U.S. Secret Service: Action Needed to Address Gaps in IT Workforce Planning and Management Practices

GAO-19-60 Published: Nov 15, 2018. Publicly Released: Nov 15, 2018.
Jump To:
Skip to Highlights
Highlights

What GAO Found

The U.S. Secret Service (Secret Service) Chief Information Officer (CIO) fully implemented 11 of 14 selected information technology (IT) oversight responsibilities, and partially implemented the remaining 3. The CIO partially implemented the responsibilities to establish a process that ensures the Secret Service reviews IT contracts; ensure that the component's IT policies align with the Department of Homeland Security's (DHS) policies; and set incremental targets to monitor program progress. Additional efforts to fully implement these 3 responsibilities will further position the CIO to effectively manage the IT portfolio.

Of the 15 selected practices within the 5 workforce planning and management areas, the Secret Service fully implemented 3 practices, partly implemented 8, and did not implement 4 (see table). Within the strategic planning area, the component partly implemented the practice to, among other things, develop IT competency needs. While the Secret Service had defined general core competencies for its workforce, the Office of the CIO (OCIO) did not identify all of the technical competencies needed to support its functions. As a result, the office was limited in its ability to address any IT competency gaps that may exist. Also, while work remains to improve morale across the component, the Secret Service substantially implemented the employee morale practices for its IT staff.

The U.S. Secret Service's Implementation of 15 Selected Leading Practices Associated with 5 Workforce Planning and Management Areas for Its Information Technology Workforce

Workforce area

Overall area rating

Number of practices fully implemented

Number of practices partly implemented

Number of practices not implemented

1. Strategic planning

Minimally implemented

0

2

1

2. Recruitment and hiring

Minimally implemented

0

1

2

3. Training and development

Minimally implemented

0

2

1

4. Employee morale

Substantially implemented

2

1

0

5. Performance management

Substantially implemented

1

2

0

Total

 

3

8

4

Source: GAO analysis of data provided by U.S. Secret Service officials. | GAO-19-60.

Secret Service officials said the gaps in implementing the workforce practices were due to, among other things, their focus on reorganizing the IT workforce within OCIO. Until the Secret Service fully implements these practices for its IT workforce, it may be limited in its ability to ensure the timely and effective acquisition and maintenance of the component's IT infrastructure and services.

Of the two selected IT project monitoring practices, DHS and the Secret Service fully implemented the first practice to monitor the performance of the Information Integration and Technology Transformation (IITT) investment. In addition, for the second practice—to monitor projects on incremental development metrics—the Secret Service fully implemented the practice on one of IITT's projects and partially implemented it on another. In particular, OCIO did not fully measure post-deployment user satisfaction with the system on one project. OCIO plans to conduct a user satisfaction survey of the system by September 2018, which should inform the office on whether the system is meeting users' needs.

Why GAO Did This Study

Commonly known for protecting the President, the Secret Service also plays a leading role in investigating and preventing financial and electronic crimes. To accomplish its mission, the Secret Service relies heavily on the use of IT infrastructure and systems. In 2009, the component initiated the IITT investment—a portfolio of programs and projects that are intended to, among other things, improve systems availability and security in support of the component's business operations.

GAO was asked to review the Secret Service's oversight of its IT portfolio and workforce. This report discusses the extent to which the (1) CIO implemented selected IT oversight responsibilities, (2) Secret Service implemented leading IT workforce planning and management practices, and (3) Secret Service and DHS implemented selected performance monitoring practices for IITT. GAO assessed agency documentation against 14 selected component CIO responsibilities established in DHS policy; 15 selected leading workforce planning and management practices within 5 topic areas; and two selected leading industry project monitoring practices that, among other things, were, in GAO's professional judgment, of most significance to managing IITT.

Skip to Recommendations

Recommendations

GAO is making 13 recommendations, including that the Secret Service establish a process that ensures the CIO reviews all IT contracts, as appropriate; and identify the skills needed for its IT workforce. DHS concurred with all recommendations and provided estimated dates for implementing each of them.

Recommendations for Executive Action

Agency Affected Recommendation Status
United States Secret Service The Director should ensure that the CIO establishes and documents an IT acquisition review process that ensures the CIO or the CIO's delegate reviews all contracts containing IT, as appropriate. (Recommendation 1)
Closed – Implemented
In response to our recommendation, in April 2019 the Secret Service established a policy that specifies that the CIO must approve all Secret Service IT purchases, including hardware, software, and services. The policy also identifies how Secret Service staff are to submit IT purchase requests for review and outlines the approval sequence for such purchases. As part of this, the policy states that the final approver--called the Secret Service Approver--will not approve any requisitions that do not have the required CIO approval. By establishing this policy and process, the Secret Service CIO should be better informed of all IT purchases made by the component. The CIO should also be better positioned to ensure that such purchases are a cost-effective use of resources and are aligned with the component's missions and goals.
United States Secret Service The Director should update the enterprise governance policy to specify (1) the CIO's current role and responsibilities on the Executive Resources Board, to include developing and reviewing the IT budget formulation and execution; and (2) the Deputy CIO's role and responsibilities on the Enterprise Governance Council. (Recommendation 2)
Open
DHS concurred with this recommendation. The Secret Service has also taken important steps to address this recommendation, including establishing an Enterprise Resource Board charter and updating its Enterprise Governance Council charter that outline the roles and responsibilities of all board members, including senior designees from the OCIO. In February 2022, Secret Service provided its Planning, Programming, Budget, Executive and Evaluation policy directive, which reflects the CIO's responsibilities for developing and reviewing the IT budget formulation and execution. However, the Secret Service still needs to demonstrate that its overarching Secret Service Enterprise Governance policy directive has been updated to align with the new and updated OCIO roles and responsibilities that are documented in its updated charters and policy directive.
United States Secret Service The Director should ensure that the Secret Service develops a charter for its Executive Resources Board that specifies the roles and responsibilities of all board members, including the CIO. (Recommendation 3)
Closed – Implemented
In response to our recommendation, in January 2022, Secret Service officials finalized a charter for its Board (which was renamed to the Enterprise Resource Board charter). The charter identifies the general roles and responsibilities of all board members, including a senior representative from the Office of the CIO. By formally identifying member's roles and responsibilities in the charter, the Secret Service will be better positioned to ensure that all members understand their roles and responsibilities and will perform them as expected.
United States Secret Service The Director should ensure that the CIO includes product quality and post-deployment user satisfaction metrics in the modular outcomes and target measures that the CIO sets for monitoring agile projects. (Recommendation 4)
Open
DHS concurred with this recommendation. The Secret Service provided the DHS Agile Instruction Manual and Agile Core Metrics, but has not yet demonstrated that the Secret Service CIO has set product quality and post-deployment user satisfaction metrics in modular outcomes and target measures for agile projects following each production release. We will continue to monitor the department's efforts to implement this recommendation.
United States Secret Service The Director should ensure that the CIO identifies all of the required knowledge and skills for the IT workforce. (Recommendation 5)
Closed – Implemented
In response to our recommendation, the Secret Service provided documentation that demonstrates that it had identified the required knowledge and skills for its IT workforce. In particular, in 2021 and 2022, the Secret Service OCIO provided position description documents for the 12 occupational series within the Secret Service's IT workforce that identified the required knowledge and skills for each occupational series. As a result, the OCIO has improved its ability to identify and address competency gaps within its workforce.
United States Secret Service The Director should ensure that the CIO regularly analyzes the IT workforce to identify its competency needs and any gaps it may have. (Recommendation 6)
Open
DHS concurred with this recommendation. Secret Service worked with a contractor to develop staffing models and determine additional staffing needs based on an assessment of current and future workload expectations. The study indicated a need for additional staff across certain IT functions. However, although the staffing needs assessment identified areas where additional full time staff would better support the component's existing and planned workload, it is not clear how the assessment identified gaps in competencies. As such, we will continue to follow-up with the Secret Service for documentation of its efforts to fully implement this recommendation.
United States Secret Service The Director should ensure that, after OCIO completes an analysis of the IT workforce to identify any competency and staffing gaps it may have, the Secret Service updates its recruiting and hiring strategies and plans to address those gaps, as necessary. (Recommendation 7)
Open
The Secret Service determined additional staffing needs based on an assessment of current and future workload expectations. However, as stated in recommendation six, it is not clear how the assessment identified gaps in competencies. As such, we will continue to follow-up with the Secret Service for documentation of the analyses the OCIO conducted to determine its IT staffing and competency gaps along with its subsequent recruiting and hiring efforts.
United States Secret Service The Director should ensure that the Office of Human Resources (1) develops and tracks metrics to monitor the effectiveness of the Secret Service's recruitment activities for the IT workforce, including their effectiveness at addressing skill and staffing gaps; and (2) reports to component leadership on those metrics. (Recommendation 8)
Open
Secret Service provided documentation that identified its fiscal year 2018-2020 recruitment activities. In addition, in January 2022, the Secret Service provided documentation that identified the number of positions within the OCIO that were either filled, in the process of being filled, or vacant. Secret Service officials also stated that they provide updates to Secret Service leadership on their efforts to address staffing gaps with the OCIO. However, the Secret Service has not yet provided supporting documentation demonstrating that it has (1) developed and tracked metrics specific to monitoring the effectiveness of its recruitment activities that address staffing gaps within the IT workforce; and (2) reported to component leadership on those metrics. As such, we will continue to monitor the Secret Service's efforts to implement this recommendation.
United States Secret Service The Director should ensure that the Office of Human Resources and OCIO adjust their recruitment and hiring plans and activities, as necessary, after establishing and tracking metrics for assessing the effectiveness of these activities for the IT workforce. (Recommendation 9)
Open
The Secret Service has not yet demonstrated that it has established and tracked metrics for monitoring the effectiveness of its recruitment and hiring plans and activities for the IT workforce as stated in recommendation eight. As such, the component is not yet able to demonstrate that its Office of Human Resources and OCIO have adjusted their recruitment and hiring plans and activities based on these metrics. We will continue to monitor the Secret Service's efforts to implement this recommendation.
United States Secret Service The Director should ensure that the CIO (1) defines the required training for each IT workforce group, (2) determines the activities that OCIO will include in its IT workforce training and development program based on its available training budget, and (3) implements those activities. (Recommendation 10)
Open
DHS concurred with this recommendation, and in response, the Secret Service established a standard operating procedure document that identifies, among other things, recommended training and certifications for each OCIO division (e.g., network management, cyber security). However, this procedure document does not identify required training for each of these divisions. In addition, in April 2022, the Secret Service reported that the OCIO does not currently plan to implement a training and development program that is specific to its IT workforce. Instead, Secret Service OCIO officials reported that they believe that the responsibility to train and develop all members of the IT workforce would be better suited at the enterprise level. As such, the component is not implementing training and development activities that are specific to the IT workforce group. We will continue to monitor the component's efforts to implement this recommendation.
United States Secret Service The Director should ensure that the CIO ensures that the IT workforce completes training specific to their positions (after defining the training required for each workforce group). (Recommendation 11)
Open
DHS concurred with this recommendation. While the Secret Service OCIO has identified the recommended training and certifications for each OCIO division, the OCIO has not yet identified the required training for each of these divisions as stated in recommendation ten. Further, in April 2022, the Secret Service OCIO reported that it is not planning to track the completion of recommended training. As such, the component is also not able to demonstrate that it is ensuring that each IT workforce group completes the training specific to their positions, as we also recommended. We will continue to monitor the Secret Service's efforts to implement this recommendation.
United States Secret Service The Director should ensure that the CIO collects and assesses performance data (including qualitative or quantitative measures, as appropriate) to determine how the IT training program contributes to improved performance and results (once the training program is implemented). (Recommendation 12)
Open
DHS concurred with this recommendation. In April 2022, the Secret Service reported that the OCIO does not currently plan to implement a training and development program that is specific to its IT workforce. We will continue to monitor the component's efforts to implement this recommendation.
United States Secret Service The Director should ensure that the CIO updates the performance plans for each occupational series within the IT workforce to include the relevant technical competencies, once identified, against which IT staff performance should be assessed. (Recommendation 13)
Closed – Implemented
In July 2020, the Secret Service OCIO provided the updated performance plans for the occupational series within the Secret Service's IT workforce that included the relevant technical competencies against which IT staff performance should be assessed. As a result, the OCIO has improved its ability to provide IT staff with a complete assessment of their performance. In addition, Secret Service management now have more insight into the extent to which IT staff are meeting their relevant technical competencies.

Full Report

GAO Contacts