Skip to main content

Homeland Security Acquisitions: Joint Requirements Council's Initial Approach Is Generally Sound and It Is Developing a Process to Inform Investment Priorities

GAO-17-171 Published: Oct 24, 2016. Publicly Released: Oct 24, 2016.
Jump To:

Fast Facts

The Department of Homeland Security plans to invest over $180 billion on major IT systems, aircraft, and other major acquisitions to help secure the nation from the many threats it faces.

Who helps DHS decide how to spend all that money?

DHS's Joint Requirements Council was created in 2014 to help inform investment priorities and identify, develop, and approve department needs. Given that two-thirds of such investment priorities are IT-related, the Office of the Chief Information Officer needs a more permanent seat on the Council.

We recommend that the Secretary of Homeland Security direct the Council to make the OCIO a member.

DHS's Multi-Role Enforcement Aircraft

Photo of aircraft flying.

Photo of aircraft flying.

Skip to Highlights


What GAO Found

GAO found that the Department of Homeland Security's (DHS) Joint Requirements Council's (JRC) structure and management approach—informed by assessments of requirements processes, guidance, and lessons learned from DHS components and the Department of Defense—are generally consistent with key practices for mergers and organizational transformations. However, although 24 of DHS's 36 major acquisitions are information technology programs, the department's Office of the Chief Information Officer (OCIO) serves as a non-voting advisor to the JRC. Because GAO has previously identified poor requirements definition as a factor in failed information technology programs, a more formal and consistent role for the OCIO could help minimize the risk that programs will begin with poorly developed requirements. In addition, some components lack the capacity to develop sound capability and requirements documents to present to the JRC. DHS officials are aware of this issue and are planning to take steps to address it, but it will likely take some time to do so.

The JRC has begun to review or validate capability and requirements documents, including one joint-operational requirements document between the U.S. Coast Guard and U.S. Customs and Border Protection for a common aircraft mission system.

JRC-Reviewed or Validated Capability and Requirements Documents

Capability Analysis Study Plan

Capability Analysis Report

Mission Needs Statement

Concept of Operations

Operational Requirements Document

Joint Operational Requirements Document







Source: GAO analysis of DHS data, as of August 2016. | GAO-17-171

The JRC's role in prioritizing requirements and informing DHS's investment decisions is just beginning under a new joint assessment of requirements process. As the process evolves, the JRC will brief senior officials responsible for preparing DHS's budget requests. As shown below, the JRC plans for almost all of DHS's requirements to be evaluated under the new process in time to inform resource tradeoffs for the fiscal year 2021 budget request.

Plans for the Joint Assessment of Requirements to Prioritize Investments

Year of review

Fiscal year 2016

Fiscal year 2017

Fiscal year 2018

Scope of requirements JRC will prioritize

Limited number (8-10) of new

All new and existing for major acquisitions

All new and existing, including for some smaller acquisitions

Planned outcome

Informational briefing in spring 2017

Informational briefing in spring 2018

Spring 2019 briefing to inform fiscal year 2021 budget request

Source: GAO analysis of DHS data and discussions with agency officials. | GAO-17-171

While it is too soon to tell what impact the JRC and associated processes will have on investment priorities or inefficiencies, JRC and other senior DHS officials recognize that sustained management focus is needed to continue momentum.

Why GAO Did This Study

In 2003, DHS established a JRC to review and prioritize requirements across the department's components—such as the U.S. Coast Guard and U.S. Customs and Border Protection. However, due to a lack of senior management involvement, it became inactive. Over a decade later and after a 2008 GAO recommendation that the JRC be reinstated, the Secretary of Homeland Security directed the creation of a new JRC in June 2014.

GAO was asked to review the organization and activities of the current JRC. This report addresses, among other things, the extent to which the JRC (1) has a structure and management approach consistent with key practices; and (2) has begun reviewing and validating capability and requirements documents and informing DHS investment priorities.

GAO reviewed relevant policies and procedures, examined capability and requirements documents, and assessed the JRC's efforts against GAO's key practices for organizational transformation. GAO also interviewed JRC and senior DHS officials, the OCIO and other DHS headquarters officials, component officials, and officials from a non-generalizable sample of 10 program offices that had at least one document reviewed or validated by the JRC or were early in the acquisition life cycle.

Skip to Recommendations


GAO recommends that the Secretary of Homeland Security direct the JRC to make the OCIO a JRC principal. DHS concurred with the recommendation and expects to implement it by October 31, 2016.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Homeland Security To ensure that the JRC has members with the skills to enable discussion and make appropriate decisions, the Secretary of Homeland Security should direct the JRC to make the OCIO a principal of the JRC, given that the majority of DHS's major acquisition programs are Information Technology (IT)-related.
Closed – Implemented
On November 29, 2016, the JRC Chair signed a memo to the Deputy Under Secretary for Management (USM) formally modifying JRC membership and requesting a senior executive from OCIO to be appointed to the JRC who would join the other USM representatives from the Management Offices of Program Accountability and Risk Management, and Program Analysis and Evaluation. On January 18, 2017, the Deputy USM and Chief Financial Officer designated the Chief Technology Officer as the OCIO representative on the JRC.

Full Report

GAO Contacts

Office of Public Affairs


Homeland securityOrganizational transformationInformation technologyBudget requestsAcquisition programsDocumentationFederal acquisitionsFunctional requirements documentOrganizational changeRequirements definitionPolicies and proceduresDuplication of effortOperational requirementsAgency organizational structureBudgets