DHS Financial Management: Actions Needed to Improve Systems Modernization and Address Coast Guard Audit Issues
Fast Facts
There's still a lot of work to do to modernize the financial management systems at FEMA, Immigration and Customs Enforcement (ICE), and the Coast Guard within the Department of Homeland Security.
FEMA and ICE are in the planning phases of their modernization efforts. The Coast Guard has begun using a new financial management system—part of a larger $510 million modernization effort—but it's not working as expected.
Resolving issues identified during testing before moving on to the next phase would bolster modernization efforts. Our recommendations address this issue.
DHS financial management remains a topic on our High Risk List.
Highlights
What GAO Found
The Department of Homeland Security (DHS) has defined and implemented a tiered governance structure to provide oversight of its financial systems modernization programs. In 2018, DHS also established the Joint Program Management Office to lead all aspects of the modernization programs, in partnership with DHS components. DHS has both department-level and program-specific plans to modernize financial systems. Financial systems modernization plans at selected DHS components include U.S. Coast Guard, Federal Emergency Management Agency (FEMA), and U.S. Immigration and Customs Enforcement (ICE), among others.
- Coast Guard deployed its new financial management system in December 2021 as part of a $510 million modernization program, and declared initial operational capability in June 2022. However, Coast Guard did not achieve expected full operational capability in December 2022. The program office is developing a remediation plan.
- FEMA and ICE are in the planning phases of their financial systems modernization efforts. In November 2022, DHS awarded contracts for software licenses and stated that it plans to award contracts for system integration services for these components.
Additionally, DHS established a process and continues to document and consider lessons learned from current and past modernization attempts. These lessons are to be shared with upcoming modernization programs.
Although DHS identified, documented, and tracked metrics to assess Coast Guard's system deployment, DHS found that the system was not achieving expected capabilities. This is because DHS did not address and remediate known issues identified in operational testing. DHS's subsequent operational testing and evaluation of the system found that it was not effective, responsive, or reliable. Therefore, DHS could not proceed to full operational capability of the system. It is now in the process of developing a remediation plan to address outstanding issues.
DHS risks not fully achieving its goal of deploying systems that produce reliable data for management decision-making and financial reporting if it does not remediate serious issues identified by testing. Resolving deficiencies identified by testing before proceeding to the next phase in the acquisition process can help reduce the risk that future system modernization efforts at FEMA and ICE will not meet mission needs or expected capabilities.
GAO also found that corrective action plans Coast Guard developed to address its fiscal year 2021 audit findings did not always contain all of the data attributes recommended in applicable guidance. For example, although DHS guidance emphasizes the importance of root cause analyses in resolving deficiencies, such analyses were often not done. Therefore, Coast Guard is at an increased risk that its corrective actions will not effectively address identified deficiencies.
Why GAO Did This Study
Since DHS's creation in 2003, it has faced significant internal control and financial management systems deficiencies. These issues contributed to GAO designating DHS financial management as high risk. To address its financial management issues, DHS is executing a multiyear plan, to include implementing modern financial management systems at its components, including Coast Guard, FEMA, and ICE.
In this report, GAO (1) describes the oversight, program management, plans, and lessons learned from past and current financial systems modernization efforts; (2) examines the extent to which the Coast Guard is achieving expected capabilities with its newly deployed financial management system; and (3) examines the extent to which Coast Guard has addressed audit findings related to financial reporting and IT system weaknesses.
GAO met with DHS officials, reviewed key documents and plans related to modernization efforts, and assessed Coast Guard corrective action plans to address fiscal year 2021 audit findings.
Recommendations
GAO is making four recommendations, including that the Joint Program Management Office work with Coast Guard, FEMA, and ICE to remediate issues identified by testing; and that Coast Guard follow applicable guidance when developing corrective action plans. DHS concurred with the recommendations and described actions it has taken and will take to address them.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Homeland Security |
Priority Rec.
DHS's Under Secretary for Management should ensure that the Joint Program Management Office works with Coast Guard to remediate known issues identified from testing, prior to declaring full operational capability for the ongoing financial systems modernization efforts. (Recommendation 1) |
DHS concurred with the recommendation. In April 2023, DHS officials approved a plan to remediate known issues identified from system testing (i.e., breach remediation plan). The plan included (1) high-level root causes for the system performance issues or breach, (2) associated lessons learned, and (3) actions that the Joint Program Management Office (JPMO) will take to address the issues that were identified. According to DHS, its rebaselining efforts are ongoing. JPMO expects to address known issues and declare full operational capability in August 2025. To resolve this recommendation, DHS needs to fully implement its breach remediation plan, fully remediate the known issues, and declare full operational capability for Coast Guard's new financial management system. We will continue to monitor the department's progress towards implementing this recommendation.
|
| Department of Homeland Security |
Priority Rec.
DHS's Under Secretary for Management should ensure that the Joint Program Management Office works with FEMA to remediate issues as they arise from user testing prior to moving forward with subsequent milestones for the ongoing financial systems modernization efforts. (Recommendation 2) |
DHS concurred with the recommendation. DHS officials described actions they planned to take. Specifically, DHS stated that the Joint Program Management Office (JPMO) will ensure that lessons learned from prior financial systems implementation translate into appropriate actions for the ongoing FEMA financial systems modernization efforts. DHS's overall estimated completion date for these actions is planned for September 30, 2024. To fully implement this recommendation, FEMA needs to complete the discovery process to develop functional requirements for its new system and work with JPMO to help ensure that issues identified prior to the new system going live are remediated in a timely manner. We will continue to monitor the department's progress towards implementing this recommendation.
|
| Department of Homeland Security |
Priority Rec.
DHS's Under Secretary for Management should ensure that the Joint Program Management Office works with ICE to remediate issues as they arise from user testing prior to moving forward with subsequent milestones for the ongoing financial systems modernization efforts. (Recommendation 3) |
DHS concurred with this recommendation. DHS officials described actions they planned to take. Specifically, DHS stated that the Joint Program Management Office (JPMO) will ensure that lessons learned from prior financial systems implementation translate into appropriate actions for the ongoing ICE financial systems modernization efforts. DHS's overall estimated completion date for these actions is planned for September 30, 2024. To fully implement this recommendation, ICE needs to complete the discovery process to develop functional requirements for its new system and work with JPMO to help ensure that issues identified prior to the new system going live are remediated in a timely manner. We will continue to monitor the department's progress towards implementing this recommendation.
|
| Department of Homeland Security | DHS's Under Secretary for Management should ensure that Coast Guard follows applicable guidance when developing corrective action plans to include documenting the root cause analysis and other recommended attributes. (Recommendation 4) |
In November 2023, DHS leadership communicated to components, including the Coast Guard, the requirements to perform root causes analysis for all audit findings. This correspondence stated that components should use the DHS Internal Control Mission Action Plan Guide and listed several key activities, including root cause analysis, for closing audit findings and recommendations. Also in November 2023, Coast Guard issued an update to its Mission Action Plan Desk Guide, which includes recommended steps for developing a Mission Action Plan, including root cause analysis. We verified that Cost Guard followed applicable guidance when developing corrective action plans, including documenting the root cause analysis and other attributes for both financial reporting and information technology audit findings. The additional procedures described in Coast Guard's guidance, as well as management's focus on this area, meet the intent of this recommendation.
|