DHS Management - High Risk Issue
The Department of Homeland Security (DHS) has improved its management of acquisition, information technology, financial, and human capital functions since its creation following the September 11 terrorist attacks. However, considerable work remains in these areas.
Implementing and transforming the Department of Homeland Security (DHS) was designated as high risk in 2003 because DHS had to transform 22 agencies—several with major management challenges—into one department. Failure to effectively address the management and program challenges that arose from this effort could have serious consequences for U.S. national security.
Since 2003, the focus of this high-risk area has evolved in tandem with DHS’s maturation and evolution. By September 2011, DHS had implemented key homeland security operations but continued to have management issues related to acquisition, information technology, financial management, and human capital. Consequently, the scope of this high-risk area was narrowed in 2013 to focus on these areas.
DHS has made efforts to improve the performance of its major acquisition programs, but these programs continue to face challenges. Issues with staffing, funding, and defining the department’s requirements (what the department needs from the tools and assets it plans to acquire) increase the likelihood that major acquisition projects will cost more and take longer to complete than expected.
There can be valid reasons for cost growth or schedule delays, such as a program pursuing expanded capabilities to meet evolving threats. However, other reasons for cost growth and schedule slips are more troubling, such as initial cost estimates that were not comprehensive and requirements that were poorly defined.
Department of Homeland Security Major Acquisitions for the U.S. Customs and Border Protection, U.S. Coast Guard, and the Transportation Security Administration
DHS has updated its approach for managing its information technology (IT) investments by assessing these investments across the department on an ongoing basis. DHS has also taken steps to improve its information security and, in November 2018, the department’s financial statement auditor reported that DHS had made progress in correcting its prior year IT security weaknesses.
However, for the 15th consecutive year, the auditor identified weaknesses in DHS’s information technology control that call into question the accuracy of the department’s financial statements. In addition, the department has not identified its IT staffing needs for specialty areas like cybersecurity management as required by the Homeland Security Cybersecurity Workforce Assessment Act.
Every year, DHS is required to obtain audit opinions on both its financial statements and its internal control over financial reporting. DHS received a clean audit opinion on its financial statements for 6 consecutive years—fiscal years 2013 to 2018. However, its auditor reported serious problems with the department’s 2018 financial reporting processes, as well as instances of non-compliance with laws and regulations. Together, these concerns hamper DHS’s ability to reasonably assure that its financial reporting is reliable and that it is complying with applicable laws and regulations.
DHS has made a number of improvements in how it manages its human capital. For example, DHS is implementing a human capital strategic plan and structured workforce planning, which should better prepare it to fill gaps in its workforce. However, Employee Engagement Index (EEI) data—a subset of the Office of Personnel Management’s (OPM) Federal Employee Viewpoint Survey (FEVS)—indicates that DHS employee engagement has remained low relative to other government agencies.
Consistent with OPM guidance, DHS developed plans to address this and—after 5 years of declining scores—improved its scores in 2016 and 2017 and held steady in 2018. However, DHS has considerable work ahead to improve its employee engagement because its 2018 EEI scores ranked lowest among 20 large and very large federal agencies.
Office of Personnel Management’s Steps to Improve Federal Employee Viewpoint Survey (FEVS) Scores
GAO-19-157SP: Published: Mar 6, 2019. Publicly Released: Mar 6, 2019.
Every 2 years, we report on federal programs and operations that are vulnerable to waste, fraud, abuse, and mismanagement, or that need broad reform—our High Risk List. Our 2019 report reviews the status of areas on the list and outlines steps to lasting solutions. The ratings for over half of the 35 areas on our list remain unchanged. Since our last update, 7 areas improved and 3 regressed. We...
GAO-18-550: Published: Aug 8, 2018. Publicly Released: Aug 8, 2018.
The Department of Homeland Security invests billions of dollars each year in major acquisition programs to assist in executing its many critical missions. We’ve previously found that DHS agencies had acquisition programs that did not meet requirements. Sometimes operational requirements were poorly defined, increasing the risk of not meeting the needs of end users in the field, such as emergency...
GAO-18-466: Published: Jun 14, 2018. Publicly Released: Jun 14, 2018.
As required by the Federal Cybersecurity Workforce Assessment Act of 2015 (act), the Office of Personnel Management (OPM) developed a cybersecurity coding structure under the National Initiative for Cybersecurity Education (NICE) as well as procedures for assigning codes to federal civilian cybersecurity positions. However, OPM issued the coding structure and procedures 5 and 4 months later than t...
GAO-18-339SP: Published: May 17, 2018. Publicly Released: May 17, 2018.
Each year, the Department of Homeland Security invests billions of dollars in major acquisitions such as aircraft and surveillance technology. We reviewed DHS's portfolio of major acquisitions and found that, in 2017, more than half of its programs needed more time and money than initially planned—an increase from 2016. DHS has strengthened its policies for managing acquisitions as a portfolio...
GAO-18-175: Published: Feb 6, 2018. Publicly Released: Feb 6, 2018.
The Department of Homeland Security (DHS) has taken actions to identify, categorize, and assign employment codes to its cybersecurity positions, as required by the Homeland Security Cybersecurity Workforce Assessment Act of 2014; however, its actions have not been timely and complete. For example, DHS did not establish timely and complete procedures to identify, categorize, and code its cybersecu...
GAO-17-799: Published: Sep 26, 2017. Publicly Released: Sep 26, 2017.
The Department of Homeland Security's (DHS) TRIO project represents a key effort to address long-standing financial management system deficiencies. During 2012 and 2013, the TRIO components—U.S. Coast Guard (Coast Guard), Transportation Security Administration (TSA), and Domestic Nuclear Detection Office (DNDO)—each completed an alternatives analysis (AA) to determine a preferred alternative f...
GAO-17-284: Published: May 18, 2017. Publicly Released: May 18, 2017.
The Department of Homeland Security (DHS) has fully implemented 28 of the 31 selected Federal Information Technology (IT) Acquisition Reform Act (FITARA) action plans; however, as of December 2016, DHS did not fulfill all aspects of 3 action plans. For example, one action plan is to use an updated process for reviewing troubled programs to provide support to such programs; however, DHS has not fin...