Federal Protective Service:

Actions Needed to Resolve Delays and Inadequate Oversight Issues with FPS's Risk Assessment and Management Program

GAO-11-705R: Published: Jul 15, 2011. Publicly Released: Aug 15, 2011.

Additional Materials:

Contact:

Mark L. Goldstein
(202) 512-6670
GoldsteinM@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Federal Protective Service (FPS), which is within the Department of Homeland Security's (DHS) National Protection and Programs Directorate (NPPD), is responsible for protecting the more than 1 million federal employees and members of the public who work in and visit the over 9,000 federal facilities owned or leased by the General Services Administration (GSA) from a potential terrorist attack or other acts of violence. To accomplish its facility protection mission, FPS has about 1,200 full-time employees and approximately 13,200 contract security guards. FPS has an annual budget of about $1 billion and receives its funding from the revenues and collections of security fees charged to tenant agencies for protective services such as facility security assessments (FSA) and providing contract security guard services. Since 2008, we have issued numerous reports that address major challenges FPS faces in protecting federal facilities. For example, in 2009 and 2010 we reported that FPS had problems completing high-quality FSAs in a timely manner and did not provide adequate oversight of its contract guard program. In September 2007, FPS decided to address the challenges with its legacy security assessment and guard management systems with a new system. On August 1, 2008, DHS's Immigration and Customs Enforcement (ICE) competitively awarded and FPS funded a $21 million, 7-year contract to develop and maintain the Risk Assessment and Management Program (RAMP) system. RAMP is a web-enabled risk assessment and guard management system, and its initial implementation was scheduled for July 31, 2009. Among other things, RAMP is intended to: (2) provide FPS with the capability to assess risks at federal facilities based on threat, vulnerability, and consequence, and track countermeasures to mitigate those risks; and (2) improve the agency's ability to monitor and verify that its contract security guards are trained and certified to be deployed to federal facilities. In response to congressional request that we examine RAMP, this report addresses the following questions: (1) What is RAMP's current status, including whether it can be used as planned? (2) What are the factors that contributed to this status? (3) What are the actions FPS is taking to develop and implement RAMP?

RAMP is over budget, behind schedule, and cannot be used to complete FSAs and reliable guard inspections as intended. RAMP's contract award amount totals $57 million, almost three times more than the $21 million original development contract amount. As of June 2011, FPS has spent almost $35 million of the $57 million to develop RAMP. RAMP's costs increased in part because FPS changed the original system requirements and the contractor had to add additional resources to accommodate the changes. FPS also has experienced delays in developing and implementing RAMP, as it is almost 2 years behind its original July 2009 implementation date. FPS cannot use RAMP to complete FSAs because the agency did not verify the accuracy of the federal facility data it obtained from GSA or include an edit feature in RAMP that would allow inspectors to edit these data when necessary. FPS is also experiencing difficulty using RAMP to ensure that its approximately 13,200 contract guards have met training and certification requirements to be deployed at federal facilities because it does not have a process for verifying this information before it is entered into RAMP. RAMP also does not yet fully incorporate certain government security standards. For example, according to an FPS official, RAMP does not support the April 2010 ISC Physical Security Criteria for Federal Facilities because FPS did not have time to incorporate it in the June 2010 version of RAMP. FPS is planning to incorporate these standards in the next version of RAMP. Several factors have contributed to FPS being unable to use RAMP as planned. Most importantly, FPS and ICE did not adequately follow GAO's project management best practices in developing and implementing RAMP. FPS is taking some steps to address RAMP's problems. Most notably, FPS has preliminarily decided to discontinue its current RAMP development contract and is considering using a new contractor to finish developing RAMP. FPS is also working to incorporate ISC's Physical Security Criteria for Federal Facilities into RAMP before the next version is implemented. Given the technological changes that may have occurred since FPS began developing RAMP 4 years ago, there could be alternative systems that would better meet FPS's needs. However, FPS has not evaluated whether further developing RAMP is the most cost-beneficial approach compared to possible alternatives. In addition, FPS has not developed a plan to address the problems we found with RAMP, for example, ensuring the accuracy of federal facility and contract guard data. Given the challenges FPS faced thus far with developing RAMP, technological changes that may have occurred in the last 4 years, and to help guide and ensure the successful development and implementation of any risk assessment and contract guard management system, we recommend that the Secretary of Homeland Security direct the Under Secretary of NPPD and the Director of FPS to take the following four actions: (1) evaluate whether it is cost-beneficial to finish developing RAMP or if other alternatives for completing FSAs and managing security guards would be more appropriate, (2) increase the use of project management best practices by managing requirements and conducting user acceptance testing for any future RAMP development efforts, (3) establish a process for verifying the accuracy of federal facility and guard training and certification data before entering them into RAMP, and (4) develop interim solutions for completing FSAs and guard inspections while addressing RAMP's challenges. To improve contract administration, we recommend that the Secretary of Homeland Security direct the Directors of ICE and FPS to complete contract performance evaluations for the current RAMP contractor, and ensure that the evaluations and other required documents are maintained in the contract file in accordance with DHS's acquisition policy and the Federal Acquisition Regulation (FAR).

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: We reported in 2011 that the Federal Protective Service (FPS) experienced cost overruns and schedule delays with its Risk Assessment and Management Program (RAMP) contract. Specifically, we reported that FPS spent about $35 million and 4 years developing RAMP, essentially a web-enabled risk assessment and guard management system, but ultimately could not use it to complete facility security assessments or reliable guard inspections. Thus, we recommended that FPS evaluate whether it was cost beneficial to finish developing RAMP or if other alternatives for completing security assessments would be more appropriate. In May 2011, FPS determined that it was not cost beneficial to finish developing RAMP and considered other alternatives. FPS ultimately decided to develop an interim vulnerability assessment tool referred to as the Modified Infrastructure Survey Tool (MIST). In May 2012, FPS started training its personnel to use MIST and plans to use MIST to resume assessing security at federal facilities.

    Recommendation: Given the challenges FPS faced thus far with developing RAMP, technological changes that may have occurred in the last 4 years, and to help guide and ensure the successful development and implementation of any risk assessment and contract guard management system, the Secretary of Homeland Security should direct the Under Secretary of NPPD and the Director of FPS to evaluate whether it is cost-beneficial to finish developing RAMP or if other alternatives for completing FSAs and managing security guards would be more appropriate.

    Agency Affected: Department of Homeland Security

  2. Status: Open

    Comments: When we have confirmed the actions FPS has taken in response to this recommendation, we will update the status of this information.

    Recommendation: Given the challenges FPS faced thus far with developing RAMP, technological changes that may have occurred in the last 4 years, and to help guide and ensure the successful development and implementation of any risk assessment and contract guard management system, the Secretary of Homeland Security should direct the Under Secretary of NPPD and the Director of FPS to increase the use of project management best practices by managing requirements and conducting user acceptance testing for any future RAMP development efforts.

    Agency Affected: Department of Homeland Security

  3. Status: Open

    Comments: When we have confirmed the actions FPS has taken in response to this recommendation, we will update the status of this information.

    Recommendation: Given the challenges FPS faced thus far with developing RAMP, technological changes that may have occurred in the last 4 years, and to help guide and ensure the successful development and implementation of any risk assessment and contract guard management system, the Secretary of Homeland Security should direct the Under Secretary of NPPD and the Director of FPS to establish a process for verifying the accuracy of federal facility and guard training and certification data before entering them into RAMP.

    Agency Affected: Department of Homeland Security

  4. Status: Open

    Comments: When we have confirmed the actions FPS has taken in response to this recommendation, we will update the status of this information.

    Recommendation: Given the challenges FPS faced thus far with developing RAMP, technological changes that may have occurred in the last 4 years, and to help guide and ensure the successful development and implementation of any risk assessment and contract guard management system, the Secretary of Homeland Security should direct the Under Secretary of NPPD and the Director of FPS to develop interim solutions for completing FSAs and guard inspections while addressing RAMP's challenges.

    Agency Affected: Department of Homeland Security

  5. Status: Open

    Comments: When we have confirmed the actions FPS has taken in response to this recommendation, we will update the status of this information.

    Recommendation: To improve contract administration, the Secretary of Homeland Security should direct the Directors of ICE and FPS to complete contract performance evaluations for the current RAMP contractor, and ensure that the evaluations and other required documents are maintained in the contract file in accordance with DHS's acquisition policy and the Federal Acquisition Regulation.

    Agency Affected: Department of Homeland Security

 

Explore the full database of GAO's Open Recommendations »

Nov 21, 2014

Nov 14, 2014

Nov 13, 2014

Nov 12, 2014

Oct 31, 2014

Oct 30, 2014

Oct 27, 2014

Oct 24, 2014

Oct 20, 2014

Oct 9, 2014

Looking for more? Browse all our products here