Federal Protective Service:

Actions Needed to Assess Risk and Better Manage Contract Guards at Federal Facilities

GAO-12-739: Published: Aug 10, 2012. Publicly Released: Sep 10, 2012.

Additional Materials:

Contact:

Mark L. Goldstein
(202) 512-2834
goldsteinm@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Department of Homeland Security’s (DHS) Federal Protective Service (FPS) is not assessing risks at federal facilities in a manner consistent with standards such as the National Infrastructure Protection Plan’s (NIPP) risk management framework, as FPS originally planned. Instead of conducting risk assessments, since September 2011, FPS’s inspectors have collected information, such as the location, purpose, agency contacts, and current countermeasures (e.g., perimeter security, access controls, and closed-circuit television systems). This information notwithstanding, FPS has a backlog of federal facilities that have not been assessed for several years. According to FPS’s data, more than 5,000 facilities were to be assessed in fiscal years 2010 through 2012. However, GAO was unable to determine the extent of FPS’s facility security assessment (FSA) backlog because the data were unreliable. Multiple agencies have expended resources to conduct risk assessments, even though the agencies also already pay FPS for this service. FPS received $236 million in basic security fees from agencies to conduct FSAs and other security services in fiscal year 2011. Beyond not having a reliable tool for conducting assessments, FPS continues to lack reliable data, which has hampered the agency’s ability to manage its FSA program.

FPS has an interim vulnerability assessment tool, referred to as the Modified Infrastructure Survey Tool (MIST), which it plans to use to assess federal facilities until it develops a longer-term solution. According to FPS, once implemented, MIST will allow it to resume assessing federal facilities’ vulnerabilities and recommend countermeasures—something FPS has not done consistently for several years. Furthermore, in developing MIST, FPS generally followed GAO’s project management best practices, such as conducting user acceptance testing. However, MIST has some limitations. Most notably, MIST does not estimate the consequences of an undesirable event occurring at a facility. Three of the four risk assessment experts GAO spoke with generally agreed that a tool that does not estimate consequences does not allow an agency to fully assess risks. FPS officials stated that they did not include consequence information in MIST because it was not part of the original design and thus requires more time to validate. MIST also was not designed to compare risks across federal facilities. Thus, FPS has limited assurance that critical risks at federal facilities are being prioritized and mitigated.

FPS continues to face challenges in overseeing its approximately 12,500 contract guards. FPS developed the Risk Assessment and Management Program (RAMP) to help it oversee its contract guard workforce by (1) verifying that guards are trained and certified, and (2) conducting guard post inspections. However, FPS faced challenges using RAMP, such as verifying guard training and certification information, for either purpose and has recently determined that it would no longer use RAMP. Without a comprehensive system, it is more difficult for FPS to oversee its contract guard workforce. FPS is verifying guard certification and training information by conducting monthly audits of guard contractor training and certification information. However, FPS does not independently verify the contractor’s information. Additionally, according to FPS officials, FPS recently decided to deploy a new interim method to record post inspections to replace RAMP.

Why GAO Did This Study

FPS provides security and law enforcement services to over 9,000 federal facilities under the custody and control of the General Services Administration (GSA). GAO has reported that FPS faces challenges providing security services, particularly completing FSAs and managing its these challenges, FPS spent about $35 million and 4 years developing RAMP—essentially a risk assessment and contract guard oversight tool. However, RAMP ultimately could not be used because of system problems.

GAO was asked to examine (1) the extent to which FPS is completing risk assessments; (2) the status of FPS’s efforts to develop an FSA tool; and (3)FPS’s efforts to manage its contract guard workforce. GAO reviewed FPS documents, conducted site visits at 3 of FPS’s 11 regions, and interviewed FPS officials and inspectors, guard companies, and 4 risk management experts.

What GAO Recommends

GAO recommends that FPS incorporate NIPP’s risk management framework in any future risk assessment tool; coordinate with federal agencies to reduce any unnecessary duplication in FPS’s assessments; address limitations with its interim tool to better assess federal facilities; develop and implement a comprehensive and reliable contract guard oversight system; and independently verify that its contract guards are current on all training and certification requirements. DHS concurred with GAO’s recommendations.

For more information, contact Mark L. Goldstein at (202) 512-2834 or goldsteinm@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: In 2015, FPS had its current risk assessment tool (referred to as the Modified Infrastructure Survey Tool (MIST)) reviewed by DHS's Interagency Security Committee (ISC). The ISC confirmed our finding that MIST does not fully incorporate NIPP's risk management framework. Specifically, ISC stated that MIST does not assess the consequence of undesirable events. FPS told us that it will continue to work with ISC and other DHS components to further align MIST with NIPP's risk management framework but has not provided a timeframe for doing so. Continuing its work on identifying a permanent solution for assessing risk a federal facilities could improve FPS' ability to better protect federal facilities and help minimize agencies' duplicative risk assessment activities. Therefore, we are leaving this recommendation open.

    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should direct the Under Secretary of NPPD and the Director of FPS to incorporate NIPP's risk management framework--specifically in calculating risk to include threat, vulnerability, and consequence information--in any permanent risk assessment tool.

    Agency Affected: Department of Homeland Security

  2. Status: Closed - Implemented

    Comments: The Federal Protective Service (FPS) provides security and law enforcement services to over 9,000 federal facilities under the custody and control of the General Services Administration (GSA). In 2012, we reported that multiple federal agencies, including GSA, have been expending additional resources to conduct their own risk assessments, while also paying the Federal Protective Service (FPS) for this service. According to FPS's Chief Financial Officer, FPS received $236 million in basic security fees from federal agencies to conduct FSAs and other security services in fiscal year 2011. Specifically, GSA was expending additional resources to assess risk. We reported in October 2010 that GSA officials did not always receive timely FPS risk assessments for facilities GSA considered leasing. GSA sought to have these risk assessments completed before it took possession of a property and leased it to tenant agencies. An inefficient risk assessment process for new lease projects can add costs for GSA and create problems for both GSA and tenant agencies. However, FPS had not coordinated with GSA and other federal agencies to reduce or prevent duplication of its facility security assessments. Therefore, we recommended that DHS direct FPS to coordinate with GSA and other federal tenant agencies to reduce any unnecessary duplication in security assessments of facilities under the custody and control of GSA. In 2016, we confirmed that FPS has taken steps to coordinate with these agencies. For example, in 2014, FPS surveyed GSA and other federal agencies to determine why they were conducting their own risk assessments, among other things. As a result of both coordinating with and surveying GSA as well as other federal agencies, FPS has reduced or prevented the duplication of effort associated with its risk assessments.

    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should direct the Under Secretary of NPPD and the Director of FPS to coordinate with GSA and other federal tenant agencies to reduce any unnecessary duplication in security assessments of facilities under the custody and control of GSA.

    Agency Affected: Department of Homeland Security

  3. Status: Open

    Comments: FPS had its current risk assessment tool (referred to as the Modified Infrastructure Survey Tool (MIST)) reviewed by DHS's Interagency Security Committee (ISC). The ISC confirmed our finding that MIST does not fully incorporate NIPP's risk management framework. Specifically, ISC stated that MIST does not assess the consequence of undesirable events. FPS told us that it will continue to work with ISC and other DHS components to further align MIST with NIPP's risk management framework but has not provided a timeframe for doing so. Continuing its work on identifying a permanent solution for assessing risk a federal facilities could improve FPS' ability to better protect federal facilities and help minimize agencies' duplicative risk assessment activities. Therefore, we are leaving this recommendation open.

    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should address MIST's limitations (assessing consequence, comparing risk across federal facilities, and measuring performance) to better assess and mitigate risk at federal facilities until a permanent system is developed and implemented.

    Agency Affected: Department of Homeland Security

  4. Status: Open

    Comments: In June 2016, FPS briefed us on the steps it is taking to develop a new post tracking system to oversee its contract guards. Once fully developed and implemented the new system, according to FPS, should provide the agency with the capability to , among other things, determine (in a real time) whether guards are standing posts at federal facilities, ensure that facilities are staffed as required, and verify and track guard certifications to ensure that guards are fully qualified and trained to be deployed to federal facilities. However, FPS is in the early stage of acquiring its new system and estimates that it will be implemented in fiscal year 2019. Given the benefits that may result from FPS's new post tracking system, we are keeping this recommendation open until FPS has completed its development and implementation of its new post tracking system.

    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should develop and implement a new comprehensive and reliable system for contract guard oversight.

    Agency Affected: Department of Homeland Security

  5. Status: Open

    Comments: In June 2016, FPS briefed us on the steps it is taking to develop a new post tracking system to oversee its contract guards. Once fully developed and implemented the new system, according to FPS, should provide the agency with the capability to , among other things, determine (in a real time) whether guards are standing posts at federal facilities, ensure that facilities are staffed as required, and verify and track guard certifications to ensure that guards are fully qualified and trained to be deployed to federal facilities. However, FPS is in the early stage of acquiring its new system and estimates that it will be implemented in fiscal year 2019. Given the benefits that may result from FPS's new post tracking system, we are keeping this recommendation open until FPS has completed its development and implementation of its new post tracking system.

    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should verify independently that FPS's contract guards are current on all training and certification requirements.

    Agency Affected: Department of Homeland Security

 

Explore the full database of GAO's Open Recommendations »

Dec 1, 2016

Nov 28, 2016

Oct 31, 2016

Oct 26, 2016

Oct 13, 2016

Oct 12, 2016

Sep 30, 2016

Sep 29, 2016

Sep 27, 2016

Looking for more? Browse all our products here