This is the accessible text file for GAO report number GAO-12-365T 
entitled 'Department of Homeland Security: Continued Progress Made 
Improving and Integrating Management Areas, but More Work Remains' 
which was released on March 1, 2012. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Testimony: 

Before the Subcommittee on Oversight, Investigations, and Management, 
Committee on Homeland Security, House of Representatives: 

For Release on Delivery: 
Expected at 9:30 a.m. EST:
Thursday, March 1, 2012: 

Department of Homeland Security: 

Continued Progress Made Improving and Integrating Management Areas, 
but More Work Remains: 

Statement of David C. Maurer, Director:
Homeland Security and Justice Issues: 

GAO-12-365T: 

GAO Highlights: 

Highlights of GAO-12-365T, a testimony before the Subcommittee on 
Oversight, Investigations, and Management, Committee on Homeland 
Security, House of Representatives. 

Why GAO Did This Study: 

Why GAO Did This Study
Since 2003, GAO has designated the implementation and transformation 
of DHS as high risk because, among other things, DHS had to combine 22 
agencies, while ensuring no serious consequences for U.S. national and 
economic security. This high-risk area includes challenges in DHS’s 
management functions—-financial management, human capital, IT, and 
acquisitions; the effect of those challenges on implementing DHS’s 
missions; and integrating the functions. In November 2000, GAO 
published criteria for removing areas from its high-risk list. In 
September 2010, GAO identified 31 actions and outcomes critical to 
addressing this high-risk area. This testimony addresses DHS’s 
progress in (1) developing a strategy for addressing its high-risk 
designation and (2) achieving outcomes critical to addressing this 
high-risk area. This statement is based on GAO products issued from 
June 2007 through February 2012, including selected updates. It also 
includes preliminary observations from GAO’s ongoing work reviewing 
DHS’s IT governance. GAO reviewed documents on IT governance and 
interviewed officials. 

What GAO Found: 

The Department of Homeland Security (DHS) has updated and strengthened 
its strategy for how it plans to address GAO’s high-risk designation 
and resolve the department’s management challenges. In January 2011, 
DHS provided GAO with its Integrated Strategy for High Risk 
Management, which summarized the department’s preliminary plans for 
addressing the high-risk area. GAO found that this strategy, which was 
later updated in June and December 2011, was generally responsive to 
the actions and outcomes needed to address GAO’s high-risk 
designation. For example, the January 2011 strategy generally 
identified multiple, specific actions and target completion time 
frames consistent with the outcomes GAO identified. However, the 
strategy did not address the root causes of problems, among other 
things. In its June 2011 strategy, DHS, among other things, identified 
10 root causes that cut across the management areas and their 
integration. Nevertheless, GAO identified ways the strategy could be 
strengthened, including consistently reporting the progress of its 
initiatives and corrective actions. In its most recent update, DHS 
better positioned itself to address its management challenges. For 
example, for the first time, DHS included ratings of the department’s 
progress addressing its high-risk outcomes. However, GAO believes that 
DHS could more consistently report on available resources and 
corrective actions, establish measures and report on progress made for 
all initiatives, and stabilize its methodology for measuring progress. 
These changes, if implemented and sustained, provide a path for DHS to 
address GAO’s high-risk designation. 

DHS has made progress, but has considerable work ahead to achieve 
actions and outcomes critical to addressing this high-risk area. Among 
other accomplishments, DHS realigned its acquisition management 
functions within a new office to assess the health of major 
acquisitions and investments; conducted program and portfolio reviews 
of hundreds of information technology (IT) investments; and reduced 
the number of material weaknesses in internal controls. DHS also 
demonstrated top leadership commitment by identifying roles and 
responsibilities for its key management initiatives. However, DHS has 
more work ahead to fully implement its plans and address its management 
challenges. For example, in June 2010 GAO reported that over half of 
the programs reviewed awarded contracts to initiate acquisition 
activities without component or department approval of essential 
planning documents. In addition, DHS faces challenges fully defining 
key system investment and acquisition management policies and 
procedures. Further, as of September 30, 2011, due to material 
weaknesses in internal controls over financial reporting, DHS was 
unable to provide assurance that these internal controls were 
operating effectively. In September 2011 we reported that DHS also 
continues to face challenges implementing some key human capital 
initiatives, such as its workforce strategy. DHS also needs to 
continue to demonstrate sustainable progress in integrating its 
management functions within and across the department and its 
components, including making progress with its model for managing 
investments across components and management functions. GAO will 
continue to assess DHS’s efforts to address its high-risk designation 
and will report its findings on the department’s progress in the high-
risk update that it expects to issue in early 2013. 

What GAO Recommends: 

This testimony contains no new recommendations. GAO has made over 100 
recommendations to DHS since 2003 to strengthen the department’s 
management and integration efforts. DHS has implemented many of these 
recommendations and is in the process of implementing others. 

View [hyperlink, http://www.gao.gov/products/GAO-12-365T]. For more 
information, contact David C. Maurer at (202) 512-9627 or 
maurerd@gao.gov. 

[End of section] 

Chairman McCaul, Ranking Member Keating, and Members of the 
Subcommittee: 

I am pleased to be here today to discuss the Department of Homeland 
Security's (DHS) ongoing efforts to build a single, unified 
department. DHS now has more than 200,000 employees and almost $60 
billion in budget authority, and completing its transformation into a 
cohesive department is critical to achieving its homeland security 
missions. Our prior work on mergers and organizational 
transformations, undertaken before the creation of DHS, found that 
successful transformations of large organizations, even those faced 
with less-strenuous reorganizations than DHS, can take years to 
achieve.[Footnote 1] Since the department's creation in 2003, GAO has 
designated the implementation and transformation of DHS as high risk 
because DHS had to combine 22 agencies--several with major management 
challenges--into one department, and failure to effectively address 
DHS's management and mission risks could have serious consequences for 
U.S. national and economic security.[Footnote 2] This high-risk area 
includes challenges in strengthening DHS's management functions--
financial management, human capital, information technology (IT), and 
acquisition management--the effect of those challenges on DHS's 
mission implementation, and challenges in integrating management 
functions within and across the department and its components. 

In November 2000, we published our criteria for removing areas from 
the high-risk list.[Footnote 3] Specifically, agencies must have (1) a 
demonstrated strong commitment and top leadership support to address 
the risks; (2) the capacity (that is, the people and other resources) 
to resolve the risks; (3) a corrective action plan that identifies the 
root causes, identifies effective solutions, and provides for 
substantially completing corrective measures in the near term, 
including but not limited to steps necessary to implement solutions we 
recommended; (4) a program instituted to monitor and independently 
validate the effectiveness and sustainability of corrective measures; 
and (5) the ability to demonstrate progress in implementing corrective 
measures. 

On the basis of our prior work, in September 2010 we identified and 
provided to DHS 31 actions and outcomes that are critical to 
addressing the challenges within the department's management areas and 
in integrating those functions across the department. These key 
actions and outcomes include, among others, obtaining and then 
sustaining unqualified audit opinions for at least 2 consecutive years 
on the departmentwide financial statements; validating required 
acquisition documents in accordance with a department-approved, 
knowledge-based acquisition process; and demonstrating measurable 
progress in implementing its IT human capital plan and accomplishing 
defined outcomes.[Footnote 4] DHS committed to taking actions to 
address all 31 of these outcomes. Achieving and sustaining progress in 
these areas would demonstrate the department's ability and commitment 
to addressing our five criteria for removing issues from the high-risk 
list. 

My testimony this morning will discuss our observations, based on 
prior and ongoing work, on DHS's progress in (1) developing a strategy 
for addressing its high-risk designation for the implementation and 
transformation of the department and (2) achieving outcomes critical 
to addressing the high-risk designation. 

This statement is based on prior reports and testimonies we issued 
from June 2007 through February 2012, as well as letters we submitted 
to DHS in March and November 2011 providing feedback on the 
department's January and June 2011 versions of its Integrated Strategy 
for High Risk Management.[Footnote 5] The statement is also based on 
selected updates we obtained from May 2011 through February 2012. For 
the past products, among other things, we interviewed DHS officials; 
analyzed DHS strategies and other documents related to the 
department's implementation and transformation high-risk area; and 
reviewed our past reports, issued since DHS began its operations in 
March 2003. All of this work was conducted in accordance with 
generally accepted government auditing standards, and more-detailed 
information on the scope and methodology from our prior work can be 
found within each specific report. For the updates, we obtained 
information from DHS on its transformation and management integration 
efforts through, among other things, (1) obtaining the December 2011 
version of the Integrated Strategy for High Risk Management, and (2) 
meeting with DHS officials, including the Under Secretary for 
Management and Deputy Under Secretary for Management. This statement 
is also based on preliminary observations from our ongoing work in 
response to your request to review DHS's progress in implementing the 
new IT governance approach. For this work, among other things, we are 
reviewing DHS documentation on its planned IT governance process and 
interviewing DHS officials responsible for implementing this process. 
We are conducting this work in accordance with generally accepted 
government auditing standards. Those standards require that we plan 
and perform the audit to obtain sufficient, appropriate evidence to 
provide a reasonable basis for our findings and conclusions based on 
our audit objectives. We believe that the evidence obtained provides a 
reasonable basis for our findings and conclusions based on our audit 
objectives. 

DHS Has Updated Its Strategy for Addressing Its High-Risk Designation: 

Since January 2011, DHS has continued to update and strengthen its 
strategy for how the department plans to address our high-risk 
designation and resolve its management challenges. In January 2011, 
DHS provided us with its initial Integrated Strategy for High Risk 
Management, which summarized the department's preliminary plans for 
addressing the high-risk area. The January 2011 strategy, which DHS 
later updated in June 2011 and December 2011, was generally responsive 
to the actions and outcomes we identified for the department to 
address this high-risk area. Specifically, in our March 2011 written 
response to DHS's January 2011 update, we stated that: 

* the strategy generally identified multiple, specific actions and 
target completion time frames consistent with the outcomes we 
identified; 

* designated senior officials to be responsible for implementing most 
actions; and: 

* included scorecards to depict, at a high level, the department's 
views of its progress in addressing each high-risk area and a 
framework for monitoring implementation of corrective actions through, 
among other things, quarterly meetings between DHS and us. 

However, the January 2011 update generally did not discuss the root 
causes of problems. Further, while the strategy identified whether DHS 
believed it had the resources available to implement planned actions, 
it did not identify what the specific resource needs were or what 
additional resources may be needed, making it difficult to assess the 
extent to which DHS has the capacity to implement those actions. 

In June 2011, DHS updated its Integrated Strategy for High Risk 
Management. The update demonstrated the department's continued 
leadership commitment to address the high-risk designation and 
represented continued progress. For example: 

* DHS identified 10 root causes that cut across the four management 
functions and management integration. By identifying these root 
causes, the department better positioned itself to determine 
corrective actions for addressing the underlying problems that have 
affected its management implementation efforts, and to assess the 
extent to which progress made in implementing the corrective actions 
has mitigated those underlying problems. 

* DHS organized its corrective actions into 16 key management 
initiatives (e.g., financial management controls, IT program 
governance, and procurement staffing model) to address its management 
challenges and the 31 actions and outcomes we identified. 

Identifying key management initiatives should help DHS prioritize its 
efforts and resources for addressing its root causes and management 
challenges, and provide a useful framework for monitoring the 
department's implementation of the initiatives and associated 
corrective actions. However, elements of the update could be 
strengthened or clarified to better address our high-risk criteria and 
the actions and outcomes we previously identified, including (1) 
better defining the root causes of its management problems; (2) 
clarifying the resources available to implement corrective actions; 
(3) consistently reporting the progress of its corrective actions; and 
(4) more clearly and consistently reporting the progress of its key 
management initiatives. 

DHS provided its most recent update to its strategy in December 2011. 
Overall, we believe that the December update positions the department 
to address its management challenges and the implementation and 
transformation high-risk area. For example: 

* DHS updated its initiatives--removing two initiatives from the 
management integration area and adding four new initiatives, including 
human resources information technology, management health assessment, 
strategic sourcing, and acquisition workforce development;[Footnote 6] 

* DHS included, for the first time, ratings of the department's 
progress addressing the 31 high-risk outcomes; and: 

* DHS enhanced its reporting and rating methodology for its key 
management initiatives. Specifically, DHS replaced a color-coded 
(green, yellow or red) rating system used in previous updates with a 
new system for self-reporting progress. DHS now measures and reports 
its progress addressing the five criteria for removal from high risk 
in two ways. One way uses standard indicators for measuring progress 
and a pie graph for reporting such progress across all of its key 
management initiatives against the first four criteria--leadership 
commitment, capacity, corrective action plans, and monitoring. The 
second way uses specific performance measures unique to each 
initiative for measuring progress and a fuel-type gauge for reporting 
on the fifth criterion--demonstrated progress. According to DHS, the 
revised methodology, amongst other things, results in a more objective 
view of each initiative's progress. 

However, the December 2011 update could be strengthened or clarified 
to better enable DHS and GAO to assess the department's progress, in 
the following ways: 

* More clearly and consistently report the resources available to 
implement corrective actions. DHS identified whether it had sufficient 
resources to implement most of the corrective actions. However, as we 
also reported to DHS regarding the January and June 2011 strategies, 
for many corrective actions DHS did not provide information on what 
the specific resource needs are or what additional resources may be 
needed to implement the corrective actions. The absence of resource 
information makes it difficult to fully assess the extent to which DHS 
has the capacity to implement these actions, particularly within the 
time frames identified for the corrective actions: 

* Consistently report on corrective actions. DHS provided information 
on the department's rationale for eliminating and adding key 
management initiatives, but has not consistently provided such 
information for the corrective actions it established for each 
initiative. For example, the December strategy contained three new 
corrective actions for the IT program-governance initiative that were 
not in the June 2011 strategy, but did not include three corrective 
actions that had been in the June 2011 strategy. The December strategy 
did not consistently explain the department's rationale for 
eliminating or adding corrective actions from the June strategy, such 
as whether the corrective actions were already completed, or if the 
corrective actions were no longer appropriate or feasible. Without 
consistently providing information on the basis for DHS's decision to 
add or remove corrective actions, it is difficult for DHS and us to 
track the status and progress of the department's efforts to fully 
implement its management initiatives. 

* Establish measures and report on progress for all initiatives. DHS 
established a total of 58 measures to track its demonstrated progress 
in implementing the 18 initiatives included in the December 2011 
strategy. While these measures provide additional insight into DHS's 
self-reported progress and represent an important improvement from the 
June 2011 strategy, DHS has not yet established measures for one of 
its initiatives--the new management health assessment initiative--and 
did not report on its progress for more than 40 percent (24 of the 58) 
of the measures in the December 2011 strategy. Without establishing 
measures and consistently reporting on their progress, neither DHS nor 
we can fully assess the department's progress in implementing its 
initiatives. 

* Stabilize its methodology for measuring progress. We believe that 
the enhanced methodology DHS established for assessing its progress in 
implementing its initiatives generally allows for a more-objective 
assessment. However, the evolving nature of DHS's methodology, which 
the department revised in the June 2011 strategy and again in the 
December strategy, makes it difficult to effectively monitor the 
department's progress over time. 

By strengthening these four aspects, we believe the December 2011 
strategy, if implemented and sustained, provides a path for DHS to 
address our high-risk designation. We will continue to closely monitor 
and assess DHS's progress in addressing the high-risk designation and 
the department's overall transformation efforts as part of our work 
for the 2013 high-risk update, which we plan to issue in January 2013. 

DHS Has Made Progress, but More Work Remains to Achieve High-Risk 
Outcomes: 

DHS has made progress addressing management challenges and achieving 
high-risk outcomes in some key areas. The Secretary and Deputy 
Secretary of Homeland Security, and other senior officials, have 
demonstrated commitment and top leadership support to address the 
department's management challenges. As the following examples 
illustrate, DHS is making progress achieving the long-term goal of 
enhancing its management capabilities and building a more-integrated 
department. 

* In June 2011, we reported that, per departmental acquisition 
guidance, DHS's Science and Technology directorate reviewed and 
approved test and evaluation documents and plans for programs 
undergoing testing, and conducted independent assessments for the 
programs that completed operational testing.[Footnote 7] In October 
2011, to enhance the department's ability to oversee major acquisition 
programs, DHS realigned the acquisition management functions 
previously performed by two divisions within the Office of Chief 
Procurement Officer to establish the Office of Program Accountability 
and Risk Management (PARM). PARM, which is responsible for program 
governance and acquisition policy, serves as the Management 
Directorate's executive office for program execution and works with 
DHS leadership to assess the health of major acquisitions and 
investments. To help with this effort, PARM is developing a database, 
known as the Decision Support Tool, intended to improve the flow of 
information from component program offices to the Management 
Directorate to support its governance efforts. DHS also included a new 
management initiative in its December 2011 update (strategic sourcing) 
to increase savings and improve acquisition efficiency by 
consolidating contracts departmentwide for the same kinds of products 
and services, and reported awarding 14 strategically sourced contracts 
in fiscal year 2011. We currently have ongoing work related to both of 
these areas that we will report on later this year.[Footnote 8] 

* In February 2012, we reported that the DHS Chief Information Officer 
(CIO) and Chief Human Capital Officer were coordinating to streamline 
and consolidate the department's human resources investments.[Footnote 
9] Specifically, in 2010 and 2011, the DHS CIO conducted program and 
portfolio reviews of hundreds of IT investments and systems. DHS 
evaluated portfolios of investments within its components to avoid 
investing in systems that are duplicative or overlapping, and to 
identify and leverage investments across the department. DHS also 
consolidated (1) 6 personnel security-related systems into its 
departmentwide Integrated Security Management System--with an 
additional personnel security system planned for consolidation in 
2012, and (2) two components' portals into the Homeland Security 
Information Network, with plans to consolidate 12 additional portals 
before 2014. 

* DHS has reduced the number of material weaknesses in internal 
controls from 18 since the inception of the department in 2003 to 5 in 
fiscal year 2011.[Footnote 10] In addition, in fiscal year 2010 DHS 
committed to the goal of receiving a qualified audit opinion on its 
consolidated balance sheet in fiscal year 2011 by, for example, 
remediating financial management issues at the U.S. Coast Guard 
(USCG).[Footnote 11] In fiscal year 2011, DHS achieved this goal by 
moving from a disclaimer of opinion to a qualified audit opinion on 
its balance sheet and statement of custodial activity for the first 
time since the department's creation.[Footnote 12] In its December 
2011 strategy, DHS reported plans to expand the audit to all financial 
statements in fiscal year 2012. DHS believes this will identify 
additional areas for corrective action and help it to obtain a clean 
audit opinion on all financial statements by September 2013, although 
there is no clear plan for how full auditability will be achieved. 

* In February 2012, we reported that DHS consolidated five time-and-
attendance systems into a departmentwide time-and-attendance system 
and plans to incorporate an additional component by June 2012. 
[Footnote 13] This consolidation effort is part of DHS's broader human 
resources IT initiative. This initiative is intended to, among other 
things (1) support the development and implementation of consistent 
and consolidated human resources IT systems across DHS, and (2) 
strengthen and unify the department's ability to collect and share 
human resource information. We also reported in February 2012 that DHS 
had initiated a Senior Executive Service Candidate Development Program 
in May 2011 to build its senior leadership pipeline within the 
department--consolidating what had been four individual leadership 
programs into a single DHS-wide program--and lowered its senior 
leadership vacancy rates from a peak of 25 percent in 2006 to 10 
percent at the end of fiscal year 2011.[Footnote 14] 

* In February 2011, we reported that the department put in place 
common policies, procedures, and systems within individual management 
functions, such as human capital, that help to integrate its component 
agencies.[Footnote 15] DHS has also demonstrated top leadership 
commitment by identifying roles and responsibilities at the 
departmental level for the key management initiatives it has included 
in the December 2011 strategy. Additionally, DHS has promoted 
accountability for management integration among department and 
component management chiefs by, among other things, having the 
department chiefs provide written objectives that explicitly reflect 
priorities and milestones for that management function as well as 
aligning the component chiefs' individual performance plans to the 
department's goals and objectives. 

In its December 2011 strategy, DHS presented detailed plans to address 
a number of management challenges. However, in many instances, DHS has 
considerable work ahead to fully implement these plans and address 
these challenges. 

* Our prior work has identified challenges related to acquisition 
oversight, cost growth, and schedule delays, including departmental 
concerns about the accuracy of cost estimates for some of DHS's major 
programs. For example, in June 2010 we reported that over half of the 
programs we reviewed awarded contracts to initiate acquisition 
activities without component or department approval of documents 
essential to planning acquisitions, such as mission need statements 
outlining the specific functional capabilities required to accomplish 
DHS's mission and objectives; operational requirements; and 
acquisition program baselines.[Footnote 16] Additionally, we reported 
that only a small number of DHS's major acquisitions had validated 
cost estimates. Further, DHS reported in its December 2011 strategy 
that senior executives are not confident enough in the data to use the 
Decision Support Tool developed by PARM to help make acquisition 
decisions. However, DHS's plans to improve the quality of the data in 
this database are limited. At this time, PARM only plans to check the 
data quality in preparation for key milestone meetings in the 
acquisition process. This could significantly diminish the Decision 
Support Tool's value because users cannot confidently identify and 
take action to address problems meeting cost or schedule goals prior 
to program review meetings. 

* DHS continues to face challenges in managing its IT acquisitions, 
ensuring proper implementation and departmentwide coordination, and 
implementing information security controls. For example, as we 
reported in 2011, DHS faces challenges fully defining key system 
investment and acquisition management policies and procedures for IT. 
[Footnote 17] Moreover, the extent to which DHS implemented these 
investment and acquisition management policies and practices in major 
IT programs has been inconsistent. We also reported that major IT 
acquisition programs were not subjected to executive-level acquisition 
and investment management reviews. As a result, major programs aimed 
at delivering important mission capabilities had not lived up to their 
capability, benefit, cost, and schedule expectations. DHS is currently 
pilot testing a new approach for overseeing and managing its IT 
acquisitions. We are currently reviewing this new governance approach 
and expect to report the results of our work later this year. Further, 
we previously reported on the need for federal agencies, including 
DHS, to improve implementation of information security controls, such 
as those for configuring desktop computers and wireless communication 
devices.[Footnote 18] DHS reports that, as of December 2011, it mostly 
addressed IT security. However, the DHS Office of Inspector General 
continues to report a material weakness in this area and identifies 
information security as a major management challenge facing the 
department. 

* Due to material weaknesses in internal controls over financial 
reporting, DHS was unable to provide assurance that internal controls 
over financial reporting were operating effectively as of September 
30, 2011. According to DHS, due to existing internal control 
weaknesses and focus on corrective actions, the audit opinion on 
internal controls over financial reporting will likely remain a 
disclaimer in fiscal year 2012. DHS also faces challenges in 
modernizing its financial systems. We previously reported that DHS 
twice attempted to implement an integrated departmentwide financial 
management system, but had not been able to consolidate its disparate 
systems. Specifically, in June 2007, we reported that DHS ended its 
Electronic Managing Enterprise Resources for Government Effectiveness 
and Efficiency effort after determining that the resulting financial 
management systems would not provide the expected system functionality 
and performance.[Footnote 19] In December 2009, we reported that the 
Transformation and Systems Consolidation program had been 
significantly delayed by bid protests and related litigation.[Footnote 
20] In March 2011, DHS ended this program and reported that moving 
forward it would consider alternatives to meet revised requirements. 
In 2011, DHS decided to change its strategy for financial system 
modernization. Rather than implement a departmentwide integrated 
financial management system solution, DHS opted for a decentralized 
approach to financial management systems modernization at the 
component level. Specifically, DHS reported in its December 2011 
strategy that it plans to replace financial management systems at 
three components it has identified as most in need, including the 
Federal Emergency Management Agency (FEMA), USCG, and Immigrations and 
Customs Enforcement (ICE). As of February 2012, DHS officials stated 
that they first planned to modernize FEMA's system, which would start 
using a federal shared service provider at the beginning of fiscal 
year 2015. DHS officials told us they had not yet identified the 
specific approach or necessary resources and time frames for 
implementing new systems at USCG and ICE. It is not clear whether 
DHS's new, decentralized approach to financial system modernization 
will ensure that component's financial management systems can generate 
reliable, useful, timely information for day-to-day decision making; 
enhance the department's ability to comprehensively view financial 
information across DHS; and comply with related federal requirements 
at DHS and its components. We will continue to monitor DHS's actions 
in this area. 

* DHS continues to face challenges implementing some of its key human 
capital initiatives and functions. For example, the DHS Chief 
Information Officer's (CIO) September 2011 assessment of the human 
resources IT program identified two risks that could have adverse 
effects on the cost and schedule of the program. First, if the program 
is unable to meet its established baseline schedules, there is a high 
probability of program breach and potential loss of funding due to 
lack of prioritization. Second, if a thorough understanding of 
existing legacy applications and processes across the DHS components 
is not achieved, the new, consolidated system will not adequately 
replace existing functionality nor provide the stable operational 
functionality needed from the program. DHS has also struggled with low 
job satisfaction among its employees since its inception. For the 2011 
Federal Employee Viewpoint Survey, DHS scored below the governmentwide 
average on the Office of Personnel Management's Job Satisfaction Index 
and ranked 31st of 33 federal agencies on employee satisfaction, 
according to the Partnership for Public Service's analysis of the 
survey results. At the subcommittee's request, we currently have work 
underway evaluating the effectiveness of DHS's plans and efforts to 
address its employee morale issues and expect to report our findings 
later this year. Further, in June 2011, DHS reported that it was 
developing component operational plans to implement its departmentwide 
workforce strategy and align the component plans with the goals, 
measures, and objectives of the strategy. However, in its December 
2011 strategy, DHS reported that it had not finished providing 
feedback to components on their fiscal year 2011 plans. 

* DHS needs to continue to demonstrate sustainable progress in 
integrating its management functions within and across the department 
and its components and take additional actions to further and more 
effectively integrate the department. Specifically, in its January 
2011 high-risk strategy, DHS described plans to establish an 
Integrated Investment Life Cycle Model (IILCM) for managing 
investments across its components and management functions; 
strengthening integration within and across those functions; and 
ensuring mission needs drive investment decisions. This framework 
seeks to enhance DHS resource decision making and oversight by 
creating new department-level councils to identify priorities and 
capability gaps, revising how DHS components and lines of business 
manage acquisition programs, and developing a common framework for 
monitoring and assessing implementation of investment decisions. DHS 
reported in December 2011 that the IILCM initiative had made little 
progress since January 2011 though the department planned to begin 
using the IILCM by the end of September 2012. The department also 
indicated it had not determined resource needs to accomplish any of 
the eight associated corrective actions it has identified for this 
initiative. 

While DHS has made progress, the department still faces considerable 
challenges. Going forward, DHS needs to continue implementing its 
Integrated Strategy for High Risk Management and show measurable, 
sustainable progress in implementing its key management initiatives 
and corrective actions and achieving outcomes. We will continue to 
monitor and assess DHS's implementation and transformation efforts 
through our ongoing and planned work, including the 2013 high-risk 
update that we expect to issue in early 2013. 

Chairman McCaul, Ranking Member Keating, and Members of the 
Subcommittee, this concludes my prepared statement. I would be pleased 
to respond to any questions that you may have. 

GAO Contact and Staff Acknowledgments: 

For questions about this statement, please contact David C. Maurer at 
(202) 512-9627 or maurerd@gao.gov. Contact points for our Offices of 
Congressional Relations and Public Affairs may be found on the last 
page of this statement. Individuals making key contributions to this 
statement include Maria Strudwick, Assistant Director; Scott Behen, 
analyst-in-charge; Michael Laforge, Anjalique Lawrence, Gary Mountjoy, 
Sabine Paul, Nathan Tranquilli, and Katherine Trimble. Other 
contributors include: David Alexander, Katherine Davis, Jan 
Montgomery, and Tomas Ramirez, Jr. Key contributors for the previous 
work that this testimony is based on are listed within each individual 
product. 

[End of section] 

Related GAO Reports: 

Information Technology: Departments of Defense and Energy Need to 
Address Potentially Duplicative Investments. [hyperlink, 
http://www.gao.gov/products/GAO-12-241]. Washington D.C.: February 17, 
2012. 

DHS Human Capital: Senior Leadership Vacancy Rates Generally Declined, 
but Components' Rates Varied. [hyperlink, 
http://www.gao.gov/products/GAO-12-264]. Washington, D.C.: February 
10, 2012. 

Department of Homeland Security: Additional Actions Needed to 
Strengthen Strategic Planning and Management Functions. [hyperlink, 
http://www.gao.gov/products/GAO-12-382T]. Washington D.C.: February 3, 
2012. 

Department of Homeland Security: Progress Made and Work Remaining in 
Implementing Homeland Security Missions 10 Years after 9/11. 
[hyperlink, http://www.gao.gov/products/GAO-11-881]. Washington D.C.: 
September 7, 2011. 

High-Risk Series: An Update. [hyperlink, 
http://www.gao.gov/products/GAO-11-278]. Washington, D.C.: February 
2011. 

Information Security: Federal Agencies Have Taken Steps to Secure 
Wireless Networks, but Further Actions Can Mitigate Risk. [hyperlink, 
http://www.gao.gov/products/GAO-11-43]. Washington, D.C.: November 30, 
2010. 

Department of Homeland Security: Assessments of Selected Complex 
Acquisitions. [hyperlink, http://www.gao.gov/products/GAO-10-588SP]. 
Washington, D.C.: June 30, 2010. 

Information Security: Agencies Need to Implement Federal Desktop Core 
Configuration Requirements. [hyperlink, 
http://www.gao.gov/products/GAO-10-202]. Washington, D.C.: March 12, 
2010. 

Financial Management Systems: DHS Faces Challenges to Successfully 
Consolidating Its Existing Disparate Systems. [hyperlink, 
http://www.gao.gov/products/GAO-10-76]. Washington, D.C.: December 4, 
2009. 

Department of Homeland Security: Actions Taken Toward Management 
Integration, but a Comprehensive Strategy Is Still Needed. [hyperlink, 
http://www.gao.gov/products/GAO-10-131]. Washington, D.C.: November 
20, 2009. 

Homeland Security: Despite Progress, DHS Continues to Be Challenged in 
Managing Its Multi-Billion Dollar Annual Investment in Large-Scale 
Information Technology Systems. [hyperlink, 
http://www.gao.gov/products/GAO-09-1002T]. Washington, D.C.: September 
15, 2009. 

Department of Homeland Security: Billions Invested in Major Programs 
Lack Appropriate Oversight. [hyperlink, 
http://www.gao.gov/products/GAO-09-29]. Washington, D.C.: November 18, 
2008. 

Department of Homeland Security: Better Planning and Assessment Needed 
to Improve Outcomes for Complex Service Acquisitions. [hyperlink, 
http://www.gao.gov/products/GAO-08-263]. Washington, D.C.: April 22, 
2008. 

Homeland Security: Departmentwide Integrated Financial Management 
Systems Remain a Challenge. [hyperlink, 
http://www.gao.gov/products/GAO-07-536]. Washington, D.C.: June 21, 
2007. 

Information Technology Investment Management: A Framework for 
Assessing and Improving Process Maturity, version 1.1. [hyperlink, 
http://www.gao.gov/products/GAO-04-394G]. Washington, D.C.: March 2004. 

High-Risk Series: Strategic Human Capital Management. [hyperlink, 
http://www.gao.gov/products/GAO-03-120]. Washington, D.C.: January 
2003. 

Determining Performance and Accountability Challenges and High Risks. 
[hyperlink, http://www.gao.gov/products/GAO-01-159SP]. Washington, 
D.C.: November 2000. 

[End of section] 

Footnotes: 

[1] See GAO, Highlights of a GAO Forum: Mergers and Transformations: 
Lessons Learned for a Department of Homeland Security and Other 
Federal Agencies, [hyperlink, 
http://www.gao.gov/products/GAO-03-293SP] (Washington, D.C.: Nov. 14, 
2002) and Results-Oriented Cultures: Implementation Steps to Assist 
Mergers and Organizational Transformations, [hyperlink, 
http://www.gao.gov/products/GAO-03-669] (Washington, D.C.: July 2, 
2003). 

[2] GAO, High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-03-119] (Washington, D.C.: January 
2003). In addition to this high-risk area, DHS has responsibility for 
other areas we have designated as high risk. Specifically, in 2005 we 
designated information sharing for homeland security as high risk, 
involving a number of federal departments to include DHS, and in 2006, 
we identified the National Flood Insurance Program as high risk. 
Further, in 2003 we expanded the scope of the high-risk area involving 
federal information security, which was initially designated as high 
risk in 1997, to include the protection of the nation's computer-
reliant critical infrastructure. GAO High-Risk Series: An Update, 
[hyperlink, http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: 
January 2009); High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-07-310] (Washington, D.C.: January 
2007); and High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-05-207](Washington, D.C.: January 
2005). 

[3] GAO, Determining Performance and Accountability Challenges and 
High Risks, [hyperlink, http://www.gao.gov/products/GAO-01-159SP] 
(Washington, D.C.: November 2000). 

[4] An unqualified opinion states that the financial statements 
present fairly, in all material respects, the financial position, 
results of operations, and cash flows of the entity in conformity with 
generally accepted accounting principles. 

[5] See the related products list at the end of this statement. 

[6] DHS reported eliminating (1) the policies, procedures, and 
management directive initiative because all of the actions had been 
completed, and (2) the department-wide performance management 
initiative because it did not address the high risk outcomes. 

[7] GAO, DHS Science and Technology: Additional Steps Needed to Ensure 
Test and Evaluation Requirements Are Met, [hyperlink, 
http://www.gao.gov/products/GAO-11-596] (Washington, D.C.: June 15, 
2011). 

[8] We are doing this work at the request of the Senate Committee on 
Homeland Security and Governmental Affairs. Our strategic sourcing 
work is also being done for the House Committee on Oversight and 
Government Reform. 

[9] GAO, Information Technology: Departments of Defense and Energy 
Need to Address Potentially Duplicative Investments, [hyperlink, 
http://www.gao.gov/products/GAO-12-241] (Washington, D.C.: Feb. 17, 
2012). 

[10] A material weakness is a significant deficiency, or a combination 
of significant deficiencies, in internal control such that there is a 
reasonable possibility that a material misstatement of the entity's 
financial statements will not be prevented or detected and corrected 
on a timely basis. A significant deficiency is a deficiency, or 
combination of deficiencies, in internal control that is less severe 
than a material weakness, yet important enough to merit attention by 
those charged with governance. A deficiency in internal control exists 
when the design or operation of a control does not allow management or 
employees, in the normal course of performing their assigned 
functions, to prevent, or detect and correct, misstatements on a 
timely basis. 

[11] A qualified opinion states that, except for the effects of the 
matter(s) to which the qualification relates, the audited financial 
statements present fairly, in all material respects, the financial 
position, results of operations, and cash flows of the entity in 
conformity with generally accepted accounting principles. The 
matter(s) to which the qualification relates could be due to a scope 
limitation, or the audited financial statements containing a material 
departure from generally accepted accounting principles, or both. 

[12] A disclaimer of opinion states that the auditor does not express 
an opinion on the financial statements (e.g., scope limitations). 

[13] GAO, Information Technology: Department of Defense and Energy 
Need to Address Potentially Duplicative Investments, [hyperlink, 
http://www.gao.gov/products/GAO-12-241] (Washington, D.C.: Feb. 17, 
2012). 

[14] [hyperlink, http://www.gao.gov/products/GAO-12-264]. 

[15] GAO, Department of Homeland Security: Progress Made and Work 
Remaining in Implementing Homeland Security Missions 10 Years after 
9/11, [hyperlink, http://www.gao.gov/products/GAO-11-881] (Washington 
D.C.: Sept. 7, 2011); GAO, DHS: A Comprehensive Strategy Is Still 
Needed to Achieve Management Integration Departmentwide, [hyperlink, 
http://www.gao.gov/products/GAO-10-318T (Washington, D.C.: Dec. 15, 
2009). 

[16] GAO, Department of Homeland Security: Assessments of Selected 
Complex Acquisitions, [hyperlink, 
http://www.gao.gov/products/GAO-10-588SP] (Washington, D.C.: June 30, 
2010). 

[17] [hyperlink, http://www.gao.gov/products/GAO-11-881]. 

[18] GAO, Information Security: Federal Agencies Have Taken Steps to 
Secure Wireless Networks, but Further Actions Can Mitigate Risk, 
[hyperlink, http://www.gao.gov/products/GAO-11-43] (Washington, D.C.: 
Nov. 30, 2010); and Information Security: Agencies Need to Implement 
Federal Desktop Core Configuration Requirements, [hyperlink, 
http://www.gao.gov/products/GAO-10-202] (Washington, D.C.: Mar. 12, 
2010). 

[19] GAO, Homeland Security: Departmentwide Integrated Financial 
Management Systems Remain a Challenge, [hyperlink, 
http://www.gao.gov/products/GAO-07-536] (Washington, D.C.: June 21, 
2007). 

[20] GAO, Financial Management Systems: DHS Faces Challenges to 
Successfully Consolidating Its Existing Disparate Systems, [hyperlink, 
http://www.gao.gov/products/GAO-10-76] (Washington, D.C.: Dec. 4, 
2009). 

[End of section] 

GAO’s Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the 
performance and accountability of the federal government for the 
American people. GAO examines the use of public funds; evaluates 
federal programs and policies; and provides analyses, recommendations, 
and other assistance to help Congress make informed oversight, policy, 
and funding decisions. GAO’s commitment to good government is 
reflected in its core values of accountability, integrity, and 
reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each 
weekday afternoon, GAO posts on its website newly released reports, 
testimony, and correspondence. To have GAO e-mail you a list of newly 
posted products, go to [hyperlink, http://www.gao.gov] and select “E-
mail Updates.” 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of 
production and distribution and depends on the number of pages in the 
publication and whether the publication is printed in color or black 
and white. Pricing and ordering information is posted on GAO’s 
website, [hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or 
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card, 
MasterCard, Visa, check, or money order. Call for additional 
information. 

Connect with GAO: 

Connect with GAO on facebook, flickr, twitter, and YouTube.
Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts.
Visit GAO on the web at [hyperlink, http://www.gao.gov]. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; 
E-mail: fraudnet@gao.gov; 
Automated answering system: (800) 424-5454 or (202) 512-7470. 

Congressional Relations: 

Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-4400
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, DC 20548. 

Public Affairs: 
Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, DC 20548.