Recommendation: To reduce the likelihood of name-related erroneous TNCs for employees with multiple or hyphenated surnames, the Director of USCIS should disseminate information to employees, for example, through Office for Civil Rights and Civil Liberties (CRCL's) instructional videos for employees, in DHS's A Guide to Naturalization, and at naturalization ceremonies, on the potential for name mismatches and how to record their names consistently when providing name information to employers, SSA, and DHS.

Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

Status: Closed - Implemented

Comments: Our report recommended that in order to reduce the likelihood of name-related erroneous tentative non-confirmations (TNCs) for employees with multiple or hyphenated surnames, United States Citizenship and Immigration Services (USCIS) should disseminate information to employers on the potential for name-related mismatches and how to record names consistently when providing such information to employers, SSA, and DHS. To address this recommendation, in August 2012, USCIS posted "Tips to Preventing a TNC" on its E-Verify website, and in February 2012, USCIS included information on the importance of entering names consistently on identity and government records in the Questions and Answers (Q&A) section of the Self Check web site. USCIS also reported that in fiscal year 2011, it shared information about complex names and recording names consistently at conferences organized by various worker and immigrant advocacy organizations, including the American-Arab Anti-Discrimination Committee and the League of United Latin American Citizens. We believe that USCIS has taken appropriate steps to address our recommendation.

Recommendation: To better target USCIS's education efforts and ensure employer compliance with the E-Verify program, the Director of USCIS should develop an analysis plan for the mastery test and use the analysis results to make fact-based decisions about whether and how to revise the test, the tutorial, or both.

Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

Status: Closed - Implemented

Comments: Our report recommended that USCIS develop an analysis plan for the E-Verify mastery test and use the results to make decisions about whether and how to revise the test, the tutorial, or both. USCIS reported that it began analyzing the results of revisions to the June 2010 mastery test to assess what questions may need to be further revised and to determine what concepts may require greater explanation. USCIS identified three questions needing revision and made these changes in June 2011. USCIS provided extensive documentation of the data analyses it has conducted in response to this recommendation. Specifically, USCIS analyzed millions of responses to the E-Verify knowledge mastery tests administered in July 2011, January 2012, April 2012, and July 2012; and over 700,000 responses to an E-Verify tutorial administered in November 2010. USCIS also developed an E-Verify Training Analysis Plan with the intent to regularly measure the effectiveness of E-Verify user tutorial content and knowledge tests and other E-Verify educational tools. USCIS reported that the analysis of the E-Verify data will be an ongoing effort and that it will continue to monitor reports to determine changes for future releases. We believe that USCIS's actions have addressed the intent of this recommendation.

Recommendation: To ensure that employees have the ability to access and correct inaccuracies or inconsistencies in personal information within DHS databases that may have led to erroneous TNCs and minimize the potential for employees receiving repeated erroneous TNCs, the Director of USCIS should develop procedures that enable employees to access personal information and correct inaccuracies or inconsistent personal information in DHS databases.

Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

Status: Open

Comments: Our report recommended that USCIS develop procedures that enable employees to access personal information and correct inaccuracies or inconsistent personal information in DHS databases. USCIS stated that as of February 2012, USCIS had deployed Self Check (a free online service of E-Verify that allows workers to check their own employment eligibility status prior to applying for a job) nationwide. USCIS also stated that (1) employees with tentative non-confirmations who contact USCIS are referred to local USCIS offices, Customs and Border Protection Offices, and/or ports of entry to correct records when errors/inconsistencies are identified; (2) the E-Verify program created a Database Integrity Unit that uses quality assurance techniques to identify and help correct erroneous information contained in DHS component databases; (3) USCIS piloted a process whereby USCIS staff assist employees who receive TNCs by submitting an electronic application through the 'Service Request Management Tool' (SRMT) to request a records update. The pilot concluded after it was determined that the Self Check process along with referring employees affected by mismatches to the appropriate agency where the mismatch resides were more effective than referring customers through the SRMT process; and (4) USCIS was exploring the possibility of producing a publication to inform employees of the databases included in the E-Verify checks. USCIS planned to have the publication ready in the third quarter of fiscal year 2012. While Self Check should help prospective employees avoid receiving an erroneous TNC when they are hired, it does not benefit newly hired employees who have already received such a TNC. USCIS's standard operating procedures for E-Verify Work Processes state that the analyst should review the potential data error with a supervisor and tell the individual to call the (1) CBP Customer Service Center if the error occurred on an I-94 Arrival/Departure record, and (2) USCIS National Customer Service Center if the data error occurred in any USCIS document. As of December 2012, USCIS had not implemented operating procedures for management program analysts to explain to employees what personal information produced the TNC they received and what specific steps they should take to access and correct the inaccurate or inconsistent personal information. USCIS stated that it does not currently have procedures in place to verify the employee caller's identity because of adherence to privacy rules and regulations. USCIS also stated that it does not permit management and program assistants to explain to callers what personal information mismatch produced the TNC. We believe that USCIS can, without violating privacy, (1) inform callers which database/component produced the TNC so they can send a FOIA request to determine the reason it occurred, and (2) implement a process to allow individuals with TNCs to correct inaccuracies/inconsistencies in personal information.

Recommendation: To improve the accuracy of the source data used to make employment eligibility decisions and decrease the potential for recurring erroneous nonconfirmations, the Secretary of Homeland Security should direct the heads of DHS components to coordinate with one another to develop procedures to correct inaccurate or inconsistent information in their records and systems that may have led to erroneous TNCs or final nonconfirmation (FNCs).

Agency Affected: Department of Homeland Security

Status: Open

Comments: Our report recommended that DHS components coordinate with one another to develop procedures to correct inaccurate or inconsistent information in their records and systems that may have led to inaccurate or inconsistent tentative or final non-confirmations. Based on information provided by USCIS in January 2012, USCIS appears to be taking several steps to help ensure that systems are linked and that organizational units coordinate. However, our recommendation focuses on the need for developing procedures to correct information in databases used by USCIS, CBP, and/or ICE that has resulted in new hires receiving an erroneous work authorization decision. We note in our report that DHS did not have departmentwide procedures to ensure that all DHS components that own information used in making work authorization decisions collaborate in correcting inaccuracies or inconsistencies. To close the recommendation, DHS should provide evidence that such departmentwide procedures have been implemented.

Recommendation: To decrease the potential for recurring erroneous nonconfirmations, the Director of USCIS should develop procedures for management program analysts to document the basis for their work authorization decisions.

Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

Status: Closed - Implemented

Comments: Our report noted that USCIS did not require management program analysts (MPA) to document the process they used to resolve tentative nonconfirmations that were contested by employees. USCIS officials said they recognized the importance of making and documenting accurate decisions and planned to revise the standard operating procedures to require this of management program analysts. USCIS issued revised standard operating procedures (SOPs) in fiscal year 2012. The revised procedures require MPAs to document the systems and information used to arrive at work authorization decisions. The procedures note that MPAs should list the specific systems they checked (for example, the actual screen within the system that is used to resolve a case). The information entered is to be detailed enough to enable another MPA to understand the decision. We believe that USCIS's revised operating procedures are responsive to the intent of our recommendation.

Recommendation: To help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service in the future, the Director of USCIS and the Commissioner of SSA should finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion.

Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

Status: Closed - Implemented

Comments: In our December 2010 report on E-Verify, we reported that USCIS and the Social Security Administration (SSA) had met five of the six effective practices for capacity management and planning as established by the Software Engineering Institute's best practices for capacity management. However, the agencies had not met the sixth practice defining and documenting service-level requirements to help ensure that SSA will be able to meet E-Verify capacity demands and provide USCIS continuous service in the future, or provided timeframes for when the agreement will be completed. Service-level agreements are widely accepted by Information Technology experts, and are integral to effective information technology planning. We reported that (1) USCIS officials told us that USCIS had developed a draft service-level agreement and had submitted it to SSA for review; and (2) SSA officials told us that SSA was reviewing the agreement, but did not identify a date for when the agreement would be reviewed and approved by both agencies. We recommended that the Director of USCIS and the Commissioner of SSA finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify. In response, on June 7, 2011, we received notification from SSA officials that a service level agreement had been established for the E-Verify program and had been in effect as of May 31, 2011. SSA provided us a copy of its service-level agreement with DHS. The agreement included information on the services that SSA would provide, including SSA's service availability schedule, service scope (for example, average response times to queries and SSA's problem reporting process), and service monitoring, tracking, and reporting procedures. As a result, USCIS and SSA have established a common understanding of how to meet current and future E-Verify system demands, and are better positioned to ensure that SSA will be able to provide continuous E-Verify service and meet increased demands for system capacity in the future.

Recommendation: To help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service in the future, the Director of USCIS and the Commissioner of SSA should finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion.

Agency Affected: Social Security Administration

Status: Closed - Implemented

Comments: In our December 2010 report on E-Verify, we reported that U.S. Citizenship and Immigration Services (USCIS) and the Social Security Administration (SSA) had met five of the six effective practices for capacity management and planning as established by the Software Engineering Institute's best practices for capacity management. However, the agencies had not met the sixth practice: defining and documenting service-level requirements to help ensure that SSA will be able to meet E-Verify capacity demands and providing USCIS continuous service in the future, or provided timeframes for when the agreement will be completed. Service-level agreements are widely accepted by information technology experts, and are integral to effective information technology planning. We reported that (1) USCIS officials told us that USCIS had developed a draft service-level agreement and had submitted it to SSA for review; and (2) SSA officials told us that SSA was reviewing the agreement, but did not identify a date for when the agreement would be reviewed and approved by both agencies. We recommended that the Director of USCIS and the Commissioner of SSA finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify. In response, on June 7, 2011, we received notification from SSA officials that a service level agreement had been established for the E-Verify program and had been in effect as of May 31, 2011. SSA provided us a copy of its service-level agreement with the Department of Homeland Security. The agreement included information on the services that SSA would provide, including SSA's service availability schedule, service scope (for example, average response times to queries and SSA's problem reporting process), and service monitoring, tracking, and reporting procedures. As a result, USCIS and SSA have established a common understanding of how to meet current and future E-Verify system demands, and are better positioned to ensure that SSA will be able to provide continuous E-Verify service and meet increased demands for system capacity in the future.

Recommendation: To ensure that USCIS has a sound basis for making decisions about resource investments for E-Verify and securing sufficient resources to effectively execute defined program plans, the Director of USCIS should ensure that a life cycle cost estimate for E-Verify is developed in a manner that reflects the four characteristics of a reliable estimate consistent with best practices--comprehensive, well-documented, accurate, and credible.

Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

Status: Open

Comments: USCIS reported in August 2012 that the life cycle cost estimate had been completed and was pending approval by the DHS Acquisition Program Management Division's Cost Analysis Division.

Recommendation: To ensure that SSA can accurately project costs associated with its E-Verify workload, as well as estimates for potential mandatory implementation of E-Verify, the Commissioner of SSA should assess the risk and uncertainty within SSA's E-Verify workload estimate as well as the limitations associated with the assumptions used to create it, in accordance with best practices, to ensure that SSA can provide the required level of support to USCIS and E-Verify operations.

Agency Affected: Social Security Administration

Status: Closed - Not Implemented

Comments: As noted in our report, SSA did not agree with the recommendation. SSA stated that it routinely assesses the risk and uncertainty when developing assumptions for E-Verify workload estimates and administrative costs related to proposed legislation. SSA also stated that if E-Verify were to become mandatory, SSA would adapt its budget models and recalculate estimated costs based on the new projected workload volume. As discussed in the report, SSA does not conduct a risk and uncertainty analysis that uses statistical models to quantitatively determine the extent of variability around its cost estimate or identify the limitations associated with the assumptions used to create the estimate. We continue to believe that SSA should adopt this best practice for estimating risks to help it reduce the potential for experiencing cost overruns for E-Verify, but we are closing this recommendation because SSA did not plan to implement it.