This is the accessible text file for GAO report number GAO-10-588SP entitled 'Department Of Homeland Security: Assessments of Selected Complex Acquisitions' which was released on July 1, 2010. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Addressees: United States Government Accountability Office: GAO: June 2010: Department Of Homeland Security: Assessments of Selected Complex Acquisitions: GAO-10-588SP: GAO Highlights: Highlights of GAO-10-588SP, a report to congressional addressees. Why GAO Did This Study: Department of Homeland Security (DHS) acquisitions represent hundreds of billions of dollars in life-cycle costs to support a wide range of missions. Creating acquisition policies and processes to provide insight into the performance of a wide array of complex investments, while also providing oversight for many component agencies new to acquisition management, has been an ongoing challenge for DHS. GAO performed this review because DHS implementation and transformation is on GAO’s high risk list. This report (1) provides an update on DHS’s efforts to implement acquisition oversight for all investments; (2) describes acquisition performance and common challenges across selected programs; and (3) provides individual profiles for 18 selected programs, 15 of which were major programs that had initiated acquisition activities. GAO selected programs based on relevance to frontline homeland security missions and assessed cost and schedule performance and acquisition planning challenges. What GAO Found: DHS continues to develop its acquisition oversight function and has begun to implement a revised acquisition management directive that includes more detailed guidance for programs to use when informing component and departmental decision making. The senior-level Acquisition Review Board (ARB) has begun to meet more frequently and has provided programs decision memorandums with action items to improve performance. The ARB reviewed 24 major acquisition programs in fiscal years 2008 and 2009; however, more than 40 major acquisition programs had not been reviewed, and programs have not consistently implemented review action items by established deadlines. Additionally, DHS has developed a database to capture and track key program information, including cost and schedule performance, contract awards, and program risks. At the component level, oversight officials are establishing new acquisition executive positions to manage acquisition processes, but departmental leadership has limited their decision authority due to staffing levels and inconsistencies between component- and department-level acquisition policies. Further, DHS acquisition management processes do not inform budget decisions as required by DHS policy, and as a result DHS is at risk of failing to maximize resources and ultimately meet critical mission needs. GAO has found that program performance metrics for cost and schedule can provide useful indicators of the health of acquisition programs and can be valuable tools for improving insight and oversight of programs. Further, realistic program baselines with stable requirements, an adequate and skilled program office workforce, and knowledge of long-term support requirements are important factors to successful acquisitions. However, program performance cannot be accurately assessed without valid baseline requirements established at the program start, particularly those that establish the minimum acceptable threshold required to satisfy user needs. Using the best available information, GAO found that of the 15 major programs that had started acquisition activities, 12 reported cost growth, and almost all programs reported schedule delays. DHS policy requires acquisition oversight officials to assess the accuracy of life-cycle cost estimates for all major programs estimated to exceed $1 billion and provides guidance for programs to develop life-cycle cost estimates. The responsible DHS acquisition oversight officials have raised concerns about the accuracy of cost estimates for most major programs, making it difficult to assess the significance of the reported cost growth. Further, over half of the programs GAO reviewed initiated acquisition activities without approved key planning documents that set operational requirements and establish program baselines. Programs also experienced other acquisition planning challenges, such as staffing shortages, and lack of sustainment planning, as well as execution challenges related to technical capability, partner dependence, and funding issues. DHS’s success in improving acquisition depends on further implementation of needed improvements and sustained management attention. What GAO Recommends: GAO is not making any new recommendations as this is intended as a status report. However, GAO has previously made numerous recommendations intended to improve acquisition management. DHS generally agreed with the findings and noted actions taken and efforts under way to improve the Department’s acquisition review process. View [hyperlink, http://www.gao.gov/products/GAO-10-588SP] or key components. For more information, contact John P. Hutton at (202) 512- 4841 or huttonj@gao.gov. [End of section] Contents: Forward: Letter: DHS Continues To Develop and Implement Acquisition Oversight: Acquisition Performance and Program Challenges: Program Assessments: Agency Comments and Our Evaluation: Appendix I: Objectives, Scope and Methodology: Appendix II: Comments From The Department Of Homeland Security: Appendix III: The Acquisition Life Cycle, Systems Engineering Life Cycle and Key Acquisition Documents at DHS: Related GAO Products: Tables: Table 1: DHS Oversight Officials' Roles and Responsibilities: Table 2: Comparison of Department and Component-Level Review under Acquisition Management Directive 102-01 (Interim) and Management Directive 1400: Table 3: Acquisition Decision Memo Action Items (fiscal years 2008 and 2009): Table 4: DHS Major Acquisition Program Costs: Table 5: Summary of Major Program Planning Challenges: Table 6: Status of Integrated Logistics Support Plans (ILSP): Figures: Figure 1: Summary of DHS Acquisition Programs Assessed: Figure 2: Programs with Estimated Schedule Delay to Full Capability: Figure 3: Key Document Approval Timeframes: Figure 4: DHS Major Program Government Staff and Contractor Support: Abbreviations: APB: Acquisition Program Baseline: ARB: Acquisition Review Board: C4ISR: Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance: CAE: Component Acquisition Executive: CBP: Customs and Border Protection: CDC: Centers for Disease Control: DCI: Data Collection Instrument: DHS: Department of Homeland Security: DOD:; Department of Defense: EDS: Explosive Detection System: FBI: Federal Bureau of Investigations: FDA: Food and Drug Administration: FEMA: Federal Emergency Management Agency: FOC: Full Operating Capability: ILSP: Integrated Logistics Support Plans: IOC: Initial Operating Capability: NASA: National Aeronautics and Space Administration: OMB: Office of Management and Budget: SBInet: Secure Border Initiative Network: TSA: Transportation Security Administration: USDA: United States Department of Agriculture: US-VISIT: United States Visitor and Immigrant Status Indicator Technology: [End of section] United States Government Accountability Office: Washington, DC 20548: June 30, 2010: Congressional Addressees: I am pleased to present GAO's assessment of complex acquisitions at the Department of Homeland Security (DHS). This report provides a snapshot of DHS acquisition oversight, planning, and execution--a topic that has been of interest since DHS was created in 2003. Soon after DHS began operations, we designated its implementation and transformation as a high-risk area due to the enormous management challenge of integrating 22 disparate agencies, and the size, complexity, and importance of the effort to the nation's security. [Footnote 1] Our prior work has highlighted the issues DHS has faced in designing and implementing the necessary management structure and processes to support some of the broadest and most complex needs among federal agencies. Critical issues include the need for sound acquisition planning to reduce program management challenges that lead to cost and schedule growth, and the department's need to integrate acquisition review and budgeting for major investments. In order to accomplish a wide range of frontline homeland security missions, as well as provide management information capabilities, DHS's acquisition spending has increased by 66 percent--from $8.5 billion in fiscal year 2004 to $14.2 billion in fiscal year 2009[Footnote 2]--and its portfolio of complex acquisitions continues to expand. While DHS has made recent progress in clarifying acquisition oversight processes, much remains to be done to ensure proper implementation and department wide coordination. In a time of fiscal constraints, it is increasingly important that DHS's acquisitions maximize resources to effectively meet critical homeland security missions. Signed by: Gene L. Dodaro: Acting Comptroller General of the United States: [End of section] United States Government Accountability Office: Washington, DC 20548: June 30, 2010: Congressional Addressees: In fiscal year 2009, the Department of Homeland Security (DHS) had 67 major acquisitions intended to support a wide range of missions including securing our borders, mitigating natural disasters, and investigating security threats. Our work on major acquisitions at other federal departments and agencies has provided a framework for assessing DHS's acquisitions.[Footnote 3] We have found that a program must have a sound business case that includes firm requirements, a knowledge-based acquisition strategy, and realistic cost estimates in order to reduce program challenges.[Footnote 4] Further, we have found that acquisition oversight is more effective when regular reviews are held, an adequate workforce has been developed, and reliable cost, schedule and performance metrics are available.[Footnote 5] These conditions provide a program a reasonable chance of meeting its challenges yet delivering on time and within budget. The department's acquisitions, representing hundreds of billions of dollars in life-cycle costs, are managed by 12 components and offices through a structure of dual accountability. While the Undersecretary for Management serves as the Chief Acquisition Officer and bears responsibility for acquisition policy, the component heads bear responsibility for individual programs designed to achieve mission specific goals and objectives. Many of the 67 major acquisition programs existed prior to the creation of DHS and were managed by 1 of the 22 separate agencies that merged to form the department. Creating acquisition policies and processes to provide insight into the performance of a wide array of complex acquisitions, while also providing oversight for many component agencies new to acquisition management, has been an ongoing need. Our work over the past several years has consistently pointed to the challenges involved in effectively managing and overseeing this large and varied acquisition portfolio to meet performance expectations. We have raised these concerns in the context of our work on the department's acquisition oversight and in assessments of specific acquisitions across various components. We have reported that DHS's implementation of its investment review process generally resulted in investment decisions that were inconsistent with established policy and oversight, and weaknesses in some component management practices further compounded the problem. [Footnote 6] The department has not always reviewed its major investments at key phases in the acquisition life cycle, employed reliable cost and schedule estimating practices, or used effective requirements development and test management practices. These management weaknesses have led to major programs aimed at delivering important mission capabilities not living up to expectations.[Footnote 7] For example, we reported that the Rescue 21 program did not follow established processes for managing requirements which contributed to deployment delays and limited the Coast Guard's ability to conduct search and rescue missions.[Footnote 8] U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) did not sufficiently define what capabilities and benefits would be delivered, by when, and at what cost, which contributed to development and deployment delays. [Footnote 9] Secure Border Initiative Network (SBInet) did not adequately define requirements, perform testing, or oversee contractors, delaying security of the southwest border.[Footnote 10] The department has acknowledged many of these issues and is making efforts to address them at the departmental and program levels. Because DHS relies on its complex acquisitions to fulfill critical homeland security missions, we assessed the department's oversight and implementation of complex acquisitions. This report (1) provides an update on the department's efforts to implement acquisition oversight for all acquisitions; (2) describes acquisition performance and common challenges across selected programs; and (3) provides individual profiles for each of the selected programs. To provide an update on acquisition oversight, we assessed the department's efforts to implement its interim acquisition management directive. We reviewed the department's acquisition management directives, acquisition decision memorandums, and key program tracking documents, and we interviewed departmental acquisition oversight officials. At the component level, we interviewed acquisition officials at the six components in our review--Customs and Border Protection, Federal Emergency Management Agency, National Protection and Programs Directorate, Office of Health Affairs, Transportation Security Administration, and the United States Coast Guard--about their policies and practices, staffing, departmental coordination, and relevant challenges. We did not, however, specifically assess the extent to which the department's acquisition guidance is consistent with best practices.[Footnote 11] To assess the implementation of complex acquisitions, we focused on acquisition planning. We selected 18 programs across six components-- 16 major acquisition programs, as well as 2 smaller programs critical to DHS's mission based on several factors, including total projected funding for fiscal years 2007 through 2012, current stage in the DHS acquisition life cycle, and relevance to front-line homeland security missions. The 18 programs selected represent about $100 billion in life-cycle costs and about $38 billion in acquisition costs. We developed a data collection instrument to obtain key data on program cost, schedule, performance, and staffing, for the selected programs, and we reviewed it with program offices to clarify data requested in advance of completion. We also researched cost data reported in the Office of Management and Budget's (OMB) Exhibit 300 as part of the executive branch capital planning process and Coast Guard's Quarterly Acquisition Reports to Congress. We based our analysis on these sources as they represented more complete and official data used for making important planning and budgeting decisions. We interviewed officials from the 18 program offices to learn more about acquisition performance and program challenges. We also reviewed relevant GAO and DHS Inspector General reports on the selected acquisitions. The analysis of acquisition performance and common challenges across the selected programs focuses on 15 programs for which data were available.[Footnote 12] The profiles of the selected programs include all 18 programs selected for our review. All data were current as of 2009, with the exception of latest estimates of program costs obtained from OMB Exhibits 300, which were current as of either January or February 2010. We assessed program data using criteria based on best practices established in prior work on major acquisitions. We have frequently reported on the importance of using a solid, executable business case before committing resources to a new acquisition. Our body of work on best practices has shown that a sound business case is one that provides demonstrated evidence that (1) needs are valid and can best be met with the chosen concept; and (2) the chosen concept can be developed and produced within existing resources. If a valid business case is not established by the start of an acquisition program, then requirements are likely to change, which can lead to significant cost increases and schedule delays as the government and contractor gain a better understanding of requirements. Program cost, schedule, and performance, and changes in these factors over time can provide useful indicators of the health of acquisition programs. When assessed regularly for changes and the reasons that cause changes, such indicators can be valuable tools for improving insight and oversight of individual programs as well as total portfolio of major acquisitions.[Footnote 13] However, performance metrics are of little value without knowledge-based, realistic program baselines, which are critical to acquisition programs achieving goals. Without realistic baselines established at the start of a program, there is no foundation for accurately measuring the knowledge and health of programs. We conducted our work from March 2009 to June 2010 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. See appendix I for additional information on our scope and methodology. We do not make recommendations in this report; however, we have previously made numerous recommendations intended to improve the department's acquisition management and oversight, and DHS is taking steps to address them. We provided a draft of this report to DHS for review and comment. DHS generally concurred with our findings citing the review of actions taken and efforts under way to improve the acquisition review process, particularly the development and implementation of the department's acquisition management directive. The department's comments are reprinted in appendix II. DHS also provided technical comments which we incorporated as appropriate and where supporting documentation was provided. DHS Continues To Develop and Implement Acquisition Oversight: DHS continues to develop its acquisition oversight function and has produced and begun to implement a revised acquisition management directive. As part of the implementation process, the senior-level Acquisition Review Board (ARB) has begun to meet more frequently and has provided decision memorandums with action items to improve program performance. The ARB reviewed 24 major acquisition programs in fiscal years 2008 and 2009; however, more than 40 major acquisition programs had not been reviewed, and programs have not consistently implemented review action items by established deadlines. The acquisition oversight office has created a tracking system to monitor key program information for all acquisitions. At the component level, acquisition oversight offices have begun to update policies and staff capacity needed to oversee program activities. While these efforts are positive steps toward improving acquisition management and oversight, the department has not yet established a departmentwide requirements oversight body for all acquisitions or integrated the acquisition review and budget processes as required by DHS policy. As a result, DHS is at risk of failing to maximize resources and ultimately meet critical mission needs. DHS's success in improving acquisition depends on further implementation and sustained management attention. Acquisition Management Directive: In 2008, we reported that DHS had not effectively implemented its investment review process, and as a result, the department had not provided the oversight needed to identify and address cost, schedule, and performance problems for its major acquisitions.[Footnote 14] Since the time of that review, DHS has established a revised oversight process and begun to implement an interim acquisition management directive and an accompanying guidebook explaining how the department should meet the directive's requirements.[Footnote 15] The interim directive includes more detailed guidance than the previous 2006 management directive for programs to use in preparing key documentation to support component and departmental decision making. For example, the interim directive, in effect at the time we reviewed the selected acquisitions, establishes four acquisition life-cycle phases: (1) identify a capability need; (2) analyze and select the means to provide that capability; (3) obtain the capability; and (4) produce, deploy and support the capability. The directive requires ARB review of each major acquisition program at least three times at key acquisition decision events during a program's acquisition life cycle. Table 1 describes the roles and responsibilities of the entities involved in the review process. Table 1: DHS Oversight Officials' Roles and Responsibilities: Officials: Acquisition Review Board members; Roles: Officials that comprise the departmental executive board that reviews major acquisition programs; The chair of the Board is the Acquisition Decision Authority; individual authority differs depending on the level of the acquisition; Members include the Under Secretary for Management, Assistant Secretary for Policy, General Counsel, Chief Financial Officer, Chief Procurement Officer, Chief Information Officer, Chief Administrative Officer, Chief Security Officer, Director of Operational Test and Evaluation, and user representatives from components sponsoring the capability, and other representatives as appropriate; Responsibilities: Review Level 1 and Level 2 acquisitions for executable business strategy, resources, management, accountability, and alignment to strategic initiatives. Support the Acquisition Decision Authority as it reviews acquisitions to ensure compliance with Acquisition Management Directive AD 102-01, and approves acquisitions to proceed to their next acquisition life-cycle phases upon satisfaction of applicable criteria. Officials: Chief Acquisition Officer; Roles: Normally serves as the Acquisition Decision Authority for Level 1 and Level 2 acquisitions (see table 2); Designates the Component Acquisition Executives; Responsibilities: Management, administration, and oversight of the department's acquisition policies and procedures. Officials: Director of the Acquisition Program Management Division, Office of the Chief Procurement Officer; Roles: Serves as the DHS executive agent and coordinator for the acquisition review process and as the executive secretary of the Acquisition Review Board; Responsibilities: Developing and maintaining acquisition policy, procedures, and guidance; providing support and assistance to department acquisition and acquisition personnel. Officials: Director of the Cost Analysis Division, Office of the Chief Procurement Officer; Roles: Serves as the focal point within DHS for policy, process, and procedures regarding acquisition cost estimating and analysis; Responsibilities: Assessing life-cycle cost estimates for Level 1 acquisitions, assisting acquisition management offices by providing guidance and support regarding data sources, methodology, modeling, and documentation. Officials: Component Head; Roles: The highest ranking individual within a component, nominates the Component Acquisition Executive; Responsibilities: Oversees acquisition within the component in accordance with DHS acquisition policies and procedures, and ensures sound management, review, support, approval, and oversight of all types of acquisitions within the component. Officials: Component Acquisition Executive; Roles: Nominated by the component head and designated by the Chief Acquisition Officer, the senior acquisition official within a component; Responsibilities: Establishing acquisition processes within the component; managing the component's acquisition portfolio; and serving as the Acquisition Decision Authority for Level 3 acquisitions, and Level 2 acquisitions if assigned by the Chief Acquisition Officer (see table 2). Source: GAO presentation of Department of Homeland Security Acquisition Management Directive AD 102-01, interim version, and Acquisition Instruction/Guidebook 102-01-001, interim version. [End of table] ARB reviews provide an opportunity to determine a program's readiness to proceed to the following life-cycle phase. The directive also requires the ARB chairperson to approve key acquisition documents critical to establishing a program's business case, operational requirements, acquisition baseline, and document testing and support plans. See appendix III for the four phases of the acquisition life cycle, related acquisition decision events, and key acquisition documents, such as the Mission Need Statement, Operational Requirements Document and Acquisition Program Baseline. The directive also changes the basis for program reviews from total acquisition costs to total life-cycle costs and assigns specific oversight responsibilities to the DHS components based on life-cycle cost estimates.[Footnote 16] The Under Secretary for Management can delegate authority for oversight of major acquisition programs with life-cycle cost estimates of less than $1 billion to a designated Component Acquisition Executive (CAE) with responsibility for managing the acquisition functions at each component.[Footnote 17] See table 2 for a comparison of program review responsibilities based on dollar thresholds for the interim and previous acquisition management directive. Table 2: Comparison of Department and Component-Level Review under Acquisition Management Directive 102-01 (Interim) and Management Directive 1400: Acquisition Management Directive 102-01: Cost basis and level of review for each management directive: Life- cycle cost estimate; Level 1: $1 billion or greater (major programs); Level 2: $300 million to $1 billion (major programs); Level 3: Less than $300 million (nonmajor programs). Cost basis and level of review for each management directive: Level of review; Level 1: Department; Level 2: Department or component; Level 3: Component. Management Directive 1400: Cost basis and level of review for each management directive: Life- cycle cost estimate (for information technology investments); Level 1: Greater than $200 million; Level 2: Between $100 million and $200 million; Level 3: Between $20 million and $100 million. Cost basis and level of review for each management directive: Acquisition cost (for other than information technology investments); Level 1: Greater than $100 million; Level 2: Between $50 million and $100 million; Level 3: N/A. Cost basis and level of review for each management directive: Level of review; Level 1: Department; Level 2: Department; Level 3: Department. Source: GAO presentation of information in Acquisition Management Directive 102-01 and Management Directive 1400. [End of table] Acquisition Review Board Activities: DHS has increased its departmental oversight activities, reviewing 7 programs in fiscal year 2008 and 25 programs--10 more than originally planned--in fiscal year 2009.[Footnote 18] However, at the end of fiscal year 2009, only 24 of 67 major acquisition programs had been reviewed by the ARB. As they have not yet been able to review all programs, DHS oversight officials told us they have prioritized ARB reviews based on program funding levels and a program's stage in the acquisition life cycle. Officials also indicated they may waive some oversight requirements on a case-by-case basis, without clear criteria, for programs that have passed certain phases--such as departmental approval of a Mission Need Statement for a program that has already deployed a capability.[Footnote 19] Additionally, to provide some level of departmental oversight for major programs not yet reviewed by the ARB, DHS acquisition oversight staff worked with selected components to conduct brief reviews of acquisition portfolios and examined 61 of 67 major acquisition programs during fiscal year 2009. These reviews have helped DHS to identify and prioritize programs for the more detailed ARB reviews. DHS acquisition oversight officials said that funding and staffing levels have limited the number of programs they can review. The department's oversight office increased its staff from 8 government employees in 2008 to 22 government employees by the end of fiscal year 2009 and plans to hire another 11 government employees in 2010. However, budget documentation suggests this staffing level will not provide the capacity needed to support the 50 to 60 annual ARB meetings that acquisition oversight officials said would be needed to oversee all of DHS's major acquisitions. DHS has not produced a plan identifying overall staffing and skill levels needed to meet the department's acquisition oversight needs. We have previously recommended that DHS identify and align sufficient management resources to implement oversight reviews in a timely manner throughout the investment life cycle.[Footnote 20] In 2008, we found that limitations in the department's ability to conduct formal investment reviews led DHS component officials to seek approval directly from the Deputy Secretary; as a result, some decisions were very informal and DHS officials said they did not always know whether a decision had been made. We recommended that DHS ensure investment decisions are transparent and documented as required. Oversight officials have since documented ARB decisions with Acquisition Decision Memorandums including action items and timeframes for addressing them. Memorandums from fiscal years 2008 and 2009 ARB meetings most often instructed programs to draft or redraft key acquisition documents that help present business cases. Our work at the Department of Defense (DOD) has found that a program must have the key elements of a business case before any measurement of its performance can be valuable.[Footnote 21] Action items also instructed programs to identify alternative acquisition approaches; document testing, implementation or support plans; and produce summaries of related activities within DHS and DOD, including similar acquisitions. Oversight officials and program officials said they work together to address action items and noted that it can be an iterative process. As of September 2009, oversight officials reported that 13 of 26 programs [Footnote 22] had not addressed all action items by established deadlines, and approximately a quarter of all action items were completed late or overdue, as shown in table 3. Table 3: Acquisition Decision Memorandum Action Items (fiscal years 2008 and 2009): Action items: Completed; Assigned: 57; Late or overdue: 17. Action items: Outstanding; Assigned: 98; Late or overdue: 24. Action items: Total; Assigned: 155; Late or overdue: 41. Source: GAO presentation of DHS data for 26 programs reviewed in fiscal years 2008 and 2009. [End of table] Tracking Program Status: In 2008, we found DHS had not fully implemented the periodic reporting system intended to track program performance data, and many programs had cost, schedule, or performance shortfalls, while nearly 80 percent of major programs lacked basic acquisition documents, such as program baselines. We recommended that DHS establish a mechanism to track on a regular basis major investments and ensure compliance with department- level decisions. DHS's directive requires major programs to participate in an acquisition reporting process, and DHS has developed the Next Generation Periodic Reporting System, to capture and track key program information, including cost and schedule performance, contract awards, and program risks. The database became fully operational in September 2009, and DHS expects program offices to update program data each month. As of November 2009, DHS told us that 108 major and nonmajor programs were reporting into the database. Acquisition oversight officials review these data in preparation for upcoming reviews; however, the database relies on self-reported data, which is not independently verified outside of the program. Component Oversight: With regard to component oversight, the DHS guidebook allows the Under Secretary for Management to delegate acquisition decision authority for Level 2 acquisition programs provided that (1) the respective component has a departmentally approved Component Acquisition Executive (CAE) in place, (2) the component has working policies and processes consistent with the current acquisition management directive, and (3) the component's CAE has adequate support staff commensurate with the size of the delegated portfolio. In 2008, we found that component review processes were not fully in place, and we recommended that DHS ensure that components have established processes to manage major investments consistent with departmental policies and establish a mechanism to ensure major investments comply with established component and departmental investment review policy standards. In 2008, DHS established the position of CAE to implement, manage, and oversee the components' acquisition processes. As of November 2009, the Under Secretary for Management had approved CAE nominations at seven components, but had not yet delegated decision authority because components are still in the process of developing policies consistent with the department's revised directive and reaching staff levels sufficient to oversee their respective acquisition programs. Component acquisition oversight activities vary across components. While officials from five of the six component acquisition oversight offices we met with said that they had accounted for and were tracking all of their major acquisition programs, Federal Emergency Management Agency acquisition officials said they were still working to identify all of their major acquisitions, and that they had only assessed programs accounting for about $5 billion of $30 billion in estimated life-cycle costs for their acquisition portfolio. [Footnote 23] Furthermore, four of the components we reviewed reported challenges involving staffing levels, and two of the four specifically stated that staff vacancies were preventing them from further supporting oversight efforts. Acquisition Oversight and Budget Decisions: In 2008, we found that the acquisition review process had not appropriately informed DHS's annual budget process for funding major programs, and that many major programs received funding without validation of mission needs and requirements, largely because department-level reviews were seldom conducted. We reported that the Joint Requirements Council, which is responsible for validating program requirements, stopped meeting in 2006 and had not effectively carried out its responsibilities involving identification of crosscutting opportunities and overlapping or common requirements. We recommended that the department ensure that budget decisions are informed by the results of investment reviews including approved acquisition information and life-cycle cost estimates and reinstate the Joint Requirements Council or establish another departmental oversight board to perform this function. The department's guidebook states that both the Joint Requirements Council and the ARB should inform the department's budget decisions, and that they must do so effectively in order to deliver needed capabilities to end users. However, while the ARB has begun to meet more frequently, most major programs have not been reviewed. Further, acquisition management processes do not inform budget decisions as required by DHS policy. DHS has not reestablished the Joint Requirements Council, although DHS oversight officials said that by fall 2010, they expect to complete a proposal for DHS leadership to consider and approve that would address this need. Shortly thereafter, DHS plans to initiate a limited pilot program, which will not review all programs departmentwide. Acquisition Performance and Program Challenges: Our prior work has found that program performance metrics for cost and schedule can provide useful indicators of the health of acquisition programs and, when assessed regularly for changes and the reasons that cause changes, such indicators can be valuable tools for improving insight and oversight of individual programs as well as the total portfolio of major acquisitions.[Footnote 24] We have also found that the following factors are important to successful acquisitions delivering capabilities within cost and schedule: realistic program baselines with stable requirements for cost, schedule, and performance; an adequate and skilled program office workforce; and knowledge of long-term support requirements.[Footnote 25] Importantly, program performance cannot be accurately assessed without valid baseline requirements established at the program start, particularly those that establish the minimum acceptable threshold required to satisfy user needs.[Footnote 26] Most of the selected DHS programs we reviewed exhibited cost growth and schedule delays from initial estimates. DHS acquisition oversight officials have raised concerns about the accuracy of cost estimates for most major programs, making it difficult to assess the significance of the cost growth we identified. Further, over half of the programs we reviewed awarded contracts to initiate acquisition activities without component or department approval of documents essential to planning acquisitions, setting operational requirements, and establishing acquisition program baselines. Programs also experienced other acquisition planning challenges--potential and realized program issues that contribute to negative performance outcomes--such as staffing shortages, and lack of sustainment planning as well as common execution challenges related to a range of technical capability, partner dependence, and funding issues. We selected 18 DHS programs for this review--16 major programs and two nonmajor programs. The two nonmajor programs selected, and one major program that had not started acquisition activities at the time of our review,[Footnote 27] were excluded from the analysis of overall acquisition performance and program challenges. As a result, we reviewed cost or schedule data for 15 major programs. Schedule data were not complete for two programs--the Automated Commercial Environment and US-VISIT.[Footnote 28] Figure 1 provides the status of the selected programs at the time of our review. Figure 1: Summary of DHS Acquisition Programs Assessed: [Refer to PDF for image: vertical bar graph] Total programs reviewed: 18: Excluded from analysis: Nonmajor programs: 2; Excluded from analysis: Pre-acquisition programs: 1; Programs included in analysis: 15; Programs with incomplete schedule data: 2; Programs with cost growth or schedule delays: 12; Programs without cost growth or schedule delays: 1. Source: GAO analysis of DHS data. [End of figure] Most Programs Experienced Cost Increases and Schedule Delays: We assessed life-cycle cost and acquisition cost data for the 15 major acquisition programs in our review. Accurate cost estimates are critical to making funding decisions, evaluating resource requirements, and developing performance measurement baselines. Life- cycle costs include all resources and associated cost elements required to develop, produce, deploy, and sustain a particular program from initial concept through operations, support, and disposal. Acquisition costs include costs for all supplies and services for a designated investment. DHS policy requires acquisition oversight officials to assess the accuracy of life-cycle cost estimates for all major programs estimated to exceed $1 billion. The DHS guidebook includes an appendix on life-cycle cost estimates.[Footnote 29] The responsible officials have raised concerns that many programs used cost estimation methods that did not follow established best practices, such as fully defining program requirements, accounting for sustainment costs, and including costs for the full life cycle of a program. As a result, officials have doubts about the credibility, comprehensiveness, and accuracy of most program cost estimates. Officials said they are working to address this concern by assisting programs in developing cost estimates, and obtaining independent cost estimates for selected high-risk programs. [Footnote 30] To provide additional support, they have temporarily placed cost analysis specialists within selected components. Most programs we reviewed reported cost growth from initial to latest estimates. Inaccurate or incomplete cost estimates were likely a factor in cost growth for the programs we reviewed, according to DHS officials. In some cases, programs reported that changes in scope or requirements contributed to cost growth. Further, initial cost estimates for most programs were developed after the start of acquisition activities, so they do not capture earlier cost changes. Because DHS does not have one consistent source for acquisition and life-cycle cost estimates, we analyzed the best available data reported to OMB and congressional appropriations committees for each of the major programs in our review.[Footnote 31] Table 4 summarizes the changes to life-cycle and acquisition cost estimates for the programs in our review. Table 4: DHS Major Acquisition Program Costs: Customs and Border Protection: Automated Commercial Environment; Acquisition cost estimate (then-year dollars in millions): Initial: $2,125; Acquisition cost estimate (then-year dollars in millions): Current: $2,222; Acquisition cost estimate (then-year dollars in millions): Percentage change: 5%; Life-cycle cost estimate (then-year dollars in millions): Initial: $4,776; Life-cycle cost estimate (then-year dollars in millions): Current: $4,532; Life-cycle cost estimate (then-year dollars in millions): Percentage change: -5%; Months between initial and current estimates: 37. SBInet; Acquisition cost estimate (then-year dollars in millions): Initial: $284; Acquisition cost estimate (then-year dollars in millions): Current: $1,885; Acquisition cost estimate (then-year dollars in millions): Percentage change: 564%; Life-cycle cost estimate (then-year dollars in millions): Initial: $579; Life-cycle cost estimate (then-year dollars in millions): Current: $3,738; Life-cycle cost estimate (then-year dollars in millions): Percentage change: 546%; Months between initial and current estimates: 42. TECS Modernization; Acquisition cost estimate (then-year dollars in millions): Initial: $406; Acquisition cost estimate (then-year dollars in millions): Current: $410; Acquisition cost estimate (then-year dollars in millions): Percentage change: 1%; Life-cycle cost estimate (then-year dollars in millions): Initial: $888; Life-cycle cost estimate (then-year dollars in millions): Current: $1,104; Life-cycle cost estimate (then-year dollars in millions): Percentage change: 24%; Months between initial and current estimates: 24. Western Hemisphere Travel Initiative; Acquisition cost estimate (then-year dollars in millions): Initial: $312; Acquisition cost estimate (then-year dollars in millions): Current: $311; Acquisition cost estimate (then-year dollars in millions): Percentage change: 0%; Life-cycle cost estimate (then-year dollars in millions): Initial: $863; Life-cycle cost estimate (then-year dollars in millions): Current: $1,362; Life-cycle cost estimate (then-year dollars in millions): Percentage change: 58%; Months between initial and current estimates: 24. National Protection and Programs Directorate: National Cybersecurity Protection System; Acquisition cost estimate (then-year dollars in millions): Initial: $664; Acquisition cost estimate (then-year dollars in millions): Current: $546; Acquisition cost estimate (then-year dollars in millions): Percentage change: -18%; Life-cycle cost estimate (then-year dollars in millions): Initial: $1,366; Life-cycle cost estimate (then-year dollars in millions): Current: $1,257; Life-cycle cost estimate (then-year dollars in millions): Percentage change: -8%; Months between initial and current estimates: 8. US-VISIT Unique Identity; Acquisition cost estimate (then-year dollars in millions): Initial: $160; Acquisition cost estimate (then-year dollars in millions): Current: $79; Acquisition cost estimate (then-year dollars in millions): Percentage change: -51%; Life-cycle cost estimate (then-year dollars in millions): Initial: $225; Life-cycle cost estimate (then-year dollars in millions): Current: $132; Life-cycle cost estimate (then-year dollars in millions): Percentage change: -41%; Months between initial and current estimates: 8. Transportation Security Administration: Electronic Baggage Screening Program; Acquisition cost estimate (then-year dollars in millions): Initial: $11,360; Acquisition cost estimate (then-year dollars in millions): Current: $15,316; Acquisition cost estimate (then-year dollars in millions): Percentage change: 35%; Life-cycle cost estimate (then-year dollars in millions): Initial: $19,930; Life-cycle cost estimate (then-year dollars in millions): Current: $23,696; Life-cycle cost estimate (then-year dollars in millions): Percentage change: 19%; Months between initial and current estimates: 17. Passenger Screening Program; Acquisition cost estimate (then-year dollars in millions): Initial: $1,872; Acquisition cost estimate (then-year dollars in millions): Current: $2,559; Acquisition cost estimate (then-year dollars in millions): Percentage change: 37%; Life-cycle cost estimate (then-year dollars in millions): Initial: $2,593; Life-cycle cost estimate (then-year dollars in millions): Current: $4,306; Life-cycle cost estimate (then-year dollars in millions): Percentage change: 66%; Months between initial and current estimates: 17. Secure Flight; Acquisition cost estimate (then-year dollars in millions): Initial: $97; Acquisition cost estimate (then-year dollars in millions): Current: $153; Acquisition cost estimate (then-year dollars in millions): Percentage change: 59%; Life-cycle cost estimate (then-year dollars in millions): Initial: $685; Life-cycle cost estimate (then-year dollars in millions): Current: $1,362; Life-cycle cost estimate (then-year dollars in millions): Percentage change: 99%; Months between initial and current estimates: 28. United States Coast Guard: C4ISR; Acquisition cost estimate (then-year dollars in millions): Initial: $1,353; Acquisition cost estimate (then-year dollars in millions): Current: $1,353; Acquisition cost estimate (then-year dollars in millions): Percentage change: 0%; Life-cycle cost estimate (then-year dollars in millions): Initial: $1,353; Life-cycle cost estimate (then-year dollars in millions): Current: $1,353; Life-cycle cost estimate (then-year dollars in millions): Percentage change: 0%; Months between initial and current estimates: 28. Maritime Patrol Aircraft; Acquisition cost estimate (then-year dollars in millions): Initial: $1,706; Acquisition cost estimate (then-year dollars in millions): Current: $2,223; Acquisition cost estimate (then-year dollars in millions): Percentage change: 30%; Life-cycle cost estimate (then-year dollars in millions): Initial: $22,773; Life-cycle cost estimate (then-year dollars in millions): Current: $12,285; Life-cycle cost estimate (then-year dollars in millions): Percentage change: -46%; Months between initial and current estimates: 42. National Security Cutter; Acquisition cost estimate (then-year dollars in millions): Initial: $3,450; Acquisition cost estimate (then-year dollars in millions): Current: $4,749; Acquisition cost estimate (then-year dollars in millions): Percentage change: 38%; Life-cycle cost estimate (then-year dollars in millions): Initial: $22,998; Life-cycle cost estimate (then-year dollars in millions): Current: $24,277; Life-cycle cost estimate (then-year dollars in millions): Percentage change: 6%; Months between initial and current estimates: 42. Rescue 21; Acquisition cost estimate (then-year dollars in millions): Initial: $827; Acquisition cost estimate (then-year dollars in millions): Current: $1,067; Acquisition cost estimate (then-year dollars in millions): Percentage change: 29%; Life-cycle cost estimate (then-year dollars in millions): Initial: $1,639; Life-cycle cost estimate (then-year dollars in millions): Current: $2,693; Life-cycle cost estimate (then-year dollars in millions): Percentage change: 64%; Months between initial and current estimates: 28. Response Boat-Medium; Acquisition cost estimate (then-year dollars in millions): Initial: $401; Acquisition cost estimate (then-year dollars in millions): Current: $610; Acquisition cost estimate (then-year dollars in millions): Percentage change: 52%; Life-cycle cost estimate (then-year dollars in millions): Initial: $1,210; Life-cycle cost estimate (then-year dollars in millions): Current: $1,419; Life-cycle cost estimate (then-year dollars in millions): Percentage change: 17%; Months between initial and current estimates: 68. Sentinel; Acquisition cost estimate (then-year dollars in millions): Initial: $3,206; Acquisition cost estimate (then-year dollars in millions): Current: $3,928; Acquisition cost estimate (then-year dollars in millions): Percentage change: 23%; [Empty]; Life-cycle cost estimate (then-year dollars in millions): Initial: $22,256; Life-cycle cost estimate (then-year dollars in millions): Current: $14,475; Life-cycle cost estimate (then-year dollars in millions): Percentage change: -35%; Months between initial and current estimates: 31. Source: GAO analysis of official cost data reported in Acquisition Program Baselines and Quarterly Acquisition Reports to Congress to the House and Senate Appropriations Committees for the Maritime Patrol Aircraft, National Security Cutter, Response Boat-Medium and Sentinel Class programs. For all other programs, GAO analyzed official cost data in the Exhibit 300 required by OMB. [End of table] Changes in life-cycle cost estimates ranged widely from decreases of over 40 percent to an increase of over 500 percent. Nine of the 15 programs reported cost growth from initial to current estimates. The three programs reporting significant cost decreases also reported inconsistencies in estimating life-cycle costs. The interval of initial and latest cost estimates varied from 8 months to over 5 years for the programs we reviewed, and as a result some programs had a longer period of time to incur cost growth. Changes in acquisition cost estimates also ranged widely--from a decrease of 50 percent to an increase of over 500 percent. Of the 11 programs with acquisition cost growth, 8 programs reported cost growth of over 25 percent. Almost all of the selected major acquisition programs experienced delays in delivering system capabilities. We assessed schedule performance for delivering both initial capabilities, when initial end- users would receive the new system and could use it operationally, as well as delivery of full capabilities, the point at which all end- users would receive the system. DHS guidance requires major programs to set a formal schedule baseline prior to the start of an acquisition in order to measure program performance in achieving its goals.[Footnote 32] Schedule delays can lead to loss of program credibility with stakeholders, increased acquisition costs, new systems not being available to meet department needs, and continued use of less capable systems. Fifteen of the major programs we reviewed reported estimated or actual schedule delays in delivery of initial operating capability of an average of 12 months, and eight programs reported delays of a year or more. Thirteen programs reporting data on delivery of full operating capability indicated estimated delays of over 2 years on average. None of the selected programs reported delivering full operating capability for all increments. Figure 2 summarizes the estimated schedule delays to full operating capability for major programs reporting data. Figure 2: Programs with Estimated Schedule Delay to Full Capability: [Refer to PDF for image: vertical bar graph] On time: 3 programs; Up to 2 years late: 4 programs; Over 2 years to 4 years late: 1 program; More than 4 years late: 5 programs. Source: GAO analysis of DHS data. Note: Programs do not total to 15 as 2 programs did not report: Automated Commercial Environment and US-VISIT. [End of figure] Several Program Challenges Affect Ability to Deliver Within Cost and on Time: The major acquisition programs we assessed experienced similar planning challenges affecting cost and schedule outcomes: unapproved or unstable baseline requirements; program office workforce shortages; long-term support, and acquisition cost planning. Table 5 summarizes the program planning challenges for each of the programs we reviewed. Our prior work has shown that establishing a sound business case is key to a successful acquisition that delivers capabilities within cost and schedule and minimizes the challenges we identified.[Footnote 33] The first, and perhaps best, opportunity to reduce acquisition risk is in the planning phase, when critical decisions are made that have significant implications for the overall success of an acquisition. We also identified execution challenges related to a range of technical capability, partner dependence, and funding issues. Table 5: Summary of Major Program Planning Challenges: Customs and Border Protection: Automated Commercial Environment; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Empty]; Lack of sustainment planning: [Check]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: N/A[D]. SBInet, Block 1[C]; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Empty]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Check]; Lack of sustainment planning: [Empty]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. TECS Modernization; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Empty]; Lack of sustainment planning: [Check]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. Western Hemisphere Travel Initiative; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Empty]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Empty]; Lack of sustainment planning: [Check]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. National Protections and Programs Directorate: National Cybersecurity Protection System; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Empty]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Check]; Lack of sustainment planning: [Check]; Performance: Cost growth[B]: [Empty]; Performance: Schedule delays: [Empty]. US-VISIT Unique Identity; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Check]; Lack of sustainment planning: [Check]; Performance: Cost growth[B]: [Empty]; Performance: Schedule delays: N/A[D]. Transportation Security Administration: Electronic Baggage Screening Program; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Check]; Lack of sustainment planning: [Empty]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. Passenger Screening Program; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Empty]; Lack of sustainment planning: [Empty]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. Secure Flight; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Empty]; Lack of sustainment planning: [Check]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. United States Coast Guard: C4ISR; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Empty]; Lack of sustainment planning: [Empty]; Performance: Cost growth[B]: [Empty]; Performance: Schedule delays: [Check]. Maritime Patrol Aircraft; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Check]; Lack of sustainment planning: [Check]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. National Security Cutter; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Check]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Empty]; Lack of sustainment planning: [Check]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. Rescue 21; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Empty]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Empty]; Lack of sustainment planning: [Empty]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. Response Boat-Medium; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Check]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Empty]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Check]; Lack of sustainment planning: [Check]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. Sentinel; Major program planning challenges: Baseline requirements: Unapproved or unstable baseline requirements: Customs and Border Protection: [Empty]; Major program planning challenges: Baseline requirements: Lack of timely approval of acquisition documents[A]: [Empty]; Major program planning challenges: [Empty]; Major program planning challenges: Program office workforce shortages: [Empty]; Lack of sustainment planning: [Empty]; Performance: Cost growth[B]: [Check]; Performance: Schedule delays: [Check]. Source: GAO analysis of DHS data: [A] We assessed whether key acquisition documents were approved at either the component or department level. [B] Cost Growth refers to either acquisition or life-cycle cost growth or both. [C] Cost performance refers to the entire SBInet program. [D] N/A indicates that reportable data were not available. [End of table] Baseline Requirements: Our prior work has found that program performance cannot be accurately assessed without valid baseline requirements established at the program start[Footnote 34]. According to DHS guidance, the baseline requirements must include a threshold value that is the minimum acceptable value which, in the user's judgment, is necessary to satisfy the need. If threshold values are not achieved, program performance is seriously degraded, the program may be too costly, or the program may no longer be timely. Failure to achieve a threshold would require rebaselining or termination of the program based upon a decision by the Acquisition Decision Authority. Inadequate knowledge of program requirements is a key cause of poor acquisition outcomes, and as programs move into the execution phase of the acquisition process, problems become much more costly to fix. DHS's acquisition guidance states that the program baseline is the contract between the program and departmental oversight officials regarding cost, schedule, and technical performance of the program. Over half of the programs we reviewed awarded contracts to initiate acquisition activities without component or department approval of documents essential to planning acquisitions, setting operational requirements, and establishing acquisition program baselines. Our prior work has shown that the development, review, and approval of these key documents minimize the risks of poorly defined requirements and plans negatively affecting program performance.[Footnote 35] The Federal Acquisition Streamlining Act of 1994 requires agencies to approve or define the cost, performance, or schedule goals for major acquisition programs. Although DHS policy has required major acquisition programs to set cost, schedule, and performance goals prior to the start of an acquisition since its first acquisition policy was issued in 2003,[Footnote 36] 7 of 15 programs in our review did not have approved baselines until 2 years or more after program start. For example, the Secure Flight program did not have an approved program baseline until over 4 years after program start, and the TECS Modernization program did not have a component or department approved baseline after more than 6 years. Among the 15 programs, delays ranged from 1 month to over 4 years after contract award for other key acquisition documents, such as the Mission Need Statement and the Operational Requirements Document. The Mission Need Statement outlines the specific functional capabilities required to accomplish DHS's mission and objectives, along with deficiencies and gaps in these capabilities. The Operational Requirements Document includes key performance parameters and describes the mission, capabilities, and objectives to provide needed capabilities. Figure 3 shows programs with key documents and when they were approved. Figure 3: Key Document Approval Time frames: [Refer to PDF for image: vertical bar graph] On time: Mission Need Statement: 6 programs; Operational Requirements Document: 3 programs; Acquisition Program Baseline: 7 programs. Up to 1 year late: Mission Need Statement: 4 programs; Operational Requirements Document: 2 programs; Acquisition Program Baseline: 0. More than 1 year late: Mission Need Statement: 5 programs; Operational Requirements Document: 10 programs; Acquisition Program Baseline: 8 programs. Source: GAO analysis of DHS data. [End of figure] Most of the programs that had established baseline requirements changed or plan to change them. For example, seven programs with an approved program baseline changed key requirements after their initial approval. An additional three programs were revising baseline requirements, pending APB approval, at the time we completed our review. Program Office Workforce: Program offices reported filling 79 percent of all government staff positions; however, programs also reported high levels of government staff vacancies for certain positions.[Footnote 37] Our prior work at DHS found shortcomings in acquisition workforce planning, including a lack of sufficient data to assess gaps in skills and staffing levels. [Footnote 38] Lack of adequate staff, both in terms of skill and staffing levels, increases the risk of insufficient program planning and contractor oversight, and has been associated with negative cost and schedule outcomes in major acquisition programs, emphasizing the importance of sufficient, experienced staff for successful acquisition outcomes.[Footnote 39] Figure 4 provides more details on government and contractor staff for the programs we reviewed. Figure 4: DHS Major Program Government Staff and Contractor Support: [Refer to PDF for image: stacked horizontal bar graph] Total workforce: Government staff: 40%; Contractor staff: 60%; Total: 1,760. Customs and Border Protection: Automated Commercial Environment: Government staff: 63%; Contractor staff: 37%; Total: 108. SBInet: Government staff: 50%; Contractor staff: 50%; Total: 175. TECS Modernization: Government staff: 57%; Contractor staff: 43%; Total: 7. Western Hemisphere Travel Initiative: Government staff: 23%; Contractor staff: 77%; Total: 88. National Protection and Programs Directorate: National Cybersecurity Protection System: Government staff: 8%; Contractor staff: 92%; Total: 133. US-VISIT: Government staff: 38%; Contractor staff: 62%; Total: 421. Transportation Security Administration: Electronic Baggage Screening Program: Government staff: 23%; Contractor staff: 77%; Total: 116. Passenger Screening Program: Government staff: 33%; Contractor staff: 67%; Total: 48. Secure Flight: Government staff: 38%; Contractor staff: 62%; Total: 300. U.S. Coast Guard: C4ISR: Government staff: 31%; Contractor staff: 69%; Total: 103. Maritime Patrol Aircraft: Government staff: 85%; Contractor staff: 15%; Total: 7. National Security Cutter: Government staff: 63%; Contractor staff: 37%; Total: 79. Rescue 21: Government staff: 81%; Contractor staff: 19%; Total: 80. Response Boat-Medium: Government staff: 56%; Contractor staff: 44%; Total: 71. Sentinel Class Patrol Boat: Government staff: 54%; Contractor staff: 46%; Total: 24. Source: GAO analysis of DHS data. Note: US-VISIT totals include staff for all investments within the program. [End of figure] Filled government positions for each program ranged from 42 percent to 100 percent. Over half of the major programs reported that contractors comprised 50 percent or more of all staff supporting program offices. Similarly, our review of major acquisitions at the DOD found that, in 2009, contractors filled 51 percent of program office positions. [Footnote 40] Further, our work on contractors in the workforce has noted that use of contractors to perform certain functions can place the government at risk of transferring government responsibilities to contractors, and potentially result in loss of government control over and accountability for policy and program decisions.[Footnote 41] We previously found that DHS used contractor support to provide services related to planning activities, acquisition support, and policy development--services that closely supported inherently governmental functions. As a result, we recommended that DHS establish guidance for determining the appropriate mix of government and contractor staff to meet mission needs, and assess program office staff and expertise necessary to provide sufficient oversight of contractor services.[Footnote 42] DHS is still working to address this recommendation. All programs we reviewed report having a permanently assigned program manager certified to manage a major acquisition as required by DHS policy. By comparison, in 2007, 40 percent of major DHS programs lacked a program manager with the required acquisition certification level.[Footnote 43] Four programs reported program manager tenure of 3 or more years, and six programs report program manager tenure of 1 year or less. Our prior work has found frequent program manager turnover can result in a lack of accountability for a program's business case and performance outcomes.[Footnote 44] Sustainment Planning: Prior to the start of an acquisition, DHS acquisition policy requires an approved Integrated Logistics Support Plan for all major programs. This plan defines the program's sustainment and supportability strategy and can comprise a significant portion of total life-cycle costs--approximately 60 percent or more according to DHS guidance. OMB's capital planning guide also calls for sustainment planning to properly plan for and actively manage investments throughout the program. Our prior work has found that understanding how programs will be sustained in future years, along with the associated costs, is a prerequisite for valid life-cycle cost estimates.[Footnote 45] Most programs reported that they have developed a support plan, but only six programs have a support plan approved at the component level, and none of the programs in our review had a plan approved by DHS, as required. Table 6 shows the status of the plans for the 15 programs reporting. Table 6: Status of Integrated Logistics Support Plans (ILSP): Component: Customs and Border Protection: Program: Automated Commercial Environment; ILSP (approved or unapproved): [Empty]; Component-approved ILSP: [Empty]; DHS-approved ILSP: [Empty]. Program: SBInet, Block 1; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Check]; DHS-approved ILSP: [Empty]. Program: TECS Modernization; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Empty]; DHS-approved ILSP: [Empty]. Program: Western Hemisphere Travel Initiative; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Empty]; DHS-approved ILSP: [Empty]. Component: National Protections and Programs Directorate: Program: National Cybersecurity Protection System; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Empty]; DHS-approved ILSP: [Empty]. Program: US-VISIT Unique Identity; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Empty]; DHS-approved ILSP: [Empty]. Component: Transportation Security Administration: Program: Electronic Baggage Screening Program; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Check]; DHS-approved ILSP: [Empty]. Program: Passenger Screening Program; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Check]; DHS-approved ILSP: [Empty]. Program: Secure Flight; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Empty]; DHS-approved ILSP: [Empty]. Component: United States Coast Guard: Program: C4ISR; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Check]; DHS-approved ILSP: [Empty]. Program: Maritime Patrol Aircraft; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Empty]; DHS-approved ILSP: [Empty]. Program: National Security Cutter; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Empty]; DHS-approved ILSP: [Empty]. Program: Rescue 21; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Check]; DHS-approved ILSP: [Empty]. Program: Response Boat-Medium; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Empty]; DHS-approved ILSP: [Empty]. Program: Sentinel Class Patrol Boat; ILSP (approved or unapproved): [Check]; Component-approved ILSP: [Check]; DHS-approved ILSP: [Empty]. Number of programs: ILSP (approved or unapproved): 14; Component-approved ILSP: 6; DHS-approved ILSP: 0. Total number of programs with available data: ILSP (approved or unapproved): 15; Component-approved ILSP: 15; DHS-approved ILSP: 15. Source: GAO analysis of DHS-provided data. [End of table] Program Execution Challenges: In addition to challenges related to acquisition planning, the programs we reviewed reported program execution challenges related to technical capability, partner dependence, and funding. While the challenges we identify below are not exhaustive, this summary provides insight into the issues programs reported. Technical capability includes hardware or software functionality, such as the operation of radar equipment in the case of SBInet, or legacy equipment nearing the end of its useful life in the case of the Electronic Baggage Screening Program. Testing helps to ensure that programs meet technical requirements to deliver needed capabilities, and our prior work has found that programs proceeding with acquisitions prior to completion of testing can result in delays in achieving technical capability. Several programs in our review reported substantial investment in acquisitions prior to completion of testing. For example, three Coast Guard programs we reviewed, Maritime Patrol Aircraft, Response Boat-Medium and Sentinel, reported placing orders for or receiving significant numbers of units prior to completing testing to demonstrate that what the programs are buying meets Coast Guard needs. Our prior work has found that resolution of problems discovered during testing can sometimes require costly redesign or rework.[Footnote 46] Programs also raised dependence on corporations, other agencies, or other programs as a challenge to delivering certain capabilities. For example, Secure Flight officials reported dependence on commercial aircraft operators complying with the implementation schedule as the greatest program risk. In another case, Customs and Border Protection's delays in network upgrades have negatively affected response times for the Western Hemisphere Travel Initiative. Almost half of all programs reported concerns over funding, although the nature and cause of those concerns varied among programs. Our prior work found that the budget process for funding major acquisitions and the investment review process were not aligned. As a result, many major DHS investments received funding without determining that mission needs and requirements were justified. For example, after DHS approved and funded the Automated Commercial Environment program, program officials found that they did not have a full understanding of all requirements and have experienced cost growth. Program officials said the future of the program is dependent on departmental funding decisions. In addition, our past work found that many major acquisition budget decisions were reached without life- cycle cost estimates, which are essential to making informed budget decisions. For example, the Electronic Baggage Screening Program reported that annual compliance costs and recapitalization expenses, when combined with recurring programwide costs, have sometimes exceeded the budget. In future years, program costs could grow significantly as cost estimates are reassessed to include new requirements. DHS has been working toward validating the program's cost estimate. Changes in mandated requirements, such as legal or regulatory changes that require system changes, can also affect program budgets. For example, Rescue 21 reported cost increases due to new protocols and external technology standards. Program Assessments: The two-page assessments of the 18 programs we reviewed provide an overview of each program and describe the reported challenges. On the first page of the assessment, we present a general description; a program status narrative; a timeline identifying key dates for the program; essential information about the program; a table showing the initial and latest estimates of cost, schedule, and quantities; and key program issues under "Program Challenges." We present approval dates for key program documents requiring departmental or component approval depending on the phase of the acquisition. On the second page of the assessment, we provide background information, a description of program performance, and an analysis of key program challenges. The assessments are based on program office reported information as of 2009 with the exception of the cost data. We based our analysis of cost on OMB's Exhibit 300s as of January or February 2010 and the Coast Guard's Quarterly Acquisition Reports to Congress as these sources represented more complete and official data used for making important planning and budgeting decisions. See appendix I for more information on our scope and methodology for reporting on cost and schedule data, program challenges, and program office workforces. [End of section] Customs and Border Protection: Automated Commercial Environment: [Photograph: Source: Automated Commercial Environment Program] The Automated Commercial Environment is the commercial trade processing system being developed by U.S. Customs and Border Protection (CBP) that aims to facilitate the movement of legitimate trade, strengthen border security, and serve as the single point of collection and access for trade data among federal agencies. Current Status: The initial software releases delivered between 2003 and 2005 significantly exceeded their estimated costs. Three remaining software releases will not be completed as initially planned and future releases will be funded based on individual business cases. Timeline: Start of acquisition (5/01); Initial capability (Release 1) (2/03); Release 2 (10/03); DHS program approval (11/03); Release 3 (8/04); Release 4 (4/05); Advanced targeting (9/07); Reference data (1/09); Additional entry summary types (2/10); Full operating capability (TBD). Program Essentials: Component: Customs and Border Protection; Major contractor(s): International Business Machines Global Services; Fiscal year 2010 funding requested: $268 million; Program office workforce: 68 total government positions planned; 68 total government staff employed; 40 support contractors. Program Challenges: * Unstable and undefined requirements; * Software testing issues; * Schedule delays; * Cost growth and lack of funding. Performance (then-year dollars): Total acquisition cost: Initial estimate: $2,125 million[A]; Total acquisition cost: Latest estimate: $2,222 million[A]; Life-cycle cost estimate: Initial estimate: $4,776 million[A]; Life-cycle cost estimate: Latest estimate: $4,532 million[A]; Quantity: Initial estimate: N/A; Quantity: Latest estimate: N/A; Initial capability: Initial estimate: Feb. 2003; Initial capability: Latest estimate: Feb. 2003; Full capability: Initial estimate: Sept. 2010; Full capability: Latest estimate: TBD. [A] Note: Estimates submitted to the Office of Management and Budget for 2008 and 2011. Program officials do not expect ACE to deliver all initially planned capabilities. Key Program Documents: Initial version of:Acquisition Program Baseline; Department approval date: Jan. 2006. Initial version of:Mission Need Statement; Department approval date: Oct. 2004. Initial version of:Operational Requirements Document; Department approval date: Not yet approved. Initial version of:Acquisition Plan; Department approval date: Oct. 2004. Initial version of:Integrated Logistics Support Plan; Department approval date: Not yet approved. Automated Commercial Environment: Background: Initiated in 2001 to support Title VI of the North American Free Trade Agreement, commonly known as the Customs Modernization Act, the Automated Commercial Environment program seeks to replace and supplement existing cargo processing technology. Deployed in phases, the program incrementally provides capabilities across all modes of transportation, replacing existing systems with a single, multimodal manifest system for land, air, rail, and sea cargo. The program will serve as the central data collection system for federal agencies needing access to international trade data, and is expected to deliver these capabilities in a secure, paper-free, web- enabled environment. Operational capabilities already delivered by the program include screening cargo and conveyances, analyzing data to support targeting of high-risk entities, and processing truck manifests electronically. Performance: The initial software releases delivered between 2003 and 2005 significantly exceeded their estimated costs. ACE's software lines of code increased from the acquisition program baselines's figure of 1,156,566 to 4,255,000. According to program officials, the remaining software releases will not be completed in accordance with the program baseline, due to the program lacking sufficient funding to complete them as planned. The estimated cost growth for these releases is not yet included in the latest cost estimate, pending a decision being made on the future of the program. Due to limited funding, one release will likely be eliminated from the program and the two others will likely be disaggregated into a number of smaller projects, some of which will be discontinued. The decision as to which projects will be continued or cut will be based on available funding. The program office found in 2005 that it did not have a full understanding of all requirements and that existing requirements were missing about 20 percent of needed functionality. Program officials acknowledged the development of some software releases was not divided into sufficiently manageable blocks and requirements were not well defined from the outset of the program. Additionally, software integration testing of a key project was incomplete and allowed poor code to enter the system, although this code was not deployed. This resulted in a much longer system integration testing period than originally estimated, leading to programwide schedule delays. Challenges: The program has been executed using component-approved operational requirements that are not yet approved by DHS. Program officials said requirements growth and lack of requirements definition contributed to the schedule delays and contract cost overruns. Program officials said the future of the program is dependent on a number of factors, such as DHS funding decisions and the results of software testing. Program officials expect the remaining planned projects to move to smaller programs so they will have better-defined and more manageable requirements. Officials believe that simply restructuring the existing program would result in additional cost growth and schedule delays. The program is working with the department to better manage future requirements and program risks. For example, the department has recently tasked a high-level component official with taking the lead on the program's requirements' oversight and prioritization. Program Office Comments: The program office provided technical comments on a draft of this assessment, which were incorporated as appropriate. [End of section] Customs and Border Protection: SBInet Block 1: [Photograph: Source: SBInet Program Office] SBInet Block 1 is a surveillance, command, control, communications, and intelligence system being fielded in Arizona that is intended to mitigate or eliminate vulnerabilities along the international border between ports of entry. Block 1 is an element of DHS's Secure Border Initiative, a comprehensive, multiyear plan to secure the borders of the United States and reduce illegal cross border activities such as smuggling of economic migrants, illegal drugs, and people with terrorist intent. Current Status: DHS plans to complete Block 1 operational testing and evaluation and complete final acceptance of systems at the initial Block 1 sites by March 2011. Future project funding is being delayed by DHS until an assessment of SBInet is completed. Timeline: Start of acquisition (9/06); Preliminary design review (4/07); Procurement start (6/08); Program baseline approval (3/09); Operational testing complete (3/11); Nogales/Sonoita deployments (12/11); Ajo-2/Casa Grande deployments (3/12); Naco/Douglas/Wilcox deployments (6/12) Full operating capability (12/13). Program Essentials: Component: Customs and Border Protection; Major contractor(s): The Boeing Company; Fiscal year 2010 funding requested: $297.2 million; Program Office workforce: 161 total government positions planned; 87 total government staff employed; 88 support contractors. Program Challenges: * Delayed approval of program baseline; * Schedule delays; * Technical problems; * Understaffing. Performance (then-year dollars): Total acquisition cost: Initial estimate: $284 million[A]; Total acquisition cost: Latest estimate: $1,885 million[A]; Life-cycle cost estimate: Initial estimate: $579 million[A]; Life-cycle cost estimate: Latest estimate: $3,738 million[A]; Quantity: Initial estimate: 1; Quantity: Latest estimate: 1; Initial capability: Initial estimate: Oct. 2008 Initial capability: Latest estimate: Mar. 2011 Full capability: Initial estimate: Dec. 2008 Full capability: Latest estimate: Dec. 2013 [A] Note: Cost estimates are for overall SBInet program submitted to the Office of Management and Budget for 2008 and 2011. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Mar. 2009. Initial version of: Mission Need Statement; Department approval date: Not yet approved. Initial version of: Operational Requirements Document; Department approval date: Mar. 2007. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. SBInet Block 1: Background: SBInet Block 1 is a border security system being developed and deployed to help secure portions of the international border in Arizona. The system will detect and track intruders using a set of fixed surveillance towers. The program is initially deploying to two sites, known as Tucson-1 and Ajo-1. The program plans to complete testing before DHS approves deployment at additional Block 1 sites. Tucson-1, the planned site of Block 1 operational testing and evaluation, covers 23 miles of border in one of CBP's busiest areas. We have reported since 2007 on acquisition and information technology management issues that increase the risk of SBInet underperformance. Systems previously deployed in the Tucson area under the SBInet Project 28 pilot in 2008 did not fully meet CBP's expectations; Block 1 will replace these systems. Our reviews and covert tests conducted over the years identified numerous security vulnerabilities along U.S. international borders and operational issues in program delays that limited SBInet usefulness to CBP. CBP told us in 2008 that Block 1 would help address these vulnerabilities. Performance: The December 2006 SBInet Expenditure Plan that was approved by DHS planned for SBInet to be deployed in the Tucson and Yuma Sectors by December 2008. However, program officials now expect system deployments to continue until December 2013. They expect to complete operational testing and final acceptance of the initial Block 1 systems at the Tucson-1 and Ajo-1 sites by March 2011. The Block 1 program baseline currently requires the deployment of SBInet at all sites in Arizona by September 2011. Program officials told us that a decision on the deployment of SBInet beyond Block 1 at other locations would be made in the future. Contract cost estimates related to the Block 1 deployments have risen significantly higher than the initially estimated amounts. Program officials said that Block 1's delays, have led to substantial cost growth, and they expect to have an updated program cost estimate before SBInet's next department-level review. The program office reported that systems at Tucson-1 were operational and used by Border Patrol for night operations as of March 2010. The Homeland Security Secretary ordered a reassessment of the SBInet program in January 2010 citing unacceptable delays. In March 2010, she announced that $50 million in program funding is being reallocated to other border security technologies, and that funding for future projects is on hold, pending the completion of an assessment of SBInet. Challenges: DHS approved the Block 1 acquisition program baseline more than 2 years after the start of the SBInet acquisition, and 4 months after completion of the critical design review, precluding the initial design from being informed by approved program requirements. As of the fall of 2009, the program had identified several high and moderate risks that could prevent SBInet from delivering a system that meets the Border Patrol's needs under the existing schedule. Among these risks are problems with radar functionality, problems with image clarity, a lack of program analysis tools, and system security and sustainment risks. Program officials said that the radar may be modified to a point that it is no longer a commercial off-the-shelf item, possibly leading to higher costs and to the program not meeting a program requirement for using unmodified commercial equipment. Program officials identified risks related to unique environmental requirements at certain sites that could cause some systems deployed after Tucson-1 to undergo significant rework or not meet program requirements for correctly identifying detected subjects. Additionally, the SBInet program office is staffed substantially below planned staffing levels for government positions. Program Office Comments: The program office provided technical comments, which were incorporated as appropriate. As of March 2010, SBInet program officials indicated they did not expect any previously identified challenges to delay the completion of Tucson-1 or interfere with other currently planned program activities. [End of section] Customs and Border Protection: TECS Modernization: [Photograph: Source: Customs and Border Protection] The Department of the Treasury brought TECS online in the 1980s. DHS is now responsible for the system. Customs and Border Protection uses the mainframe-based application to disseminate data to support inspections of travelers at ports of entry. The TECS Modernization program plans to improve search capabilities, enhance data integration, provide the flexibility necessary to respond to evolving threats, and eliminate older, unreliable technology. Current Status: Customs and Border Protection plans to execute the modernization program in five segments. Customs and Border Protection has begun segments 1, 2 and 3, and expects to achieve full operating capability for all five segments by the end of fiscal year 2015. Timeline: Start of acquisition (12/07); Segment 1 and 2 start (4/08); Segment 3 start (11/09); Initial operating capability (3/10); Segment 4 start (10/10); Segment 5 start (1/12); Full operating capability (9/15). Program Essentials: Component: Customs and Border Protection; Major contractor(s): BART & Associates and Mythics; Fiscal year 2010 funding requested: $50 million; Program office workforce: 1 total government position planned; 4 government staff employed*; 3 support contractors. * Government staff numbers refer to full time equivalents. Program Challenges: * Schedule delays due to funding constraints; * Lack of approved baseline, requirements and planning documents; * Understaffing. Performance (then-year dollars): Total acquisition cost: Initial estimate: $406 million[A]; Total acquisition cost: Latest estimate: $410 million[A]; Life-cycle cost estimate: Initial estimate: $888 million[A]; Life-cycle cost estimate: Latest estimate: $1,104 million[A]; Quantity: Initial estimate: Not applicable; Quantity: Latest estimate: Not applicable; Initial capability: Initial estimate: Mar. 2010; Initial capability: Latest estimate: Mar. 2010; Full capability: Initial estimate: Sept. 2013; Full capability: Latest estimate: Sept. 2015. [A] Note: Cost estimates submitted to the Office of Management and Budget for 2009 and 2011, represent both Customs and Border Protection and Immigration and Customs Enforcement efforts. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Not yet approved. Initial version of: Mission Need Statement; Department approval date: Not yet approved. Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. TECS Modernization: Background: TECS is increasingly difficult to maintain because of technology obsolescence, and inability to support new requirements, particularly those involving access to other systems. Customs and Border Protection is migrating the system to a new architecture in order to meet DHS's mission requirements. Additionally, Immigration and Customs Enforcement manages a parallel but independent project modernizing the functionality of TECS unique to its respective mission. Performance: The modernization program lacks an approved baseline, Operational Requirements Document, and Acquisition Plan. Customs and Border Protection expected full operating capability by the end of fiscal year 2013, but program officials state that milestone has slipped by 2 years due to funding constraints. The program has consolidated several projects originally identified as independently providing capability. In September 2008, the program office planned to execute system modernization through 16 discrete projects, but by June 2009, the program office had reduced that number to 13. In September 2009, these projects were further consolidated into 5 discrete projects due to departmental guidance. The program office also determined that its original cost estimation approach did not accurately capture costs as part of the life-cycle cost estimate. Costs considered part of the acquisition effort in 2007 were recategorized as part of the maintenance effort in 2009, and program planning cost estimates increased because the program office was required to maintain its planning function after the system achieved full operating capability, and therefore needed to include those costs in the estimates. Challenges: The system modernization program office submitted the program's Operational Requirements Document, Acquisition Program Baseline, Test Evaluation Master Plan, and Integrated Logistics Support Plan to DHS oversight officials who reviewed the documents in July and August 2009. These documents were returned to Customs and Border Protection to be revised, and had not yet been approved as of February 2010. The program office requested and received funding to hire one full- time government staff member in fiscal year 2009. In addition, three other personnel funded through the Passenger Systems Program Office were assigned to the system modernization program as of September 2009. The DHS Chief Information Officer reviewed the program in October 2009, and stated that the program office appears understaffed with respect to the size and scope of the program. Program Office Comments: DHS provided technical comments on a draft of this assessment, which were incorporated as appropriate. Additionally, DHS emphasized that the consolidation of projects did not reduce the scope of the program, and that the planned full operating capability date changed to 2015 because anticipated funding increases for fiscal years 2011 through 2013 failed to materialize. [End of section] Customs and Border Protection: Western Hemisphere Travel Initiative: [Photograph: Source: Western Hemisphere Travel Initiative] The Western Hemisphere Travel Initiative acquisition program intends to enable Customs and Border Protection to effectively and efficiently address new traveler documentation requirements. The program deploys Radio Frequency Identification and License Plate Reader (RFID/LPR) hardware and Vehicle Primary Client (VPC) software to land ports of entry to improve traveler processing. The program has completed the installation of VPC software. Current Status: The first phase of the program achieved full operating capability in fiscal year 2009. However, program officials explained that the program has been expanded and now expect a second phase to continue through the end of fiscal year 2010. Timeline: Start of acquisition (9/06); Cost benefit analysis (10/07); VPC preliminary and critical design review (11/07); RFID/LPR preliminary design review (2/08); RFID/LPR critical design review (4/08); Initial operating capability (9/08); Phase I full operating capability (6/09); Phase II full operating capability (9/10). Program Essentials: Component: Customs and Border Protection; Major contractor(s): IBM, Unisys Corp., and ITS Services; Fiscal year 2010 funding requested: $168 million; Program office workforce: 20 total government positions planned; 20 government staff employed; 68 support contractors. Program Challenges: * Increased program scope; * Unfunded requirements; * Delays in Customs and Border Protection network upgrades. Performance (then-year dollars): Total acquisition cost: Initial estimate: $312 million[A]; Total acquisition cost: Latest estimate: $311 million[A]; Life-cycle cost estimate: Initial estimate: $863 million[A]; Life-cycle cost estimate: Latest estimate: $1,362 million[A]; Quantity (RFID/LPR): Initial estimate: 354; Quantity (RFID/LPR): Latest estimate: 487; Initial capability: Initial estimate: Oct. 2008; Initial capability: Latest estimate: Sept. 2008; Full capability: Initial estimate: June 2009; Full capability: Latest estimate: Sept. 2010. [A] Note: Cost estimates submitted to the Office of Management and Budget for 2009 and 2011; latest cost estimate does not account for any acquisition costs beyond fiscal year 2010. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Jan. 2009. Initial version of: Mission Need Statement; Department approval date: Feb. 2007. Initial version of: Operational Requirements Document; Department approval date: Apr. 2008. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. Western Hemisphere Travel Initiative: Background: The Intelligence Reform and Terrorism Prevention Act of 2004 required the Secretary of Homeland Security in consultation with the Secretary of State to develop and implement a plan, known as the Western Hemisphere Travel Initiative, which requires all travelers to present a passport or other acceptable document denoting identity and citizenship when entering the United States. Customs and Border Protection determined that the initiative could increase costs to the traveling public and increase the agency's workload. Improved processes, technology and facilities were needed to prevent longer inspection processing times, and the program is expected to limit potential border crossing delays created by new traveler requirements. Performance: In June 2009, the program provided the full operating capability originally expected. However, the program's scope and capability requirements have been expanded, and a second phase of the program is now scheduled to continue through September 2010. Customs and Border Protection decided to increase the number of RFID/LPR deployed as well as VPC installations. Additionally, the RFID/LPR equipment was originally required to be compatible with four different types of identification documents, but was revised to be compatible with twelve. Program officials expect the program's acquisition costs, including phase 2, to be $1 million lower than originally estimated due to lower costs for the technology and individual RFID/LPR and VPC installations. Challenges: Although the current acquisition cost estimate is lower than the program's original estimate, program officials anticipate total funding shortfalls for fiscal years 2011 through 2015 because program funding does not fully cover life-cycle cost estimates. This shortfall would likely require the program to scale back operations and maintenance efforts and delay future enhancements. Additionally, program officials expect DHS to expand the program's scope beyond the second phase during fiscal year 2010 to address new requirements for pedestrian and outbound vehicle processing. Further, schedule delays for a Customs and Border Protection effort to upgrade local and wide area network bandwidth capacity at ports of entry could jeopardize program performance, particularly in terms of response times. Originally scheduled for completion by June 2009, as of January 2010, Customs and Border Protection had not yet determined when the wide area network upgrades would occur at 19 of 151 sites, or when local area network upgrades would occur at 144 of 163 sites. However, actual response times exceeded the objective performance levels from June 2009 to June 2010. Program Office Comments: The program office generally concurred with the assessment and provided technical comments which were incorporated as appropriate. Additionally, DHS emphasized that the program provided the full operating capability originally expected in June 2009, and that the rollout of the second phase caused the change in the full capability date. [End of section] Federal Emergency Management Agency: Integrated Public Alert and Warning System: [Illustration: Source: Federal Emergency Management Agency] The Integrated Public Alert and Warning System is the nation's next- generation infrastructure of alert and warning networks expanding upon the traditional audio-only radio and television Emergency Alert System by providing one message over more media to more people before, during, and after a disaster. When complete, the program is planned as a "system of systems" forming the country's comprehensive public alert system. Current Status: The program is awaiting component approval of key program documentation, including the initial acquisition program baseline and the first operational requirements document. Timeline: Start of acquisition (9/06); Preliminary design review (3/10); Critical design review (9/10); Test readiness review (12/10); Initial operating capability (3/12); Full operating capability (TBD). Program Essentials: Component: Federal Emergency Management Agency; Major contractor(s): Booz Allen Hamilton, CACI, and Acuity Consulting; Fiscal year 2010 funding requested: $16.8 million; Program office Workforce: 11 total government positions planned; 10 total government staff employed; 23 support contractors. Program Challenges: * Requirements instability; * Lacking approved baseline, requirements, and planning documents; * Turnover in program leadership and staffing. Performance (then-year dollars): Total acquisition cost: Initial estimate: $115 million[A]; Total acquisition cost: Latest estimate: $136 million[A]; Life-cycle cost estimate: Initial estimate: $279 million[A]; Life-cycle cost estimate: Latest estimate: $264 million[A]; Quantity*: Initial estimate: 32; Quantity*: Latest estimate: 32; Initial capability: Initial estimate: TBD; Initial capability: Latest estimate: Not available; Full capability: Initial estimate: Mar. 2012; Full capability: Latest estimate: Not available. [A] Note: Cost data provided by program office. * Quantities are for Primary Entry Point stations. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Not available. Initial version of: Mission Need Statement; Department approval date: Not available. Initial version of: Operational Requirements Document; Department approval date: Not available. Initial version of: Acquisition Plan; Department approval date: Not available. Initial version of: Integrated Logistics Support Plan; Department approval date: Not available. Integrated Public Alert and Warning System: Background: Through the Integrated Public Alert and Warning System program, the Federal Emergency Management Agency (FEMA) seeks to expand the Emergency Alert System to include more modern technologies. Since the program began awarding contracts in 2005, program requirements have changed. The program originally planned to build an infrastructure to deliver state and local alerts through multiple pathways. However, program officials told us their vision changed to focus exclusively on disseminating presidential messages and setting alert and warning technical standards in 2007. In early 2009, the program shifted focus to again include infrastructure for state and local alerts. We have previously reported that FEMA has not systematically assessed program outcomes or lessons learned from pilot projects, and has not periodically reported on program progress as required by a June 2006 Executive Order. Our prior work has shown that without validated requirements or a program baseline, DHS will not know whether the program expenditures fully satisfy department needs, how well the program is executed, or whether further investments are warranted. Performance: Although the program was initiated in 2004, FEMA has not yet approved an acquisition program baseline for the program or other key program documents. According to program office officials, the program did not begin to develop programwide life-cycle cost estimates until 2009, and these estimates have not yet been finalized or approved. Program officials told us that they are working with stakeholders to better define requirements, and have drafted an operational requirements document and acquisition program baseline. These documents are currently under review by FEMA, which oversees the program as a nonmajor acquisition. Program officials said that they are transitioning to operate under the November 2008 Department of Homeland Security acquisition guidance. Challenges: The program must overcome significant challenges in order to deliver a comprehensive public alert and warning system. Program officials said they face challenges in upgrading some Primary Entry Point stations, which are radio stations providing emergency information, to meet changing survivability requirements—as they are subject to legal restrictions concerning the enhancement of private property using government funds. This could have a significant negative impact on system reliability and operations. Moreover, frequent changes in organizational leadership and other staffing-related issues have affected program performance. The program office recently hired its fourth Program Director in 5 years. FEMA officials acknowledge that leadership changes and high turnover make it difficult to consistently manage the program. Program Office Comments: The program office provided technical comments, which were incorporated as appropriate. Program officials indicated that Acquisition Review Board reviews by both FEMA and DHS were planned to occur by May 2010, and all required program documentation has been drafted. Program officials stated that a recent FEMA program management review provided top scores for scope, performance, cost, schedule, and risk management controls and processes on the program. [End of section] National Protection and Programs Directorate: National Cybersecurity Protection System: [Photograph: Source: National Cybersecurity Protection System Program Office] The National Cybersecurity Protection System is intended to reduce the federal government's vulnerabilities to cyber threats by decreasing the frequency of cyberspace disruptions, and by minimizing the duration and damage of those disruptions. The program consists of four discrete "blocks," including the current state and three follow-on end- to-end system upgrades. Current Status: The block 1.0 deployment began in 2003 and was completed after deploying capabilities at 31 sites. DHS is currently deploying block 2.0, and plans to complete the deployment by March 2013. DHS plans to deploy block 2.1 during fiscal years 2010 and 2011. DHS has classified the block 3.0 deployment schedule. Timeline: Start of acquisition (6/08); Block 2.0 operational readiness review (2/09); Block 2.0 initial operating capability (8/09); Block 2.1 operational readiness review (12/09); Block 2.1 initial operating capability (9/10); Block 2.1 full operating capability (6/11); Block 2.0 full operating capability (3/13). Program Essentials: Component: National Protection and Programs Directorate; Major contractor(s): General Dynamics Advanced Information Systems; Fiscal year 2010 funding requested: $186 million; Program office workforce: 26 total government positions planned; 11 total government staff employed; 122 support contractors. Program Challenges: * Schedule slippage; * Unstable architecture and deployment strategy; * Lacks risk mitigation and key project management capabilities. Performance (then-year dollars): Total acquisition cost: Initial estimate: $664 million[A]; Total acquisition cost: Latest estimate: $546 million[A]; Life-cycle cost estimate: Initial estimate: $1,366 million[A]; Life-cycle cost estimate: Latest estimate: $1,257 million[A]; Quantity: Initial estimate: 100; Quantity: Latest estimate: 100; Initial capability (Block 2.0): Initial estimate: June 2009; Initial capability (Block 2.0): Latest estimate: Aug. 2009; Full capability (Block 2.0): Initial estimate: Mar. 2013; Full capability (Block 2.0): Latest estimate: Mar. 2013. [A] Note: Cost estimates submitted to the Office of Management and Budget for 2010 and 2011. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Feb. 2009. Initial version of: Mission Need Statement; Department approval date: Feb. 2009. Initial version of: Operational Requirements Document; Department approval date: Oct. 2009. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date:Not yet approved. National Cybersecurity Protection System: Background: We have reported over the last several years that DHS has yet to fully satisfy its cybersecurity responsibilities. In response to National Security Presidential Directive 54/Homeland Security Presidential Directive 23, and the Comprehensive National Cybersecurity Initiative, the National Cyber Security Division of the National Protection and Programs Directorate established two programs—the National Cybersecurity Protection Program and the National Cybersecurity Protection System. The program encompasses the people, activities, processes, and technologies intended to fulfill DHS's cyber mission, and the system is expected to integrate the hardware and software procured to support the program. Block 1.0 currently provides flow collection and data storage capabilities. Block 2.0 will add intrusion detection capabilities. Block 2.1 will enhance visualization capabilities. Block 3.0 capabilities are classified. DHS also plans future blocks to improve inter-department information sharing and add near real-time detect-and- protect capabilities; however, schedules for these blocks have not yet been determined. The Consolidated Security, Disaster Assistance, and Continuing Appropriations Act, 2009 and the Department of Homeland Security Appropriations Act of 2010 required DHS to submit an expenditure plan for House and Senate Appropriations Committees' approval prior to receiving 50 percent of the National Cyber Security Division's budget. Performance: In July 2009, program officials notified component and department- level oversight officials that the program needed to reschedule the deployments of blocks 2.1 and 3.0. The block 2.1 full operating capability date slipped from the third quarter of fiscal year 2010 to the third quarter of fiscal year 2011. The new deployment schedule for block 3.0 is classified. Program officials attributed the rescheduling to a delay in receiving half of 2009 funding based on approval of the National Cyber Security Division's fiscal year 2009 expenditure plan. The funding was made available in June 2009. Program officials said delayed funding also delayed the implementation of the program's continuity of operations plan by 7 months. Program officials said that the plan is expected to ensure that the system can continue to operate despite disruptions, and will improve system data services, which cannot currently handle block 2.0 data volume and replication requirements. Program officials now expect completion of the plan by the end of 2011. Challenges: The acquisition program's architecture and deployment strategy has not been stabilized for blocks 2.0 and 3.0, although the block 2.0 deployment has begun, and DHS is planning to accelerate development and implementation of certain block 3.0 activities. DHS has acknowledged that the acquisition program lacks risk mitigation and key project management capabilities. DHS has stated that the program has efforts planned and under way to implement more effective controls. Program officials said that they are developing a risk mitigation plan based on an exercise concluding in 2010 or 2011, depending on the decision to execute an additional, optional phase. Program Office Comments and Our Response: The program office provided technical comments to a draft of this assessment, which were incorporated as appropriate. Regarding the statement that the architecture and deployment strategy has not been stabilized, the program office suggested that the December 2008 baseline provided such a strategy. However, in December 2008, the program reported to the DHS acquisition oversight board that this instability was a program risk, and the program also reported the risk to us in July and October 2009. [End of section] National Protection and Programs Directorate: US-VISIT Unique Identity: [Photograph: Source: US-VISIT] United States Visitor and Immigrant Status Indicator Technology (US- VISIT) collects, maintains, and shares information on foreign nationals, including biometric identifiers, acquired by several source agencies. Unique Identity, one of several investments under US-VISIT, is modernizing the current biometric data system by introducing 10- print finger scans and adding identity management capabilities such as data sharing and interoperability with Department of Defense (DOD) and Federal Bureau of Investigation (FBI) systems. Current Status: US-VISIT does not have an approved program baseline including all relevant investments as DHS is restructuring the program. According to program documents, Unique Identity will achieve full operating capability in September 2014. Timeline: Start of Unique Identity acquisition (6/04); Interoperability preliminary design review (3/08); Interoperability critical design review (6/08); Interoperability initial operating capability (10/08); 10-print initial operating capability (3/09); Unique Identity full operating capability (9/14). Program Essentials: Component: National Protection and Programs Directorate; Major contractor(s): Accenture LLP; Fiscal year 2010 funding requested: $28.7 million; Program office: Not available for the separate workforce investments under US-VISIT. Program Challenges: * Unstable and unapproved requirements; * Lack of approved program baseline; * Dependence on outside agency to achieve full operating capability. Performance (then-year dollars): Total acquisition cost: Initial estimate: $160 million[A]; Total acquisition cost: Latest estimate: $79 million[A]; Life-cycle cost estimate: Initial estimate: $225 million[A]; Life-cycle cost estimate: Latest estimate: $132 million[A]; Quantity: Initial estimate: Not applicable; Quantity: Latest estimate: Not applicable; Initial capability: Initial estimate: Sept. 2008; Initial capability: Latest estimate: Mar. 2009; Full capability: Initial estimate: Not defined; Full capability: Latest estimate: Sept. 2014. [A] Note: Estimates submitted to the Office of Management and Budget for Unique Identity 2010 and 2011. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Not yet approved. Initial version of: Mission Need Statement; Department approval date: Not yet approved. Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: June 2009. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. US-VISIT Unique Identity: Background: The US-VISIT program was started to meet congressional mandates to record the entry and exit of foreign nationals. The program currently provides identity management services through operations and maintenance of IDENT—the current automated biometric identification system, the Arrival and Departure Information System, and US-VISIT's analytic support services. At the time of our review, US-VISIT was restructuring the program into individual investments to provide better visibility and traceability of investment dollars to individual projects. Because of the restructuring, the program was unable to provide complete data at either the program or project level. As a result, we were not able to fully assess the program in its entirety. US-VISIT development and deployment efforts consist of two ongoing projects: (1) Unique Identity and (2) Comprehensive Exit. In fiscal year 2015, Unique Identity is projected to enter the operations and maintenance phase and become part of the overall IDENT investment. We did not include Comprehensive Exit in our review because DHS did not request fiscal year 2010 funds for this project. We have previously reported on limitations and made recommendations to improve DHS's efforts to plan and execute its efforts to deliver a Comprehensive Exit capability. Program Performance: US-VISIT, which includes the Unique Identity investment, lacks an approved acquisition program baseline and other acquisition planning and requirements documents. The Enhanced Border Security and Visa Entry Reform Act of 2002, as amended, mandated the use of a biometric standard developed under the USA Patriot Act to track entry and exit of foreign nationals by 2005. The program partially meets that requirement, capturing fingerprint data for all foreign nationals entering the U.S., transmitting the data to a central database, and analyzing that data. Currently, an entry capability operates at almost 300 U.S. ports of entry but a Comprehensive Exit capability does not. Although program officials said that the program has largely transitioned from a 2-print to a 10-print system, the program has yet to fully develop and deploy a back-end system to match the 10-prints against other biographic or biometric data. Unique Identity has reached initial operational capability and is interoperable with the FBI's fingerprint database. According to program officials, most responses from the FBI system are completed within 15 minutes; however, this system can require up to 72 hours for results. Full operational capability, which is in the initial planning stage, will include record linking between the US-VISIT and the FBI fingerprint systems, improved response times for searches, and notification capabilities when updating a biometric record. The program reported that cost estimates submitted to the Office of Management and Budget for 2011 reflect Unique Identity cost reductions to fit within budgetary constraints. Challenges: According to program officials, capabilities and requirements constantly change as a result of new legislative and administrative mandates. Officials do not know when US-VISIT will be fully interoperable with the FBI fingerprint database, but they have already agreed on capabilities and requirements work, which is in progress. Interoperability depends upon completion of specific tasks on the FBI's Next Generation biometric and fingerprint system, projected for completion in 2014. Program Office Comments: The program office provided technical comments on a draft of this assessment, which were incorporated as appropriate. Officials also noted that the program has been restructured, increasing the scope of Unique Identity, since our review began. [End of section] Office of Health Affairs: Biosurveillance Common Operating Network: [Illustration: Source: SAIC] The mission of the National Biosurveillance Integration Center is to collect, integrate, analyze, and disseminate information from existing human health, animal, plant, food, and water surveillance systems, and relevant threat and intelligence information to provide early recognition of bioevents in order to mitigate the consequences. The Biosurveillance Common Operating Network, formerly known as National Biosurveillance Integration System 2.0, is the information technology system supporting the Center. Current Status: Program officials said that data backup capability has been delayed a year and consider this delay a significant operational risk. The Network is currently in the operations and maintenance phase. Timeline: Start of acquisition (9/06); Preliminary design review (12/06); Critical design review (3/07); Initial operating capability (3/08); Full operating capability (9/08). Program Essentials: Component: Office of Health Affairs; Major contractor(s): SAIC; Fiscal year 2010 funding requested: $2.1 million; Program office workforce: N/A total government positions planned; 1.25 total government staff employed; 2.5 support contractors. Program Challenges: * Lack of data sharing between agencies; * Delay in data backup; * Operations and maintenance cost increases. Performance (then-year dollars): Total acquisition cost: Initial estimate: $14.3 million[A]; Total acquisition cost: Latest estimate: $13.1 million[A]; Life-cycle cost estimate: Initial estimate: $26.5 million[A]; Life-cycle cost estimate: Latest estimate: $26.5 million[A]; Quantity: Initial estimate: 1; Quantity: Latest estimate: 1; Initial capability: Initial estimate: Nov. 2007; Initial capability: Latest estimate: Mar. 2008; Full capability: Initial estimate: Mar. 2008; Full capability: Latest estimate: Sept. 2008*. * Note: Capabilities delivered varied substantially from initial estimates; the Center was not fully operational as an integration center by Sept. 2008. [A] Program reported cost estimates for 2006 and 2008. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Not available. Initial version of: Mission Need Statement; Department approval date: Not available. Initial version of: Operational Requirements Document; Department approval date: Not available. Initial version of: Acquisition Plan; Department approval date: Apr. 2006. Initial version of: Integrated Logistics Support Plan; Department approval date:Not available. Biosurveillance Common Operating Network: Background: The Center was created to integrate real-time biosurveillance data from multiple federal agencies such as the Centers for Disease Control (CDC), the Food and Drug Administration (FDA), and the United States Department of Agriculture (USDA) in order to rapidly identify and characterize a bioterrorist attack. Once a potential event is detected, the Center disseminates alerts to enable rapid response to a biological event to mitigate the potential consequences. In July 2007, the DHS Office of Inspector General reported that the Center lacked sustained program leadership and was not a priority, because ownership of the program shifted among department organizations numerous times, with corresponding fluctuations in the program approach, priority, and accomplishments. The original information technology system was designed to process structured data received directly from federal partners, such as CDC, FDA, and USDA. However, the Center receives limited data from federal partners and generally lacks assignments of personnel from other agencies to leverage analytical expertise. As a result, the Network is primarily used to search the Internet for media articles that may contain relevant biosurveillance information for the Center's analysts. Performance: Program officials told us that the Network spent about $1 million less on acquisition costs than initially estimated, although delivery of full operating capability was delayed by 6 months. The program was affected by lack of available biosurveillance data from other federal agencies. The program significantly modified the system design to use unstructured data from public sources rather than structured data from other agencies. The program reduced costs by dropping three of six systems, due to no longer requiring these classified systems. Officials previously told us that they planned to add a software tool to the Network to refine results when performing historical analysis of archived data, but this has been put on hold due to budget constraints. Challenges: We previously reported that the Center does not receive the kind of data it has identified as most critical for supporting its mission— particularly, data generated at the earliest stages of an event. The Center is not fully equipped to carry out its mission because it lacks key resources from its partner agencies—data and personnel—which may be partially attributed to the need for greater collaboration. In interviews with partner agencies, we found confusion, uncertainty, and skepticism as to the value of participation in the interagency community, as well as to the mission and purpose of the Center within that community. Agency officials also expressed a lack of clarity about roles, responsibilities, joint strategies, policies, and procedures for operating across agency boundaries. The program reported that the Network's operations and maintenance costs are greater than originally anticipated, so the data backup capability will be delayed for a year. Program officials consider this delay a significant operational risk. The program reported that no full-time government personnel are dedicated to the Network. The Network and other Center functions share staff, including contractor support. Furthermore, the program does not have an approved sustainment plan although it is in the operations and maintenance phase. Program Office Comments and Our Response: In responding to a draft of this assessment, the program office provided technical comments, which were incorporated as appropriate. Program officials stated that all of the program's key acquisition documents were component approved in December 2004. However, they were unable to provide documentation of this at the time of our review. Because the program is not a major investment, departmental approval of key program documents is not required. [End of section] Office of Health Affairs: BioWatch Generation-3: [Photograph: Source: BioWatch] The BioWatch program's mission is to rapidly detect airborne biological agents in order to speed response and recovery from a terrorist event. BioWatch Generation-3 replaces manually-intensive, primarily outdoor legacy systems with an automated detection capability allowing a quicker response to a biological attack. This is expected to greatly reduce the number of potential fatalities caused by an attack by shortening the time elapsed between exposure and treatment. Current Status: The program is currently evaluating biodetection technologies for a future acquisition. Delivery of an initial capability has been delayed 18 months due to unavailability of vendor equipment, change in testing responsibilities, and additional time required to complete DHS reviews. Timeline: Production readiness review (9/10); Operational testing (9/11); First Generation-3 deployment (9/11); Initial operating capability (6/12); Full operating capability (3/15). Program Essentials: Component: Office of Health Affairs; Major contractor(s): Hamilton Sundstrand Northrup-Grumman; Fiscal year 2010 funding requested: $122 million; Program office workforce: 5 total government positions planned; 3 total government staff employed; 9 support contractors. Program Challenges: * Understaffing; * Technical risk. Performance (then-year dollars): Total acquisition cost: Initial estimate: $407 million[A]; Total acquisition cost: Latest estimate: $493 million[A]; Life-cycle cost estimate: Initial estimate: $921 million[A]; Life-cycle cost estimate: Latest estimate: $2,106 million[A]; Quantity: Initial estimate: 2,570; Quantity: Latest estimate: 2,570; Initial capability: Initial estimate: Dec. 2010; Initial capability: Latest estimate: June 2012; Full capability: Initial estimate: Mar. 2014; Full capability: Latest estimate: Mar. 2015. [A] Note: Estimates submitted to the Office of Management and Budget for 2010 and 2011. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Not yet approved. Initial version of: Mission Need Statement; Department approval date: Dec. 2009. Initial version of: Operational Requirements Document; Department approval date: Apr. 2009. Initial version of: Acquisition Plan; Department approval date: May 2009. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. BioWatch Generation-3: Background: Program officials told us that BioWatch Generation 1 and 2 detection systems do not provide a long-term solution, because the collection process is labor intensive and can require up to 36 hours to identify a biological agent. The BioWatch Generation-3 detection system is planned as a fully autonomous, networked biosensor that collects and analyzes samples on-site and autonomously transmits the results to BioWatch labs where the state laboratory directors interpret the signal. Generation-3 is intended to detect all biological agents on BioWatch's list of biological threats. DHS's Office of Health Affairs developed the original Generation-3 requirements in coordination with the Science and Technology Directorate. "Assay" validation-—testing to validate systems that can detect biological agents—-was subsequently transitioned to the BioWatch program. Program officials expect to replace the about 600 existing legacy collection systems and deploy approximately 2,000 additional detection systems. Performance: Program officials said they are in the process of validating vendor technologies to ensure meeting Generation-3 requirements. At the time of our review, plans for testing and evaluation of new technologies were not yet finalized. Program officials said that if no vendor systems are proven to meet requirements, the program will return to developing the technology of the Science and Technology Directorate. The program is preparing for a competitive procurement. Program officials reported that the shift of assay validation from the Science and Technology Directorate to the Office of Health Affairs required the program to establish a capability for evaluating existing assays, leading to cost growth and testing delays as compared with initial estimates. Officials also reported schedule delays due to longer than expected time frames for vendors to deliver equipment and internal review cycles. The program reported a lack of concurrence with the Centers for Disease Control on criteria for actionable assays that contributed to increased cost and schedule delays. To address this issue, BioWatch invested resources with a national lab and the Centers for Disease Control to initiate a detailed plan of action for documenting requirements for public health actionable assays. Challenges: The program reported that the Consolidated Security, Disaster Assistance, and Continuing Appropriations Act, 2009 resulted in the program using a competitive procurement, which prevented the use of the incumbent contractor's more mature technologies developed by the program. Program officials said that inclusion of the more mature technologies would give the existing contractor an unfair advantage in procuring future contracts. DHS officials stated that they expect the currently identified candidate technologies to perform as well or better than the previously developed prototypes. The program currently lacks clear requirements due to lack of agreement between the program office and the Centers for Disease Control on what constitutes a public health assay. However, program officials do not expect this to affect the first phase of the program, because they intend to use contractor assays for this phase. In addition, officials reported that insufficient program staffing contributed to delays in developing plans and required documentation, and that they were in the process of hiring additional staff. Program Office Comments: The program office provided technical comments on a draft of this assessment, which were incorporated as appropriate. [End of section] Transportation Security Administration: Electronic Baggage Screening Program: [Photograph: Source: Transportation Security Administration] The Electronic Baggage Screening Program is responsible for screening all checked airline baggage in the United States, to reduce the probability of a successful terrorist or criminal attack to the air transportation system. The program relies on Explosive Detection System (EDS) equipment and Explosives Trace Detector devices as primary screening technologies. Current Status: The program does not have a required department-approved program baseline or program requirements. The program is acquiring and deploying next-generation explosive detection technology to replace legacy systems and meet emerging threats. The program received $700 million in American Recovery and Reinvestment Act (Recovery Act) funds which it is using to accelerate systems deployment by over 2 years. Timeline: Start of acquisition (8/03); Initial operating capability (12/03); EDS test and evaluation (5/10); Award EDS procurement (1/11); Full operating capability (9/19). Program Essentials: Component: Transportation Security Administration (TSA); Major contractor(s): GE Homeland Protection, L-3 Communications, and Reveal; Fiscal year 2010 funding requested: $336 million; Program office workforce: 35 total government positions planned; 27 total government staff employed; 89 support contractors. Program Challenges: * Unapproved requirements; * Lack of approved program baseline and planning documents; * Technical problems. Performance (then-year dollars): Total acquisition cost: Initial estimate: $11,360 million[A]; Total acquisition cost: Latest estimate: $15,316 million[A]; Life-cycle cost estimate: Initial estimate: $19,930 million[A]; Life-cycle cost estimate: Latest estimate: $23,696 million[A]; Quantity: Initial estimate: Not applicable; Quantity: Latest estimate: Not applicable; Initial capability: Initial estimate: Dec. 2002; Initial capability: Latest estimate: Dec. 2003; Full capability: Initial estimate: Sept. 2029; Full capability: Latest estimate: Sept. 2019. [A] Note: Estimates submitted to the Office of Management and Budget for 2010 and 2011. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Not yet approved. Initial version of: Mission Need Statement; Department approval date: Not yet approved. Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. Electronic Baggage Screening Program: Background: The Electronic Baggage Screening Program has received substantial increases in funding since September 11, 2001. In addition to receiving large supplemental appropriations in recent years, the program received $700 million in Recovery Act funding to enhance current threat detection capabilities, increase the efficiency of the checked-baggage screening process, and contribute to the long-term development of a flexible security infrastructure capable of accommodating future growth. Program officials explained that requirements could change in response to emerging threats. The program does not directly fund research and development of new technology. Instead, DHS's Science and Technology Directorate or the Transportation Security Administration provide specifications to vendors, allow vendors to build the systems, and then run certification tests to verify that systems meet requirements. If systems qualify, they undergo operational testing at TSA's System Integration Facility. Performance: After a DHS review of the program's life-cycle cost estimate, program officials informed the DHS Acquisition Review Board in November 2009 that the current estimate of $24 billion (then-year dollars) needed more comprehensive detail and that its degree of accuracy could not be determined. Program officials expected a complete estimate validated by DHS in January 2010, after determining solutions for addressing emerging threats and equipment upgrades. Program officials said that other key program documents are moving forward in the approval process. The program intends to award contracts for a competitive procurement for Explosive Detection Systems screening technology by January 2011. Program officials indicated that the sole-source contracts used for legacy equipment were costly for the program. Program officials told us that vendors are expected to meet the minimum subset of the new detection requirements that include three different capability levels for detecting homemade explosives. Program officials reported that full capability will be reached when optimal solutions have been deployed at all airports. However, the time frame depends upon airport readiness and the ability of airports to fund their share of project costs. TSA provides funding for equipment purchase and installation and a portion of facility modification costs, while the airport contributes the remaining share of the funding. Challenges: Program officials indicated that some schedule delays have been caused by activities related to testing, including data collection activities, development of test sets, equipment availability, and test scheduling. Future delays could be caused by new threats leading to new requirements and a need for additional vendor development and testing. Program officials stated that currently they can only test new requirements based on the minimum level of detection required. Furthermore, a substantial portion of legacy equipment is now nearing the projected end of its useful life. In July 2009, the program reported that annual compliance costs and recapitalization expenses, when combined with recurring programwide costs, sometimes exceed the budget. In future years, program costs could grow significantly as cost estimates are reassessed to include new requirements. Additionally, the program has no department-approved program documents. Program Office Comments and Our Response: The program office provided technical comments on a draft of this assessment, which were incorporated as appropriate. Program officials commented that detection requirements changed in January 2010 as a result of a change in threats, rather than a failure to manage requirements changes. However, detection requirements are only a portion of program requirements, and the program does yet not have a department-approved baseline. [End of section] Transportation Security Administration: Passenger Screening Program: [Photograph: Source: Transportation Security Administration] The Passenger Screening Program tests, deploys, and sustains screening equipment to identify threats at airport terminal passenger screening checkpoints. The program relies primarily on commercial-off-the-shelf software technologies to meet requirements. Current Status: The Passenger Screening Program deploys next generation detection systems to address existing security gaps and detect a wider variety of threats (such as new explosive materials and nonmetallic weapons). The program received $300 million in American Recovery and Reinvestment Act (Recovery Act) funds to accelerate deployment of new equipment by more than 3 years. Timeline: Start of acquisition (9/03); Advanced Imaging Technology initial operating capability (3/10); Bottled Liquids Scanner full operating capability (6/11); Enhanced Metal Detector full operating capability (3/15); Explosives Trace Detector 2 full operating capability (6/15). Program Essentials: Component: Transportation Security Administration; Major contractor(s): Smiths Detection, Rapiscan, and L-3 Communications; Fiscal year 2010 funding requested: $155.1 million; Program office workforce: 20 total government positions planned; 16 total government staff employed; 32 support contractors. Program Challenges: * Unstable requirements; * Technical problems; * Sustainment funding. Performance (then-year dollars): Total acquisition cost: Initial estimate: $1,872 million[A]; Total acquisition cost: Latest estimate: $2,559 million[A]; Life-cycle cost estimate: Initial estimate: $2,593 million[A]; Life-cycle cost estimate: Latest estimate: $4,306 million[A]; Quantity: Initial estimate: Not applicable; Quantity: Latest estimate: Not applicable; Initial capability: Initial estimate: Dec. 2002; Initial capability: Latest estimate: Apr. 2006; Full capability: Initial estimate: Dec. 2009; Full capability: Latest estimate: June 2015. [A] Note: Estimates submitted to the Office of Management and Budget for 2010 and 2011. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: May 2006. Initial version of: Mission Need Statement; Department approval date: Sept. 2008. Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. Passenger Screening Program: Background: The Transportation Security Administration reported meeting the statutory deadline for screening passengers and baggage in 2002, but with some capability shortfalls and the opportunity to improve effectiveness and efficiency of passenger screening checkpoints and equipment. Since fiscal year 2002, DHS invested over $921 million in airline passenger screening technologies. Program officials told us that ever-changing threats necessitate ongoing investment in new and improved technology, to provide the traveling public with optimal security screening benefits. The program is acquiring numerous advanced technological systems and testing and evaluating the systems based on detection and nondetection requirements. Systems need to detect explosives, fit within the constraints of existing airport floor space, and maintain passenger and baggage screening throughput requirements. In 2009, we reported that the Transportation Security Administration had been unable to assess the extent to which technology investments have reduced or mitigated the risk of terrorist attacks. We also reported that Explosives Trace Portals were deployed without resolving performance problems or validating operational requirements, and that these systems have not been proven to increase security at checkpoints. Explosive Trace Portals deployment was halted in June 2006 because of performance problems and high installation costs. Performance: DHS approved the program baseline in 2006; however, according to program officials, the requirements have been revised each year since 2001 due to rapidly changing technologies and threats. DHS asked the program manager to revise the life-cycle cost estimate to include long- term costs. The program is also revising its Acquisition Program Baseline to incorporate updated technologies. Four projects have not begun acquisition activities and an additional four are in the integration and testing phase. Achievement of full operating capability for the program was initially planned for 2009, but has been delayed until June 2015, due in part to changes in technologies. Challenges: Program officials reported they are not able to field new technologies quickly. The program must qualify new technology before the vendor can compete at the direct order level. They also noted that commercial-off- the-shelf technology may not address perceived threats to aviation. Program officials also said that poor test results of new technologies negatively affect the program because they cannot rapidly deploy new technology. According to program officials, it is sometimes difficult for detection systems to meet program requirements and vendors may require multiple attempts to pass tests because they lack access to restricted explosives. The accelerated deployment using the $300 million in Recovery Act funds—almost twice the amount of the program's budget request for fiscal year 2010—places increased demands on the program staff to meet the new schedule. Additionally, the program may not have the maintenance and system sustainment funds to support the accelerated deployment. Program Office Comments: Program office officials provided technical comments which were incorporated as appropriate. Program officials stated that certain key program documents did not previously require departmental approval and that the component has produced life-cycle cost estimates from product acquisition to disposal. However, they also told us that life-cycle cost estimates have not yet been validated. In addition, they stated new capability requirements are added within the existing program, rather than creating new programs as time progresses, which affects program schedule. [End of section] Transportation Security Administration: Secure Flight: [Photograph: Source: Transportation Security Administration] The Secure Flight program allows the Transportation Security Administration (TSA) to compare air passengers' information to Terrorist Screening Center watch lists for international and domestic flights. Aircraft operators collect passenger information and transmit the data to TSA. Secure Flight conducts automated comparisons for all passengers for whom data are submitted, and more than 99 percent will be cleared in advance of their arrival at the airport, according to program officials. Current Status: Program officials reported that Secure Flight achieved initial operating capability in January 2009, and planned to implement the program with all aircraft operators by December 2010. The program is currently in the process of deploying the system to airlines. Timeline: Start of acquisition (2/04); Preliminary design review (5/08); Critical design review (7/08); Production readiness review (12/08); Initial operating capability (1/09); Full operating capability (12/10). Program Essentials: Component: Transportation Security Administration; Major contractor(s): Infozen, Deloitte, and International Business Machines; Fiscal year 2010 funding requested: $85 million; Program office workforce: 113 total government positions planned; 113 total government staff employed; 187 support contractors. Program Challenges: * Unstable and unapproved requirements; * Cost growth; * Schedule delays; * Aircraft operator compliance. Performance (then-year dollars): Total acquisition cost: Initial estimate: $97 million[A]; Total acquisition cost: Latest estimate: $153 million[A]; Life-cycle cost estimate: Initial estimate: $685 million[A]; Life-cycle cost estimate: Latest estimate: $1,362 million[A]; Quantity: Initial estimate: Not applicable; Quantity: Latest estimate: Not applicable; Initial capability: Initial estimate: Dec. 2008; Initial capability: Latest estimate: Jan. 2009; Full capability: Initial estimate: Dec. 2009; Full capability: Latest estimate: Dec. 2010. [A] Note: Cost estimates submitted to the Office of Management and Budget for 2009 and 2011. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Dec. 2006. Initial version of: Mission Need Statement; Department approval date: Oct. 2006. Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: Apr. 2008. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. Secure Flight: Background: Prior to the Secure Flight program, aircraft operators were responsible for screening passengers based on watch list data provided to airlines by the Transportation Security Administration. This resulted in inconsistent screening processes from airline to airline, as well as limited control over sensitive homeland security data after watch list information was distributed outside the U.S. government. When Secure Flight is fully implemented, it will provide passenger watch list matching for all covered airline flights, including flights into and out of the U.S., flights over the continental U.S., and international flights conducted by covered U.S. airlines. Secure Flight intends to provide more consistent matching, enhanced redress procedures, and improved privacy controls. In January 2009, Secure Flight started implementing the program with a small number of volunteer airlines and officials estimate full implementation with all covered aircraft operators by December 2010. Program officials estimate that Secure Flight will screen more than 2.5 million passengers daily at full capacity. We reported in May 2009 that Secure Flight had generally achieved 9 of 10 statutory requirements for the program, and had conditionally achieved the last requirement regarding reliable cost and schedule estimates. We have since concluded that the program has met the last requirement. Performance: The Secure Flight program achieved initial operating capability in January 2009, without significant delay to the milestone. However, the estimated date of full operating capability has slipped by a year, to December 2010. Program acquisition cost estimates have increased by $57 million, or 59 percent over 2 years. Life-cycle cost estimates have also increased by nearly 100 percent ($677 million). Secure Flight officials attribute schedule delays and cost growth to the program needing to increase total system capacity as a result of system requirements changes during the rulemaking process. As the program progressed, officials became more aware of the system size requirements and aircraft operator system capabilities, which led to cost increases for the volume and number of records to be processed. Also, program scope increased as the initial schedule did not include implementation with foreign airlines, according to officials. Challenges: In 2006, Secure Flight made significant changes in program requirements due to privacy and security concerns. Requirements have changed further since 2006, and only two of six performance requirements remained the same in the revised 2008 acquisition program baseline. For example, the program added requirements regarding the Service Center, the Secure Flight customer service center that provides resolution of airline operator inquiries. Program officials report the risk of aircraft operators not complying with the implementation schedule as the greatest program challenge. Officials said that they are working with aircraft operators on a daily basis to address schedule compliance. Some operators have expressed concern about meeting the schedule because of the complexity and the cost of system upgrade requirements. The program also faces risk with the Service Center government and contractor personnel not receiving timely security clearances. Program Office Comments and Our Response: Program officials emphasized that the cost increases and schedule delays since 2006 were due to expanded program scope and modification of the implementation strategy that resulted in rebaselining. They point out that cost growth has been minimal since the rebaselining in 2008. They noted that performance requirements were altered in 2008 to better measure the key metrics of quality for the program, but they do not think that this indicates requirements instability. [End of section] U.S. Coast Guard: Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR): [Illustration: Source: U.S. Coast Guard] The Coast Guard's Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) program is designed to be an interoperable network that combines information from Coast Guard assets and sensors, allowing the Coast Guard to see, comprehend, and communicate rapidly. Current Status: C4ISR is being developed incrementally: the first increment became operational in 2009, the second is currently in design development, and a third is in the "need" or requirements development phase. Timeline: Start of acquisition (6/02); Segment 1 initial operating capability (4/09); Segment 2, Spiral 1 preliminary design review (6/09) Segment 2, Spiral 1 critical design review (9/09); Full operating capability (2014). Program Essentials: Component: United States Coast Guard; Major contractor(s): Integrated Coast Guard Systems; Fiscal year 2010 funding requested: $35 million; Program office workforce: 38 total government positions planned; 32 government staff employed; 71 support contractors. Program Challenges: * Schedule delays; * Development risk; * Lack of approved requirements and acquisition planning documents. Performance (then-year dollars): Total acquisition cost: Initial estimate: $1,353 million[A]; Total acquisition cost: Latest estimate: $1,353 million[A]; Life-cycle cost estimate: Initial estimate: $1,353 million[A]; Life-cycle cost estimate: Latest estimate: $1,353 million[A]; Quantity: Initial estimate: Not applicable; Quantity: Latest estimate: Not applicable; Initial capability: Initial estimate: June 2007; Initial capability: Latest estimate: Apr. 2009; Full capability: Initial estimate: Sept. 2014; Full capability: Latest estimate: Sept. 2014. [A] Note: Cost estimates submitted to the Office of Management and Budget for 2009 and 2011. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: May 2007. Initial version of: Mission Need Statement; Department approval date: Apr. 2005. Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. C4ISR: Background: The Coast Guard is currently developing an infrastructure for C4ISR that would introduce new sensors and communications systems in its future, as well as some existing, assets. As designed, this infrastructure will collect, integrate, and present information into a single common operating picture to facilitate mission execution. The Coast Guard is developing C4ISR in an evolutionary fashion, with more functionality and assets added in increments, also referred to as segments. Segment 2, which is currently in development, will produce two spirals of capability intended to correct issues found in Segment 1, update software to avoid obsolescence, and add some new functionality in the way that data are displayed, recorded, and managed. Program officials state that development of the third segment has been delayed due to funding constraints, although development of capabilities for key assets, such as the Offshore Patrol Cutter, will continue. Performance: According to program officials, the Coast Guard lacked visibility into the software development processes and the requirements used by Integrated Coast Guard Systems as a basis for Segment 1 development. According to Coast Guard and contractor officials, costs grew as the Coast Guard refined requirements to better meet their needs. Although development and acquisition of C4ISR continues, DHS continues to reevaluate and review C4ISR requirements, schedule, and costs. Despite the lack of a department-approved acquisition program baseline, the Coast Guard approved an acquisition strategy and awarded a contract— authorized by DHS—for the design and development of Segment 2, which includes options for up to $78 million worth of work through 2011. Challenges: According to program officials, the timely completion of acquisition documentation is one of their challenges, especially as responsibility for development shifts from Integrated Coast Guard Systems to the Coast Guard, and could result in delays to future contract awards and schedule. A second challenge is the dependence of requirements for Segment 3 on the development of the Offshore Patrol Cutter. C4ISR could be at risk of schedule delays if the Offshore Patrol Cutter does not develop as anticipated. A second challenge reported by program officials is the ability to keep communications secure, especially in transferring classified information. To maintain this capability, the Coast Guard must upgrade key software and systems to remain in compliance with the regulations of the agencies maintaining the architecture for secure communications. If not planned and executed properly, the need for upgrades to, or replacement of, key systems could result in cost growth that delays the delivery of future capabilities. To facilitate timely system upgrades and replacement, Coast Guard officials state that they have obtained all the necessary data rights and software code for Segment 1, and intend to develop future increments of capability in a manner allowing the Coast Guard to support C4ISR systems. Program Office Comments and Our Response: The program office provided technical comments, which were incorporated as appropriate. Program officials indicated in their comments that the planned full operating capability date for C4ISR has been delayed to fiscal year 2018. However, the most recent Coast Guard Quarterly Acquisition Report to Congress indicates the date as 2014. [End of section] U.S. Coast Guard: Maritime Patrol Aircraft: [Photograph: Source: Integrated Coast Guard Systems] The Maritime Patrol Aircraft is intended to be a transport and surveillance, fixed-wing aircraft used to perform search and rescue missions, enforce laws and treaties, and transport cargo and personnel. The aircraft is to use the Mission System Pallet, a suite of electronic equipment designed to provide the aircraft with improved surveillance sensors and operational awareness, to complete homeland security and other missions. Current Status: The program plans to procure 36 aircraft. Eight of the 11 aircraft under contract were delivered, and 9 more have been approved for low- rate production. The program expects to have its full-rate production decision after the completion of operational test and evaluation, in fiscal year 2012. Timeline: Start of acquisition (5/03); Preliminary design review (12/04); Critical design review (6/05); Production readiness review (2/06); Initial operating capability (4/09); Operational testing completed (9/12); Full operating capability (9/20). Program Essentials: Component: United States Coast Guard; Major contractor(s): Integrated Coast Guard Systems; Fiscal year 2010 funding requested: $175 million; Program office workforce: 7 total government positions planned; 5.5 total government staff employed; 1 support contractor. Program Challenges: * Planning significant procurement before completion of operational testing; * Understaffing; * Lacking approved requirements and planning documents. Performance (then-year dollars): Total acquisition cost: Initial estimate: $1,706 million[A]; Total acquisition cost: Latest estimate: 2,223 million[A]; Life-cycle cost estimate: Initial estimate: $22,773 million[A]; Life-cycle cost estimate: Latest estimate: $12,285 million[A]; Quantity: Initial estimate: 36; Quantity: Latest estimate: 36; Initial capability: Initial estimate: Dec. 2007; Initial capability: Latest estimate: Apr. 2009; Full capability: Initial estimate: Sept. 2016; Full capability: Latest estimate: Sept. 2020. [A] Note: Estimates based on May 2007 baseline and Dec. 2009 U.S. Coast Guard Quarterly Report to Congress. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Feb. 2009. Initial version of: Mission Need Statement; Department approval date: Apr. 2005, Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. Maritime Patrol Aircraft: Background: The Maritime Patrol Aircraft program plans to procure and maintain 36 aircraft, each equipped with a Mission Systems Pallet. Initially part of the Deepwater program, in February 2009, DHS approved a separate acquisition program baseline for the program. In that same month, the Coast Guard submitted a test plan to DHS with the intent of obtaining approval for full-rate production based on the results of a November 2008 operational assessment. In April 2009, the DHS Director, Operational Test and Evaluation, approved the plan for testing leading up to initial operational test and evaluation, but required the Coast Guard to update and resubmit the plan before operational testing begins. DHS and Coast Guard policy require operational testing to be conducted before approval of full-rate production. The Coast Guard has made a significant investment in this program before operational testing can demonstrate that what it is buying meets Coast Guard needs. Performance: According to the February 2009 Program Baseline document, the program is 4 years behind schedule for delivering full capability, due to aircraft and mission system pallet cost increases, delays in the mission system pallet, and funding limitations. However, the program is currently on schedule to procure 16 aircraft by fiscal year 2014. Should the schedule slip further, the service life of the legacy aircraft may be extended, which may lead to additional legacy aircraft sustainment costs. Challenges: With 8 of 36 Maritime Patrol Aircraft delivered, and another 3 under contract, the Coast Guard has made a significant investment before testing can demonstrate that the product meets Coast Guard needs. The Coast Guard plans to procure 16 aircraft by the end of fiscal year 2014. According to the senior official responsible for managing aviation assets, budget constraints may limit the total amount procured on low- rate production contracts to 17 of 20 aircraft. DHS has not approved the operational requirements for the program, which could increase the risk of having an unrealistic program baseline. Further, the Coast Guard manages the program with 5.5 full-time equivalent government staff and one support contractor. Program Office Comments: The program office provided technical comments on a draft of this assessment, which were incorporated as appropriate. In March 2010, program officials said that the program's latest life-cycle cost estimate is $23,879 million, $11,594 million more than reported to Congress in December, 2009. Program officials also said that the program's Acquisition Plan and requirements documents were Coast Guard approved in accordance with relevant guidance at the time of their approvals. Program officials told us the program office workforce is assisted by staff working for other Coast Guard offices, including staff at the Aviation Logistics Center, the Aviation Training Center, and various Coast Guard technical authorities on integrated product teams. [End of section] U.S. Coast Guard: National Security Cutter: [Photograph: Source: U.S. Coast Guard] The Coast Guard's National Security Cutter is intended to be the flagship of the Coast Guard's fleet. The 418-foot cutter is designed to achieve a 12,000 nautical mile range and to provide an extended on- scene presence and the capability to perform long transits and forward deployment. The cutter and its aircraft and boat assets are to operate worldwide. Each cutter is expected to have a 30 year service life. Current Status: Two of the eight cutters have been delivered and the Coast Guard expects operational testing to be complete by September 2011. Delivery of full operating capability is expected in 2018—more than 3 years later than initially planned. Timeline: Start of acquisition (7/02); Preliminary design review (3/03); Critical design review (6/03); Production readiness review (5/04); Initial operating capability (6/08); Operational assessment (4/10); Operational testing completed (9/11); Full operating capability: (6/18). Program Essentials: Component: United States Coast Guard; Major contractor(s): Integrated Coast Guard Systems; Fiscal year 2010 funding requested: $281.5 million; Program office workforce: 50 total government positions planned; 50 total government staff employed; 29 support contractors. Program Challenges: * Limitations in operational performance; * Insufficient support assets; * Lacking approved operational requirements and planning documents. Performance (then-year dollars): Total acquisition cost: Initial estimate: $3,450 million[A]; Total acquisition cost: Latest estimate: $4,749 million[A]; Life-cycle cost estimate: Initial estimate: $22,998 million[A]; Life-cycle cost estimate: Latest estimate: $24,277 million[A]; Quantity: Initial estimate: 8; Quantity: Latest estimate: 8; Initial capability: Initial estimate: Sept. 2008; Initial capability: Latest estimate: June 2008; Full capability: Initial estimate: Sept. 2014; Full capability: Latest estimate: June 2018. [A] Note: Estimates based on 2006 baseline and 2009 U.S. Coast Guard Quarterly Report to Congress. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: May. 2007. Initial version of: Mission Need Statement; Department approval date: Apr. 2005. Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. National Security Cutter: Background: The National Security Cutter program is projected to take delivery of a total of eight cutters between 2008 and 2018 and operate them for 30 years. In May 2008, the Coast Guard took delivery of the first-in- class Bertholf, and took delivery of the second-in-class Waesche in November 2009. In 2002, the Coast Guard awarded a contract to Integrated Coast Guard Systems to produce and manage the National Security Cutter and other Deepwater assets as systems integrator. After a series of project failures, the Coast Guard announced in April 2007 that it would take over the system integrator role for all Deepwater assets, including the National Security Cutter. DHS subsequently approved an acquisition program baseline for the Cutter separate from other Deepwater projects in December 2008. Performance: The Cutter program has experienced significant cost growth, which the program partially attributes to changes in economic factors, such as labor and commodity prices and international currency exchange rate fluctuations. Program officials stated that completion of operational testing and evaluation has been delayed by a year beyond the initially estimated date to allow for extended testing. The eighth and final cutter, planned for 2014 in the original baseline, is now expected to be fully operational in June 2018 based on current production plans. Challenges: According to Coast Guard officials, the cutters face deficiencies that need to be addressed before the first and second cutters can be certified as fully operational, currently planned for the fourth quarter of fiscal year 2011 for the first-in-class Bertholf. The cutters currently lack a shipboard classified information facility required for participation in certain Department of Defense missions and exercises. According to the Coast Guard, installation of this facility is meeting schedule goals. However, as of July 2009, full installation of sub-systems that aid the movement of helicopters into the Cutter's two hangars was not yet complete, as the helicopters accompanying the Cutter had not yet been modified to use this subsystem. Additionally, the Coast Guard plans to deploy the first cutter without unmanned aircraft—key support assets intended to operate with the National Security Cutter. The Coast Guard is conducting an analysis of alternatives to address this issue and also assessing a Navy unmanned helicopter. Continued delays in the delivery of these assets will result in the cutter's operating with less capability than originally planned. Operational requirements and acquisition planning documents are not yet DHS approved, although they have been approved by the Coast Guard. Program Office Comments: The program office provided technical comments on a draft of this assessment, which were incorporated as appropriate. Program officials stated that key program documents did not require departmental approval at the time they were created. They reported the Coast Guard approved the program baseline and requirements documents in 2005-2006 and the Acquisition Plan in 2008. [End of section] U.S. Coast Guard: Rescue 21: [Illustration: Source: U.S. Coast Guard] Rescue 21 is an advanced command, control, and communications system designed to improve the Coast Guard's ability to execute all missions in the coastal zone, and is essential to its search and rescue mission. The system seeks to leverage technology to more accurately locate distress calls, enhance distress call clarity, reduce coverage gaps, and provide significantly increased operational availability. Current Status: The Rescue 21 program is currently deployed in 24 out of 39 locations. The program plans to deliver full capability at all locations by the end of fiscal year 2017, 9 years later than the date established in its 2005 program baseline. Timeline: Start of acquisition (9/02); Developmental test and evaluation (2/05); Operational test and evaluation (3/05); Initial operating capability (9/06); Low-rate initial production (12/06); Western Rivers project deployed (9/12); Full operating capability (9/17). Program Essentials: Component: United States Coast Guard; Major contractor(s): General Dynamics C4 Systems; Fiscal year 2010 funding requested: $117 million; Program office workforce: 71 total planned government positions; 65 total government staff employed; 15 support contractors. Program Challenges: * Cost growth; * Tower availability; * Technical problems; * Risk of technology becoming obsolete. Performance (then-year dollars): Total acquisition cost: Initial estimate: $827 million Total acquisition cost: Latest estimate: $1,067 million Life-cycle cost estimate: Initial estimate: $1,639 million Life-cycle cost estimate: Latest estimate: $2,693 million Quantity: Initial estimate: 46; Quantity: Latest estimate: 39; Initial capability: Initial estimate: Sept. 2005; Initial capability: Latest estimate: Sept. 2006; Full capability: Initial estimate: Sept. 2008; Full capability: Latest estimate: Sept. 2017. [A] Note: Estimates submitted to the Office of Management and Budget for 2009 and 2011. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Apr. 2006; Initial version of: Mission Need Statement; Department approval date: Not yet approved. Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. Rescue 21: Background: Rescue 21 is replacing antiquated communications systems used to monitor the international distress frequency, coordinate rescue operations, and communicate with vessels. The program is deploying systems to 39 locations across the United States. The program's contract with the prime contractor covers 34 locations and is scheduled to end in fiscal year 2012. The Coast Guard is currently the system integrator for the Ohio River Valley, the Lower Mississippi, Upper Mississippi, and two Alaska locations. DHS decided not to exercise additional contract options because the contractor's system would require extensive modifications to work at remote Alaska sites, and the Coast Guard had experience maintaining legacy systems fielded before Rescue 21. Performance: Rescue 21 has experienced significant cost growth and delays. Since its initial cost estimate under DHS in 2003, total program costs increased by 131 percent. Achievement of full operating capability has been delayed by 9 years since 2005. The program identified several factors contributing to cost growth, including: underestimation of costs for program management, deployment, operations, and maintenance; schedule delays; a 6-year extension of the system's planned useful life to 2027; and an unfunded mandate related to protocols and standards requirements. Changes in out-year funding projections required the program to modify its deployment tactic, resulting in schedule delays. According to program officials, Rescue 21's direction finding capability—which allows the Coast Guard to locate boaters in distress— is only possible in approximately one-third of the 65 tower sites in the Alaska region. However, we have previously reported that the direction-finding capability is more accurate and more reliable than the legacy system, so regions lacking direction finding capability will continue to be at risk of performing larger and potentially more costly searches. Challenges: The Coast Guard is facing unanticipated challenges at some fielded antenna tower sites. These challenges include availability of towers, tower leasability, environmental concerns, electronic interference with other communication systems, and telephone system outages. Program officials acknowledge that challenges related to selecting future antenna tower sites may put the program at risk of additional schedule delays. Each site has unique factors being addressed individually by the program. Program officials said they must continually stay abreast of external technology standards in order for the system to continue to operate properly. According to officials, the program monitors technology standards in order to mitigate any risk of the program not keeping up with standards changes and has attempted to build related costs into program cost estimates. The program reported that its operational requirements and acquisition planning documents have been approved by the Coast Guard, although they have not yet received DHS approval. Program Office Comments: The program office provided technical comments on a draft of this assessment, which were incorporated as appropriate. Program officials stated that Rescue 21's key program documents did not require DHS approval at the time they were created. Program officials also said that the Rescue 21 system is mature and operational, and that the program's remaining challenge is related to technical standards, rather than system technical problems. [End of section] U.S. Coast Guard: Response Boat-Medium: [Photograph: Source: U.S. Coast Guard] The Response Boat-Medium replaces aging 41-foot utility boats and other larger nonstandard boats to perform the Coast Guard's missions of Search and Rescue, law enforcement, drug and migrant interdiction, and homeland security. The boats will operate along the coasts of the United States and its territories, as well as in larger lakes and rivers. Current Status: The program has completed operational testing and evaluation of the boats and has achieved initial operating capability and entered full rate production. During full production, the program plans to order 30 boats per year contingent upon program funding. Timeline: Start of acquisition (6/06); Critical design review (7/07); Production review (7/07); First asset delivered (3/08); Initial operating capability (4/10); Full operating capability (9/15). Program Essentials: Component: United States Coast Guard Major contractor(s): Marinette Marine Corp. Fiscal year 2010 funding requested: $103 million; Program office workforce: 63 total government positions planned; 40 total government staff employed; 31 support contractors. Program Challenges: * Funding issues; * Understaffing; * Acquisition strategy risks. Performance (then-year dollars): Total acquisition cost: Initial estimate: $401 million[A]; Total acquisition cost: Latest estimate: $610 million[A]; Life-cycle cost estimate: Initial estimate: $1,210 million[A]; Life-cycle cost estimate: Latest estimate: $1,419 million[A]; Quantity: Initial estimate: 180; Quantity: Latest estimate: 180; Initial capability: Initial estimate: Sept. 2008; Initial capability: Latest estimate: Apr. 2010; Full capability: Initial estimate: Sept. 2013; Full capability: Latest estimate: Sept. 2015. [A] Note: Estimates based on 2005 baseline and 2009 U.S. Coast Guard Quarterly Report to Congress. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: Sept. 2006. Initial version of: Mission Need Statement; Department approval date: Not yet approved. Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: Not yet approved. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. Response Boat-Medium: Background: The Response Boat-Medium program, authorized in 2002, plans to procure 180 medium-size boats intended to replace the aging 41-foot Utility boat, as well as other nonstandard large boats in the Coast Guard fleet. While the 41-foot Utility boat was designed to primarily engage in Search and Rescue missions, the Response Boat-Medium will have greater speed and range than its predecessor to fulfill expanding operations in Ports, Waterways and Coastal Security consistent with homeland security needs. The Coast Guard has awarded a contract to Marinette Marine Corporation to produce the boats at facilities in Kent, Washington, and Green Bay, Wisconsin. The program had ordered 66 boats as of September 2009, and the program reports receiving delivery of 16 boats. The program expects to reach full operating capability by the end of fiscal year 2015. Performance: According to Coast Guard officials, the new boats have successfully met all technical requirements such as speed and range. While there have been some modifications to boats, the program considers them minor, and reports that costs of modifications have been within the change order budget. For example, the program found performance issues in air conditioning systems and seat design. The program's projected acquisition costs grew $209 million (52 percent) from the initial estimate. Program officials attribute the increase to contract costs, among others. The program awarded the prime contract after the initial estimate, and the award price was higher than originally projected. Logistics planning expenses also increased over original estimates. Program officials reported that they had planned to revise the life-cycle cost estimate before making a full production decision in December 2009, and they expect further cost growth related to maintenance and personnel expenses not included in the current estimate. Currently 2 years behind schedule, the program has also experienced significant schedule delays. Program officials attribute the schedule delays to bid protests that delayed the contract award. Challenges: With over one-third of boats ordered as of September 2009, the program has made a substantial investment before the completion of operational testing. The program reports that initial testing results have been positive with no major design issues identified. Program officials reported a shortage of government staff to support full-rate production. For example, the Green Bay production facility has been understaffed, and the program has used contractors to meet needs where possible. The contract includes terms to increase unit price if the program does not order a minimum number of boats in a given year, according to officials. Program officials indicated they have not incurred any price increases for late orders, but there is a risk that future-year budgets will not be sufficient to maintain the order schedule. The program schedule could also slip if the program does not order a minimum number of boats. Program Office Comments and Our Response: Program officials stated that Response Boat-Medium completed operational testing and evaluation in December 2009, and has entered full-rate production. They stated that required personnel for full- rate production have been approved and the Green Bay production facility is now appropriately staffed. However, program office data show that the program remains understaffed. Program officials stated that key program documents did not require departmental approval at the time they were approved. The program provided us with a revised cost estimate, approved by the Coast Guard in January 2010 that shows life-cycle costs increased to over $2 billion. The cost increase is primarily due to operating crew personnel costs previously not included in life-cycle estimates, as well as increased fuel costs. [End of section] U.S. Coast Guard: Sentinel Class Patrol Boat: [Photograph: Source: Bollinger Shipyards, Inc.] The Sentinel class patrol boat, previously known as the Fast Response Cutter, is conceived as a patrol boat with high readiness, speed, adaptability, and endurance to perform a wide range of missions. After terminating previous design efforts under a systems integrator, the Coast Guard pursued acquisition of a modified, commercially available patrol boat. The Sentinel class will replace the legacy 110 foot patrol boats. Current Status: In December 2009 the Coast Guard awarded a contract for three low-rate production boats, bringing the total number of boats under contract to four. Delivery is scheduled to begin in December 2011 with 58 boats planned at a total acquisition cost of $3.9 billion. Timeline: Start of acquisition (9/08); Preliminary design review (4/09); Critical design review (11/09); Low-rate production decision (12/09); Initial operating capability (12/12); Full operating capability (9/22). Program Challenges: * Cost increases; * Schedule delays; * Test and integration risks; * Lack of approved requirements. Program Essentials: Component: United States Coast Guard; Major contractor(s): Bollinger Shipyards; Fiscal year 2010 funding requested: $243 million; Program office workforce: 14 total government positions planned; 13 total government staff employed; 11 support contractors. Performance (then-year dollars): Total acquisition cost: Initial estimate: $3,206 million[A]; Total acquisition cost: Latest estimate: $3,928 million[A]; Life-cycle cost estimate: Initial estimate: $22,256 million[A]; Life-cycle cost estimate: Latest estimate: $14,475 million[A]; Quantity: Initial estimate: 58; Quantity: Latest estimate: 58; Initial capability: Initial estimate: Sept. 2011; Initial capability: Latest estimate: Dec. 2012; Full capability: Initial estimate: Sept. 2016; Full capability: Latest estimate: Sept. 2022. [A] Note: Estimates based on 2007 baseline and 2009 U.S. Coast Guard Quarterly Acquisition Report to Congress. Key Program Documents: Initial version of: Acquisition Program Baseline; Department approval date: May 2007. Initial version of: Mission Need Statement; Department approval date: Apr. 2005. Initial version of: Operational Requirements Document; Department approval date: Not yet approved. Initial version of: Acquisition Plan; Department approval date: Oct. 2009. Initial version of: Integrated Logistics Support Plan; Department approval date: Not yet approved. Sentinel Class Patrol Boat: Background: In February 2008, the Coast Guard terminated the original patrol boat designs proposed by Integrated Coast Guard Systems, the primary contractor for Deepwater, after approximately $39 million had been allocated. Since the need for a new patrol boat was pressing, the Coast Guard pursued acquisition of a modified commercially available patrol boat with similar performance capabilities to the original design—now known as the Sentinel class patrol boat. In December 2009, after Department of Homeland Security (DHS) authorization, the Coast Guard awarded a contract to Bollinger Shipyards for low-rate initial production of three boats, bringing the total number of boats on contract to four. Performance: The project is currently estimated at approximately $722 million over its original $3.2 billion baseline for acquisition cost, though the number of planned boats has not changed. According to program officials, the estimated life-cycle cost has decreased by over $7.8 billion due to an adjustment of the expected service life and use of actual costs for support. Previous estimates for service life of the two proposed Integrated Coast Guard Systems designs were 35 years and 15 years. The Sentinel class is expected to have a service life of 20 years, which reduces the years in service overall and, therefore, the costs expected over the life cycle. Due to program restructuring and contract delays, the project has experienced delays in the achievement of both initial and full operating capability. Challenges: Because of the pressing need for the Sentinel class patrol boats, the Coast Guard awarded a design and construction contract for the first patrol boat before completing all the acquisition reviews and documentation required. According to Coast Guard officials, DHS reviewed the operational requirements document for Sentinel in December 2009, prior to authorization and award of the low-rate initial production contract, but further revisions are necessary before approving the document. The Coast Guard acknowledges that due to its accelerated schedule the Sentinel class program faces testing, integration, and software challenges. Currently the Coast Guard plans to place on contract up to 15 boats before completing operational testing and evaluation. This could lead to expensive changes to the design once production has begun if significant weaknesses are found in testing, a challenge the Coast Guard acknowledges and expects to mitigate through the design and review processes. Though the Coast Guard uses an existing design for the Sentinel class, there may be challenges with integrating the required sensors and antennae in a way that minimizes interference. The Navy's Naval Surface Warfare Center in Dahlgren, Virginia, will assess the placement of the sensors and antennae and provide recommendations to the Coast Guard to mitigate this problem. The Coast Guard's plan to use existing government command and control software to utilize many of these sensors may result in software and hardware integration challenges. To address this challenge, the Coast Guard plans to test the software on two operational mock-ups prior to installation. Program Office Comments: The operational requirements document for the Sentinel class patrol boat received approval from the Coast Guard in September 2009 and DHS in March 2010. Other technical comments were incorporated as appropriate. [End of section] Agency Comments and Our Evaluation: We provided a draft of this report to DHS for review and comment. DHS generally concurred with our findings, citing the review of actions taken and efforts under way to improve the acquisition review process, particularly the development and implementation of the department's acquisition management directive. The department's comments are reprinted in appendix II. DHS also provided technical comments which we incorporated as appropriate and where supporting documentation was provided. DHS provided specific comments on four areas of our findings, as follows. With regard to our review of DHS's acquisition oversight, DHS noted that we reported that more than 40 major programs have not yet been reviewed by the ARB, and stated that the department complemented the ARB process with a portfolio review process used for 61 of 67 major acquisition programs in fiscal year 2009, which were used to prioritize programs for ARB reviews. We acknowledge in our report that in order to provide some level of departmental oversight for major programs not yet reviewed by the ARB, DHS acquisition oversight staff worked with selected components to conduct these portfolio reviews. However, it is important to observe that these portfolio reviews do not take the place of formal ARB reviews, do not include the senior officials who comprise the ARB, and are not part of the acquisition review process as described in DHS's acquisition management directive. In response to a point in the report indicating that DHS may waive some oversight requirements on a case-by-case basis, without clear criteria, for programs that have passed certain phases, DHS stated that flexibility was built into the acquisition review process to allow programs to tailor some documentation requirements. DHS further commented that this "tailoring criterion provides clear (albeit not explicit) guidance" to program managers and the Acquisition Program Management Division. However, DHS did not provide any examples of how these requirements are tailored or how these waivers are applied and documented, and we have no evidence that this is clearly understood by program managers. With regard to our statement that acquisition management processes do not inform budget decisions as required by DHS policy, the department stated that they designed acquisition policy to "interlink" with both the budgeting and strategic requirements key decision processes. Specifically, the Acquisition Program Management Division participates in the budget formulation process. We agree that this is positive collaboration. However, we reported in 2008 that DHS's previous investment review process also highlighted links to the budget, yet the results of oversight reviews did not consistently inform budget decisions. While DHS's interim acquisition management directive more clearly creates a link between the budget and requirements processes, DHS has not provided evidence that budget decisions are informed by the acquisition review process. Further, DHS has not yet reestablished the Joint Requirements Council, which the department's revised acquisition management directive states should inform the department's budget decisions in order to deliver needed capabilities to end users. With regard to our analysis of program cost, DHS stated that we chose to use OMB's Exhibit 300 data for the programs we reviewed in lieu of life-cycle cost estimates. DHS further stated that the Exhibit 300 data are based on the approved budget for a particular program, and most of these data for existing DHS programs are not based on validated cost estimates. Therefore, DHS believes that there is a likelihood of significant error in cost growth comparisons and analyses using these data. We explain in our analysis in the report that we used the official Exhibit 300 data DHS reports to OMB because DHS expressed concerns about the cost data programs reported to us in our data collection instrument, and DHS was unable to provide us with one consistent source for acquisition and life-cycle cost estimates. The Exhibit 300 data, as part of the executive branch capital planning process, are designed to meet the requirement for reports to the Congress to ensure reliable business cases for investments[Footnote 47] and the data reported are intended to represent valid acquisition and life-cycle cost estimates. Our analysis of cost growth provides insights into how planned investment amounts for some acquisitions have significantly increased over time, which can result in insufficient funding to fulfill future mission requirements. While DHS has made recent progress in clarifying acquisition oversight processes, much remains to be done to ensure proper implementation and departmentwide coordination. Managing hundreds of billions of dollars of investments to maximize resources and effectively meet critical homeland security missions will require DHS to ensure consistent oversight, evaluation of affordability and trade-offs, and accurate cost estimates for making investment decisions. We are sending copies of this report to interested congressional committees, the Secretary of Homeland Security, and the Director of the Office of Management and Budget. In addition, the report will be available at no charge on GAO's Web site at [hyperlink, http://www.gao.gov] . If you or your staff have questions about this report, please contact me at (202) 512-4841 or huttonj@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Principal contributors to this report were Amelia Shachoy, Assistant Director; Sean Seales; Celina Davidson; Daniel Novillo; LeAnna Parkey; Nathan Tranquilli; J. Kristopher Keener; Kenneth Patton; Sylvia Schatz; Morgan Delaney Ramaker; and Robert Swierczek. Signed by: John P. Hutton, Director: Acquisition and Sourcing Management: List of Addressees: The Honorable Joseph I. Lieberman: Chairman: The Honorable Susan M. Collins: Ranking Member: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Frank R. Lautenberg: Interim Chairman: Subcommittee on Homeland Security: Committee on Appropriations: United States Senate: The Honorable Claire C. McCaskill: Chairman: Ad Hoc Subcommittee on Contracting Oversight: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Bennie G. Thompson: Chairman: Committee on Homeland Security: House of Representatives: The Honorable Edolphus Towns: Chairman: The Honorable Darrell E. Issa: Ranking Member: Committee on Oversight and Government Reform: House of Representatives: The Honorable David E. Price: Chairman: The Honorable Harold Rogers: Ranking Member: Subcommittee on Homeland Security: Committee on Appropriations: House of Representatives: The Honorable Gus M. Bilirakis: Ranking Member: Subcommittee on Management, Investigations, and Oversight: Committee on Homeland Security: House of Representatives: [End of section] Appendix I: Objectives, Scope and Methodology: Our objectives were to (1) provide an update on DHS's efforts to implement acquisition oversight for all acquisitions; (2) describe acquisition performance and common challenges across selected programs; and (3) provide individual profiles for each of the selected programs. To provide an update on acquisition oversight, we reviewed the department's interim acquisition management directive that was in effect during the period of our review--Acquisition Management Directive 102-01--and related guidance, and we identified whether fiscal year 2009 oversight activities for all 67 major acquisition programs were completed in accordance with the directive. To do this, we collected and analyzed Acquisition Review Board (ARB) decision memorandums, summary tracking documents, and program documents for key decision events for major acquisitions. We identified ARB decision memorandum action items, and characterized and identified the status of those items. We also reviewed recommendations from our prior work and the status of their implementation. To obtain a better understanding of departmental oversight initiatives, we interviewed officials responsible for acquisition oversight, including representatives of the Chief Procurement Officer's Acquisition Program Management and Cost Analysis Division, the Office of Policy's Screening Coordination Office, and the Science and Technology Directorate's Test & Evaluation and Standards Division. To learn more about component-level oversight, we reviewed which components had nominated and received departmental approval of Component Acquisition Executives (CAE), and we interviewed acquisition officials at the six components in our review--Customs and Border Protection, Federal Emergency Management Agency, National Protection and Programs Directorate, Office of Health Affairs, Transportation Security Administration, and the United States Coast Guard--about their acquisition policies and practices, staffing, departmental coordination, and relevant challenges. We did not, however, specifically assess the extent to which the department's acquisition guidance is consistent with best practices. To describe acquisition performance and common challenges and to profile selected programs, we took several steps. We selected 18 programs across six components--16 major acquisition programs, as well as 2 smaller programs critical to DHS's mission--based on several factors, including total projected funding for fiscal years 2007 through 2012, current stage in the DHS acquisition life cycle, and relevance to front-line homeland security missions. The 18 programs selected represent about $100 billion in life-cycle costs and about $38 billion in acquisition costs. The analysis of acquisition performance and common challenges across the selected programs focused on 15 programs. We did not include in this analysis two nonmajor programs, which are not subject to the same requirements as major programs--Biosurveillance Common Operating Network and the Integrated Public Alert and Warning System--and one major program that had not started acquisition activities at the time of our review, BioWatch Generation-3. The profiles of the selected programs include all 18 programs selected for our review. To evaluate the program data, we drew on criteria from our prior work on acquisition management, including the methodologies we used for assessments of Department of Defense (DOD) and the National Aeronautics and Space Administration (NASA) programs;[Footnote 48] acquisition guidance from DHS and other federal agencies; and OMB's guidance on capital planning.[Footnote 49] We also reviewed relevant GAO and DHS Inspector General reports on the selected acquisitions. Data Collection and Limitations: To collect program data, we developed a standardized data collection instrument (DCI) for key data on performance and challenges for the selected programs, and we met with the program offices to clarify data requested in advance of completion. The DCI was organized by categories including program contracts; issues; cost; schedule; requirements; staffing; technology; design; and software. To confirm the DCI data, we reviewed available official documents from each program, including: the Acquisition Program Baseline; Acquisition Plan; Acquisition Decision Memorandums; Program Management Review and other relevant briefings; cost performance or Earned Value Management reports; and Integrated Master Schedule. To learn more about program data and issues, we interviewed program officials for each of the 18 programs we reviewed. Because DHS acquisition oversight officials expressed concerns about the reliability of the cost data reported by program offices in the DCI, we also researched DHS Exhibit 300 cost data reported to OMB as part of the executive branch capital planning process.[Footnote 50] For four Coast Guard programs,[Footnote 51] we also reviewed the Coast Guard's Quarterly Acquisition Reports to Congress and Acquisition Program Baselines to obtain the best available data. We based our analysis on these sources as they represented more complete and official data used for making important planning and budgeting decisions. In addition, not all programs reported data for all of the categories in the DCI because some requested data did not apply to the program, or the program could not obtain the requested data. We excluded these programs from certain analyses. DCI information was self-reported by the program offices, and we did not independently verify the data provided, but we took appropriate steps to address data reliability including reviewing related documentation; interviewing knowledgeable agency officials; testing of data; and reviewing related internal controls. Those data that were found to be sufficiently reliable were used to report on the condition of selected DHS acquisition programs. Findings from program data analysis cannot be generalized to the total DHS portfolio of acquisition programs. All data was current as of 2009, with the exception of latest estimates of program costs obtained from OMB Exhibits 300, which were current as of January or February 2010. Cost and Schedule Analysis: To assess cost and schedule performance across the selected DHS major programs, we aggregated official program data and compared initial cost and schedule estimates to latest available estimates. We used initial cost and schedule estimates since 2003, after the creation of DHS, although some of the 18 programs were initiated by other federal agencies prior to 2003. All cost data are presented in nominal "then year" dollars consistent with cost data available from OMB Exhibit 300s, the Coast Guard's Quarterly Acquisition Reports to congressional appropriations committees, and official Acquisition Program Baselines. [Footnote 52] BioWatch Generation-3, which had not started acquisition activities at the time of our review, and two nonmajor programs in our review--Biosurveillance Common Operating Network and Integrated Public Alert and Warning System--were excluded from the overall analysis. To assess schedule performance, we calculated the average delay from initial to latest estimates for Initial Operating Capability (IOC) and Full Operating Capability (FOC) for all selected programs having available data. Initial capabilities are delivered when initial end- users have received the new system and can use it operationally, and delivery of full capabilities occurs when all end-users have received the system. Some programs reported multiple IOC or FOC dates. In these cases we used the first and last planned delivery of capabilities to operational users as the basis for the program-level IOC and FOC date. In some cases, programs reported schedule milestones using a period of time, such as a month or year, and in these cases we used the last date of the given period as the basis for the estimated date. Two programs, Automated Commercial Environment and US-VISIT Unique Identity, were unable to provide complete schedule data due to unavailable information and, therefore, we excluded these programs from all or part of the schedule analysis. Common Program Challenges Analysis: As federal acquisition policy and guidance emphasize the importance of sound acquisition planning, we focused in particular on acquisition planning issues. To assess common challenges for the selected programs, we analyzed information programs reported on requirements, key acquisition documents, program office staffing, and sustainment planning across the programs. We also analyzed relevant program documentation and assessed information from interviews with program officials. Three programs were excluded from the assessment of overall performance: the two nonmajor programs, the Biosurveillance Common Operating Network and Integrated Public Alert and Warning System, and the BioWatch Generation-3 program, which was pre-acquisition at the time we collected the data. Challenges we identified do not represent an exhaustive list; however, past work identifies these challenges as detrimental to program performance. To assess baseline requirements stability, we analyzed delays in setting baseline requirements as well as changes to existing requirements. According to DHS guidance, the baseline requirements must include a threshold value that is the minimum acceptable value which, in the user's judgment, is necessary to satisfy the need. If threshold values are not achieved, program performance may be seriously degraded, the program may be too costly, or the program may no longer be timely. Baseline requirements, also referred to as Key Performance Parameters, were categorized as cost, performance or schedule requirements. We compared requirements from initial baselines from 2003 or later, to most recent Acquisition Program Baseline (APB) requirements. We also examined the approval of key acquisition documents, including the Mission Need Statement, Operational Requirements Document, and Acquisition Program Baseline, prior to initiation of acquisition activities. We evaluated whether key acquisition documents were approved at either the component or department level prior to awarding contracts to initiate acquisition activities. To assess staffing levels, we evaluated planned and filled positions for government staff and contractor support. We analyzed government vacancy levels by primary function and calculated the ratios of government staff and contractor support to total reported positions. We obtained data on acquisition program managers, including certification level, length of time as program manager, and permanent assignment to the program. To assess sustainment planning, we reviewed approval dates for the Integrated Logistics Support Plan, and whether the plan was approved beyond the program, at either the component or department level, as required by DHS guidance. To identify common program execution challenges, we analyzed challenges reported in data collection instruments, program documents, and interviews. We developed the following broad categories for execution challenges: technical capability, partner dependence, and funding issues. The execution challenges we identified are not exhaustive; however, they provide a sense of the issues programs reported. Individual Program Assessments: To assess each of the 18 selected acquisition programs, we summarized individual program data in a two-page report format. We prepared the individual program assessments based on DCI data and supporting documentation, interviews with program officials, and our prior work. Each individual program assessment outlines essential program information including a description of program objectives and purpose; current status, cost, and schedule performance; major contractors; 2010 budget request; staffing profile; a summary of program challenges; and status of department-or component-level approval of key acquisition documents. In addition, we provide a summary of program background, performance, and challenges. To present cost and schedule performance data, we compared initial cost and schedule estimates to latest available estimates. We used initial cost and schedule estimates since 2003, after the start of DHS, although some of the 18 programs were initiated prior to this time. All cost data are presented in then-year dollars, consistent with official program budget documents, with the exception of the Integrated Public Alert and Warning System program cost data which were available in constant dollars only. To assess schedule performance, we compared initial and latest estimates for IOC and FOC. Other schedule milestones were also reported on the program timeline including Preliminary Design Review; Critical Design Review; Production Readiness Review; and First Asset Delivery. In some cases, a milestone significant to the program was also included in the timeline. To assess the challenges for each program, we reviewed the data reported by category in the DCI and official program documents, and we interviewed the program office representatives about the information reported. For individual programs we collected program data on potential challenges, including requirements stability; staffing; sustainment planning; contracting activity; technology maturity; design maturity; and software development. Our analysis of requirements stability, staffing and sustainment planning is consistent with methods discussed above. For programs reporting on technology maturity and design data, we requested data based on best practice indicators[Footnote 53] for technology maturity and design stability drawn from our body of work established in DOD and NASA assessments of selected systems. However, the selected DHS programs reported limited data on technology maturity and design data as they do not consistently use technology readiness- level data for critical technologies, and programs used varying metrics to measure design stability. Furthermore, many of the programs make extensive use of commercial-off-the-shelf products not developed by the program. We conducted our work from March 2009 to June 2010 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. [End of section] Appendix II: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20528: June 22, 2010: Mr. John P. Hutton: Director, Acquisition and Sourcing Management: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Mr. Hutton: The Department of Homeland Security (DHS) appreciates the opportunity to comment on the draft Government Accountability Office (GAO) report, GAO-10-588SP, entitled "Assessments of Selected Complex Acquisitions." The Department is encouraged that the draft report cites the progress that we have made over the past several years to improve acquisition processes. We have instituted several major changes that are beginning to show results. The development and implementation of Directive 102- 01 (Acquisition Management) has provided improved discipline and structure to the Department's acquisition and governance processes. The improved Acquisition Review Board (ARB) process has been used over sixty times since March 2008. The ARB provides a focused, issue- oriented governance process ensuring that major programs are accurately evaluated, and that decisions and actions are properly documented and tracked to completion. The establishment of the Acquisition Program Management Division and the Cost Analysis Division in the Office of the Chief Procurement Officer has provided a knowledgeable cadre of acquisition-experienced individuals that support the governance process, and provide assistance to acquisition programs on a day-to-day basis. Between these accomplishments, and other initiatives currently underway, we expect to see additional improvements in the near future. DHS does wish to point out several areas where the Department evaluation differs from that of GAO in this report: * GAO identified that more than forty major programs have not yet been reviewed by the ARB. - DHS complements the ARB process with a portfolio review process executed by the Acquisition Program Management Division in conjunction with the Component Acquisition Executive (CAE) or the Component's senior acquisition staff. This review process, in its second year of operation, executes a focused, collaborative review of each Component's major program portfolio with APMD, and helps identify program issues, including programs which need to proceed to an ARB on an accelerated basis. In FY 2009, the portfolio process reviewed 61 of the 67 DHS major acquisition programs. * GAO evaluated the DHS acquisition management processes as not sufficiently informing budget processes as required by DHS policy. - DHS designed the revised acquisition policy to "interlink" with both the budgeting and the strategic requirements key decision processes. Key leaders in both these decision processes sit the Acquisition Review Team and the Acquisition Review Board, ensuring that these processes' perspectives are incorporated in the decisions made by the ARB. In turn, APMD participates reciprocally with both processes. Specifically, APMD is a standing team member with the Program Analysis and Evaluation (PA&E) division in the review of submitted Resource Allocation Proposals, and in the execution of the annual Program Review Board process (a key component of DHS' annual budget formulation process). * GAO elected to use the OMB 300 budget submissions for the current state of program costs, for the assessed major programs in this report, in lieu of life cycle cost estimates (LCCEs). This was done due to the early stage of LCCE implementation in DHS. - DHS notes that OMB 300 data is based on the approved budget for the particular program. Since LCCE information for DHS programs is in its infancy, most OMB 300 data for existing programs is not based on validated program LCCEs. Since the OMB 300 data in many cases is not derived from validated cost estimates, DHS believes that there is the likelihood of significant error in cost growth comparisons and analyses using this data. * GAO identified that DHS may "waive some oversight requirements on a case-by-case basis, without clear criteria, for programs that passed certain phases--such as departmental approval of a Mission Need Statement for a program that has already deployed capability." - DHS, in implementing the Directive 102-01 acquisition policy and process in November 2008, was faced with the task of transitioning 67 operating major acquisition programs to this new directive. Flexibility was built into the new process to allow programs that were well into the "obtain" or "produce /deploy/support" phases of the D- 102-01 Acquisition Life Cycle to tailor some D-102-01 requirements (for instance, not to generate documentation from earlier phases of the life cycle). That tailoring criterion provides clear (albeit not explicit) guidance to the program manager and APMD as each program is assessed upon its entry into the new policy. Technical comments are provided as an enclosure to this letter. DHS wishes to thank you and the GAO audit team for the professionalism and excellent dialog which characterized the execution of this audit. This was particularly important given the challenges in implementing this particular complex audit process (which will be re-executed on an annual basis) in a way that addresses the specifics of this Department's processes. DHS looks forward to continuing our partnership, with the common goal of improving the Department's execution of its acquisition responsibilities. Sincerely, Signed by: Jerald E. Levine: Director: Departmental GAO/OIG Liaison Office: Enclosure: [End of section] Appendix III: The Acquisition Life Cycle, Systems Engineering Life Cycle and Key Acquisition Documents at DHS: [Figure: Refer to PDF for image: Life cycle map] Acquisition decision Event: ADE 1; Acquisition Life Cycle Phase: Need; Documents Requiring Department Approval: MNS; CDP; AP. Acquisition decision Event: ADE 2A; Acquisition Life Cycle Phase: Analyze/Select; Systems Engineering Life Cycle Phase: Solution Engineering; Documents Requiring Department Approval: APB; ILSP; AP; ORD. Acquisition decision Event: ADE 2B; Acquisition Life Cycle Phase: Obtain; Systems Engineering Life Cycle Phase: Planning; Documents Requiring Department Approval: APB; ILSP; TEMP; SELC/SE TP; Systems Engineering Life Cycle Phases: Requirements Definition; Design; Development; Integration and Testing; Implementation; Acquisition Decision Event: ADE 3; Acquisition Life Cycle Phase: Produce/Deploy/Support; Systems Engineering Life Cycle Phase: Operations and Maintenance; Disposition; Documents Requiring Department Approval: APB; ILSP. MNS: Mission Need Statement; CDP: Capability Development Plan; AP: Acquisition Plan; APB: Acquisition Program Baseline; ILSP: Integrated Logistics Support Plan; ORD: Operational Requirements Document; TEMP: Test and Evaluation Master Plan; SELC/SE TP: Systems Engineering Life Cycle Tailoring Plan. Source: DHS Acquisition Instruction/Guidebook 102-01-001, interim, version 1.9, Nov. 7, 2008. [End of figure] Table: Key Acquisition Documents Requiring Department-level Approval: Document Name: Mission Need Statement; Description: Provides a high-level description of the mission need, whether from a current or impending gap, based on business-case planning. The Mission Need Statement, prepared by the Component, outlines only the concept of the solution to fill the gap and does not provide information on specific acquisitions/types of acquisition that could provide that capability. Document Name: Capability Development Plan; Description: Serves as the agreement between the Component Head, the Program/Project Manager, and the Acquisition Decision Authority on the activities, cost, schedule, and performance boundaries of the work to be performed in the Analyze/Select phase. Document Name: Acquisition Plan; Description: A living document that spans the life of the acquisition. It provides a top-level strategy for future sustainment and support and a recommendation for the overall acquisition approach and types of acquisition. Document Name: Acquisition Program Baseline; Description: A summary of the critical cost, schedule, and performance parameters, expressed in measurable, quantitative terms, which must be met in order to accomplish the goals of the investment. Document Name: Integrated Logistics Support Plan; Description: The formal acquisition management document that describes the management approach for obtaining a highly supportable capability with an affordable and effective support structure. Document Name: Operational Requirements Document; Description: The Operational Requirements Document captures the business or operational user Key Performance Parameters. They are overarching documents that describe the mission, objectives, and capabilities in operationally relevant terms. Document Name: Test and Evaluation Master Plan; Description: The basic "top-level" planning document for Test and Evaluation related activities for major acquisition programs. Describes the necessary Developmental Test and Evaluation and Operational Test and Evaluation that needs to be conducted to determine system technical performance, operational effectiveness/suitability, and limitations. Document Name: Systems Engineering Life Cycle Tailoring Plan; Description: This plan tailors the phases, products and reviews in the system engineering life cycle to meet the specific needs of each program and project. Source: DHS Acquisition Instruction/Guidebook 102-01-001 Version 1.9 and Appendices D and L. [End of table] [End of section] Related GAO Products: GAO Review of the Department of Homeland Security's Certification of the Secure Flight Program--Cost and Schedule Estimates. [hyperlink, http://www.gao.gov/products/GAO-10-535R]. Washington, D.C.: April 5, 2010. Defense Acquisitions: Assessments of Selected Weapon Programs. [hyperlink, http://www.gao.gov/products/GAO-10-388SP]. Washington, D.C.: March 30, 2010. NASA: Assessments of Selected Large-Scale Projects. [hyperlink, http://www.gao.gov/products/GAO-10-227SP]. Washington, D.C.: February 1, 2010. Secure Border Initiative: DHS Needs to Address Testing and Performance Limitations That Place Key Technology Program at Risk. [hyperlink, http://www.gao.gov/products/GAO-10-158]. Washington, D.C.: January 29, 2010. Defense Acquisitions: Managing Risk to Achieve Better Outcomes. [hyperlink, http://www.gao.gov/products/GAO-10-374T]. Washington, D.C.: January 20, 2010. Biosurveillance: Developing a Collaboration Strategy Is Essential to Fostering Interagency Data and Resource Sharing. [hyperlink, http://www.gao.gov/products/GAO-10-171]. Washington, D.C.: December 18, 2009. Homeland Security: Key US-VISIT Components at Varying Stages of Completion, but Integrated and Reliable Schedule Needed. [hyperlink, http://www.gao.gov/products/GAO-10-13]. Washington, D.C.: November 19, 2009. Information Technology: Agencies Need to Improve the Implementation and Use of Earned Value Techniques to Help Manage Major System Acquisitions. [hyperlink, http://www.gao.gov/products/GAO-10-2]. Washington, D.C.: October 8, 2009. Aviation Security: DHS and TSA Have Researched, Developed, and Begun Deploying Passenger Checkpoint Screening Technologies, but Continue to Face Challenges. [hyperlink, http://www.gao.gov/products/GAO-10-128]. Washington, D.C.: October 7, 2009. Secure Border Initiative: Technology Deployment Delays Persist and the Impact of Border Fencing Has Not Been Assessed. [hyperlink, http://www.gao.gov/products/GAO-09-1013T]. Washington, D.C.: September 17, 2009. Homeland Security: Despite Progress, DHS Continues to Be Challenged in Managing Its Multi-Billion Dollar Annual Investment in Large-Scale Information Technology Systems. [hyperlink, http://www.gao.gov/products/GAO-09-1002T]. Washington, D.C.: September 15, 2009. Secure Border Initiative: Technology Deployment Delays Persist and the Impact of Border Fencing Has Not Been Assessed. [hyperlink, http://www.gao.gov/products/GAO-09-896]. Washington, D.C.: September 9, 2009. Emergency Preparedness: Improved Planning and Coordination Necessary for Modernization and Integration of Public Alert and Warning System. [hyperlink, http://www.gao.gov/products/GAO-09-834]. Washington, D.C.: September 9, 2009. Coast Guard: Better Logistics Planning Needed to Aid Operational Decisions Related to the Deployment of the National Security Cutter and Its Support Assets. [hyperlink, http://www.gao.gov/products/GAO-09-497]. Washington, D.C.: July 17, 2009. Coast Guard: As Deepwater Systems Integrator, Coast Guard Is Reassessing Costs and Capabilities but Lags in Applying Its Disciplined Acquisition Approach. [hyperlink, http://www.gao.gov/products/GAO-09-682]. Washington, D.C.: July 14, 2009. Aviation Security: TSA Has Completed Key Activities Associated with Implementing Secure Flight, but Additional Actions Are Needed to Mitigate Risks. [hyperlink, http://www.gao.gov/products/GAO-09-292]. Washington, D.C.: May 13, 2009. Defense Acquisitions: Measuring the Value of DOD's Weapon Programs Requires Starting with Realistic Baselines. [hyperlink, http://www.gao.gov/products/GAO-09-543T]. Washington, D.C.: April 1, 2009. Defense Acquisitions: Assessments of Selected Weapon Programs. [hyperlink, http://www.gao.gov/products/GAO-09-326SP]. Washington, D.C.: March 30, 2009. Defense Acquisitions: DOD Must Prioritize Its Weapon System Acquisitions and Balance Them with Available Resources. [hyperlink, http://www.gao.gov/products/GAO-09-501T]. Washington, D.C.: March 18, 2009. GAO Cost Estimating and Assessment Guide: Best Practices for Developing and Managing Capital Program Costs. [hyperlink, http://www.gao.gov/products/GAO-09-3SP]. Washington, D.C.: March 2, 2009. High-Risk Series: An Update. [hyperlink, http://www.gao.gov/products/GAO-09-271SP]. Washington, D.C.: January 22, 2009. Department of Homeland Security: A Strategic Approach Is Needed to Better Ensure the Acquisition Workforce Can Meet Mission Needs. [hyperlink, http://www.gao.gov/products/GAO-09-30]. Washington, D.C.: November 19, 2008. Department of Homeland Security: Billions Invested in Major Programs Lack Appropriate Oversight. [hyperlink, http://www.gao.gov/products/GAO-09-29]. Washington, D.C.: November 18, 2008. Secure Border Initiative: DHS Needs to Address Significant Risks in Delivering Key Technology Investment. [hyperlink, http://www.gao.gov/products/GAO-08-1086]. Washington, D.C.: September 22, 2008. Critical Infrastructure Protection: DHS Needs to Better Address Its Cybersecurity Responsibilities. [hyperlink, http://www.gao.gov/products/GAO-08-1157T]. Washington, D.C.: September 16, 2008. Secure Border Initiative Fiscal Year 2008 Expenditure Plan Shows Improvement, but Deficiencies Limit Congressional Oversight and DHS Accountability. [hyperlink, http://www.gao.gov/products/GAO-08-739R]. Washington, D.C.: June 26, 2008. Coast Guard: Change in Course Improves Deepwater Management and Oversight, but Outcome Still Uncertain. [hyperlink, http://www.gao.gov/products/GAO-08-745]. Washington, D.C.: June 24, 2008. Border Security: Summary of Covert Tests and Security Assessments for the Senate Committee on Finance, 2003-2007. [hyperlink, http://www.gao.gov/products/GAO-08-757]. Washington, D.C.: May 16, 2008. Department of Homeland Security: Better Planning and Assessment Needed to Improve Outcomes for Complex Service Acquisitions. [hyperlink, http://www.gao.gov/products/GAO-08-263]. Washington, D.C.: April 22, 2008. Privacy: Government Use of Data from Information Resellers Could Include Better Protections. [hyperlink, http://www.gao.gov/products/GAO-08-543T]. Washington, D.C.: March 11, 2008. Homeland Security: Strategic Solution for US-VISIT Program Needs to Be Better Defined, Justified, and Coordinated. [hyperlink, http://www.gao.gov/products/GAO-08-361]. Washington, D.C.: February 29, 2008. Secure Border Initiative: Observations on the Importance of Applying Lessons Learned to Future Projects. [hyperlink, http://www.gao.gov/products/GAO-08-508T]. Washington, D.C.: February 27, 2008. Military Readiness: Navy Is Making Progress Implementing Its Fleet Response Plan, but Has Not Fully Developed Goals, Measures, and Resource Needs. [hyperlink, http://www.gao.gov/products/GAO-08-264]. Washington, D.C.: February 1, 2008. Terrorist Watch List Screening: Recommendations to Promote a Comprehensive and Coordinated Approach to Terrorist-Related Screening. [hyperlink, http://www.gao.gov/products/GAO-08-253T]. Washington, D.C.: November 8, 2007. Information Technology: Improvements for Acquisition of Customs Trade Processing System Continue, but Further Efforts Needed to Avoid More Cost and Schedule Shortfalls. [hyperlink, http://www.gao.gov/products/GAO-08-46]. Washington, D.C.: October 25, 2007. Department of Homeland Security: Improved Assessment and Oversight Needed to Manage Risk of Contracting for Selected Services. [hyperlink, http://www.gao.gov/products/GAO-07-990]. Washington, D.C.: September 17, 2007. United States Coast Guard: Improvements Needed in Management and Oversight of Rescue System Acquisition. [hyperlink, http://www.gao.gov/products/GAO-06-623]. Washington, D.C.: May 31, 2006. Defense Acquisitions: Actions Needed to Ensure Adequate Funding for Operation and Sustainment of the Ballistic Missile Defense System. [hyperlink, http://www.gao.gov/products/GAO-05-817]. Washington, D.C.: September 6, 2005. Homeland Security: Successes and Challenges in DHS's Efforts to Create an Effective Acquisition Organization. [hyperlink, http://www.gao.gov/products/GAO-05-179]. Washington, D.C.: March 29, 2005. Defense Acquisitions: Information for Congress on Performance of Major Programs Can Be More Complete, Timely, and Accessible. [hyperlink, http://www.gao.gov/products/GAO-05-182]. Washington, D.C.: March 28, 2005. [End of section] Footnotes: [1] GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-09-271SP] (Washington, D.C.: Jan. 22, 2009). [2] In 2009 constant dollars. [3] GAO, Defense Acquisitions: Assessments of Selected Weapon Program, [hyperlink, http://www.gao.gov/products/GAO-10-388SP] (Washington, D.C.: Mar. 30, 2010) and NASA: Assessments of Selected Large-Scale Projects, [hyperlink, http://www.gao.gov/products/GAO-10-227SP] (Washington, D.C.: Feb. 1, 2010). [4] GAO, Defense Acquisitions: Managing Risk to Achieve Better Outcomes, [hyperlink, http://www.gao.gov/products/GAO-10-374T] (Washington, D.C.: Jan. 20, 2010). [5] GAO, Department of Homeland Security: Billions Invested in Major Programs Lack Appropriate Oversight, [hyperlink, http://www.gao.gov/products/GAO-09-29] (Washington, D.C.: Nov. 18, 2008); Homeland Security: Challenges in Creating an Effective Acquisition Organization, [hyperlink, http://www.gao.gov/products/GAO-06-1012T] (Washington, D.C.: July 27, 2006); and Defense Acquisitions: Measuring the Value of DOD's Weapon Programs Requires Starting with Realistic Baselines, [hyperlink, http://www.gao.gov/products/GAO-09-543T] (Washington, D.C.: Apr. 1, 2009). [6] GAO, Department of Homeland Security: Billions Invested in Major Programs Lack Appropriate Oversight, [hyperlink, http://www.gao.gov/products/GAO-09-29] (Washington, D.C.: Nov. 18, 2008). [7] GAO, Homeland Security: Despite Progress, DHS Continues to Be Challenged in Managing Its Multi-Billion Dollar Annual Investment in Large-Scale Information Technology Systems, [hyperlink, http://www.gao.gov/products/GAO-09-1002T] (Washington, D.C.: Sept.15, 2009). [8] [hyperlink, http://www.gao.gov/products/GAO-09-29] and [hyperlink, http://www.gao.gov/products/GAO-09-1002T]. [9] [hyperlink, http://www.gao.gov/products/GAO-09-1002T]. [10] [hyperlink, http://www.gao.gov/products/GAO-09-1002T]. [11] In a September 2009 testimony we did, however, discuss how DHS acquisition and investment management processes had not adequately addressed how DHS determines and ensures that an investment is aligned with its Enterprise Architecture. See GAO-09-1002T. [12] The two nonmajor programs selected--the Biosurveillance Common Operating Network and the Integrated Public Alert and Warning System-- and one major program that had not started acquisition activities at the time of our review, BioWatch Generation-3, were excluded from the analysis of overall acquisition performance and program challenges. Nonmajor programs at DHS are not subject to the same acquisition planning requirements as major programs. Because BioWatch Generation-3 had not awarded contracts, it was considered pre-acquisition according to our methodology. [13] [hyperlink, http://www.gao.gov/products/GAO-09-543T]. [14] GAO, Department of Homeland Security: Billions Invested in Major Programs Lack Appropriate Oversight, [hyperlink, http://www.gao.gov/products/GAO-09-29] (Washington, D.C.: Nov.18, 2008). [15] The department operated under the March 2006 Management Directive No. 1400 on the Investment Review Process until November 2008 when DHS issued Acquisition Management Directive 102-01, interim version, which superseded Management Directive No. 1400. In January, 2010, DHS issued Directive Number 102-01, Revision Number 01, which DHS officials stated does not differ substantially from the interim acquisition management directive. [16] Acquisition costs include costs for all items and services for a designated investment. Life-cycle costs include all resources and associated cost elements required to develop, produce, deploy, and sustain a particular program from initial concept through operations, support, and disposal. [17] DHS Acquisition Management Directive 102-01, interim version, and DHS Acquisition Instruction/Guidebook 102-01-001, Interim Version 1.9 (Nov. 7, 2008). [18] Fiscal year 2008 and fiscal year 2009 reviews included 5 nonmajor programs, and 3 programs reviewed in fiscal year 2008 were again reviewed in fiscal year 2009. [19] Directive 102-01, Revision number 01 states that it applies to acquisitions in existence on the directive's issuance date to the maximum extent possible and to all future acquisitions; whereas, the interim Directive 102-01 stated that it applied to all acquisitions regardless of their life-cycle stage. [20] [hyperlink, http://www.gao.gov/products/GAO-09-29] and GAO, Homeland Security: Successes and Challenges in DHS's Efforts to Create an Effective Acquisition Organization, [hyperlink, http://www.gao.gov/products/GAO-05-179] (Washington, D.C.: Mar. 29, 2005). [21] GAO, Defense Acquisitions: Measuring the Value of DOD's Weapon Programs Requires Starting with Realistic Baselines, [hyperlink, http://www.gao.gov/products/GAO-09-543T] (Washington, D.C.: Apr. 1, 2009). [22] As of September 2009, 26 programs were assigned action items: 16 major acquisition programs reviewed by the ARB; 7 major acquisition programs not reviewed by the ARB but assigned action items as part of DHS oversight reviews; 3 nonmajor acquisition programs reviewed by the ARB. Additionally, 8 major acquisition programs reviewed by the ARB in fiscal years 2008 or 2009 had not yet been assigned action items. [23] The acquisition portfolio for the Federal Emergency Management Agency includes both programs and major services, as defined by DHS's acquisition management directive. The $5 billion assessed represents programs. Officials said they were still working to identify additional programs and the major services. [24] [hyperlink, http://www.gao.gov/products/GAO-09-543T]. [25] GAO, Defense Acquisitions: Managing Risk to Achieve Better Outcomes, [hyperlink, http://www.gao.gov/products/GAO-10-374T] (Washington, D.C.: Jan. 20, 2010). [26] [hyperlink, http://www.gao.gov/products/GAO-09-543T]. [27] The two nonmajor programs are Biosurveillance Common Operating Network and the Integrated Public Alert and Warning System. BioWatch Generation-3 had not started acquisition activities at the time of our review. [28] Automated Commercial Environment and US-VISIT programs could not provide both initial and latest schedule estimates for reaching full capability. [29] This appendix is based on GAO, Cost Assessment Guide: Best Practices for Estimating and Managing Program Costs, [hyperlink, http://www.gao.gov/products/GAO-07-1134SP] (Washington, D.C.: July 2007). [30] DHS officials report that three programs--Secure Flight, Sentinel Class Patrol Boat and Western Hemisphere Travel Initiative--have validated life-cycle cost estimates. [31] For four Coast Guard programs, we analyzed the Quarterly Acquisition Reports to Congress to the Senate and House appropriators. For the nine other programs, we analyzed data reported in the Exhibit 300 required by OMB Circular No. A-11, Part 7: Planning, Budgeting, Acquisition and Management of Capital Assets. [32] According to DHS guidance, the program manager sets the point at which initial operating capability is met during planning. The initial operating capability milestone is not a specific time reference, but reflects a point that indicates there is a major new capability with measurable program benefit available to the designated user. [33] [hyperlink, http://www.gao.gov/products/GAO-10-374T]. [34] [hyperlink, http://www.gao.gov/products/GAO-09-543T]. [35] GAO, Defense Acquisitions: DOD Must Prioritize Its Weapon System Acquisitions and Balance Them with Available Resources, [hyperlink, http://www.gao.gov/products/GAO-09-501T] (Washington, D.C.: Mar. 25, 2009). [36] DHS, Management Directive No. 1400, Investment Review Process (Washington, D.C.: 2006) and DHS Acquisition Instruction Guidebook 102- 01-001 Version 1.9 (Washington, D.C.: Nov. 7, 2008). [37] All programs did not report data for all categories of program office staffing requested in the data collection instrument. 15 programs reported total staffing data; 8 programs reported government staffing data by function; and 6 reported contractor staffing by function. Of the programs reporting government staffing by function, programs indicated high levels of vacancies for scientist, program management, financial management, and test and evaluation positions. All workforce data are as of 2009. [38] GAO, Department of Homeland Security: A Strategic Approach Is Needed to Better Ensure the Acquisition Workforce Can Meet Mission Needs, [hyperlink, http://www.gao.gov/products/GAO-09-30] (Washington, D.C.: Nov. 19, 2008). [39] GAO, Department of Homeland Security: Better Planning and Assessment Needed to Improve Outcomes for Complex Service Acquisitions, [hyperlink, http://www.gao.gov/products/GAO-08-263] (Washington, D.C.: Apr. 22, 2008). [40] GAO, Defense Acquisitions: Assessments of Selected Weapon Programs, [hyperlink, http://www.gao.gov/products/GAO-10-388SP] (Washington, D.C.: Mar. 30, 2010). [41] [hyperlink, http://www.gao.gov/products/GAO-10-374T]. [42] GAO, Department of Homeland Security: Improved Assessment and Oversight Needed to Manage Risk of Contracting for Selected Services, [hyperlink, http://www.gao.gov/products/GAO-07-990] (Washington, D.C.: Sept. 17, 2007). [43] [hyperlink, http://www.gao.gov/products/GAO-09-30]. [44] GAO, Defense Acquisitions: Assessments of Selected Weapon Programs, [hyperlink, http://www.gao.gov/products/GAO-08-467SP] (Washington, D.C.: Mar. 31, 2008). [45] GAO, GAO Cost Estimating and Assessment Guide: Best Practices for Developing and Managing Capital Program Costs, [hyperlink, http://www.gao.gov/products/GAO-09-3SP] (Washington, D.C.: Mar. 2, 2009). [46] See for example: GAO, Best Practices: High Levels of Knowledge at Key Points Differentiate Commercial Shipbuilding from Navy Shipbuilding, [hyperlink, http://www.gao.gov/products/GAO-09-322] (Washington, D.C.: May 13, 2009); Joint Strike Fighter: Significant Challenges and Decisions Ahead, [hyperlink, http://www.gao.gov/products/GAO-10-478T] (Washington, D.C.: Mar. 24, 2010); and Cost Increases in the Airborne Laser Program, GAO-04-643R (Washington, D.C.: May 17, 2004). [47] 41 U.S.C. § 263 [48] GAO, Defense Acquisitions: Assessments of Selected Weapon Programs, [hyperlink, http://www.gao.gov/products/GAO-09-326SP] (Washington, D.C.: Mar. 30, 2009); NASA: Assessments of Selected Large- Scale Projects, [hyperlink, http://www.gao.gov/products/GAO-10-227SP] (Washington, D.C.: Feb. 1, 2010). [49] OMB, Circular A-11, Part 7: Planning, Budgeting, and Acquisition of Capital Assets, Capital Programming Supplement. 2006. [50] We used OMB Exhibit 300 reports for all programs except four Coast Guard programs: Sentinel Class, Maritime Patrol Aircraft, Response Boat-Medium, and National Security Cutter. An Exhibit 300 must be submitted for all executive branch agency major investments, and is designed to coordinate collection of agency information for reports to Congress required by the Federal Acquisition Streamlining Act of 1994 (FASA Title V). FASA requires agencies to establish cost, schedule and measurable performance goals for all major acquisition programs and achieve on average 90 percent of those goals. The Exhibit 300 is a component of the total performance budget justification for executive agencies. Agencies are required to report total estimated life-cycle costs and acquisition costs for programs in the Exhibit 300. [51] The four Coast Guard programs are: Sentinel Class, Maritime Patrol Aircraft, Response Boat-Medium, and National Security Cutter. [52] We used official program acquisition program baselines for initial cost estimates, and Quarterly Acquisition Reports to congressional appropriations committees as current cost estimates for the Sentinel Class, Maritime Patrol Aircraft, Response Boat-Medium, and National Security Cutter programs. Acquisition program baselines (APB) formally document a program's critical cost parameters, including acquisition costs and life-cycle costs. The Quarterly Acquisition Report to congressional appropriations committees includes Total Acquisition Costs and Life-Cycle Cost Estimates reported to Congress for Coast Guard programs. [53] Our prior work has identified certain knowledge metrics regarding technology and design. Specifically, our body of work on best practices in product development indicates that (1) focus should be on achieving a high level of technology maturity at the start of system development in that critical technologies needed to meet essential product requirements must be demonstrated to work in their intended environment. The technology readiness level for each critical technology is the metric we use to measure technology maturity; and (2) product's design is stable as evidenced by the development of engineering prototypes and the completion of engineering drawings for an integrated product at the system design review. A best practice is to achieve design stability at the system-level critical design review, usually held midway through development. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: