Skip to main content

Customs Service Modernization: Management Improvements Needed on High-Risk Automated Commercial Environment Project

GAO-02-545 Published: May 13, 2002. Publicly Released: May 13, 2002.
Jump To:
Skip to Highlights

Highlights

The U.S. Customs Service has requested $206.9 million for its Automated Commercial Environment (ACE)--a new import processing system. Customs' second expenditure plan provides for (1) meeting the Office of Management and Budget's capital planning and investment control review requirements; (2) complying with Customs' enterprise architecture; and (3) complying with federal acquisition rules, requirements, guidelines, and systems acquisition management practices. ACE will fundamentally change Customs' and many other organizations' business processes by introducing new system capabilities. ACE will be available around the clock to support important commercial and enforcement systems. Customs did not meet key commitments made in its first ACE expenditure plan because of underestimating funding requirements. Actual requirements were 90 percent higher than estimated. This history casts uncertainty on Customs' ability to reliably estimate costs and meet future commitments. GAO found that Customs lacks management controls in four areas: enterprise architecture, human capital, software acquisition management, and cost estimation. Because Customs has compressed its ACE acquisition plans from five to four years, the degree of overlap of program increments has increased. This may increase the risk that ACE capabilities will not be delivered on time and within budget.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Directorate of Border and Transportation Security To improve Customs' ACE modernization management, the Customs Service Commissioner should direct the chief information officer, as the designated modernization executive, to certify to Customs' House and Senate appropriations subcommittee, before building each ACE release (i.e., beginning detailed design and development), that the enterprise architecture has been sufficiently extended to provide the requisite enterprise design content and has been updated to ensure consistency and integration across business areas.
Closed – Implemented
The former U.S. Customs Service established a process in 2002 for certifying to its appropriations committees that the Customs enterprise architecture had been sufficiently extended and updated before detailed design and development of each ACE release was begun. In March 2003 the U.S. Customs Service became part of the Department of Homeland Security (DHS) and was designated the Bureau of Customs and Border Protection (CBP). In May 2003, CBP used the process developed by the former Customs Service to certify ACE Releases 3 and 4 against the former Customs enterprise architecture.
Directorate of Border and Transportation Security To improve Customs' ACE modernization management, the Customs Service Commissioner should direct the chief information officer, as the designated modernization executive, to immediately develop and implement a Customs Modernization Office (CMO) human capital management strategy that provides both near- and long-term solutions to the CMO's human capital capacity limitations, including defining the office's skill and capacity needs in terms that will allow Customs to attract qualified individuals and that will provide sufficient rewards and training, linked to performance, to promote their retention.
Closed – Not Implemented
Customs and Border Protection (CBP) Office of Information and Technology (OIT) has taken steps intended to improve IT human capital management. Specifically, it has completed the second and final phase of a reorganization that established six program offices aligned to major mission areas that would provide flexibility in addressing ACE's human capital needs. OIT reported that the reorganization has significantly expanded the number of government personnel responsible for ACE development activities, augmented functional program management expertise, and conducted training to improve the skills of staff and meet program needs. In addition, OIT has developed a Strategic Human Capital Plan, however, it is lacking key components of a comprehensive human capital management strategy identified in our recommendation, such as defining the positions needed (including core competencies) to perform core program functions; assessing and inventorying current workforce skills and abilities; assessing any gaps between needed and existing workforce levels and capabilities; and filling identified gaps via such means as new staff, training existing staff, and augmenting staff with contractor support. According to ACE program officials, the ACE program office has not received direction from OIT to further develop or implement a human capital strategy for the program.
Directorate of Border and Transportation Security To improve Customs' ACE modernization management, the Customs Service Commissioner should direct the chief information officer, as the designated modernization executive, to develop and implement process controls for the Software Engineering Institute's (SEI) Software Acquisition Capability Maturity Model (SA-CMM) level 2 key process areas and the level 3 acquisition risk management key process area.
Closed – Implemented
Customs and Border Protection (CBP) Office of Information and Technology (OIT) has taken steps to develop and implement each of the key process areas for the SA-CMM level 2 key process areas and the level 3 acquisition risk management area. SEI assessed the acquisition management of Releases 1 through 4 against the SA-CMM level 2 criteria. On November 5, 2003, SEI assigned the program's acquisition management processes a level 2 rating.
Directorate of Border and Transportation Security To improve Customs' ACE modernization management, the Customs Service Commissioner should direct the chief information officer, as the designated modernization executive, to conduct and report to Customs' House and Senate appropriations subcommittees, by September 30, 2002, on the results of an internal assessment of the CMO's maturity against the SEI SA-CMM level 2 key process areas and the level 3 acquisition risk management key process area.
Closed – Implemented
Customs and Border Protection (CBP) Office of Information and Technology (OIT) followed GAO's recommendation and conducted an internal assessment of the CMO's maturity against SA-CMM level 2 key process areas and the level 3 acquisition risk management key process areas. CBP reported the results to its House and Senate appropriation subcommittees on September 30, 2002.
Directorate of Border and Transportation Security To improve Customs' ACE modernization management, the Customs Service Commissioner should direct the chief information officer, as the designated modernization executive, to develop and implement a rigorous and analytically verifiable cost estimating program that embodies the tenets of effective estimating as defined in SEI's institutional and project-specific estimating models.
Closed – Implemented
Customs and Border Protection (CBP) Office of Information and Technology (OIT) has taken several steps to strengthen its cost estimating program. First, the program office has defined and documented processes for estimating expenditure plan costs (including management reserve costs). Second, it hired a contractor to develop cost estimates, including contract task orders, which are independent of e-Customs Partnership's (eCP) estimates. Third, it tasked a support contractor with evaluating the independent and eCP estimates against Software Engineering Institute (SEI) criteria. According to the summary-level results of the evaluation for fiscal year 2006, the independent estimates satisfied all seven of the SEI criteria, and CBP's estimates satisfied six of the criteria and partially satisfied the remaining one. For the partially satisfied criterion, the evaluation found that the CBP estimate did not adequately consider past projects in its cost and schedule estimates. Program officials indicated that they are annually evaluating the adequacy of their estimation process as it applies to this criterion.
Directorate of Border and Transportation Security To improve Customs' ACE modernization management, the Customs Service Commissioner should direct the chief information officer, as the designated modernization executive, to limit further expenditure plan requests for management reserve funds to 10 percent of the total funds requested for the program or adequately justify any management reserve requests in excess of 10 percent.
Closed – Implemented
Customs and Border Protection (CBP) Office of Information and Technology's (OIT) third expenditure plan limited its request for management reserve to 10 percent of the total funds requested. Customs plans to limit future requests for management reserve to 10 percent or provide adequate justification for any management reserve request that exceeds 10 percent.
Directorate of Border and Transportation Security To improve Customs' ACE modernization management, the Customs Service Commissioner should direct the chief information officer, as the designated modernization executive, to address the risks associated with the accelerated ACE acquisition strategy, including (1) immediately analyzing the risks associated with the degree of design, development, and testing concurrency across ACE increments that is inherent in Customs' 4-year, schedule-driven acquisition strategy; (2) reconsidering the merits of this accelerated strategy; and (3) within 90 days of the date of this briefing, reporting to Customs' House and Senate appropriations subcommittees on the agency's strategy for going forward and its plans for mitigating the inherent risks associated with this strategy.
Closed – Implemented
Customs and Border Protection (CBP) Office of Information and Technology (OIT) substantially implemented this recommendation. CBP analyzed the risks associated with its accelerated 4-year acquisition strategy. CBP reported to its House and Senate appropriations subcommittees the agency's decision to implement a 4-year schedule and the associated risks on May 13, 2002.

Full Report

Office of Public Affairs

Topics

Appropriated fundsEnterprise architectureAppropriationsEmergency preparednessFunds managementHomeland securityInternal controlsProgram managementStrategic planningExpenditure plan