[House Hearing, 115 Congress] [From the U.S. Government Publishing Office] WATCHDOG RECOMMENDATIONS: A BETTER WAY AHEAD TO MANAGE THE DEPARTMENT OF HOMELAND SECURITY ======================================================================= HEARING BEFORE THE SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY OF THE COMMITTEE ON HOMELAND SECURITY HOUSE OF REPRESENTATIVES ONE HUNDRED FIFTEENTH CONGRESS FIRST SESSION __________ FEBRUARY 16, 2017 __________ Serial No. 115-5 __________ Printed for the use of the Committee on Homeland Security [GRAPHIC NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.gpo.gov/fdsys/ __________ U.S. GOVERNMENT PUBLISHING OFFICE 26-399 PDF WASHINGTON : 2017 ---------------------------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Publishing Office, http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). E-mail, [email protected]. COMMITTEE ON HOMELAND SECURITY Michael T. McCaul, Texas, Chairman Lamar Smith, Texas Bennie G. Thompson, Mississippi Peter T. King, New York Sheila Jackson Lee, Texas Mike Rogers, Alabama James R. Langevin, Rhode Island Jeff Duncan, South Carolina Cedric L. Richmond, Louisiana Tom Marino, Pennsylvania William R. Keating, Massachusetts Lou Barletta, Pennsylvania Donald M. Payne, Jr., New Jersey Scott Perry, Pennsylvania Filemon Vela, Texas John Katko, New York Bonnie Watson Coleman, New Jersey Will Hurd, Texas Kathleen M. Rice, New York Martha McSally, Arizona J. Luis Correa, California John Ratcliffe, Texas Val Butler Demings, Florida Daniel M. Donovan, Jr., New York Nanette Diaz Barragan, California Mike Gallagher, Wisconsin Clay Higgins, Louisiana John H. Rutherford, Florida Thomas A. Garrett, Jr., Virginia Brian K. Fitzpatrick, Pennsylvania Brendan P. Shields, Staff Director Joan V. O'Hara, General Counsel Michael S. Twinchek, Chief Clerk Hope Goins, Minority Staff Director ------ SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY Scott Perry, Pennsylvania, Chairman Jeff Duncan, South Carolina J. Luis Correa, California Tom Marino, Pennsylvania Kathleen M. Rice, New York John Ratcliffe, Texas Nanette Diaz Barragan, California Clay Higgins, Louisiana Bennie G. Thompson, Mississippi Michael T. McCaul, Texas (ex (ex officio) officio) Ryan Consaul, Subcommittee Staff Director Erica D. Woods, Interim Subcommittee Minority Staff Director C O N T E N T S ---------- Page Statements The Honorable Scott Perry, a Representative in Congress From the State of Pennsylvania, and Chairman, Subcommittee on Oversight and Management Efficiency: Oral Statement................................................. 1 Prepared Statement............................................. 3 The Honorable J. Luis Correa, a Representative in Congress From the State of California, and Ranking Member, Subcommittee on Oversight and Management Efficiency: Oral Statement................................................. 4 Prepared Statement............................................. 6 The Honorable Bennie G. Thompson, a Representative in Congress From the State of Mississippi, and Ranking Member, Committee on Homeland Security: Prepared Statement............................................. 7 Witnesses Mr. John Roth, Inspector General, U.S. Department of Homeland Security: Oral Statement................................................. 8 Prepared Statement............................................. 10 Ms. Rebecca Gambler, Director, Homeland Security and Justice Issues, U.S. Government Accountability Office: Oral Statement................................................. 17 Prepared Statement............................................. 19 For the Record The Honorable J. Luis Correa, a Representative in Congress From the State of California, and Ranking Member, Subcommittee on Oversight and Management Efficiency: Email.......................................................... 5 Appendix Questions From Chairman Scott Perry for John Roth................ 45 Questions From Ranking Member Bennie G. Thompson for John Roth... 46 Questions From Chairman Scott Perry for Rebecca Gambler.......... 49 Questions From Ranking Member Bennie G. Thompson for Rebecca Gambler........................................................ 50 WATCHDOG RECOMMENDATIONS: A BETTER WAY AHEAD TO MANAGE THE DEPARTMENT OF HOMELAND SECURITY ---------- Thursday, February 16, 2017 U.S. House of Representatives, Committee on Homeland Security, Subcommittee on Oversight and Management Efficiency, Washington, DC. The subcommittee met, pursuant to notice, at 2:03 p.m., in room HVC-210, Capitol Visitors Center, Hon. Scott Perry (Chairman of the subcommittee) presiding. Present: Representatives Perry, Ratcliffe, Higgins, Correa, Rice, and Barragan. Mr. Perry. The Committee on Homeland Security Subcommittee on Oversight and Management Efficiency will come to order. The purpose of this hearing is to receive testimony regarding recommendations from the DHS Office of Inspector General, the OIG; and the Government Accountability Office, or the GAO; to improve the efficiency and effectiveness of the Department of Homeland Security. Before we begin I would like to welcome the new Members of the subcommittee. They bring with them tremendous private sector, law enforcement, and other experience, which will be helpful in the subcommittee's oversight of DHS. I also look forward to working with our colleagues on the other side of the aisle. Ranking Member Correa and I met recently to discuss the subcommittee's priorities, and I look forward to working with him on areas--well, on all areas and ones of mutual interest, as well. Chair now recognizes himself for an opening statement. For the past 8 years we watched the administration turn a blind eye to bureaucratic waste, inefficiency, and mismanagement. We witnessed an ever-expanding bureaucracy and an ever-diminishing National security complex. We raised alarms about security threats and watched horrified as terrorists attacked us on our soil right here at home; as hackers exploited vulnerabilities in our cyber networks; and as smugglers trafficked drugs, weapons, and unlawful immigrants across our porous borders. The Department of Homeland Security simply must find a better way to prioritize and tackle these challenges. Last fall House Republicans proposed the ``Better Way'' agenda to do just that--provide a better way to secure our homeland, grow our economy, and make Government more accountable to the people. Today's hearing will focus on a better way to manage DHS to prevent waste, fraud, abuse, and mismanagement, and to correct the outright negligence of the previous administration. I know first-hand that Americans are fed up with the status quo and are looking for ways to improve how the Government does business. As Chairman of this subcommittee I have seen that an unchecked and bloated bureaucracy results in failed programs and wasted taxpayer dollars. Simply put, DHS's bureaucracy should get operators what they need at the best cost to the taxpayer, and then get the heck out of the way. Last Congress I chaired hearings to examine instances where that was not the case, where dysfunction and mismanagement impeded the mission--instances such as DHS's botched management of the multibillion-dollar Human Resources Information Technology, or HRIT, program; DHS's total waste of taxpayer dollars on the Federal Protective Service's vehicle program, where it had literally more vehicles than officers to drive them; and DHS's failed oversight of employee misconduct at the Transportation Security Administration and U.S. Secret Service. Every dollar wasted by inept bureaucrats is one less that can be spent on securing our homeland. Mismanagement puts our security at risk. The Heritage Foundation recently recommended that DHS rein in a bloated bureaucracy through a strong chain of command over component management functions so that DHS effectively equips, supports, and oversees its components. I am hopeful that the new Secretary, John Kelly, will use his military experience to do what the last administration couldn't or wouldn't, which is provide front-line operators with the necessary tools for getting the job done and keeping our Nation safe. Agency watchdogs like those we will hear from today bring invaluable insights to the issues facing the Department. Collectively, the Government Accountability Office and the DHS Office of Inspector General have made thousands of recommendations to improve DHS programs since the Department's inception. I look forward to hearing from GAO and OIG on the ways that the Department can eliminate waste, fraud, and abuse, and mismanagement. In particular, I would like to hear about the steps DHS has taken to get off GAO's high-risk list of areas in the Federal Government that are most susceptible to mismanagement. Yesterday GAO reported that DHS's management functions remain ineffective, the Federal Government's cybersecurity activities need strengthening, and DHS's National Flood Insurance Program is unaffordable. In addition to GAO's high-risk list report, each year the OIG releases an annual report on major management challenges facing DHS. The 2016 report identified six broad areas where the Department faces serious management and performance challenges. OIG also identified hundreds of millions of dollars in questionable costs and funds. Hundreds of recommendations by these watchdogs remain open and unimplemented by DHS, and this is unacceptable. I urge the Trump administration to fully leverage the work of these watchdogs to drain the waste and inefficiency from DHS. Washington bureaucrats may dismiss these management issues as simply the cost of doing business in Government. That is wrong. The American taxpayer deserves much better. After years and years of failing to rein in Washington's bureaucracy, Americans demand more from their Government. It is time to demand more from and find a better way to manage the Department of Homeland Security. [The statement of Chairman Perry follows:] Statement of Chairman Scott Perry February 16, 2017 For the past 8 years, we watched the Obama administration turn a blind eye to bureaucratic waste, inefficiency, and mismanagement. We witnessed an ever-expanding bureaucracy and an ever-diminishing National security complex. We raised alarms about security threats and watched--horrified--as terrorists attacked us on our home soil; as hackers exploited vulnerabilities in our cyber networks; and as smugglers trafficked drugs, weapons, and unlawful immigrants across our porous borders. The Department of Homeland Security (DHS) simply must find a better way to tackle these challenges. Last fall, House Republicans proposed the ``Better Way'' agenda to do just that--provide a better way to secure our homeland, grow our economy, and make Government more accountable to the people. Today's hearing will focus on a better way to manage DHS to prevent waste, fraud, abuse, and mismanagement, and to correct the outright negligence of the Obama administration. I know first-hand that Americans are fed up with the status quo and are looking for ways to improve how the Government does business. As Chairman of this subcommittee, I've seen that an unchecked and bloated bureaucracy results in failed programs and wasted taxpayer dollars. Simply put, DHS's bureaucracy should get operators what they need at the best cost to the taxpayer, and then get out of the way. Last Congress, I chaired hearings to examine instances where that was not the case; where dysfunction and mismanagement impeded the mission--instances such as:DHS's botched management of the multi-billion dollar Human Resource Information Technology (HRIT) program; DHS's total waste of taxpayer dollars on the Federal Protective Service's vehicle program, where it had more vehicles than officers to drive them; and DHS's failed oversight of employee misconduct at the Transportation Security Administration and the U.S. Secret Service. Every dollar wasted by inept bureaucrats is one less that can be spent on securing our homeland. Mismanagement puts our security at risk. The Heritage Foundation recently recommended that DHS reign in a bloated bureaucracy through a strong chain of command over component management functions so that DHS effectively equips, supports and oversees its components. I am hopeful that the new Secretary, John Kelly, will use his military experience to do what the last administration couldn't--provide front-line operators with the necessary tools for getting the job done and keeping our Nation safe. Agency watchdogs like those we'll hear from today--bring invaluable insights to the issues facing the Department. Collectively, the Government Accountability Office (GAO) and the DHS Office of Inspector General (OIG) have made thousands of recommendations to improve DHS programs since the Department's inception. I look forward to hearing from GAO and OIG on ways that the Department can eliminate waste, fraud, abuse, and mismanagement. In particular, I'd like to hear about steps DHS has taken to get off GAO's ``High-Risk List'' of areas in the Federal Government that are most susceptible to mismanagement. Yesterday, GAO reported that DHS's management functions remain ineffective, the Federal Government's cybersecurity activities need strengthening, and DHS's National Flood Insurance Program is unaffordable. In addition to GAO's High-Risk List report, each year the OIG releases an annual report on major management challenges facing DHS. The 2016 report identified six broad areas where the Department faces serious management and performance challenges. OIG also identified hundreds of millions of dollars in questionable costs and funds. Hundreds of recommendations by these watchdogs remain open and unimplemented by DHS--this is unacceptable. I urge the Trump administration to fully leverage the work of these watchdogs to drain the waste and inefficiency from DHS. Washington bureaucrats may dismiss these management issues as simply the cost of doing business in government. Wrong. The American taxpayer deserves much better. After 8 years of failing to reign in Washington's bureaucracy, Americans demand more from their Government. It's time to demand more from, and find a better way to manage the Department of Homeland Security. Mr. Perry. The Chair now recognizes the Ranking Minority Member of the subcommittee, the gentleman from California, Mr. Correa, for his statement. Mr. Correa. Chairman Perry, thank you very much for holding this hearing today. I also look forward to working with you on the Subcommittee on Oversight and Management Efficiency to help ensure the Department of Homeland Security fulfills its critical mission. Thank you, Inspector General Roth and Ms. Gambler, for being here today. I would also like to take a moment to recognize the men and women that serve in the DHS Office of the Inspector General and the Government Accountability Office for the incredible work that you all do. Independent investigative bodies such as OIG and GAO are critically important to keeping the Federal Government accountable to the American people, to the American taxpayers. The significance of your work cannot be overstated, as you are responsible for protecting American taxpayers from fraud, waste, and abuse. The importance of your work was shown even more when on February 1 you, Inspector General Roth, announced an investigation into the President's Muslim ban Executive Order. Once again, thank you. Unfortunately, it appears that neither the President of the United States nor senior White House aides seems to comprehend nor appreciate the important role of oversight in our Nation's system of checks and balances. This past Sunday the President's senior policy advisor, Steve Miller, declared that this President's National security decision will not be questioned. Such a statement ignores a Constitutional responsibility that we as Congress have to hold the Executive branch accountable in the grand tradition of Americans challenging the President on their National security stances. This White House believes that it is above receiving oversight. On the evening of January 13 an e-mail from the Presidential transition team instructed all of his transition team leaders to reach out tonight and inform the inspector general and their agencies that they are being held over on a temporary basis. This essentially insinuated that the inspector general should seek other employment. Mr. Chairman, I would like to request unanimous consent to submit into the record the e-mail circulated by the administration transition team stating that the inspectors general were being held over on a temporary basis. Mr. Perry. Without objection. [The information referred to follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] Mr. Correa. Shortly before this e-mail was circulated the new secretary at DHS, General John Kelly, Stated in his pre- confirmation hearing questionnaire that he, ``will take seriously the findings of the Department of Inspector General and the GAO and will maintain a rigorous system to track management issues and the implementation of corrective actions.'' Today I look forward to hearing from the witnesses about the important work they have completed, such as helping to ensure DHS continues to improve its management operations and to ensure that DHS puts those limited taxpayer resources toward operating efficiently and effectively in a more critical role, as DHS expects to direct up to $21 billion to build a wall along the U.S.-Mexico border. As you know, as many as--many drugs, I should say, and over 90 percent of the cocaine produced in South America coming to America is done via the oceans. Turning to the GAO high-risk list, I am encouraged the Department has made some very good progress since the last report. I must extend credit to the former Secretary of Homeland Security, Secretary Johnson, whose initiatives such as Unity of Effort and the Joint Requirement Council helped move the Department in a positive direction. I do hope that the administration takes DHS management seriously because effective management does lead to better employee morale, program efficiency, and Department unity. With that, Mr. Chairman, I yield the remainder of my time. [The statement of Ranking Member Correa follows:] Statement of Ranking Member J. Luis Correa February 16, 2017 I would also like to take a moment to recognize the men and women that serve in the DHS Office of the Inspector General and the Government Accountability Office for the incredible work that you do. Independent, investigatory bodies, such as the OIG and GAO, are critical to keeping the Federal Government accountable to the American people. The significance of your work cannot be overstated, as you are responsible for protecting the American taxpayer from waste, fraud, and abuse. The importance of your work was shown even more, when on February 1, you, Inspector General Roth, announced an investigation into the President Trump's Muslim Ban Executive Order. Once again, thank you. Unfortunately, it appears that neither the President of the United States nor his Senior White House aides seem to comprehend nor appreciate the important role of oversight in our Nation's system of checks and balances. This past Sunday, President Trump's senior policy advisor, Stephen Miller, declared that this President's National security decisions ``will not be questioned.'' Such a statement ignores the Constitutional responsibility that we, as Congress, have to hold the Executive branch accountable and the grand tradition of Americans challenging Presidents on their National security stances. This White House believes that it is above receiving oversight. On the evening of January 13, an email from the Trump transition team instructed all transition team leaders to ``reach out tonight and inform'' the inspectors general in their agencies ``that they are being held over on a temporary basis,'' insinuating that the inspectors general should seek other employment. Shortly before this email was circulated, the new Secretary of DHS, General John Kelly, stated in his Pre-Confirmation Hearing Questionnaire that he ``will take seriously the findings of the Department Inspector General and GAO and will maintain a rigorous system to track management issues and the implementation of corrective actions.'' Today, I look forward to hearing from the witnesses about the important work they have completed, such as helping to ensure DHS continues improving its management operations. Ensuring that DHS puts its limited taxpayer resources towards operating efficient and effectively is all the more critical at this moment in our Nation, when DHS is expected to be directed to spend upwards of $21 billion to build a wall along the U.S.-Mexico border-- many drugs and over 90 percent of cocaine produced in South America destined to the United States is done via maritime conveyance. Turning to the GAO High-Risk List, I am encouraged that the Department made some progress since the last report. I must extend credit to the former Secretary of Homeland Security Jeh Johnson, whose initiatives such as Unity of Effort and the Joint Requirements Council, helped move the Department in a positive direction. I certainly hope the Trump administration takes DHS management seriously, because effective management leads to better employee morale, program efficiency, and Departmental unity. Mr. Perry. Chair thanks the Ranking Member. Other Members of the subcommittee are reminded that opening statements may be submitted for the record. [The statement of Ranking Member Thompson follows:] Statement of Ranking Member Bennie G. Thompson February 16, 2017 The work done to ensure that the Federal Government is accountable to the American people is more valuable than ever. Over the years, both the DHS Inspector General and the Government Accountability Office have been reliable resources to this committee, warning us when programs were not performing to our expectations and identifying ways that DHS can do better. The reports you issue have driven change at DHS, resulted in millions of taxpayer dollars being saved, and brought about improvements throughout the organization. Inspector General Roth, you put it best when you said, ``No government agency, no matter how dysfunctional, will change on its own accord. Independent oversight is a critical and necessary ingredient for positive, constructive change.'' The dysfunction you speak of has certainly been evident from Day One of President Trump's administration. When, on the evening of January 27, 2017, President Trump signed an Executive Order directing a seven-country Muslim-ban, the Department of Homeland Security was suddenly thrust into utter confusion. Some travelers who were in the air when the EO was signed weren't allowed to enter the country when they landed, some were detained, and others were sent back to their country of departure. When confronted with questions, some Customs and Border Patrol Officers suggested that impacted travelers and their families should direct all their questions to the President himself since they, themselves, lacked clarity about the parameters of the EO that they were directed to enforce. In fact, just last week, a Member of this subcommittee shared with the committee how, when she went to the international airport in her district in the hours after the EO's issuance and pressed CBP officials for answers about how the Order was being implemented, they would not speak with her. The new DHS Secretary, General John Kelly, has defended President Trump's EO, but testified before this committee last week that he does not believe the roll-out should have happened so quickly, specifically saying the EO should have been delayed ``just a bit'' so Members of Congress could be prepared. Thank you, Inspector Roth, for taking on the critical task of investigating this EO and for reviewing all documentation related to its implementation. This is a perfect example of why investigative bodies such as the OIG and GAO are vital to maintaining the integrity and efficiency of the Federal Government. It is more than a little disturbing to see the statements issued by President Trump and the people in his inner circle that reflect the view that they are not to be questioned and are unwilling to subject their activities to oversight from the press, Congress, and Federal watchdogs. On January 13, the Trump transition team instructed transition leaders via email to contact inspectors general that very same day, and inform them they are being held over on a temporary basis. It is hard to know whether the Trump folks were purposely seeking to chill oversight with this directive but I am heartened that courageous watchdogs not only in OIGs across the Government but also at the Office of Government Ethics are standing their ground. Impartial assessments from inspectors general that identify fraud, abuse, mismanagement, and waste of taxpayer funds are essential to our democracy. The statements out of this White House also send the wrong message to the men and women that make up our Executive branch, including within DHS. While I am not surprised at all that the man who currently sits in the Oval Office thinks he is above oversight, I am concerned that the House Republican Leadership have, to date, refused to take a sober look at the growing mountain of evidence of contacts between Trump's people and Russian intelligence officials during the period where Russia was interfering in the election to help get Mr. Trump elected. Unless the House Republicans step up, they risk the American public and history seeing them as puppets of a President who shows such derision toward the Constitutional principles that undermine this democracy. Given that, to date, House Republicans have willfully refused to do their job, Congress has to lean on you--the Watchdogs--to do more. Inspector General Roth, I applaud your colleague at the Department of Justice for investigating alleged misconduct by the FBI director and other DOJ employees in the lead up to the 2016 election. But that one review by one inspector general is not enough to fully restore public confidence among the people I talk with in the institutions that are Constitutionally charged with protecting our Nation's democratic system. There is still a need for an independent, non-partisan investigation--akin to the one carried out by the 9/11 Commission--into Russia's interference in the 2016 election. This is a critical moment in our Nation. All of us who took oaths to uphold the Constitution, whether we sit in an OIG office or at the GAO or in the halls of Congress, need to ask tough questions and demand answers from President Trump and his administration. Mr. Perry. We are pleased to have a distinguished panel of witnesses before us today. The witnesses' entire written statements will appear in the record. The Chair will introduce the witnesses first and then recognize each of you for your testimony. The Honorable John Roth assumed the post of inspector general for the Department of Homeland Security in March 2014. Previously Mr. Roth served as the director of the Office of Criminal Investigations at the Food and Drug Administration, and as an assistant U.S. attorney for the Eastern District of Michigan. Ms. Rebecca Gambler is the director of homeland security and justice issues with the Government Accountability Office. Ms. Gambler leads GAO's work related to border security and immigration as well as DHS's management issues, and is a proud graduate of Messiah College, which is about a mile from where I grew up. Thank you for being here today. The Chair recognizes Mr. Roth for an opening statement. STATEMENT OF JOHN ROTH, INSPECTOR GENERAL, U.S. DEPARTMENT OF HOMELAND SECURITY Mr. Roth. Good afternoon. Chairman Perry, Ranking Member Correa, Members of the subcommittee, thank you for inviting me here today to testify. Homeland Security has made progress in the last 3 years, yet faces long-standing, persistent challenges. We at the Office of Inspector General have focused our energy on the Department's major management and performance challenges. We have identified six: No. 1, creating a unified Department; No. 2, employee morale and engagement; No. 3, acquisition management; No. 4, grants management; No. 5, cybersecurity; and last, improving management fundamentals. With a new administration the Department will face new responsibilities. We understand the significant investment the Department will be making to satisfy its obligations under the President's Executive Order and the importance of spending that investment efficiently and effectively. The Department has historically performed very poorly in this area, that is securing the southern land border. As many recall, prior efforts to fortify the Southwest Border, known as SBInet, were canceled in 2011 as being too expensive and too ineffective. In a pilot program in Arizona, for example, DHS spent about $1 billion to build the system across only 53 miles of State's border before abandoning that initiative. Given the risks involved, we will be using a life-cycle approach to audit and monitor the Department's actions to strengthen the physical security of the Nation's Southern Border. A life-cycle audit approach means that we will be auditing the project throughout its lifespan rather than waiting for the project to be completed or partially completed before looking at it. In this way, we have the opportunity to stop waste and mismanagement before the money is spent, rather than simply identifying it after the fact. Our first report will address the lessons learned from the Department's prior Secure Border Initiative and other relevant acquisitions related to securing our borders. We hope to have this report out in the next 6 weeks. Subsequently, we plan to review CBP's comprehensive study of the security of the Southern Border that the Executive Order requires be completed within 180 days of the Executive Order. Future audits will address the planning, designing, acquisition, and construction phases of the Southern Border barrier. Similarly, the Department will face a number of challenges in executing the President's Executive Orders directing the Department to hire an additional 5,000 Border Patrol agents and 10,000 immigration officers. We recently completed an audit that highlighted the numerous bottlenecks in effective hiring. In fiscal year 2015, for example, it took an average of 282 days, which is over 9 months, to hire a Border Patrol agent, measured from the time that the job announcement closed to the date the applicant was hired. Other positions have likewise encountered significant delays. As with the acquisition area, I have initiated the first in a series of audits to further review the Department's human capital strategies and management capabilities to ensure that the Department can quickly and effectively hire a highly qualified and diverse work force. Our first engagement will compile and review open-source literature, other Government reports, and our prior work to help the Department and its components avoid previously-identified poor management practices and their negative impacts. One of the areas we will continue to focus on is acquisition management. Acquisition management, which is critical to fulfilling all DHS missions, is inherently complex, high-risk, and challenging. There continue to be DHS major acquisition programs that cost more than expected, take longer to deploy than planned, and deliver less capability than promised. For example, the USCIS continues challenges in its efforts to automate immigration benefits. After 11 years, USCIS has made little progress in transforming its paper-based processes into a modern automated system. It still uses a paper-based process, something akin to the 1950's, to manage a complex and growing workload. The USCIS deployed the Electronic Immigration System in May 2012, but to date customers can apply on-line for only two of about 90 different types of immigration benefits and services. As we reported in March 2016, USCIS now estimates it will take more than 3 years to address these issues--over 4 years longer than estimated, and an additional $1 billion to automate all benefit types. This delay will prevent USCIC from achieving its workload processing, National security, and customer service goals. These failures have a real impact on our National security. Errors can result in approved applicants unable to obtain benefits, maintain employment, or prove lawful immigration status. In the wrong hands, green cards may enable terrorists, criminals, and illegal aliens to remain in the United States and access immigration benefits. Mr. Chairman, this concludes my testimony. I am happy to answer any questions that you or other Members of the committee may have. [The prepared statement of Mr. Roth follows:] Prepared Statement of John Roth February 16, 2017 Chairman Perry, Ranking Member Correa, and Members of the subcommittee, thank you for inviting me here today to discuss our recommendations for improving the Department of Homeland Security (DHS). Since its establishment, DHS has progressed in addressing challenges to accomplish its mission. However, to fulfill its vital mission of protecting and securing our Nation successfully, the Department must continue to overcome challenges that hinder its efforts. The recommendations discussed below demonstrate our efforts to assist the Department and its components in overcoming the persistent challenges. By addressing these recommendations, DHS can continue to improve effectiveness and efficiency of its operations and reduce waste, fraud, and abuse. priorities and challenges Homeland Security faces many long-standing challenges, and we at the Office of Inspector General (OIG) have focused our energy on the Department's major management and performance challenges. We have identified six: Creating a unified Department; Employee morale and engagement; Acquisition management; Grants management; Cybersecurity; and Improving management fundamentals.\1\ --------------------------------------------------------------------------- \1\ Major Management and Performance Challenges Facing the Department of Homeland Security, OIG-17-08 (November 2016). --------------------------------------------------------------------------- Today, I will focus on the challenges the Department faces in four areas: Creating a unified Department, acquisition management, grants management, and management fundamentals, as well as newly-arising challenges. addressing new priorities With a new administration, the Department will face new responsibilities. We understand the significant investment the Department will be making to satisfy its obligations under the President's Executive Order, Border Security and Immigration Enforcement Improvements, and the importance of spending that investment efficiently and effectively. The Department has historically performed very poorly in this area. As many recall, prior efforts to fortify the Southwest Border, known as SBInet, were canceled in 2011 as being too expensive and ineffective. In a pilot program in Arizona, DHS spent about $1 billion to build the system across 53 miles of the State's border before abandoning the initiative.\2\ --------------------------------------------------------------------------- \2\ See, e.g., Risk Management Advisory for the SBInet Program Initiation, OIG-07-07 (November 2006); Controls Over SBInet Program Cost and Schedule Could Be Improved, OIG-10-96 (June 2010); U.S. Customs and Border Protection's Management of the Purchase and Storage of Steel in Support of the Secure Border Initiative, OIG-12-05 (November 2011). --------------------------------------------------------------------------- Given the risks involved, we will be using a life-cycle approach to audit and monitor the Department's actions to strengthen the physical security of the Nation's Southern Border. A life-cycle audit approach means that we will be auditing the project throughout its life span, rather than waiting for the project to be completed or partially completed before looking at it. In this way, we have an opportunity to stop waste and mismanagement before the money is spent, rather than simply identifying it after the fact. Our first report will address lessons learned from the Department's prior Secure Border Initiative and other relevant acquisitions related to securing our borders. We hope to have this report out in the next 6 weeks. Subsequently, we plan to review U.S. Customs and Border Protection's (CBP) comprehensive study of the security of the Southern Border that the Executive Order requires be completed within 180 days of the date of the Executive Order. Future audits will address the planning, designing, acquisitions, and construction phases of the Southern Border barrier. Similarly, the Department will face a number of challenges in executing the President's Executive Orders directing the Department to hire an additional 5,000 Border Patrol Agents and 10,000 Immigration Officers. We recently completed an audit that highlighted numerous bottlenecks in effective hiring. We found that historically DHS components had insufficient staffing in the human resource area and had inadequate systems to track and process applicants. In fiscal year 2015, it took an average of 282 days (over 9 months) to hire a Border Patrol Agent, measured from the time the job announcement closed to the date the applicant was hired. Other positions likewise encountered significant delays.\3\ --------------------------------------------------------------------------- \3\ DHS Is Slow to Hire Law Enforcement Personnel, OIG-17-05 (October 2016). --------------------------------------------------------------------------- As with the acquisition area, I have initiated the first in a series of audits to further review the Department's human capital strategies and management capabilities to ensure the Department can quickly and effectively hire a highly qualified and diverse workforce. Our first engagement will compile and review open-source literature, other Government reports, and prior work of our office to help the Department and its components avoid previously identified poor management practices and their negative impacts. Subsequent audits will address the collateral impact hiring 15,000 agents and officers will have not only on other Departmental components, but also on other Federal agencies. Likewise, as we announced in the beginning of this month, we have begun a review of DHS's implementation of the recent Executive Order, Protecting the Nation from Foreign Terrorist Entry into the United States. The review is being initiated in response to Congressional requests and whistleblower and hotline complaints. In addition to reviewing the implementation of the Executive Order, we will review DHS's adherence to court orders and allegations of individual misconduct on the part of DHS personnel. If circumstances warrant, we will consider including other issues that may arise during the course of the review. At the culmination of this review, we will provide a final report to Secretary Kelly, the Congress, and the public. We appreciate the cooperation we have received from the Department's components as we conduct this review. creating a unified department DHS's primary challenge moving forward is transitioning from an organization of 22 semi-independent components, each conducting its affairs without regard to, and often without knowledge of, other DHS components' programs and operations, to a more cohesive entity focused on the central mission of protecting the homeland. A lack of coordination and unity occurs in all aspects of DHS's programs-- planning, programing, budgeting, and execution--and leads to waste and inefficiency. Our previous audit and inspection reports are replete with examples of the consequences of failing to act as a single entity: Our 2013 audit of DHS's H-60 helicopter programs showed that one component did not cooperate with another to realize potential cost savings and other efficiencies. Specifically, CBP was unwilling to coordinate with the Coast Guard to upgrade its H-60 helicopters, even though both components were converting the same helicopters. We estimated potential savings of about $126 million if the two components had successfully coordinated the conversion of CBP's H-60 helicopters at the Coast Guard's Aviation Logistics Center. A subsequent H-60 Business Case Analysis by DHS's Office of Chief Readiness Support Officer, the Aviation Governing Board, the Coast Guard, and CBP confirmed the cost savings of having the Coast Guard convert the helicopters, but it was too late.\4\ --------------------------------------------------------------------------- \4\ DHS's H-60 Helicopter Programs (Revised), OIG-13-89 (May 2013). --------------------------------------------------------------------------- DHS employs approximately 80,000 Federal law enforcement officers whose positions allow for the use of force as they perform their duties; however, DHS does not have an office responsible for managing and overseeing component use-of-force activities. We discovered that each component varies on their use-of-force activities and DHS has no centralized oversight of use-of-force allegations, trends, training, facilities, and resource challenges faced by field personnel. We recommended that DHS establish a Department-level entity to actively oversee and assist with component use-of-force activities, update policies, and improve training.\5\ --------------------------------------------------------------------------- \5\ DHS Lacks Oversight of Component Use of Force, OIG-17-22 (January 2017). --------------------------------------------------------------------------- Since its formation, DHS has faced challenges in integrating various component training facilities and programs, and does not have adequate oversight of its workforce training. Multiple prior audits have shown DHS does not have reliable training cost data and information to make informed management decisions. During our 2016 audit, we attempted to determine total DHS training costs for fiscal years 2014 and 2015. When we requested DHS training costs from the DHS Office of the Chief Financial Officer (OCFO), it could not readily provide the data. The OCFO did not have access to components' financial systems; rather, it relied on data calls to provide the training costs and could not validate the data. As a result, we found significant discrepancies between the total amounts reported by DHS. Although DHS has taken steps to improve the reliability of its training data, further action is needed-- thus, we recommended that the under secretary for management develop and implement a process to accurately capture and report training information across DHS.\6\ --------------------------------------------------------------------------- \6\ DHS's Oversight of Its Workforce Training Needs Improvement, OIG-16-19 (January 2016). --------------------------------------------------------------------------- In January 2016, we issued a report on human trafficking and the visa process. Our audit objectives were to determine how individuals charged or convicted of human trafficking used legal means to bring victims to the United States, and to identify data quality and exchange issues that may hinder efforts to combat human trafficking. In this audit, we compared databases belonging to U.S. Immigration and Customs Enforcement (ICE) and to U.S. Citizenship and Immigration Services (USCIS) and found that ICE and USCIS could improve data quality to facilitate data matching and identification of possible instances of human trafficking. For example, when ICE employees identified a human trafficker, they did not always advise USCIS regarding the victims they identified. In turn, in selected instances where USCIS obtained traffickers' names from the victims, USCIS did not have a process to routinely share this information with ICE. Without concerted DHS efforts to collect and share information, the risk exists that some human traffickers may remain unidentified and free to abuse other individuals.\7\ --------------------------------------------------------------------------- \7\ ICE and USCIS Could Improve Data Quality and Exchange to Help Identify Potential Human Trafficking Cases, OIG-16-17 (January 2016). --------------------------------------------------------------------------- DHS has taken steps to develop a Departmental Pandemic Workforce Protection Plan (PWPP) intended to protect the workforce during a pandemic event. However, DHS cannot be assured that its preparedness plans can be executed effectively during a pandemic event. For example, DHS did not develop clear requirements for pandemic readiness training, even though the DHS PWPP requires components to train and exercise staff and senior leadership on pandemic readiness at least annually. The Department did not provide details on applicable trainings or the frequency needed to meet this requirement. As a result, seven of the components reviewed did not always include the necessary details in their plans on how pandemic training requirements would be met.\8\ --------------------------------------------------------------------------- \8\ DHS Pandemic Planning Needs Better Oversight, Training, and Execution, OIG-17-02 (October 2016). --------------------------------------------------------------------------- Despite these examples, DHS has made recent progress in tone and substance. In the last 3 years, DHS leadership has taken steps to forge multiple components into a single organization. New policies and directives have been created to ensure cohesive budget planning and execution, including ensuring a joint requirements process. The Department also has a process to identify and analyze its mission responsibilities and capabilities, with an eye toward understanding how components fit together and how each adds value to the enterprise. A new method for coordinating operations, the Southern Border and Approaches Campaign, was created to try to reduce the silos and redundancy. However, in our report issued last November describing the Department's major management challenges, we found that this progress has been a result of the force of will of a small team within the Department's leadership, and may not be sustainable. We warned that absent structural changes within the Department to ensure streamlined oversight, communication, responsibility, and accountability--changes that we believed must be enshrined in law--that this progress could be undone. Fortunately, I am gratified to report that the National Defense Authorization Act for fiscal year 2017 establishes within the Department the Office of Strategy, Policy, and Plans.\9\ This Office will lead, conduct, and coordinate the development of the Department's priority policies and will work with each component of the Department in establishing or modifying policies. We believe that the creation of this new office is an important first step toward the structural changes that are needed to create a unified Department. --------------------------------------------------------------------------- \9\ National Defense Authorization Act, Pub. L. No. 114-328, 1902 (2017). --------------------------------------------------------------------------- acquisition management Acquisition management, which is critical to fulfilling all DHS missions, is inherently complex, high-risk, and challenging. Since its inception in 2003, the Department has spent tens of billions of dollars annually on a broad range of assets and services--from ships, aircraft, surveillance towers, and nuclear detection equipment to IT systems for financial management and human resources. DHS's yearly spending on contractual services and supplies, along with acquisition of assets, exceeds $25 billion. There continue to be DHS major acquisition programs that cost more than expected, take longer to deploy than planned, or deliver less capability than promised. The Department was established very quickly by combining many legacy and new agencies, so DHS's earliest acquisition processes were imperfect and slow to mature. Initially, DHS operated in disparate silos focused on purchasing goods and services with minimal management of requirements. In their transition to DHS, seven agencies, including the U.S. Coast Guard, FEMA, and TSA retained their own procurement functions. The expertise and capability of the seven procurement offices mirrored their pre-DHS expertise and capability, with staff sizes ranging from 21 to 346. DHS has taken many steps to strengthen Department-wide acquisition management, such as establishing an Acquisition Life-Cycle Framework--a four-phase process to assure consistent and efficient acquisition management, support, review, and approval. The framework is designed to ensure that program managers have the tools, resources, and flexibility to execute acquisitions and deliver products that meet user requirements while complying with applicable statutes, regulations, and policies. The Department also created the Office of Program Accountability and Risk Management (PARM) in 2011. PARM oversees major acquisition programs and the acquisition workforce, develops program management policies, and collects performance data. Within PARM, the Acquisition Review Board determines whether components' acquisitions meet specific requirements at key phases throughout the acquisition process. DHS established a Joint Requirements Council to review high-dollar acquisitions and make recommendations to the Acquisition Review Board on cross-cutting savings opportunities. DHS has also increased component-level acquisition capability. For instance, the Department appointed component acquisition executives to oversee and support their respective programs; it also initiated monthly component acquisition executive staff forums to provide guidance and share best practices. DHS has continued to enhance its acquisition workforce by establishing centers of excellence for cost estimating, systems engineering, and other disciplines to promote best practices and provide technical guidance. Most of DHS's major acquisition programs continue to cost more than expected, take longer to deploy than planned, or deliver less capability than promised. Although its acquisition policy includes best practices, DHS sometimes approves moving forward with major acquisition programs without appropriate internal oversight. USCIS faces continuing challenges in its efforts to automate immigration benefits. After 11 years, USCIS has made little progress in transforming its paper-based processes into an automated immigration benefits processing environment. Past automation attempts have been hampered by ineffective planning, multiple changes in direction, and inconsistent stakeholder involvement. USCIS deployed the Electronic Immigration System (ELIS) in May 2012, but to date customers can apply on-line for only 2 of about 90 types of immigration benefits and services. As we reported in March 2016, the current ELIS approach does not ensure stakeholder involvement, performance metrics, system testing, or the user support needed for an effective system. USCIS now estimates it will take 3 more years to address these issues--over 4 years longer than estimated--and an additional $1 billion to automate all benefit types. This delay will prevent USCIS from achieving its workload processing, National security, and customer service goals.\10\ --------------------------------------------------------------------------- \10\ USCIS Automation of Immigration Benefits Processing Remains Ineffective, OIG-16-48 (March 2016). --------------------------------------------------------------------------- These failures have a real impact on our National security. Because of processing errors resulting from premature release of ELIS software, USCIS received over 200,000 reports from approved applicants about missing green cards. The number of cards sent to wrong addresses has incrementally increased since 2013 due in part to complex processes for updating addresses, ELIS limitations, and factors beyond the agency's control. USCIS produced at least 19,000 cards that included incorrect information or were issued in duplicate. Most card issuance errors were due to design and functionality problems in ELIS. USCIS' efforts to address the errors have been inadequate. Although USCIS conducted a number of efforts to recover the inappropriately-issued cards, these efforts also were not fully successful and lacked consistency and a sense of urgency. Errors can result in approved applicants unable to obtain benefits, maintain employment, or prove lawful immigration status. In the wrong hands, Green Cards may enable terrorists, criminals, and illegal aliens to remain in the United States and access immigrant benefits.\11\ --------------------------------------------------------------------------- \11\ Better Safeguards are Needed in USCIS Green Card Issuance, OIG-17-11 (November 2016). --------------------------------------------------------------------------- We recently issued a Management Alert regarding additional concerns with ELIS that came up during an on-going audit of USCIS' use of ELIS for naturalization benefits processing. Early this year we learned of an impending decision by USCIS leadership to return to ELIS processing late January 2017. We are concerned about the feasibility and risk of such a decision given all the ELIS problems that remain unsolved. As such, we recommended that USCIS ensure the four minimal requirements of the Field Operations Directorate are met prior to returning to ELIS processing of N-400 naturalization applications and perform a risk-based analysis of all unresolved ELIS technical issues to ensure that, going forward, all systems improvement decisions are based on potential agency operational impact and risk to public safety.\12\ --------------------------------------------------------------------------- \12\ Management Alert--U.S. Citizenship and Immigration Services' Use of the Electronic Immigration System for Naturalization Benefits and Processing, OIG-17-26-MA (January 2017). --------------------------------------------------------------------------- We are pleased to report that USCIS has agreed to delay the return to ELIS processing until all of the technical issues have been resolved. As we reported in November 2015, FEMA has taken steps to improve its IT management and developed numerous IT planning documents, but has not coordinated, executed, or followed through on these plans. FEMA struggles to implement component- wide IT governance, in part because the Chief Information Officer does not have sufficient control and budget authority to lead the component's decentralized IT environment. As a result, FEMA's IT environment has become overly complex, difficult to secure, and costly to maintain. In response to one of our recommendations, FEMA plans to implement and enforce a standardized, component-wide process that sufficiently defines and prioritizes the acquisition, development, operation, and maintenance requirements for all systems by exercising authorities through the IT Governance Board.\13\ --------------------------------------------------------------------------- \13\ FEMA Faces Challenges in Managing Information Technology, OIG- 16-10 (November 2015). --------------------------------------------------------------------------- In September 2014, we reported that FEMA spent about $247 million over 9 years to implement a Logistics Supply Chain Management System that cannot interface with its partners' logistics management systems or provide real-time visibility over all supplies shipped. In addition, FEMA estimated that the life-cycle cost of the system would be about $556 million--$231 million more than its original estimate. These problems were largely caused by FEMA's failure to comply with the Department's acquisition guidance. For instance, the program office responsible for the system did not analyze alternatives to determine how best to close the gap in FEMA's logistics capability; did not report life-cycle cost increases to the component acquisition executives and the DHS Acquisition Decision Authority; and did not formally report program breaches as required, which hindered oversight.\14\ --------------------------------------------------------------------------- \14\ FEMA's Logistics Supply Chain Management System May Not Be Effective During a Catastrophic Disaster, OIG-14-151 (September 2014). --------------------------------------------------------------------------- As this subcommittee well knows, the Department is challenged in using the most efficient and effective composition of its motor vehicle fleet to meet mission requirements, in part due to limited DHS authority over components' fleet management decisions. We conducted three audits in this area. Most recently, in October 2015, we reported that the Federal Protective Service (FPS), based on its workforce, has too many vehicles and pays too much for its vehicles. Also, FPS officers in the National Capital Region used their vehicles to commute to and from home without proper justification. As a result, FPS may have missed saving more than $2.5 million. DHS's insufficient oversight and potential cost savings were partly due to the DHS Fleet Manager not having enforcement authority to influence component vehicle purchases. Because components receive funding for vehicle fleets in their individual operational budgets, they make independent decisions about the number and type of vehicles needed to support their missions. We appreciate this committee's support on this issue, and appreciate the legislation originating out of this subcommittee that will amend the Homeland Security Act of 2002 to make the DHS Under Secretary for Management responsible for overseeing and managing vehicle fleets throughout the Department, including developing and distributing a standardized vehicle allocation methodology and fleet management plan; ensuring that components formally document fleet management decisions; and approving component fleet management plans, vehicle leases, and vehicle acquisitions.\15\ --------------------------------------------------------------------------- \15\ The FPS Vehicle Fleet is Not Managed Effectively, OIG-16-02 (October 2015); DHS Does Not Adequately Manage or Have Enforcement Authority Over Its Components' Vehicle Fleet Operations, OIG-14-126 (August 2014); DHS Home-to-Work Transportation, OIG-14-21 (December 2013). --------------------------------------------------------------------------- DHS has instituted major reforms to the acquisition process and has exerted significant leadership to gain control of an unruly and wasteful process. However, we worry that these reforms, if not continuously supported and enforced, could be undone. As DHS continues to build its acquisition management capabilities, it will need stronger Departmental oversight and authority, increased commitment by the Department and components, as well as skilled personnel to effect real and lasting change. Congress has previously introduced legislation designed to address DHS's acquisition challenges. We would support legislation that codifies existing policy and relevant offices; provides the necessary authority for key personnel and mechanisms within the Department to effectively manage major acquisition programs; reinforces the importance of key acquisition management practices, such as establishing cost, schedule, and capability parameters; and includes requirements to better identify and address poorly performing acquisition programs. homeland security grants management FEMA administers millions of dollars in homeland security preparedness grants. This is money given to States and communities to increase their capacity to prepare for and respond to a homeland security disaster. However, we find that FEMA does a fairly poor job of ensuring that the money is not wasted. We believe that this is a result of a failure of leadership on the part of FEMA and structural and systemic issues inherent in the program. Since 2001, FEMA has awarded fire departments and first responder organizations almost $10 billion through the Assistance to Firefighters Grant (AFG) Program and Staffing for Adequate Fire and Emergency Response (SAFER) grants. In our 2016 audit, we reviewed whether recipients complied with grant requirements and guidance to prevent waste, fraud, and abuse of grant funds. We found that 64 percent (243 of 379) of AFG grant recipients (grantees) we reviewed did not comply with grant guidance and requirements because they did not support expenditures of more than $6.3 million with adequate documentation. Based on the results of our statistical sample analysis, $147.2 million (13 percent) of the $1.13 billion appropriated grant funds are possible questioned costs.\16\ --------------------------------------------------------------------------- \16\ FEMA's Grant Programs Directorate Did not Effectively Manage Assistance to Firefighters Grant Program-AFG Grants, OIG-16-100 (June 2016). --------------------------------------------------------------------------- We also found that 63 percent (88 of 139) of SAFER grant recipients (grantees) we reviewed did not comply with grant guidance and requirements to prevent waste, fraud, and abuse of grant funds. We found that they did not support expenditures of more than $17.75 million with adequate documentation, and they may have expended more than $692,000 in grant funds on ineligible items and activities. SAFER grant appropriations for fiscal years 2010 through 2012 totaled approximately $1.16 billion. We examined about $72 million in grant funds spent and are questioning $18.4 million.\17\ --------------------------------------------------------------------------- \17\ FEMA's Grant Programs Directorate Did Not Effectively Manage Assistance to Firefighters Grant Program--SAFER Grants, OIG-16-98 (June 2016). --------------------------------------------------------------------------- As a result of Congressional mandates, we have audited a significant number of homeland security preparedness grants and have made recommendations. Unfortunately, FEMA has largely failed to take advantage of our recommendations in any kind of systemic or organized way. In an overarching audit of OIG recommendations related to preparedness grants, we reported that FEMA had not adequately analyzed recurring recommendations to implement changes to improve its oversight of these grants. Specifically, of the 58 homeland security grant audits we looked at, which contained 490 recommendations, we found that 91 percent identified challenges that were present year after year. In other words, we would identify an issue with one State's grant and make recommendations, but FEMA would not make systemic changes to ensure that the same issue was not repeated in other State grants. Simply put, when it comes to administration of homeland security grants, FEMA is not a learning organization and is content to make the same mistakes over and over again.\18\ --------------------------------------------------------------------------- \18\ Analysis of Recurring Audit Recommendations Could Improve FEMA's Oversight of HSGP, OIG-16-49 (March 2016). --------------------------------------------------------------------------- Based on our recurring audit findings, it is critically important that FEMA officials examine regulations, policies, and procedures and assess the need for more robust changes throughout all grant programs. FEMA should refocus its efforts to identify systemic issues and develop solutions to address the cause and not just the symptoms. FEMA needs to improve its oversight of State grantees and proactively engage with States to improve management and guidance of subgrantees. management fundamentals Although neither exciting nor publicly lauded, the basics of management are the lifeblood of informed decision making and successful mission performance. Management fundamentals include having accurate, complete information on operations and their cost; meaningful performance metrics on programs and goals; and appropriate internal controls. The Department has made strides in establishing its management fundamentals, including obtaining an unmodified opinion on its financial statements for the last 3 years. However, DHS still cannot obtain such an opinion on its internal controls over financial reporting. In plain terms, this means the Department can assemble reasonably accurate financial statements at the end of the fiscal year, but it has no assurance that its financial information is accurate and up-to-date throughout the year. DHS has also instituted many positive steps such as over-arching acquisition policies and other meaningful acquisition reforms, but the value of these steps is undermined by the lack of discipline in management fundamentals. We have summarized the on-going challenges the Department faces into three main categories, but caution that these challenges are both interrelated and cumulative: Collecting the Right Data The Department does not prioritize collection of data in its program planning, does not always gather enough data, and does not validate the data it receives to ensure it is accurate and complete. The lack of reliable and complete data permeates through the entire Department and its components and is often accompanied by too little management oversight and weak internal controls. DHS leadership does not always assert its authority over the components to ensure it gets the data it needs when it needs it. As a result, DHS and the components often struggle making good decisions on acquisitions (what is needed and how much is needed) and correctly deploying resources (people, as well as acquired goods and services). Further, DHS does not have the data required to measure performance and use the feedback to adjust and improve programs and operations. We have identified numerous examples of this issue, including DHS's lack of accurate and complete inventory data for equipment, which hindered the provision of needed interoperable radio equipment, and incomplete inventory data on warehouse space, which led to wasted resources.\19\ Simply put, without the foundation of solid data, DHS cannot be certain it will achieve its mission and spend taxpayer dollars wisely and efficiently. --------------------------------------------------------------------------- \19\ Reporting and Oversight Needed to Help Manage DHS's Warehouse Portfolio, OIG-15-138 (August 2015). --------------------------------------------------------------------------- Collecting and Analyzing Cost Data The Department, like most Federal Government agencies, does not put sufficient emphasis on collecting cost data for operations and programs. Successful businesses unfailingly track cost data because the cost of their operations or products directly impacts their bottom line revenue. Government does not have that bottom-line drive for cost information; yet, all Government programs rely on informed decision making to optimize performance. Without cost information, DHS cannot conduct a reliable cost-benefit analysis of proposed program or policy changes or new initiatives. Because it does not fully understand the costs of its program choices, the Department is not equipped to analyze its risk decisions. The lack of information on program costs also limits basic investment decisions among competing programs. Our fiscal year audit of CBP's unmanned aircraft system program highlighted CBP's failure to capture complete cost data for the program. CBP did not include all the actual operating costs because some costs were paid from a different budget line item or program. We determined that CBP was dramatically underestimating the cost of the program at the same time it was considering expanding the program.\20\ Program decisions based on inaccurate or incomplete cost analysis can lead to program failure, poor performance, or significant delays. Since we issued our audit report, DHS has made substantial progress toward developing a common flying hour program. --------------------------------------------------------------------------- \20\ U.S. Customs and Border Protection's Unmanned Aircraft System Program Does Not Achieve Intended Results or Recognize All Costs of Operations, OIG-15-17 (December 2014). --------------------------------------------------------------------------- Performance Measurement DHS does not routinely establish meaningful performance measures for many of its on-going initiatives and programs. Multiple audit and inspection reports identify deficiencies in or the absence of DHS performance measures. Our audits have identified costly programs that DHS has not measured for effectiveness. Therefore, we do not know whether the investment of taxpayer resources is a good one. For example: TSA has continued to invest in its Screening of Passengers by Observation Techniques program without valid performance metrics to evaluate whether the investment is yielding appropriate results. In fact, 3 years after our initial audit, we found that TSA still is unable to determine its effectiveness.\21\ --------------------------------------------------------------------------- \21\ Verification Review of Transportation Security Administration's Screening of Passengers by Observation Techniques/ Behavior Detection and Analysis Program, OIG-16-111-VR (July 2016). --------------------------------------------------------------------------- CBP's Streamline, an initiative to criminally prosecute individuals who illegally enter the United States, had flawed measures of effectiveness and did not capture an accurate picture of the alien's crossing history, re-entry, or re- apprehension over multiple years. As a result, CBP did not have good information to make management decisions about widening, maintaining, or constricting Streamline's parameters.\22\ --------------------------------------------------------------------------- \22\ Streamline: Measuring Its Effect on Illegal Border Crossing, OIG-15-95 (May 2015). --------------------------------------------------------------------------- One of the Department's critical functions is to protect the Nation by interdicting illicit drugs headed for the United States through air, land, or maritime borders; however, the Department's drug interdiction performance measures did not effectively assess the impact of its drug interdiction efforts. We found that the measures were not outcome-based or did not assess activities directly related to combating drug smuggling organizations. In one instance, the measure could be expanded to more accurately assess component drug interdiction activity effects toward dismantling transnational criminal organizations. This occurred because the Department did not establish minimum standards for components to use in developing effective performance measures. The Department instead relied on components to develop and implement performance measures to satisfy the Office of National Drug Control Policy priorities. As a result, DHS could not measure whether its drug interdiction efforts effectively support required National drug control outcomes.\23\ --------------------------------------------------------------------------- \23\ DHS Drug Interdiction Effects Need Improvement, OIG-17-09 (November 2016). --------------------------------------------------------------------------- Reliable and relevant feedback on program performance is critical to ensuring the Department does not invest its resources on unproductive, inefficient, or ineffective programs and initiatives. These critical business fundamentals, unglamorous as they may be, are part of any mature and functioning Government enterprise. The key to a more effective and efficient DHS is to focus on these basic Government business practices. DHS achieved its unmodified opinion on the financial statements through concentrated hard work and attention to detail at every level of the Department. Similar emphasis must be placed on mastering the fundamentals of business management before the Department can fully mature as a world class organization. Mr. Chairman, this concludes my testimony. I am happy to answer any questions you or other Members of the committee may have. Mr. Perry. Thank you, Mr. Roth. The Chair recognizes Ms. Gambler for her opening statement. STATEMENT OF REBECCA GAMBLER, DIRECTOR, HOMELAND SECURITY AND JUSTICE ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE Ms. Gambler. Good afternoon, Chairman, Ranking Member, Members of the subcommittee. I appreciate the opportunity to testify at today's hearing to discuss GAO's work on DHS's efforts to strengthen and integrate its management function. Since 2003 GAO has issued hundreds of reports addressing the range of DHS's mission and management functions and we have made about 2,500 recommendations to strengthen the Department's management and performance measurement, among other things. DHS has implemented more than 70 percent of these recommendations and has actions under way to address others. GAO also regularly reports to Congress on Government operations that we have identified as high-risk because of their greater vulnerability to fraud, waste, abuse, and mismanagement, or the need for transformation. In 2003 we designated implementing and transforming DHS as high-risk because DHS had to transform 22 agencies into one Department and the failure to address associated risks could have serious consequences for U.S. National and economic security. With DHS's maturation and evolution we have narrowed the scope of the high-risk area to focus on strengthening DHS's management functions, which include human capital, information and Technology, acquisition, and financial management. My remarks today will focus on two areas: First, DHS's progress and remaining actions to strengthen its management functions; and second, cross-cutting issues or themes that have affected DHS's efforts to implement its missions. First, DHS has made progress in meeting GAO's five criteria for removal from the high-risk list. Specifically, agencies must have: No. 1, strong commitment and top leadership support; No. 2, an action plan; No. 3, the capacity, which includes the people and other resources, to address the risks; No. 4, a program for monitoring progress; and No. 5, demonstrated progress in implementing corrective actions. In our 2017 high-risk update, which we issued yesterday, we found that DHS has met three of our criteria: Demonstrating leadership commitment, and having a corrective action plan, and a framework for monitoring progress. DHS has partially met the other two criteria. To help the Department in addressing our high-risk criteria GAO and DHS have agreed to 30 outcomes across DHS's management functions. DHS has fully or mostly addressed 21 of these outcomes and has partially addressed or initiated activities relative to the others. For example, within acquisition management the Department has made progress in validating required acquisition documents for its major programs, but more work is needed to demonstrate that major programs are on track to achieve cost, schedule, and capability goals. Further, within human capital management DHS has developed and made progress on implementing a strategic human capital plan; however, DHS has considerable work ahead to improve employee morale. Second, we have identified various themes that have impacted DHS's progress in implementing its mission functions. These themes include leading and coordinating the homeland security enterprise, and strategically managing risks and assessing homeland security efforts. While DHS has made important progress in addressing these themes, they continue to affect the Department's implementation efforts. For example, while DHS has made important strides in coordinating efforts with homeland security partners in various mission areas, our work has shown that DHS could further improve its coordination and outreach in such areas as facility security and critical infrastructure. Further, DHS and its components have strengthened their risk and performance assessments of various programs and initiatives. However, opportunities exist for the Department and its components to improve their risk and performance assessment efforts in such areas as the adjudication of immigration benefits. As I close I think it is important to note that DHS has made progress in addressing those issues that contribute to its designation as high-risk. While this progress has been positive, DHS needs to continue to demonstrate measurable and sustainable progress in implementing corrective actions and achieving those outcomes we and the Department have identified. Efforts by the Department and Congress--through proposed legislation and continued oversight, for example--are important to helping ensure that the Department has the people, processes, and systems in place to strengthen management functions and address remaining challenges. GAO will also continue to work constructively with the Department. For example, senior GAO and DHS officials have met routinely over the past several years to discuss the Department's plans and progress in addressing this high-risk area, and we plan to continue these efforts. This concludes my oral statement, and I am happy to answer any questions Members have. [The prepared statement of Ms. Gambler follows:] Prepared Statement of Rebecca Gambler February 16, 2017 Chairman Perry, Ranking Member Correa, and Members of the subcommittee: Thank you for the opportunity to discuss the Department of Homeland Security's (DHS) on-going efforts to strengthen and integrate its management functions. In the 14 years since the Department's creation, DHS has implemented key homeland security operations, achieved important goals and milestones, and grown to more than 240,000 employees and approximately $67 billion in budget authority. We have issued hundreds of reports addressing the range of DHS's missions and management functions, and our work has identified gaps and weaknesses in the Department's operational and implementation efforts, as well as opportunities to strengthen their efficiency and effectiveness. Since 2003, we have made approximately 2,500 recommendations to DHS to strengthen program management, performance measurement efforts, and management processes, among other things. DHS has implemented more than 70 percent of these recommendations and has actions under way to address others. We also report regularly to Congress on Government operations that we identified as high-risk because of their increased vulnerability to fraud, waste, abuse, and mismanagement, or the need for transformation to address economy, efficiency, or effectiveness challenges. In 2003, we designated Implementing and Transforming DHS as high-risk because DHS had to transform 22 agencies--several with major management challenges--into one department, and failure to address associated risks could have serious consequences for U.S. National and economic security.\1\ Given the significant effort required to build and integrate a department as large and complex as DHS, our initial high- risk designation addressed the Department's initial transformation and subsequent implementation efforts, to include associated management and programmatic challenges.\2\ --------------------------------------------------------------------------- \1\ GAO, High-Risk Series: An Update, GAO-03-119 (Washington, DC: January 2003). \2\ DHS also has responsibility for other areas we have designated as high-risk. Specifically, in 2005, we designated establishing effective mechanisms for sharing and managing terrorism-related information to protect the homeland as high-risk, involving a number of Federal departments, to include DHS. In our 2017 update, we removed this area from the High-Risk List because the Program Manager for the Information Sharing Environment and key departments and agencies, such as DHS, made significant progress to strengthen how intelligence on terrorism, homeland security, and law enforcement, as well as other information, is shared among Federal, State, local, Tribal, international, and private-sector partners. In 2006, we identified the National Flood Insurance Program as high-risk. Further, in 2003, we expanded the scope of the high-risk area involving Federal information security, which was initially designated as high-risk in 1997, to include the protection of the Nation's computer-reliant critical infrastructure. See GAO, High-Risk Series: Progress on Many High-Risk Areas, While Substantial Efforts Needed on Others, GAO-17-317 (Washington, DC: February 2017); High-Risk Series: An Update, GAO-09- 271 (Washington, DC: January 2009); High-Risk Series: An Update, GAO- 07-310 (Washington, DC: January 2007); and High-Risk Series: An Update, GAO-05-207 (Washington, DC: January 2005). --------------------------------------------------------------------------- Since 2003, the focus of the Implementing and Transforming DHS high-risk area has evolved in tandem with DHS's maturation and evolution. In September 2011, we reported in our assessment of DHS's progress and challenges 10 years after the terrorist attacks of September 11, 2001, that the Department had implemented key homeland security operations and achieved important goals in many areas to create and strengthen a foundation to reach its potential.\3\ However, we also reported that continuing weaknesses in DHS's management functions had been a key theme impacting the Department's implementation efforts. While challenges remain for DHS across its range of missions, the Department has made considerable progress in transforming its original component agencies into a single Cabinet- level department and positioning itself to achieve its full potential. As a result, in our 2013 high-risk update, we narrowed the scope of the high-risk area to focus on strengthening DHS management functions (human capital, acquisition, financial management, and information technology [IT]), and changed the name from Implementing and Transforming DHS to Strengthening DHS Management Functions to reflect this focus.\4\ Finally, in our 2015 high-risk update, we found that DHS's top leadership had continued to demonstrate exemplary commitment to and support for addressing the Department's management challenges and that DHS had made important progress in strengthening its management functions. However, we also found in our 2015 update that DHS continued to face significant management challenges that hindered its ability to achieve its missions and concluded that DHS needed to continue to demonstrate sustainable, measurable progress in addressing key challenges that remained within and across its management functions.\5\ --------------------------------------------------------------------------- \3\ GAO, Department of Homeland Security: Progress Made and Work Remaining in Implementing Homeland Security Missions 10 Years after 9/ 11, GAO-11-881 (Washington, DC: Sept. 7, 2011). \4\ GAO, High-Risk Series: An Update, GAO-13-283 (Washington, DC: February 2013). \5\ GAO, High-Risk Series: An Update, GAO-15-290 (Washington, DC: February 2015). --------------------------------------------------------------------------- In November 2000, we published our criteria for removing areas from the High-Risk List.\6\ --------------------------------------------------------------------------- \6\ GAO, Determining Performance and Accountability Challenges and High Risks, GAO-01-159SP (Washington, DC: November 2000). --------------------------------------------------------------------------- Specifically, agencies must have: (1) A demonstrated strong commitment and top leadership support to address the risks; (2) the capacity (that is, the people and other resources) to resolve the risks; (3) a corrective action plan that identifies the root causes, identifies effective solutions, and provides for substantially completing corrective measures in the near term, including but not limited to steps necessary to implement solutions we recommended; (4) a program instituted to monitor and independently validate the effectiveness and sustainability of corrective measures; and (5) the ability to demonstrate progress in implementing corrective measures. In a September 2010 letter to DHS, we identified and DHS agreed to achieve 31 outcomes that are critical to addressing challenges within the Department's management areas and in integrating those functions across the Department. In March 2014, we updated these outcomes in collaboration with DHS to reduce overlap and ensure their continued relevance and appropriateness. These updates resulted in a reduction from 31 to 30 total outcomes. The 30 key outcomes include, among others, validating required acquisition documents in accordance with a Department-approved, knowledge-based acquisition process; and sustaining clean audit opinions for at least 2 consecutive years on Department-wide financial statements and internal controls over financial reporting. Achieving sustained progress across the outcomes requires leadership commitment, effective corrective action planning, adequate capacity, and monitoring the effectiveness and sustainability of supporting initiatives. My statement discusses: (1) DHS's progress and actions remaining in strengthening and integrating its management functions, and (2) cross- cutting issues that have affected DHS's progress in implementing its mission functions. This statement is based on GAO's 2017 high-risk update report as well as reports and testimonies we issued from September 2011 through mid-February 2017.\7\ For these products, among other things, we analyzed DHS strategies and other documents related to the Department's efforts to address its high-risk areas, including analysis from our past reports issued since DHS began its operations in March 2003, and interviewed DHS officials. More detailed information on the scope and methodology of our prior work can be found within each specific report. We conducted the work on which this statement is based in accordance with generally accepted Government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. --------------------------------------------------------------------------- \7\ GAO-17-317. See also the related GAO products list at the end of this statement. --------------------------------------------------------------------------- dhs has made important progress in strengthening its management functions, but considerable work remains DHS Progress in Meeting Criteria for Removal from the High-Risk List DHS's efforts to strengthen and integrate its management functions have resulted in progress addressing our criteria for removal from the High-Risk List. In particular, in our 2017 high-risk report, which we released yesterday, we found that DHS's continued efforts to strengthen and integrate its acquisition, IT, financial, and human capital management functions have resulted in the Department meeting three criteria for removal from the High-Risk List (leadership commitment, a corrective action plan, and a framework to monitor progress) and partially meeting the remaining two criteria (capacity and demonstrated, sustained progress), as shown in Table 1. TABLE 1.--ASSESSMENT OF DEPARTMENT OF HOMELAND SECURITY (DHS) PROGRESS IN ADDRESSING THE STRENGTHENING DHS MANAGEMENT FUNCTIONS HIGH-RISK AREA, AS OF FEBRUARY 2017 ---------------------------------------------------------------------------------------------------------------- Criterion for Removal From High-Risk List Met* Partially Met** Not Met*** ---------------------------------------------------------------------------------------------------------------- Leadership commitment........................................ X ............... ............... Capacity..................................................... ............... X ............... Action plan.................................................. X ............... ............... Framework to monitor progress................................ X ............... ............... Demonstrated, sustained progress............................. ............... X ............... -------------------------------------------------- Total.................................................. 3 2 0 ---------------------------------------------------------------------------------------------------------------- Source: GAO analysis of DHS documents, interviews, and prior GAO reports. GAO-17-409T. * ``Met'': There are no significant actions that need to be taken to further address this criterion. ** ``Partially met'': Some but not all actions necessary to generally meet the criterion have been taken. *** ``Not met'': Few, if any, actions toward meeting the criterion have been taken. In our 2017 high-risk report, we found that DHS's top leadership, including the Secretary and Deputy Secretary of Homeland Security, demonstrated exemplary commitment and support for addressing the Department's management challenges. DHS established a framework for monitoring its progress in its Integrated Strategy for High-Risk Management, in which it has included performance measures to track the implementation of key management initiatives since June 2012. In addition, we found that since our 2015 high-risk update, DHS has strengthened its monitoring efforts for financial system modernization programs that are key to effectively supporting the Department's financial management operations, resulting in DHS meeting the monitoring criteria for the first time. We also found that DHS has updated its Integrated Strategy for High-Risk Management, demonstrating a continued focus on addressing this high-risk designation, and made important progress in identifying and putting in place the people and resources needed to resolve Departmental management risks. Congress also has taken a number of actions to support and oversee DHS's progress in strengthening its management functions. For example, the National Defense Authorization Act for Fiscal Year 2017 includes a mandate that the DHS Under Secretary for Management report to us every 6 months to demonstrate measurable, sustainable progress made in implementing DHS's corrective action plans to address the Strengthening DHS Management Functions high-risk area until we submit written notification of the area's removal from the High-Risk List to the appropriate Congressional committees.\8\ Similar provisions were included in the DHS Headquarters Reform and Improvement Act of 2015,\9\ the DHS Accountability Act of 2016,\10\ and the DHS Reform and Improvement Act.\11\ --------------------------------------------------------------------------- \8\ Pub. L. No. 114-328, Sec. 1903(b) (codified at 6 U.S.C. Sec. 341(a)(11)). \9\ H.R. 3572, 114th Cong. (as passed by House, Oct. 20, 2015). \10\ S. 2976, 114th Cong. Sec. 101(b) (as reported by S. Comm. on Homeland Sec. and Gov'tal Affairs, June 28, 2016). \11\ H.R. 6381, 114th Cong. (2016). --------------------------------------------------------------------------- Below we provide more detailed information on DHS's progress in meeting criteria for removal from the High-Risk List. Leadership commitment (met).--We found in our 2017 high-risk report that the Secretary and Deputy Secretary of Homeland Security, the DHS Under Secretary for Management, and other senior DHS officials demonstrated exemplary commitment and top leadership support for addressing the Department's management challenges. We also found that they took actions to institutionalize this commitment to help ensure the long-term success of the Department's efforts. For example, the Secretary of Homeland Security's Unity of Effort initiative helped to strengthen the integration of DHS's business operations across the Department by, for example, finalizing a management directive in June 2015 that formally establishes multiple senior leader forums for on- going review of Departmental initiatives.\12\ The Secretary's Unity of Effort initiative also established enhancements to DHS's budgeting process by creating a new approach to mission-focused, cross-DHS budget development and assessment. Senior DHS officials have also routinely met with us over the past 8 years to discuss the Department's plans and progress in addressing this high-risk area. During this time, we provided specific feedback on the Department's efforts. According to DHS officials, and as demonstrated through their progress, the Department continues to be committed to demonstrating measurable, sustained progress in addressing this high-risk area. For example, during monthly leadership meetings with the Under Secretary for Management, the Department's Chief Executive Officers for each management area provide status updates on their respective business function's efforts to achieve progress on outstanding actions that are to be accomplished related to the high-risk area. According to DHS officials, these meetings provide an opportunity to maintain leadership support and accountability for making progress toward resolving management challenges facing the Department. We concluded in our 2017 high-risk report that it will be important for DHS to maintain its current level of top leadership support and commitment to ensure continued progress in successfully completing its corrective actions. --------------------------------------------------------------------------- \12\ DHS, Secretary of Homeland Security, Strengthening Departmental Unity of Effort, Memorandum for DHS Leadership (Washington, DC: Apr. 22, 2014). This memorandum committed to, among other things, improving DHS's planning, programming, budgeting, and execution processes through strengthened Departmental structures and increased capability. DHS, Strengthening Departmental Unity of Effort, Management Directive 071-01 (Washington, DC: June 30, 2015). --------------------------------------------------------------------------- Capacity (partially met). In our 2017 high-risk report, we found that DHS has taken important actions to identify and put in place the people and resources needed to resolve Departmental management risks; however, DHS needs to make additional progress identifying and allocating resources in certain areas to sufficiently demonstrate that it has the capacity to achieve and sustain corrective actions and outcomes. Toward achieving the 30 outcomes we identified and DHS agreed were needed to address the high-risk area, DHS has issued 10 updated versions of its initial January 2011 Integrated Strategy for High-Risk Management, most recently in August 2016. Prior to the January 2016 Integrated Strategy for High-Risk Management, DHS did not identify sufficient resources in a number of areas, which could undermine DHS's efforts to strengthen its management functions. For example, in June 2015, DHS identified that it had resources and personnel needed to implement 8 of the 11 key management initiatives it was undertaking to achieve the 30 outcomes, but did not identify sufficient resources for the 3 remaining initiatives. In addition, our prior work has identified specific capacity gaps that could undermine achievement of management outcomes. In contrast, DHS's January and August 2016 updated versions of its strategy stated that it had addressed previously identified capacity shortfalls in areas such as IT human capital management and acquisition management, it had sufficient resources to achieve all 30 outcomes, and it had self-assessed the capacity criterion as fully met. In its August 2016 updated version of its strategy, DHS also provided illustrative examples of actions it had taken within and across its management areas to demonstrate the Department's ability to resolve potential risks to achieving the 30 outcomes, such as establishing a permanent office for the Unity of Effort Integration within the Office of Policy to oversee Unity of Effort implementation. However, we found in our 2017 high-risk report that DHS needs to make additional progress identifying and allocating resources in certain areas. Acquisition Management.--With respect to acquisition, DHS's 2016 staffing assessments focused on identifying critical acquisition-related position gaps rather than all major program acquisition-related positions; consequently, some programs were assessed as being fully or almost fully staffed for critical positions despite significant staffing shortfalls in the overall program. We concluded that this increased focus on critical gaps may limit DHS's insight into the size and nature of acquisition-related staffing shortfalls, making it difficult for DHS to develop a plan or process to address these vacancies. In December 2016, DHS updated its staffing assessment guidance to re-focus the assessment process on all major program acquisition-related positions. However, DHS plans to pilot the implementation of this policy update incrementally during 2017 and the timing of full implementation is not yet known. IT management.--DHS's fiscal year 2015-2018 IT Strategic Plan introduced the department's plan to shift the IT paradigm from acquiring assets to acquiring services and acting as a service broker. The Department's August 2016 updated version of its strategy reported that this shift is a mechanism for building capacity to resolve risk. However, while DHS issued a workforce planning contract in July 2016 to help DHS headquarters transition to the skillsets needed to accommodate the service broker model, Department officials stated that they have not yet defined what those skill sets are or analyzed the skills gaps resulting from the paradigm shift. Because DHS has yet to comprehensively assess IT human capital gaps within headquarters, it remains unclear whether DHS has the capacity to support this paradigm shift. Financial Management.--Additionally, although DHS continues to make progress toward modernizing its financial management systems, critical information needed to determine the resources required for two of three key modernization projects is not available as the projects are not yet to a point where DHS can determine what resources are required. We reported that the discovery phase of these projects provides essential information for determining the implementation schedule and finalizing cost estimates that are needed prior to approving the projects for implementation; however, this phase is not expected to be completed for DHS's Federal Emergency Management Agency (FEMA) and U.S. Immigration and Customs Enforcement modernization projects until April 2017.\13\ --------------------------------------------------------------------------- \13\ The discovery phase includes an in-depth analysis of the requirements and capabilities of the new system, also known as a gap analysis, and is also performed to determine the feasibility of implementing, deploying, and maintaining financial management services for the chosen solution. --------------------------------------------------------------------------- In our 2017 high-risk report we found that DHS has taken actions to address some of its previous capacity shortcomings and ensure that the Department has the people and resources necessary to resolve risk. However, we also found that additional progress is needed to ensure that DHS has sufficient capacity not only to resolve risks, but to fully achieve and sustain the 30 outcomes. As a result, we assessed DHS as having partially met the capacity criterion. We concluded that DHS needs to continue to comprehensively identify the people and resources necessary to make progress toward achieving all 30 outcomes; work to mitigate shortfalls and prioritize initiatives, as needed; and communicate to senior leadership about critical resource gaps requiring resolution. Action plan (met).--In our 2017 high-risk report, we found that DHS previously established a plan for addressing this high-risk area as discussed above, and has continued to take critical, actionable steps toward addressing challenges faced within the Department. As with prior iterations, DHS included in its most recent August 2016 version of its Integrated Strategy for High-Risk Management key management initiatives and related corrective actions for addressing each of the management challenges and related outcomes we identified. For example, the August 2016 updated version of its strategy includes information on actions DHS is taking for an initiative focused on financial systems modernization and an initiative focused on IT human capital management, which support various outcomes. We concluded that DHS's strategy and approach, if effectively implemented and sustained, provides a path for DHS to be removed from our High-Risk List. Monitoring (met).--We found in our 2017 high-risk report that DHS has met the monitor progress criterion as a result of steps the Department has taken since our 2015 high-risk update to strengthen its monitoring of key financial system modernization programs. DHS established a framework for monitoring its progress in implementing key management initiatives in the Integrated Strategy for High-Risk Management. In the June 2012 updated version of its strategy, DHS included, for the first time, performance measures to track its progress in implementing all of its key management initiatives. DHS continued to include performance measures in its August 2016 updated version of its strategy. For example, to monitor progress made toward strengthening the DHS acquisition process by improving the acquisition workforce, DHS management continues to monitor the percent of its nine acquisition certification policies completed--policies related to program management, cost estimating, and contracting among others--and the percent of required acquisition certification training developed. However, in our 2015 high-risk update, we found that DHS could strengthen its financial management monitoring efforts and thus concluded that the Department had partially met the criterion for establishing a framework to monitor progress. In particular, according to DHS officials, as of November 2014, the Department was establishing a monitoring program that would include assessing whether the projects modernizing key components of their financial management systems were following industry best practices and meeting users' needs. In 2015, we concluded that effectively implementing these modernization projects is important because until they are complete, the Department's systems will not effectively support financial management operations. Following the 2015 high-risk update, DHS entered into a contract for independent verification and validation services that should help ensure that financial management systems modernization projects meet key requirements. We concluded in our 2017 high-risk report that moving forward, DHS will need to continue to closely track and independently validate the effectiveness and sustainability of its corrective actions and make mid-course adjustments, as needed. Demonstrated progress (partially met).--In our 2017 high-risk report, we found that DHS has continued to make important progress in strengthening its management functions, but needs to demonstrate additional sustainable and measurable progress in addressing key challenges that remain within and across these functions. For example, DHS established the Joint Requirements Council, an acquisition oversight body, through which it has created a process for validating capability and requirements documents, among other things. DHS has also worked to improve the management and oversight of its IT investments by establishing and implementing a tiered governance and portfolio management structure. In addition, DHS obtained a clean audit opinion on its financial statements for 4 consecutive fiscal years--2013, 2014, 2015, and 2016. However, in our 2017 high-risk report we found that considerable work remains as DHS continues to face significant management challenges in key areas that hinder the Department's ability to meet its missions. For example, we found that while DHS has initiated acquisition program health assessments to demonstrate that major acquisition programs are on track to achieve their cost, schedule, and capability goals, it will take time to demonstrate that these initiatives will improve program performance. In addition, DHS does not have modernized financial management systems, which affects its ability to have ready access to reliable information for informed decision making. It is important that DHS retain and attract the talent required to complete its work--a challenge the Department continues to face due to employee morale issues. As a result, we concluded that addressing these and other management challenges will be a significant undertaking, but will be critical to mitigate the risks that management weaknesses pose to mission accomplishment. In the coming years, DHS needs to continue implementing its Integrated Strategy for High-Risk Management and maintain engagement with us to show measurable, sustainable progress in implementing corrective actions and achieving outcomes. In doing so, it will be important for DHS to: maintain its current level of top leadership support and sustained commitment to ensure continued progress in executing its corrective actions through completion; continue to identify the people and resources necessary to make progress toward achieving outcomes, work to mitigate shortfalls and prioritize initiatives, as needed, and communicate to senior leadership critical resource gaps; continue to implement its plan for addressing this high-risk area and periodically provide assessments of its progress to us and Congress; closely track and independently validate the effectiveness and sustainability of its corrective actions and make mid- course adjustments, as needed; and make continued progress in achieving the 17 outcomes it has not fully addressed and demonstrate that systems, personnel, and policies are in place to ensure that progress can be sustained over time. We will continue to monitor DHS's efforts in this high-risk area to determine if the outcomes are achieved and sustained over the long term. DHS Progress in Achieving Key High-Risk Outcomes As previously discussed, key to addressing the Department's management challenges is DHS demonstrating the ability to achieve sustained progress across the 30 outcomes we identified and DHS agreed were needed to address the high-risk area. In our 2017 high-risk report, we found that DHS has fully addressed 13 of these outcomes, mostly addressed 8, partially addressed 6, and initiated the remaining 3. Addressing some of these outcomes, such as those pertaining to improving employee morale and modernizing the Department's financial management systems, are significant undertakings that will likely require multi-year efforts. Table 2 summarizes DHS's progress in addressing the 30 key outcomes and is followed by selected examples, including recommendations that DHS should implement to strengthen its management functions. GAO ASSESSMENT OF DEPARTMENT OF HOMELAND SECURITY (DHS) PROGRESS IN ADDRESSING KEY OUTCOMES, AS OF FEBRUARY 2017 ---------------------------------------------------------------------------------------------------------------- Fully Mostly Partially Key management function addressed* addressed** addressed*** Initiated**** Total ---------------------------------------------------------------------------------------------------------------- Acquisition management........................ 2 2 1 ............. 5 Information technology management............. 3 3 ............ ............. 6 Financial management.......................... 2 ........... 3 3 8 Human capital management...................... 3 3 1 ............. 7 Management integration........................ 3 ........... 1 ............. 4 ---------------------------------------------------------------- Total.................................... 13 8 6 3 30 ---------------------------------------------------------------------------------------------------------------- Source: GAO analysis of DHS documents, interviews, and prior GAO reports. GAO-17-409T. * ``Fully addressed'': Outcome is fully addressed. ** ``Mostly addressed'': Progress is significant and a small amount of work remains. *** ``Partially addressed'': Progress is measurable, but significant work remains. **** ``Initiated'': Activities have been initiated to address the outcome, but it is too early to report progress. Acquisition Management.--In our 2017 high-risk report we found that DHS has fully addressed two of the five acquisition management outcomes, mostly addressed two outcomes, and partially addressed the remaining outcome. For example, we reported that DHS has validated the required acquisition documentation for all of its major acquisition programs, and plans to continue to ensure that all major acquisition programs have approved acquisition program baselines and to use a pre- Acquisition Review Board checklist to confirm that programs have all required documentation for Acquisition Decision Events. In addition, DHS has taken a number of recent actions to establish and operate the Joint Requirements Council. These actions include: (1) Establishing a process for validating capability and requirements documents, and (2) piloting a joint assessment of requirements process that is intended to eventually inform the Department's budget decisions. We also found that DHS continues to assess and address whether appropriate numbers of trained acquisition personnel are in place at the Department and component levels. Further, we reported in March 2016 that 11 of the 25 major DHS acquisition programs we reviewed remained on track to meet their current schedule and cost goals, while 8 experienced schedule slips, cost growth, or both.\14\ We found that major milestone dates for these programs slipped an average of 11 months, and Life-Cycle Cost Estimates increased by a total of $1.7 billion. In our 2017 high-risk report we found that DHS has initiated acquisition program health assessments to report to senior DHS management the status of major acquisition programs toward achieving cost, schedule, and capability goals; however, it will take time to demonstrate that such initiatives are improving program performance. In March 2016, we also reported that DHS leadership was taking steps to improve the affordability of its major acquisition portfolio, and that 14 of the 25 programs we reviewed had funding plans covering at least 93 percent of their estimated costs through fiscal year 2020.\15\ However, we found that DHS guidance does not require components to quantify cost estimates, funding streams, and the monetary value of proposed tradeoffs, and that it was uncertain whether DHS leadership will assess the remaining programs in a timely manner because the assessments are not required until major decisions, which can occur infrequently. In our March 2016 report, we concluded that without timely affordability assessments, the acquisition funding plans presented to Congress are less likely to be comprehensive. --------------------------------------------------------------------------- \14\ The remaining 6 programs lacked Department-approved schedule and cost goals at the time of our review (as of December 2015). See GAO, Homeland Security Acquisitions: DHS Has Strengthened Management, but Execution and Affordability Concerns Endure, GAO-16-338SP (Washington, DC: Mar. 31, 2016). \15\ GAO-16-338SP. --------------------------------------------------------------------------- We recommended in March 2016 that DHS: (1) Quantify information when assessing programs' funding gaps, (2) conduct these assessments in a timely manner, (3) communicate results to Congress, and (4) require components to establish formal affordability review processes. DHS concurred, and implemented the first recommendation by establishing guidance for components to provide detailed information about available funding and any associated shortfalls. DHS also has efforts under way to address the remaining three recommendations by requiring Department components to submit key funding information annually for major acquisition programs and ensuring all components establish formal, repeatable processes for addressing major acquisition affordability issues, among other actions. These actions, which DHS plans to complete by April 2017, will address our remaining recommendations once implemented. IT Management.--In our 2017 high-risk report we found that DHS has fully addressed three of the six IT management outcomes and mostly addressed the remaining three. For example, DHS established and implemented a tiered governance and portfolio management structure for overseeing and managing its IT investments, and annually reviews each of its portfolios and the associated investments to determine the most efficient allocation of resources within each of the portfolios. We found that the Department also made progress in implementing strategic IT human capital planning goals that support the Department's IT Strategic Plan. In this strategic plan, DHS shifted its IT paradigm from acquiring assets to acquiring services and acting as a service broker, or intermediary between the purchaser of a service and seller of that service. However, according to DHS officials, this shift will require a major transition in the skill sets of DHS's IT workforce, as well as hiring, training, and managing staff with those new skill sets. While DHS issued a contract in July 2016 for support services to assist DHS headquarters in implementing this transition, Department officials stated in September 2016 that they have not yet defined the skill sets needed to implement the paradigm shift or identified what skills gaps exist. Additionally, we found that DHS continues to take steps to enhance its information security program. According to independent auditors of the Department's financial statements, DHS had made progress in correcting its prior year IT security weaknesses. However, in November 2016--for the 13th consecutive year--the auditors designated deficiencies in IT systems controls as a material weakness for financial reporting purposes.\16\ --------------------------------------------------------------------------- \16\ A material weakness is a deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected, on a timely basis. A significant deficiency is a deficiency, or combination of deficiencies, in internal control that is less severe than a material weakness, but is important enough to merit attention by those charged with governance. --------------------------------------------------------------------------- Financial Management.--We found in our 2017 high-risk report that DHS has fully addressed two financial management outcomes, partially addressed three, and initiated three.\17\ Most notably, DHS received a clean audit opinion on its financial statements for 4 consecutive years--fiscal years 2013, 2014, 2015, and 2016--fully addressing two outcomes. In addition, in November 2016, DHS's financial statement auditors reported that one of four material weaknesses in its internal controls over financial reporting had been remediated since our last high-risk update. We found that DHS has continued efforts to improve internal controls and expects that it will remediate the remaining three by fiscal year 2017. As we reported, until remediated, these weaknesses will continue to hamper DHS's ability to establish effective internal controls over financial reporting and comply with financial management system requirements. We found that DHS also continues to make progress on three multi-year projects to modernize financial management systems for selected DHS components. Specifically, DHS has made progress on its U.S. Coast Guard modernization project, whereas additional efforts need to be completed on its projects to modernize FEMA and U.S. Immigration and Customs Enforcement financial management systems before DHS will be in a position to implement modernized solutions for these components and their customers. --------------------------------------------------------------------------- \17\ As previously discussed, in March 2014, we updated the actions and outcomes in collaboration with DHS to reduce overlap and ensure their continued relevance and appropriateness. These updates resulted in a reduction from nine to eight total financial management actions and outcomes. --------------------------------------------------------------------------- For example, discovery phase activities to determine the feasibility of implementing, deploying, and maintaining the chosen solution are not expected to be completed for these two projects until April 2017. Such information is essential for determining the implementation schedule and finalizing cost estimates that are needed prior to approving the projects for implementation. We concluded in our 2017 high-risk report that without sound internal controls and systems, DHS faces long-term challenges in sustaining a clean audit opinion on its financial statements and in obtaining and sustaining a clean opinion on its internal controls over financial reporting, which are needed to ensure that its financial management systems generate reliable, useful, and timely information for day-to-day decision making as a routine business operation. Human Capital Management.--In our 2017 high-risk report, we found that DHS has fully addressed three human capital management outcomes, mostly addressed three, and partially addressed the remaining one. For example, the Secretary of Homeland Security signed a human capital strategic plan in 2011--which was revised and reissued in 2014--that DHS has since made sustained progress in implementing, thereby fully addressing one outcome.\18\ In addition, we found that DHS fully met one outcome for the first time by linking workforce planning efforts to strategic and program planning efforts. Specifically, DHS successfully demonstrated the ability to conduct structured workforce planning for the majority of its priority mission-critical occupations at the Department in fiscal year 2015, and for all mission-critical occupations in fiscal year 2016. To support this planning, DHS issued its Workforce Planning Guide in 2015, which enabled DHS components to apply a consistent and Departmentally-approved methodology, including the use of standardized tools and templates.\19\ DHS also published and implemented a Department-wide Employee Engagement Action Plan, which DHS's components used to develop tailored action plans for their own employee engagement and outreach. --------------------------------------------------------------------------- \18\ DHS, Human Capital Strategic Plan Fiscal Years 2015-2019 (Washington, DC: October 2014). \19\ DHS, Office of the Chief Human Capital Officer, DHS Workforce Planning Guide (Washington, DC: July 2015). --------------------------------------------------------------------------- However, we found that DHS has considerable work ahead to improve employee morale. For example, the Office of Personnel Management's Federal Employee Viewpoint Survey data showed that DHS's scores generally declined in four areas (leadership and knowledge management, results-oriented performance culture, talent management, and job satisfaction) from 2008 through 2015. DHS has developed plans for addressing its employee satisfaction problems and improved scores in all four areas in 2016, but as we recommended in September 2012, DHS needs to continue to improve its root-cause analysis efforts related to these plans.\20\ --------------------------------------------------------------------------- \20\ GAO, Department of Homeland Security: Taking Further Action to Better Determine Causes of Morale Problems Would Assist in Targeting Action Plans, GAO-12-940 (Washington, DC: Sept. 28, 2012). --------------------------------------------------------------------------- DHS also needs to continue strengthening its learning management capabilities. Specifically, in February 2016, we reported that DHS had initiated the Human Resources Information Technology (HRIT) investment in 2003 to address issues presented by its human resource environment.\21\ With respect to learning management, in February 2016 we found limitations resulting from nine disparate learning management systems that did not exchange information.\22\ DHS established the Performance and Learning Management System (PALMS) to consolidate DHS's nine existing systems into one system and enable comprehensive training reporting and analysis across the Department, among other things. However, in our 2016 report, we found that selected PALMS capabilities had been deployed to DHS headquarters and two components, but full implementation at four components was not planned, leaving uncertainty about whether PALMS would be used enterprise-wide to accomplish these goals. As of September 2016, DHS had deployed selected PALMS capabilities to one additional component and had plans to implement it at two additional components in the first half of fiscal year 2017. --------------------------------------------------------------------------- \21\ GAO, Homeland Security: Oversight of Neglected Human Resources Information Technology Investment is Needed, GAO-16-253 (Washington, DC: Feb. 11, 2016). \22\ GAO-16-253. --------------------------------------------------------------------------- Management Integration.--In our 2017 high-risk report, we found that DHS has sustained its progress in fully addressing three of the four management integration outcomes, and partially addressed the remaining outcome. For example, in January 2011, DHS issued a comprehensive action plan to guide its management integration efforts-- the Integrated Strategy for High-Risk Management. Since then, DHS has generally improved the strategy with each updated version based on feedback we provided. DHS has also shown important progress in addressing the last and most significant management integration outcome--to implement outcomes in each management area to develop consistent or consolidated processes and systems within and across its management functional areas. For example, the Secretary's April 2014 Strengthening Departmental Unity of Effort memorandum highlighted a number of initiatives designed to allow the Department to operate in a more integrated fashion. Further, in support of this effort, in August 2015, the Under Secretary for Management identified four integrated priority areas to bring focus to strengthening integration among the Department's management functions. According to DHS's August 2016 updated version of its strategy, these priorities--which include, for example, strengthening resource allocation and reporting reliability and developing and deploying secure technology solutions--each include detailed goals, objectives, and measurable action plans that are monitored at monthly leadership meetings led by senior DHS officials, including the Under Secretary for Management. Accomplishments DHS officials attribute to the Unity of Effort initiative and integrated priorities initiatives include the following, among others: DHS's Office of Program Accountability and Risk Management developed and implemented a policy directive to monitor and track critical staffing gaps for major acquisition programs to ensure that such gaps are identified and remediated in a timely manner.\23\ --------------------------------------------------------------------------- \23\ DHS, Major Acquisition Program Staffing Management, DHS Policy Directive 102-05 (Washington, DC: June 30, 2016). In December 2016, based in part on our input, DHS subsequently updated its staffing assessment guidance to re-focus the assessment process on all major program acquisition-related positions. This will be discussed further in our assessment of DHS's major acquisitions programs, to be issued in March 2017. --------------------------------------------------------------------------- DHS Science and Technology Directorate established Integrated Product Teams to better link the Department's research and development investments with the Department's operational needs. DHS strengthened its strategy, planning, programming, budgeting, execution, and acquisition processes by improving existing structures and creating new ones where needed to build additional organizational capability. DHS has institutionalized these reforms by issuing a range of Departmental management directives and instructions. However, as we reported in the 2017 high-risk report, given that these main management integration initiatives are in the early stages of implementation and contingent upon DHS sustaining implementation plans and efforts over a period of years, it is too early to assess their effects. We concluded that to achieve this outcome, DHS needs to continue to demonstrate sustainable progress integrating its management functions within and across the Department and its components, as well as fully address the other 17 outcomes it has not yet achieved. key themes continue to impact dhs's progress in implementing its mission functions In September 2011, we identified three key themes that had impacted DHS's progress in implementing its mission functions since it began operations: (1) Executing and integrating its management functions for results, (2) leading and coordinating the homeland security enterprise, and (3) strategically managing risks and assessing homeland security efforts.\24\ As previously discussed, DHS has made important progress with respect to the first theme by strengthening and integrating its management functions, but considerable work remains. Our recent work indicates that DHS has similarly made progress related to the other two themes of leading and coordinating the homeland security enterprise and strategically managing risk and assessing homeland security efforts, but that these two themes continue to impact the Department's progress in implementing its mission functions. Further, our recent work has also found that by addressing these two key themes, DHS could improve the efficiency and effectiveness of its operations. --------------------------------------------------------------------------- \24\ GAO-11-881. --------------------------------------------------------------------------- Leading and coordinating the homeland security enterprise.--As we reported in September 2011, while DHS is one of a number of entities with a role in securing the homeland, it has significant leadership and coordination responsibilities for managing efforts across the homeland security enterprise.\25\ To satisfy these responsibilities, it is critically important that DHS develop, maintain, and leverage effective partnerships with its stakeholders while at the same time addressing DHS-specific responsibilities in satisfying its missions. Before DHS began operations, we reported that to secure the Nation, DHS must form effective and sustained partnerships among components and also with a range of other entities, including Federal agencies, State and local governments, the private and nonprofit sectors, and international partners.\26\ DHS has made strides in providing leadership and coordinating efforts. For example, in December 2015, we reported on the efforts of the Federal Protective Service (FPS), an agency within DHS, to collaborate with the General Services Administration (GSA) to implement their joint responsibilities to secure and protect approximately 8,900 Federal facilities.\27\ We found that FPS and GSA have taken some steps to improve collaboration, such as drafting a joint strategy and renewing negotiations to update their 2006 memorandum of agreement on roles, responsibilities, and operational relationships concerning the security of GSA-controlled space. --------------------------------------------------------------------------- \25\ GAO-11-881. \26\ GAO, Department of Homeland Security: Progress Report on Implementation of Mission and Management Functions, GAO-07-454 (Washington, DC: Aug.17, 2007). \27\ GAO, Homeland Security: FPS and GSA Should Strengthen Collaboration to Enhance Facility Security, GAO-16-135 (Washington, DC: Dec. 16, 2015). --------------------------------------------------------------------------- However, our recent work has also identified opportunities for DHS to improve its partnerships, and in turn, improve the efficiency and effectiveness of its operations. For example, our 2016 annual report on fragmentation, overlap, and duplication identified strengthening FPS and GSA collaboration as an opportunity for improving efficiency and effectiveness.\28\ We reported that in December 2015, the two agencies had made limited progress in agreeing on several key practices GAO has previously identified that can enhance and strengthen collaboration.\29\ Specifically, FPS and GSA had not fully defined or articulated a common outcome or established mutually-reinforcing joint strategies; collaborated in communicating existing policies and procedures to operate across agencies and regions; or jointly developed mechanisms to monitor, evaluate, and report on the results of their related missions regarding facility protection. The incomplete implementation of key collaboration practices leaves day-to-day operational decisions to the regional and facility levels, a situation that may result in inconsistent management practices and may increase security lapses, putting facilities, tenants, and the public at greater risk. Thus, we recommended that FPS and GSA take actions to improve their collaboration by, among other things, establishing plans with time frames for reaching agreement on: (1) A joint strategy defining common outcomes and (2) roles and responsibilities. DHS concurred and as of December 2016, FPS reported that it had begun to take steps with GSA to resolve differences in agency opinions on security-related authorities for protecting Federal real property. FPS also stated that once an agreement has been established, both agencies would be better- positioned to devise a plan with time frames for finalizing a joint strategy. --------------------------------------------------------------------------- \28\ GAO, 2016 Annual Report: Additional Opportunities to Reduce Fragmentation, Overlap, and Duplication and Achieve Other Financial Benefits, GAO-16-375SP (Washington, DC: Apr. 13, 2016). \29\ See GAO, Results-Oriented Government: Practices That Can Help Enhance and Sustain Collaboration among Federal Agencies, GAO-06-15 (Washington, DC: Oct. 21, 2005). --------------------------------------------------------------------------- Further, in March 2016, we reported on Federal efforts to address the risks of electromagnetic pulse or solar weather events--events which could have a debilitating impact on critical electrical infrastructure and communications systems.\30\ We found, among other things, that DHS and the Department of Energy (DOE), the two primary Federal entities with responsibilities for addressing risks to the energy sector, had not taken action to identify key electrical infrastructure assets, as called for in DHS's National Infrastructure Protection Plan.\31\ We recommended that DHS and DOE collaborate to leverage their expertise to review existing Federal Energy Regulatory Commission analysis to determine whether further assessment is needed to adequately identify critical electric infrastructure assets. DHS and DOE concurred and stated that they intend to review the analysis by April 2017 and increase collaborative efforts on addressing risks to electrical infrastructure. --------------------------------------------------------------------------- \30\ GAO, Critical Infrastructure Protection: Federal Agencies Have Taken Actions to Address Electromagnetic Risks, but Opportunities Exist to Further Assess Risks and Strengthen Collaboration, GAO-16-243 (Washington, DC: Mar. 24, 2016). \31\ The National Infrastructure Protection Plan provides the overarching approach for integrating the Nation's critical infrastructure security and resilience activities into a single National effort. --------------------------------------------------------------------------- Strategically managing risks and assessing homeland security efforts.--As we reported in September 2011, risk management has been widely supported by Congress and DHS as a management approach for homeland security, enhancing the Department's ability to make informed decisions and prioritize resource investments.\32\ Since DHS has limited resources and cannot protect the Nation from every conceivable threat, it must make risk-informed decisions regarding its homeland security approaches and strategies. Our recent work has found that DHS offices and components have continued to engage in risk management activities. For example, in April 2016, we reported that DHS conducted a risk assessment to characterize risks, threats, current and future trends, and critical uncertainties that will most affect homeland security in the 2015 to 2019 time frame for its second Quadrennial Homeland Security Review--a comprehensive examination of the homeland security strategy of the United States.\33\ However, DHS did not incorporate all elements of a successful risk assessment for its Quadrennial Homeland Security Review. Specifically, DHS did not document how its various analyses were synthesized to generate results, thus limiting the reproducibility and defensibility of the results. In addition, the Quadrennial Homeland Security Review describes homeland security hazards, but does not rank those hazards or provide prioritized strategies. We recommended that DHS improve its risk assessment documentation and prioritize risks to better justify cost- effective risk management strategies. DHS concurred with our recommendations and stated that it will implement them during the 2018 Quadrennial Homeland Security Review. --------------------------------------------------------------------------- \32\ GAO-11-881. \33\ GAO, Quadrennial Homeland Security Review: Improved Risk Analysis and Stakeholder Consultations Could Enhance Future Reviews, GAO-16-371 (Washington, DC: Apr. 15, 2016). --------------------------------------------------------------------------- In addition, our recent work has identified opportunities for DHS components to better strategically manage risks in various programs. For example, in December 2015, we reported that DHS's U.S. Citizenship and Immigration Services (USCIS) and the Department of Justice's (DOJ) Executive Office for Immigration Review (EOIR)--the two agencies that adjudicate asylum applications--have limited capability to detect and prevent asylum fraud and that both agencies' efforts to date have focused on case-by-case fraud detection rather than more strategic, risk-based approaches.\34\ To help ensure fraud prevention controls are effective and appropriately targeted, we recommended that USCIS and EOIR conduct regular fraud risk assessments. DHS and DOJ concurred. DHS indicated that USCIS was in the process of developing a risk assessment tool and implementation plan for completing regular fraud risk assessments, and expected the first assessment to be completed by the end of fiscal year 2017. --------------------------------------------------------------------------- \34\ GAO, Asylum: Additional Actions Needed to Assess and Address Fraud Risks, GAO-16-50 (Washington, DC: Dec. 2, 2015). --------------------------------------------------------------------------- In September 2011, we also reported that limited strategic and program planning, as well as assessment and evaluation to inform approaches and investment decisions, had contributed to DHS programs not meeting strategic needs or doing so effectively and efficiently. For example, we reported that DHS had missed opportunities to optimize performance across its missions because of a lack of reliable performance information or assessment of existing information.\35\ Our recent work has also indicated that strategic and program planning challenges continue to affect implementation of some DHS programs. For example, in April 2015, we identified enhancing oversight of FEMA's Disaster Relief Fund as an opportunity to save millions of dollars.\36\ In December 2014, we found that FEMA's average annual administrative cost percentage (i.e., the percentage of total costs devoted to administrative costs) for major disasters had doubled since fiscal year 1989.\37\ To better control and reduce its administrative costs for major disasters, we recommended that FEMA develop an integrated plan that includes all steps the agency will take, milestones for accomplishing cost reductions, and clear roles and responsibilities, including the assignment of senior officials/offices responsible for monitoring and measuring performance. In response, in December 2015, FEMA developed and issued an integrated plan to control and reduce administrative costs. In addition, in February 2016, Congress passed and the President signed the Directing Dollars to Disaster Relief Act of 2015 into law, which requires FEMA to implement an integrated plan to control its costs and report on progress for the next 7 years.\38\ --------------------------------------------------------------------------- \35\ GAO-11-881. \36\ GAO, 2015 Annual Report: Additional Opportunities to Reduce Fragmentation, Overlap, and Duplication and Achieve Other Financial Benefits, GAO-15-404SP (Washington, DC: Apr. 14, 2015). \37\ See GAO, Federal Emergency Management Agency: Opportunities Exist to Strengthen Oversight of Administrative Costs for Major Disasters, GAO-15-65 (Washington, DC: Dec. 17, 2014). Examples of FEMA administrative costs include the salary and travel costs for the disaster workforce, rent and security expenses associated with field operation locations, and supplies and information technology for field operation staff. FEMA obligated $12.7 billion from the Disaster Relief Fund to cover its administrative costs for the 650 major disasters declared during fiscal years 2004 through 2013. \38\ Pub. L. No. 114-132, 130 Stat. 293 (2016). --------------------------------------------------------------------------- Our other recent work has indicated that further strengthening assessment and evaluation, including using reliable performance information, would better inform DHS approaches and investment decisions. For example, in May 2015, we reported on USCIS efforts to transform its outdated systems for processing the millions of applications for persons seeking to study, work, visit, or live in the United States, into a modern system with electronic adjudication and case management.\39\ We found that USCIS expected the Transformation Program--which was started in 2006--to cost up to $3.1 billion and be fully deployed by March 2019, which is an increase of approximately $1 billion and delay of over 4 years from its initial July 2011 baseline. Further, we found the program's two key governance bodies had not used reliable information to make decisions, and that a key change in the acquisition strategy--the program architecture approach--was made without information on the added costs associated with implementing the change. In our 2015 report we recommended that DHS take actions to improve governance and oversight of the Transformation Program, including re-baselining cost, schedule, and performance expectations; and ensuring that the two key governance bodies are relying on complete and accurate program data to effectively monitor performance. --------------------------------------------------------------------------- \39\ GAO, Immigration Benefits System: Better Informed Decision Making Needed on Transformation Program, GAO-15-415 (Washington, DC: May 18, 2015). --------------------------------------------------------------------------- DHS concurred with these recommendations and has taken some steps to address them, such as approving a re-baseline of cost, schedule, and performance to measure progress going forward; however, DHS needs to take additional actions to improve its performance monitoring data and strengthen management of the Transformation Program. For example, in July 2016, we reported that cost and schedule data reported monthly by the program office to the Department to monitor program performance are not always accurate or present a full picture of the program.\40\ In July 2016, we also reported on the extent to which the Transformation Program is using IT program management leading practices and found that key practices, including performance monitoring-related practices such as ensuring software meets expectations prior to being deployed and defining measureable development outcomes, were not consistently followed. As a result, the program runs the risks that the system will continue to face delays, that the functionality deployed will be of limited quality, and that production issues will delay performance of the system and the processing of filings for citizenship and immigration benefits. To improve program management, in July 2016 we made 12 recommendations, including that DHS review and update, as needed, existing policies and guidance and consider additional controls to help ensure it follows its own policies and leading practices--such as those to monitor performance through the collection of reliable metrics, ensure software meets expectations prior to deployment, and establish outcomes for software development, among others. DHS concurred and described plans to complete actions associated with the recommendations by July 2017. --------------------------------------------------------------------------- \40\ GAO, Immigration Benefits System: U.S. Citizenship and Immigration Services Can Improve Program Management, GAO-16-467 (Washington, DC: July 7, 2016). --------------------------------------------------------------------------- Chairman Perry, Ranking Member Correa, and Members of the subcommittee, this completes my prepared statement. I would be happy to respond to any questions may have at this time. Mr. Perry. Thank you, Ms. Gambler. The Chair now recognizes himself and offers for unanimous consent to have Mr. Higgins, from Louisiana, speak out of turn because he has got a time issue. If anybody has objection to that? All right, so ordered. Mr. Higgins, the gentleman from Louisiana, is recognized. Mr. Higgins. Thank you, Mr. Chairman. Inspector General Roth, thank you for your service to your country, sir. Ma'am, thank you for appearing, as well. Inspector General, the Office of the Inspector General and the Government Accountability Office has named cybersecurity as one of the most serious and complicated challenges facing our country and the Department of Homeland of Security. GAO reported that the Federal Government, including the Department of Homeland Security, needs to implement several cybersecurity initiatives before it can be removed from GAO's high-risk list report. Likewise, your Department reported that the Department of Homeland Security needs to better oversee component cybersecurity and privacy of sensitive information. Cybersecurity is the warfare that goes on around us unseen, and I am quite concerned about it, as are the Members of this committee. Please share with us your view of where we are on that after your efforts as inspector general. What can we do, and is it being done? What can this committee do to help? Mr. Roth. Thank you for the question. You note that it is a very, very difficult task. Really, for the Department of Justice they really have two things. One, they have to secure their own networks, which is a challenge and something that we have looked at time and again. But DHS also has the obligation to secure the entire Federal network, the so-called dot-gov network, as well as working with States and private industry to secure their networks, as well. So they really have three different tasks that they have to do. With regard to the first task, they have been challenged over time. I would estimate or I would assess that it is improving and has improved in the last 3 years. I think the cyber attack or the breach of the Office of Personnel Management, in which all those personnel records were stolen, really served as a wake-up call. So in the last I would say 18 months there has been a cyber sprint, if that is the right word to use, to try to secure the DHS networks in a better way--for example, basic kinds of cybersecurity like two- factor authentication, where you need a specialized card that you plug into your computer as well as a password. The Department historically had very low levels of compliance. Now they are almost at 100 percent. They still have a long way to go, though. For example, there is a thing called an authority to operate, which is functionally like a airworthiness certificate on an aircraft. It is a certification by an objective person--in this case it would be the chief information officer--that the system is locked down according to Government standards. We have found while that number has gone down over time--which is a good thing, fewer systems are operating without an authority to operate--there are still something like 79 systems within the Department of Homeland Security that are not locked down. So it is a constant challenge. Part of the challenge is some of the I.T. equipment is simply old. They are legacy systems that don't have the security built in. So these are constant challenges that they have. I know that GAO has done some work on, for example, EINSTEIN 3 Accelerated, which is the DHS system that is attempting to monitor the dot-gov networks, and I will let GAO talk about that. Mr. Higgins. Ma'am. Ms. Gambler. Similar to the I.G., GAO has identified challenges not just at DHS but across the Federal Government as it relates to cybersecurity, and that is one of GAO's high-risk areas. In fact, it has been on the list since, I believe, 1997, and it is an area where we see not just at DHS but across the board that there is, you know, need for additional attention and progress. With regard specifically to DHS, that is also an area we have identified the need for DHS to continue to work to strengthen its own information system security. Mr. Higgins. Yes, ma'am. There seems to be a little bit of a breakdown in just cyber communications. You had issued a report in January 2016 that ICE computers and USCIS computers were not communicating with each other, and that led to a lack of arrests that should have been made. You know, we are discussing the Department of Homeland Security itself, and the computer systems, and the networks being on a high-risk list. This is quite concerning, and I would encourage my esteemed colleagues on this committee that as we move forward we make it a high priority to focus on cybersecurity. With that, Mr. Chairman, I yield back. Mr. Perry. Chair thanks the gentleman from Louisiana. Chair now recognizes the gentleman from California, the Ranking Member. Mr. Correa. Thank you, Mr. Chairman. Question for Mr. Roth. Statements recently made by our President seem to indicate a lack of appreciation and desire for an independent oversight of the new administration. Question to you, sir: What would you say to critics who believe that the Federal agencies can operate without the work of inspector generals? Please explain the importance of your work. Mr. Roth. Thank you for that question. Yes, I mean, I have been at this job for 3 years, and in that 3 years I have seen a number of different agencies--for example, TSA--in which we have done independent oversight, reported those findings both to the administration but also, for example, this committee and other committees within Congress, and as a result of that have really changed the way that they have done business. We can cite a number of examples, for example, with regard to FEMA, with regard to TSA, with regard to the Secret Service. We are independent oversight--that is, oversight by our office and by the GAO. But also oversight by Congressional committees has assisted in improving operations. So I am a firm believer that independent oversight is a very positive thing for Government to be able to issue public reports that sort-of shine the disinfectant of sunlight on Government operations. I think it is extraordinarily important. Mr. Correa. My further question would be, what do you believe the impact would be if Federal programs were no longer monitored by an independent organization such as yours, sir? Mr. Roth. Well, I think the I.G. principle has proven itself over time. I think across the I.G. community it is something like a 17-1 ratio of--for every dollar spent on the I.G.s we return $17 in savings. That doesn't include the public safety and National security benefits, for example, that you get in oversight of TSA or Secret Service, where there are no monetary benefits but there are very real benefits to the lives and safety of the American people. Mr. Correa. Another question for you, sir. Switching subjects, are you currently or do you have any future plans to investigate allegations of Russian hacking in the U.S. elections this past year? Mr. Roth. I do not, no. Mr. Correa. Thank you very much. I yield the remainder of my time, sir. Mr. Perry. Chair thanks the gentleman from California, the Ranking Member. Chair now recognizes himself. Mr. Roth, just looking at the--there is a whole range of issues and 5 minutes is, as you know, clearly not enough. Ms. Gambler, we could spend all day. But let me just start somewhere that is kind-of close and near and dear to my heart. I live in what is called the Susquehanna Valley, one of the most flood-prone areas east of the Mississippi. Looking at FEMA and the National Flood Insurance Program, where I read that they currently cannot systematically review information on claims by policyholder types to reflect the risks faced by an individual property. This means it can't--FEMA can't look at policy rates at a more meaningful granular level and adjust rates accordingly. Quite honestly, you know, with an organization that is $17.5 billion or $18 billion in debt, you know, looking at the FEMA map issue--I am sure you are well familiar--et cetera, and the policies and the premiums put upon people in these areas, it is fairly insulting. I am just wondering, you know, when they could--if they had a database that worked that would better adjust policy rates for policyholders. Have you taken a look at that? Do you have any idea when that is going to be addressed, that database, either one of you? Ms. Gambler. The National Flood Insurance Program, as you said, is on the high-risk list, and one of the key management issues we have identified with FEMA's oversight of the program relates to the modernization of their I.T. systems to include their claims and policy system. I believe that, based on what is in our high-risk report, that FEMA is moving forward to making some progress to--or is moving forward to take some steps to address the challenges that you identify, Chairman, and we would be happy to follow back up with you and provide any information we have on time frames for that. Mr. Perry. OK. I would appreciate that when you can. Thank you. Since April 2016 USCIS has been accepting paper EB-5 applications, where then the adjudicators process them by verifying applicant information by consulting several different I.T. systems. But what I find interesting is the applications are not scanned in and information that could be useful in identifying program participants linked to potential fraud is not required to be entered. It is not required to be entered into the USCIS' database, i.e. the applicant's name, address, and date of birth. I am just wondering, you know, they say--I guess the plan is that they are going to have something better in 2017, but that is--there is 12 months. A month of that is already shot, a month-and-a-half is shot. Do either of you have any idea of when in 2017? I find this to be an interesting issue, especially when you look at the dollars that go with it and some of the other political ramifications with the EB-5 program. Any idea when they are going to get a solution set in 2017? Mr. Roth. You know, we have looked at the ELIS system over the course of a number of years. I think our first report was in 2005 and we have done I think something like eight or nine reports. It is very much a moving target. We did a report in March of last year in which we set forth what they believe some of their time lines were going to be for introducing sort of automated reports, reports that would be, in fact, scanned in and then cross-referenced. Those deadlines have long since gone. For example, they attempted to automate their N-400, their application process, last year. It overwhelmed and functionally broke the system, so they had to go back to the old paper-based system while they figured out a new way to do this. So I would not commit to any time line with regard to that kind of improvement. Mr. Perry. Certainly we are not asking you to commit. I was just wondering if you knew, and I just think it is astounding in 2017, the paper applications that can't be cross-referenced, vetted, and aren't even scanned in--aren't even bothered to be scanned in at this point. I just find that overwhelming. Let's move on to something quickly, because time is of the essence here. Both OIG and GAO have reported on significant management issues at DHS and its various component--operational components. TSA's list of failures alone in acquiring effective tools is astounding. In your assessment--well, let me just go right to my point, I think. What is the Department Secretary's role in overseeing components' management-related activities? So you got all these different agencies who were thrown together in a hurry. We get it. It is hard. You know, they got their own processes and systems. We have a Secretary. In your opinion, each of you, what is the Secretary's role? What is top management's role regarding all the disparate organizations under DHS? Mr. Roth. Certainly there has been progress made in the last 2 or 3 years under Secretary Johnson's tenure in making an acquisition process that is more rational. For example, they have instituted the Joint Requirements Council, which is--in fact, for the first time--an effort to look at DHS as an entire entity and figure out what the joint requirements are for each piece of acquisition. They have also given more strength to the under secretary for management to ride herd and do oversight over each of the individual components within the Department of Homeland Security. I think most importantly, and what is very encouraging, is legislation that Congress passed in December of this--of last year that creates an under secretary for policy, which I think is going to be a key role in figuring out how it is to make these components, which historically have never worked together, work together in a meaningful way. So I think the--for the first time the DHS upper management, including the Secretary, will have some authority and some teeth to ride herd over the disparate components. Mr. Perry. Quickly, Ms. Gambler. Ms. Gambler. Yes. Mr. Perry. Thank you. Ms. Gambler. Chairman Perry, we would say that top leadership attention at the Department is critical to ensuring effective oversight of acquisition, I.T., and other investments. Across our body of work on investments and acquisitions at DHS one of the key findings we have had is the need for improved oversight and governance of those acquisitions and investments. That relates to things like the human resources; Information technology system; the USCIS transformation program, which Mr. Roth talked about. So across the board it is imperative that top leadership at the Department is involved and overseeing acquisitions and investments through executive steering committees, through the Acquisition Review Board, through the Joint Requirements Council, and so on. Mr. Perry. So just to kind-of wrap it up, what it sounds like to me there is no prohibition. This is top management. This is the Secretary, et cetera, that is in charge, for lack of a better term, of all this stuff, right? To me, when you are in charge you bring your leaders in from your disparate components and you say, ``What are your issues?'' or if they are already identified, ``What is the solution set? What is your time frame? Here is your report back to find out how you have done, and then we go on from there. If you don't complete that--and if you don't complete your mission maybe this isn't your life's work,'' or something like that. That is, I think, what we are looking for. I didn't see or hear anything that you said that precluded that. I will move on and yield. The Chair would now recognize the gentlelady from California, Ms. Barragan. Ms. Barragan. Thank you. This question is for Mr. Roth. Mr. Roth, it has been reported that DHS personnel, including Border Patrol officers, faced a great deal of confusion when the President initiated the Executive Order instituting the travel ban on the seven Muslim-majority countries. In fact, Members of Congress, like myself, showed up at airports, were redirected, ignored, didn't get any answers. This happened across the country seeking information. Did anybody within your Department complain about the lack of guidance that resulted from this Executive Order? Mr. Roth. We have started an inquiry with regard to that, an investigation as to CBP's implementation of the Executive Order. It is really in two parts. No. 1, how was the Executive Order implemented? What were the communications like? How was it communicated? In addition to the various court orders that were coming down at various times during the implementation of that. Basically, how was the Executive Order executed? Then as a separate matter we are looking into specific allegations of misconduct with regard to various CBP or other DHS personnel. So that is on-going right now. We are conducting interviews and looking at documents, and hopefully we will have a report or some kind of conclusion in the near term. Ms. Barragan. Do you know if any--do you happen to know if any employees complained about the roll-out? Mr. Roth. As I said, right now it is on-going so we are getting the kinds of information that ultimately we will be able to report out, but I don't have any information to share at this point. Ms. Barragan. OK. Do you have any information on what this may have done to employee morale? We heard a minute ago Ms. Gambler talk about the need to increase employee morale. Do you have any information on what the--what I call the botched roll-out of this may have done to employee morale? Mr. Roth. I do not at this point. As I said, we will continue to look at this issue and then hopefully we will have some answers for everyone. Ms. Barragan. OK. I wanted to follow up on what one of my colleagues was asking about earlier. My understanding is Secretary Kelly and President Trump have contradictory viewpoints on the role of the Office of the Inspector General and Government Accountability Office. You know, e-mails from the Trump transition team instructed the transition team leaders to, ``reach out and inform the inspectors general and their agents that they are being held over on a temporary basis,'' and that they should seek out other employment. Inspector general by tradition have been open-ended appointments, regardless of party that controls the White House. Do you plan on investigating how these sudden and unprecedented changes in authority are impacting the Department of Homeland Security? Mr. Roth. I am not. I received one of those calls prior to the transition. That got worked out to my satisfaction. I was told that, in fact, I would be allowed to stay. As far as I am concerned, I am moving forward in the kind of aggressive, independent oversight that I have done in the last 3 years. So I don't have any intention of investigating that. As far as I am concerned, it is over. Ms. Barragan. OK. My understanding was you testified a minute ago about how Congressional oversight has been important in helping the efficiency at DHS. Is that correct? Mr. Roth. Yes, absolutely. Ms. Barragan. So I really appreciate that you said that because I cannot think of a more important time on them needing Congressional oversight than with this administration. I sometimes feel as though we get an order and the President is challenging that somebody go tell him he can't do something, as opposed to consulting in advance and making sure it is something that can be done. Do you have any thoughts on this theory that maybe Congress--in particular, this committee, Homeland Security-- should hold hearings after Executive Orders are conducted within maybe 15 days? Mr. Roth. I can only reflect on my own experience, which has been, you know, examination of the programs and operations of DHS by both Congress and the inspector general is a healthy thing. That is the only thing I can talk about. Ms. Barragan. Ms. Gambler is there anything you would like to add? Ms. Gambler. I think we would just add, as it relates specifically to the high-risk list, for example, our comptroller general testified yesterday with the issuance of the high-risk reports and just talked about the helpful role that Congress can play in holding hearings and conducting oversight related to, like, the high-risk areas, for example. Ms. Barragan. Great. Thank you. I yield back. Mr. Perry. Chair thanks the gentlelady. The Chair recognizes the gentleman, Mr. Ratcliffe, the gentleman from Texas. Mr. Ratcliffe. Thank you, Mr. Chairman. I want to start out, follow up on the line of questioning by my colleague from Louisiana, Congressman Higgins, on the issue of cybersecurity. It is certainly not a surprise, I think, to any of us that both OIG and GAO have named cybersecurity as one of the most serious challenges that DHS faces. As the Chairman of the Cybersecurity and Infrastructure Protection Subcommittee I am of the opinion that it is perhaps our greatest National security issue at this time. With all of the focus on our physical borders, I believe that perhaps the invasion of our digital borders presents a more daunting, more pressing, and more difficult challenge for all of us. I want to start with you, Ms. Gambler. I had the chance, in preparing for this hearing, to review the GAO's high-risk reports both for 2015 and 2017, where GAO recommended specific changes that should be adopted with respect to the security of Federal information systems and critical cyber infrastructure. I noticed in there that you have got some 1,000 open information security-related recommendations that are noted. I am not going to ask you to prioritize those, but I am curious: Does GAO plan to examine the relationship between the extent of information security activities at each department and agency and the associated number of information security incidents? Ms. Gambler. So I am not GAO's cybersecurity expert. I would be happy, sir, to take that back and get you a response for the record. Mr. Ratcliffe. OK. Well, I guess the reason I ask the question is sometimes it is easy to identify the problem but we need to be helpful in terms of providing solutions. It would seem to me that that would provide a valuable performance metric by which DHS might be able to approach some of these challenges. Ms. Gambler. I would be happy to take that back, sir. Mr. Ratcliffe. OK. I didn't see it in the report, but are there any current practices for obtaining metrics in the cybersecurity are that you think that DHS ought to consider? Or is that something you would just prefer to circle back on? Ms. Gambler. We can definitely circle back and get you some specifics for the record, but we--I would say, as I had reflected earlier, that it is also important for DHS to focus on its own information system securities, as well, and so that is an important piece of identifying some of the high-risk areas that we have identified. Mr. Ratcliffe. OK. I am going to shift to the inspector general here in a second, but--because I heard him mention--you mentioned the six challenges, and you mentioned cybersecurity as one of them. I want to know if you prioritize those at all. But before I do I want to give, Ms. Gambler, you a chance. Was any prioritization done with respect to where DHS, from the GAO's perspective, is weakest with respect to its management at this point in time? Ms. Gambler. In terms of overall management, we would identify three key areas where we think DHS needs to focus its attention. One is in acquisition management, to ensure that its programs are on track to meet cost, schedule, and performance expectations; No. 2, within the financial management area DHS needs to give attention to modernizing its financial management systems and making more progress there; and then No. 3, within the area of human capital management we would like to see DHS focus a little more on addressing employee morale issues. Mr. Ratcliffe. OK. So thank you. Inspector General, let me give you a chance to comment on my question, in terms of prioritization. Mr. Roth. Well, certainly it has been a priority for us to ensure that we take a look at how DHS is handling its own networks, both its Classified networks and its normal sort-of Sensitive but Unclassified networks. We do every year the Congressionally-mandated annual review, the FISMA, Federal Information Security Management Act review, and we are able to sort-of log exactly how the Department is doing every year. I would say that for--last year there was a fairly significant improvement, but in years previous it was sort-of plateaued or in a rut. So I really do think that the--there was a sense of urgency in the last year that probably hadn't been present before. I look back at some of the high-profile hacks, for example, the one at OPM that I think created a sense of urgency within OMB that then drove it down into the various departments. So I would give them better marks this year than I have in the past, but there is still a long way to go. Mr. Ratcliffe. Terrific. I see my time is expired, but I do want to relay to the inspector general there was some speculation here about your tenure, the length of your tenure. I did want to state for the record that I wanted to commend you for your performance, whatever your tenure may be in your respective role. Oversight has at times been a challenge over the last couple of years, but in terms of your oversight with respect to DHS and this committee, I have nothing but praise for you and I have heard nothing but praise for you from other Members of this committee. So I thank you for your service and hope that it is a continued service. Mr. Roth. Thank you for that. Mr. Ratcliffe. With that, Mr. Chairman, I yield back. Mr. Roth. Thank you. Mr. Perry. Chair thanks the gentleman from Texas. The Chair thank--correction, the Chair recognizes the gentlelady from New York, Miss Rice. Miss Rice. Thank you, Mr. Chairman. Mr. Roth, just minutes ago the President defended leaks that we saw during the campaign season and condemned leaks since he was sworn in. I think everyone on this committee has long valued the role that whistleblowers play in protecting the Federal Government from waste, fraud, abuse, inefficiency, mismanagement. But we have heard several members of the administration, including the President himself, complain about what he calls ``leaks'' from within Federal agencies. What concerns me about this--and this is my question to you--is it is not just an issue of semantics; it is not ``I say leaks, you say whistleblower.'' This rhetoric by the President of the United States, I believe, can have a chilling--could have a chilling effect on whistleblowers in--I am speaking here specifically within DHS, but anywhere, for that matter, in any Federal agency, from coming forward when they see something that is not right. Now, I know that--and I don't know if you are speaking to any people who were what I would call whistleblowers during the rollout of the Executive Order, the travel ban, saying, ``The place is a mess. We are not getting any direction. We need help.'' How do you feel about this issue? You know, whistleblower, leak--I mean, I think most people would agree that if they were working for a Federal agency they would worry about coming forward, especially when the President is talking about these so-called ``leakers,'' they should face criminal charges. So what do you say about that? Mr. Roth. Well, it is never a leak to come to the inspector general. Regardless of the level of classification of the material, the Whistleblower Protection Act has a safe harbor that any individual who is a contractor or employee of the Department of Homeland Security has the right--and, in fact, the obligation--to inform the inspector general of gross mismanagement; gross waste; violation of law, regulation, or policy. We encourage people to do that. Just this week we sent an e-mail to all 250,000 or 235,000 employees of the Department of Homeland Security reminding them of, No. 1, their obligation to report those kinds of things; and No. 2, their protections under the Whistleblower Protection Act, that they are, in fact, protected from retaliation. We do have a very vigorous program in which we will investigate allegations of retaliation. In other words, if somebody appropriately blows the whistle--that is, discloses information in the appropriate way--we will protect those individuals from any kind of retaliation or personnel action as a result of those disclosures. Miss Rice. Well, I think that I would ask that you--and I would echo what my colleague, Mr. Ratcliffe, said about your performance. I would encourage you to make that known so that people at least within the agencies that you--agency that you oversee understand that and understand that they have a protection even though there is a President who is saying things that might indicate to the contrary. You discussed challenges that DHS was facing in executing the Executive Order because it, I believe, directed the Department to hire an additional 5,000 Border Patrol agents and 10,000 ICE officers. Since you have recently finished an audit detailing the DHS's slow hiring process, how is the Federal hiring freeze going to affect this what you have already--what you have determined to be an already very lengthy process-- hiring process? Mr. Roth. As I understand it, the Executive Order exempts positions that are either National security or public safety. The Department has a process to determine basically position- by-position what is exempted and what is not exempted. We will certainly look at that in the course of our review of this program. Miss Rice. Thank you. Thank you, Mr. Chairman. I yield back. Mr. Perry. Chair thanks the gentlelady. We are going to try a second round. We are expecting votes momentarily, but if we can do 3 minutes we are going to proceed, and then when we have to end it we will end it. So I will recognize myself for 3 minutes. Regarding asylum fraud, the GAO reported that DHS's U.S. Citizenship and Immigration Service's and the Department of Justice's Executive Order--Office for Immigration Review, or the EOIR, have limited capabilities to detect asylum fraud, which GAO concluded may affect the integrity of the asylum system. GAO also reported that neither DHS nor the Department of Justice had assessed fraud risk across the asylum process. Since this review was not completed by the last administration it is safe to say that illegal immigrants who provided fraudulent information to the U.S. Government may-- may--have been granted asylum. Does this point need to be--does this point to the need for enhanced vetting of the asylum applicants? Ms. Gambler. Ms. Gambler. Yes, thank you, Chairman. In that report we made a number of recommendations to DHS and USCIS to strengthen their ability to detect and address fraud in the asylum process. Among the recommendations we had were that they needed to do a better fraud risk assessment so that they could, you know, get a sense of what the risk tolerance is that you want to have in the asylum fraud program. We also pointed to the need for additional tools for detecting and addressing fraud in the process and the need for additional training, among other things. Mr. Perry. So do you know, then, does the DHS have plans to review those risks or ones across the entire spectrum of their process? Ms. Gambler. DHS did concur with the recommendations that we had in the report and identified plans to be responsive to our recommendations. Mr. Perry. Do you have any idea of the time line for addressing a solution set? Has anything--that been fleshed out yet? When can we expect an answer? Ms. Gambler. Yes. They have been working toward addressing some of the recommendations in the report. Be happy to follow up and give you more specific time frames for the record. Mr. Perry. All right. As you know, that is an important issue, as well, so I would appreciate that. Ms. Gambler. Absolutely. Mr. Perry. With that, the Chair now recognizes the gentleman, the Ranking Member, Mr. Correa. Mr. Correa. Thank you, Mr. Chair. Just a very quick question regarding the civilian hiring freeze implemented by the President. As of February 9 specific guidance has yet to be issued on how DHS will implement the provisions of that hiring freeze. Given critical areas such as our colleague from Texas was pointing to cybersecurity, any thoughts on what this hiring freeze--how that will impact our National security? Ms. Gambler. We haven't specifically looked at that issue yet. One of the things that we have pointed out, though, within the DHS management high-risk area is that the Department does need to do a better job of assessing what their human capital needs are in a number of areas, including acquisition and I.T. management. So as DHS moves forward in making those assessments we would say that that would be an important part of the consideration. Mr. Correa. Just a quick follow-up question, Mr. Chair. So we have got to go back and figure out what we need in the first place and try to figure out where the holes are at? Ms. Gambler. In certain management areas, yes, we have reported that DHS needs to do--could strengthen its processes for assessing the staff it needs. Mr. Correa. Including in the areas of cybersecurity? Ms. Gambler. Related to, yes, acquisition, I.T., yes. Mr. Perry. Does the Ranking Member yield? Mr. Correa. I yield. Mr. Perry. So, you know, just in closing here, you know, 282 days to hire a Border Patrol agent. That is astounding and I think that if most civilian organizations saw that, I mean, most people aren't going to wait around for a month once they provide application and know that they might be considered. I mean, people gotta move on with their life. I am hoping that you are going to provide some recommendations for shortening that time line. I mean, even half of that is twice as much as it should be. I mean, it should be some reasonable amount of time. But with that, I want to thank the witnesses for their valuable testimony and the Members for their questions. For my part, Mr. Roth, Ms. Gambler, we are always happy to see you. Thank you for your valuable service and professional service, and we hope we continue to see you long into the future. Members may have some additional questions for the witnesses and we will ask you to respond to these in writing. Pursuant to committee rule VII(D), the hearing record will remain open for 10 days. Without objection, the subcommittee stands adjourned. [Whereupon, at 2:59 p.m., the subcommittee was adjourned.] A P P E N D I X ---------- Questions From Chairman Scott Perry for John Roth February 16, 2017 Question 1a. This subcommittee has a long-standing track record for proposing bipartisan management reform legislation to streamline DHS bureaucracy. In January 2017, the House unanimously passed the Stop Asset and Vehicle Excess Act (SAVE Act) aimed at improving DHS's ability to manage its vehicle fleets, which was based off of a body of important work done by the OIG. What additional authorities are critical to ensuring the Department improves its management functions to ensure that taxpayer dollars aren't wasted? Question 1b. Would legislation, such as that previously introduced by Members of this subcommittee related to acquisition management, help DHS improve management and outcomes of programs? Answer. DHS OIG would support legislation that codifies existing DHS policy and relevant offices relating to acquisitions; provides the necessary authority for key personnel and mechanisms within the Department to effectively manage major acquisition programs; reinforces the importance of key acquisition management practices, such as establishing cost, schedule, and capability parameters; and includes requirements to better identify and address poorly performing acquisition programs. In addition to the SAVE legislation, which we believe would be very beneficial, the committee recently proposed legislation intended to reform acquisition programs within DHS by expanding certain DHS officials' authority and responsibility for acquisition management, requiring DHS to develop a multi-year acquisition strategy, and authorizing the Department to expand its use of acquisition innovation.\1\ We support legislative efforts like these, and believe they could have a beneficial impact. --------------------------------------------------------------------------- \1\ See H.R. 1249, 115th Cong. 1 (2017); H.R. 1252, 115th Cong. 1 (2017); and H.R. 1365, 115th Cong. 1 (2017). --------------------------------------------------------------------------- Question 2a. DHS has not done enough to address chronic employee morale issues across the Department, as both the OIG and GAO have recently reported. To what extent does DHS know what the root causes are behind poor employee morale? Question 2b. What risks does dismal employee morale pose to the Department? Answer. DHS is the third-largest Federal agency and its employees serve a variety of missions critical to the security of our Nation. The public relies on DHS to keep America safe, from ensuring the security of the Nation's transportation systems to the security of our borders. To achieve its mission, it is vital that DHS employ and retain a high- caliber workforce. But low-employee morale and a dysfunctional work environment have plagued the Department since its inception, negatively impacting DHS's recruiting and retention efforts. DHS OIG has performed work aimed at helping to identify for the Department many of the root causes contributing to low morale. As we reported in November 2016, these issues appear to be connected to challenges we repeatedly identify: The Department's failure to develop, implement, and widely disseminate clear and consistent guidance; a lack of communication between staff and management; and insufficient training.\2\ DHS has also had problems determining how to assign staff appropriately and hiring and retaining enough people to handle a reasonable workload while maintaining a work-life balance. At times, DHS employees' jobs are made more difficult by the lack of needed support, such as useful IT systems and up-to-date technology. --------------------------------------------------------------------------- \2\ Major Management and Performance Challenges Facing the Department of Homeland Security, OIG-17-08 (November 2016). --------------------------------------------------------------------------- To address these issues, Department leadership must sustain its focus on addressing employee morale in order to fulfill its important mission of protecting and securing our Nation successfully. Questions From Ranking Member Bennie G. Thompson for John Roth Question 1a. Secretary Kelly has defended President Trump's Executive Order (EO) on immigration, but stated before this committee that he does not believe the roll-out should have happened so quickly, specifically saying the EO should have been delayed ``just a bit'' so that Members of Congress could be prepared. There are also conflicting reports on Secretary Kelly's involvement with the EO prior to the roll- out. Please describe for the subcommittee how conflicting messages related to the EO may negatively affect the DHS workforce. Question 1b. In an agency already plagued with management issues, is DHS leadership sending the right message when it comes to the EO and its implementation, especially knowing many employees lacked clarity and information about the implementing the order? Answer. In response to Congressional requests and whistleblower and OIG Hotline complaints, we announced in February 2017 that our office had initiated a review of DHS's implementation of the EO, ``Protecting the Nation from Terrorist Entry into the United States by Foreign Nationals.'' The scope of our review is focused on the manner in which the EO was implemented by the Department--from the time the EO went into effect until it was stayed by Federal court order. The review will address the effect on employees engaged in the work, but it is too early to assess the broader impact on employee morale. At the culmination of our review, we will provide a final report to Secretary Kelly, the Congress, and the public. Question 2. According to the DHS website, there are 54 positions at the Department for ``senior leaders.'' As of February 9, 24 of those positions are filled by individuals in an acting capacity, and 14 are vacant. Based on your research of the Department, what impact do these vacancies and temporary leadership have on sound management practices and reform efforts at the Department? Answer. Our office has not done any work on the effect of vacancies on the overall functioning of an office. However, based on personal experience, I know it is important to quickly fill leadership positions, particularly in a National security agency such as DHS. Question 3. IG Roth, were you contacted last month by the Trump Transition Team to discuss your employment status as inspector general? When, if at all, were you made aware of the email circulated to the transition team regarding the temporary employment status of inspectors general? Answer. I was contacted on the evening of January 13, 2017 by the head of the DHS transition team and informed that I would continue to serve as DHS Inspector General only on a ``temporary'' basis following the inauguration. I was encouraged to look for alternative employment. I received a subsequent phone call on January 18, 2017 rescinding the earlier message and notifying me that I would be permitted to stay. I learned of the existence of the email instructions on January 17, and received a copy of the email from another inspector general shortly thereafter. Question 4. IG Roth, in the past the DHS workforce has stated that they do not trust their management, particularly citing concerns of retaliation. What areas should DHS leadership focus on in order to restore faith in the DHS workforce? Answer. The Department continues to rank last among large agencies in employee engagement and continues to suffer poor employee morale and a dysfunctional work environment. It is imperative that DHS leadership take all steps necessary to strengthen esprit de corps. The Partnership for Public Service has made recommendations to improve employee morale and engagement within DHS, including: Holding executives accountable for improving employee morale; Partnering with employee groups to improve working relationships; Designing and executing short-term activities to act on employee feedback and contribute to a potential long-term culture change; Developing and committing to shared organizational values and aligning agency activities and employee interactions to those values; Increasing transparency and connecting employees to the mission, the Department, and their co-workers; and Investing in and developing employees through leadership and technical training and by providing mentoring. Each of these steps requires a commitment from leadership, which involves constant attention to measuring employee engagement and implementing programs to improve morale. It also requires the leadership to publicly commit to workforce engagement. Beyond improving employee engagement, the Department can make significant strides in restoring the workforce's faith in its leadership by openly and actively supporting the important oversight function played by the OIG with respect to whistleblower protection. We have raised our profile within DHS as the entity to which whistleblower complaints are reported, and with effective results. It is our duty to protect these individuals from being retaliated against as a result of stepping forward and we remain committed to empowering and protecting agency whistleblowers. The Department has an important role to play in supporting our work, from publicizing the OIG hotline, to training supervisors and employees on whistleblower protections, to providing complete and timely cooperation to OIG investigators, auditors, and inspectors. The Department's unequivocal commitment to facilitating OIG oversight--voiced from the top down--is a critical step in earning back the trust of the DHS workforce. Question 5a. IG Roth, please describe for the subcommittee your role and responsibilities as it relates to oversight and investigation of the Department of Homeland Security. Can you please provide an example of information you uncovered about the Department, which led to money being saved, an employee being protected, and/or any other positive outcome? Question 5b. What do you believe the impact would be to DHS if your role were diminished in any way? Answer. Inspectors general play a critical role in fostering positive change in an agency. During my tenure as inspector general for DHS, I have witnessed three agencies--FEMA, TSA, and the Secret Service--that have had to confront the necessity of changing the manner in which they do business. It is a wrenching process that no agency would undergo voluntarily. Change in a bureaucracy happens as a result of three things: A dramatic intervening event, followed by intense scrutiny of agency programs and operations, and a resultant leadership commitment to change. Independent oversight by both the inspector general and Congress is a critical and necessary ingredient to positive, constructive change. For example, FEMA's approach to disaster response changed only after Hurricane Katrina revealed the shortfalls in its operations, consistent IG and Congressional scrutiny brought further analysis to the problem, and the administration and FEMA leadership committed to change the manner in which FEMA responded. As we saw in the Superstorm Sandy response, FEMA has dramatically improved its response operations. TSA was likewise confronted with the need to change as a result of dramatic and troubling shortfalls discovered by our covert testing program, as well as other OIG reports about deficiencies in TSA's judgment of risk in relation to expedited screening, vetting airport employees, and managing the access badge program. It was only through IG oversight, oversight by this and other Congressional committees, and TSA's then-new leadership strongly embracing the message, that TSA at last publicly acknowledged the need for change and started the long road to becoming a more effective organization. Finally, the well-publicized protective failures by the Secret Service resulted in hearings and investigations by Congress, by my office, and by the independent Protective Mission Panel. This oversight resulted in an excruciating process of examination and self- examination, which is by no means over, about the manner in which the Secret Service does business. As a result, the Secret Service has taken steps to fix some of the systemic issues that have plagued the agency over time.\3\ --------------------------------------------------------------------------- \3\ The Secret Service Has Taken Action to Address the Recommendations of the Protective Mission Panel, OIG-17-10 (November 2016). --------------------------------------------------------------------------- Oversight makes Government better and fosters positive change. The critical and skeptical review of programs and operations, both by the inspectors general and by Congressional oversight committees, acts as the ``disinfectant of sunlight'' to ensure a more efficient Government. It works in conjunction with the Inspector General Act's requirement that IGs keep Congress fully and currently informed of problems, abuses, and deficiencies within the Department. Moreover, our efforts to promote efficiency and ferret out fraud, waste, and abuse help streamline DHS programs and operations, prevent wasteful spending, and ensure that DHS operates efficiently, effectively, and with integrity. Any diminishment of our work can be expected to result in an increase in program inefficiency and ineffectiveness. Question 6a. What work does the OIG have planned to audit activities in the area of ``Unity of Effort'' and employee morale and engagement, whether Department-wide or specific to a DHS component, during 2017? What types of management and performance audits, if any, does the OIG typically conduct in the period of transition to a new administration and what are examples of such audits currently under way or planned? Question 6b. What concerns should the subcommittee be aware of as it relates to a change in administration, particularly regarding employee morale? Answer. In 2017, a portion of our work will focus on DHS's acquisition management, an area where increased ``Unity of Effort'' would pay dividends for the Department. Since its inception in 2003, DHS has spent tens of billions of dollars annually on a broad range of assets and services--from ships, aircraft, surveillance towers, and nuclear detection equipment to IT systems for financial management and human resources. However, the Department's lack of uniform policies and procedures, a dedicated core of acquisition professionals, as well as component commitment to adhere to Departmental acquisition guidance, adequately define requirements, develop performance measures, and dedicate sufficient resources to contract oversight has resulted in inefficiencies and wasteful spending. In 2017, our audit work will evaluate DHS's progress in the area of acquisition management, with an emphasis on ``Unity of Effort.'' For instance, we have opened an audit to determine whether the Department and its components effectively identify capability needs for all levels of acquisitions prior to obtaining goods and services. Beyond acquisition management, our work in 2017 will look at ``Unity of Effort'' in other areas as well. For instance, we have on- going work to determine whether DHS fosters collaboration and unity of effort Department-wide to enforce and administer immigration policy. We are also evaluating the extent to which DHS's Joint Task Forces effectively coordinate DHS assets and personnel, and whether they achieve expected results. With a new administration, the Department will face new responsibilities. We understand the significant investment the Department will be making to satisfy its obligations under the multiple President Executive Orders. We are currently finalizing a report that will address lessons learned from the Department's prior Secure Border Initiative and other relevant acquisitions related to securing our borders. We expect to issue this report in early April. Subsequently, we plan to review U.S. Customs and Border Protection's comprehensive study of the security of the Southern Border that the Executive Order requires be completed within 180 days of the date of the Executive Order. Future audits will address the planning, designing, acquisitions, and construction phases of the Southern Border barrier. Similarly, the Department will face a number of challenges in executing the President's Executive Orders directing the Department to hire an additional 5,000 Border Patrol Agents and 10,000 immigration officers. As with the acquisition area, I have initiated the first in a series of audits to further review the Department's human capital strategies and management capabilities to ensure the Department can quickly and effectively hire a highly-qualified and diverse workforce. Our first engagement will compile and review open-source literature, other government reports, and prior work of our office to help the Department and its components avoid previously-identified poor management practices and their negative impacts. Subsequent audits will address the collateral impact hiring 15,000 agents and officers will have not only on other Departmental components, but also on other Federal agencies. Question 7. IG Roth, in your November 2016 report on DHS Management, you state that in the last 3 years, DHS leadership has taken positive steps to forge multiple components into a single organization. Further, you state new policies and directives have been created to ensure cohesive planning and execution, including ensuring a joint requirements process. What role do you feel these new programs and initiatives, such has Unity of Effort, have in the future of the Department? Are there any concerns the Department should keep in mind if the new administration elects to eliminate these new programs and initiatives? Answer. I believe that the steps the prior leadership took to increase Unity of Effort were very important, and extended over a number of areas of the Department's operations. These have benefited the Department and created efficiencies and synergies that would not have otherwise existed. However, the key to maintaining these improvements is constant vigilance and effort to ensure that the Department moves forward as a single entity. To do otherwise will result in a return to DHS consisting of a number of siloed organizations, each operating independently of each other. Question 8. DHS employee morale has been a major concern and focus of this subcommittee. DHS improved in employee engagement and survey participation this year, but still has a ways to go. What areas can DHS management improve upon as it relates to bettering the front-line workforce's morale, particularly at agencies such as TSA and the Secret Service, which rank the lowest? Answer. As I indicated in my answer to question 4 above, there are a number of steps that the Department can and should take to improve morale. The first is a public commitment from the leadership to prioritize and promote workforce engagement. Next is a commitment to fostering an environment conducive to high employee morale--i.e., an environment where transparency, constructive feedback, education and training, mentorship and sponsorship, and professional development opportunities are provided and encouraged. Question 9. The OIG, like the rest of DHS, is operating both under a continuing resolution and a hiring freeze. What has been the impact, whether realized or expected, of any budget or hiring constraints on the capacity of the OIG to perform management and performance audits? Answer. Section 6(a)(5) of the Inspector General Act states that inspectors general are to be treated as independent entities for purposes of staffing and training, and OMB Memorandum M-17-18, Federal Hiring Freeze Guidance, dated January 31, 2017, further clarified that ``in the case of an Inspector General's (IG) office, the Inspector General is considered the agency head for the purposes of determining which positions in the IG office are exempt'' from the freeze. Exercising my authority as an agency head under the Presidential Memorandum entitled ``Hiring Freeze,'' I have determined that none of the OIG positions that are currently open are subject to the hiring freeze given the critical role the OIG plays in ensuring that the National security and public safety operations and programs administered by DHS are run effectively and efficiently. However, operating under a Continuing Resolution has hampered our ability to grow to the level that the Department, OMB, and Congress have deemed appropriate to allow us to accomplish our critical mission. This level requires approximately 80 additional full-time employees. Moreover, based on the fiscal year 2018 budget blueprint recently released by President Trump, it appears that our budget is, in effect, being cut to below fiscal year 2016 levels. This will necessarily limit the amount of work we can do, which calls into question whether we will be able to address many of the important issues this subcommittee has raised. The Brookings Institute's Center for Effective Public Management has analyzed the financial impact on Government when OIGs' budgets are cut and found that cuts to OIG budgets actually cost the Government money and contribute to the Federal deficit.\4\ Notwithstanding the President's budget blueprint, we are hopeful that Congress will approve a budget that reflects the value and importance of the function we provide. --------------------------------------------------------------------------- \4\ John Hudak and Grace Wallack, Sometimes Cutting Budgets Raise Deficits: The Curious Case of Inspectors' General Return on Investment, Brookings Institute (April 2015). --------------------------------------------------------------------------- Questions From Chairman Scott Perry for Rebecca Gambler Question 1a. This subcommittee has a long-standing track record for proposing bipartisan management reform legislation to streamline DHS bureaucracy. In January 2017, the House unanimously passed the Stop Asset and Vehicle Excess Act (SAVE Act) aimed at improving DHS's ability to manage its vehicle fleets, which was based off of a body of important work done by the OIG. What additional authorities are critical to ensuring that the Department improves its management functions to ensure that taxpayer dollars aren't wasted? Answer. GAO has not identified any additional authorities needed to ensure that the Department of Homeland Security (DHS) improves its management functions, but the Department should leverage the authorities it has to continue its progress. Question 1b. Would legislation, such as that previously introduced by Members of this subcommittee related to acquisition management, help DHS improve management and outcomes of programs? Answer. While the legislation introduced, such as the Reducing DHS Acquisition Cost Growth Act (H.R. 1294), would codify some actions that are already included in DHS acquisition policy, such legislation could also increase the oversight and accountability of DHS major acquisition programs. Question 2a. DHS has not done enough to address chronic employee morale issues across the Department, as both the OIG and GAO have recently reported. To what extent does DHS know what the root causes are behind poor employee morale? Answer. In fiscal year 2012, we reviewed and reported on actions DHS took to address the morale of its employees.\1\ We reported, among other things, that DHS had taken steps to understand morale problems, such as holding focus groups, implementing an exit survey, and routinely analyzing the results of the Office of Personnel Management (OPM) Federal Employee Viewpoint Survey--a tool that measures employees' perceptions of whether and to what extent conditions characterizing successful organizations are present in their agency. However, we found that the DHS Office of the Chief Human Capital Officer (OCHCO) and DHS components could improve their efforts to determine root causes of morale problems. We recommended that OCHCO and component human capital officials examine their root cause analysis efforts and, where absent, add the following: Comparisons of demographic groups, benchmarking against similar organizations, and linkage of root cause findings to action plans. --------------------------------------------------------------------------- \1\ GAO, Department of Homeland Security: Taking Further Action to Better Determine Causes of Morale Problems Would Assist in Targeting Action Plans, GAO-12-940 (Washington, DC: Sept. 28, 2012). --------------------------------------------------------------------------- As of February 2017, DHS OCHCO officials and supporting documentation indicate that DHS has taken some actions to incorporate these techniques. Specifically, as of December 2016, officials provided copies of DHS's fiscal year 2016 Component Employee Engagement Action Plans that components tailor for their own employee engagement and outreach. We reviewed the action plans and spoke with DHS OCHCO officials to determine the extent to which the action plans addressed our recommendation. Several action plans we reviewed included evidence of utilizing the three survey analysis techniques we recommended, while other action plans did not include evidence of utilizing some or all of the techniques. For example, components whose action plans fully address the recommendation include: U.S. Customs and Border Protection (CBP), Federal Emergency Management Agency (FEMA), U.S. Immigration and Customs Enforcement (ICE), and the Transportation Security Administration (TSA). Components whose action plans partially address the recommendation are: U.S. Citizenship and Immigration Services (USCIS), U.S. Coast Guard (USCG), and U.S. Secret Service (USSS). In contrast, the National Protection and Programs Directorate's (NPPD) action plan did not address any of the three survey analysis techniques. According to DHS OCHCO officials, while OCHCO developed a checklist that components could consult when creating action plans to address employee survey results, senior management decided not to require that components use the checklist in developing their action plans as it may limit their freedom to develop their goals and plan. To fully address the recommendation we made and thereby strengthen DHS's evaluation and planning process for addressing employee morale, DHS OCHCO officials need to continue to provide documentary evidence of demographic analysis, benchmarking, and root cause linkage efforts completed for components that have not fully addressed the recommendation in their action plans. DHS OCHCO officials agreed with our analysis and reiterated their efforts to fully implement this recommendation. Question 1b. What risks does dismal employee morale pose to the Department? Answer. DHS employee concerns about job satisfaction are one example of the challenges the Department faces in implementing its mission to protect the security and economy of our Nation. We have previously reported that successful organizations empower and involve their employees to gain insights about operations from a front-line perspective, increase their understanding and acceptance of organizational goals and objectives, and improve motivation and morale.\2\ In January 2003, we designated the implementation and transformation of DHS as high-risk, including its management of human capital, because it represented an enormous and complex undertaking that would require time to achieve in an effective and efficient manner, and it has remained on our high-risk list since that time. In our 2017 high-risk report, we found that DHS still had considerable work remaining to address employee morale, and that employee morale issues had contributed to management challenges that hinder the agency's ability to achieve its mission.\3\ --------------------------------------------------------------------------- \2\ GAO, High-Risk Series: Strategic Human Capital Management, GAO- 03-120 (Washington, DC: January 2003). \3\ GAO, High-Risk Series: Progress on Many High-Risk Areas, While Substantial Efforts Needed on Others, GAO-17-317 (Washington, DC: Feb. 15, 2017). --------------------------------------------------------------------------- Questions From Ranking Member Bennie G. Thompson for Rebecca Gambler Question 1. Cited in the high-risk report is the necessity for DHS to identify workforce needs and address deficiencies within acquisition personnel, who oversee and manage contracts that have become increasingly expensive and complex. What impact do you anticipate President Donald Trump's Federal Hiring Freeze Executive Order will have on DHS's ability to remain consistent with this recommendation, particularly regarding our ability to address areas of critical need via the workforce? Answer. GAO has not looked at the effects of the 2017 Federal Hiring Freeze Executive Order on DHS's ability to assess and address whether appropriate numbers of trained acquisition personnel are in place at the Department and component levels. However, GAO has previously reported on the effects of Government-wide hiring freezes, and found they are not an effective means of controlling Federal employment. In March 1982, we reported that because Government-wide hiring freezes did not account for individual agencies' missions, workload, and staffing requirements, they disrupted agency operations and, in some cases, increased costs to the Government.\4\ Specifically, we found that because such hiring freezes disregarded agency workload requirements and did not cover all personnel resources used by the Government, they created an incentive for managers to use alternative sources of labor. Any potential savings produced by these freezes would be partially or completely offset by increasing overtime, contracting with private firms, or using other than full-time permanent employees. We concluded that improved workforce planning and use of the budget as a control on employment, rather than arbitrary across-the-board hiring freezes, is a more effective way to ensure that the level of personnel resources is consistent with program requirements. --------------------------------------------------------------------------- \4\ GAO, Recent Government-Wide Hiring Freezes Prove Ineffective in Managing Federal Employment, FPCD-82-21 (Washington, DC: Mar. 10, 1982). --------------------------------------------------------------------------- Question 2. GAO found that DHS components were inconsistent in how they implemented the Department's acquisition management policy. The example GAO presented in March 2016 involved the Coast Guard, which had prepared incomplete funding plans. Has the Department indicated to you how it plans on ensuring that all of its components fully implement its acquisition management policy? Answer. DHS components have continued to make progress implementing the Department's acquisition management policy. For example, in August 2016, DHS approved the Acquisition Program Baseline for the U.S. Coast Guard's (USCG) Medium-Range Surveillance program--marking the first time all of the programs included in our annual assessments of DHS's major acquisition programs have had approved baselines. However, additional work remains to be done to effectively manage acquisition programs. For example, in April 2015, we recommended DHS account for all of the Operations and Maintenance (O&M) funding the USCG plans to allocate to its acquisition programs in its annual reports to Congress. DHS concurred with the recommendation, but the USCG has yet to take action. Given that an acquisition program's O&M activities can account for more than 80 percent of program life-cycle costs, DHS's continued inability to account for all of the O&M funding the USCG plans to allocate to its acquisition programs is significant. Until DHS implements our April 2015 recommendation, this issue will continue to obscure the size of the USCG's funding shortfalls and undermine DHS's efforts to address the USCG's funding gaps in an informed manner. We continue to monitor DHS's actions to address program affordability and, at the request of Congress, have initiated a review to assess the extent to which DHS has accounted for programs' O&M costs and funding. Question 3. As the transition to a new administration continues, what management and administration structures are currently in place to enable DHS to continue with implementation of both the human capital strategic plan and its workforce planning initiatives? How is GAO staying apprised of developments related to human capital management during this period? Answer. In its August 2016 Integrated Strategy for High-Risk Management--the framework DHS established to monitor progress and implementation of key management initiatives for strengthening it management functions--DHS describes steps the agency has taken and plans to take to implement its human capital strategic plan and workforce planning efforts. For example, DHS indicated the Department's senior human capital leadership intends to continue to review the human capital strategic plan on an annual basis to develop an operational plan for the next fiscal year. The operational plan is to provide the tactics and associated evidence of progress toward implementing the human capital strategic plan. In addition, the August 2016 Integrated Strategy for High-Risk Management states that senior human capital leadership will provide on-going monitoring of the human capital strategic plan through the Human Capital Dashboard--which provides information on progress towards targets--and quarterly review meetings to discuss measures, goals, and progress in implementing the associated operational plan. With regard to workforce planning, in September 2016, DHS officials indicated that DHS will continue to implement its workforce planning model in fiscal year 2017. This model is documented in the DHS Workforce Planning Guide and involves the following five steps: set the strategic direction, including linking the workforce and the strategy, considering the scope, and determining the workforce balance; conduct a supply analysis, demand analysis, and identify gaps in capacity and capability; develop an action plan including strategies and actions to address identified gaps; implement the action plan; and monitor, evaluate, and revise the plan. To stay apprised of DHS's human capital management efforts, we will continue to engage with DHS leadership through various means to help ensure the Department maintains its progress in implementing corrective actions through completion. Specifically, we will continue to: Assess and provide feedback to DHS leadership on reports the Department submits on its progress in addressing the Strengthening DHS Management Functions high-risk area, which the National Defense Authorization Act for Fiscal Year 2017 mandates the DHS Under Secretary for Management provide to us every 6 months.\5\ --------------------------------------------------------------------------- \5\ The National Defense Authorization Act for Fiscal Year 2017 includes a mandate that the DHS Under Secretary for Management report to us every 6 months to demonstrate measurable, sustainable progress made in implementing DHS's corrective action plans to address the Strengthening DHS Management Functions high-risk area until we submit written notification of the area's removal from the High-Risk List to the appropriate Congressional committees. See Pub. L. No. 114-328, 1903(b) (codified at 6 U.S.C. 341(a)(11)). --------------------------------------------------------------------------- Hold quarterly meetings with DHS leadership to discuss the Strengthening DHS Management Functions high-risk area and other pertinent issues. Discuss the results of our audit work within DHS's management areas with DHS leadership. Perform outreach to senior DHS officials regarding the extent to which the Department has implemented our recommendations, including those related to the Strengthening DHS Management Functions high-risk area, to help ensure that they are implemented effectively and in a timely manner. Question 4. Initiated in 2003, the Human Resources Information Technology (HRIT) investment is intended to consolidate, modernize, and integrate the human resources information technology infrastructure at DHS. Of 15 strategic improvement areas measured, GAO reported that only one had been fully implemented. This subcommittee held a hearing last year to get an understanding of what went wrong and to galvanize the Department's reform efforts. Please explain to the subcommittee the issues that the investment's inefficiency continues to create for DHS and how the Department can address those challenges. Answer. The HRIT investment is intended to address the fragmented systems, duplicative and paper-based processes, and the lack of uniformity of data management practices within the Department's human resources environment. According to DHS, these issues are compromising the Department's ability to effectively and efficiently carry out its mission. For example, according to DHS, reporting and analyzing enterprise human capital data are time-consuming, labor-intensive, and challenging because the Department's data management largely consists of disconnected, stand-alone systems, with multiple data sources for the same content. Additionally, according to DHS, the Department does not have information on all of its employees, which reduces its abilities to strategically manage its workforce and best deploy people in support of homeland security missions. Further, based on its current human resources environment, DHS reported that it, among other things: is unable to support enterprise reporting of human resources information and has data quality issues; does not have enterprise-level employee performance information available or standardized performance measures across the components; and incurs significant costs associated with maintaining seven different systems for personnel action requests, and experiences inefficiencies due to duplicative data entry into multiple systems. To address these challenges and effectively implement HRIT, DHS needs to fully implement the 14 recommendations we had made in our February 2014 report.\6\ To its credit, the Department has fully implemented 3 of the 14 recommendations, including re-evaluating HRIT's strategic improvement opportunities to determine whether they are still valid and reflective of DHS's current needs and re-prioritizing the improvement opportunities as needed to determine on which ones to focus first. Going forward, the Department needs to fully implement the remaining 11 recommendations, including --------------------------------------------------------------------------- \6\ Homeland Security: Oversight of Neglected Human Resources Information Technology Investment Is Needed, GAO-16-253 (Washington, DC: Feb. 11, 2016). --------------------------------------------------------------------------- ensuring that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT, developing a complete life-cycle cost estimate, and updating and maintaining a schedule estimate for implementation of the improvement opportunities. Question 5. Can you please describe for the subcommittee your views on the role of independent, impartial oversight of Federal agencies? In your opinion, what impact would Federal agencies face without the work of GAO? Answer. GAO exists to support Congress in meeting its Constitutional responsibilities and to help improve the performance and ensure the accountability of the Federal Government for the benefit of the American people. We examine how taxpayer dollars are spent and advise lawmakers and agency heads on ways to make Government work better. GAO is a unique Federal entity that can look across the Government and follow Federal spending internationally and domestically across Federal, State, and local government levels. In this role, we continue to monitor and address the Nation and Government's most pressing challenges. For example, GAO's ``Key Issues'' website (http:// www.gao.gov/key_issues) provides incoming Members of Congress and the American people with quick and easy access to bodies of GAO work on issues of critical importance to the nation, including collections of cross-cutting work on the Fiscal Outlook, High-Risk List, and Duplication and Cost Savings. In fiscal year 2016, we documented $63.4 billion in financial benefits for the Federal Government--a return of about $112 for every dollar we spent--and 1,234 improvements in broad program and operational areas across the Government. In addition, in fiscal year 2016, 73 percent of our recommendations were implemented by Federal agencies or Congress, and 68 percent of the products we issued contained recommendations. Question 6. Ms. Gambler, please describe what you believe is the most important area DHS can improve upon, particularly as it relates to employee morale. How does a change in administration, leadership, and priorities typically impact workforce morale? Answer. While GAO has not done work on how changes in administration, leadership, and priorities impact workforce morale, it will be important for DHS to consider employee morale as it works to implement the new administration's priorities. As we reported in our 2017 high-risk report, DHS has taken steps but still has considerable work ahead to improve employee morale.\7\ For example, in response to our recommendation that OCHCO and component human capital officials establish metrics of success within the action plans that are clear and measurable, DHS officials have regularly provided us with copies of annual component employee engagement action plans, most recently as of December 2016. We reviewed the action plans and spoke with DHS OCHCO officials to determine the extent to which DHS's action plans addressed our recommendation. Our review in January 2017 indicated that two components' action plans included clear and measureable targets. However, several other component plans did not fully address both elements. For example, components whose action plans fully address the recommendation include ICE and NPPD. Components whose action plans partially address the recommendation are CBP, USCG, FEMA, TSA, and USSS. USCIS's action plan did not address the recommendation. To fully address this recommendation, DHS OCHCO officials need to continue to provide documentary evidence of improved measure clarity and incorporate measurable targets in their action planning efforts for components whose action plans do not support closure of the recommendation. DHS OCHCO officials agreed with our assessment and told us that they are planning to provide training to component officials over the coming year to address action planning needs. We will continue to monitor DHS's efforts to address our recommendation to help strengthen employee morale. --------------------------------------------------------------------------- \7\ GAO-17-317. --------------------------------------------------------------------------- Question 7. Ms. Gambler, you note several improvements the Department made, particularly related to Human Capital Plans. However, some components, such as CBP have struggled to fully staff at the allotted Congressional cap. It is also expected that the workforce will need to further increase under the new administration. Has the Department addressed staffing needs, particularly of Border Patrol agents, in its Human Capital Plan? How will the Plan need to be adjusted given the new administration's priorities? Answer. DHS's human capital strategic plan outlines high-level goals and objectives that describe desired future states and outcomes, but does not include specific plans to address CBP or Border Patrol workforce challenges.\8\ However, as part of its workforce planning process, DHS has assessed Border Patrol workforce capacity gaps, worked to identify root causes for its continued challenges in meeting staffing goals, and developed an action plan to address the priority root cause it identified. For example, in fiscal year 2016, DHS identified attrition as the highest priority root cause of its Border Patrol agent staffing challenges, and identified actions, such as utilizing pay and compensation flexibilities to incentivize mission critical personnel to remain with CBP. Moving forward, DHS will need to incorporate any changes in Border Patrol staffing requirements into its workforce planning efforts, reassess capacity gaps and root causes, and design an action plan that addresses the highest priority challenges. --------------------------------------------------------------------------- \8\ DHS, Human Capital Strategic Plan Fiscal Years 2015-2019 (Washington, DC: October 2014). --------------------------------------------------------------------------- Question 8. In his exit memo, former Secretary Jeh Johnson cites the need for ``an aggressive campaign to improve morale and satisfaction at the Department.'' Based on your review of the Department, what are ways the new administration can continue the aggressive campaign the former Secretary started? What particular programs or policies did the DHS workforce seem to take a particular interest in and/or respond the most positively to? Answer. As we reported in our 2017 high-risk report, DHS has taken steps but still has considerable work ahead to improve employee morale.\9\ For example, DHS has implemented a Department-wide Employee Engagement Action Plan, which DHS's components use to develop tailored action plans for their own employee engagement and outreach; however, to continue to make progress in addressing employee morale, DHS needs to fully implement our prior recommendations to: (1) Comprehensively examine root causes and (2) establish clear metrics of success with DHS and its components' actions plans.\10\ By implementing these recommendations DHS would be better-positioned to design action plans that address root causes of employee morale issues and determine the effectiveness of their plans. --------------------------------------------------------------------------- \9\ GAO-17-317. \10\ GAO-12-940. --------------------------------------------------------------------------- Additionally, while we have not examined the particular DHS efforts to which DHS's workforce has responded most positively, we have previously identified key drivers and lessons learned for strengthening employee engagement that DHS could leverage in its efforts to improve employee morale.\11\ In 2015, we reported that overall, what matters most in improving engagement levels is valuing employees--that is, an authentic focus on their performance, career development, and inclusion and involvement in decisions affecting their work. Specifically, our regression analysis of selected Federal Employee Viewpoint Survey questions identified the following six practices as key drivers of engagement, as measured by OPM's Employee Engagement Index: (1) Constructive performance conversations, (2) career development and training, (3) work-life balance, (4) inclusive work environment, (5) employee involvement, and (6) communication from management. Further, our case studies of three agencies also identified three key lessons for improving employee engagement: --------------------------------------------------------------------------- \11\ GAO, Federal Workforce: Additional Analysis and Sharing of Promising Practices Could Improve Employee Engagement and Performance, GAO-15-585 (Washington, DC: July 14, 2015). --------------------------------------------------------------------------- Any change must be implemented using effective management practices, such as top leadership involvement, consistently applying policies, creating a line of sight between the agency's mission and the work of each employee, and reaching out to employees and their labor union representatives, if applicable, to obtain insights and inform efforts. The Employee Engagement Index alone is not enough; agencies must look to other sources of data for a complete picture of employee engagement levels in their organization and its components. Improving engagement and organizational performance takes time and does not neatly follow the survey cycle; change may involve several efforts and effects are seen at different points in time. Question 9. Building the morale of DHS's workforce was a high priority for the previous administration, including former Secretary Jeh Johnson. How much more difficult does President Donald Trump's Federal Hiring Freeze Executive Order make that challenge for the new DHS Secretary General John Kelly? Based on your research on human capital challenges at the Department, what areas warrant particular attention and consideration in order to maintain positive momentum with DHS morale? Answer. While GAO has not assessed the Executive Order, it will be important for DHS to consider its impacts as the Department moves forward with its efforts to address employee morale. We have previously identified specific actions that DHS should take as well as key drivers and lessons learned DHS could leverage to continue to strengthen employee engagement.\12\ In 2012, we reviewed and reported on actions DHS took to address the morale of its employees and recommended that DHS: (1) Comprehensively examine root cause analysis efforts and, where absent, add the comparisons of demographic groups, benchmarking against similar organizations, and linkage of root cause findings to action plans; and (2) establish clear metrics of success with DHS and its components' actions plans for employee engagement and outreach.\13\ As we reported in our 2017 high-risk report, DHS must implement these recommendations, among others, in order to make continued progress in achieving the outcomes that are critical to addressing the challenges within the Department's high-risk management areas.\14\ --------------------------------------------------------------------------- \12\ See GAO-12-940 and GAO-15-585. \13\ GAO-12-940. \14\ GAO-17-317. --------------------------------------------------------------------------- In addition, in 2015, we identified key drivers and lessons learned for strengthening employee engagement that DHS could leverage in its efforts improve employee morale.\15\ Overall we found that what matters most in improving engagement levels is valuing employees--that is, an authentic focus on their performance, career development, and inclusion and involvement in decisions affecting their work. Specifically, our regression analysis of selected Federal Employee Viewpoint Survey questions identified the following six practices as key drivers of engagement, as measured by OPM's Employee Engagement Index: (1) Constructive performance conversations, (2) career development and training, (3) work-life balance, (4) inclusive work environment, (5) employee involvement, and (6) communication from management. Further, our case studies of three agencies also identified three key lessons for improving employee engagement: --------------------------------------------------------------------------- \15\ GAO-15-585. --------------------------------------------------------------------------- Any change must be implemented using effective management practices, such as top leadership involvement, consistently applying policies, creating a line of sight between the agency's mission and the work of each employee, and reaching out to employees and their labor union representatives, if applicable, to obtain insights and inform efforts. The Employee Engagement Index alone is not enough; agencies must look to other sources of data for a complete picture of employee engagement levels in their organization and its components. Improving engagement and organizational performance takes time and does not neatly follow the survey cycle; change may involve several efforts and effects are seen at different points in time. Question 10. Ms. Gambler, what is the single most important action DHS can take to address the remaining two requirements to be removed from the High-Risk List? In addition, what is the most important action DHS must continue in order to prevent backsliding? Answer. In order to address the remaining two criteria for removal from the High-Risk List and prevent backsliding, DHS needs to achieve sustained progress across 30 outcomes that we identified and DHS agreed were needed to address the Strengthening DHS Management Functions high- risk area. In our 2017 high-risk report, we found that DHS has fully addressed 13 of these outcomes, mostly addressed 8, partially addressed 6, and initiated the remaining 3.\16\ Furthermore, we found that in order to achieve the 30 outcomes, DHS will need to make additional progress identifying and allocating resources in the following areas: --------------------------------------------------------------------------- \16\ GAO-17-317. --------------------------------------------------------------------------- Acquisition Management.--With respect to acquisition, DHS's 2016 staffing assessments focused on identifying critical acquisition-related position gaps rather than all major program acquisition-related positions; consequently, some programs were assessed as being fully or almost fully staffed for critical positions despite significant staffing shortfalls in the overall program. We concluded that this increased focus on critical gaps may limit DHS's insight into the size and nature of acquisition-related staffing shortfalls, making it difficult for DHS to develop a plan or process to address these vacancies. In December 2016, DHS updated its staffing assessment guidance to re-focus the assessment process on all major program acquisition-related positions. However, DHS plans to pilot the implementation of this policy update incrementally during 2017 and the timing of full implementation is not yet known. Information Technology (IT) management.--DHS's fiscal year 2015-2018 IT Strategic Plan introduced the Department's plan to shift the IT paradigm from acquiring assets to acquiring services and acting as a service broker. The Department's August 2016 updated version of its strategy reported that this shift is a mechanism for building capacity to resolve risk. However, while DHS issued a workforce planning contract in July 2016 to help DHS headquarters transition to the skillsets needed to accommodate the service broker model, Department officials stated that they have not yet defined what those skill sets are or analyzed the skills gaps resulting from the paradigm shift. Because DHS has yet to comprehensively assess IT human capital gaps within headquarters, it remains unclear whether DHS has the capacity to support this paradigm shift. Financial Management.--Additionally, although DHS continues to make progress towards modernizing its financial management systems, critical information needed to determine the resources required for two of three key modernization projects is not available as the projects are not yet to a point where DHS can determine what resources are required. We reported that the discovery phase of these projects provides essential information for determining the implementation schedule and finalizing cost estimates that are needed prior to approving the projects for implementation; however, this phase is not expected to be completed for DHS's FEMA and ICE modernization projects until April 2017.\17\ --------------------------------------------------------------------------- \17\ The discovery phase includes an in-depth analysis of the requirements and capabilities of the new system, also known as a gap analysis, and is also performed to determine the feasibility of implementing, deploying, and maintaining financial management services for the chosen solution. --------------------------------------------------------------------------- Question 11a. Ms. Gambler, DHS has struggled with the modernization of its information technology systems. Did you evaluate any of those programs during your review of the High-Risk List? Answer. Yes, we evaluated and monitored eight of DHS's previously or currently troubled IT investments as part of our High-Risk List review. Specifically, we included the following investments: 1. Analysis and Operations' Homeland Security Information Network 2. CBP's Automated Commercial Environment 3. DHS HRIT 4. FEMA's Logistics Supply Chain Management System 5. ICE's Student and Exchange Visitor Information System 6. ICE's TECS Modernization 7. NPPD Federal Protective Service TacCom 8. USCIS Transformation To monitor and evaluate these investments, we tracked their respective Chief Information Officer (CIO) ratings that DHS reported on OMB's IT Dashboard, as well as analyzed the results of DHS's internal IT program health assessments. We also reviewed documentation demonstrating actions that DHS oversight officials had taken or were currently taking to improve the performance of the troubled investments. Further, we relied on reports and documentation from other GAO audits, such as our 2016 report on DHS's major acquisition programs, to track the cost, schedule, and performance of these investments.\18\ --------------------------------------------------------------------------- \18\ GAO, IT Dashboard: Agencies Need to Fully Consider Risks When Rating Their Major Investments, GAO-16-494 (Washington, DC: June 2, 2016); Homeland Security Acquisitions: DHS Has Strengthened Management, but Execution and Affordability Concerns Endure, GAO-16-338SP (Washington, DC: Mar. 31, 2016); GAO-16-253; Immigration Benefits System: Better Informed Decision Making Needed on Transformation Program, GAO-15-415 (Washington, DC: May 18, 2015); Homeland Security Acquisitions: Major Program Assessments Reveal Actions Needed to Improve Accountability, GAO-15-171SP (Washington, DC: Apr. 22, 2015); and Border Security: DHS's Efforts to Modernize Key Enforcement Systems Could be Strengthened, GAO-14-62 (Washington, DC: Dec. 5, 2013). --------------------------------------------------------------------------- Question 11b. What are your suggestions for the Department to finally get programs such as HRIT and USCIS Transformation on the right track, both of which were initiated a decade ago? Answer. To help get programs such as HRIT and USCIS Transformation on the right track, the Department should focus on the use of incremental development, consistent with Office of Management and Budget guidance directing that IT investments deliver functionality in 6-month increments. The Department's use of ``big bang'' approaches, which scope requirements broadly and aim to deliver functionality several years after initiation, too frequently fail. According to the Defense Science Board, such an approach--which DHS had used on programs such as USCIS Transformation--is often too long, ineffective, and unaccommodating of the rapid evolution of IT. Additionally, the Department should focus on improving its capacity to successfully acquire IT by fully implementing the CIO oversight and management authorities described in the Federal IT Acquisition Reform Act (FITARA).\19\ The Department should also promptly address the numerous outstanding recommendations that we made to HRIT and USCIS Transformation, which are consistent with FITARA.\20\ --------------------------------------------------------------------------- \19\ Pub. L. No. 113-291, div. A, 831(a), 128 Stat. 3292, 3438- 3440 (2014). \20\ GAO, Immigration Benefits System: U.S. Citizenship and Immigration Services Can Improve Program Management, GAO-16-467 (Washington, DC: July 7, 2016); GAO-16-253; and GAO-15-415. --------------------------------------------------------------------------- Question 12. Ms. Gambler, what impact do you feel initiatives such as Unity of Effort and the Joint Requirements Council have on the Department's management integration? Answer. The Secretary of Homeland Security's Unity of Effort initiative and the Joint Requirements Council (JRC) are positive steps toward strengthening management integration, but it is too early to assess their effects. Specifically, the Unity of Effort initiative has helped to strengthen the integration of DHS's business operations across the Department by, for example, finalizing a management directive in June 2015 that formally establishes multiple senior leader forums for on-going review of Departmental initiatives.\21\ The Secretary's Unity of Effort initiative also established enhancements to DHS's budgeting process by creating a new approach to mission-focused, cross-DHS budget development and assessment. Additionally, DHS officials attribute the following accomplishments, among others, to the Unity of Effort initiative and integrated priorities initiatives: --------------------------------------------------------------------------- \21\ DHS, Secretary of Homeland Security, Strengthening Departmental Unity of Effort, Memorandum for DHS Leadership (Washington, DC: Apr. 22, 2014). This memorandum committed to, among other things, improving DHS's planning, programming, budgeting, and execution processes through strengthened Departmental structures and increased capability. DHS, Strengthening Departmental Unity of Effort, Management Directive 071-01 (Washington DC: June 30, 2015). --------------------------------------------------------------------------- DHS's Office of Program Accountability and Risk Management developed and implemented a policy directive to monitor and track critical staffing gaps for major acquisition programs to ensure that such gaps are identified and remediated in a timely manner.\22\ --------------------------------------------------------------------------- \22\ DHS, Major Acquisition Program Staffing Management, DHS Policy Directive 102-05 (Washington, DC: June 30, 2016). In December 2016, based in part on our input, DHS subsequently updated its staffing assessment guidance to re-focus the assessment process on all major program acquisition-related positions. This will be discussed further in our assessment of DHS's major acquisitions programs, to be issued in March 2017. --------------------------------------------------------------------------- DHS Science and Technology Directorate established Integrated Product Teams to better link the Department's research and development investments with the Department's operational needs. DHS strengthened its strategy, planning, programming, budgeting, execution, and acquisition processes by improving existing structures and creating new ones where needed to build additional organizational capability. DHS has institutionalized these reforms by issuing a range of Departmental management directives and instructions. However, given that these Unity of Effort initiatives are in the early stages of implementation and contingent upon DHS sustaining implementation plans and efforts over a period of years, it is too early to assess their effects. Additionally, the re-establishment of the JRC after many years without such an active body is a positive demonstration of senior-level commitment to improving the DHS-wide capabilities and requirements processes. The JRC has the potential to help DHS reduce duplication and make cost-effective investments across its portfolio; however, specific outcomes will not materialize in terms of budget decisions for several years. Since full implementation of the JRC's Joint Assessment of Requirements--and its use to inform the Department's budget decisions-- is several years away, it is too soon to tell how effective it will be in prioritizing requirements and reducing duplication and inefficiencies, as intended. Question 13a. What has DHS done during the past year to mitigate staffing shortfalls in key positions, such as program managers, systems engineers, and logisticians? Answer. As part of its fiscal year 2016 workforce planning cycle, DHS identified 17 priority mission-critical occupations. According to DHS, the 17 priority mission-critical occupations account for approximately 64 percent of the civilian workforce and are the most critical to performing core DHS mission areas. For each of the 17 priority mission critical occupations, DHS applied its workforce planning cycle, which involves the following five steps: set the strategic direction, including linking the workforce and the strategy, considering the scope, and determining the workforce balance; conduct a supply analysis, demand analysis and identify gaps in capacity and capability; develop an action plan including strategies and actions to address identified gaps; implement the action plan; and monitor, evaluate, and revise the plan. As part of its fiscal year 2016 monitoring and evaluation efforts, DHS reported that many of the 17 occupations met their defined targets or showed improvement in closing gaps. Additionally, DHS components develop annual Component Recruiting and Outreach Plans to guide recruiting efforts to fill gaps in priority mission-critical occupations. The Component Recruiting and Outreach Plans are to assist components in developing a systematic, sustainable process to ensure communication between recruiters and workforce planners to identify and address short- and long-term human capital needs. Question 13b. Another challenge is program-funding gaps, whereby estimated costs exceed projected funding. How has DHS addressed the emergence of funding gaps for key programs? What steps has the Department taken, or does the Department plan to take, to reduce the size and frequency of these gaps? Answer. In April 2014, we reported that DHS's major acquisition programs faced a 30 percent funding gap over a 5-year period, and made nine recommendations to help DHS take steps to close this gap.\23\ In June 2014, the DHS chief financial officer established a new process for improving the affordability of the Department's acquisition portfolio, which addressed one of our recommendations. In March 2016, we reported that this process has enhanced the Department's acquisition management process by creating a formal mechanism to address affordability issues at Acquisition Review Board meetings.\24\ However, we identified opportunities for DHS leadership to expand upon these efforts and made recommendations that they take additional actions, such as improving the information components provide on program affordability, conducting affordability assessments for programs that have not been reviewed at an Acquisition Decision Event since the funding certification requirement was established, and strengthening DHS's communications with Congress and the processes components use to address and communicate affordability information to leadership. Making such refinements to DHS's processes would better position the Department to ensure that Congress and taxpayers understand the investment needed to deliver the intended capabilities to the end- users. We will continue to track the Department's progress in this area. --------------------------------------------------------------------------- \23\ GAO, Homeland Security Acquisitions: DHS Could Better Manage Its Portfolio to Address Funding Gaps and Improve Communications with Congress, GAO-14-332 (Washington, DC: April 17, 2014). \24\ GAO, Homeland Security Acquisition: DHS Has Strengthened Management, but Execution and Affordability Concerns Endure, GAO-16- 338SP (Washington, DC: Mar. 31, 2016). --------------------------------------------------------------------------- Question 14a. GAO has indicated that the Department has sustained its progress in implementing a human capital strategic plan. A significant initiative related to workforce planning in the administration of President Obama was the Balanced Workforce Strategy, which sought to identify the appropriate balance of Federal and contractor employees required to achieve the DHS mission. What is the current status of the Balanced Workforce Strategy and does GAO anticipate that the initiative will continue in the new administration? What specific changes in the strategy for and composition of the DHS workforce have resulted from the initiative? Answer. In December 2012, we reported that after issuing the Balanced Workforce Strategy in 2010, DHS developed an automated tool to help components perform the necessary analysis to determine the appropriate mix of Federal employees versus contractors.\25\ In its August 2016 Integrated Strategy for High-Risk Management, DHS reported that the use of this tool became mandatory in fiscal year 2014. In addition, DHS reported that the Balanced Workforce Strategy Division regularly monitors component use of the tool and that it had completed audits of ICE, NPPD, USCIS, FEMA, the Federal Law Enforcement Training Centers, and TSA's implementation of the Balanced Workforce Strategy and tool. We have not assessed how the Balanced Workforce Strategy has impacted the DHS workforce or how the change in administration may affect the implementation of the strategy. --------------------------------------------------------------------------- \25\ GAO, DHS Strategic Workforce Planning: Oversight of Department-wide Efforts Should Be Strengthened, GAO-13-65 (Washington, DC: Dec. 3, 2012). --------------------------------------------------------------------------- Question 14b. Are there any other workforce planning initiatives under way in the Department? Answer. DHS has developed a workforce planning model that involves the following five steps: set the strategic direction, including linking the workforce and the strategy, considering the scope, and determining the workforce balance; conduct a supply analysis, demand analysis, and identify gaps in capacity and capability; develop an action plan including strategies and actions to address identified gaps; implement the action plan; and monitor, evaluate, and revise the plan. In September 2016 DHS officials indicated that DHS will continue to implement its workforce planning model in fiscal year 2017. Additionally, DHS components develop annual Component Recruiting and Outreach Plans to guide recruiting efforts to fill gaps in priority mission-critical occupations. The Component Recruiting and Outreach Plans are to assist components in developing a systematic, sustainable process to ensure communication between recruiters and workforce planners to identify and address short- and long-term human capital needs. [all]