Homeland Security:
Applying Risk Management Principles to Guide Federal Investments
GAO-07-386T: Published: Feb 7, 2007. Publicly Released: Feb 7, 2007.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Text:
Contact:
(202) 512-8757
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Since the terrorist attacks of September 11, 2001, and the subsequent creation of the Department of Homeland Security (DHS), the federal government has provided DHS with more than $130 billion in budget authority to make investments in homeland security. However, as GAO has reported, this federal financial assistance has not been guided by a clear risk-based strategic plan that fully applies risk management principles. This testimony discusses the extent to which DHS has taken steps to apply risk management principles to target federal funding for homeland security investments (1) in making grant allocations, (2) in funding transportation and port security enhancements, (3) in other DHS mission areas, and (4) at a strategic level across DHS. This testimony summarizes previous GAO work in these areas.
Risk management, a strategy for helping policymakers make decisions about assessing risk, allocating resources, and taking actions under conditions of uncertainty, has been endorsed by Congress, the President, and the Secretary of DHS as a way to strengthen the nation against possible terrorist attacks. DHS has used risk management principles to invest millions of dollars at the state and local level as part of its Urban Area Security Initiative (UASI) grants. For fiscal year 2006, DHS adopted a risk management approach to determine which UASI areas were eligible for funding. For the fiscal year 2007 grant process, DHS made substantial changes to its 2006 risk assessment model, simplifying its structure, reducing the number of variables considered, and incorporating the intelligence community's assessment of threats in candidate urban areas. The fiscal year 2007 model considers most areas of the country equally vulnerable to attack; its analysis focuses on the expected impact and consequences of successful attacks occurring in specific areas. DHS and the components of DHS responsible for transportation and port security have taken steps to apply risk management principles with varying degrees of progress. The Transportation Security Administration has not completed a methodology for assessing risk, and until the overall risk to the entire transportation sector is identified, it will be difficult to determine where and how to target limited resources to achieve the greatest security gains. The progress of each of DHS's three components responsible for port security varies according to organizational maturity and the complexity of its risk management task. The Coast Guard, created in 1915, was the most advanced in implementing a risk-based approach. Meanwhile, the Office for Domestic Preparedness (responsible for grants) and the Information Analysis and Infrastructure Protection Directorate (responsible for all sectors of the nation's critical infrastructure) were brought to or established with DHS in 2003 and lagged behind the Coast Guard in applying risk management to port security. Other DHS mission areas GAO has assessed include border security, immigration enforcement, immigration services, critical infrastructure protection, and science and technology; the extent to which a risk management approach has been implemented in each area varies. While DHS has called for using risk-based approaches to prioritize its resource investments, and for developing plans and allocating resources in a way that balances security and freedom, DHS has not comprehensively implemented a risk management approach--a difficult task. However, adoption of a comprehensive risk management framework is essential for DHS to assess risk by determining which elements of risk should be addressed in what ways within available resources.
Apr 18, 2018
-
Immigration Detention:
Opportunities Exist to Improve Cost EstimatesGAO-18-343: Published: Apr 18, 2018. Publicly Released: Apr 18, 2018.
Apr 13, 2018
-
Coast Guard Acquisitions:
Status of Coast Guard's Heavy Polar Icebreaker AcquisitionGAO-18-385R: Published: Apr 13, 2018. Publicly Released: Apr 13, 2018.
Mar 29, 2018
-
Border Security:
Actions Needed to Strengthen Performance Management and Planning for Expansion of DHS's Visa Security Program [Reissued with Revisions Mar. 29, 2018]GAO-18-314: Published: Mar 20, 2018. Publicly Released: Mar 27, 2018.
Mar 15, 2018
-
Border Security:
Progress and Challenges with the Use of Technology, Tactical Infrastructure, and Personnel to Secure the Southwest BorderGAO-18-397T: Published: Mar 15, 2018. Publicly Released: Mar 15, 2018. -
U.S. Ports of Entry:
CBP Public-Private Partnership Programs Have Benefits, but CBP Could Strengthen Evaluation EffortsGAO-18-268: Published: Mar 15, 2018. Publicly Released: Mar 15, 2018.
Mar 14, 2018
-
Customs and Border Protection:
Automated Trade Data System Yields Benefits, but Interagency Management Approach Is NeededGAO-18-271: Published: Mar 14, 2018. Publicly Released: Mar 14, 2018.
Mar 7, 2018
-
Coast Guard:
Actions Needed to Improve Data Quality and Transparency for Reporting on Mission Performance and Capital PlanningGAO-18-408T: Published: Mar 7, 2018. Publicly Released: Mar 7, 2018.
Feb 15, 2018
-
Critical Infrastructure Protection:
Additional Actions Are Essential for Assessing Cybersecurity Framework AdoptionGAO-18-211: Published: Feb 15, 2018. Publicly Released: Feb 15, 2018.
Feb 7, 2018
-
Critical Infrastructure Protection:
Electricity Suppliers Have Taken Actions to Address Electromagnetic Risks, and Additional Research Is OngoingGAO-18-67: Published: Feb 7, 2018. Publicly Released: Feb 7, 2018.
Feb 1, 2018
-
Aviation Security:
TSA Uses Current Assumptions and Airport-Specific Data for Its Staffing Process and Monitors Passenger Wait Times Using Daily Operations DataGAO-18-236: Published: Feb 1, 2018. Publicly Released: Feb 1, 2018.
Looking for more? Browse all our products here