Key Issues > DHS Management - High Risk Issue
auditing icon, source: PhotoDisc

DHS Management - High Risk Issue

The Department of Homeland Security (DHS) has improved its management of acquisition, financial, human capital, and information technology (IT) functions since its creation following the September 11 terrorist attacks. However, considerable work remains in these areas.

  1. Share with Facebook 
  2. Share with Twitter 
  3. Share with LinkedIn 
  4. Share with mail 

The Department of Homeland Security was created in 2003 following the September 11 terrorist attacks. Since that time, DHS has been on GAO’s High Risk List because DHS had to combine 22 agencies—several with major management challenges—into one department. Failure to effectively address DHS’s management and mission risks could have serious consequences for U.S. national and economic security. 

DHS has made considerable progress in transforming its original component agencies into a single department. However, DHS continues to face challenges in its management of four key areas:

  • Acquisitions. DHS’s efforts to improve the performance of its major acquisition programs are noteworthy, but the programs continue to face challenges. Issues with staffing, funding, and defining the department’s requirements (what the department needs from the tools and assets it plans to acquire) increase the likelihood that major acquisition projects will
    1. 1. cost more than expected—reducing DHS’s buying power; and,
    2. 2. take longer to complete than expected—making frontline employees wait for new capabilities.
    There can be valid reasons for cost growth or schedule delays, such as a program pursuing expanded capabilities to meet evolving threats. Other reasons for cost growth and schedule slips are more troubling, such as initial cost estimates that were not comprehensive and poorly defined requirements.
  • Human Capital. DHS has made improvements in this area but has considerable work ahead. For example, DHS is implementing a human capital strategic plan and structured workforce planning. This should better prepare DHS to fill gaps in its workforce. However, Human Capital Assessment and Accountability Framework data—a subset of the Federal Employee Viewpoint Survey—indicate that DHS employee morale has remained low relative to other government agencies. DHS has developed plans for addressing this and—after a five-year period of declining scores—has improved its scores in 2016 and 2017. DHS needs to continue to focus on improving employee morale though continued emphasis on employee engagement, among other efforts.
  • Financial Management. DHS is statutorily required to obtain audit opinions on both its financial statements and its internal control over financial reporting.  DHS received a clean audit opinion on its financial statements for 5 consecutive years—fiscal years 2013 through 2017. However, there are significant issues with DHS’s internal controls over financial reporting, information technology and financial system functionality, and instances of non-compliance with laws and regulations. These deficiencies hamper DHS’s ability to provide reasonable assurance that its financial reporting is reliable and the department is in compliance with applicable laws and regulations. In addition, much work remains to modernize components' financial management systems. Without sound controls and systems, DHS faces long-term challenges in obtaining a clean audit opinion on internal controls over financial reporting, and ensuring its financial management systems generate reliable, useful, and timely information to inform the department’s day-to-day decision making.
  • IT. In 2014, DHS established and institutionalized a robust process for reviewing each of its IT investment portfolios across the entire department, to identify potentially duplicative investments and determine the most efficient allocation of resources within each portfolio. However, for the past 2 fiscal years, DHS has not fully sustained these investment management practices, which may limit its ability to identify potentially duplicative investments and consolidation opportunities department-wide.

    In 2015, DHS also shifted its IT focus from acquiring assets to acquiring services. Now, DHS’s IT work includes acting as a service broker (i.e., an intermediary between the purchaser of a service and the seller of that service). According to DHS officials, this change requires a major transition in the skill sets of DHS’s IT workforce, as well as the hiring, training, and managing of staff with those new skill sets. The department initiated a workforce planning initiative—distinct from the initiative mentioned above—to specifically identify the skills needed to support this paradigm shift and address any gaps. According to DHS officials, they plan to complete this initiative in 2019.

    Additionally, DHS has taken steps to enhance its information security program, but has continued to experience security weaknesses. According to the department’s financial statement auditor, DHS had made progress in correcting its prior year IT security weaknesses. However, in November 2014—for the 14th consecutive year—the auditor designated deficiencies in IT security controls over financial systems as a weakness.
Looking for our recommendations? Click on any report to find each associated recommendation and its current implementation status.

Videos

GAO: Comptroller General Testifies to U.S. Senate on GAO's 2017 High Risk List
GAO: Comptroller General Testifies to U.S. House on GAO's 2017 High Risk List

Podcasts

Oversight of DHS AcquisitionsMonday, March 16, 2015
Quick Look at DHS AcquisitionsWednesday, April 22, 2015
DHS Quick LookThursday, March 31, 2016
  • portrait of Chris Currie
    • Chris Currie
    • Director, Homeland Security and Justice
    • CurrieC@gao.gov
    • 404-679-1875