GAO-04-323, Information Technology: OMB and Department of Homeland Security Investment Reviews


This is the accessible text file for GAO report number GAO-04-323 
entitled 'Information Technology: OMB and Department of Homeland 
Security Investment Reviews' which was released on March 11, 2004.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

Report to Congressional Requesters: 

February 2004: 

INFORMATION TECHNOLOGY: 

OMB and Department of Homeland Security Investment Reviews: 

[Hyperlink, http: //www.gao.gov/cgi-bin/getrpt?GAO-04-323]: 

GAO Highlights: 

Highlights of GAO-04-323, a report to the Chairman, House Committee on 
Government Reform and Chairman, Subcommittee on Technology, Information 
Policy, Intergovernmental Relations and the Census 

Why GAO Did This Study: 

In July 2002, the Office of Management and Budget (OMB) issued two 
memorandums directing agencies expected to be part of the Department of 
Homeland Security (DHS) to temporarily cease funding for new 
information technology (IT) infrastructure and business systems 
investments and submit information to OMB on current or planned 
investments in these areas (see figure below for a timeline). 

GAO was asked to (1) explain OMB’s implementation of these memorandums, 
(2) identify any resulting changes to applicable IT investments, and 
(3) ascertain if DHS has initiated its own investment management 
reviews and, if so, what the results of these reviews have been.

What GAO Found: 

The July 2002 memorandums established an investment review group co-
chaired by OMB and the Office of Homeland Security to review submitted 
investments and estimated that millions of dollars potentially could be 
saved as a result of consolidating and integrating component agency 
investments. The investment review group relied on an informal, 
undocumented process to fulfill its responsibilities. Nevertheless, 
according to OMB and DHS IT officials, the review group both reviewed 
five component agency investments that were submitted and addressed 
long-term IT strategic issues related to the transition to the new 
department. 

OMB and DHS IT officials cited some changes to agency IT infrastructure 
and business systems investments because of the July memorandums. In 
addition, DHS IT officials cited other benefits that resulted from the 
memorandums. However, it is not known whether, or the extent to which, 
savings have resulted from the memorandums. In particular, OMB did not 
track savings associated with the July memorandums because, according 
to OMB IT staff, anticipated budgetary savings had not occurred at the 
time the review group was in place. DHS’s chief information officer 
stated that the department plans to track savings related to the 
consolidation and integration of systems and has established a 
mechanism for doing so. However, until such savings are identified, 
tracked, and reported it will remain unknown whether the July 
memorandums and the subsequent establishment of DHS have achieved the 
potential economies identified by OMB. 

Once DHS became operational and the investment review group no longer 
existed, the department established its own IT investment management 
process, which is still evolving. As part of this process, between May 
2003 and late January 2004, the DHS’s highest level investment 
management board performed reviews of nine investments that had reached 
key decision points. Even with this progress, the department has 
identified about 100 IT programs that are eligible for review by its 
two top department-level boards. However, DHS has not established a 
process to ensure that key reviews of such IT investments are performed 
in a timely manner.

What GAO Recommends: 

GAO is making recommendations to DHS to (1) report savings resulting 
from its consolidation and integration of systems and (2) develop a 
schedule for reviews of IT investments subject to departmental 
oversight. In commenting on a draft of the report, OMB representatives 
stated that they generally agreed with our findings and DHS officials 
stated that it was factually accurate.

www.gao.gov/cgi-bin/getrpt?GAO-04-323.

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact David Powner at (202) 
512-9286 or pownerd@gao.gov. 

[End of section]

Contents: 

Letter: 

Results in Brief: 

Background: 

Implementation of OMB's July 2002 Memorandums: 

Some Changes Were Made to Component Agency IT Infrastructure and 
Business Systems Investments: 

DHS Has Initiated Reviews of Component Agency IT Investments, but Its 
Processes Are Still Evolving: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments: 

Appendix: 

Appendix I: DHS Department-Level Investment Management Boards: 

Tables: 

Table 1: Summary of Changes to Component Agencies' IT Investments: 

Table 2: Summary of IRB Control Reviews: 

Figures: 

Figure 1: Timeline of Events Related to the OMB Memorandums and the 
Establishment of DHS: 

Figure 2: DHS Investment Review Process: 

Abbreviations: 

ACE: Automated Commercial Environment: 

CAPPS II: Computer Assisted Passenger Prescreening System: 

CIO: chief information officer: 

DHS: Department of Homeland Security: 

IRB: Investment Review Board: 

IT: information technology: 

OMB: Office of Management and Budget: 

US-VISIT: United States Visitor and Immigrant Status Indicator 
Technology: 

Letter February 10, 2004: 

The Honorable Tom Davis: 
Chairman, Committee on Government Reform: 
House of Representatives: 

The Honorable Adam H. Putman: 
Chairman, Subcommittee on Technology, Information Policy, 
Intergovernmental Relations and the Census: 
Committee on Government Reform: 
House of Representatives: 

The Homeland Security Act of 2002 (P.L. 107-296), which was enacted in 
November 2002, brought together 22 diverse agencies and created a new 
cabinet-level department--the Department of Homeland Security (DHS)--
to help prevent terrorist attacks in the United States, reduce the 
vulnerability of the United States to terrorist attacks, and minimize 
the damage and assist in recovery from attacks that do occur. The new 
DHS presents both information technology (IT) challenges and 
opportunities. For example, DHS (1) faces considerable challenges in 
integrating the many systems and processes that provide management with 
information necessary for decision making and (2) offers opportunities 
to identify and eliminate redundant investments and achieve more 
efficiencies in IT investments.

To begin to tackle these issues even before the department was formed, 
the Office of Management and Budget (OMB) in July 2002 issued two 
memorandums directing federal agencies[Footnote 1] that were expected 
to be part of the new department to temporarily cease funding for new 
IT infrastructure and business systems investments and submit 
information to OMB on current or planned investments in these areas.
[Footnote 2] These memorandums also established an investment review 
group,[Footnote 3] co-chaired by OMB and the Office of Homeland 
Security, to review investments that met the criteria in the July 
memorandums. In October 2002, we testified that it was too early to 
assess the impact of OMB's action because agency submissions were still 
being evaluated.[Footnote 4]

Since DHS has now been established, you requested that we follow up on 
our prior testimony and (1) explain how OMB implemented the July 2002 
memorandums; (2) identify what, if any, changes to agency IT 
investments resulted from the July memorandums and the Homeland 
Security IT Investment Review Group's evaluations (hereafter called the 
review group); and (3) ascertain whether DHS has initiated its own 
investment management reviews and, if so, what the results of these 
reviews have been. To address the first objective, we sought available 
documentation on the criteria and process used by the investment review 
group to make decisions. Likewise for the second objective, we sought 
documentation from OMB and applicable DHS component agencies on 
decisions made by the investment review group and on changes to IT 
investments that resulted from the July 2002 memorandums. However, 
according to OMB and DHS IT officials, the processes used and decisions 
made by the review group and the DHS component agencies were not 
documented. As a result, we largely relied upon interviews with 
applicable OMB and DHS IT officials--including representatives from 
OMB's Office of Information and Regulatory Affairs, the DHS chief 
information officer (who is also the former Office of Homeland Security 
co-chair of the investment review group), and DHS component agency IT 
officials--to address the first two objectives. To address the third 
objective, we reviewed DHS's IT investment management review policies 
and documentation of DHS reviews performed of component agency IT 
investments. This documentation included decision memorandums issued by 
its highest level investment management board on the results of its 
reviews. We also interviewed the DHS chief information officer (CIO), 
chief technology officer, and the coordinator of the DHS investment 
review process. We performed our work at OMB and DHS in Washington, 
D.C., between July 2003 and January 2004, in accordance with generally 
accepted government auditing standards.

Results in Brief: 

The Homeland Security IT Investment Review Group relied on an informal 
and undocumented process to fulfill its responsibilities under the July 
2002 memorandums. Nevertheless, according to OMB and DHS IT officials, 
the review group both reviewed the few component agency investments 
that were submitted for approval and addressed long-term issues related 
to the transition to the new department. In particular, OMB IT 
representatives stated that when the establishment of DHS became closer 
in time the investment review group shifted its focus to IT strategic 
issues related to the transition to the proposed department.

OMB and DHS IT officials cited some changes to agency IT infrastructure 
and business systems investments because of the July memorandums. The 
component agencies submitted five requests to the review group, which 
recommended their approval but with conditions. An example of a request 
that was recommended for approval was the Secret Service's request to 
procure search engine software. According to Secret Service, OMB, and 
DHS IT officials, this request was recommended for approval with the 
condition that the contractual document allow other component agencies 
to use the search engine. Four component agencies also reported other 
changes, including putting planned enhancements on hold, as a result of 
the July memorandums. However, it is not known whether, or the extent 
to which, savings have resulted from the memorandums. In particular, 
OMB did not track the savings associated with the July memorandums 
because, according to OMB IT staff, budgetary savings had not occurred 
at the time that the review group was in place. Until savings resulting 
from the consolidation and integration of systems and services are 
identified, tracked, and reported it will remain unknown whether OMB's 
July memorandums and the subsequent establishment of DHS have achieved 
the potential economies identified by OMB in the memorandums.

Once DHS became operational and the investment review group no longer 
existed, the department established its own IT investment management 
process, which is still evolving. As part of this process, DHS's CIO 
reported that he approved the department's IT portfolio for the fiscal 
year 2005 budget cycle. In addition, between May 2003 and late January 
2004, the department's highest level investment management board had 
performed control reviews[Footnote 5] on nine investments that had 
reached certain key decision points. In each of these cases the project 
was allowed to proceed but additional documentation was required and/or 
conditions set. Although DHS is making progress in reviewing component 
agency projects, the department has identified about 100 IT programs 
that are eligible for review by its two top-level departmental 
investment management boards. According to IT officials, DHS is having 
difficulty in bringing all of these programs before the boards in a 
timely manner. Moreover, DHS has not established a process to ensure 
that key reviews of component agency IT investments subject to 
departmental reviews are performed in a timely manner, although it has 
begun to collect information on the priorities and schedules of its 
top-level investments as a first step.

We are making recommendations to DHS that it report the savings that 
result from its consolidation and integration of systems and services 
and develop a control review schedule for IT investments subject to 
departmental oversight.

We received oral comments on a draft of this report from OMB and DHS 
representatives, who stated that they generally agreed with our 
findings and that it was factually accurate, respectively.

Background: 

With the terrorist attacks of September 11, 2001, the threat of 
terrorism rose to the top of the country's national security and law 
enforcement agendas. In response to these growing threats, the Congress 
passed and the President signed the Homeland Security Act of 2002, 
which created DHS. We have previously identified IT management as 
critical to the transformation of the new department.[Footnote 6] Not 
only does DHS face considerable challenges in integrating the many 
systems and processes that provide management with information for 
decision making, but it must sufficiently identify its future needs in 
order to build effective systems that can support the national homeland 
security strategy in the coming years. To jump start this planning 
process and also begin to identify opportunities for improved 
effectiveness and economy, OMB issued two memorandums in July 2002 to 
selected agencies telling them to "cease temporarily" and report on new 
IT infrastructure and business systems investments above $500,000.

Mission, Organization, and Role of IT in DHS: 

On March 1, 2003, DHS assumed operational control of nearly 180,000 
employees from 22 incoming agencies and offices. In establishing the 
new department, the Congress articulated a seven-point mission for DHS: 

* Prevent terrorist attacks within the United States.

* Reduce the vulnerability of the United States to terrorism.

* Minimize the damage and assist in the recovery from terrorist 
attacks.

* Carry out all functions of entities transferred to the department, 
including by acting as a focal point regarding natural and man-made 
crises and emergency planning.

* Ensure that the functions of the agencies within the department that 
are not directly related to securing the homeland are not diminished or 
neglected.

* Ensure that the overall economic security of the United States is not 
diminished by efforts aimed at securing the homeland.

* Monitor connections between illegal drug trafficking and terrorism, 
coordinate efforts to sever such connections, and otherwise contribute 
to efforts to interdict illegal drug trafficking.

To help DHS accomplish its mission, the Homeland Security Act of 2002 
establishes four mission-related directorates, the (1) Border and 
Transportation Security directorate, (2) Emergency Preparedness and 
Response directorate, (3) Science and Technology directorate, and (4) 
Information Analysis and Infrastructure Protection directorate. In 
addition to these directorates, the U.S. Secret Service and the U.S. 
Coast Guard remain intact as distinct entities within DHS; Immigration 
and Naturalization Service adjudications and benefits programs report 
directly to the deputy secretary as the Bureau of Citizenship and 
Immigration Services, and the Management directorate is responsible for 
budget, human capital, and other general management issues.[Footnote 7]

According to the most recent President's budget, DHS expects to make 
about $4 billion in IT investments in fiscal year 2004--the third 
largest IT investment budget in the federal govenment.[Footnote 8] In 
addition, as we have testified, information management and technology 
are among the critical success factors that the new department should 
emphasize in its initial implementation phase.[Footnote 9] For example, 
DHS currently has several ongoing IT projects that are critical to the 
effective implementation of its mission, such as the: 

* Integrated Surveillance Intelligence System, which is to provide "24 
by 7" border coverage through ground-based sensors, fixed cameras, and 
computer-aided detection capabilities;

* Student Exchange Visitor Information System, which is expected to 
manage information about nonimmigrant foreign students and exchange 
visitors from schools and exchange programs;

* Automated Commercial Environment project, which is to be a new trade 
processing system;[Footnote 10] and: 

* United States Visitor and Immigrant Status Indicator Technology (US-
VISIT), a governmentwide program intended to improve the nation's 
capacity for collecting information on foreign nationals who travel to 
the United States, as well as control the pre-entry, entry, status, and 
exit of these travelers.[Footnote 11]

Moreover, as all of the programs and agencies are brought together in 
the new department, it will be an enormous undertaking to integrate 
their diverse communication and information systems. Among the IT 
challenges that the new department will have to face and overcome are 
developing, maintaining, and implementing an enterprise 
architecture,[Footnote 12] and establishing and enforcing a disciplined 
IT investment management process (which includes establishing an 
effective selection, control, and evaluation process).[Footnote 13] The 
department's ability to overcome these challenges is complicated by the 
IT management problems that its major components had when they 
transferred to DHS. Specifically, as we previously reported, we still 
have numerous outstanding IT management recommendations that require 
action at component agencies, such as the Customs Service and the Coast 
Guard.[Footnote 14]

OMB's July 2002 Memorandums on IT Infrastructure and Business Systems 
Investments: 

Figure 1 illustrates the timing of OMB's July 2002 memorandums. These 
memorandums instructed selected agencies to (1) cease temporarily new 
IT infrastructure and business systems (i.e., financial management, 
procurement, and human resources systems) investments above $500,000 
pending a review of the investment plans of all proposed DHS component 
agencies; (2) identify and submit to OMB information on any current or 
planned spending on these types of initiatives; and (3) participate in 
applicable IT investment review groups co-chaired by OMB and the Office 
of Homeland Security.

Figure 1: Timeline of Events Related to the OMB Memorandums and the 
Establishment of DHS: 

[See PDF for image]

[End of figure]

According to OMB, its goal in issuing these memorandums was to seek 
opportunities for improved effectiveness and economy. In addition, 
according to officials from OMB's Office of Information and Regulatory 
Affairs, another purpose was to obtain an inventory of current and 
planned IT infrastructure and business systems investments for 
organizations to be moved to DHS, which was expected to help in the 
administration's transition planning.

Although OMB directed selected agencies to temporarily cease these 
investments, it did not necessarily mean that work was to be stopped on 
all IT infrastructure and business systems projects at the applicable 
agencies. First, the memorandums only pertained to funding for new 
development efforts and not to existing systems in a "steady state" 
using operations and maintenance funding. Second, the cessation did not 
apply if funds pertaining to a development or acquisition contract had 
already been obligated. Third, agencies could request an expedited 
review to obtain the approval to proceed if they had an emergency or 
critical need. The following are examples of how OMB's direction to 
temporarily cease IT investments would apply in certain circumstances.

* If an agency had an existing procurement system in a steady state in 
which no major modifications or modernization efforts were planned, 
there would have been no effect on the funding of this system.

* If an agency had an ongoing contract with available obligations for 
the development of a financial management system, there would have been 
no effect on this contract, but new obligations for development or 
modernization efforts would have been required to be approved by the 
review group.

* If an agency wanted to award a contract over $500,000 for a new or 
modernized IT infrastructure item such as a local area network, it 
would have been required to obtain approval from the investment review 
group before proceeding.

Our testimony of October 2002, stated that it was not possible to 
assess the full effect of the July memorandums on the selected agencies 
at that time.[Footnote 15] Except for emergency requests, according to 
representatives from OMB's Office of Information and Regulatory 
Affairs, the review group had not taken any action at the time of our 
review on the agencies' submissions in response to the July memorandums 
because neither they nor OMB had completed their reviews of these 
documents.

Implementation of OMB's July 2002 Memorandums: 

The July memorandums called on the Homeland Security IT Investment 
Review Group to assess individual IT investments as part of considering 
whether to consolidate or integrate component agency efforts. In 
fulfilling this role, the review group relied on an informal process, 
which was not documented. Although the review group reviewed the few 
investments that component agencies submitted, according to OMB and DHS 
IT officials, the group generally addressed broader issues related to 
the transition to the new department. In particular, these officials 
noted that the review group concentrated on longer term IT strategic 
issues, such as those related to the development of an enterprise 
architecture, associated with the transition to the proposed 
department.

The investment review group was tasked with (1) reviewing component 
agency IT investment submissions that met the criteria in the 
memorandums, and (2) making recommendations related to these 
submissions, including looking for opportunities to consolidate and 
integrate component agency investments. According to OMB IT 
representatives, the group generally met once a week but did not have a 
documented process for performing reviews of the few component agency 
investments that were submitted for review. These officials reported 
that in the review process that was implemented, (1) agencies requested 
approval of selected IT investments, (2) OMB and the investment review 
group reviewed the agency submission, and (3) the review group made a 
recommendation. Once this recommendation was made, the normal budget 
execution process was implemented. Moreover, according to these 
representatives, the investment review group used the principles 
contained in section 300 of OMB Circular A-11 and section 8(b) of OMB 
Circular A-130 as the criteria for evaluating submitted 
investments.[Footnote 16] In addition, in commenting on a draft of this 
report, representatives from OMB's Office of Information and Regulatory 
Affairs and Office of the General Counsel stated that although the 
activities of the Homeland Security IT Investment Review Group were 
generally conducted on an informal basis, the group relied on the 
already-existing processes documented in these circulars to fulfill its 
responsibilities.

According to OMB IT representatives, when the establishment of DHS 
became closer in time, the focus of the review group shifted from 
reviewing individual investments to addressing the IT strategic issues 
involved with establishing the department. In particular, according to 
DHS officials, the review group created six working groups to address, 
respectively, business architecture, networks, information security, 
Web management, directory services (e.g., e-mail capability), and 
technical reference model issues. In addition, according to these 
officials, the investment review group took into account transition 
work being performed by other entities. For example, the review group 
worked with a liaison from the Chief Financial Officers Council, which 
was looking at financial management system matters related to the new 
department.

Some Changes Were Made to Component Agency IT Infrastructure and 
Business Systems Investments: 

The July 2002 memorandums resulted in some changes to agency IT 
infrastructure and business systems investments. Specifically, 
according to OMB and DHS IT officials, the review group recommended 
approval with conditions the five IT investments submitted to it and 
four component agencies reported that they changed other initiatives as 
a result of the memorandums. However, it is not known whether, or the 
extent to which, savings have resulted from the memorandums. In 
particular, OMB did not track the savings associated with the July 
memorandums because, according to OMB IT representatives, budgetary 
savings had not occurred when the review group was in place. 
Nevertheless, OMB and DHS IT officials cited other benefits that 
resulted from the memorandums, such as the identification of ongoing 
component agency efforts or resources that were important to the 
operation of the department at its inception.

Four component agencies submitted five IT investment requests to be 
reviewed by the review group. According to OMB and DHS IT officials, 
all of these requests were recommended for approval with conditions. In 
addition, four component agencies reported that on their own initiative 
that they terminated, delayed, or changed other initiatives as a result 
of the July memorandums. (See table 1.): 

Table 1: Summary of Changes to Component Agencies' IT Investments: 

Component agency[A]: Animal and Plant Health Inspection Service; 
Reported investment request/decision by the Homeland Security 
IT Investment Review Group: Did not request any decisions; 
Investment decision reported by the component agency: 
* Stopped expansion and maintenance of the Plant Protection and 
Quarantine Small Site Data Communications Infrastructure; 
* Put on hold further development of the Automated Target System. 
Future enhancements to this system are still on hold pending DHS-wide 
decisions.

Component agency[A]: Coast Guard; 
Reported investment request/decision by the Homeland Security 
IT Investment Review Group: Submitted an emergency request to proceed 
with a licensing agreement with Microsoft. This was recommended for 
approval with the condition that the agreement be expanded to include 
other DHS entities. (According to Coast Guard IT officials, the 
licensing agreement was not expanded to include other DHS entities, but 
they could not explain why the review group's condition was not 
met.)[B]; 
Investment decision reported by the component agency: Did not report 
any other changes as a result of the July memorandums.

Component agency[A]: Customs Service; 
Reported investment request/decision by the Homeland Security 
IT Investment Review Group: Submitted a nonemergency request to procure 
a new e-mail system. The review group agreed with the procurement of a 
new e-mail system but recommended a different technical solution. As of 
early January 2004, this solution had not yet been implemented; 
Investment decision reported by the component agency: Did not report 
any other changes as a result of the July memorandums.

Component agency[A]: Federal Emergency Management Agency; 
Reported investment request/decision by the Homeland Security 
IT Investment Review Group: Did not request any decisions; 
Investment decision reported by the component agency: 
* Terminated a planned correspondence tracking system.[C; 
* Terminated a planned personnel resources information system; 
* Integrated five infrastructure projects into ongoing DHS initiatives; 
* Scaled back its enterprise resource planning project pending DHS-wide 
decisions; 
* Scaled back planned upgrades to its financial management system 
pending DHS-wide decisions.

Component agency[A]: Immigration and Naturalization Service; 
Reported investment request/decision by the Homeland Security 
IT Investment Review Group: Did not request any decisions; 
Investment decision reported by the component agency: 
* Put on hold planned enhancements to its core financial management 
system pending DHS-wide decisions. These enhancements are still on 
hold; 
* Put on hold a planned replacement of its Correspondence Control and 
Task Tracking System, which remains on hold; 
* Put on hold planned enhancements to Atlas, an initiative to upgrade 
its IT infrastructure, pending DHS-wide decisions. These enhancements 
are still on hold.

Component agency[A]: Secret Service; 
Reported investment request/decision by the Homeland Security 
IT Investment Review Group: Submitted an emergency request to procure a 
search engine that would conduct database searches across the agency. 
This request was recommended for approval with the condition that the 
procurement include other DHS entities; 
Investment decision reported by the component agency: Did not report 
any other changes as a result of the July memorandums.

Component agency[A]: Transportation Security Administration; 
Reported investment request/decision by the Homeland Security 
IT Investment Review Group: 
* Submitted an emergency request to proceed with a task order for a 
managed services contract, which was recommended for approval with the 
condition that the contract be expanded to include other DHS entities; 
* Submitted a nonemergency request to procure network infrastructures 
at airports. This request was recommended for approval with the 
condition that the agency use, to the extent possible, the existing 
airport infrastructure capabilities of the Customs Service and the 
Immigration and Naturalization Service. The Transportation Security 
Administration was also directed to work with these agencies when a 
need for network infrastructure is identified at specific airports; 
Investment decision reported by the component agency: Delayed the 
agency's plans for "back office" systems, such as human resources and 
payroll systems. According to the Transportation Security 
Administration's CIO, a final decision on these efforts is awaiting 
DHS-wide decisions. 

Source: OMB, DHS, and component agency IT officials.

[A] For the purposes of this table, we used the names of the component 
agencies that were employed at the time of the July 2002 memorandums. 
Some of these names changed after DHS was established.

[B] According to the DHS CIO, this lack of compliance with the 
investment review group's condition was mitigated by the later 
implementation of a DHS-wide Microsoft enterprise license.

[C] The Federal Emergency Management Agency reported that this project 
was terminated, in part, because of the July 2002 memorandums.

[End of table]

The July memorandums stated that initial estimates indicated that 
potential savings of between $100 million and $200 million (IT 
infrastructure) and $65 million and $85 million (business systems) 
could be achieved over a 2-year period[Footnote 17] as a result of 
consolidating and integrating component agency investments. OMB 
reported to congressional committees that these estimates were based 
primarily on best practices in the federal government and private 
industry. However, an OMB IT representative stated that these estimates 
were a rough approximation and that no documentation existed to support 
how they were derived.

The July memorandums also stated that the review group would track 
these savings. Moreover, OMB reported to congressional committees that 
this tracking would include a breakout of the savings, the cause of the 
savings, and the time period in which the savings would be generated. 
However, a tracking process was not established because, according to 
an OMB IT representative, no budgetary savings had occurred at the time 
that the investment review group was in place since no investment was 
terminated by the group. According to this representative, OMB still 
believes that budgetary savings will occur and expects that DHS will 
track these savings. Moreover, this representative stated that OMB will 
be actively working with DHS as part of its budgetary and management 
processes to ensure that such savings occur.

DHS's CIO agreed that savings are expected to result from the 
department's consolidation and integration of systems. Moreover, he 
stated that DHS will be tracking such savings and has established a 
mechanism for doing so. Specifically, the CIO pointed to DHS's 
establishment of IT commodity councils--groups that are responsible for 
a collection of related materials or services--that would perform this 
function. According to the Director of Strategic Sourcing and 
Acquisition Systems, the councils have established project teams that 
are responsible for tracking savings. According to this official, each 
project is in the process of developing their project plans, 
departmental requirements, and savings targets. Until savings resulting 
from the consolidation and integration of systems and services are 
identified, tracked, and reported, it will remain unknown whether OMB's 
July memorandums and the subsequent establishment of DHS have achieved 
the potential economies identified by OMB. In addition, DHS IT 
officials stated that they were not aware of any plans to report 
budgetary savings resulting from the consolidation and integration of 
systems to applicable congressional committees. Such savings 
information is an important element for the Congress to consider when 
deliberating DHS budget requests and overseeing its IT management. 
Moreover, the Chairman of the House Committee on Government Reform has 
previously expressed concern that there has been a tremendous push for 
additional IT spending at DHS component agencies without ensuring 
appropriate management or accountability.

Although budgetary savings have not yet been identified, DHS IT 
officials, including the CIO, cited other benefits to the July 
memorandums. In particular, DHS IT officials estimated that several 
million dollars in costs have been avoided as a result of the Secret 
Service decision. (A Secret Service IT official provided an explanation 
of how this estimate was derived, but we could not validate this amount 
because it was not clearly supported by the documentation provided.) In 
addition, the CIO stated that the investment review group evolved into 
the department's CIO Council, which is responsible for developing, 
promulgating, implementing, and managing a vision and direction for 
information resources and telecommunications management. Further, the 
DHS chief technology officer reported that the review group provided 
the new department with a head start on day one operations by, for 
example, deciding to use the Immigration and Naturalization Service's 
network backbone for the department. Finally, these and DHS component 
agency IT officials stated that the memorandums facilitated the 
department's long-term IT planning efforts, including the development 
of an enterprise architecture.[Footnote 18]

DHS Has Initiated Reviews of Component Agency IT Investments, but Its 
Processes Are Still Evolving: 

Once DHS became operational and the investment review group established 
by the July memorandums no longer existed, the department established 
an IT investment management process that includes departmental reviews 
of component agency IT investments meeting certain criteria. As part of 
the selection phase[Footnote 19] of this process, DHS's CIO reported 
that he approved the department's IT portfolio as part of the fiscal 
year 2005 budget cycle. In addition, as of January 26, 2004, the 
department's highest level investment management board had performed 
control reviews[Footnote 20] of nine investments that had reached key 
decision points. In each of these cases, the project was allowed to 
proceed although additional documentation was required and/or 
conditions were set. Finally, the department's investment management 
process is still evolving as the department attempts to deal with a 
large number of IT investments eligible for departmental reviews.

In May 2003, DHS issued an investment review management directive and 
IT capital planning and investment control guide, which provide the 
department's entities with requirements and guidance on documentation 
and review of IT investments. In particular, the management directive 
establishes four levels of investments, the top three of which are 
subject to review by department-level boards--the Investment Review 
Board (IRB), Management Review Council, and Enterprise Architecture 
Board. Appendix I provides a description of these department-level 
boards and the investments that they are responsible for. The directive 
also establishes a five-phase acquisition process that calls for these 
investments to be reviewed at key decision points, such as program 
authorization. In addition, the IT capital planning and investment 
control guide lays out a process for selecting, controlling, and 
managing investments. Figure 2 provides an overview of the review 
process outlined in the management directive and capital planning and 
investment control guide.

Figure 2: DHS Investment Review Process: 

[See PDF for image]

[End of figure]

As part of the selection phase of its capital planning and investment 
control process, DHS reviewed component agency IT investments for its 
fiscal year 2005 budget submission. Specifically, according to DHS IT 
officials, (1) the CIO approved the department's IT portfolio and (2) 
all of the major IT systems submitted to OMB for the fiscal year 2005 
budget were assessed and scored by an investment review team.[Footnote 
21]

In addition, beginning in May 2003, DHS's top-level board (the IRB) 
began reviewing the department's highest priority projects. As of 
January 26, 2004, the department had performed 12 control reviews of 
nine investments. Table 2 summarizes the results of these reviews.

Table 2: Summary of IRB Control ReviewsA: 

Sponsoring component entity: Border and Transportation Security 
Directorate; 
IT investment: Automated Commercial Environment (ACE); 

Sponsoring component entity: Border and Transportation Security 
Directorate; 
Decision: Two reviews of this program were held. First, on September 
25, 2003, the IRB designated this investment as a DHS level I 
investment and approved its strategic direction. The IRB also decided 
to reconvene when a DHS review team assessing the ACE program 
documentation had completed its review. Second, on November 20, 2003, 
the IRB agreed with the findings of this review team and directed that 
the team's recommendations be implemented. The IRB also authorized the 
approval of the program's fiscal year 2004 expenditure plan; 

Sponsoring component entity: Border and Transportation Security 
Directorate; 
Comments: In both reviews, the IRB directed the sponsor to submit 
additional documentation. In addition, in the second review the IRB 
stated that DHS's Planning Analysis and Evaluation office would hold 
working group meetings with ACE program staff to review the 
department's comments and develop an oversight action plan.

Sponsoring component entity: Border and Transportation Security 
Directorate; 
IT investment: United States Visitor and Immigrant Status Indicator 
Technology (US-VISIT); 

Sponsoring component entity: Border and Transportation Security 
Directorate; 
Decision: Three reviews on this program were held. First, on May 30, 
2003, US-VISIT was approved to continue work but did not receive 
approval to enter into the capability development and demonstration 
acquisition phase. Second, on September 8, 2003, DHS stated that 
US-VISIT had not satisfied the exit criteria for increment 1 and 2. 
Nevertheless, because of its importance to improving security, US-VISIT 
was allowed to continue the design and deployment of its first 
increment and planning for future increments concurrent with it working 
on satisfying the DHS requirements set forth in the decision 
memorandum. Third, the IRB reviewed US-VISIT on November 25, 2003, but 
the decision memorandum was not available as of January 26, 2004; 

Sponsoring component entity: Border and Transportation Security 
Directorate; 
Comments: At the time of the first review, the sponsor was provided 
with exit criteria and dates for submission of documentation, such as 
the configuration management plan and life-cycle cost estimate, which 
constitutes the exit criteria for the next acquisition phase.

Sponsoring component entity: Border and Transportation Security 
Directorate; 
IT investment: Computer Assisted Passenger Prescreening System (CAPPS 
II); 

Sponsoring component entity: Border and Transportation Security 
Directorate; 
Decision: Designated as a DHS level I investment, approved its 
strategic direction, and authorized the program to proceed with the 
capability development and demonstration phase; 

Sponsoring component entity: Border and Transportation Security 
Directorate; 
Comments: Stated that program must provide updated information prior to 
requesting the next key decision point approval and required that it 
address various areas of concern, such as ensuring interoperability of 
data transfer, addressing privacy and policy issues, and identifying 
industry savings associated with the project.

Sponsoring component entity: Citizenship and Immigration Services 
Bureau; 
IT investment: Immigration Services Modernization; 

Sponsoring component entity: Citizenship and Immigration Services 
Bureau; 
Decision: Designated as a DHS level I investment and provided interim 
approval to commence the capability development and demonstration 
phase; 

Sponsoring component entity: Citizenship and Immigration Services 
Bureau; 
Comments: Required that the sponsor (1) develop a transition plan that 
is approved by the DHS CIO; (2) develop a plan to accelerate the 
development of paperless processes and electronic archives; and (3) 
submit systems documentation, such as a mission needs statement and 
test and evaluation plan.

Sponsoring component entity: Coast Guard; 
IT investment: Integrated Deepwater Systems Program; 

Sponsoring component entity: Coast Guard; 
Decision: Designated as a DHS level I investment and approved its 
strategic direction; 

Sponsoring component entity: Coast Guard; 
Comments: Established an oversight process in which (1) DHS's Planning 
Analysis and Evaluation office is to establish a reporting system to 
capture key/ critical program/platform activities and attend Deepwater 
program reviews, (2) the IRB deferred decisions on Key Decision Points 
related to specific asset/capability types to the Coast Guard 
Acquisition Executive, and (3) the IRB is to be briefed annually on the 
program.

Sponsoring component entity: Management Directorate; 
IT investment: Consolidated IT Security Program; 

Sponsoring component entity: Management Directorate; 
Decision: Designated as a DHS level I investment and provided interim 
approval to commence the capability development and demonstration 
phase; 

Sponsoring component entity: Management Directorate; 
Comments: Directed the sponsor to submit a mission needs statement and 
other planning documents, including a program management plan and 
operational requirements document, the successful completion of which 
constitutes the exit criteria for the next acquisition phase.

Sponsoring component entity: Management Directorate; 
IT investment: Homeland Secure Data Network; 

Sponsoring component entity: Management Directorate; 
Decision: Decision memorandum was not available as of January 26, 
2004; 

Sponsoring component entity: Management Directorate; 
Comments: [Empty].

Sponsoring component entity: Management Directorate; 
IT investment: Resource Management Transformation Program; 

Sponsoring component entity: Management Directorate; 
Decision: Approved mission needs statement and authorized the program's 
entry into the concept & technology development phase; 

Sponsoring component entity: Management Directorate; 
Comments: Decision memorandum included exit criteria for the next 
acquisition phase, such as the successful completion of a risk 
management plan and test and evaluation plan, the successful completion 
of which constitutes the exit criteria for the next acquisition phase.

Sponsoring component entity: Science and Technology Directorate; 
IT investment: Wireless Public Safety Interoperable Communications 
Program; 

Sponsoring component entity: Science and Technology Directorate; 
Decision: Designated as a DHS level I investment and approved its 
strategic direction; 

Sponsoring component entity: Science and Technology Directorate; 
Comments: Directed the sponsor to submit a mission needs statement and 
other planning documents, the successful completion of which constitute 
the exit criteria for the next acquisition phase and required that a 
review team be established to study funding issues. 

Source: DHS.

[A] According to DHS IT officials, the Enterprise Architecture Board 
approved each of these projects' presentations to the IRB prior to 
their submission.

[End of table]

Although DHS is making progress in reviewing component agency projects, 
its investment management process continues to evolve. In particular, 
as of January 2, 2004, the department had identified about 100 IT 
programs[Footnote 22] that were eligible for review by its two top-
level departmental boards and, according to IT officials, is having 
difficulty in bringing all of these programs before the boards in a 
timely manner. Moreover, DHS has not established a process to ensure 
that control reviews of component agency IT investments are performed 
in a timely manner. Specifically, although DHS's capital planning and 
investment control guide states that the Office of the CIO will 
maintain a control review schedule for all initiatives in the 
department's IT investment portfolio, as of January 2, 2004, this 
schedule has not been developed. According to the DHS IRB coordinator 
and IT officials, DHS has requested information from its component 
entities related to the schedules and priorities of its level 1, or 
top-level, investments. These officials stated that such information 
can then be used to develop a master milestone calendar for control 
reviews.[Footnote 23] Control review schedules, or master milestone 
calendars, are important to ensure that DHS is reviewing its highest 
priority IT investments in a timely manner so as to be able to affect 
changes to component agency approaches or even terminate a poorly 
managed or strategically unnecessary investment, if appropriate.

DHS's CIO also stated that the department's CIO Council is developing a 
peer review process for major IT projects that is expected to include 
defining a life-cycle management process and a quarterly reporting 
process. The CIO stated that the new process is expected to be 
instituted by the end of March 2004.

Conclusions: 

OMB took a prudent step in issuing its July memorandums directing 
federal agencies that were expected to be part of the new department to 
temporarily cease funding for new IT infrastructure and business 
systems investments in anticipation of the establishment of DHS. 
Although documentation of the implementation of the memorandums was 
lacking, OMB and DHS IT officials outlined an approach that included 
both reviewing specific IT investments and the beginning of planning 
for the transition to the new department. Further, DHS component 
agencies identified actions that they took, such as putting initiatives 
on hold, and other benefits that resulted from the memorandums. 
Nevertheless, according to OMB IT representatives, budgetary savings as 
a result of the July memorandums had not occurred at the time that the 
review group was in place. Although DHS has begun to establish a 
mechanism to track such savings in the future, until savings resulting 
from the consolidation and integration of systems and services are 
identified, tracked, and reported, it will remain unknown whether OMB's 
July memorandums and the subsequent establishment of DHS have achieved 
the millions of dollars in potential economies identified by OMB. The 
Congress would benefit from such information in its deliberations on 
the department's budget and in its oversight of DHS's management of IT. 
Finally, DHS has begun to perform high-level oversight of component 
agency IT investments, although much remains to be accomplished and the 
process for this oversight is still evolving. Accordingly, DHS 
continues to face challenges in providing robust and constructive 
oversight of component agency IT investments. A significant challenge 
remaining is determining the current status and upcoming major 
milestones of IT investments subject to departmental review in order to 
schedule timely control reviews.

Recommendations for Executive Action: 

To demonstrate its progress in consolidating and integrating its 
systems and services, we recommend that the Secretary of Homeland 
Security direct the Chief Information Officer to periodically report to 
appropriate congressional committees, the budgetary savings that have 
resulted from the department's IT consolidation and integration 
efforts, including a breakout of the savings, the cause of the savings, 
and the time period in which the savings have been, or will be, 
generated.

To ensure that IT investments subject to departmental review undergo 
timely control reviews, we recommend that the Secretary of Homeland 
Security direct the Chief Information Officer to develop a control 
review schedule for IT investments subject to departmental oversight 
(i.e., level 1, 2, and 3 investments).

Agency Comments: 

We received oral comments on a draft of this report from OMB and DHS. 
Representatives from OMB's Office of Information and Regulatory Affairs 
and Office of the General Counsel generally agreed with the findings of 
the report. These representatives also provided a technical comment 
that we included in the report, as appropriate. In addition, DHS's 
Office of the CIO capital planning and investment control officials 
stated that the report was factually accurate.

: 

As agreed with your offices, unless you publicly announce the contents 
of this report earlier, we plan no further distribution until 30 days 
from the report date. At that time, we will send copies of this report 
to the Secretary of Homeland Security and the Director, Office of 
Management and Budget. Copies will also be available at no charge on 
the GAO Web site at [Hyperlink, www.gao.gov.].

If you have any questions on matters discussed in this report, please 
contact me at (202) 512-9286 or Linda J. Lambert, Assistant Director, 
at (202) 512-9556. We can also be reached by e-mail at [Hyperlink, 
pownerd@gao.gov] and [Hyperlink, lambertl@gao.gov], respectively. 
Another key contributor to this report was Niti Bery.

Signed by: 

David A. Powner: 
Director, Information Technology Management Issues: 

[End of section]

Appendixes: 

Appendix I: DHS Department-Level Investment Management Boards: 

Board: Investment Review Board[A]; 
Membership: 
* Deputy Secretary (Chair); 
* Under Secretary of Management (Vice-Chair); 
* Under Secretary, Border and Transportation Security; 
* Under Secretary, Emergency Preparedness and Response; 
* Under Secretary, Science and Technology; 
* Under Secretary, Information Analysis and Infrastructure Protection; 
* Deputy Chief of Staff for Policy; 
* Chief Information Officer (CIO); 
* Chief Financial Officer; 
* Chief Procurement Officer; 
* Privacy Officer; 
* General Counsel; 
Types of investments reviewed: All capital assets meeting the 
investment threshold criteria; 
Investment threshold level and criteria: Level 1 investments: 
* Contract costs exceeds $50 million; 
* Importance to DHS strategic and performance plans; 
* High development, operating, or maintenance cost; 
* High risk; 
* High return; 
* Significance in resource administration; 
* For IT investments only: 
* life-cycle costs exceed $200 million; 
Other comments: [Empty].

Board: Management Review Council[A]; 
Membership: 
* CIO; 
* Chief Financial Officer; 
* Chief Procurement Officer; 
Types of investments reviewed: All capital assets meeting the 
investment threshold criteria; 
Investment threshold level and criteria: Level 2 investments: 
* Contract cost $5-$50 million; 
* Affects more than one DHS component; 
* Significant program or policy implication; 
* High executive visibility; 
* For IT investments only: 
* life-cycle costs of $20-$200 million; 
* financial system with operational cost exceeding $500,000; 
* was major in fiscal year 2004 budget submission; 
* is E-government related; 
* is directly tied to the top two layers of the Federal Enterprise 
Architecture business reference model; 
* is an integral part of the DHS modernization blueprint (enterprise 
architecture); 
* affects more than one component entity through the sharing of data or 
facilities, and/or affects the sharing of facilities, data, and/or 
information with state and local governments; 
* common administrative services for which a single, DHS-wide solution 
may be possible or for which a joint DHS team has been established or
planned; 
* new technology initiatives; 
* sensitive initiatives; 
Other comments: [Empty].

Board: Enterprise Architecture Board; 
Membership: 
* CIO (Chair); 
* Chief Financial Officer designee; 
* Chief Procurement Officer designee; 
* Business unit and program representatives; 
* Information officers in the directorates/organizational elements; 
Types of investments reviewed: IT investments meeting the investment 
threshold criteria; 
Investment threshold level and criteria: 
* Annual costs of $1-$5 million; 
* Life-cycle costs of $5-$20 million; 
* E-government transformation focus area; 
Other comments: This board also reviews all level 1 and 2 IT 
investments and makes recommendations to the Investment Review Board 
and Management Review Council. 

Source: DHS.

[A] DHS also plans to employ a Joint Requirements Council to serve as a 
working group to make recommendations to the Investment Review Board 
and Management Review Council on cross-cutting IT investments. The 
Joint Requirements Council, whose membership includes the Chief 
Technology Officer, Director of Strategic Sourcing and chief operating 
officers of DHS's component entities, met for the first time on January 
7, 2004.

[End of table]

(310450): 

FOOTNOTES

[1] The entities that were affected by one or both of the July 2002 
memorandums were the Department of Agriculture's Animal and Plant 
Health Inspection Service, the Federal Emergency Management Agency, the 
Department of Justice's Immigration and Naturalization Service, the 
Department of Transportation's Transportation Security Administration 
and Coast Guard, and the Department of the Treasury's Secret Service 
and Customs Service. Each of these entities was transferred at least in 
part to DHS, and will be referred to as component agencies for purposes 
of this report. 

[2] According to OMB representatives, the July 2002 memorandums stopped 
being applicable once DHS became operational in March 2003. 

[3] The July 2002 memorandums created two investment review groups, the 
(1) Homeland Security IT Investment Review Group, which was to review 
IT infrastructure investments, and (2) Business Systems IT Review 
Group, which was to review business systems investments. However, 
according to an OMB IT representative and the Office of Homeland 
Security co-chair of these groups, because the membership was largely 
the same (they generally comprised the chief information officers of 
the component agencies expected to be part of DHS although some chief 
financial officers were also represented), they acted as a single 
entity. Accordingly, we refer to these groups as the Homeland Security 
IT Investment Review Group for purposes of this report. 

[4] U.S. General Accounting Office, Homeland Security: OMB's Temporary 
Cessation of Information Technology Funding for New Investments, GAO-
03-186T (Washington, D.C.: Oct. 1, 2002). 

[5] During the control phase of the IT investment management process, 
the organization ensures that, as projects develop and as funds are 
spent, the project is continuing to meet mission needs at the expected 
levels of cost and risk. 

[6] U.S. General Accounting Office, Major Management Challenges and 
Program Risks: Department of Homeland Security, GAO-03-102 (Washington, 
D.C.: January 2003).

[7] DHS's Office of the CIO is part of the Management directorate. 

[8] Office of Management and Budget, Budget of the U.S. Government, 
Fiscal Year 2005, Report on IT Spending for the Federal Government for 
Fiscal Years 2003, 2004, and 2005. We did not verify these data. 

[9] U.S. General Accounting Office, Homeland Security: Proposal for 
Cabinet Agency Has Merit, But Implementation Will be Pivotal to 
Success, GAO-02-886T (Washington, D.C.: June 25, 2002). 

[10] We have previously issued reports on this initiative. For example, 
see U.S. General Accounting Office, Customs Service Modernization: 
Automated Commercial Environment Progressing, but Further Acquisition 
Management Improvements Needed, GAO-03-406 (Washington, D.C.: Feb. 28, 
2003).

[11] We have previously issued reports on this initiative. For example, 
see U.S. General Accounting Office, Homeland Security: Risks Facing Key 
Border and Transportation Security Program Need to Be Addressed, GAO-
03-1083 (Washington, D.C.: Sept. 19, 2003). 

[12] An enterprise architecture is a blueprint for institutional 
modernization and evolution that consists of models describing how an 
entity operates today and how it intends to operate in the future, 
along with a plan for how it intends to transition to this future 
state. 

[13] We have issued guidance to agencies related to enterprise 
architecture, IT investment management, and other management issues. 
For example, see U.S. General Accounting Office, Information 
Technology: A Framework for Assessing and Improving Enterprise 
Architecture Management (Version 1.1), GAO-03-584G (Washington, D.C.: 
Apr. 1, 2003) and Information Technology Investment Management: A 
Framework for Assessing and Improving Process Maturity, GAO/AIMD-
10.1.23, Exposure Draft (Washington, D.C.: May 2000).

[14] U.S. General Accounting Office, Homeland Security: Information 
Technology Funding and Associated Management Issues, GAO-03-250 
(Washington, D.C.: Dec. 13, 2002). 

[15] GAO-03-186T. 

[16] These circulars instruct agencies to develop, implement, and use 
capital programming processes that, for example: (1) evaluate and 
select capital asset investments that will support core mission 
functions and demonstrate projected returns on investments that are 
clearly equal to or better than alternative uses of public resources, 
(2) ensure that improvements to existing and planned information 
systems do not unnecessarily duplicate IT capabilities within the same 
agency, and (3) institute performance measures and management processes 
that monitor and compare actual performance with planned results. 

[17] OMB did not specify the 2 years. The DHS CIO believes that the OMB 
savings estimates are achievable, but are not likely to be realized in 
the first 2 years of DHS's establishment.

[18] In September 2003, DHS completed the first version of its target 
enterprise architecture. 

[19] During the selection phase of an IT investment management process, 
the organization (1) selects projects that will best support its 
mission needs and (2) identifies and analyzes each project's risks and 
returns before committing significant funds. 

[20] During the control phase of the IT investment management process, 
the organization ensures that, as projects develop and as funds are 
spent, the project is continuing to meet mission needs at the expected 
levels of cost and risk. 

[21] The investment review team was made up of representatives from the 
offices of the CIO, chief financial officer, and the chief procurement 
officer, as well as several component agencies.

[22] As of January 2, 2004, DHS was still in the process of finalizing 
its list of level 1, level 2, and level 3 IT investments. 

[23] The DHS IRB coordinator and IT officials stated that after the 
level 1 investment process is stabilized, they intend to implement a 
comparable process for level 2 investments; however, they did not yet 
know how level 3 investments were going to be addressed. Level 1, 2, 
and 3 investments are subject to review by department-level boards.

GAO's Mission: 

The General Accounting Office, the investigative arm of Congress, 
exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO's commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains 
abstracts and full-text files of current reports and testimony and an 
expanding archive of older products. The Web site features a search 
engine to help you locate documents using key words and phrases. You 
can print these documents in their entirety, including charts and other 
graphics.

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as "Today's Reports," on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order 
GAO Products" heading.

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. General Accounting Office

441 G Street NW,

Room LM Washington,

D.C. 20548: 

To order by Phone: 

 Voice: (202) 512-6000: 

 TDD: (202) 512-2537: 

 Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov

Automated answering system: (800) 424-5454 or (202) 512-7470: 

Public Affairs: 

Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.

General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.

20548: