Customs Service Modernization: Automated Commercial Environment Progressing, but Further Acquisition Management Improvements Needed
GAO-03-406 Published: Feb 28, 2003. Publicly Released: Feb 28, 2003.
Skip to Highlights
Skip to Recommendations
The U.S. Customs Service is conducting a multiyear, multibillion dollar project, the Automated Commercial Environment (ACE), a new trade processing system that is planned to support effective and efficient movement of goods into the United States. By congressional mandate, Customs' expenditure plans for ACE must meet certain conditions, including being reviewed by GAO. This study addresses whether Customs' latest plan satisfies these conditions and provides observations about the plan and Customs' efforts to implement GAO's open recommendations for improving ACE management.
Recommendations for Executive Action
|Directorate of Border and Transportation Security||To ensure that Customs has the requisite capability to manage its ACE acquisition, the Commissioner of the Customs Service should designate strengthening CMO human capital and acquisition processes as priority matters.||
The Commissioner of Customs (Customs is now known as the Bureau of Customs and Border Protection (CBP)) took steps to designate strengthening the Customs and Border Protection Modernization Office's human capital and Software Acquisition Capability Maturity Model (SA-CMM) processes as priority matters. For example, in its June 2003 and October 2003 reports to Congress, CBP explained that it was particularly focused on strengthening both its human capital management and acquisition processes.
|Directorate of Border and Transportation Security||The Commissioner of the Customs Service should direct the Chief Information Officer (CIO) to immediately develop and implement each of the missing Software Engineering Institute Software Acquisition Capability Maturity Model practices for the key process areas discussed in this report, and until this is accomplished, report to its appropriations subcommittees quarterly on the progress of its efforts to do so.||
Customs, now known as the Bureau of Customs and Border Protection (CBP), has taken steps to develop and implement each of the key process areas for the SA-CMM level 2 key process areas and the level 3 acquisition risk management area. SEI assessed the acquisition management of Releases 1 through 4 against the SA-CMM level 2 criteria. On November 5, 2003, SEI assigned the program a level 2 rating, meaning that the program has established basic acquisition management processes. Based on the $1.5 billion budgeted for ACE during fiscal years 2004-2008, implementation of GAO's recommendation will result in an estimated cost reduction to the agency of about $158.6 million. SEI also conducted an unrated assessment of the program's acquisition risk management capability in May 2003. The assessment identified two weaknesses: (1) risk management was not integrated into acquisition planning and (2) a defined organizational process was not used to produce the program's acquisition risk management plan. CBP has addressed these weaknesses by updating its acquisition planning process to include risk management activities and by documenting an acquisition risk management process. CBP's October 2003 report to its appropriations committees reported on the status of these acquisition management improvement efforts.
|Directorate of Border and Transportation Security||The Commissioner of the Customs Service should direct the CIO to develop and implement the missing human capital management practices discussed in this report, and until this is accomplished, report to its appropriations committees quarterly on the progress of its efforts to do so.||
Customs, now known as the U.S. Customs and Border Protection (CBP), has taken several steps to improve human capital management for the Automated Commercial Environment (ACE) program, but has not yet applied a complete set of key practices to the program as we previously recommended. In June 2006, CBP executives approved the Office of Information Technology (OIT) Strategic Human Capital Management Plan, a road map intended to ensure effective management of human capital resources across OIT to address enterprise-wide priorities. An ACE-specific appendix was intended to provide better near- and long-term human capital management practices for the OIT offices involved in ACE development. However, neither the OIT nor the ACE-specific plan addresses the basic tenets of effective human capital management, such as defining the positions needed (including core competencies) to perform core program functions; assessing and inventorying current workforce skills and abilities; assessing any gaps between needed and existing workforce levels and capabilities; and filling identified gaps. OIT officials acknowledged these limitations in the plans and stated that they are developing an implementation plan to address these shortfalls. As of July 2007, the implementation plan had not yet been approved and thus was not available for our review. In the absence of an outcome-based human capital approach for ACE, OIT and program officials reported taking various steps to address ACE human capital needs, including requesting direct hiring authority from OPM, augmenting ACE development with IT functional program management expertise, and offering staff training.
|Directorate of Border and Transportation Security||The Commissioner of the Customs Service should direct the CIO to establish an IV&V function to assist Customs in overseeing contractor efforts, such as testing.||
Customs and Border Protection (CBP) established an IV&V function to assist in overseeing ACE and awarded an IV&V contract on December 30, 2004. The IV&V contractor is responsible for reviewing ACE products and management processes and is to report directly to the CBP chief information officer.
|Directorate of Border and Transportation Security||The Commissioner of the Customs Service should take steps, as appropriate in light of Customs' merger into the Department of Homeland Security, to have future ACE expenditure plans specifically address any proposals or plans, whether tentative or approved, for extending and using ACE infrastructure to support other homeland security applications, including any impact on ACE of such proposals and plans.||
Customs, now known as the U.S. Customs and Border Protection (CBP), has established mechanisms to identify opportunities for sharing services between the Automated Commercial Environment (ACE) program and other Department of Homeland Security (DHS) applications. These relationships are addressed in ACE's fiscal year 2007 expenditure plan and its quarterly reports to Congress. For example, the fiscal year 2007 expenditure plan discusses efforts to work with participating government agencies in defining and deploying the International Trade Data System (ITDS), with the stated goal to deliver ACE/ITDS in an integrated and coordinated manner. In this regard, the plan discusses workshops to gather requirements from participating agencies for Release 6, a working group to address these agencies' HAZMAT issues, and efforts to develop data element inputs for ACE from other government agencies. In addition, the quarterly reports to Congress cite coordination efforts with related homeland security programs. For example, the report for the first quarter of 2007 states that Container Security Initiative will be supported by ACE Release 6 and Screening capabilities; Customs-Trade Partnership Against Terrorism is coordinating with ACE Release 5 capabilities to provide both CBP and trade representatives with the ability to view the status of CBP programs; and U.S.-Mexico Border Partnership Plan will coordinate with ACE to implement cargo screening standards derived from partnership plan agreements. ACE does not itself provide infrastructure for other homeland security applications. Rather, ACE and other CBP applications share infrastructure (desktops, clients, and local area networks) at the ports of entry. This infrastructure is purchased and maintained by CBP's Office of Information Technology (OIT) Program Integration Division. Each application, including ACE, is responsible for complying with OIT's infrastructure standards.