Information Technology:

Immigration and Customs Enforcement Needs to Fully Address Significant Infrastructure Modernization Program Management Weaknesses

GAO-07-565: Published: Apr 27, 2007. Publicly Released: Apr 27, 2007.

Additional Materials:

Contact:

Randolph C. Hite
(202) 512-6256
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Department of Homeland Security (DHS) fiscal year 2006 appropriations act provided $40.15 million for the Immigration and Customs Enforcement's (ICE) program to modernize its information technology (IT) infrastructure. As mandated by the appropriations act, the department is to develop and submit for approval an expenditure plan for the program, referred to as "Atlas," that satisfies certain legislative conditions, including a review by GAO. In performing its review of the Atlas plan, GAO (1) determined whether the plan satisfies certain legislative conditions and (2) provided other observations about the plan and management of the program. To do this, GAO analyzed the fiscal year 2006 Atlas expenditure plan and supporting documents against the legislative conditions, federal requirements, and related best practices. GAO also interviewed relevant DHS officials.

The fiscal year 2006 Atlas expenditure plan, in combination with related program documentation and program officials' statements, satisfies or partially satisfies the legislative conditions set forth by Congress. This satisfaction, however, is based on plans and commitments that provide for meeting these conditions rather than on completed actions to satisfy them. For example, to address the legislative condition related to capital planning and investment control review requirements, the program plans to, among other things, update its cost-benefit analysis in September 2007 to reflect emerging requirements and other program changes and to complete a privacy impact assessment by April 2007. In addition, the program is in the process of defining how it plans to use its independent verification and validation agent. GAO also observed that DHS has not implemented key system management practices. Specifically, (1) rigorous practices are not being fully adhered to in developing and managing system requirements, (2) key contract management and oversight controls have not been fully implemented, (3) planned risk management practices have yet to be implemented, and (4) performance management practices that are critical to measuring progress against program goals are still being implemented. Thus, much still needs to be accomplished to minimize the risks associated with the program's capacity to deliver promised IT infrastructure capabilities and benefits on time and within budget. Given that hundreds of millions of dollars are to be invested and the program is critical to supporting the ICE mission, it is essential that DHS follow through on its commitments to build the capability to effectively manage the program. Proceeding without it introduces unnecessary risks to the program and potentially jeopardizes its viability for future investment.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Consistent with our recommendation, ICE recently updated its risk inventory to include risks for all Atlas projects. According to the inventory, risks extend to availability of funding, cost, schedule, and system reliability. In addition, in April 2007, ICE updated the Atlas program's risk management plan to include detailed processes for, among other things, reporting to management on the existence and status of risks and progress in implementing mitigation strategies. For example, the plan states that high risks are now to be disclosed and discussed at quarterly Program Management Review meetings. During program management review meetings that we attended (coupled with review of related documentation), high risks, including the status of mitigation efforts, were in fact disclosed to and discussed by management, including the Atlas program manager and ICE's Chief Information Officer.

    Recommendation: To minimize risks to the Atlas program, the Secretary of Homeland Security should direct the Assistant Secretary for Immigration and Customs Enforcement to ensure that ICE follows through on its commitments to implement effective management controls and capabilities by completing implementation of planned risk management activities. This should include (1) updating the risk inventory to include risks for all projects and risk areas and (2) fully implementing and institutionalizing procedures for reporting to management on the existence and status of risks and progress in implementing mitigation strategies.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement

  2. Status: Closed - Implemented

    Comments: Consistent with this recommendation, ICE has taken the following steps. First, it assigned a full-time contracting officer's technical representative (COTR) to the Atlas program, and it revised the Atlas Acquisition Plan to define the contract management and oversight roles and responsibilities of the COTR, contracting officer, and the Atlas program manager. The revised plan also includes the acquisition strategy and major milestones for each Atlas project. Second, in June 2007, ICE updated its System Lifecycle Handbook to incorporate key contract management and oversight activities. Specifically, the handbook now identifies the specific activities and steps that are to be followed and accompanying documentation that is to be submitted to ICE's Office of Acquisition for review. The update also required (1) the Atlas program manager to work with the COTR to ensure that contract management and oversight activities meet the requirements specified in the ICE handbook and (2) the COTR to conduct periodic reviews of contractor performance vis-a-vis the contract statement of work. Third, ICE issued a template in February 2007 that required statements of work for Atlas projects to include clearly defined requirements, deliverables, and related acceptance criteria. The template includes examples of how these requirements are to be met. Our analysis of a statement of work for one Atlas project (Common Computing Environment) that used this template showed that it contained detailed requirements for a variety of support activities, such as technical architecture planning, project management and coordination, and budget and financial analysis. It also defined specific deliverables and associated acceptance criteria.

    Recommendation: To minimize risks to the Atlas program, the Secretary of Homeland Security should direct the Assistant Secretary for Immigration and Customs Enforcement to ensure that ICE follows through on its commitments to implement effective management controls and capabilities by fully implementing key contract management and oversight practices, including those specified in ICE's policies and procedures. This should also include ensuring that the Atlas program manager, working with the program's contracting officer's technical representative, follow through on planned efforts to strengthen the program's compliance with these practices by (1) revising the acquisition plan by May 2007; (2) revising the ICE System Lifecycle Management Handbook by June 2007 to incorporate key contract management activities such as contract tracking and oversight; and (3) preparing statements of work (beginning in February 2007) for future contracts to clearly define Atlas work statements and acceptance criteria.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement

  3. Status: Closed - Implemented

    Comments: ICE has taken multiple actions to improve its adherence to requirements development and management practices that are consistent with our recommendation. For example, ICE developed a process improvement plan that included, among other things, a goal of establishing requirements definition and validation processes that align with DHS/ICE policy and reported on agency progress in meeting these goals. In addition, ICE reported that it had assigned its project managers responsibility for rigorously adhering to the agency's System Lifecycle Handbook (SLH) requirements and holds the managers accountable by having periodic milestone reviews which are conducted by SLH subject matter experts. These experts assess Atlas projects against agency guidance and report the results (via a project management report system) to the ICE CIO, who uses this information in conducting monthly program management reviews.

    Recommendation: To minimize risks to the Atlas program, the Secretary of Homeland Security should direct the Assistant Secretary for Immigration and Customs Enforcement to ensure that ICE follows through on its commitments to implement effective management controls and capabilities by fully adhering to requirements development and management practices, including those specified in ICE's policies and procedures. This should also include having the Atlas program manager develop a process improvement plan for all of the projects that is consistent with the ICE System Lifecycle Management Handbook and provide for making the program manager and project managers responsible and accountable for rigorously adhering to the requirements in the handbook.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement

  4. Status: Closed - Implemented

    Comments: In May 2007, ICE renewed the Atlas program's independent verification and validation (IV&V) contract, and in doing so, included a contract requirement that prohibited the the contractor from soliciting, proposing, or being awarded Atlas program work other than IV&V services. Specifically, the contract, which was signed on May 24, 2007, states that the contractor is prohibited from bidding, soliciting, proposing, or being awarded non-IV&V Atlas work.

    Recommendation: To minimize risks to the Atlas program, the Secretary of Homeland Security should direct the Assistant Secretary for Immigration and Customs Enforcement to ensure that ICE follows through on its commitments to implement effective management controls and capabilities by employing practices essential to ensuring that the Atlas program's independent verification and validation agent is and remains independent, including incorporating requirements in future contracting actions, such as the renegotiation or recompetition of the current independent verification and validation contract, which will prohibit the agent from soliciting, proposing, or being awarded program work other than providing independent verification and validation services and products.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement

  5. Status: Closed - Implemented

    Comments: ICE has taken several actions to improve program performance management that are consistent with the intent of our recommendation. In addition to developing goals for the two projects that were the basis for this recommendation, the Atlas program office is using several software tools (e.g. OCIO Project Activity Reporting tool) to help measure progress against program performance goals. These tools are used to report on, among other things, actual cost, schedule and performance relative to goals. In addition, the ICE CIO discusses the reports at monthly program management reviews to confirm that the reports and supporting information are reliable, complete, and accurate.

    Recommendation: To minimize risks to the Atlas program, we recommend that the Secretary of Homeland Security direct the Assistant Secretary for Immigration and Customs Enforcement to ensure that ICE follows through on its commitments to implement effective management controls and capabilities by improving program performance management, including developing performance goals for projects that do not have goals and reporting on their progress in the fiscal year 2007 expenditure plan. Further, the program should assess that the data being used to measure progress are reliable, complete, and accurate.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement

 

Explore the full database of GAO's Open Recommendations »

Sep 25, 2014

Sep 23, 2014

Jun 10, 2014

May 22, 2014

May 12, 2014

May 8, 2014

May 7, 2014

Apr 2, 2014

Looking for more? Browse all our products here