Border Security:

DHS's Efforts to Modernize Key Enforcement Systems Could be Strengthened

GAO-14-62: Published: Dec 5, 2013. Publicly Released: Jan 6, 2014.

Additional Materials:

Contact:

David A. Powner
(202) 512-9286
pownerd@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

Customs and Border Protection (CBP) has defined the scope for its TECS (not an acronym) modernization (TECS Mod) program, but its schedule and cost continue to change; while Immigration and Customs Enforcement (ICE) is overhauling the scope, schedule, and cost of its program after discovering that its initial solution is not technically viable. CBP's $724 million program intends to modernize the functionality, data, and aging infrastructure of legacy TECS and move it to DHS's data centers. CBP plans to develop, deploy, and implement these capabilities between 2008 and 2015. To date, CBP has deployed functionality to improve its secondary inspection processes to air and sea ports of entry and, more recently, to land ports of entry in 2013. However, CBP is in the process of revising its schedule baseline for the second time in under a year. Further, portions of CBP's schedule remain undefined and the program does not have a fully developed master schedule. These factors increase the risk of CBP not delivering TECS Mod by its 2015 deadline. Regarding ICE's $818 million TECS Mod program, it is redesigning and replanning its program, having determined in June 2013 that its initial solution was not viable and could not support ICE's needs. As a result, ICE halted development and is now assessing design alternatives and will revise its schedule and cost estimates. Program officials stated the revisions will be complete in December 2013. Until ICE completes the replanning effort, it is unclear what functionality it will deliver, when it will deliver it, or what it will cost to do so, thus putting it in jeopardy of not completing the modernization by its 2015 deadline.

CBP and ICE have managed many risks in accordance with some leading practices, but they have had mixed results in managing requirements for their programs. In particular, neither program identified all known risks and escalated them for timely management review. Further, CBP's guidance defines key practices associated with effectively managing requirements, but important requirements development activities were underway before these practices were established. ICE, meanwhile, operated without requirements management guidance for years, and its requirements activities were mismanaged as a result. For example, ICE did not complete work on 2,600 requirements in its initial release, which caused testing failures and the deferral and deletion of about 70 percent of its original requirements. ICE issued requirements guidance in March 2013 that is consistent with leading practices, but it has not yet been implemented.

The Department of Homeland Security's (DHS) governance bodies have taken actions to oversee the two TECS Mod programs that are generally aligned with leading practices. Specifically, DHS's governance bodies have monitored TECS Mod performance and progress and have ensured that corrective actions have been identified and tracked. However, the governance bodies' oversight has been based on sometimes incomplete or inaccurate data, and therefore the effectiveness of these efforts is limited. For example, one oversight body rated CBP's program as moderately low risk, based partially on the program's use of earned value management, even though program officials stated that neither they nor their contractor had this capability. Until these governance bodies base their performance reviews on timely, complete, and accurate data, they will be constrained in their ability to effectively provide oversight.

Why GAO Did This Study

DHS's border enforcement system, known as TECS, is the primary system available for determining admissibility of persons to the United States. It is used to prevent terrorism, and provide border security and law enforcement, case management, and intelligence functions for multiple federal, state, and local agencies. It has become increasingly difficult and expensive to maintain because of technology obsolescence and its inability to support new mission requirements. Accordingly, in 2008, DHS began an effort to modernize the system. It is being managed as two separate programs working in parallel by CBP and ICE.

GAO's objectives were to (1) determine the scope and status of the two TECS Mod programs, (2) assess selected CBP and ICE program management practices for TECS Mod, and (3) assess the extent to which DHS is executing effective executive oversight and governance of the two TECS Mod programs.

To do so, GAO reviewed requirements documents and cost and schedule estimates, and determined the current scope, completion dates, and life cycle expenditures. GAO also reviewed risk management and requirements management plans, as well as governance bodies' meeting minutes.

What GAO Recommends

GAO is recommending DHS improve its efforts to manage requirement and risk, as well as its governance of the TECS Mod programs. DHS agreed with all but one of GAO's eight recommendations, and described actions planned and underway to address them.

For more information, contact David A. Powner at (202) 512-9286 or pownerd@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: The Department of Homeland Security (DHS) did not concur with this recommendation, but reports it has taken steps to address it. In August 2015, U.S. Customs and Border Patrol (CBP) provided an update that described steps taken to link the master schedule files with the program's system architecture tool. According to CBP, this is intended to provide the program manager with the ability to monitor the status of the program, project and integration tasks. When we confirm the actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To improve DHS's efforts to develop and implement its TECS Mod programs, the Secretary of Homeland Security should direct the CBP Commissioner to ensure that the appropriate individuals develop an integrated master schedule that accurately reflects all of the program's work activities, as well as the timing, sequencing, and dependencies between them.

    Agency Affected: Department of Homeland Security

  2. Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with and has begun steps to address this recommendation. In July 2015, U.S. Customs and Border Protection (CBP) officials provided an example from their TECS Mod risk register and two management briefings on the program's status. While these items show that risks are being identified, tracked, and briefed to management, they do not address integrated master schedule and earned value management risks that we identified in our report. We will continue to monitor agency actions on this recommendation.

    Recommendation: To improve DHS's efforts to develop and implement its TECS Mod programs, the Secretary of Homeland Security should direct the CBP Commissioner to ensure that the appropriate individuals ensure that all significant risks associated with the TECS Mod acquisition are documented in the program's risk and issue inventory inventory--including acquisition risks mentioned in this report report-- and are briefed to senior management, as appropriate.

    Agency Affected: Department of Homeland Security

  3. Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with and has taken action to address this recommendation. In July 2015, U.S. Customs and Border Protection (CBP) officials provided an updated version of its risk management guidance. This guidance stipulates that high impact issues are to be escalated to the program's executive sponsor by the Program Manager. In addition, the guidance states that the executive sponsor will escalate these issues to higher management as appropriate. The revised plan also provides criteria for what types of issues or impacts should be escalated to the respective review boards. However, DHS did not provide evidence that the program has escalated high impact risks/issues to executive management (and/or review boards) in accordance with the revised plan. Once we confirm agency actions related to implementing this recommendation we will provide further updates. We will continue to monitor agency actions on this recommendation.

    Recommendation: To improve DHS's efforts to develop and implement its TECS Mod programs, the Secretary of Homeland Security should direct the CBP Commissioner to ensure that the appropriate individuals revise and implement the TECS Mod program's risk management strategy and guidance to include clear thresholds for when to escalate risks to senior management, and implement as appropriate.

    Agency Affected: Department of Homeland Security

  4. Status: Closed - Implemented

    Comments: The Department of Homeland Security (DHS) agreed with and has implemented this recommendation. Customs and Border Protection (CBP) officials provided an updated version of its requirements management plan (dated Nov. 23, 2013) that includes specific criteria requiring each requirement to be unique, unambiguous and testable. By revising its plan, CBP should have greater assurance that TECS Mod will perform as intended in the user environments and has reduced the risk of deployment delays as a result.

    Recommendation: To improve DHS's efforts to develop and implement its TECS Mod programs, the Secretary of Homeland Security should direct the CBP Commissioner to ensure that the appropriate individuals revise and implement the TECS Mod program's requirements management guidance to include the validation of requirements to ensure that each is unique, unambiguous, and testable.

    Agency Affected: Department of Homeland Security

  5. Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with and has begun steps to address this recommendation. In February 2014, the department stated in written correspondence that the U.S. Immigration and Customs Enforcement (ICE) TECS Mod program office had created a program-level acquisition risk and added it to its risk inventory. However, ICE did not provide evidence that the risk had been briefed to senior management, as appropriate. When we confirm the actions the program officials have taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of Homeland Security should direct the Acting Director of ICE to ensure that the appropriate individuals ensure that all significant risks associated with the TECS Mod acquisition are documented in the program's risk and issue inventory--including the acquisition risks mentioned in this report-- and briefed to senior management, as appropriate.

    Agency Affected: Department of Homeland Security

  6. Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with and has begun steps to address this recommendation. In February 2014, the department stated in written correspondence that the U.S. Immigration and Customs Enforcement (ICE) TECS Mod program office had refined its criteria for escalating risks and identified 3 risk events that could trigger an escalated status for a given risk. Specifically, if a risk has a score that exceeds a certain threshold, if a risk meets a trigger date/event, or if the Risk Advisory Board exercises its discretion to escalate a given risk. However, ICE did not provide evidence that existing risks had been evaluated and escalated, as appropriate. When we confirm the actions the program officials have taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of Homeland Security should direct the Acting Director of ICE to ensure that the appropriate individuals revise and implement the TECS Mod program's risk management strategy and guidance to include clear thresholds for when to escalate risks to senior management, and implement as appropriate.

    Agency Affected: Department of Homeland Security

  7. Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with and has begun steps to address this recommendation. In February 2014, the department stated in written correspondence that the U.S. Immigration and Customs Enforcement (ICE) TECS Mod program office had updated its requirements management plan, revised its requirements baseline, and approved a change control package that are intended to address this recommendation. Once we have validated the actions taken by ICE officials in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of Homeland Security should direct the Acting Director of ICE to ensure that the appropriate individuals ensure that the newly developed requirements management guidance and recently revised guidance for controlling changes to requirements are fully implemented.

    Agency Affected: Department of Homeland Security

  8. Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with and has begun steps to address this recommendation. In February 2014, DHS described in written correspondence a number of steps that it had taken to address the recommendation. For example, the department directed use of a decision-making support tool intended to improve governance decisions. It also discussed information available via the Information Technology Dashboard and how that information could be used to support decision-making activities. In April 2015, DHS further described efforts to implement this recommendation for 3 programs. Once we validated agency actions on this recommendation, we will provide updated information.

    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management and acting Chief Information Officer to ensure that data used by the department's governance and oversight bodies to assess the progress and performance of major information technology program acquisition programs are complete, timely, and accurate.

    Agency Affected: Department of Homeland Security

 

Explore the full database of GAO's Open Recommendations »

Jun 14, 2016

Jun 7, 2016

Jun 6, 2016

May 31, 2016

May 26, 2016

May 24, 2016

May 17, 2016

Apr 25, 2016

Looking for more? Browse all our products here