This is the accessible text file for GAO report number GAO-15-82 
entitled 'Freedom of Information Act: DHS Should Take Steps to Improve 
Cost Reporting and Eliminate Duplicate Processing' which was released 
on November 19, 2014. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

United States Government Accountability Office: 
GAO: 

Report to Congressional Requesters: 

November 2014: 

Freedom of Information Act: 

DHS Should Take Steps to Improve Cost Reporting and Eliminate 
Duplicate Processing: 

GAO-15-82: 

GAO Highlights: 

Highlights of GAO-15-82, a report to congressional requesters. 

Why GAO Did This Study: 

FOIA requires federal agencies to provide the public with access to 
government information. In fiscal year 2013, DHS and its component 
agencies reported processing more than 200,000 FOIA requests, the most 
of any federal agency. At the end of fiscal year 2013, about half of 
all reported backlogged federal FOIA requests (about 50,000 of 95,000) 
belonged to DHS. 

GAO was asked to review DHS's processing of FOIA requests. GAO's 
objectives were to determine (1) the responsibilities of and total 
costs incurred by DHS and selected components in managing and 
processing FOIA requests, and whether duplication exists; (2) actions 
DHS and selected components have taken to reduce FOIA backlogs and the 
results; and (3) the status of DHS's and selected components' efforts 
to acquire and implement automated systems for processing requests. 
GAO evaluated DHS's and five selected components' FOIA-related 
procedures, fiscal year 2013 cost data, and other documentation. The 
five components together received more than 90 percent of DHS's FOIA 
requests during fiscal year 2013. GAO also interviewed department and 
component agency officials. 

What GAO Found: 

The Department of Homeland Security's (DHS) Freedom of Information Act 
(FOIA) processing responsibilities are split between the department's 
Privacy Office, which acts as its central FOIA office, and FOIA 
offices in its component agencies. The Privacy Office has a number of 
oversight and coordination functions, including developing policies to 
implement FOIA initiatives, providing training, and preparing annual 
reports. Meanwhile, components' FOIA offices are responsible for 
processing the vast majority of the requests received by the 
department, subject to regulations and policies issued by the Privacy 
Office. While components report FOIA processing costs to the Privacy 
Office, which then aggregates and reports them to the Department of 
Justice, reported costs are incomplete (for example, the costs do not 
reflect employee benefits or the salaries of staff outside the 
components' FOIA offices who retrieve requested documents), thus 
hindering accountability for total costs. Regarding duplication, GAO 
determined that certain immigration-related requests are processed 
twice by two different DHS components. The duplicate processing of 
such requests by the two components contributes to an increase in the 
time needed to respond to the requests. 

In 2011, DHS established a goal of reducing backlogged FOIA requests 
by 15 percent each year, and its component agencies have taken actions 
toward this goal, including increasing staff, reporting and monitoring 
backlog information, providing training, and offering incentives to 
staff for increased productivity. Although there was initial progress 
by the end of fiscal year 2012, backlog numbers do not account for an 
estimated 11,000 improperly closed requests, and the number of 
backlogged requests increased in fiscal year 2013 to a level higher 
than 2011 (see figure). 

Figure: Department of Homeland Security Reported FOIA Backlogged 
Requests, Fiscal Years 2011 – 2013: 

[REfer to PDF for image: vertical bar graph] 

2011: 42,417; 
2012: 28,553; 
2013: 51,781. 

Source: FOIA.gov. GAO-15-82. 

[End of figure] 

DHS and its components have implemented or are planning to implement 
various technology capabilities to support FOIA processing based on 
best practices and federal requirements. However, not all of these 
systems possess all capabilities recommended by federal guidance, such 
as online tracking and electronic redaction, or the required 
capabilities to accommodate individuals with disabilities. Adopting 
such system capabilities departmentwide could help DHS increase the 
efficiency of its FOIA processing. 

What GAO Recommends: 

GAO is recommending, among other things, that DHS improve the 
reporting of FOIA costs, eliminate duplicative processing, and direct 
components to implement recommended and required FOIA system 
capabilities. In written comments on a draft of the report, DHS agreed 
with the recommendations. 

View [hyperlink, http://www.gao.gov/products/GAO-15-82]. For more 
information, contact Valerie C. Melvin at (202) 512-6304 or 
melvinv@gao.gov. 

[End of section] 

Contents: 

Letter: 

Background: 

DHS's FOIA Processing Responsibilities Are Decentralized, Its FOIA 
Regulation Is Not Updated, Its Cost Reporting Is Incomplete, and 
Processing Duplication Exists: 

DHS and Selected Components Have Taken Actions to Reduce Backlogged 
Requests, with Varying Success: 

DHS and Selected Components Have Implemented Automated Systems to 
Process FOIA Requests, but Systems Lack Recommended Capabilities: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Objectives, Scope, and Methodology: 

Appendix II: Comments from the Department of Homeland Security: 

Appendix III: GAO Contact and Staff Acknowledgments: 

Tables: 

Table 1: FOIA Requests and Backlogged Requests at the Department of 
Homeland Security, Fiscal Years 2009-2013: 

Table 2: Fiscal Year 2013 Reported Statistics for Selected Department 
of Homeland Security Component Agencies' FOIA Programs: 

Table 3: Cost Categories Reported by the Privacy Office and Selected 
Components for the DHS 2013 FOIA Annual Report: 

Table 4: Automated Systems Used to Process FOIA Requests by Selected 
Component Agencies: 

Table 5: Extent to Which Selected FOIA Processing Systems Implement 
Recommended and Required Capabilities: 

Figures: 

Figure 1: FOIA Process (simplified): 

Figure 2: Referral Process for Documents in an Immigration File: 

Figure 3: Number of Reported Backlogged FOIA Requests for the Privacy 
Office and Selected Components, Fiscal Years 2011-2013: 

Abbreviations: 

DHS: Department of Homeland Security: 

FOIA: Freedom of Information Act: 

Justice: Department of Justice: 

USCIS: U.S. Citizenship and Immigration Services: 

ICE: U.S. Immigration and Customs Enforcement: 

CBP: U.S. Customs and Border Protection: 

Coast Guard: U.S. Coast Guard: 

FEMA: Federal Emergency Management Agency: 

[End of section] 

United States Government Accountability Office: 
GAO:
441 G St. N.W. 
Washington, DC 20548: 

November 19, 2014: 

The Honorable Michael T. McCaul: 
Chairman: 
Committee on Homeland Security: 
House of Representatives: 

The Honorable Jeff Duncan: 
Chairman: 
Subcommittee on Oversight and Management Efficiency: 
Committee on Homeland Security: 
House of Representatives: 

The Freedom of Information Act[Footnote 1] (FOIA) requires federal 
agencies to provide the public with access to government information 
on the basis of the principles of openness and accountability in 
government. Each year, federal agencies release information in 
response to hundreds of thousands of FOIA requests that contribute to 
the understanding of government actions, including the disclosure of 
waste, fraud, and abuse. The Department of Homeland Security (DHS) is 
one of the many agencies that respond to these requests. The 
department receives and processes requests for information related to 
immigration, border crossings, law enforcement, natural disasters, 
maritime accidents, and agency management, among other topics. This 
information is compiled and maintained throughout the department and 
its seven component agencies.

DHS has reported processing approximately 200,000 FOIA requests in 
fiscal year 2013--the most of any federal government agency. Moreover, 
requests have more than doubled since 2009, and it also has reported 
the largest backlog of unprocessed requests of any federal agency. At 
the end of fiscal year 2013, approximately half of all reported 
backlogged federal FOIA requests (about 50,000 of 95,000) belonged to 
DHS.

At your request, we conducted a study of DHS's processing of FOIA 
requests. Our objectives were to determine: (1) the responsibilities 
of, and total costs incurred by, DHS and selected components in 
managing and processing FOIA requests, and whether any duplication 
exists; (2) actions DHS and the selected components have taken to 
reduce FOIA backlogs and the results of their actions; and (3) the 
status of DHS's and the selected components' efforts to acquire and 
implement automated systems for processing FOIA requests.

To address the study objectives, we reviewed the FOIA activities of 
the DHS Privacy Office (which serves as the department's central FOIA 
office); we also purposefully selected and reviewed the five DHS 
component agencies that, together, received more than 95 percent of 
all of the department's FOIA requests during fiscal year 2013. These 
selected component agencies are the U.S. Citizenship and Immigration 
Services (USCIS), U.S. Customs and Border Protection (CBP), U.S. 
Immigration and Customs Enforcement (ICE), Federal Emergency 
Management Agency (FEMA), and U.S. Coast Guard (Coast Guard).

To determine the responsibilities of and costs incurred by DHS and the 
selected components in managing and processing FOIA requests, we 
evaluated the department's and components' FOIA policies, procedures, 
reports, and other documentation describing their responsibilities and 
management practices, and interviewed officials about their 
responsibilities. We also examined overall FOIA processing costs for 
fiscal year 2013, as reported by DHS annually to the Department of 
Justice (Justice),[Footnote 2] and we reviewed detailed cost 
breakdowns used by the Privacy Office and the selected components to 
calculate total reported FOIA processing costs. We determined the 
categories of costs reported and compared them to the cost categories 
required by Justice and federal management cost accounting standards 
[Footnote 3] to determine if all required cost elements were being 
reported. We examined steps taken by DHS and the selected components 
to assure their cost figures were reliable. We concluded that the cost 
data provided were not sufficiently reliable to determine DHS's total 
FOIA costs.

To determine whether duplication exists in the department's and 
selected components' processing of FOIA requests, we examined policies 
and procedures, viewed demonstrations of how requests are processed, 
and interviewed Privacy Office and component agency officials 
regarding their processes for responding to a FOIA request. We 
evaluated the processes against recommended practices discussed in our 
previously issued reports that addressed duplication in federal 
government programs.[Footnote 4]

To assess actions DHS and the selected components have taken to reduce 
their backlogged FOIA requests and the results of their actions, we 
reviewed backlog reduction goals and statistics. We also examined 
other relevant documents and interviewed agency officials to identify 
any specific actions being taken to reduce backlogged requests, 
identify outcomes associated with those actions, and ascertain any 
plans for addressing the backlogged requests.

To determine the status of the department's and the selected 
components' efforts to acquire and implement automated systems to 
support FOIA processing, we obtained and analyzed information, such as 
user manuals and screen prints, that described existing system 
capabilities, and viewed demonstrations of current systems being used 
to track and process requests. We compared the stated capabilities of 
these systems to relevant laws, guidance, and recommended best 
practices for using technology to improve efficiency in FOIA 
processing.[Footnote 5] We used this analysis to assess the extent to 
which the Privacy Office's and selected components' processing systems 
included the recommended best practice capabilities. We also 
interviewed Privacy Office and component agency officials regarding 
current and planned system capabilities and reviewed documents 
describing components' plans to acquire new automated FOIA processing 
systems. Additional details on our objectives, scope, and methodology 
are included in appendix I.

We conducted this performance audit from November 2013 to November 
2014 in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives.

Background: 

FOIA establishes a legal right of access to government information on 
the basis of the principles of openness and accountability in 
government. Before its enactment in 1966, an individual seeking access 
to federal records faced the burden of establishing a "need to know" 
before being granted the right to examine a federal record. FOIA 
established a "right to know" standard, under which an organization or 
person could receive access to information held by a federal agency 
without demonstrating a need or reason. The "right to know" standard 
shifted the burden of proof from the individual to a government agency 
and required the agency to provide proper justification when denying a 
request for access to a record.

Any "person," defined broadly to include foreign nationals, 
corporations, and organizations, can file a FOIA request. For example, 
a foreign national or his/her lawyer can request immigration-related 
files, and a commercial requester, such as a data broker that files a 
request on behalf of another person, may request a copy of a 
government contract. In response, an agency is required to provide the 
relevant record(s) in any readily producible form or format specified 
by the requester (unless the record falls within a permitted 
exemption).[Footnote 6]

FOIA Amendments and Guidance Called for Improvements in Agencies' FOIA 
Processing: 

The 1996 e-FOIA amendments,[Footnote 7] among other things, sought to 
strengthen the requirement that federal agencies respond to a request 
in a timely manner and reduce their backlogged requests. In this 
regard, the amendments made a number of procedural changes, including 
providing a requester with an opportunity to limit the scope of the 
request so that it can be processed more quickly, and requiring 
agencies to determine within 20 working days (an increase from the 
previously established time frame of 10 days) whether a request would 
be fulfilled.[Footnote 8] The amendments also authorized agencies to 
multi-track requests--that is, to process simple and complex requests 
concurrently on separate tracks to facilitate responding to a 
relatively simple request more quickly. In addition, the e-FOIA 
amendments encouraged online, public access to government information 
by requiring agencies to make specific types of records available in 
electronic form.

In a later effort to reduce agencies' backlogged FOIA requests, the 
President issued Executive Order 13392 in December 2005,[Footnote 9] 
which set forth a directive for citizen-centered and results-oriented 
FOIA. In particular, the order directed agencies to provide a 
requester with courteous and appropriate service and ways to learn 
about the FOIA process, the status of the request, and the public 
availability of other agency records. The order also instructed 
agencies to process requests efficiently, achieve measurable process 
improvements (including a reduction in the backlog of overdue 
requests), and reform programs that were not producing the appropriate 
results.

Further, the order directed each agency to designate a senior official 
as the Chief FOIA Officer. This official is responsible for ensuring 
agency-wide compliance with the act by monitoring implementation 
throughout the agency; recommending changes in policies, practices, 
staffing, and funding; and reviewing and reporting on the agency's 
performance in implementing FOIA to agency heads and to Justice. 
(These are referred to as Chief FOIA Officer reports.) Justice, which 
has overall responsibility for overseeing federal FOIA activities, 
issued guidance in April 2006 to assist federal agencies in 
implementing the Executive Order's requirements for reviews and 
improvement plans. The guidance suggested several potential areas for 
agencies to consider when conducting a review, such as automated 
tracking of requests; automated processing and receipt of requests; 
electronic responses to requests; forms of communication with 
requesters; and systems for handling referrals to other agencies.

The OPEN Government Act,[Footnote 10] which was enacted in 2007, also 
amended FOIA in several ways. For example, it placed the 2005 
Executive Order's requirement for agencies to have Chief FOIA Officers 
in law. It also required agencies to include additional statistics on 
timeliness in their annual reports. In addition, the act called for 
agencies to establish a system to track the status of a request. 
Justice subsequently issued guidance on responding to the requirements 
of the act and directed agencies to omit from their FOIA statistics 
certain Privacy Act requests that had previously been included.

Additionally, in January 2009, the President issued two memoranda, 
"Transparency and Open Government"[Footnote 11] and "Freedom of 
Information Act,"[Footnote 12] both of which focused on increasing the 
amount of information made public by the government. In particular, 
the latter memorandum directed agencies to (1) adopt a presumption in 
favor of disclosure in all FOIA decisions, (2) take affirmative steps 
to make information public, and (3) use modern technology to do so. 
This echoed Congress' finding, in passing the OPEN Government Act, 
that FOIA established a "strong presumption in favor of disclosure." 

Agencies, including DHS, are generally required to make a 
determination on a FOIA request within 20 working days. A request may 
be received in writing or by electronic means. Once received, the 
request goes through multiple phases, which include assigning a 
tracking number, searching for responsive records, processing records, 
and releasing records. Figure 1 provides an overview of the process, 
from the receipt of a request through the release of records to the 
requester.

Figure 1: FOIA Process (simplified): 

[Refer to PDF for image: process illustration] 

1. Requester Submits Request. 

2. Intake: 
* Receive request; 
* Assign tracking number; 
* Determine level of complexity; 
* Acknowledge request. 

3. Search for Records: 
* Initiate search by appropriate office(s) for records responsive to 
the request; 
* Review responsive documents. 

4. Process Records: 
* Send documents belonging to other entities out for consultations or 
referrals; 
* Redact records as needed. 

5. Approve Release of Records: 
* Review and approve records for release; 
* Generate response letter. 

6. Send Response to Requester. 

Source: GAO analysis of agency information. GAO-15-82. 

[End of figure]

As indicated, during the intake phase, a request is to be logged into 
the agency's FOIA system, and a tracking number is assigned. The 
request is then reviewed by FOIA staff to determine its scope and 
level of complexity.[Footnote 13] The agency then typically sends a 
letter or e-mail to the requester acknowledging receipt of the 
request, with a unique tracking number that the requester can use to 
check the status of the request.

Next, FOIA staff begin the search to retrieve the responsive records 
by routing the request to the appropriate program office(s).This step 
may include searching and reviewing paper and electronic records from 
multiple locations and program offices.

Agency staff then process the responsive records, which includes 
determining whether a portion or all of any record should be withheld 
based on statutory exemptions.[Footnote 14] If a portion or all of any 
record is the responsibility of another agency, FOIA staff may consult 
with the other agency or may send ("refer") the document(s) to that 
other agency for processing. After processing and redaction, a request 
is reviewed for errors and to ensure quality. The documents are then 
released to the requester, either electronically or by mail.

DHS and its Component Agencies Are Stewards of Many Areas of 
Government Information to Which the Public Seeks Access via FOIA: 

Created in 2003, DHS assumed control of about 209,000 civilian and 
military positions from 22 agencies and offices that specialize in one 
or more aspects of homeland security. As such, the department is 
charged with a wide expanse of operations affecting many aspects of 
federal service to the public. By the nature of its mission and 
operations, the department creates and has responsibility for vast and 
varied amounts of information covering, for example, immigration, 
border crossings, law enforcement, natural disasters, maritime 
accidents, and agency management.

According to the 2014 Chief FOIA Officer Report,[Footnote 15] DHS's 
organizational structure consists of 28 offices, directorates, and 
components. The departmental offices encompass core management and 
policy functions. Among these is the Privacy Office, which is tasked 
with preserving and enhancing privacy protections for all individuals 
and promoting transparency of the department's operations. The Privacy 
Office serves as the department's central FOIA office.

DHS also has seven operational components that are responsible for 
carrying out various missions. Among these components are the five 
selected for our study, as described here.

* USCIS grants immigration and citizenship benefits, promotes an 
awareness and understanding of citizenship, and ensures the integrity 
of the nation's immigration system. Its records include asylum 
application files and other immigration-related documents.

* CBP secures the border against transnational threats and facilitates 
trade and travel through actions that include enforcing federal laws 
and regulations relating to immigration, drug enforcement, and other 
matters. The agency maintains records related to agency operations, 
activities, and interactions.

* ICE promotes homeland security and public safety through the 
criminal and civil enforcement of federal laws governing border 
control, customs, trade, and immigration. It maintains information 
related to the law enforcement records of immigrants and detainees, as 
well as information pertaining to human trafficking/smuggling, gangs, 
and arrest reports.

* FEMA supports citizens and first responders to ensure that they work 
together to build, sustain, and improve the capability to prepare for, 
protect against, respond to, recover from, and mitigate all hazards. 
The agency maintains records such as those pertaining to the National 
Flood Insurance Program, grants, and disaster relief, as well as 
records related to disaster response.

* Coast Guard leads federal agency maritime safety, security, and 
stewardship. It safeguards the flow of maritime commerce in and out of 
U.S. ports, protects the marine environment, defends U.S. borders 
against illicit activity, and rescues those in peril at sea. Its 
records include information related to Coast Guard veterans, maritime 
disasters, and oil spills such as Deepwater Horizon.

According to its 2014 Chief FOIA Officer Report, DHS and its component 
agencies reported that they processed 204,332 FOIA requests in fiscal 
year 2013,[Footnote 16] the most of any federal government agency. The 
department has experienced an increase in requests received every year 
since 2009, and has also reported the largest backlog of unprocessed 
requests of any federal agency. Specifically, as shown in table 1, DHS 
experienced a 125 percent increase in FOIA requests received from 
fiscal year 2009 through fiscal year 2013. It experienced an 81 
percent increase in backlogged requests from fiscal year 2012 to 
fiscal year 2013. At the end of fiscal year 2013, approximately half 
of all reported backlogged federal FOIA requests (about 50,000 of 
95,000) belonged to DHS.

Table 1: FOIA Requests and Backlogged Requests at the Department of 
Homeland Security, Fiscal Years 2009-2013: 

Fiscal year: FY 2009; 
FOIA requests received: 103,093; 
Backlogged requests: 18,918.

Fiscal year: FY 2010; 
FOIA requests received: 130,098; 
Backlogged requests: 11,383.

Fiscal year: FY 2011; 
FOIA requests received: 175,656; 
Backlogged requests: 42,417.

Fiscal year: FY 2012; 
FOIA requests received: 190,589; 
Backlogged requests: 28,553.

Fiscal year: FY 2013; 
FOIA requests received: 231,534; 
Backlogged requests: 51,761.

Source: GAO based on DHS-supplied data and [hyperlink, 
http://www.foia.gov]. GAO-15-82. 

[End of table] 

Our Previous Reports Have Highlighted DHS FOIA Processing Challenges: 

Since 2008, we have issued a number of reports that highlighted 
challenges impacting DHS's processing of FOIA requests. For example, 
in that year,[Footnote 17] we reported that, government-wide, the 
numbers of pending requests carried over from year to year had 
increased because of an increase in requests directed at DHS. In 
particular, we noted increases in the number of pending requests at 
USCIS, which accounted for about 89 percent of DHS's total pending 
requests. We identified several factors that contributed to the 
requests remaining open and recommended that Justice provide 
additional guidance to agencies on tracking and reporting overdue 
requests and planning to meet future backlog goals. As we recommended, 
Justice subsequently developed and issued guidance on tracking and 
reporting backlogged requests.

Additionally, in 2009,[Footnote 18] we reported that DHS had taken 
steps to enhance its FOIA program, but that opportunities existed for 
the department to improve the efficiency and cost-effectiveness of 
FOIA processing. Specifically, we noted that implementation of key 
practices, such as internal monitoring and oversight, component-
specific training, online status-checking, and electronic 
dissemination of records, could facilitate the processing of 
information requests at a number of its major components. Accordingly, 
we recommended that key practices used by certain DHS components and 
other agencies be implemented more consistently across the department. 
DHS agreed with our recommendations and took steps to address them. 
For example, the department implemented electronic FOIA processing 
systems in certain components. Further, among the components, the 
Secret Service provided component-specific training on the processing 
of information pertaining to its unique mission.

Further, in 2012,[Footnote 19] we pointed out that FOIA processing was 
decentralized at the component level within DHS and that different 
components' processing systems were unable to exchange data. We noted 
that the inability of these systems to electronically exchange data 
also complicated the process of compiling agencies' annual FOIA 
reports. As a result of analyzing data on backlogged FOIA requests 
within DHS, along with other agencies, we recommended that DHS and the 
other agencies improve their FOIA programs by reporting backlog 
status, redirecting resources, changing procedures, and negotiating to 
simplify requests. DHS concurred with our recommendations and stated 
that it was taking steps to address them by, for example, increasing 
staffing levels to help with processing FOIA requests.

DHS's FOIA Processing Responsibilities Are Decentralized, Its FOIA 
Regulation Is Not Updated, Its Cost Reporting Is Incomplete, and 
Processing Duplication Exists: 

Responsibility for processing FOIA requests is decentralized among 
DHS's Privacy Office and component agencies. In this regard, the 
Privacy Office--as the department's central FOIA office--has agency-
wide responsibility for FOIA compliance and performance, to include 
developing policies to implement FOIA initiatives, providing training, 
and preparing required annual reports. In addition, each of the 
selected components has its own program and procedures for processing, 
tracking, and reporting FOIA activities. However, the Privacy Office 
has not updated the DHS FOIA regulation--a regulation required by the 
act--that establishes procedures intended to inform the public of its 
own and the components' FOIA operations. Further, while the selected 
components report their FOIA processing costs to the Privacy Office, 
which then aggregates this data, these reported costs are incomplete, 
thus hindering accountability for the total costs incurred by the 
department and the components in managing and processing FOIA 
requests. Also, duplication exists in the processing of certain 
requests for immigrant files that are handled by two of the selected 
components.

Privacy Office Carries Out DHS-wide FOIA Responsibilities; Selected 
Component Agencies Have Separate FOIA Program Responsibilities: 

The DHS Privacy Officer serves as the department's Chief FOIA Officer, 
and the Privacy Office is where programmatic oversight of department-
wide FOIA operations is executed. In addition, this office has 
responsibility for processing FOIA requests submitted to the Office of 
the Secretary and eleven other headquarters offices.[Footnote 20] In 
fiscal year 2013, the Privacy Office reported processing 840 requests 
for these offices.

As the central office tasked with overseeing the department's FOIA 
activities, the Privacy Office is responsible for coordinating and 
overseeing the components' FOIA operations, providing FOIA-related 
training, and preparing the required annual reports on the 
department's FOIA performance.

Toward this end, the office currently performs a number of oversight 
and coordination functions: 

* Requests weekly and monthly reports by all components on their FOIA 
processing, including monthly statistics on the number of requests 
processed and backlogged. For example, it requires all components to 
provide a monthly report to the Privacy Office on processed and 
pending FOIA requests, the number of days to respond to a request, and 
the component's ten oldest FOIA requests, among other reporting 
requirements.

* Takes corrective measures to address components' actions. For 
example, in October 2012, the Privacy Office issued a memorandum to 
all components on sending a letter to a FOIA requester when the 
passage of time or a change in circumstance raises a question about 
whether the requester is still interested in obtaining the requested 
records.

* Provides FOIA training to new employees. In fiscal year 2013, the 
office conducted biweekly training on FOIA for approximately 200 new 
employees. Included in the training was a discussion of best practices 
for safeguarding personally identifiable information.

* Provides assistance by detailing staff to components as needed. For 
example, the Privacy Office temporarily assigned a member of its staff 
to ICE to assist with a particularly large request.

* Provides technical support to encourage the adoption of automated 
FOIA processing capabilities. For example, the office provided copies 
of FOIA processing software to various components at no cost in order 
to encourage adoption of a single FOIA processing application across 
DHS.

* Routes FOIA requests addressed generally to DHS to the appropriate 
component(s) and coordinates responses to some requests that involve 
multiple components.

* Coordinates department-level compliance with FOIA by developing and 
disseminating policies and guidance to implement the act. For example, 
in 2003, the office issued a directive on FOIA roles and 
responsibilities throughout the department. In addition, in May 2009, 
the DHS Chief FOIA Officer issued a memorandum to all component 
agencies and offices discussing presumption of disclosure and 
exemptions as set forth by the Attorney General's guidelines. Further 
in 2012, the office issued a memorandum on processing "misdirected" 
FOIA requests, emphasizing the importance of routing misdirected 
requests to the appropriate component as soon as possible.

Apart from the Privacy Office, each of the selected component agencies 
separately administers its own FOIA program--subject to regulations 
and policies issued by the Privacy Office/Chief FOIA Officer. 
Components' FOIA programs are subject to the same laws, regulations, 
and Justice guidance as the department's program, and typically 
perform the functions of any FOIA program--maintaining a FOIA library, 
making a determination on a request for a fee waiver, and referring 
other offices' documents to the actual owner. However, they may have 
different operating procedures due, for example, to the type of 
documents they process, or their geographic dispersion. Each selected 
component has its own FOIA Officer, who is usually also the FOIA 
Public Liaison, and most maintain their own online FOIA library. The 
components have a few additional responsibilities as part of a larger 
organization, such as the requirement to report information to the 
Privacy Office, and the need to exchange electronic data smoothly with 
other DHS components.

From an operational standpoint, however, the components differ 
considerably in how they meet their responsibilities. As shown in 
table 2, the selected DHS components' FOIA offices are responsible for 
processing different types of requests depending on their mission. 
They also vary considerably with regard to both the number of FOIA 
requests received and the number of staff who process them. For 
example, in fiscal year 2013, USCIS reported that it received 
approximately 133,000 FOIA requests, mostly for immigrants' files, 
while FEMA reported that it received about 800 requests, often related 
to disasters.

Table 2: Fiscal Year 2013 Reported Statistics for Selected Department 
of Homeland Security Component Agencies' FOIA Programs: 

Component: USCIS; 
Program office: National Records Center; 
Reported number of FOIA requests received: 132,797; 
Common types of requests received: Immigrants' files; 
Full-time permanent FOIA staff: 201; 
Total full-time equivalent staff that help process FOIA requests[A]: 
227.

Component: CBP; 
Program office: Privacy and Diversity Office; 
Reported number of FOIA requests received: 41,381; 
Common types of requests received: Records of border crossings; 
Full-time permanent FOIA staff: 34; 
Total full-time equivalent staff that help process FOIA requests[A]: 50.

Component: ICE; 
Program office: Management and Administration Office; 
Reported number of FOIA requests received: 34,161; 
Common types of requests received: Certain documents in immigrant 
files, information on detainees, detention facilities, and Homeland 
Security investigations (e.g., drug and gun smuggling); 
Full-time permanent FOIA staff: 48; 
Total full-time equivalent staff that help process FOIA requests[A]: 57.

Component: Coast Guard; 
Program office: Management Programs and Policy Division; 
Reported number of FOIA requests received: 3,468; 
Common types of requests received: Maritime casualty investigations 
and oil spills; 
Full-time permanent FOIA staff: 12; 
Total full-time equivalent staff that help process FOIA requests[A]: 41.

Component: FEMA; 
Program office: Records Management Disclosure Branch; 
Reported number of FOIA requests received: 798; 
Common types of requests received: Information on disasters, such as 
hurricanes or the Deepwater Horizon oil spill, grants, contracts, and 
individual assistance files; 
Full-time permanent FOIA staff: 16; 
Total full-time equivalent staff that help process FOIA requests[A]: 36.

Source: DHS FOIA Annual Report and GAO based on DHS-supplied data. 
GAO-15-82. 

[A] Total full-time equivalent staff include part-time employees who 
perform FOIA duties and full-time employees who perform FOIA duties 
less than 100 percent of the time. (Numbers are rounded). 

[End of table] 

Privacy Office Has Not Updated its FOIA Regulation to Inform the 
Public of Its Operations: 

Agencies are required by FOIA to publish regulations that govern and 
help inform the public of their FOIA programs. These rules are to 
provide guidance on the procedures to be followed in making a FOIA 
request and on specific matters such as fees and expedited processing 
of requests. Toward this end, in January 2003, DHS issued an interim 
final regulation establishing its procedures for implementing FOIA. 
The regulation describes steps that individuals are required to follow 
in making requests, such as submitting a written request directly to 
the component that maintains the record. It also explains the 
department's processing of such requests, including charging fees for 
the requested records.[Footnote 21]

However, since the department's regulation was issued in 2003, 
important changes have occurred in how DHS processes FOIA requests; 
yet, the regulation has not been updated to reflect those changes. For 
example, since the regulation was issued, amendments have been enacted 
by the OPEN Government Act of 2007. These amendments included a 
requirement for federal agencies to have FOIA public liaisons and 
placed a limitation on fees that agencies can charge electronic news 
media. In addition, the President's FOIA memorandum, Transparency and 
Open Government, as well as the Attorney General's FOIA guidelines of 
2009, required that agencies take specific actions to ensure that the 
government is more transparent, participatory, and collaborative. 
Specifically, agencies were required to rapidly disclose information, 
increase opportunities for the public to participate in policymaking, 
and use innovative tools, methods, and systems to cooperate amongst 
themselves and across all levels of government.

The department has taken actions to implement these FOIA-related 
requirements. Specifically, it established a FOIA public liaison 
officer and issued a memo directing the department and its components 
to ensure transparency by adding categories of records[Footnote 22] to 
be posted on component agencies' websites and linked to their 
respective electronic reading rooms. In addition, the department began 
accepting FOIA requests for records via e-mail. Nonetheless, while it 
has taken these actions, the department has not revised its regulation 
to address the role of the public liaison, the fee limitation for 
electronic news media requests, or the fact that the department 
accepts requests via e-mail.

Officials in the Privacy Office stated that a draft of a new 
regulation was due to be released for public comment during the summer 
of 2014, with a final updated regulation planned for the end of 2014. 
However, as of September 2014, the draft regulation had not been 
released.

Without an updated regulation reflecting changes in how it processes 
FOIA requests, DHS lacks an important mechanism for effectively 
facilitating public interaction with the department on the handling of 
FOIA requests. Moreover, the Privacy Office lacks current policies to 
consistently guide the components' efforts in effectively responding 
to such requests.

Full FOIA Costs of DHS's Privacy Office and Selected Components are 
Unknown: 

Both Justice and federal cost accounting standards require federal 
agencies to report on specific categories of FOIA-related costs. 
Specifically, as part of the annual guidance that it has issued on 
preparing annual FOIA reports, Justice requires agencies to report 
processing costs and litigation-related costs.[Footnote 23] According 
to Justice, FOIA processing costs include the sum of all costs 
expended by the agency for processing the initial FOIA request and any 
administrative appeals, including salaries of FOIA personnel, 
overhead, and any other FOIA-related expenses. Justice also has 
developed a reporting tool--the DOJ Annual FOIA Report Tool--that 
agencies can use to report their FOIA activities.

In addition, the federal management cost accounting standards[Footnote 
24] require agencies to report both direct and indirect costs to 
provide reliable and timely information on the full cost of federal 
programs. Direct costs include: 

* salaries and other benefits for employees who work directly on the 
output,

* materials and supplies used in the work,

* various costs associated with office space, equipment, facilities, 
and utilities, and: 

* costs of goods or services received from other segments or entities.

Indirect costs are for resources that are jointly or commonly used to 
produce two or more types of outputs but are not specifically 
identifiable with any of the outputs. Typical examples of indirect 
costs include: 

* costs of general administrative services,

* general technical support (e.g., information technology services 
such as telecommunications),

* security, and: 

* rent and operating and maintenance costs for buildings, equipment, 
and utilities.

However, neither the selected components, nor the Privacy Office, 
which collects and aggregates data on the department's FOIA costs, 
report all categories of costs required by Justice and federal 
financial accounting standards. Further, data submitted by the 
selected components were often incomplete. Specifically, while the 
Privacy Office and the selected components all reported the salaries 
of FOIA office staff as input to the department's FOIA annual report 
for fiscal year 2013, most did not report or did not fully report 
costs for other categories, including employee benefits, non-personnel 
direct costs, indirect costs, and salaries of staff outside the 
components' FOIA offices who retrieve requested documents. Table 3 
summarizes the extent to which costs were reported by the Privacy 
Office and the selected components in the department's 2013 FOIA 
annual report.

Table 3: Cost Categories Reported by the Privacy Office and Selected 
Components for the DHS 2013 FOIA Annual Report: 

Component: Privacy; 
Salaries: Yes; 
Employee benefits: No; 
Non-personnel direct costs: Yes; 
Indirect costs: Yes[B]; 
Costs for offices other than the FOIA office[A]: No.

Component: CBP; 
Salaries: Yes; 
Employee benefits: No; 
Non-personnel direct costs: Partially; 
Indirect costs: No; 
Costs for offices other than the FOIA office[A]: Yes.

Component: Coast Guard; 
Salaries: Yes; 
Employee benefits: No; 
Non-personnel direct costs: No; 
Indirect costs: No; 
Costs for offices other than the FOIA office[A]: [C].

Component: FEMA; 
Salaries: Yes; 
Employee benefits: No; 
Non-personnel direct costs: No; 
Indirect costs: No; 
Costs for offices other than the FOIA office[A]: Yes[C].

Component: ICE; 
Salaries: Partially; 
Employee benefits: Partially; 
Non-personnel direct costs: No; 
Indirect costs: Partially; 
Costs for offices other than the FOIA office[A]: Partially.

Component: USCIS; 
Salaries: Yes; 
Employee benefits: Yes; 
Non-personnel direct costs: Yes; 
Indirect costs: No; 
Costs for offices other than the FOIA office[A]: No[D].

Source: GAO analysis of data provided by DHS. GAO-15-82. 

Partially: only some of the data are reported or reported data are not 
accurate. 

[A] Since program documents are not typically held by the FOIA office, 
program offices incur costs in searching for and retrieving documents.

[B] Although the Privacy Office reported indirect costs, they were 
unable to determine what proportion of these costs was attributable to 
their FOIA activities.

[C] Coast Guard and FEMA cost data were not deemed reliable because 
they were incomplete and/or inaccurate.

[D] Most of USCIS's requests are for immigrant files, which are 
searched in a central system, but other requests are sent to program 
offices for search and retrieval of responsive documents. 

[End of table] 

As reflected in the table, when submitting data for the 2013 FOIA 
annual report, the Privacy Office and all five selected components 
reported all or a portion of salary costs incurred. However, two of 
the six reported all or a portion of their costs incurred for employee 
benefits; three reported all or a portion of their direct non-
personnel costs; two reported all or a portion of their indirect 
costs; and four reported all or a portion of costs for offices other 
than the FOIA office.

Officials in the Privacy Office and components attributed the 
underreporting of costs to two factors: a lack of detailed cost 
guidance and difficulty in capturing all personnel costs associated 
with the processing of FOIA requests. In this regard, officials in the 
Privacy Office stated that they do not have specific guidance on 
determining FOIA costs. They stated that the Justice guidance is high-
level and does not reflect all areas of cost. Further, the officials 
stated that DHS does not have a specific form or template specifying 
required cost categories to aid the components in identifying and 
collecting the relevant cost data.

Privacy Office and component officials stated that, when processing a 
FOIA request, substantial costs may be incurred by offices other than 
the components' FOIA offices, and these costs are difficult to 
capture. In particular, they stated that, when documents responding to 
a FOIA request must be retrieved by an office other than the 
component's central FOIA office, it can be difficult to determine the 
cost of search and retrieval activities performed by staff in that 
other office.

Further, officials at CBP, Coast Guard, FEMA, ICE, and Privacy said 
that costs for their FOIA operations are being underreported. They 
stated that it is difficult to collect data on costs incurred by other 
offices that support their FOIA operations. According to the FOIA 
Officer at ICE, although a form exists for that component's program 
offices to account for hours spent on FOIA activities, ICE did not 
report this information to the Privacy Office because ICE considers 
other FOIA activities to be a higher priority.

Until DHS takes steps to improve its reporting of costs for its FOIA 
operations, such as by providing components with guidance on reporting 
costs, the department will lack critical information for effectively 
managing its FOIA operations, and that is needed to inform Congress' 
oversight of the department's efforts.

Duplication Exists in Certain Components' Processing of Immigration 
Files: 

Our work[Footnote 25] has noted that duplication exists when two or 
more agencies or programs are engaged in the same activities or 
provide the same services to the same beneficiaries. Among the most 
frequent FOIA requests made to DHS are those for immigration files. 
These files usually contain various types of information pertaining to 
immigrants, including asylum applications, law enforcement records, 
and border crossing documents. As such, they may contain information 
and records that are generated by various DHS components or other 
agencies.

Within DHS, three components--USCIS, CBP, and ICE--create most of the 
documents included in immigration files. USCIS is the custodian of the 
files, and all FOIA requests for such files are either initiated with, 
or referred to, this component for processing. Specifically, to 
process a FOIA request for an immigration file, the USCIS staff to 
whom the request is assigned first manually enters the requester's 
data, such as a name and address, into USCIS's FOIA system to 
establish a record of the request. Next, the staff retrieves and scans 
the documents in the requested file and reviews the documents. If all 
of the documents were generated by USCIS, the staff makes redactions 
as needed, sends the documents to the requester, and closes out the 
request.

Further, if the FOIA request covers files containing documents 
generated by CBP, then USCIS is able to process the request on the 
basis of an agreement to that effect with CBP. By having USCIS process 
such requests for CBP documents, the two components avoid duplication 
in their response to a FOIA request.

On the other hand, USCIS and ICE do not have such an agreement for 
documents generated by ICE. Thus, the USCIS staff is to identify any 
such documents and make them available to ICE's FOIA staff for their 
separate processing.[Footnote 26] In doing so, USCIS and ICE currently 
engage in duplicative processing of FOIA requests for those 
immigration files containing documents related to law enforcement 
activities that were generated by ICE.[Footnote 27] Specifically, to 
facilitate ICE's review of such files, USCIS staff transfer copies of 
the ICE-generated documents to a temporary electronic storage drive 
that USCIS maintains. According to USCIS officials, ICE has been 
granted access to this electronic storage drive so that it can 
retrieve files containing the documents that it generates. ICE 
retrieves the documents, and the ICE staff then re-enters the data to 
create a new FOIA request in ICE's FOIA processing system. The staff 
then proceeds with processing the requested documents, and releases 
them to the requester--in essence, undertaking a new, and duplicate, 
effort to respond to the FOIA request.

Figure 2 depicts the duplication that occurs in USCIS's and ICE's 
downloading and re-entering of data to respond to FOIA requests for 
immigration files.

Figure 2: Referral Process for Documents in an Immigration File: 

[Refer to PDF for image: process illustration]

Immigration file requested: 

USCIS enters request into system; 
USCIS scans documents; 
USCIS processes documents for CBP[A]; 

1. USCIS releases its processed documents to requester: 
Document received by requester; or: 

2. Duplication: USCIS puts ICE documents in temporary electronic 
storage: 
ICE downloads document (ICE reformats document); 
ICE re-enters request data into its FOIA system (ICE reformats 
document); 
ICE processes document; 
Document received by requester; or: 

3. USCIS mails or e-mails documents: 
Other agencies[B]: 
Agency enters request into its system; 
Agency processes document; 
Document received by requester. 

[A] USCIS processes all CBP documents in the file under a service 
level agreement.

[B] Other agencies may include the Department of State, the Federal 
Bureau of Investigation, and the Federal Bureau of Prisons. 

Source: GAO analysis of U.S. Department of Homeland Security data. GAO-
15-82. 

[End of figure] 

In prior years, up until April 2012, the two components had an 
agreement whereby USCIS processed ICE's documents contained in an 
immigration file. However, the components' officials stated that, 
since that agreement ended, the components have not made plans to 
enter into another such agreement. According to ICE's FOIA Officer, 
USCIS's processing of ICE's documents in immigration files was viewed 
as being too costly. Nonetheless, while there would be costs 
associated with USCIS processing ICE's documents in immigration files, 
the potential exists for additional costs to be incurred in the 
continued duplicate processing of such files.

The absence of an agreement between USCIS and ICE regarding the 
handling of FOIA cases contributes to the duplicate processing of the 
immigration files. Further, the duplicate processing of a single FOIA 
request by USCIS and ICE staff contributes to an increase in the time 
needed to respond to a FOIA request for immigration files. Because 
USCIS does not send the immigration file to ICE until it has completed 
its own processing of the relevant documents--which, according to 
USCIS, takes on average 20 working days--ICE usually does not receive 
the file to begin its own processing until the 20-day time frame for 
responding to a request has passed.[Footnote 28]

Re-establishing an agreement that allows USCIS to process ICE-
generated documents included in requests for immigration files, to the 
extent that the benefits of doing so would exceed the cost, could 
enable the two components to eliminate duplication in their processes 
for responding to such a request. Further, it could help reduce the 
time needed by these components in responding to a request.

DHS and Selected Components Have Taken Actions to Reduce Backlogged 
Requests, with Varying Success: 

The 2009 OMB Open Government Directive required all federal agencies 
with significant pending backlogs to reduce the number of their 
backlogged FOIA requests by at least 10 percent per year. The June 
2011 DHS Open Government Plan 2.0 further directed the department and 
its components to reduce the FOIA backlog by 15 percent per year.

Toward this end, officials in DHS's Privacy Office and the selected 
components identified various actions that they have taken since 2011 
to reduce the number of their backlogged requests. With these actions, 
USCIS reduced its backlog consistently from 2011 through 2013. FEMA 
had a lower backlog in 2012, but an overall increase by 2013, and the 
Privacy Office and other selected components' backlogs increased. 
Specifically, there was a total of about 41,000 backlogged requests in 
fiscal year 2011 and about 47,000 in fiscal year 2013. The number of 
requests received had increased from about 170,000 requests in 2011 to 
about 210,000 in 2013, and the number processed increased from about 
140,000 in 2011 to about 190,000 in 2013. Agency officials reported 
that the number of requests received had increased and the increase 
had contributed to their backlog.

Privacy Office. According to its officials, the Privacy Office holds 
regularly scheduled production meetings, at which the FOIA Production 
Manager reviews all pending cases, and weekly staff meetings where 
roadblocks to closing backlogged requests are discussed. Further, the 
FOIA Production Manager stated that weekly and, in some cases, daily 
production reports are received from all processing staff. However, 
despite these efforts, the number of backlogged requests grew from 4 
in 2011 to 20 in 2013. Privacy Office officials attributed the backlog 
growth to an increase in the number of offices for which the Privacy 
Office processes FOIA requests. In 2013, the office added 3 additional 
headquarters offices to those for which it processes requests and 
inherited their backlogs.

USCIS. To reduce the number of backlogged requests, USCIS increased 
the number of its full-time FOIA staff from 188 to 201, and the number 
of its total full-time equivalent staff from 195 to 227 from 2011 
through 2013. Further, to reduce the backlog, the agency used 
temporary assignments of contractor staff; it also conducted a Lean 
Six Sigma project[Footnote 29] to improve processing throughput. The 
effort was successful, resulting in an increase in average monthly 
cases closed from 7,300 to 10,800. Specific actions taken under this 
initiative included: 

* offering awards to staff for increased production;

* establishing minimum page count standards for processors at 
different grade levels;

* creating a GS-12 team leader position for high-performing staff; and: 

* enhancing communication and team development through monthly 
development sessions and leadership development.

Lastly, according to USCIS officials, telework was expanded to 2 days 
a week, leading to increased productivity among staff who telework. As 
a result of these efforts, USCIS reported that it had succeeded in 
reducing its backlogged requests from 35,780 in 2011 to 3,394 in 2013.

CBP. To assist with reducing its backlog, CBP developed a management 
plan for fiscal years 2013-2014 that included moving the FOIA function 
organizationally from its Office of International Trade to the Privacy 
and Diversity group; hiring new permanent staff to help process 
requests; using temporary staff; and extending the agreement that 
allows USCIS to process its documents. According to agency officials, 
the new organizational placement has enabled the FOIA office to get 
more management attention and better address issues related to its 
FOIA operations.

Nonetheless, CBP experienced a large increase in the number of its 
backlogged requests from fiscal year 2011 through fiscal year 2013--
from 4,356 requests to 37,848 requests. According to CBP officials, 
two problems, in particular, contributed to the higher numbers. First, 
approximately 11,000 FOIA cases that were improperly closed in 2012 
had to be reopened and reprocessed. Second, after its reorganization, 
a new manager found a stack of boxes containing 12,000 paper requests 
from 2012 that had never been entered into their processing system. 
The officials stated that CBP subsequently cleared all of these 
requests.

ICE. In April 2012, ICE opened a new office in Florida to process 
referrals from USCIS. It also trained 20 temporary staff to help 
process the backlogged requests. Further, in April 2013, the agency 
engaged a contractor to process backlogged requests. Lastly, the 
agency developed performance work plans for staff, which specified the 
number of FOIA requests or document pages that staff should process 
weekly.

Even with these steps, however, ICE's backlog grew from 18 requests in 
fiscal year 2011 to 4,714 in 2013. Officials attributed this increase, 
in part, to increased public interest due to immigration reform, 
increases in the complexity of requests received, and the expiration 
of its agreement with USCIS to process ICE documents contained in 
immigration files.

FEMA. During its "non-disaster season" (February to May 2014), FEMA 
used 10 staff redeployed from other areas in the agency to help 
process its FOIA backlog. The staff received 2 weeks of training and 
closed 56 cases. FEMA also received assistance from the Privacy Office 
to process one case with more than 4 million pages of documents.

Nonetheless, FEMA had a backlog of 485 requests in 2011 and 496 
requests in 2013. These numbers are relatively high compared to the 
number of requests--about 800--that the agency received in 2013. In 
the 2014 Chief FOIA officer report, FEMA officials cited these factors 
impacting their ability to address the backlog: a loss of experienced 
FOIA professionals, difficulty in replacing these staff, and the need 
to process the one particularly voluminous request that it received.

Coast Guard. Officials from the Coast Guard told us that they had 
attempted to reduce their backlog by sending reminders to program 
offices about open FOIA requests. Specifically, bi-monthly reports are 
sent to their field units as a reminder to account for their efforts 
to reduce their backlog.

However, Coast Guard's backlog increased from 527 in fiscal year 2011 
to 877 in fiscal year 2013. In the 2014 Chief FOIA officer report, 
Coast Guard officials reported that factors impacting their ability to 
reduce the backlog included a lack of full-time professional FOIA 
staff, which results in reliance on part-time military staff who 
process FOIA requests as a collateral duty, may not be trained, and 
rotate frequently. The consequence, according to the FOIA office, is 
confusion, delays, backlogged requests, and errors. The Coast Guard 
also attributed inability to reduce its backlog to an increase in the 
complexity of the requests it received.

Figure 3 shows changes in the numbers of backlogged requests for the 
Privacy Office and the selected components from fiscal year 2011 
through fiscal year 2013.

Figure 3: Number of Reported Backlogged FOIA Requests for the Privacy 
Office and Selected Components, Fiscal Years 2011-2013: 

[Refer to PDF for image: 6 line graphs] 

Number of Backlogged Freedom of Information Act Requests: 

USCIS: 
2011: 35,780; 
2012: 10,727; 
2013: 3,394. 

CBP: 
2011: 4,356; 
2012: 10,646; 
2013: 37,848. 

ICE: 
2011: 18; 
2012: 2,443; 
2013: 4,714. 

PRIVACY: 
2011: 4; 
2012: 5; 
2013: 20. 

FEMA: 
2011: 485; 
2012: 306; 
2013: 496. 

Coast Guard: 
2011: 527; 
2012: 782; 
2013: 877. 

USCIS: U.S. Citizenship and Immigration Services; 
CBP: U.S. Customs and Border Protection; 
ICE: U.S. Immigration and Customs Enforcement; 
PRIVACY: Privacy Office; 
FEMA: Federal Emergency Management Agency; 
Coast Guard: U.S. Coast Guard. 

Source: GAO analysis of U.S. Department of Homeland Security data. 
GAO-15-82. 

Note: CBP's data for 2012 does not account for about 11,000 requests 
that were improperly closed and should have been listed as backlogged. 

[End of figure] 

DHS and Selected Components Have Implemented Automated Systems to 
Process FOIA Requests, but Systems Lack Recommended Capabilities: 

Various FOIA amendments and guidance call for agencies such as DHS to 
use electronic systems to improve FOIA processing. In particular, the 
OPEN Government Act of 2007 amended FOIA to require that federal 
agencies establish a system to provide individualized tracking numbers 
for requests that will take longer than 10 days to process and 
establish telephone or Internet service to allow requesters to track 
the status of their request. Further, the President's January 2009 
"Freedom of Information Act" memo instructs agencies to use modern 
technology to inform citizens about what is known and done by their 
government.

Beyond these requirements, a select group of federal agencies have 
collectively identified capabilities that they consider to be best 
practices for FOIA processing. Specifically, in conjunction with the 
Department of Commerce and the Environmental Protection Agency, the 
National Archives and Records Administration's Office of Government 
Information Services identified 13 electronic system capabilities that 
can enhance FOIA processing: 

* using a single, component-wide system for tracking requests;

* accepting the request online, either through e-mail or an online 
request form;

* assigning the request tracking number and tracking the status of the 
request electronically;

* multi-tracking a request electronically;[Footnote 30]

* routing a request to the responsible office electronically;

* storing and routing responsive records to the appropriate office 
electronically;

* redacting responsive records with appropriate exemptions applied 
electronically;

* calculating and recording processing fees electronically;

* allowing supervisors to review the case file to approve redactions 
and fee calculations for processing electronically;

* generating system correspondence, such as an e-mail or letter, with 
a requester;

* allowing a requester the ability to track the status of the request 
electronically;

* tracking an appeal electronically; and: 

* generating periodic reporting statistics electronically, such as 
monthly backlog and annual report data used to develop reports.

Additionally, in identifying the requirements for a multiagency FOIA 
portal, Justice and the Environmental Protection Agency determined 
that the ability to search for responsive records online is a high-
level requirement for FOIA processing systems.

Lastly, FOIA processing systems, like all federal electronic 
information technology systems, are to comply with the requirements of 
Section 508 of the Rehabilitation Act (as amended). This act requires 
federal agencies to make their electronic information accessible to 
people with disabilities.[Footnote 31]

In order to facilitate the implementation of these capabilities and 
requirements, DHS and its component agencies have acquired and are 
using various automated systems to assist with tracking and processing 
FOIA requests. For example, the Privacy Office and two of the selected 
components are using FOIAXpress, a commercial off-the-shelf FOIA case 
processing system, while one component is using workflow processing 
software that it developed in-house, called the FOIA/Privacy Act 
Information Processing System. The automated systems being used by the 
Privacy Office and the selected component agencies are described in 
table 4.

Table 4: Automated Systems Used to Process FOIA Requests by Selected 
Component Agencies: 

Component: Privacy; 
FOIA system: FOIAXpress; 
Description of system: Commercial off-the-shelf software specifically 
designed to automate FOIA case processing. 

Component: USCIS; 
FOIA system: FOIA/Privacy Act Information Processing System; 
Description of system: Custom software developed to provide workflow 
processing for the life of a FOIA request. 

Component: CBP; 
FOIA system: FOIAOnline; 
Description of system: Multi-agency Web application developed by a 
group of federal government agencies that enables agencies to receive, 
manage, track, and respond to a FOIA request. 

Component: ICE; 
FOIA system: FOIAXpress; 
FileMaker Pro[A]; 
Description of system: Commercial off-the-shelf software specifically 
designed to automate FOIA case processing. Custom software developed 
specifically for ICE for FOIA request processing. 

Component: Coast Guard; 
FOIA system: Excel[B]; 
Description of system: Electronic spreadsheet used to manage and track 
FOIA requests. 

Component: FEMA; 
FOIA system: FOIAXpress; 
Description of system: Commercial off-the-shelf software specifically 
designed to automate FOIA case processing. 

Source: GAO based on agency-supplied data. GAO-15-82. 

[A] While ICE has transitioned to FOIAXpress for new FOIA requests, it 
is still using FileMaker Pro to close outstanding FOIA requests during 
the transition. 

[B] Coast Guard told us that they planned to transition to FOIAXpress 
by October 2014. 

[End of table] 

The systems being used by the DHS Privacy Office and selected 
components vary in the extent to which they include the capabilities 
recommended by the Department of Commerce, the Environmental 
Protection Agency, and the National Archives and Records 
Administration to enhance FOIA processing and address Section 508 
requirements. Specifically, the Privacy Office and three selected 
components (CBP, FEMA, and ICE) have acquired systems that encompass 
all the recommended and required capabilities. One component, USCIS, 
has acquired a system that meets 13 of the capabilities, partially 
meets 1 capability, and does not meet 1 capability. The remaining 
agency, the Coast Guard, has not implemented most of the capabilities 
(12 of 15). Table 5 shows the extent to which the Privacy Office's and 
selected components' processing systems include the recommended and 
required capabilities.

Table 5: Extent to Which Selected FOIA Processing Systems Implement 
Recommended and Required Capabilities: 

Technology capabilities: Single tracking system; 
CBP: Yes; 
Coast Guard: Yes; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes.

Technology capabilities: Accept request online; 
CBP: Yes; 
Coast Guard: Yes; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes.

Technology capabilities: Assign request tracking number and track 
status; 
CBP: Yes; 
Coast Guard: Yes; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes.

Technology capabilities: Track appeals electronically; 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes.

Technology capabilities: Generate periodic report statistics (annual 
report and monthly backlog statistics); 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes.

Technology capabilities: Route request to responsible office; 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes.

Technology capabilities: Electronic redaction capabilities; 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes.

Technology capabilities: Calculate and record processing fees; 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes. 

Technology capabilities: Requester ability to track status online; 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes. 

Technology capabilities: Search capabilities for responsive records; 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes. 

Technology capabilities: Review the case file to approve redactions 
and fee calculations; 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes. 

Technology capabilities: Ability to multitrack requests (simple, 
complex, expedited); 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes. 

Technology capabilities: Store and route electronic records (to the 
appropriate office); 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes. 

Technology capabilities: System-generated correspondence with 
requesters (such as emails or letters); 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: Yes. 

Technology capabilities: Section 508 compliance; 
CBP: Yes; 
Coast Guard: No; 
Privacy Office: Yes; 
FEMA: Yes; 
ICE[A]: Yes; 
USCIS: No. 

Source: GAO analysis of data provided by DHS. GAO-15-82.

[A] This information is for FOIAXpress, although ICE has stated that 
it will also still use FileMaker Pro for a limited time. 

[End of table] 

According to Privacy Office officials, DHS has not required the use of 
a standardized FOIA processing system, although 3 of the 5 selected 
components currently use the same system. They stated that the 
component agencies have acquired specific systems based on their 
individual needs. USCIS officials stated, for example, that their 
current system--the FOIA/Privacy Act Information Processing System--
has been developed to meet that component's specific needs. The 
officials added that they have no plans to convert to another FOIA 
processing system or make enhancements to the current system to fully 
address all required and recommended capabilities. As shown in table 
5, the current system does not have the capability to e-mail 
correspondence to a requester. In addition, USCIS has not ensured that 
its system includes capabilities that make it compliant with 
requirements of Section 508 of the Rehabilitation Act (as amended).

Coast Guard officials stated, as of September 2014, that they were on 
schedule to convert to FOIAXpress in October 2014, which would 
incorporate all of the recommended best practice capabilities and be 
compliant with Section 508 requirements. However, we were not provided 
any documentation to demonstrate that the transition will take place 
as planned.

USCIS and Coast Guard have an opportunity to improve the efficiency 
with which they process FOIA requests by acquiring processing systems 
that incorporate all recommended best practice capabilities. Moreover, 
having systems with capabilities that are compliant with Section 508 
of the Rehabilitation Act (as amended) is essential to ensure that the 
components' electronic information is accessible to people with 
disabilities.

Conclusions: 

Responsibility for FOIA processing is shared between DHS's Privacy 
Office and component FOIA offices, with the components processing the 
majority of FOIA requests made to the department. The Privacy Office 
conducts oversight and policy-making functions, but the lack of an up-
to-date FOIA regulation leaves gaps in the department's FOIA 
procedures and limits public visibility into its processing of 
requests. Further, inconsistent reporting of the costs of FOIA 
processing across the department has resulted in incomplete cost data, 
which, in turn, hinders management oversight. In addition, the lack of 
an agreement between USCIS and ICE has led to duplication of effort in 
processing FOIA requests for immigration files, as well as delays in 
the department's ability to provide the requested information. Re-
establishing an agreement, to the extent that the benefits of doing so 
would exceed the costs, could help eliminate such duplication.

The DHS Privacy Office and the agency components selected for our 
study have taken a variety of actions aimed at reducing the number of 
their backlogged requests. Nonetheless, with the exception of one 
selected component, USCIS, reported that its backlog increased from 
fiscal year 2011 to fiscal year 2013, falling short of the 
department's reduction goals.

Most of the agency components in our study have implemented automated 
systems that include capabilities recommended to improve FOIA 
processing. However, USCIS has only partially implemented capabilities 
for providing system-generated correspondence to requesters. Full 
implementation could help improve the efficiency with which it 
processes FOIA requests. In addition, the Coast Guard has not 
implemented the majority of the recommended capabilities for improving 
its FOIA processing. Further, absent capabilities consistent with 
Section 508 of the Rehabilitation Act (as amended), the two components 
are not implementing the federal requirement to make their electronic 
information accessible to people with disabilities.

Recommendations for Executive Action: 

To improve the management of DHS FOIA requests, we recommend that the 
Secretary of DHS direct the Chief FOIA Officer to take the following 
four actions: 

* Finalize and issue an updated DHS FOIA regulation.

* Improve reporting of FOIA costs by including salaries, employee 
benefits, non-personnel direct costs, indirect costs, and costs for 
other offices.

* Determine the viability of re-establishing the service-level 
agreement between USCIS and ICE to eliminate duplication in the 
processing of immigration files. If the benefits of doing so would 
exceed the costs, re-establish the agreement.

* Direct USCIS and Coast Guard to fully implement the recommended FOIA 
processing system capabilities and the section 508 requirement.

Agency Comments and Our Evaluation: 

We received written comments on a draft of this report from the 
Director of DHS's Departmental GAO-OIG Liaison Office. In the 
comments, which are reproduced in appendix II, the department 
concurred with all four of our recommendations and identified actions 
taken or planned to address them. Specifically, DHS stated that its 
Privacy Office is drafting a comprehensive FOIA regulation and also 
plans to draft and disseminate policy to ensure that all components 
are capturing the full cost of FOIA. Further, according to the 
department, a working group will be formed to determine the viability 
of re-establishing the service level agreement on FOIA processing 
between USCIS and ICE. Lastly, the department stated that it will 
draft guidance for components to fully implement the recommended FOIA 
processing system capabilities and Section 508 requirement. The 
department estimated that it will complete all actions by April 30, 
2015. In addition, DHS also provided technical comments, which we 
incorporated as appropriate.

We are sending copies of this report to the Secretary of Homeland 
Security. In addition, this report is available at no charge on the 
GAO website at [hyperlink, http://www.gao.gov].

If you or your staff have questions about this report, please contact 
me at (202) 512-6304 or melvinv@gao.gov. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this report. Key contributors to this report are 
listed in appendix III. 

Signed by: 

Valerie C. Melvin: 
Director, Information Management and Technology Resource Issues: 

[End of section] 

Appendix I: Objectives, Scope, and Methodology: 

Our objectives were to determine: (1) the responsibilities of, and 
total costs incurred by, the Department of Homeland Security (DHS) and 
selected components in managing and processing FOIA requests, and 
whether any duplication exists; (2) actions DHS and the selected 
components have taken to reduce FOIA backlogs and the results of their 
actions; and (3) the status of DHS's and the selected components' 
efforts to acquire and implement automated systems for processing FOIA 
requests.

To address the study objectives, we collected and analyzed published 
statistics and other documentation, and conducted interviews with 
responsible officials at the DHS Privacy Office and five selected DHS 
components. We purposefully selected the components by analyzing the 
department's fiscal year 2012 data on FOIA requests received, 
backlogs, and reported costs. We then selected U.S. Customs and Border 
Protection (CBP), the U.S. Citizenship and Immigration Services 
(USCIS), and Immigration and Customs Enforcement (ICE) because they 
were highest in all three categories--requests, backlogs, and reported 
costs. Next, we selected the U.S. Coast Guard (Coast Guard) because it 
is the component with the fifth highest volume of requests and 
backlogged requests and currently uses a manual process to track and 
process its FOIA requests. We purposefully selected the Federal 
Emergency Management Agency (FEMA) because it was the fourth highest 
in reported total costs and had unusually high reported costs for the 
number of requests it processed as compared to USCIS, CBP, and ICE. We 
included the DHS Privacy Office because it has overall responsibility 
for FOIA at the department level. Collectively, our selections account 
for about 95 percent of total reported DHS requests received, 87 
percent of reported backlogged requests, and 76 percent of reported 
costs.

To determine the responsibilities of DHS and the selected components 
in managing and processing FOIA requests, we reviewed organization 
charts; the department's and components' policies and procedures; 
service level agreements; and published materials, such as DHS FOIA 
annual reports and DHS Chief FOIA Officer reports. We interviewed DHS 
and component officials about their responsibilities and management 
practices.

To determine the total costs incurred by DHS and its selected 
components in managing and processing FOIA requests, we examined 
overall costs as reported in the 2013 annual FOIA report, as well as 
detailed cost breakdowns used by the Privacy Office and the selected 
components to calculate their reported costs. To determine if all 
required cost categories were being reported, we analyzed the 
categories of costs reported and compared them to the cost categories 
required by the Department of Justice (Justice) and federal management 
cost accounting standards[Footnote 32] to determine the extent to 
which required cost elements were being reported. Further, we analyzed 
cost documentation provided, and interviewed agency officials to 
determine how costs were collected and what steps were taken to assure 
that cost figures were reliable. In assessing whether DHS and the 
selected components reported cost categories, we applied the following 
criteria: "yes" if reporting of costs was complete and was deemed 
reliable, "partial" if reported costs were incomplete or were judged 
not completely reliable, and "no" if they were not reported. Due to 
the non-reporting of particular cost categories and concerns about the 
accuracy of certain reported cost data, including data with obvious 
errors and inconsistent accounts of how data were collected, we 
concluded that, overall, the cost data provided were not sufficiently 
reliable, based on federal management cost accounting standards, to 
determine DHS's total FOIA costs, but that our analysis allowed us to 
conclude that overall costs were underreported.

To determine if duplication exists in managing and processing FOIA 
requests, we examined policies and procedures, viewed demonstrations 
of how automated systems are used to manage and process requests, and 
interviewed agency officials to clarify workflow. We evaluated the 
processes against recommended practices discussed in our previously 
issued reports that addressed duplication in federal government 
programs.[Footnote 33]

To determine what actions DHS and the selected components have taken 
to reduce their FOIA request backlogs and what have been the results 
of those actions, we examined backlog reduction goals published by the 
Office of Management and Budget, DHS, and the selected components. We 
examined DHS annual FOIA reports and Chief FOIA Officer reports, 
analyzed published statistics, and reviewed monthly backlog reports by 
the components to determine whether reduction goals were met. We 
interviewed agency officials and collected documents to determine what 
specific actions have been taken to reduce backlogs, identify actions 
that had been successful in reducing backlogs, and determine the 
underlying causes for the backlogged requests.

To determine the status of DHS's and selected components' efforts to 
acquire and implement automated systems, we assessed the capabilities 
of automated systems in use by the Privacy Office and the selected 
components. Specifically, we viewed demonstrations of systems used for 
tracking and processing requests and obtained documentation, such as 
user manuals and screen prints. We compared the capabilities of these 
systems to relevant statutory requirements, such as the OPEN 
Government Act requirement to assign tracking numbers to FOIA 
requests, and 13 systems capabilities considered to be best practices 
for FOIA processing compiled by the National Archives and Records 
Administration's Office of Government Information Services in 
conjunction with the Department of Commerce and the Environmental 
Protection Agency. In assessing DHS's and the components' actions to 
implement these capabilities, we applied the following criteria: "yes" 
means the capability had been implemented; "partially" means the 
capability was not implemented in its entirety, and "no" means the 
capability was not implemented. We also interviewed Privacy Office and 
selected component officials and collected documents describing one 
component's plans to implement a new tracking system.

In examining reported data on the volumes of FOIA requests made to 
DHS, we found two data reliability issues of concern. First, we found 
that a FOIA request may be recorded and counted more than once. For 
example, USCIS may receive a request for an immigration file, which it 
counts. It may then refer to ICE for processing certain documents in 
the file that were created by that component. ICE then enters this 
referral in its FOIA processing system as a new request. Thus, even 
though the department may have received one request for one 
immigration file, it may be reported as two requests received and 
closed by both USCIS and ICE. Similarly, a request sent to more than 
one component may be entered separately by each component that 
responds. Nonetheless, while this double counting may result in an 
inaccurate number of total requests received by DHS, it did not affect 
our findings, since we have no findings related to the overall volume 
of requests handled by DHS.

The second issue involved a group of FOIA requests that were 
improperly closed by CBP in fiscal year 2012. CBP counted the requests 
as closed, although they should have remained open and been counted as 
part of the component's backlog of requests. As a result, the 
component reported a lower number of backlogged requests for 2012 than 
actually existed. CBP officials did not know exactly how many requests 
were involved, but estimated that there were about 11,000. The 
underreporting of the backlog of requests does not, however, affect 
our observation that CBP's backlog increased over the time period from 
2011 through 2013 because CBP processed all of these requests during 
this time frame.

We conducted our work from November 2013 to November 2014 in 
accordance with generally accepted government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe 
that the evidence obtained provides a reasonable basis for our 
findings and conclusions based on our audit objectives. 

[End of section] 

Appendix II: Comments from the Department of Homeland Security: 

U.S. Department of Homeland Security: 
Washington, DC 20528: 

November 7, 2014: 

Valerie C. Melvin: 
Director, Information Management and Technology Resource Issues: 
U.S. Government Accountability Office: 
441 G Street, NW: 
Washington, DC 20548: 

Re: Draft Report GAO-15-82, "Freedom of Information Act: DHS Should Take
Steps to Improve Cost Reporting and Eliminate Duplicate Processing" 

Dear Ms. Melvin: 

Thank you for the opportunity to review and comment on this draft 
report. The U.S. Department of Rome land Security (DRS) appreciates 
the U.S. Government Accountability Office's (GAO's) work in planning 
and conducting its review and issuing this report. 

The Department appreciates GAO's recognition of the steps DRS has 
taken to improve its Freedom of Information Act (FOIA) processing and 
to reduce its backlog. DRS is committed to improving its processes and 
enhancing efficiencies using technology to ensure compliance with
disclosure laws and transparency in DRS activities. 

The draft report contained four recommendations with which the 
Department concurs. Specifically, GAO recommended that the Secretary 
of Rome land Security direct the Chief FOIA Officer to: 

Recommendation 1: Finalize and issue an updated DRS FOIA regulation.
Response: Concur. DHS's Privacy Office is drafting a comprehensive 
FOIA Regulation that will update current procedures on FOIA Operations 
in the Department that address the role of the public liaison, the fee 
limitation for electronic news media requests, or the fact that the
department accepts requests via e-maiL Estimated Completion Date 
(ECD): April 30, 2015. 

Recommendation 2: Improve reporting of FOIA costs by including 
salaries, employee benefits, non-personnel direct costs, indirect 
costs and costs for other offices. 

Response: Concur. DHS's Privacy Office will draft and disseminate 
policy to ensure that all components are capturing the full FOIA 
costs. The policy will include definitions of each category of costs 
that components will be required to capture and submit annually. In 
addition, the DRS Privacy Office will develop a worksheet with 
examples of costs associated with each category to ensure that 
components capture FOIA costs fully. ECD: April 30, 2015. 

Recommendation 3: Determine the viability of re-establishing the 
service-level agreement between USCIS and ICE to eliminate duplication 
in the processing of immigration files. If the benefits of doing so 
would exceed the costs, re-establish the agreement. 

Response: Concur. The DRS Privacy Office, in conjunction with ICE's 
ForA Division and the USCIS's ForA Branch will establish a working 
group to determine the viability of reestablishing the service-level 
agreement between USCIS and ICE and, to determine a course of action 
for eliminating possible duplication in the processing of immigration 
files. ECD: April 30, 2015. 

Recommendation 4: Direct USCIS and Coast Guard to fully implement the 
recommended ForA processing system capabilities and the 508 
requirement. 

Response: Concur. DHS's Privacy Office will draft guidance for 
components to fully implement the recommended FOIA processing system 
capabilities and the 508 requirement. ECD: April 30, 2015. 

Again, thank you for the opportunity to review and comment on the 
draft report. Technical comments were previously provided under 
separate cover. Please feel free to contact me if you have any 
questions. We look forward to working with you in the future. 

Sincerely, 

Signed by: 

Jim H. Crumpacker, CIA, CFE
Director: 
Departmental GAO-OIG Liaison Office: 

[End of section] 

Appendix III: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Valerie C. Melvin, (202) 512-6304 or melvinv@gao.gov: 

Staff Acknowledgments: 

In addition to the contact named above, Anjalique Lawrence (assistant 
director), Chris G. Businsky, Nancy Glover, Lisa Hardman, Alina J. 
Johnson, Lee McCracken, Freda Paintsil, Glenn Spiegel, and Walter 
Vance made key contributions to this report.

[End of section] 

Footnotes: 

[1] 5 U.S.C. § 552.

[2] All federal agencies are required by law (5 U.S.C. § 552(e)), to 
report to Justice on their compliance with FOIA through the submission 
of an annual FOIA report. Department of Justice guidance also requires 
the submission of a chief FOIA officer report to Justice.

[3] Federal Accounting Standards Advisory Board, Statement of Federal 
Financial Accounting Standards 4: Managerial Cost Accounting Standards 
and Concepts (version 13, June 2014).

[4] GAO, 2013 Annual Report: Actions Needed to Reduce Fragmentation, 
Overlap, and Duplication and Achieve Other Financial Benefits, 
[hyperlink, http://www.gao.gov/products/GAO-13-279SP] (Washington, 
D.C., Apr. 9, 2013) and Opportunities to Reduce Potential Duplication 
in Government Programs, Save Tax Dollars, and Enhance Revenue, 
[hyperlink, http://www.gao.gov/products/GAO-11-318SP] (Washington, 
D.C., Mar. 1, 2011). 

[5] Specifically, we used the OPEN Government Act (Pub. L. No. 110-175 
(Dec. 31, 2007)).and best practices compiled by the National Archives 
and Records Administration's Office of Government Information 
Services, the Department of Commerce, and the Environmental Protection 
Agency.

[6] Nine specific exemptions can be applied to withhold, for example, 
classified, confidential commercial, pre-decisional, privacy, and 
several types of law enforcement information.

[7] Electronic Freedom of Information Act Amendments of 1996, Pub. L. 
No. 104-231 (Oct. 2, 1996).

[8] The typical 20-day time period may be extended to thirty days in 
unusual circumstances, such as when a request involves a voluminous 
amount of records or requires consultation with another agency.

[9] Executive Order 13392, Improving Agency Disclosure of Information 
(Washington, D.C.: Dec. 14, 2005).

[10] Openness Promotes Effectiveness in our National Government Act of 
2007, Pub. L. No. 110-175 (Dec. 31, 2007).

[11] Presidential Memorandum of Jan. 21, 2009, Transparency and Open 
Government.

[12] Presidential Memorandum of Jan. 21, 2009, Freedom of Information 
Act.

[13] Factors that increase the complexity of a request include the 
volume of information involved, the number of offices that might have 
responsive documents, the extent to which the information is technical 
or difficult to understand, and the need to communicate with third 
parties, such as other agencies or owners of possible proprietary 
information. 

[14] Some FOIA requests are closed before reaching this stage, for 
example, if no responsive documents can be found, if all responsive 
documents originated with another agency and were referred to that 
agency for processing, or if, after being notified of fees, the 
requester is unwilling to pay the estimated fees.

[15] DHS, Privacy Office, 2014 Chief Freedom of Information Act 
Officer Report to the Attorney General of the United States, 
(Washington, D.C.: March 2014).

[16] Due to double counting in certain cases when a request is 
processed by more than one component, the actual number of unique FOIA 
requests is lower by at least 28,000 requests.

[17] GAO, Freedom of Information Act: Agencies Are Making Progress in 
Reducing Backlog, but Additional Guidance Is Needed, [hyperlink, 
http://www.gao.gov/products/GAO-08-344] (Washington, D.C.: Mar. 14, 
2008). 

[18] GAO, Freedom of Information Act: DHS Has Taken Steps to Enhance 
Its Program, but Opportunities Exist to Improve Efficiency and Cost-
Effectiveness, [hyperlink, http://www.gao.gov/products/GAO-09-260] 
(Washington, D.C.: Mar. 20, 2009). 

[19] GAO, Freedom of Information Act: Additional Actions Can 
Strengthen Agency Efforts to Improve Management, [hyperlink, 
http://www.gao.gov/products/GAO-12-828] (Washington, D.C.: July 2012).

[20] These eleven offices are Office of the Secretary, Citizenship and 
Immigration Services Ombudsman, Domestic Nuclear Detection Office, 
Office of the Executive Secretary, Office of Intergovernmental 
Affairs, Management Directorate, Office of Policy, Office of the 
General Counsel, Office of Health Affairs, Office of Legislative 
Affairs, and Office of Public Affairs.

[21] 6 C.F.R. part 5.

[22] The categories of records are (1) historical daily schedules of 
the most senior agency officials; (2) executed contracts and grants; 
(3) management directives and instructions; (4) congressional 
correspondence under DHS control; (5) FOIA logs; and (6) any records 
released pursuant to FOIA requests that have been, or are likely to 
become, the subject of three or more requests. 

[23] Department of Justice, Handbook for Agency Annual Freedom of 
Information Act Reports: Guidance for FOIA Professionals on Proper 
Tracking and Detailed Instructions for Preparing the Annual Report, 
(Washington, D.C.: Oct. 29, 2013). 

[24] Federal Accounting Standards Advisory Board, Statement of Federal 
Financial Accounting Standards 4, Managerial Cost Accounting Standards 
and Concepts (version 13, June 2014).

[25] [hyperlink, http://www.gao.gov/products/GAO-13-279SP], 
[hyperlink, http://www.gao.gov/products/GAO-11-318SP].

[26] Where applicable, USCIS also refers the immigration file 
documents to other agencies, such as the Department of State or 
Federal Bureau of Investigation, for further processing.

[27] These files, which mostly consist of paper documents, contain 
information regarding an individual's contacts with the U.S. 
immigration and inspection process--for example, naturalization 
certificates, records of border crossings, and reports of arrests or 
investigations.

[28] The average time for USCIS to close a request as of fiscal year 
2013 was 19.73 days, while the average time for ICE to close a request 
was 52.79 days.

[29] Lean Six Sigma is a set of techniques and tools for process 
improvement.

[30] Multi-tracking a request requires a FOIA processor to determine 
if a request is simple, complex, or expedited.

[31] 29 U.S.C. § 794d.

[32] Federal Accounting Standards Advisory Board, Statement of Federal 
Financial Accounting Standards 4: Managerial Cost Accounting Standards 
and Concepts (version 13, June 2014).

[33] [hyperlink, http://www.gao.gov/products/GAO-13-279SP], 
[hyperlink, http://www.gao.gov/products/GAO-11-318SP]. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the 
performance and accountability of the federal government for the 
American people. GAO examines the use of public funds; evaluates 
federal programs and policies; and provides analyses, recommendations, 
and other assistance to help Congress make informed oversight, policy, 
and funding decisions. GAO's commitment to good government is 
reflected in its core values of accountability, integrity, and 
reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's website [hyperlink, http://www.gao.gov]. Each 
weekday afternoon, GAO posts on its website newly released reports, 
testimony, and correspondence. To have GAO e-mail you a list of newly 
posted products, go to [hyperlink, http://www.gao.gov] and select 
"E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO's actual cost of 
production and distribution and depends on the number of pages in the 
publication and whether the publication is printed in color or black 
and white. Pricing and ordering information is posted on GAO's 
website, [hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or 
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card, 
MasterCard, Visa, check, or money order. Call for additional 
information. 

Connect with GAO: 

Connect with GAO on facebook, flickr, twitter, and YouTube.
Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts.
Visit GAO on the web at [hyperlink, http://www.gao.gov]. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; 
E-mail: fraudnet@gao.gov; 
Automated answering system: (800) 424-5454 or (202) 512-7470. 

Congressional Relations: 

Katherine Siggerud, Managing Director, siggerudk@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548. 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548. 

[End of document]