Supply Chain Security:
Providing Guidance and Resolving Data Problems Could Improve Management of the Customs-Trade Partnership Against Terrorism Program
GAO-17-84: Published: Feb 8, 2017. Publicly Released: Feb 8, 2017.
What GAO Found
Staff from U.S. Customs and Border Protection's (CBP) Customs-Trade Partnership Against Terrorism (C-TPAT) program have faced challenges in meeting C-TPAT security validation responsibilities because of problems with the functionality of the program's data management system (Portal 2.0). In particular, since the system was updated in August 2015, C-TPAT staff have identified instances in which the Portal 2.0 system incorrectly altered C-TPAT members' certification or security profile dates, requiring manual verification of member data and impairing the ability of C-TPAT security specialists to identify and complete required security validations in a timely and efficient manner. While the focus of CBP's staff was initially on documenting and addressing Portal 2.0 problems as they arose, the staff have begun to identify root causes that led to the Portal 2.0 problems. For example, CBP staff cited unclear requirements for the system and its users' needs, coupled with inadequate testing, as factors that likely contributed to problems. In response, CBP staff have outlined recommended actions, along with timeframes for completing the actions. The staff stated that they will continue to work on identifying and addressing potential root causes of the Portal problems through 2017. C-TPAT officials told us that despite the Portal 2.0 problems, they have assurance that required security validations are being tracked and completed as a result of record reviews taking place at field offices. However, these field office reviews were developed in the absence of standardized guidance from C-TPAT headquarters. While the current validation tracking processes used by field offices do account for security validations conducted over the year, standardizing the process used by field offices for tracking required security validations could strengthen C-TPAT management's assurance that its field offices are identifying and completing the required security validations in a consistent and reliable manner.
CBP cannot determine the extent to which C-TPAT members are receiving benefits because of data problems. Specifically, since 2012, CBP has compiled data on certain events or actions it has taken regarding arriving shipments—such as examination and hold rates and processing times—for both C-TPAT and non-C-TPAT members through its Dashboard data reporting tool. However, on the basis of GAO's preliminary analyses and subsequent data accuracy concerns cited by C-TPAT program officials, GAO determined that data contained in the Dashboard could not be relied on for accurately measuring C-TPAT member benefits. Also, CBP has likely relied on such questionable data since it developed the Dashboard in 2012, and, thus, cannot be assured that C-TPAT members have consistently received the benefits that CBP has publicized. C-TPAT officials stated that they are analyzing the Dashboard to finalize an action plan to correct the data concerns. It is too soon to tell, though, whether this process will fully address the accuracy and reliability issues. Despite these issues, C-TPAT officials are exploring new member benefits, and industry officials we met with generally spoke positively of the C-TPAT program.
Why GAO Did This Study
The economic well-being of the United States depends on the movement of millions of cargo shipments throughout the global supply chain—the flow of goods from manufacturers to retailers or other end users. However, cargo shipments can present security concerns. CBP is responsible for administering cargo security and facilitating the flow of legitimate commerce. CBP has implemented several programs as part of a risk-based approach to supply chain security. One such program, C-TPAT, is a voluntary program in which CBP staff validate that members' supply chain security practices meet minimum security criteria. In return, members are eligible to receive benefits, such as a reduced likelihood their shipments will be examined.
This report assesses the extent to which (1) CBP is meeting its security validation responsibilities, and (2) C-TPAT members are receiving benefits. GAO reviewed information on security validations, member benefits, and other program documents. GAO also interviewed officials at CBP headquarters and three C-TPAT field offices chosen for their geographical diversity; as well as select C-TPAT members and trade industry officials.
What GAO Recommends
GAO is recommending that CBP develop (1) standardized guidance for field offices regarding the tracking of information on security validations, and (2) a plan with milestones and completion dates to fix the Dashboard so the C-TPAT program can produce accurate data on C-TPAT member benefits. DHS concurred with GAO's recommendations.
For more information, contact Jennifer Grover at (202) 512-7141 or Groverj@gao.gov.
Recommendations for Executive Action
Status: Closed - Implemented
Comments: In February 2017, we reported on U.S. Customs and Border Protection (CBP) efforts to validate the supply chain security procedures in place at entities who are members of the Customs-Trade Partnership Against Terrorism (C-TPAT) program. During the course of our follow-up review on recommendation #1, we found that required security validations were being identified and completed in a timely manner because the C-TPAT field offices were keeping records on required and completed security validations apart from data recorded in the C-TPAT centralized database, Portal 2.0. However, we also found that C-TPAT headquarters had not issued centralized guidance or standard operating procedures to be used by C-TPAT field offices to ensure that they were tracking and completing the required security validations in a consistent manner. As a result, the field offices had each developed their own varied approaches for tracking required security validations and recording those that were completed. Consequently, we recommended that CBP develop standardized guidance for the C-TPAT field offices to use in tracking and reporting information on the number of required and completed security validations to enhance management and visibility of the program by C-TPAT program management staff at CBP headquarters. In April 2017, CBP officials provided us with documentation, to include a common worksheet, instructions, and related standard operating procedures, for C-TPAT field offices to use in tracking and reporting information to C-TPAT headquarters staff on security validations required and completed. We reviewed the information and interviewed C-TPAT officials in two field offices and C-TPAT's Plans and Operations Branch about the new procedures. In early August 2017, we asked for additional evidence that C-TPAT is ensuring one standard approach across its field offices for capturing and reporting security validations required and completed. In September 2017, CBP officials provided us with an updated standard operating procedure document and refinements to the common worksheet that fully responded to questions we had raised, including having field offices separately track the net number of security validations required and completed. CBP also provided us with examples of Work Analysis Plans that documented the number of completed and pending security validations, by field office, reported to C-TPAT management on a monthly basis. In December 2017, CBP provided further evidence verifying that the updated standard operating procedures called for one approach across all C-TPAT field offices for verifying security validations completed. As a result of the CBP actions, the status of this recommendation is being changed to Closed-Implemented.
Recommendation: To ensure that C-TPAT program managers are provided consistent data from the C-TPAT field offices on security validations, the Commissioner of U.S. Customs and Border Protection should develop standardized guidance for the C-TPAT field offices to use in tracking and reporting information on the number of required and completed security validations.
Agency Affected: Department of Homeland Security: United States Customs and Border Protection
Comments: In July 2017, CBP provided us (GAO) with documentation, to include: a schedule of completed and planned activities related to refining data reporting system requirements, testing of preliminary results from new data runs, developing a reporting system for tracking security examination rates, and a copy of the results of a preliminary data run identifying shipment examination rates by mode of transportation and C-TPAT member Tier level. In October 2017, CBP staff informed us that the steps being taken to address this recommendation were to continue through January 2018. In February 2018, we received updated information from the CBP liaison informing us that, although CBP had taken steps to refine and enhance the data system, there were problems with the importing of some data from an older system into the updated system (C-TPAT Dashboard) and, consequently, CBP changed the estimated completion date for addressing this recommendation to the end of July 2018. In May, July, September, and November of 2018, CBP provided additional documentation of continuing steps it was taking to improve the data system, including a development of a root cause analysis of the problems with the data, and an action plan with steps being taken to address identified issues. In response to follow-on data requests, CBP provided a description of program linkages that would help ensure that a C-TPAT member's status was properly updated with any change in the system, as well copies of an updated Standard Operating Procedure for managing C-TPAT member benefits and a discrepancy report that identified instances where a member's account status was incorrect. These discrepancies are to be completed in field offices by January 2019, at which time CBP should provide us with an update on their status.
Recommendation: To ensure the availability of complete and accurate data for managing the C-TPAT program and establishing and maintaining reliable indicators on the extent to which C-TPAT members receive benefits, the Commissioner of U.S. Customs and Border Protection should determine the specific problems that have led to questionable data contained in the Dashboard and develop an action plan, with milestones and completion dates, for correcting the data so that the C-TPAT program can produce accurate and reliable data for measuring C-TPAT member benefits.
Agency Affected: Department of Homeland Security: United States Customs and Border Protection