This is the accessible text file for GAO report number GAO-07-309 entitled 'Secure Border Initiative: SBInet Expenditure Plan Needs to Better Support oversight and Accountability' which was released on February 15, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Committees: United States Government Accountability Office: GAO: February 2007: Secure Border Initiative: SBInet Expenditure Plan Needs to Better Support Oversight and Accountability: GAO-07-309: GAO Highlights: Highlights of GAO-07-309, a report to congressional committees Why GAO Did This Study: In November 2005, the Department of Homeland Security (DHS) established the Secure Border Initiative (SBI) program to secure U.S. borders and reduce illegal immigration. One element of SBI is SBInet, the program responsible for developing a comprehensive border protection system. By legislative mandate, DHS developed a fiscal year 2007 expenditure plan for SBInet to address nine legislative conditions, including a review by GAO. DHS submitted the plan to the Appropriations Committees on December 4, 2006. To address the mandate, GAO assessed the plan against federal guidelines and industry standards and interviewed appropriate DHS officials. What GAO Found: The SBInet expenditure plan, including related documentation and program officials’ statements, satisfied four legislative conditions, partially satisfied four legislative conditions, and did not satisfy one legislative condition. The nine legislative conditions and the level of satisfaction are summarized in the table. Table: Satisfaction of legislative conditions: Legislative condition: 1. Defines activities, milestones, and costs for implementing the program; Status: Partially satisfied. Legislative condition: 2. Demonstrates how activities will further the goals and objectives of the Secure Border Initiative, as defined in the SBI multi-year strategic plan; Status: not satisfied. Legislative condition: 3. Identifies funding and the organization staffing (including full-time equivalents, contractors, and detailees) requirements by activity; Status: Satisfied. Legislative condition: 4. Reports on costs incurred, the activities completed, and the progress made by the program in terms of obtaining operational control of the entire border of the United States; Status: Partially satisfied. Legislative condition: 5. Includes a certification by DHS’s Chief Procurement Officer that procedures to prevent conflicts of interest between the prime integrator and major subcontractors are established and a certification by DHS’s Chief Information Officer that an independent verification and validation agent is currently under contract for the project; Status: Satisfied. Legislative condition: 6. Complies with all applicable acquisition rules, requirements, guidelines, and best systems acquisition management practices of the federal government; Status: Partially satisfied. Legislative condition: 7. Complies with the capital planning and investment control review requirements established by the Office of Management and Budget (OMB), including Circular A–11, part 7; Status: Partially satisfied. Legislative condition: 8. Is reviewed and approved by DHS’s Investment Review Board, the Secretary of Homeland Security, and OMB; Status: Satisfied. Legislative condition: 9. Is reviewed by GAO; Status: Satisfied. Source: GAO analysis of DHS data. [End of Table] Satisfying the legislative conditions is important because the expenditure plan is intended to provide Congress with the information needed to effectively oversee the program and hold DHS accountable for program results. Satisfying the legislative conditions is also important to minimize the program’s exposure to cost, schedule, and performance risks. SBInet’s December 2006 expenditure plan offered a high-level and partial outline of a large and complex program that forms an integral component of a broader multiyear initiative. However, the plan and related documentation did not include explicit and measurable commitments relative to capabilities, schedule, costs, and benefits associated with individual SBInet program activities. In addition, the SBInet systems integration contract did not contain a specific number of units that may be ordered or a maximum dollar value as required by Federal Acquisition Regulation. Further, DHS’s approach to SBInet introduces additional risk because the program’s schedule entails a high level of concurrency among related planned tasks and activities. What GAO Recommends: GAO recommends that DHS (1) ensure that future expenditure plans include explicit and measurable commitments relative to the capabilities, schedule, costs, and benefits associated with individual SBInet program activities; (2) modify the SBInet contract to include a maximum quantity or dollar value; and (3) re-examine the level of concurrency and appropriately adjust the acquisition strategy. DHS concurred with the first and third recommendations, but not the second. DHS stated that the contract already contains a maximum quantity. GAO disagrees and believes DHS needs to modify the contract to ensure compliance with regulations. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-309]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Richard M. Stana at (202) 512-8816 or stanar@gao.gov. [End of section] Contents: Letter: Compliance with Legislative Conditions: Conclusions: Recommendations for Executive Action: Agency Comments: Appendix I: Briefing to the Subcommittees on Homeland Security, Senate and House Committees on Appropriations: Appendix II: Comments from the Department of Homeland Security: Appendix III: GAO Contact and Staff Acknowledgments: Abbreviations: CBP: Customs and Border Protection: CIO: Chief Information Officer: CPO: Chief Procurement Officer: DHS: Department of Homeland Security: EVM: earned value management: FAR: Federal Acquisition Regulation: IRB: Investment Review Board: IV&V: independent verification and validation: OMB: Office of Management and Budget: PMO: Program Management Office: SBI: Secure Border Initiative: [End of section] United States Government Accountability Office: Washington, DC 20548: February 15, 2007: The Honorable Robert C. Byrd: Chairman: The Honorable Thad Cochran: Ranking Minority Member: Subcommittee on Homeland Security: Committee on Appropriations: United States Senate: The Honorable David E. Price: Chairman: The Honorable Harold Rogers: Ranking Minority Member: Subcommittee on Homeland Security: Committee on Appropriations: House of Representatives: The Secure Border Initiative (SBI) is a comprehensive, multiyear program established in November 2005 by the Secretary of Homeland Security to secure U.S. borders and reduce illegal immigration. SBI's mission is to promote border security strategies that help protect against and prevent terrorist attacks and other transnational crimes. Elements of SBI will be carried out by several organizations within the Department of Homeland Security (DHS). One element of SBI is SBInet, the program within U.S. Customs and Border Protection (CBP) responsible for developing a comprehensive border protection system. SBInet is responsible for leading the effort to ensure that the proper mix of personnel, tactical infrastructure, rapid response capability, and technology is deployed along the border. In September 2006, after a full and open competition source selection, CBP awarded an indefinite delivery/indefinite quantity systems integration contract for 3 years, with three 1-year options. The minimum dollar amount is $2 million; the maximum is stated as "the full panoply of supplies and services to provide 6,000 miles of secure U.S. border." According to DHS, the SBInet solution is to include a variety of sensors, communications systems, information technology, tactical infrastructure (roads, barriers, and fencing), and command and control capabilities to enhance situational awareness of the responding officers. The solution is also to include the development of a common operating picture that provides uniform data, through a command center environment, to all DHS agencies and is interoperable with stakeholders external to DHS. The Department of Homeland Security Appropriations Act, 2007, required DHS to submit to Congress an expenditure plan to establish a security barrier along the border of the United States of fencing and vehicle barriers and other forms of tactical infrastructure and technology.[Footnote 1] This plan was to address nine legislative conditions and was submitted on December 4, 2006. As required by the act, we reviewed the plan, and on December 7 and December 13, 2006, briefed the House and Senate Appropriations Subcommittee staff, respectively, on the results. This report transmits these results. The full briefing, including our scope and methodology, is reprinted in appendix I. Compliance with Legislative Conditions: The expenditure plan, including related documentation and program officials' statements, satisfied four legislative conditions, partially satisfied four legislative conditions, and did not satisfy one legislative condition. The nine legislative conditions and the level of satisfaction are summarized below. * Legislative condition 1: Define activities, milestones, and costs for implementing the program (partially satisfied). The SBInet expenditure plan included general cost information for proposed activities and some associated milestone information, such as beginning and ending dates. DHS estimates that the total cost for completing the acquisition phase for the southwest border is $7.6 billion for fiscal years 2007 through 2011. However, the plan and related documentation did not include sufficient details about the activities, milestones, or costs for implementing the program. Although the plan stated that about $790 million will be spent in the Tucson sector in Arizona for such elements as fencing, ground sensors, radars, cameras, and fixed and mobile towers, the plan did not specify how the funds will be allocated by element and did not provide specific dates for implementation. In addition, the plan did not include activities, milestones, or costs for the northern border. According to DHS, work on the northern border is not to begin before fiscal year 2009. * Legislative condition 2: Demonstrate how activities will further the goals and objectives of the SBI, as defined in the SBI multiyear strategic plan (not satisfied). The SBInet expenditure plan included a section that describes SBI and SBInet goals; however, the expenditure plan and related documentation did not link individual activities with SBI's goals, as called for by the legislative condition. Further, the December 2006 SBI strategic plan contained three strategic goals, one of which addresses border control. SBI and SBInet senior officials told us all SBInet activities link back to the overall goal of controlling the border and that the linkage between program goals and activities is intuitive. However, the SBInet expenditure plan did not link specific activities to more detailed SBI strategic plan goals, such as the annual performance goals. * Legislative condition 3: Identify funding and organization staffing (including full-time equivalents, contractors, and detailees) requirements by activity (satisfied). The SBInet program is managed by the SBInet Program Management Office (PMO). The PMO plans to execute SBInet activities through a series of concurrent task orders and to rely on a mix of government and contractor staff. The PMO plans to nearly triple its current workforce, from approximately 100 to 270 personnel,[Footnote 2] by September 2007 in order to support and oversee this series of concurrent task orders. As of December 2006, SBInet officials told us that they have assigned lead staff for the task orders that have been awarded. * Legislative condition 4: Report on costs incurred, the activities completed, and the progress made by the program in terms of obtaining operational control of the entire border of the United States (partially satisfied). The SBInet expenditure plan and related documentation discussed how approximately $1.5 billion will be allocated to SBInet activities. For example, about $790 million is allocated for the Tucson Border Patrol sector and $260 million for the Yuma sector in Arizona.[Footnote 3] However, the plan did not include costs incurred to date mainly because SBInet activities are in the early stages of implementation and costs had not yet been captured by DHS's accounting system (e.g., the SBInet systems integration contract was awarded in September 2006 and the first two task orders were awarded in September and October 2006). Moreover, the expenditure plan did not include a baseline measure of miles under control of the border.[Footnote 4] While the plan did not discuss progress made to date by the program to obtain control of the border, related program documents, such as the bimonthly SBI reports to Congress, included information on the number of miles under control in the southwest border. According to the November 2006 bimonthly report, as of August 2006, 284 miles of the southwest border are under control. * Legislative condition 5: Include a certification by DHS's Chief Procurement Officer (CPO) that procedures to prevent conflicts of interest between the prime integrator and major subcontractors are established and a certification by DHS's Chief Information Officer (CIO) that an independent verification and validation agent is currently under contract for the project (satisfied). On November 30, 2006, DHS's CPO certified that the prime integrator had established procedures to prevent conflicts of interest between it and its major subcontractors and that DHS is developing a process to monitor and oversee implementation of the prime integrator's procedures. Also, on November 30, 2006, DHS's Deputy CIO certified that the SBInet program had contracted with a private company as the interim independent verification and validation (IV&V) agent. However, this company is also responsible for performing program activities, including requirements management and test and evaluation activities and thus is not independent of all the program's products and processes that it could review. The Deputy CIO certified that a permanent IV&V agent is to be selected by February 28, 2007, and that CBP is to provide information sufficient to determine that this independence issue has been resolved. * Legislative condition 6: Comply with all applicable acquisition rules, requirements, guidelines, and best systems acquisition management practices of the federal government (partially satisfied). SBInet is using, at least to some extent, several acquisition best practices. The extent to which these practices are in use varies, and outcomes are dependent on successful implementation. However, one acquisition requirement not followed was that the SBInet systems integration contract did not contain a specific number of units that may be ordered or a maximum dollar value. According to the Federal Acquisition Regulation (FAR),[Footnote 5] indefinite quantity contracts must specify the maximum quantity of supplies or services the agency will acquire. This may be stated as a number of units or as a dollar value. SBI and SBInet officials told us that the contract already contains a maximum quantity of "6,000 miles of secure U.S. border" and that this was sufficient to satisfy the FAR requirement. We disagree because the statement in the contract about the 6,000 miles of secure border merely reflects the agency's overall outcome to be achieved with the supplies or services provided but does not specify the maximum quantity of supplies or services the agency may acquire. We believe that a maximum quantity or dollar value limit should be included in the contract in order to ensure that it is consistent with the FAR requirement. SBInet's acquisition approach calls for considerable concurrency among related planned tasks and activities. The greater the degree of concurrency among related and dependent program tasks and activities, the greater a program's exposure to cost, schedule, and performance risks. SBI and SBInet officials told us that they understand the risks inherent in concurrency and are addressing these risks. However, they have yet to provide evidence that shows they have identified the dependencies among their concurrent activities and that they are proactively managing the associated risk. Further, the program office did not fully define and implement key acquisition management processes, such as project planning, requirements management, and risk management. According to the SBInet Program Manager, this is due to the priority being given to meeting an accelerated program implementation schedule. However, the program office has begun implementing a risk management process and, according to the Program Manager, plans to develop a plan for defining and implementing the remaining processes by the spring of 2007. * Legislative condition 7: Comply with the capital planning and investment control review requirements established by the Office of Management and Budget (OMB), including Circular A-11, part 7 (partially satisfied). As required by OMB, the plan and related documentation provided a brief description of SBInet and addressed the program's management structure and responsibilities for most of the program office's directorates. In addition, the program office developed a draft privacy impact assessment and established an earned value management (EVM) system[Footnote 6] to manage the prime integrator's progress against cost and schedule goals. However, an OMB-required EVM system had not been fully implemented because the baselines against which progress can be measured for the two task orders that had been issued, as of December 4, 2006, were not yet established. Further, the program office had not yet developed a system security plan or determined SBInet's compliance with the DHS enterprise architecture.[Footnote 7] * Legislative condition 8: Include reviews and approvals by DHS's Investment Review Board (IRB), the Secretary of Homeland Security, and OMB (satisfied). DHS's IRB approved the plan on November 22, 2006; the Secretary of Homeland Security approved the expenditure plan on November 22, 2006; and OMB approved the plan on December 4, 2006. * Legislative condition 9: Include a review by GAO (satisfied). On December 7, 2006, we briefed the House of Representatives Committee on Appropriations staff and on December 13, 2006, we briefed the Senate Committee on Appropriations staff regarding the results of our review. Conclusions: The legislatively mandated expenditure plan for SBInet is a congressional oversight mechanism aimed at ensuring that planned expenditures are justified, performance against plans is measured, and accountability for results is ensured. Because the SBInet expenditure plan lacked sufficient details on such things as planned activities and milestones, anticipated costs and staffing levels, and expected mission outcomes, Congress and DHS are not in the best position to use the plan as a basis for measuring program success, accounting for the use of current and future appropriations, and holding program managers accountable for achieving effective control of the southwest border. Under the FAR, indefinite quantity contracts such as the SBInet contract must contain the specific number of units that may be ordered or a maximum dollar value. However, the SBInet contract merely contains the maximum number of miles to be secured. While SBInet officials consider this sufficient to satisfy the FAR requirement, a maximum quantity expressed in units other than the overall outcome to be achieved or expressed as a dollar value limit would help ensure that the contract is consistent with this requirement. DHS's approach to SBInet introduces additional risk because the program's schedule entails a high level of concurrency. With multiple related and dependent projects being undertaken simultaneously, SBInet is exposed to possible cost and schedule overruns and performance problems. Without assessing this level of concurrency and how it affects project implementation, SBInet runs the risk of not delivering promised capabilities and benefits on time and within budget. Recommendations for Executive Action: To help ensure that Congress has the information necessary to effectively oversee SBInet and hold DHS accountable for program results, and to help DHS manage the SBInet program and ensure that future SBInet expenditure plans meet the legislative requirements, we recommend that the Secretary of Homeland Security direct the U.S. Customs and Border: Protection Secure Border Initiative Program Management Office Executive Director to take the following three actions: * ensure that future expenditure plans include explicit and measurable commitments relative to the capabilities, schedule, costs, and benefits associated with individual SBInet program activities; * modify the SBInet systems integration contract to include a maximum quantity or dollar value; and: * re-examine the level of concurrency and appropriately adjust the acquisition strategy. Agency Comments: In written comments on a draft of this report, DHS generally agreed with our findings and conclusions, but did not agree with our assessment that the SBInet contract does not contain specific numbers of units that may be ordered or a maximum dollar value. In addition, DHS stated that CBP intends to fully satisfy each of the legislative conditions in the near future to help minimize the program's exposure to cost, schedule, and performance risks. DHS's written comments are reproduced in appendix II. With respect to our recommendations, DHS concurred with two of our recommendations and disagreed with one. Specifically, DHS concurred with our recommendation for future expenditure plans to include explicit and measurable commitments relative to capabilities, schedule, costs, and benefits associated with individual SBInet program activities. According to DHS, future SBInet expenditure plans will include actual and planned progress, report against commitments contained in prior expenditure plans, and include a section that addresses and tracks milestones. DHS also concurred with our recommendation to re-examine the level of concurrency and appropriately adjust the acquisition strategy. In its written comments, DHS stated that CBP is constantly assessing the overall program as it unfolds, and adjusting it to reflect progress, resource constraints, refinements and changes in requirements, and insight gained from ongoing system engineering activities. DHS also stated that CBP recognizes the risk inherent in concurrency and has added this to the program's risk management database. DHS did not agree with our recommendation to modify the SBInet integration contract to include a maximum quantity or dollar value. According to DHS, the quantity stated in the contract, "6,000 miles of secure U.S. border," is measurable and is therefore the most appropriate approach to defining the contract ceiling. We do not agree. Under the FAR, an agency may use an indefinite delivery/indefinite quantity contract, such as that used for SBInet, when it is not possible to determine in advance the precise quantities of goods or services that may be required during performance of the contract. Though these types of contracts are indefinite, they are not open- ended. The FAR requires that indefinite quantity contracts contain a limit on the supplies or services that may be ordered, stated in terms of either units or dollars. This limit serves a variety of purposes, including establishing the maximum financial obligation of the parties. In our view, the purported maximum used in the SBInet contract, "the full panoply of supplies and services to provide 6,000 miles of secure U.S. border," does not allow anyone to calculate with any degree of certainty what the maximum financial obligation of the parties might turn out to be since the contract does not make clear the total amount of supplies or services that would be required to secure even 1 mile of U.S. border. In order to ensure that the SBInet contract is consistent with the FAR, we continue to believe that it should be modified to include a maximum quantity, either units or a dollar value, rather than the total amount of miles to be secured. We are sending copies of this report to the Chairman and Ranking Minority Members of other Senate and House committees that have authorization and oversight responsibilities for homeland security. We are also sending copies to the Secretary of Homeland Security, the Commissioner of Customs and Border Protection, and the Director of the Office of Management and Budget. Copies of this report will also be available at no charge on the GAO Web site at http://www.gao.gov. If you or your staff have any further questions about this report, please contact Richard Stana at (202) 512-8816 or StanaR@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Key contributors to this report are listed in appendix III. Signed by: Richard M. Stana: Director, Homeland Security and Justice Issues: Signed by: Randolph C. Hite: Director, Information Technology Architecture and Systems Issues: Signed by: William T. Woods: Director, Acquisition and Sourcing Management: [End of section] Appendix I: Briefing to the Subcommittees on Homeland Security, Senate and House Committees on Appropriations: Briefing on the Secure Border Initiative's SBInet Expenditure Plan: Prepared for the House and Senate Appropriations Committees: December 7 and December 13, 2006: Briefing Overview: Objective, Scope, and Methodology: Results in Brief: Background: Findings: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Attachment 1: Scope and Methodology: Objective, Scope, and Methodology: Our objective was to determine whether the Secure Border Initiative's (SBI) SBlnet December 2006 expenditure plan satisfies nine legislative conditions as required by the Department of Homeland Security Appropriations Act, 2007.[Footnote 8] To accomplish our objective, we analyzed the SBI net December 2006 expenditure plan and supporting documentation. We also interviewed cognizant program officials and contractors. We did not review the justification for cost estimates included in the expenditure plan. We conducted our work at Department of Homeland Security's (DHS) U.S. Customs and Border Protection (CBP) headquarters in the Washington, D.C., metropolitan area from October 2006 to December 2006, in accordance with generally accepted government auditing standards. Details of our scope and methodology are provided in attachment 1. Results in Brief: Satisfaction of legislative conditions: Legislative condition: 1. Defines activities, milestones, and costs for implementing the program; Status[Footnote 9]: Partially satisfied. Legislative condition: 2. Demonstrates how activities will further the goals and objectives of the Secure Border Initiative, as defined in the SBI multi-year strategic plan; Status[Footnote 9]: not satisfied. Legislative condition: 3. Identifies funding and the organization staffing (including full-time equivalents, contractors, and detailees) requirements by activity; Status[Footnote 9]: Satisfied. Legislative condition: 4. Reports on costs incurred, the activities completed, and the progress made by the program in terms of obtaining operational control of the entire border of the United States; Status[Footnote 9]: Partially satisfied. Legislative condition: 5. Includes a certification by DHS’s Chief Procurement Officer that procedures to prevent conflicts of interest between the prime integrator and major subcontractors are established and a certification by DHS’s Chief Information Officer that an independent verification and validation agent is currently under contract for the project; Status[Footnote 9]: Satisfied. Legislative condition: 6. Complies with all applicable acquisition rules, requirements, guidelines, and best systems acquisition management practices of the federal government; Status[Footnote 9]: Partially satisfied. Legislative condition: 7. Complies with the capital planning and investment control review requirements established by the Office of Management and Budget (OMB), including Circular A–11, part 7; Status[Footnote 9]: Partially satisfied. Legislative condition: 8. Is reviewed and approved by DHS’s Investment Review Board[Footnote 10], the Secretary of Homeland Security, and OMB; Status[Footnote 9]: Satisfied. Legislative condition: 9. Is reviewed by GAO; Status[Footnote 9]: Satisfied. Source: GAO analysis of DHS data. [End of Table] Background: SBI is a comprehensive, multi-year program sponsored by the Secretary of Homeland Security, to secure U.S. borders and reduce illegal immigration. SBI's mission is to promote border security strategies that protect against and prevent terrorist attacks and other transnational crimes. Elements of SBI will be carried out by several organizations within DHS. Under SBI is SBI net, the program within CBP responsible for developing a comprehensive border protection system (see fig. 1). SBI net will lead the effort to ensure the proper mix of personnel (e.g., program staff and Border Patrol agents), tactical infrastructure, rapid response capability, and technology are deployed along the border. Figure #1: SBI Organizational Chart: [See PDF for Image] Source: GAO Analysis of DHS data. [End of figure] DHS defines control of U.S. borders as the ability to: 1. detect illegal entries into the United States; 2. identify and classify these entries to determine the level of threat involved; 3. efficiently and effectively respond to these entries; and: 4. bring events to a satisfactory law enforcement resolution. The initial focus of SBlnet will be on southwest border investments and areas between the ports of entry that CBP has designated as having the highest need for enhanced border security due to serious vulnerabilities. Figure 2 shows the topography, interstate highways, and some major secondary roads along the southwest border. Figure 2: Topography and Road Systems along the Southwest Border: [See PDF for image] Source: GAO. Note: The U.S.-Mexican border is denoted by the black line that starts at the far left in San Diego, California, and that moves to the far right, ending at Brownsville, Texas. [End of figure] In September 2006, after a full and open competition source selection, Boeing was awarded an Indefinite Delivery/Indefinite Quantity (IDIQ) contract for 3 years, with three 1-year options. The minimum dollar amount is $2 million; the maximum is stated as "the full panoply of supplies and services to provide 6,000 miles of secure U.S. border." Boeing's solution will include a variety of sensors, communications systems, information technology, tactical infrastructure (roads, barriers, and fencing), and command and control capabilities to enhance situational awareness of the responding officers (see fig. 3.) The solution will also include the development of a common operating picture (COP) that will provide uniform data, through a command center environment, to all DHS agencies and be interoperable with stakeholders external to DHS. Figure 3: Existing Technology along the Border: [See PDF for image] Source: CBP. [End of figure] DHS's acquisition process for major investments consists of 5 decision milestones and requires Investment Review Board approval at key decision points (see fig. 4). Figure 4: DHS's Acquisition Process: [See PDF for image] Source: DHS. [End of figure] Legislative condition #1: Defines Activities, Milestones, and Costs (Partially Satisfied): The expenditure plan, including related documentation and program officials' statements, partially satisfied the condition to define activities, milestones, and costs for implementing the program. The SBInet expenditure plan should include sufficient details of planned activities, milestones, and costs for Congress and DHS to be assured that planned use of current and future appropriations offer a reasonable expectation of achieving operational control of the U.S border, and to provide a basis for measuring program success and holding program managers accountable. DHS estimates that the total cost for completing the acquisition phase for the southwest border is $7.6 billion from FY2007 through FY2011. * $5.1 billion is for the design, development, integration and deployment of fencing, roads, vehicle barriers, sensors, radar units, and command, control, and communications and other equipment. * $2.5 billion is for integrated logistics and operations support during the acquisition phase for the southwest border. DHS expects to have control of the southwest border by October 2011. DHS officials have yet to provide draft implementation plans by southwest border sectors and years for FY2007-FY2011. The expenditure plan does not include activities, milestones, or costs for the northern border. According to DHS, work on the northern border is not projected to begin before FY2009. The expenditure plan provides a general breakdown of how funds will be allocated to SBInet's activities.[Footnote 11] See table 1. Table 1: SBlnet Funding Allocations FY2005-FY2007 (in thousands): Activity: Management task order; FY2005: $36,800; FY2006 Supplemental: [Empty]; FY2007: $13,066; Total: $49,866. Activity: Project 28; FY2005: [Empty]; FY2006 Supplemental: $20,000; FY2007: [Empty]; Total: $20,000. Activity: Common operating picture; FY2005: [Empty]; FY2006 Supplemental: [Empty]; FY2007: $100,000; Total: $100,000. Activity: Tucson sector; FY2005: [Empty]; FY2006 Supplemental: $60,000; FY2007: $729,359; Total: $789,359. Activity: Yuma sector; FY2005: [Empty]; FY2006 Supplemental: $204,609; FY2007: $55,075; Total: $259,684. Activity: Yuma and Tucson Tactical Infrastructure; FY2005: [Empty]; FY2006 Supplemental: $24,391; FY2007: [Empty]; Total: $24,391. Activity: Tactical Infrastructure Western Arizona; FY2005: [Empty]; FY2006 Supplemental: [Empty]; FY2007: $57,823; Total: $57,823. Activity: Texas Mobile System; FY2005: [Empty]; FY2006 Supplemental: [Empty]; FY2007: $20,000; Total: $20,000. Activity: San Diego Fence; FY2005: [Empty]; FY2006 Supplemental: [Empty]; FY2007: $30,500; Total: $30,500. Activity: Advanced Technology Development; FY2005: [Empty]; FY2006 Supplemental: $10,000; FY2007: [Empty]; Total: $10,000. Activity: Systems Engineering Support; FY2005: [Empty]; FY2006 Supplemental: $6,000; FY2007: $6,000; Total: $12,000. Activity: Program Management Office Support; FY2005: [Empty]; FY2006 Supplemental: [Empty]; FY2007: $55,000; Total: $55,000. Activity: Environmental Requirements; FY2005: [Empty]; FY2006 Supplemental: [Empty]; FY2007: $61,000; Total: $61,000. Activity: Other[Footnote 12]; FY2005: [Empty]; FY2006 Supplemental: [Empty]; FY2007: $59,742; Total: $59,742. Total; FY2005: $36,800; FY2006 Supplemental: $325,000; FY2007: $1,187,565; Total: $1,549,362. Source: GAO analysis of SBlnet Expenditure Plan. [End of table] The expenditure plan includes certain milestones, such as starting and ending dates, for some but not all activities. For Project 28, the task order has been issued and the milestones are defined. In other cases, such as the Tucson and Yuma sector activities, milestones and costs are preliminary and more likely to change because they are in the early stages of planning and requirement setting. According to SBInet officials, factors such as technological, environmental, and eminent domain constraints can affect the timetables and costs of these activities. Figure 5 illustrates some key milestones defined by SBInet officials for selected activities. Figure 5: Timeline by selected project: [See PDF for image] Source: SBlnet supporting documentation: [End of figure] Legislative Condition #2: Demonstrates How Activities will Further the Goals of SBI's Strategic Plan (Not Satisfied): The expenditure plan, including related documentation and program officials' statements, did not satisfy the condition to demonstrate how activities will further the goals and objectives of the SBI, as defined in the SBI multi-year strategic plan. As one component of a larger initiative, the SBlnet expenditure plan needs to demonstrate the linkage between its individual activities and the objectives of SBI. The expenditure plan discusses the goals and objectives of four strategic plans: DHS, SBI, CBP, and SBI net. (See table 2.) However, the plan does not directly link the SBI net activities to these goals and objectives. As a result, Congress is not in a position to understand how SBInet's activities contribute to SBI's goals and objectives. Table 2: SBlnet Strategic Alignment of Goals: DHS Strategic Plan: Objective 2.1: Secure our borders against terrorists, means of terrorism, illegal drugs, and other illegal activity; DHS Secure Border Strategic Plan: Goal 1: Gain effective control of the borders; CBP Strategic Plan: Objective 2.2: Maximize border security, along the northern, southern and coastal borders, through an appropriate balance of personnel, equipment, technology, communications capabilities and tactical infrastructure; SBInet Strategic Plan: Strategic Goal #1: Ensure border security by providing resources and capabilities to gain and maintain control of the nation's borders at and between Ports of Entry. DHS Strategic Plan: Objective 2.3: Provide operational end users with the technology and capabilities to detect and prevent terrorist attacks, means of terrorism and other illegal activities; DHS Secure Border Strategic Plan: Goal 1.1: Develop and deploy the optimal mix of personnel, infrastructure, technology and response capabilities to identify, classify and interdict cross-border violators; CBP Strategic Plan: Objective 3.2: Develop and implement policy, management, operations, infrastructure and training initiatives to integrate frontline border enforcement personnel; SBInet Strategic Plan: Strategic Goal #2: Lead development and Deployment of a COP. DHS Strategic Plan: Objective 7.4: Improve the efficiency and effectiveness of the Department, ensuring taxpayers get value for their tax dollars; DHS Secure Border Strategic Plan: Core enabler: Strengthen DHS management efforts; CBP Strategic Plan: Objective 6.2: Improve asset acquisition and management methods and procedures, ensuring the effective procurement of supplies, services, and equipment in alignment with the CBP mission, goals, and priorities; SBInet Strategic Plan: Strategic Goal #3: Provide Responsible Acquisition Management. Source: SBlnet Expenditure Plan. [End of table] Legislative Condition #3: Identifies Funding and: Staffing Requirements by Activity (Satisfied): The expenditure plan, including related documentation and program officials' statements, satisfied the condition to identify funding and the organization staffing (including full-time equivalents, contractors, and detailees) requirements by activity. The expenditure plan should identify funding[Footnote 13] and staffing requirements with sufficient detail to provide reasonable assurance to Congress that government oversight of planned major expenditures will be adequate to minimize the risk of inefficient or wasteful spending. SBInet activities will be executed through a series of task orders. The SBInet program plans to rely on a mix of government and contractor staff to manage the program. As of December 2006, SBInet officials told us that they have assigned lead staff for the task orders that have been awarded. In addition, SBInet officials told us that their human capital strategy, scheduled to be finalized in December, will provide more details on staffing and expertise needed for the program. The SBI net program is managed by the SBInet Program Management Office (PMO). The PMO reports to the CBP SBI Program Executive Director. The PMO plans to nearly triple its current workforce by September 2007 in order to support and oversee a planned series of concurrent task orders. (See fig. 6.) SBI and SBI net officials expressed concerns about difficulties in finding an adequate number of staff with the required expertise to support planned activities. Staffing shortfalls could limit government oversight efforts. Figure 6: CBP SBI and SBlnet Current and Projected Personnel: [See PDF for image] Notes: Current Staff is as of December 2006. Projected Staff is as of September 30, 2007. Source: GAO analysis of data in SBInet's expenditure plan. [End of figure] Legislative Condition #4: Reports on Costs Incurred, Activities Completed and Progress to Date (Partially Satisfied): The expenditure plan, including related documentation and program officials' statements, partially satisfied the condition to report on costs incurred, the activities completed, and the progress made by the program in terms of obtaining operational control of the entire border of the United States. The expenditure plan should include a baseline measure of operational control of the border in order to inform Congress on the level of progress already achieved. The plan and supporting documentation discusses allocations but not costs incurred. Examples of activities completed to date: 1. Systems integration contract was awarded in September 2006. 2. Two task orders have been awarded: * Program Management/Systems Engineering - $36.5 million (September 2006): * Project 28 - $20 million (October 2006): The plan does not discuss progress to date made by the program to obtain operational control of the border. The bi-monthly SBI reports to Congress include baseline information. Legislative Condition #5: Includes Certifications by CPO and CIO (Satisfied): The expenditure plan, including related documentation and program officials' statements, satisfied the condition to include a certification by DHS's Chief Procurement Officer that procedures to prevent conflicts of interest between the prime integrator and major subcontractors are established and a certification by DHS's Chief Information Officer that an independent verification and validation agent is currently under contract for the project. On November 30, 2006, DHS's Chief Procurement Officer certified that the prime integrator has established procedures to prevent conflicts of interest between it and its major subcontractors and that DHS is developing a process to monitor and oversee implementation of the prime integrator's procedures. On November 30, 2006, DHS's Deputy Chief Information Officer certified the SBInet program has contracted with a private corporation as the interim Independent Verification and Validation (IV&V) Agent. However, this corporation is also responsible for the program's requirements management and test and evaluation activities and thus is not independent of all the program's products and processes that it could review. The Deputy CIO certified that a permanent IV&V agent is to be selected by February 28, 2007. Legislative Condition #6: Complies with Acquisition Rules and Requirements (Partially Satisfied): The plan, including related documentation and program officials' statements, partially satisfied the condition to comply with applicable acquisition rules, requirements, guidelines, and best systems acquisition management practices of the federal government, such as the DHS's acquisition guidelines, Federal Acquisition Regulation, and the Software Engineering Institute's acquisition guidance and practices. DHS Acquisition Guidelines: SBInet is using, at least to some extent, several of the best practices or "Guiding Principles" in DHS Management Directive 1400, including: Competition: Earned Value Management: Performance-based contracting: Spiral Development: Risk Management: The extent to which these practices are in use varies, and outcomes are dependent on successful implementation. Federal Acquisition Regulation (FAR): Under FAR Part 16, indefinite quantity contracts must specify the maximum quantity of supplies or services the agency will acquire. These may be stated as number of units or dollars. The SBInet contract does not contain specific numbers of units that may be ordered or a maximum dollar value. Other Issues: Fee Structure: The Program Management Task Order includes a relatively high base fee of 5 percent. By comparison, the Department of Defense regulations and the National Aeronautics and Space Administration guidance generally limit base fees to 3 percent or less. Conversely, our experience in reviewing contract matters shows that the award fee of 3 percent may not be high enough relative to the base fee to motivate higher levels of performance. DHS officials said that they will establish an appropriate fee structure when issuing future task orders. Concurrency: The greater the degree of concurrency among related and dependent program tasks and activities, the greater a program's exposure to cost, schedule, and performance risks. As shown on slide 17, DHS plans call for considerable concurrency among SBInet planned tasks and activities that are related, such as the lessons learned from the Project 28 task order that are to be incorporated in the sector task orders and the program management task order that is to establish the capabilities to manage and oversee all of the other task orders. According to program officials, risks associated with concurrency are being managed. However, we have yet to receive information showing that the program has defined task and activity dependencies and relationships, and the risk inventory does not include a risk related to concurrency. Software Engineering Institute Acquisition Guidance: The Software Engineering Institute's recognized guidance on system acquisition practices provides a management framework based on disciplined and rigorous processes for planning, managing, and controlling the acquisition of information technology (IT) resources. These processes include, among others, acquisition management, project planning, project monitoring and control, requirements management, measurement and analysis, process and product quality assurance, and risk management. The program management office has not fully defined and implemented all of these key acquisition management processes. According to the SBInet Program Manager, these processes have not been fully defined and implemented because of a lack of time due to the priority to meet a tight program implementation schedule. He further stated that he plans to develop a plan for defining and implementing these processes. The plan is to be incorporated in a revised Program Management Plan (PMP), which is to be available in the spring of 2007. The program office has defined and begun implementing one of these process areas --risk management. The program office developed a draft risk management plan, dated September 29, 2006. This draft plan addressed, among other things, a process for identifying, analyzing, mitigating, tracking, and controlling risks. As part of its process, the program office has established a governance structure, which includes a Risk Review Board (RRB) that is chaired by the SBInet Program Manager. According to the SBInet Risk Manager, a draft RRB charter has been developed, although we have yet to receive it. The program office has also begun implementing its process. For example, it has developed a risk management database that identifies for each risk, among other things, the status, priority, probability of occurrence, the overall impact, consequence, and a mitigation strategy. The risk inventory, which was provided to us on November 6, 2006, identified 30 risks, of which 11 are designated as high risks and 2 are designated as issues - understanding overall program cost and program management office staffing. According to the SBInet Program Manager, an issue is a risk that has been realized. He further stated that the program cost issue is to be closed, but the program management office staffing issue is still open. Examples of other high risks include: * Timely completion of environmental risk assessments, * Early definition of tactical infrastructure requirements, and: * Success of 8-month milestone for Project 28. Legislative Condition #7: Complies with Capital Planning and Investment Control Review Requirements (Partially Satisfied): The plan, including related program documentation and program officials' statements, partially satisfied the Capital Planning and Investment Control (CPIC) review requirements established by OMB, including Circular A-11, part 7, which establishes policy for planning, budgeting, acquisition, and management of federal capital assets. Examples of our analysis follow. A-11 Requirement: Provide a brief description of the investment and its status in the CPIC review, including major assumptions made about the investment. Results of our analysis: The expenditure plan includes a brief description of SBlnet. The plan does not describe the status of the investment in the DHS CPIC process, but indicates that SBlnet is being managed using a CPIC framework. However, it is unclear where SBlnet is in the CPIC process. According to the SBlnet DHS Joint Requirements Council and IRB briefing document for fiscal year 2007, dated November 22, 2006, the program office plans to implement the CPIC process on an annual basis. According to the SBlnet Program Manager, SBlnet projects are at various stages in the acquisition life cycle. As a result, the program office plans to combine multiple projects into a single decision milestone that is to occur on an, at least, annual basis. A-11 Requirement: Describes the management structures, responsibilities, and qualifications that contribute to achievement of cost, schedule, and performance goals. Results of our analysis: The expenditure plan and other documentation address the management structures and responsibilities. Specifically, the program office includes six line and four staff directorates reporting to the SBlnet Program Manager. The management structure also includes the use of integrated project teams that consist of subject matter experts from a variety of disciplines required to effectively manage an acquisition project. The draft Program Management Plan, dated September 18, 2006, identified responsibilities for five of the six program office line directorates, and for two of the four staff directorates. The plan also identified responsibilities for some, but not all, divisions within each of the directorates. For example, the plan describes the responsibilities of the Mission Engineering Directorate, but it does not describe the responsibilities for the five divisions within the Directorate. We have not yet seen any documentation that describes the qualifications of the program office staff. A-11 Requirement: Provide a summary of the investment's risk assessment, including how 19 OMB-identified risk elements are being addressed. Results of our analysis: The program office has defined and begun implementing a risk management process, and developed a risk database that addresses 13 of the 19 OMB- identified risk. The risk elements that are not addressed include privacy and technical obsolescence. A-11 Requirement: Provides a summary of the investment's status in accomplishing baseline cost and schedule goals through the use of an earned value management (EVM) system or operational analysis, depending on the life- cycle stage. Results of our analysis: The program office is currently relying on the prime integrator's EVM system to manage the prime contractor's progress against cost and schedule goals. The prime integrator's EVM system has been independently certified as meeting established standards. However, the EVM system has not yet been fully implemented because the baselines against which progress can be measured for the two task orders that have been issued to date has not yet been established. According to program officials, these baselines will be established for the program management task order and the Project 28 task order in mid- December 2006 and mid-January 2007, respectively. A-11 Requirement: Demonstrates that the investment is included in the agency's enterprise architecture and CPIC process. Results of our analysis: The expenditure plan did not include a discussion of the program office's activities in regard to the DHS enterprise architecture. Moreover, according to program officials, the program office has not yet determined if SBInet is aligned with the architecture. According to these officials, SBInet is to be reviewed by the Enterprise Architecture Center of Excellence, which is the DHS entity that determines enterprise architecture alignment, by the end of December 2006. With respect to the CPIC requirement, the plan does not describe the status of the investment in the DHS CPIC process, but indicates that it is being managed using a CPIC framework. Also, as stated previously, it is unclear where SBInet is in the CPIC process. A-11 Requirement: Provides a description of an investment's security and privacy issues. Summarizes the agency's ability to manage security at the system or application level. Demonstrates compliance with the certification and accreditation process, as well as the mitigation of IT security weaknesses. Results of our analysis: The expenditure plan did not include a discussion of security and/or privacy. According to a program office security specialist, the program office has not yet developed a system security plan because it is too early in the system development life cycle. A system security plan is to be developed as a part of the system certification and accreditation process. Regarding privacy, the program office developed a draft privacy impact assessment dated October 2006. The assessment addresses several, but not all, of OMB's criteria.[Footnote 14] Legislative Condition #8: Includes Approvals by IRB, DHS Secretary and OMB (Satisfied): The expenditure plan, including related documentation and program officials' statements, satisfied the condition that the plan be reviewed and approved by DHS's Investment Review Board, the Secretary of Homeland Security, and OMB. DHS's Investment Review Board approved the plan on November 22, 2006. The Secretary of Homeland Security approved the expenditure plan on November 22, 2006. OMB approved the plan on December 4, 2006. Accountability * Integrity * Reliability: Legislative Condition #9: Is Reviewed by GAO (Satisfied): The expenditure plan, including related documentation and program officials statements, satisfies the condition that the plan be reviewed by GAO. The SBInet PMO provided draft versions of the expenditure plan and supporting documentation. We conducted our review from October 11, 2006, to December 5, 2006. Conclusions: The SBInet December 2006 expenditure plan, including related documentation and program officials' statements, has satisfied four, partially satisfied four and not satisfied one of the nine conditions legislated by the Congress. Satisfying the legislative conditions is important because the expenditure plan is intended to provide Congress with the information needed to effectively oversee the program and hold DHS accountable for program results. Satisfying the legislative conditions is also important to minimize the program's exposure to cost, schedule, and performance risks. DHS's approach to SBInet introduces additional risk because the program's structure entails a high level of concurrency and lacks a maximum quantity or dollar value for the integration contract. The current expenditure plan offers a high-level and partial outline of a large and complex program that forms an integral component of a broader multi-year initiative. However, Congress and DHS need additional details of planned milestones, anticipated interim and final costs, and staffing to be reasonably assured that the current risk to the project's cost, schedule, and ultimate effectiveness is minimized. Recommendations: To ensure that Congress has the information necessary to effectively oversee SBInet and hold DHS accountable for program results, and to help DHS manage the SBInet program and ensure that future SBInet expenditure plans meet the legislative requirements, we recommend that the Secretary of Homeland Security direct the U.S. Customs and Border Protection Secure Border Initiative Program Management Office Executive Director to take the following three actions: * ensure that future expenditure plans include explicit and measurable commitments relative to the capabilities, schedule, costs, and benefits associated with individual SBInet program activities; * re-examine the level of concurrency and appropriately adjust the acquisition strategy; and: * modify the SBInet systems integration contract to include a maximum quantity or dollar value. Agency Comments and Our Evaluation: In their oral comments on a draft of this briefing, DHS, SBI, and SBInet officials generally agreed with our findings. However, they did not agree with our assessment that the expenditure plan did not satisfy legislative condition #2 which requires the expenditure plan to demonstrate how activities will further the goals and objectives of SBI's strategic plan. They stated that all SBI net activities link back to the overall goal of controlling the border and that the linkage between program goals and activities is intuitive. We maintain our position that the requirement has not been satisfied because the plan and supporting documentation does not directly link SBInet's activities to SBI's goals and objectives; therefore, Congress is not in a position to understand how SBInet's activities contribute to these goals and objectives. With respect to our recommendations, DHS, SBI, and SBI net officials agreed with our first recommendation on the need for future expenditure plans to include explicit and measurable commitments relative to capabilities, schedule, costs and benefits associated with individual SBI net program activities. SBI and SBI net officials stated that more details will be available for future expenditure plans as subsequent task orders for the program are awarded. DHS, SBI, and SBInet officials took issue with our second recommendation that they re-examine the level of concurrency and appropriately adjust the acquisition strategy. They stated that they understand the risks inherent in concurrency and are addressing these risks. However, they have yet to provide evidence that shows they have identified the dependencies among their concurrent activities and that their risk management framework considers the issue of concurrency; therefore, we continue to believe that the level of concurrency should be proactively addressed through reexamination and appropriate adjustment of the acquisition strategy. DHS, SBI and SBInet officials also took issue with our third recommendation on modifying the SBlnet integration contract to include a maximum quantity or dollar value. They stated that the contract already contains a maximum quantity of "6,000 miles of secure U.S. border" and that this was sufficient to satisfy the FAR requirement. We disagree and continue to believe that a maximum quantity or dollar value limit should be included in the integration contract in order to ensure that it is consistent with FAR requirements. DHS, SBI and SBInet officials also provided clarifying information that we incorporated as appropriate in this briefing. Attachment 1: Scope and Methodology: To accomplish our objective, we analyzed the SBInet fiscal year 2007 expenditure plan and supporting documentation, comparing them to relevant federal requirements and guidance, and applicable best practices. We reviewed draft versions of the expenditure plan, including versions 1.0 (November 15, 2006); 2.0 (November 27, 2006); and 2.1 (November 29, 2006). We also reviewed the final version of the plan submitted to Congress on December 4, 2006. We interviewed DHS, CBP, SBI, and SBInet program officials and contractors. We did not review the justification for cost estimates included in the expenditure plan. In addition, we did not independently verify the source or validity of the cost information. We reviewed and assessed available program documentation against federal and industry acquisition guidelines and practices, such as the Software Engineering Institute's acquisition management processes and controls. We compared available program documentation to capital planning guidance (OMB-A-11) to determine whether the information complies with the capital planning and investment controls. We conducted our work at CBP headquarters in the Washington, D.C., metropolitan area from October 2006 to December 2006, in accordance with generally accepted government auditing standards. [End of section] Appendix II: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20528: February 5, 2007: Mr. Richard M. Stana: Director, Homeland Security and Justice: Government Accountability Office: Washington, D. C. 20548: Dear Mr. Stana: Thank you for the opportunity to comment on draft report GAO-07-309, "Secure Border Initiative: SBInet Expenditure Plan Needs to Better Support Oversight and Accountability." The U.S. Government Accountability Office (GAO) found that the SBInet expenditure plan, including related documentation and program officials' statements, satisfied four legislative conditions, partially satisfied four legislative conditions, and did not satisfy one legislative condition. CBP intends to fully satisfy each of these legislative conditions in the near future in order to minimize the program's exposure to cost, schedule, and performance risks. For legislative condition 1: CBP has more detailed information about the activities, milestones, and cost for implementing the program. When the plan was submitted to Congress on December 4, 2006, the SBInet prime integrator (Boeing) had been under contract for less than 90 days and program plans were in the initial stages of development. Future expenditure plans will include actual and planned progress towards the SBInet solution. For legislative condition 2: One of the goals outlined in the Secure Border Strategic Plan is to gain effective control of the borders. Effective control is measured in terms of miles, based on situational awareness (probability to detect, identify, and classify entries) and ability to respond. CBP provided documents to GAO under separate cover that reflects the number of miles of effective control for the Yuma and Tucson sectors today (baseline), the number of miles of effective control for FY 2007, and the total number of miles of effective control at the initial operational capability (IOC). For legislative condition 4: The GAO indicated in its Briefing on the SBInet Expenditure Plan that the Plan "should include a baseline measure of operational control of the border" (slide 24). CBP feels that the documentation for the 388 miles (see legislative condition 2, above) satisfies the baseline measure of miles under control of the border. For legislative condition 6: CBP recognizes the risk inherent in concurrency and is focused on managing this risk, not avoiding it. This has been reflected in our risk management database. Our goal is to deliver SBInet benefits as soon as possible without taking undue risks. For legislative condition 7: CBP remains on plan to begin using Earned Value Management (EVM) on the Program Management task order in mid February 2007 after a successful Integrated Baseline Review (IBR) has been conducted. The DHS Privacy Office has reviewed the Privacy Impact Assessment and their comments have been incorporated into the document. After a formal review/coordination cycle, the document will be resubmitted to the DHS Privacy Office for final review and approval. CBP agrees that two of the three recommendations are essential to successful program management, but does not concur with the recommendation to modify the integration contract to reflect a maximum quantity. CBP has determined that "miles of secured border" is a measurable component and that "6,000 miles of secured border" satisfies the intent of the Federal Acquisition Regulation (FAR), which does not require a breakdown of what goes into making up that quantity. The remaining two recommendations have and will continue to be addressed as part of the Program Management Office's (PMO) efforts to balance quality, cost, schedule, and accountability for program commitments. CBP believes the recommendations contained in this report provide useful and collaborative improvements in SBInet program management and contract execution. CBP recognizes that attention to details on activities, milestones and costs are key to a successful program, and are essential elements of program management. The method for achieving these goals is detailed in the response to each recommendation. Recommendation 1: Ensure that future expenditure plans include explicit and measurable commitments relative to the capabilities, schedule, costs, and benefits associated with individual SBInet program activities. Response: Concur. CBP will ensure that all future expenditure plans contain the most accurate information available at the time of publication. The FY 2007 expenditure plan was required to be submitted to Congress within 60 days of enactment of the FY 2007 Department of Homeland Security Appropriations Act (P.L. 109-295). When the plan was submitted to Congress on December 4, 2006, the SBInet prime integrator (Boeing) had been under contract for less than 90 days and program plans were in the initial stages of development. Future expenditure plans will include actual and planned progress. Furthermore, to ensure that Congress is informed of SBInet developments, future expenditure plans will report progress against commitments contained in prior expenditure plans. CBP will include a section in future expenditure plans that addresses and tracks milestones and other program commitments made in all prior expenditure plans. Recommendation 2: Modify the SBInet systems integration contract to include a maximum quantity or dollar value. Response: Non-Concur: The determination has been made to express the maximum quantity for subject solicitation as "6,000 miles of secured border". CBP has determined that "miles of secured border" is a measurable component; therefore, this is deemed the most appropriate approach to defining the contract ceiling. Recommendation 3: Re-examine the level of concurrency and appropriately adjust the acquisition strategy. Response: Concur: CBP is constantly assessing the overall program as it unfolds and adjusting it to reflect progress, resource constraints, refinements and changes in requirements, and insight gained from on-going system engineering activities. Our goal is to deliver SBInet benefits as soon as possible without taking undue risks. While initial activities (Project 28, Barry M. Goldwater Range Project, Fence Lab) are being conducted in parallel with the up-front program-level system engineering, they will serve as risk reduction activities and provide lessons learned to the main program level activities. The main implementation projects for SBInet deployments to Sectors and the Common Operating Picture Project have been aligned to be paced by the program-level system engineering activities. This will manage concurrency, not avoid it. The Department thanks you for the work that was done on this engagement and the cooperation received from the GAO team under tight timelines. Sincerely, Steven J. Pecinovsky: Director Departmental GAO/OIG Liaison Office: [End of section] Appendix III: GAO Contact and Staff Acknowledgments: GAO Contact: Richard M. Stana, (202) 512-8816, stanar@gao.gov: Staff Acknowledgments: In addition to the person named above, Robert E. White, Assistant Director; Deborah Davis, Assistant Director; Richard Hung, Assistant Director; E. Jeanette Espínola; Frances Cook; Katherine Davis; Gary Delaney; Joseph K. Keener; Sandra Kerr; Raul Quintero; and Sushmita Srikanth made key contributions to this report. FOOTNOTES [1] Pub. L. No. 109-295, 120 Stat. 1355, 1359-60. The Appropriations Act required that the expenditure plan be submitted within 60 days after the enactment of the act. [2] As of December 2006, SBInet personnel included 38 government employees and 60 contractor staff. Projected personnel as of September 2007 includes 113 government employees and 157 contractors. [3] The U.S. Border Patrol has 20 sectors responsible for detecting, interdicting, and apprehending those who attempt to illegally enter or smuggle people, including terrorists, or contraband, including weapons of mass destruction, across U.S. borders between official ports of entry. [4] DHS defines control of U.S. borders as the ability to: detect illegal entries, identify and classify entries and determine their respective level of threat, efficiently and effectively respond, and bring events to a satisfactory law enforcement action. [5] FAR 16.504(a)(4)(ii). [6] EVM is a management tool to help ensure that work performed for a program or project is consistent with cost and schedule goals. [7] An enterprise architecture defines how any organization operates today and how it plans to operate in the future, and it includes a road map for transitioning between the two sets of operations. [8] Pub. L. No. 109-295, 120 Stat. 1355, 1359-60. The Appropriations Act required an expenditure plan to establish a security barrier along the border of the United States of fencing and vehicle barriers and other forms of tactical infrastructure and technology. In response to this requirement, DHS submitted a plan on December 4, 2006, titled "SBlnet Expenditure Plan," that defines SBlnet as "the component of SBI charged with developing and installing the technology and tactical infrastructure solution for border control." The Appropriations Act also required GAO to review the expenditure plan. [9] Satisfied means that the plan, in combination with supporting documentation, either satisfied or provides for satisfying each requirement of the condition that we reviewed. Partially satisfied means that the plan, in combination with supporting documentation, either satisfied or provides for satisfying some, but not all, key aspects of the condition that we reviewed. Not satisfied means that the plan, in combination with supporting documentation, does not satisfy any of the key aspects of the condition that we reviewed. [10] The purpose of the Investment Review Board is to integrate capital planning and investment control, budgeting, acquisition and management of investments. It is also to ensure that spending on investments directly supports and furthers the mission and that this spending provides optimal benefits and capabilities to stakeholders and customers. [11] According to DHS officials, no FY2006 funds were allocated to SBlnet activities. [12] Other includes activities related to test and evaluation, deployment and installation, and integrated logistics support. [13] See discussion of legislative condition #1 for a review of planned activities and costs. [14] OMB, Guidance for Implementing the Privacy Provisions of the E- Government Act of 2002, OMB M-03-22 (Sept. 26, 2003). GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: