Information Technology:

Improvements for Acquisition of Customs Trade Processing System Continue, but Further Efforts Needed to Avoid More Cost and Schedule Shortfalls

GAO-08-46: Published: Oct 25, 2007. Publicly Released: Oct 25, 2007.

Additional Materials:

Contact:

Randolph C. Hite
(202) 512-6256
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Department of Homeland Security (DHS) established the Automated Commercial Environment (ACE) program to replace and supplement existing cargo processing technology. According to the fiscal year 2007 DHS appropriations act, DHS is to develop and submit an expenditure plan for ACE that satisfies certain conditions, including being reviewed by GAO. GAO reviewed the plan to (1) determine whether the expenditure plan satisfies the legislative conditions, (2) determine the status of 15 open GAO recommendations, and (3) provide observations about the expenditure plan and DHS's management of the program. To address the mandate, GAO assessed plans and related documentation against federal guidelines and industry standards and interviewed the appropriate DHS officials.

The ACE expenditure plan satisfies many--but not all--of the legislative conditions specified in the fiscal year 2007 DHS appropriations act. Specifically, the plan (with related program documentation and officials' statements) complies with acquisition rules, requirements, guidelines, and management practices of the federal government; includes a DHS certification that an independent verification and validation agent is under contract; was reviewed and approved by DHS and the Office of Management and Budget (OMB); and was reviewed by GAO. In addition, it partially satisfies conditions for meeting the capital planning and investment control review requirements established by OMB in Circular A-11 (part 7), including information security, and for complying with the DHS enterprise architecture. DHS has implemented eight open GAO recommendations made during the past 4 years, including those related to performance measures and targets, independent verification and validation, cost estimation, and program reporting. Seven other recommendations made during this time are in the process of being implemented. With respect to these seven, DHS has taken steps to satisfy each, such as establishing an accountability framework, reducing overlap and concurrence among ACE releases, and completing a privacy impact assessment, and actions are under way or planned to more fully address them. GAO is making three new observations about the expenditure plan and the management of ACE. First, the program is taking needed steps to redefine requirements for several ACE releases because of limitations in the completeness of original requirements, but this redefinition is likely to introduce significant program schedule delays and cost increases. Second, the changes to ACE requirements have led to replacement of a key commercial product, but the new product carries the risk of negatively impacting user productivity. Third, the automated database used for managing ACE risks is incomplete and does not contain information needed to adequately inform program decisions. All told, DHS has continued to make progress on ACE, and the program is better positioned today for delivering promised capabilities and benefits than it has been in the past. Nevertheless, key program management practices relating to, for example, human capital management, requirements management, and risk management remain a challenge, and other management areas, such as information security and architecture alignment, continue to require attention. As a result, GAO sees major program schedule delays and cost overruns on the horizon. To improve ACE management and minimize exposure to risk, it is important for DHS to remain vigilant in its efforts to satisfy ACE legislative requirements, fully implement prior GAO recommendations, and keep Congress fully informed about the program's status, plans, and risk.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: As of May 2011, U.S. Customs and Border Protection (CBP) had substantially met this recommendation by reporting to Congress in its quarterly reports on the status of unmet legislative conditions and our recommendations. In a series of reports from fiscal year 2006 through 2011, CBP individually identified all of the unmet conditions and recommendations from this report except one (for the legislative condition that the Automated Commercial Environment (ACE) spend plan satisfy capital planning and investment control review requirements established by OMB in Circular A-11), described actions taken to satisfy them and implement mitigation strategies, and informed Congress when its actions were complete. As a result, Congress was better informed of CBP's progress in strengthening its management of ACE and could more fully determine whether ACE was meeting its program performance goals.

    Recommendation: To further strengthen ACE management and promote accountability for ACE performance and results, the Secretary of Homeland Security should direct the Customs and Border Protection (CBP) Commissioner to ensure that future quarterly reports to the House and Senate Appropriations Committees disclose the risks and associated mitigation strategies of not having fully satisfied the expenditure plan legislative conditions and not having completed implementation of all our prior recommendations.

    Agency Affected: Department of Homeland Security

  2. Status: Closed - Implemented

    Comments: U.S. Customs and Border Protection (CBP) demonstrated implementation of this recommendation in its report to Congress for the third quarter of fiscal year 2009. This report related results from its analysis of redefined requirements and commercial products for the Automated Commercial Environment (ACE), and presented its conclusion that no long-term cost or schedule impacts were anticipated because the new solution would (a) be better integrated with CBP architecture, (b) meet ACE requirements with equivalent development efforts, (c) address performance concerns with hardware additions, and (d) not affect the ACE architecture. The report also described the status and impacts of changing its commercial off-the-shelf solution from SAP Enterprise Portal to SAP Transaction Server. Finally, the report documented a lesson learned by stating that CBP realized the necessity of early identification and resolution of issues such as this, and had reorganized its architecture team to provide more oversight across release teams. By implementing this recommendation, CBP has provided Congress with additional assurance that it has appropriately analyzed ACE's requirements and commercial solution when making changes, and has instituted a mechanism to address similar situations in the future.

    Recommendation: To further strengthen ACE management and promote accountability for ACE performance and results, the Secretary of Homeland Security should direct the CBP Commissioner to ensure that future quarterly reports to the House and Senate Appropriations Committees the status and impacts on the program's estimated cost and schedule and lessons learned from ongoing efforts to redefine requirements and to implement a different commercial off-the-shelf product than originally selected.

    Agency Affected: Department of Homeland Security

  3. Status: Closed - Implemented

    Comments: U.S. Customs and Border Protection (CBP) demonstrated implementation of this recommendation in two reports submitted to Congress after our report was issued. In October 2009 and March 2010, CBP reported to Congress on the ways it was improving risk management for its Automated Commercial Environment, which included tracking the draft mitigation strategies to the associated risks, discussing the status of risks at weekly meetings, and updating the risk database based on these discussions. The 2010 congressional report also described a risk response plan and listed generic risk mitigation for schedule, cost, requirements management, and other program risks. Program artifacts we examined from 2010--such as risk tracking and mitigation status spreadsheets, risk tracking data base reports, and risk meeting minutes--were consistent with the risk management improvements CBP reported to Congress. As a result, Congress is better informed of ACE's risk management approach and efforts, and CBP's process and decisions for managing risk are more consistently documented and communicated.

    Recommendation: To further strengthen ACE management and promote accountability for ACE performance and results, the Secretary of Homeland Security should direct the CBP Commissioner to ensure that future quarterly reports to the House and Senate Appropriations Committees the program's plans and actions for improving ACE risk management and its current inventory of program risks, including their associated mitigation strategies and the status of the strategies' implementation.

    Agency Affected: Department of Homeland Security

 

Explore the full database of GAO's Open Recommendations »

Nov 24, 2020

Nov 23, 2020

Nov 18, 2020

Nov 16, 2020

Oct 7, 2020

Sep 25, 2020

Sep 23, 2020

Sep 10, 2020

Looking for more? Browse all our products here