chief Administrative Officer Council; Chair: CAO; Membership: Functional. Council: Chief Financial Officer Council; Chair: CFO; Membership: Functional. Council: Chief Information Officer Council; Chair: CIO; Membership: Functional. Council: Chief Security Officer Council; Chair: CSO; Membership: Functional. Council: Head of Contracting Authority (HCA) Council[A]; Chair: CPO; Membership: Functional. Council: Human Capital Leadership Council; Chair: CHCO; Membership: Functional. Source: GAO analysis of DHS documents and interviews. [A] The HCA Council is the functional council for the procurement management function. [End of table] We found the Management Directorate uses the councils to share information related to management initiatives with their counterparts from the components and solicit their input on departmentwide issues. For example, when we observed the Human Capital Leadership Council (HCLC) in May 2009, the DHS CHCO updated the council members on his office's efforts to establish an automated performance management tool. Members of the HCLC's Human Capital Subcommittee on Performance Management also solicited feedback from the HCLC on whether changing the dates of the department's performance management cycle could be explored by the subcommittee because it currently falls at a challenging time during the fiscal year. The HCLC discussed the issue and raised points, such as the relationship with the SES performance cycle and the impact of potential continuing resolutions. Ultimately, the HCLC agreed the subcommittee should pursue the issue. Similarly, when we observed a Management Council meeting in April 2009, the council members shared information on issues that affect multiple management functions, such as the Transformation and Systems Consolidation (TASC) initiative to consolidate and integrate its financial management, acquisition, and asset management systems. The council meetings also provide a forum for the component chiefs to provide input into departmentwide plans, such as the functional area strategic plans. For example, component officials from the information technology and human capital management functions collaborated with their corresponding DHS management chief on the development of their functions' strategic plans at council meetings or council-sponsored off- site meetings. The councils also provide a forum for component management chiefs to raise concerns and suggestions about departmentwide management initiatives. For example, when we observed the CIO Council meeting in April 2009, a component official expressed concern about the component's outdated financial management system, which they have not replaced because they are waiting for the departmentwide TASC solution. The official said that the component is repeatedly receiving negative results on their financial systems audit while they wait. The DHS CIO responded that if the TASC initiative experiences further delays, she will work with the DHS CFO's office to jointly determine a solution to allow the components to make progress and identify areas of possible audit mitigation while waiting for TASC to be implemented. Finally, we found that the six functional councils provide the component management chiefs with an opportunity to collaborate with their peers in other components and share best practices. The FEMA Assistant Administrator for Management explained that FEMA is in a better position today because of its management chiefs' participation in the councils. He said the management chiefs have been able to better handle issues because they are able to learn best practices from their counterparts in other components who are dealing with the same issues and would not have the same access to the other components without the functional councils. DHS's Management Directorate Has Taken Actions to Consolidate Management Policies, Processes, and Systems: While DHS does not have a comprehensive management strategy, its Management Directorate is working to consolidate management policies, processes with associated governance boards, and systems. The Management Directorate has developed and implemented departmentwide policies to replace policies from each of the legacy agencies that make up DHS in all six management functions. For example, the DHS CAO's office completed a comprehensive review of directives that govern departmentwide activities. According to the DHS Internal Control Bluebook for fiscal year 2008, results of this review reduced the number of directives by over 56 percent. The DHS CAO's office also implemented a new initiative to develop uniform policies and programs for radiation safety across the department. The DHS CFO's office launched an online Financial Management Policy Manual tool, which serves as the single authoritative guide on financial management and the foundation for departmentwide financial management knowledge sharing and standardization. According to officials from the DHS CFO's office, the Financial Management Policy Manual is part of its approach to integrate within the financial management function and is critical to enable financial management employees to carry out their duties and responsibilities effectively and efficiently. The Management Directorate has also taken steps toward consolidating some management processes and established governance boards to manage the processes in the areas of acquisition, information technology, financial management, and resource allocation, as shown in table 4. Table 4: DHS Governance Boards: Governance board and date established: Acquisition Review Board (formerly the Investment Review Board); November 2008. Chair: Deputy Secretary, USM, Deputy USM, Component Head or Component Acquisition Executive[A]; Membership: * USM; * CFO; * CIO; * CAO; * CPO; * CSO; * Assistant Secretary for Policy; * General Council; * Director of Operational Test and Evaluation. Governance board and date established: Enterprise Architecture Board; April 2004; Chair: CIO; Membership: * CPO; * Office of Applied Technology; * Chief Information Security Officer; * Office of Accessible Systems and Technology; * Information Technology Services Office; * Enterprise Business Management Office; * Enterprise System Development Office. Governance board and date established: Senior Management Council for Internal Controls; June 2008; Chair: USM; Membership: * CAO; * CFO; * CIO; * CHCO; * Chief Information Security Officer; * CSO; * CPO. Governance board and date established: Program Review Board; March 2008; Chair: Deputy Secretary; Membership: * USM; * CFO; * Deputy General Counsel; * Deputy Assistant Secretary, Office of Policy; * Heads CBP, ICE, FEMA, TSA, U.S. Coast Guard, USCIS, U.S. Secret Service, Domestic Nuclear Detection Office, Federal Law Enforcement Training Center, Office of Health Affairs, Office of Intelligence and Analysis, NPPD, Operations Coordination, and Science and Technology. Source: GAO Analysis of DHS documents. Note: DHS also has a Working Capital Fund Governance Board, which provides policy oversight and direction for the activities to be included in the Working Capital Fund. [A] The chair of the Acquisition Review Board (ARB) differs based on which DHS official is designated as the Acquisition Decision Authority for a given acquisition program, according to the amount of the program's total life cycle costs. [End of table] As we previously reported, the Management Directorate recognized historical shortcomings in its acquisition review process and released an interim acquisition management directive in November 2008.[Footnote 28] The interim directive established a revised acquisition review process, including roles and responsibilities of DHS approving authorities, threshold levels for acquisitions, and acquisition decision events and the corresponding documentation required. Specifically, it established the Acquisition Review Board (ARB) as the department's highest review body and charged it with reviewing and approving all programs at key milestone decision points that are above $300 million in life cycle costs. In September 2009, we testified that DHS has also reinstated regular ARB meetings and acquisition decision memorandums.[Footnote 29] Specifically, as of September 15, 2009, DHS's ARB reports that it completed 14 acquisition reviews in 2008, and has thus far completed 18 reviews in 2009, including reviews of major acquisitions, such as SBInet, US-VISIT, and Secure Flight. DHS also reports that 7 additional reviews are scheduled to occur by the end of the fiscal year. We previously reported that while recent actions establishing the ARB and an acquisition process represent progress, the department's previous acquisition review process was not able to effectively carry out its oversight responsibilities and keep pace with investments since 2004.[Footnote 30] It is too soon to tell whether DHS's latest efforts will be sustained to ensure investments are consistently reviewed as needed. The DHS IG has also reported that DHS faces challenges in implementing corrective actions for acquisition oversight.[Footnote 31] In addition, DHS established an Enterprise Architecture Board (EAB) to guide and approve new information technology investments. Enterprise architecture provides systematic structural descriptions of how a given organization operates today and how it plans to operate in the future, and it includes a plan to transition from the current state to the future state. The EAB reviews and approves information technology investments to ensure they align with DHS's enterprise architecture and transition plan. Based on these reviews, the EAB makes recommendations to the ARB, mentioned above, which the ARB includes in its review of information technology acquisitions. In September 2009, we testified that since 2003, DHS has issued annual updates to its enterprise architecture that have improved prior versions by adding previously missing content.[Footnote 32] However, DHS has yet to adequately address how it determines and ensures that an investment is aligned with its enterprise architecture. Specifically, while the Management Directorate has recently chartered its EAB and assigned it responsibility for ensuring that each investment is architecturally aligned throughout its life cycle, it has yet to define a methodology, including explicit criteria, for making a risk-based alignment determination. The Management Directorate established a mission action plan process and Senior Management Council (SMC) for Internal Controls to assist the department in identifying, assessing, prioritizing, and monitoring the progress of efforts to remediate material weaknesses.[Footnote 33] A mission action plan presents an overall plan for correcting a control deficiency that includes milestones with specific dates and remediation actions and is published annually in the department's Internal Control Playbook. In November 2008, the Management Directorate created its first Internal Control Bluebook, which provides the status of the department's efforts to design and implement departmentwide internal controls. The SMC oversees the mission action plan process and determines when sufficient action has been taken to correct material weakness. The Management Directorate has faced challenges in implementing the mission action plan process at the components. For example, the DHS IG reported that while FEMA prepared mission action plans for the fiscal year 2009 Internal Control Playbook that address known deficiencies, its financial reporting mission action plan did not adequately emphasize the primary root cause of control weaknesses. [Footnote 34] Similarly, the DHS IG reported that the TSA's financial reporting mission action plan in the fiscal year 2009 Internal Control Playbook lacked specific milestones related to some root causes and lacked clear linkage from the root cause to actions and milestones to address the deficiencies.[Footnote 35] The Management Directorate also participates in the Program Review Board (PRB), which governs the department's programming efforts as part of the broader Planning, Programming, Budget, and Execution process. This process is the department's effort to ensure goals and priorities are translated into actionable requirements, programmed and budgeted for appropriately, and realized through execution. Specifically, the USM is a member of the PRB. The PRB considers major multi year programmatic issues across the department and recommends resource allocation decisions to the deputy secretary based on priorities. These decisions provide department approved 5-year resource profiles by component, and provide the foundation for the next DHS budget sent to the Office of Management and Budget. The DHS Program Analysis and Evaluation Director told us that the USM has been instrumental in helping components prioritize activities. The PRB gives the USM a forum for providing input into the resource decisions from a management perspective. However, without a management integration strategy for the department with clear priorities, it is unclear how the management initiatives related to integration that are considered are being prioritized, and whether resources are being used in the most efficient and effective manner. Additionally, the Management Directorate has taken steps in an effort to consolidate the department's systems. For example, the TASC initiative is the department's current effort to consolidate its financial management, acquisition, and asset management systems. DHS has been working to consolidate its financial management systems since the department was first created. A prior effort focused on financial management systems integration began in January 2004, known as the Electronically Managing Enterprise Resources for Government Effectiveness and Efficiency (eMerge2) project. This project was expected to integrate financial management systems departmentwide and address existing financial management weaknesses. However, DHS officially ended the eMerge2 project in December 2005, acknowledging that this project had not been successful. Litigation has slowed the Management Directorate's selection process for a contractor to implement TASC, but DHS expects to award the contract in early 2010. While DHS officials told us they believe communications between the department's CFO and the component CFOs for TASC seem to be working well, in October 2009, we testified that the department has not yet completely defined its financial management strategy and plan to move forward with financial management integration efforts.[Footnote 36] The Management Directorate also has an initiative under way to consolidate its information technology data centers, which are facilities that contain electronic equipment used for data processing, data storage, and communications networking. The Data Center consolidation initiative is an effort to move from DHS's 17 legacy data centers to two large-scale enterprise data centers. According to DHS's fiscal year 2010 Budget in Brief report, DHS expects the reduced number of data centers to help streamline the department's maintenance and support contracts as well as enhance security and improve information sharing with stakeholders.[Footnote 37] While the Management Directorate intends to complete the relocation of legacy data centers to the new data centers by fiscal year 2011, it is facing challenges in the implementation of the Data Center consolidation. For example, the DHS IG reported that the department has not established necessary connectivity between the two data centers so they are able to provide backup capabilities for each other because necessary telecommunications equipment and circuits are not in place to transmit data between the two centers.[Footnote 38] Performance Management Practices Could Be More Consistently Applied Departmentwide to Strengthen Reporting Relationships between Department and Component Management Chiefs: During a transformation, strategic goals must be clear and enable stakeholders and employees to understand what they need to do differently to help the organization achieve success.[Footnote 39] The organization's performance management system can help to show how individual performance can contribute to overall organizational results, and can help manage and direct the transformation process. Specifically, we have reported that several practices are critical to ensuring that the performance management system supports change.[Footnote 40] To be successful, transformation efforts must align individual performance expectations with organizational goals. These practices support efforts to create a "line of sight" showing how unit and individual performance can contribute to overall organizational results, and in the case of transforming DHS and integrating the department, can enable the USM and department management chiefs to align activities of subordinate management officials in support of the management integration strategy. A line of sight that connects management integration goals should show how the USM, department management chiefs, and management chiefs of DHS components all contribute to and support DHS management integration goals. Figure 3 provides an example of how individual goals for the USM and department and component management chiefs support the Management Directorate and department goals and objectives for management integration activities related to a particular management integration initiative--in this case, DHS Data Center consolidation. The figure also depicts how management officials at each level provide performance input to align the activities of subordinate levels. Figure 3: Line of Sight Linking Organizational and Individual Goals and Objectives for DHS Data Consolidation: [Refer to PDF for image: illustration] Organizational objectives: DHS Strategic Plan: Goal/objective: Strengthen and unify DHS operations and management; Detailed statement: We will optimize processes and systems to facilitate integration and coordination. Management Directorate Strategic Plan: Goal/objective: Optimize processes and systems; Detailed statement: Integrate functional operations to facilitate cross-component synergies and streamline coordination ensuring reliable and efficient support of mission objectives. Individual objectives: Under Secretary for Management Performance Agreement: Goal/objective: Improve management programs & initiatives for DHS HQ; Detailed statement: Improve management program & initiatives for DHS HQ that improve the quality of life of employees, enhance operations, improve security, and provide efficiencies in operations by 30 Sept. 08. DHS CIO Performance Agreement: Goal/objective: Consolidate component data centers; Detailed statement: Consolidate 17 component data centers into 2 enterprise data centers. DHS CIO Performance Agreement[A]: Goal/objective: Advance DHS headquarters IT collaborative efforts; Detailed statement: DHS data center consolidation:10% x quantity of certification and accreditation tracking systems shut down in non-DHS data centers; 10% x quantity of certification and accreditation tracking systems stood up in DHS data centers. Source: GAO analysis of DHS documents. [A] The USCIS CIO performance agreement objective cited in figure 3 was linked to DHS's Strategic Plan Goal 5 Strengthen and Unify DHS Operations and Management, but not to the Management Directorate Strategic Plan. [End of figure] The USM's Performance Agreement and Evaluation Indicate That the USM Was Held Accountable for Management Directorate and DHS Strategic Objectives: As the designated CMO of the department, the USM is specifically tasked with leading management integration at DHS, and is the first link in the line of sight that connects organizational and individual goals and objectives, necessary to ensure that once a management integration strategy is developed, management leaders at each level support its implementation.[Footnote 41] The 9/11 Commission Act requires that the USM enter into an annual performance agreement with the Secretary, including measurable individual and organizational goals, and be subject to an annual performance evaluation by the Secretary, with a determination of progress made toward achieving those goals and measures.[Footnote 42] Similarly, we have reported that top leadership should drive the transformation, and have previously stated that the organization's CMO should have a clearly defined, realistic performance agreement.[Footnote 43] To support departmentwide goals, the USM's performance plan should reflect the DHS Strategic Plan and Management Directorate Strategic Plan, and when developed, the management integration strategy. In reviewing performance management linkages at the USM's level, we found that the Deputy Secretary provided input into the USM's performance plan in October 2007, and conducted a performance evaluation in 2008 based on this agreement. According to DHS officials, the Deputy Secretary conducted the performance agreement and evaluation--rather than the Secretary--based on delegated responsibilities for the performance of management reform as the department's chief operating officer. Performance objectives in the USM's agreement and evaluation show linkages to strategic plans, and include references to several efforts related to management integration. Specifically, the USM's performance objectives included clear linkages to the fiscal year 2009 through 2014 Management Directorate Strategic Plan, and to the fiscal year 2008 through 2013 DHS Strategic Plan Goal 5--"Strengthen and Unify DHS Operations and Management." In terms of the content of individual objectives, three of the performance objectives refer to projects or initiatives specifically: (1) Designing a new acquisition review system, (2) finalizing and implementing a plan to improve management controls, and (3) establishing a certified SES performance system. One objective refers generally to improving management programs and initiatives for DHS's headquarters.[Footnote 44] The efforts to implement a new acquisition review system and management controls and centralize management of SES positions involves increasing integration of management functions. The Integrated Strategy for High Risk Management referenced in the performance plan was mentioned by DHS as providing guidance for management integration efforts. Other initiatives that contribute to integration, including the consolidation of DHS data centers, are described as accomplishments in the USM's evaluation related to the implementing programs and initiatives for DHS's headquarters objective. Department Management Chiefs' Performance Agreements Show Linkages to Higher Level Strategies and Include Management Integration Goals and Objectives: The second link in the line of sight involves the USM's relationship with the department management chiefs. Five department chiefs report directly to the USM, and the CFO has a dual reporting relationship to the Secretary and the USM.[Footnote 45] Based on performance management practices mentioned above, department management chiefs' performance plans should support organizational goals included in the Management Directorate Strategic Plan. We would expect these performance plans should also support a department management integration strategy, when one is developed. In reviewing department management chiefs' performance agreements, we found that they supported higher level Management Directorate goals and objectives, and included references to management integration-related activities. For example, performance agreements for the six department management chiefs consistently include a reference to the Management Directorate's Strategic Plan. We also learned from DHS officials that fiscal year 2009 was the first year that the USM provided a common objective to department management chiefs. Specifically, the fiscal year 2009 management chiefs' performance plans included a joint performance objective related to management support for the expansion of NPPD. In addition, the agreements consistently include objectives related to management integration. The following are examples of management integration-related objectives in performance agreements: * The CSO's agreement included an objective to "Integrate security services department wide through development and implementation of security policies and practices for the department." * The Acting CIO's agreement included objectives for consolidating legacy networks and consolidating component data centers (as depicted in figure 3). * The CHCO's agreement included an objective for providing DHS-wide policy and guidance on all major human resources matters. * The CAO's agreement included an objective to establish a consolidated headquarters for DHS. Performance agreements also showed evidence of common goals. For example, as discussed previously, each chief's agreement includes support for the expansion of NPPD. The performance agreements also refer to specific actions for support from that management function, such as providing space for the new employees, in the CAO's case, and providing information technology hardware and software to support the new employees, in the CIO's case. Department Management Chiefs Have Not Consistently Implemented "Dotted Line" Reporting Relationships in Accordance with Management Directives: The third link in the line of sight involves the department management chiefs' relationships with the management chiefs in DHS's component agencies. The component management chiefs directly report to their component agency heads, while also having a "dotted line," or indirect, reporting relationship to their respective department management chief. [Footnote 46] The arrangement of component heads and department chiefs both supporting integration of management functions is referred to as "dual accountability." When we reviewed DHS's management integration progress in 2005, the department had recently established the dual accountability structure of reporting relationships.[Footnote 47] Management directives define department and component management chiefs' responsibilities, including specific ways that department management chiefs should provide direction to component management chiefs. For example, management directives require the department chief to establish annual milestones for integrating the management function. The directives also require the management chiefs to provide written performance objectives to the component management chief at the start of each performance cycle, feedback to the component rating official on the component chief's accomplishment of objectives, and input on bonus or award recommendations, pay, and other forms of commendation. Also, in accordance with performance management practices mentioned previously, to ensure accountability for change, component management chiefs' performance agreements should reflect the department management chiefs' specific performance objectives for the component chiefs' management functions, and should also reflect the Management Directorate and departmentwide strategic plans. All department management chiefs except for the CSO said that they specifically established annual priorities of some sort--either goals, objectives, milestones, and /or expected results--for their function. In addition, we reviewed documentation of goals, objectives, milestones, or expected results for each of these management functions. Four management chiefs--the CFO, CPO, CHCO, and CAO--said that the priorities were determined through annual planning processes for the function, either at an offsite meeting or through the management function's council. The CSO indicated that the management function's strategic plan served in place of annual milestones, although the plan provided did not identify its applicability to any given year or distinguish any priorities or target for implementation within a particular year. At an individual level, however, the department chiefs did not consistently provide individual input at the beginning of the component management chiefs' performance cycle--either through written goals and objectives or via direct input into the performance agreement. Management directives for each management function include a requirement that department management chiefs provide the component management chief with written objectives at the start of the annual performance cycle. In our review we found that only two department chiefs--the CAO and CPO--said that they provided individual input with regard to component chiefs' performance. The CAO said that he provided written objectives attached to a memo that was sent to each component CAO, and the CPO said that individual input and goals were provided annually in the form of a letter. We also reviewed these objectives and goals provided to the components. The other four management chiefs said that they did not provide individual input, and instead pointed to collective goals or objectives developed through planning processes and contained in strategic or operational plans. While these collective processes and overall plans provide general guidance for the management function, they do not meet the standard established by the management directives of annual, individualized performance input. The USM told us that the functional councils have improved in their development of common management goals for their functions, but she agreed that they have not yet consistently followed through by putting those goals into individual performance plans. She added that the department's management chiefs would be including this information in component chiefs' performance plans for 2010. Despite the lack of department input in the four component management chiefs' performance agreements mentioned above, in reviewing the agreements we found that some of them included a link to the Management Directorate Strategic Plan, a management function strategy or plan, or the DHS Strategic Plan Goal 5 for management. Some performance agreements also referred to supporting department-level efforts, with references to activities such as supporting department-level strategic plans and council activities and implementing departmentwide management initiatives. In addition to input into component chief performance agreements, management directives require department chief feedback to the component rating official regarding the component chiefs' accomplishment of annual objectives. The CFO, CSO, and CAO told us that they provided input into component chiefs' performance appraisals, while the CIO and CPO did not provide input. The CPO stated that he would be providing input beginning with the fiscal year 2010 performance appraisals. The CHCO said that, due to his limited tenure in the position, he could not state whether input had occurred. In addition to individual input, department chiefs have the opportunity to review the component chiefs' performance ratings and bonuses and/or pay adjustments at the conclusion of the department Performance Review Boards prior to their approval by the deputy secretary. While this assessment provides an additional opportunity for department oversight, it does not satisfy the management directives' requirement for input by the department chief to the component rating official. The USM said that departmental chiefs' input into component chiefs' performance appraisals would be a priority in the future. In summary, performance management practices to help ensure accountability for management integration between the department and component management chiefs are not consistently in place. While linkages are being most clearly defined at the department chief level within their individual management functions, department chiefs are not consistently providing the guidance and input required by department management directives and in accordance with performance management leading practices. The inconsistent application of such guidance and practices presents challenges to institutionalizing individual accountability and enabling the effective exercise of authority at the department. Without ensuring that the management chiefs provide input into component chiefs' performance plans and evaluations as required, the Management Directorate cannot be sure that component chiefs are fully implementing management integration. Conclusions: In the more than 6 years since its establishment, DHS has taken actions that could help it transform organizationally and integrate its management functions to establish a unified department. In particular, the department has taken actions to vertically integrate the component agencies by developing common policies, procedures, and systems within individual management functions, such as human capital and information technology However, DHS has placed less emphasis on integrating horizontally, and bringing together these multiple management functions across the department. In addition, key characteristics that are necessary to guide and ensure successful management integration are not yet in place, such as identification of trade-offs, priorities, and implementation goals, and the implementation and transformation of the department remains on our high-risk list. Current plans are a step in the right direction, but in the absence of a comprehensive strategy for management integration as required by the 9/11 Commission Act and meeting all of the previously identified characteristics for such a strategy, it is unclear how management integration will be more fully achieved across the department. We therefore reiterate our prior recommendation, not yet fully implemented, that DHS develop a comprehensive management integration strategy. We continue to believe that a comprehensive strategy for management integration is warranted, and would help the department to ensure that its management initiatives are implemented in a coherent way. It would also help DHS to communicate its approach for management integration and measures for evaluating progress made. Moreover, while DHS has been implementing management initiatives and processes across the department, in the absence of a comprehensive management integration strategy, it is unclear how these efforts are being prioritized and sequenced, and trade-offs between them are being recognized. In addition, a comprehensive strategy for management integration would help the department establish performance measures to better gauge its progress in integrating its various management policies, processes, and systems across DHS. Although the department has developed certain management measures, these measures do not allow the department to assess the extent to which it is making progress in implementing and achieving management integration both within and across functional areas. The "dotted line" reporting relationships between the department chiefs will be particularly important once DHS develops a management integration strategy that would involve decisions and trade-offs that are dependent on component compliance to succeed. Implementation of existing performance management mechanisms--such as the departmental management chiefs' input into component chiefs' performance plans and evaluations, and linkages between department goals and objectives and individual performance plans for component management chiefs--is necessary to ensure that the Management Directorate can exercise its authority and leadership to implement a management integration strategy. Recommendations for Executive Action: To strengthen its management integration efforts, we recommend that the Secretary of Homeland Security direct the Under Secretary for Management, working with others, to take the following four actions: * Once a comprehensive management integration strategy is developed, consistent with statute and as we previously recommended, establish performance measures to assess progress made in achieving departmentwide management integration; * Ensure that department management chiefs provide written objectives for component management chiefs' performance plans at the beginning of each performance cycle, and that the objectives are representative of determined priorities and milestones for the management functions during that period; * Ensure that department management chiefs provide input into component management chiefs' annual performance evaluations; and: * Ensure that component management chiefs' individual performance plans are reflective of and include linkages to the goals and objectives for the Management Directorate and relevant department management function. Agency Comments and Our Evaluation: We provided a draft of this report to the Secretary of the Department of Homeland Security for comment. In written comments on a draft of this report, the DHS Under Secretary for Management provided information on steps the department was taking or planning to take to develop a strategy for management integration, as we had recommended in our 2005 report, and to link this strategy to SES performance appraisals for the management chiefs. Specifically, the Under Secretary for Management said that she is leading the process for developing a detailed, measurable plan that will include the actions and milestones necessary to accomplish management integration at the department. Additionally, the Under Secretary for Management stated that the integration plan will be tied to the SES performance appraisals for each management chief for the fiscal year 2010 performance cycle, and that the plan will also serve as the required annual performance agreement between the Secretary and the Under Secretary for Management. While DHS's letter did not directly comment on our recommendations in this report related to the need for performance measures for management integration and additional steps needed to strengthen accountability for the management chiefs, the Director of DHS's Internal Control Program Management Office noted in a subsequent e-mail that DHS concurred with our report and its written comments were intended to discuss steps to implement the recommendations in our report. DHS's written comments are contained in appendix I. We incorporated technical comments provided by DHS as appropriate. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies to the Department of Homeland Security and other interested parties. In addition, the report will be available at no charge on the GAO Web site at [hyperlink, http://www.gao.gov]. If you or your staff have any further questions about this report, please contact me at (202) 512-6543 or steinhardtb@gao.gov, or David Maurer, Director, at (202) 512-9627 or maurerd@gao.gov. Points of contact for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Key contributors to this report are listed in appendix II. Signed by: Bernice Steinhardt, Director: Strategic Issues: Signed by: David C. Maurer, Director: Homeland Security and Justice: [End of section] Appendix I: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20528: November 10, 2009: Ms. Bernice Steinhardt: Director: U.S. Government Accountability Office: 441 G Street, N.W. Washington, D.C. 20548-001: Dear Ms. Steinhardt: Thank you for providing the Government Accountability Office's (GAO) draft report; "Actions Taken Toward Management Integration, But a Comprehensive Strategy is Still Needed" (GAO-10-131). We have taken the opportunity to assess our progress on developing a dedicated strategy for management integration as well as consider how to incorporate it with strategic efforts toward transformation and implementation for the Department. In support of critical management integration efforts, I am leading the process for developing a detailed, measurable plan as recommended by your draft report. The plan will further develop the actions and milestones necessary to accomplish the Department of Homeland Security management integration. Additionally, the integration plan will be tied to the senior executive service performance appraisals for each business line chief for the Fiscal Year 2010 performance cycle. This plan will also serve as the required annual performance agreement between the Secretary and the Under Secretary for Management. I am confident that this plan will further the Department's integration goals as it will clearly and concisely state the actions DHS will take in the next years toward integration. Thank you for your contributions to provide recommendations for improvements to DHS management integration. If there are any questions, please contact me or Sharie Bourbeau, Deputy Under Secretary in the Office of the Under Secretary for Management, at (202) 4473400. Sincerely, Signed by: Elaine C. Duke: Under Secretary for Management: [End of section] Appendix II: GAO Contacts and Staff Acknowledgments: GAO Contacts: Bernice Steinhardt, (202) 512-6543 or steinhardtb@gao.gov. David Maurer, (202) 512-9627 or maurerd@gao.gov: Staff Acknowledgments: In addition to the contact named above Sarah Veale, Assistant Director; Rebecca Gambler, Assistant Director; S. Mike Davis; Barbara Lancaster; Jared Hermalin; Bion Bliss; Jyoti Gupta; Tom Beall; and Karin Fangman made significant contributions to this report. [End of section] Related GAO Products: Financial Management Systems: DHS Faces Challenges to Successfully Consolidate its Existing Disparate Systems. [hyperlink, http://www.gao.gov/products/GAO-10-210T]. Washington, D.C.: October 29, 2009. Homeland Security: Despite Progress, DHS Continues to Be Challenged in Managing Multi-Billion Dollar Annual Investment in Large-Scale Systems. [hyperlink, http://www.gao.gov/products/GAO-09-1002T]. Washington, D.C.: September 15, 2009. High-Risk Series: An Update. [hyperlink, http://www.gao.gov/products/GAO-09-271]. Washington, D.C.: January 2009. Department of Homeland Security: A Strategic Approach Is Needed to Better Ensure the Acquisition Workforce Can Meet Mission Needs. [hyperlink, http://www.gao.gov/products/GAO-09-30]. Washington, D.C.: November 19, 2008. Department of Homeland Security: Billions Invested in Major Programs Lack Appropriate Oversight. [hyperlink, http://www.gao.gov/products/GAO-09-29]. Washington, D.C.: November 18, 2008. Department of Homeland Security: Progress Made in Implementation of Management Functions, but More Work Remains. [hyperlink, http://www.gao.gov/products/GAO-08-646T]. Washington, D.C.: April 9, 2008. Organizational Transformation: Implementing Chief Operating Officer / Chief Management Officer Positions in Federal Agencies. [hyperlink, http://www.gao.gov/products/GAO-08-322T]. Washington, D.C.: December 13, 2007. Department of Homeland Security: Better Planning and Assessment Needed to Improve Outcomes for Complex Service Acquisitions. [hyperlink, http://www.gao.gov/products/GAO-08-263]. Washington, D.C.: April 22, 2008. Organizational Transformation: Implementing Chief Operating Officer / Chief Management Officer Positions in Federal Agencies. [hyperlink, http://www.gao.gov/products/GAO-08-34]. Washington, D.C.: November 1, 2007. Homeland Security: DHS Enterprise Architecture Continues to Evolve but Improvements Needed. [hyperlink, http://www.gao.gov/products/GAO-07-564]. Washington, D.C.: May 9, 2007. Federal Real Property: DHS Has Made Progress, but Additional Actions Are Needed to Address Real Property Management and Security Challenges. [hyperlink, http://www.gao.gov/products/GAO-07-658]. Washington, D.C.: June 22, 2007. Homeland Security: Departmentwide Integrated Financial Management Systems Remain a Challenge. [hyperlink, http://www.gao.gov/products/GAO-07-536]. Washington, D.C.: June 21, 2007. Department of Homeland Security: Progress Report on Implementation of Mission and Management Functions. [hyperlink, http://www.gao.gov/products/GAO-07-454]. Washington, D.C.: August 17, 2007. Information Technology: DHS Needs to Fully Define and Implement Policies and Procedures for Effectively Managing Investments. [hyperlink, http://www.gao.gov/products/GAO-07-424]. Washington, D.C.: April 27, 2007. Department of Homeland Security: A Comprehensive and Sustained Approach Needed to Achieve Management Integration. [hyperlink, http://www.gao.gov/products/GAO-05-139]. Washington, D.C.: March 16, 2005. Results-Oriented Cultures: Implementation Steps to Assist Mergers and Organizational Transformations. [hyperlink, http://www.gao.gov/products/GAO-03-669]. Washington, D.C.: July 2, 2003. [End of section] Footnotes: [1] These 22 agencies, offices, and programs were U.S. Customs Service; U.S. Immigration and Naturalization Service; Federal Protective Service; Transportation Security Administration; Federal Law Enforcement Training Center; Animal and Plant Health Inspection Service; Office for Domestic Preparedness; Federal Emergency Management Agency; Strategic National Stockpile and the National Disaster Medical System; Nuclear Incident Response Team; Domestic Emergency Support Team; National Domestic Preparedness Office; Chemical, Biological, Radiological, and Nuclear Countermeasures Program; Environmental Measures Laboratory; National BW Defense Analysis Center; Plum Island Animal Disease Center; Federal Computer Incident Response Center; National Communication System; National Infrastructure Protection Center; Energy Security and Assurance Program; Secret Service; and U.S. Coast Guard. [2] GAO, Department of Homeland Security: Progress Made in Implementation of Management Functions, but More Work Remains, [hyperlink, http://www.gao.gov/products/GAO-08-646T] (Washington, D.C.: Apr. 9, 2008). [3] GAO, Department of Homeland Security: A Comprehensive and Sustained Approach Needed to Achieve Management Integration, [hyperlink, http://www.gao.gov/products/GAO-05-139] (Washington, D.C.: Mar. 16, 2005); and GAO, Results-Oriented Cultures: Implementation Steps to Assist Mergers and Organizational Transformations, [hyperlink, http://www.gao.gov/products/GAO-03-669] (Washington, D.C.: July 2, 2003). [4] Pub. L. No. 107-296, 116 Stat. 2135 (Nov. 25, 2002). [5] Pub. L. No. 110-53, 121 Stat. 266 (Aug. 3, 2007). [6] Congress enacted the Government Performance and Results Act of 1993 (GPRA) to address several broad purposes, including improving federal program effectiveness, accountability, and service delivery, and enhancing congressional decision making by providing more objective information on program performance. GPRA requires executive agencies to complete strategic plans in which they define their missions, establish results-oriented goals, and identify the strategies that will be needed to achieve those goals. GPRA also requires executive agencies to prepare annual performance plans that articulate goals for the upcoming fiscal year that are aligned with their long-term strategic goals. Finally, GPRA requires executive agencies to measure performance toward the achievement of the goals in the annual performance plan and report annually on their progress in program performance reports. Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993). [7] We selected NPPD because it (1) had the largest budget in fiscal year 2008 among all of the DHS directorates and offices, (2) has a structure of management chiefs similar to DHS's component agencies, and (3) has a unique relationship to the Management Directorate because the directorate directly provides management services to NPPD that normally occur within component agencies, such as hiring and acquisition support. [8] GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-03-119] (Washington, D.C.: January 2003). [9] GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-05-207] (Washington, D.C.: January 2005); and GAO, High-Risk Series: An Update, GAO-07-310 (Washington, D.C.: January 2007). [10] GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: January 2009). [11] [hyperlink, http://www.gao.gov/products/GAO-03-669]. [12] [hyperlink, http://www.gao.gov/products/GAO-05-139]. [13] Management chiefs in the component agencies for the acquisition and procurement function are referred to as Component Acquisition Executives (CAE) and Heads of Contracting Authority (HCA), respectively. The CAE is the senior acquisition official within the component, responsible for management and oversight of all component acquisition functions (excluding contracting). The HCA is the senior contracting official within the component, responsible for management and oversight of all component contracting functions, under the authority delegated by the CPO. [14] Section 701 of the Homeland Security Act of 2002 included this responsibility. Other responsibilities of the USM include financial management, procurement, human resources and personnel, information technology and communications systems, facilities and property management, security, performance measurements, grants and other assistance management programs, internal audits, and maintenance of immigration statistics. Pub. L. No. 107-296. [15] Pub. L. No. 110-53, § 2405. See 6 U.S.C. § 341. [16] Pub. L. No. 110-53, § 2405. [17] [hyperlink, http://www.gao.gov/products/GAO-05-139] and [hyperlink, http://www.gao.gov/products/GAO-03-669]. [18] The high-risk areas we have identified include (1) implementing and transforming DHS; (2) the National Flood Insurance Program; (3) managing federal real property; (4) strategic human capital management; (5) information sharing mechanisms to improve homeland security; and (6) protecting the federal government's information systems and critical infrastructure. [19] The CAO strategic plan is for fiscal years 2008 through 2012, the CIO strategic plan is for fiscal years 2009-2013, and the CHCO strategic plan is for fiscal years 2009 through 2013. The CSO strategic plan does not include any dates. [20] DHS, One Team, One Mission, Securing Our Homeland: U.S. Department of Homeland Security Strategic Plan, Fiscal Years 2008 - 2013 (Washington, D.C.: 2008) [21] The other strategic-level goals included in the plan are: (1) protect our nation from dangerous people; (2) protect our nation from dangerous goods; (3) protect critical infrastructure; and (4) strengthen our nation's preparedness and emergency response capabilities. [22] The second objective focuses more specifically on intelligence and information-sharing operations, including: the timely attainment of intelligence and incident-related information for threat/risk mitigation; the creation of broad structures to collect, communicate, analyze, disseminate, and integrate security and law enforcement information; and the further development of private-public information sharing partnerships. The third objective focuses more specifically on strengthening and unifying the department's strategic and policy direction, through use of improved strategic planning and assessment; and advancing the department's operations coordination capacity for planning and coordinating cross-cutting operations that require multi- component activities. [23] [hyperlink, http://www.gao.gov/products/GAO-05-139]. [24] According to the act, beginning in fiscal year 2009 and every 4 years after that, DHS must "conduct a review of the homeland security of the Nation." DHS plans to complete and report on the first QHSR no later than December 31, 2009, as required under the act. Pub. L. No. 110-53, § 2401. See 6 U.S.C. § 347. [25] The other four study areas include (1) counterterrorism and domestic security management; (2) securing our borders; (3) enforcement of immigration laws; and (4) preparing for, responding to, and recovering from disasters. [26] DHS has established performance measures in support of Objectives 5.2 and 5.3, but these measures are tracked by components other than the Management Directorate. The Management Directorate also has four other measures that support Goal 2 of DHS's Strategic Plan to "Protect Our Nation from Dangerous Goods." These performance measures are number of kilograms of cocaine seized by DHS components, number of kilograms of heroin seized by DHS components, number of kilograms of methamphetamine seized by DHS components, and number of pounds of marijuana seized by DHS components. [27] Pub. L. No. 103-62, 107 Stat. 285. [28] GAO, DHS: Billions Invested in Major Programs Lack Appropriate Oversight, GAO-09-29 (Washington, D.C.: November 18, 2009). [29] GAO, Homeland Security: Despite Progress, DHS Continues to Be Challenged in Managing Its Multi-Billion Dollar Annual Investment in Large-Scale Systems, [hyperlink, http://www.gao.gov/products/GAO-09-1002T] (Washington, D.C.: September 15, 2009). [30] [hyperlink, http://www.gao.gov/products/GAO-09-29]. [31] DHS Office of the Inspector General, Major Management Challenges Facing the Department of Homeland Security, OIG-09-08 (Washington, D.C.: November 12, 2008). [32] [hyperlink, http://www.gao.gov/products/GAO-09-1002T]. [33] A material weakness is a significant deficiency, or a combination of significant deficiencies, that result in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected. [34] DHS Office of the Inspector General, Independent Auditor's Report on FEMA's FY 2008 Mission Action Plans included in DHS FY 2009 Internal Control Playbook, OIG-09-76 (Washington, D.C.: June 5, 2009). [35] DHS Office of the Inspector General, Independent Auditor's Report on TSA's FY 2008 Mission Action Plans included in the DHS FY 2009 Internal Control Playbook, OIG-09-68 (Washington, D.C.: May 21, 2009). [36] GAO, Financial Management Systems: DHS Faces Challenges to Successfully Consolidate its Existing Disparate Systems, [hyperlink, http://www.gao.gov/products/GAO-10-210T] (Washington, D.C.: October 29, 2009). [37] DHS, DHS Budget in Brief Fiscal Year 2010 (Washington, D.C.: 2009). [38] DHS Office of the Inspector General, DHS's Progress in Disaster Recovery Planning for Information Systems, OIG-09-60 (Washington, D.C.: April 16, 2009). [39] [hyperlink, http://www.gao.gov/products/GAO-03-669]. [40] [hyperlink, http://www.gao.gov/products/GAO-03-669]. The two practices noted here were selected from nine total performance management practices because they directly related to linkages between organizational and individual goals and objectives, and to cross- cutting goals and objectives. Other practices that did not relate directly to linkages include providing and routinely using performance information to track organizational priorities, requiring follow-up actions to address organizational priorities, using competencies to provide a fuller assessment of performance, linking pay to individual and organizational performance, making meaningful distinctions in performance, involving employees and stakeholders to gain ownership of performance management systems, and maintaining continuity during transitions. [41] 6 U.S.C. § 341 (a). [42] Pub. L. No. 110-53, § 2405. See 6 U.S.C. § 341(c). [43] [hyperlink, http://www.gao.gov/products/GAO-03-669]. [44] The Management Directorate provides management services to DHS headquarters directorates and offices, which include the following organizations: Office of the DHS Secretary, Management Directorate, Science and Technology Directorate, NPPD, Office of Policy, Office of General Counsel, Office of Legislative Affairs, Office of Public Affairs, Office of the Inspector General, Office of Health Affairs, Intelligence and Analysis Directorate, Office of Operations Coordination, Citizenship and Immigration Services Ombudsman, Office of the Chief Privacy Officer, Office of Civil Rights and Civil Liberties, Office of Counternarcotics Enforcement, Domestic Nuclear Detection Office, and National Cyber Security Center. [45] Although the USM conducts the DHS CFO's performance evaluation, the CFO reports to both the Secretary of Homeland Security and the USM, as established by the Homeland Security Act of 2002 (6 U.S.C. § 342) and the Department of Homeland Security Financial Accountability Act (31 U.S.C. § 901 (b)(1)(G)). [46] Responsibilities of the component management chiefs may not correspond directly with responsibilities of the department chiefs in all management functions. [47] [hyperlink, http://www.gao.gov/products/GAO-05-139]. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: