This is the accessible text file for GAO report number GAO-10-76 
entitled 'Financial Management Systems: DHS Faces Challenges to 
Successfully Consolidating Its Existing Disparate Systems' which was 
released on December 7, 2009. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to Congressional Addressees: 

United States Government Accountability Office: 
GAO: 

December 2009: 

Financial Management Systems: 

DHS Faces Challenges to Successfully Consolidating Its Existing 
Disparate Systems: 

GAO-10-76: 

GAO Highlights: 

Highlights of GAO-10-76, a report to congressional addressees. 

Why GAO Did This Study: 

In June 2007, GAO reported that the Department of Homeland Security 
(DHS) had made little progress in integrating its existing financial 
management systems and made six recommendations focused on the need for 
DHS to define a departmentwide strategy and embrace disciplined 
processes. In June 2007, DHS announced its new financial management 
systems strategy, called the Transformation and Systems Consolidation 
(TASC) program. House Report No. 110-862 directed GAO to determine 
whether DHS had implemented GAO’s prior recommendations. GAO also 
assessed whether there were additional issues that pose unnecessary 
risks to the successful implementation of the TASC program. GAO 
reviewed relevant documentation, such as the January 2009 request for 
proposal and its attachments, and interviewed key officials to obtain 
additional information. 

What GAO Found: 

GAO’s analysis shows that DHS has begun to take actions to implement 
four of the six recommendations made in the 2007 report; however, none 
of these recommendations have been fully implemented. GAO recognizes 
that DHS cannot fully implement some of the recommendations aimed at 
reducing the risk in accordance with best practices until the contract 
for the TASC program is awarded. DHS has taken, but not completed, 
actions to (1) define its financial management strategy and plan, (2) 
develop a comprehensive concept of operations, (3) incorporate 
disciplined processes, and (4) implement key human capital practices 
and plans for such a systems implementation effort. DHS has not taken 
the necessary actions on the remaining two recommendations, to 
standardize and reengineer business processes across the department, 
including applicable internal control, and to develop detailed 
consolidation and migration plans since DHS will not know the 
information necessary to develop these items until a contractor is 
selected. While some of the details of the department’s standardization 
of business processes and migration plans depend on the selected new 
system, DHS would benefit from performing critical activities, such as 
performing a gap analysis and identifying all of its affected current 
business processes so that DHS can analyze how closely the proposed 
system will meet the department’s needs. 

GAO’s analysis during this review also identified two issues that pose 
unnecessary risks to the TASC program—DHS’s significant risks related 
to the reliance on contractors to define and implement the new system 
and the lack of independence of the contractor hired to perform the 
verification and validation (V&V) function for the TASC program. DHS 
plans to rely on the selected contractor to complete key process 
documents for the TASC program such as detailed documentation that 
governs activities such as requirements management, testing, data 
conversion, and quality assurance. The extent of DHS’s reliance on 
contractors to define and implement key processes needed by the TASC 
program, without the necessary oversight mechanisms to ensure that the 
processes are properly defined and effectively implemented, could 
result in system efforts plagued with serious performance and 
management problems. Further, GAO identified that DHS’s V&V contractor 
was not independent with regard to the TASC program. DHS management 
agreed that the V&V function should be performed by an entity that is 
technically, managerially, and financially independent of the 
organization in charge of the system development, acquisition, or both 
that it is assessing. Accordingly, DHS officials indicated that they 
have restructured the contract to address GAO’s concerns by changing 
the organization that is responsible for managing the V&V function. 

What GAO Recommends: 

GAO makes seven recommendations and reaffirms its six prior 
recommendations to mitigate DHS’s risk in acquiring and implementing 
the TASC program. DHS agreed with GAO’s recommendations and described 
actions it has taken and plans to take to address them. GAO agrees that 
DHS has completed actions to address one recommendation, but further 
action is needed to address the others. GAO also received technical 
comments, which were incorporated as appropriate. 

View [hyperlink, http://www.gao.gov/products/GAO-10-76] or key 
components. For more information, contact Kay Daly at (202) 512-9095 or 
Nabajyoti Barkakati at (202) 512-4499. 

[End of section] 

Contents: 

Letter: 

Background: 

DHS Has Made Limited Progress in Implementing Our Prior 
Recommendations: 

Planned TASC Implementation Efforts Pose Unnecessary Risks: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Comments from the Department of Homeland Security: 

Table: 

Table 1: DHS's Progress toward Addressing GAO's Recommendations: 

Figure: 

Figure 1: Key Events Affecting the TASC Program: 

Abbreviations: 

CBP: U.S. Customs and Border Protection: 

COTR: Contracting Officer Technical Representative: 

COTS: commercial-off-the-shelf: 

DHS: Department of Homeland Security: 

eMerge2: Electronically Managing Enterprise Resources for Government 
Effectiveness and Efficiency: 

ERP: enterprise resource planning: 

FEMA: Federal Emergency Management Agency: 

FTE: full-time equivalent: 

IEEE: Institute of Electrical and Electronics Engineers: 

IV&V: independent verification and validation: 

OCFO: Office of the Chief Financial Officer: 

OIG: Office of Inspector General: 

RMTO: Resource Management Transformation Office: 

SBI: Secure Border Initiative: 

TASC: Transformation and Systems Consolidation: 

V&V: verification and validation: 

[End of section] 

United States Government Accountability Office: 

Washington, DC 20548: 

December 4, 2009: 

Congressional Addressees: 

Since the Department of Homeland Security (DHS) began operations in 
March 2003, it has faced the daunting task of bringing together 22 
diverse agencies and developing an integrated financial management 
system. In January 2009,[Footnote 1] we reported that although DHS had 
reduced financial internal control weaknesses, it had not yet 
integrated its financial management systems and had not developed a 
comprehensive plan for doing so. We recently testified[Footnote 2] that 
while DHS has redefined its acquisition and investment management 
policies and practices, the extent to which these policies and 
practices on major programs have been implemented was at best 
inconsistent and in many cases quite limited. Moreover, recent GAO 
reviews have shown that major acquisition programs have not been 
subjected to executive-level acquisition and investment management 
reviews at key milestones. 

DHS officials have long recognized the need to integrate their 
financial management systems, which are used to account for over $40 
billion in annual appropriated funds. The department's prior effort, 
known as the Electronically Managing Enterprise Resources for 
Government Effectiveness and Efficiency (eMerge2) project,[Footnote 3] 
began in January 2004 and was expected to integrate financial 
management systems departmentwide and address existing financial 
management weaknesses. However, DHS officials ended the eMerge2 project 
in December 2005, acknowledging that this project had not been 
successful. DHS officials stated that they had identified existing 
financial management systems, currently used by some of DHS's 
components, which could be leveraged by migrating these existing 
financial management systems to its other components.[Footnote 4] 

In June 2007, we reported[Footnote 5] that the department had made 
little progress since December 2005 in replacing its existing financial 
management systems problems and that, from an overall perspective, the 
decision to halt its eMerge2 project was prudent. We made six 
recommendations focused on the need for DHS to define a departmentwide 
strategy and embrace disciplined processes[Footnote 6] to reduce risk 
to acceptable levels.[Footnote 7] 

Also, in June 2007, DHS officials announced its new financial 
management systems strategy, called the Transformation and Systems 
Consolidation (TASC) program. At that time, the TASC program was 
described as the migration of other DHS components' systems to two 
existing financial management systems already in use at several 
components. After a bid protest was filed regarding the proposed 
approach, the TASC request for proposal was revised to acquire an 
integrated financial, acquisition, and asset management commercial-off-
the-shelf software (COTS) solution to be implemented departmentwide. 
The House Committee on Appropriations' September 2008 report on the 
fiscal year 2009 Department of Homeland Security Appropriations Bill 
[Footnote 8] included a mandate requiring us to review the TASC 
program, including following up on DHS's efforts to implement the six 
recommendations made in our June 2007 report. The Chairman, House 
Committee on Homeland Security became a cosponsor of that follow-up 
work. Further, the Ranking Member of the Senate Committee on Homeland 
Security and Governmental Affairs also became a cosponsor as did the 
Chairman of the Subcommittee on Federal Financial Management, 
Government Information, Federal Services, and International Security, 
Senate Committee on Homeland Security and Governmental Affairs. 

Our objectives for this report were to determine whether DHS had 
implemented our prior recommendations and assess whether there were 
additional issues that pose unnecessary risks to the successful 
implementation of the TASC program. We reviewed the January 2009 
request for proposal and its attachments, such as the Statement of 
Objectives and Solution Process Overview, to understand DHS's plans for 
implementing the TASC program. We also reviewed other available 
planning documents, such as the acquisition plan and the draft concept 
of operations, and determined the status of these plans and others to 
see if DHS had fully implemented our recommendations. We interviewed 
key officials from DHS's Office of the Chief Financial Officer (OCFO) 
and the Resource Management Transformation Office (RMTO), within OCFO, 
including its Director and Deputy Director for elaboration and to 
provide additional perspectives on the information contained in these 
documents. We also reviewed the Statement of Work for an independent 
verification and validation (IV&V) contractor and confirmed key 
information about this contract with the Director of RMTO. 

We conducted this performance audit from March 2009 through November 
2009 in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives. In October 
2009,[Footnote 9] we discussed our preliminary findings in a hearing 
before the Subcommittee on Management, Investigations, and Oversight, 
House Committee on Homeland Security. We requested comments on a draft 
of this report from the Secretary of Homeland Security or her designee. 
We received written comments from the DHS Acting Chief Financial 
Officer, which are reprinted in appendix I. 

Background: 

DHS was established by merging 22 disparate agencies and organizations 
with multiple missions, values, and cultures. Some of the agencies that 
became DHS components include the Federal Emergency Management Agency 
(FEMA), Federal Law Enforcement Training Center, Transportation 
Security Administration, U.S. Coast Guard, and U.S. Secret Service. 
Other former agencies were divided by function into new components or 
had their responsibilities distributed within a DHS component. For 
example, the former U.S. Customs Service became two DHS components--the 
U.S. Customs and Border Protection (CBP) and the U.S. Immigration and 
Customs Enforcement. Given the number of agencies that merged to become 
part of DHS and the diversity of their missions, an integrated 
financial management system that captures all of DHS's financial 
activities is imperative to provide reliable, timely, and useful 
information for managing day-to-day operations. 

DHS has described the TASC program in its Solution Process Overview as 
a departmentwide initiative to modernize, transform, and integrate the 
financial, acquisition, and asset management capabilities of its 
components. According to DHS officials, the new system is to be a COTS 
package that is already configured and operating in the public sector. 

Bid protests and related litigation have resulted in changes to DHS's 
approach for the TASC program as well as contributing to a significant 
delay in awarding a contract. The initial TASC approach was to migrate 
its components to two financial management systems--Oracle Federal 
Financials and SAP--already in use by several DHS components.[Footnote 
10] Under its pre-protest timeline, DHS anticipated that several of its 
smaller components, including the Office of Health Affairs and the 
Directorate for Science and Technology, would have "gone live" with the 
department's new baseline system by November 30, 2008. Because of 
changes in the TASC approach and the delays shown in figure 1, DHS 
officials stated that the department now expects to select a vendor by 
the second quarter of fiscal year 2010. 

Figure 1: Key Events Affecting the TASC Program: 

[Refer to PDF for image: illustration] 

August, 2007: 
DHS issued a request for proposal for managing the migration of DHS’s 
five different financial management software solutions to a shared 
system baseline (Oracle or SAP systems). 

October, 2007: 
DHS canceled the request for proposal because no offerors had submitted 
proposals. 

November, 2007: 
DHS issued a new, revised request for proposal with the same purpose as 
the 8/07 proposal. 

January, 2008: 
A financial services company, which was a potential offeror to DHS’s 
2007 request for proposal, filed a bid protest with the U.S. Court of 
Federal Claims.[A] 

March, 2008: 
The Court enjoined DHS from proceeding with the November 2007 request 
for proposal until DHS conducted a “competitive procurement,” in 
accordance with the law.[B] 

September, 2008: 
DHS issued a notice concerning a new request for proposal to be issued 
shortly. 

October, 2008: 
DHS issued a draft of a new request for proposal for public comment. 

November, 2008: 
The original protestor filed a motion with the Court to enforce the 
March 2008 injunction.[C] 

January, 2009: 
DHS issued a new TASC request for proposal for provision of “an 
integrated financial management, asset management and acquisition 
management systems solution and performance of TASC support services.”
[D] 

February, 2009: 
The original protestor filed a new bid protest with the Court, alleging 
that DHS violated the March 2008 injunction by proceeding with the 
January 2009 request for proposal. 

April, 2009: 
The Court dismissed the bid protestor’s complaint, which allowed DHS to 
proceed with its TASC request for proposal. 

July, 2009: 
The original protestor filed an appeal of the Court’s April 2009 
judgment. 

September, 2009: 
DHS responded to the July 2009 appeal. 

October, 2009: 
The protestor responded to DHS’s September 2009 response. 

Source: DHS. 

[A] The offeror alleged that DHS had conducted an improper sole source 
procurement. 

[B] Under 28 U.S.C. § 1491(b), the U.S. Court of Federal Claims has 
jurisdiction to render judgments and award relief to an interested 
party objecting to a request for proposal issued by federal agencies. 
The U.S. Court of Federal Claims issued an order enjoining DHS from 
proceeding with this procurement until DHS conducted a competitive 
procurement, in accordance with the Competition in Contracting Act (41 
U.S.C. § 253), which generally requires executive agencies to procure 
property and services through the use of competitive procedures that 
allow for full and open competition. 

[C] The potential offeror filed a motion with the U.S. Court of Federal 
Claims alleging that DHS had violated the Court's March 2008 injunction 
against proceeding with the original request for proposal. 

[D] Unlike the first two TASC requests for proposal, this request was 
issued to the public in anticipation of a new contract. The first two 
requests for proposal were issued only to awardees of existing 
indefinite delivery, indefinite quantity contracts with the expectation 
of awarding a task order under one of the existing contracts. 

[End of figure] 

DHS Has Made Limited Progress in Implementing Our Prior 
Recommendations: 

DHS has begun to take actions toward the implementation of four of the 
recommendations we made in June 2007,[Footnote 11] as shown in table 1. 
However, all six recommendations remain open. We do recognize that DHS 
cannot fully implement all of our recommendations until a contract is 
awarded because of its selected acquisition approach. 

Table 1: DHS's Progress toward Addressing GAO's Recommendations: 

Recommendation: Clearly define and document a departmentwide financial 
management strategy and plan to move forward with its financial 
management system integration efforts; 
Not completed: Some actions taken: [Check]. 

Recommendation: Develop a comprehensive concept of operations document; 
Not completed: Some actions taken: [Check]. 

Recommendation: Utilize and implement these specific disciplined 
processes to minimize project risk: (1) requirements management, (2) 
testing, (3) data conversion and system interfaces, (4) risk 
management, (5) configuration management, (6) project management, and 
(7) quality assurance; 
Not completed: Some actions taken: [Check]. 

Recommendation: Reengineer business processes and standardize them 
across the department, including applicable internal control; 
Not completed: No action taken: [Check]. 

Recommendation: Develop a detailed plan for migrating and consolidating 
various DHS components to an internal shared services approach if this 
approach is sustained; 
Not completed: No action taken: [Check]. 

Recommendation: Carefully consider key human capital practices as DHS 
moves forward with its financial management transformation efforts so 
that the right people with the right skills are in place at the right 
time; 
Not completed: Some actions taken: [Check]. 

Source: GAO analysis of DHS information. 

[End of table] 

These recommendations, made to help DHS reduce the risks associated 
with acquiring and implementing a departmentwide financial management 
system, are based on four building blocks, which were developed in 
accordance with industry best practices and our work at other federal 
agencies. These four building blocks, integral to the success of DHS's 
TASC program, are: 

* developing a concept of operations, 

* defining standard business processes, 

* developing a migration strategy for DHS components, and: 

* defining and implementing the disciplined processes necessary to 
properly manage the project. 

Fully embracing these four building blocks will be critical to the 
success of the TASC program, once that program has been clearly defined 
and documented. For example, defining standard business processes 
promotes consistency in operations within the department. Further, by 
reengineering and standardizing business processes, DHS should realize 
productivity gains and staff portability among its components. 
Underlying these four building blocks is the need for effective human 
capital management, which includes having sufficient human resources 
with the requisite training and experience to implement the system as 
well as operate the system once it has been put into service. 

DHS Faces Significant Challenges to Implementing Its Financial 
Management Strategy and Plan: 

DHS has developed certain elements for its financial management 
strategy and plan for moving forward with its financial system 
integration efforts but it faces significant challenges in completing 
and implementing its strategy. DHS has defined its vision for the TASC 
program, which is to consolidate and integrate departmentwide mission- 
essential financial, acquisition, and asset management systems, by 
providing a seamless, real-time, Web-based system to execute mission- 
critical, end-to-end integrated business processes. DHS has also 
established several major program goals for the TASC program which 
include, but are not limited to: 

* creating and refining end-to-end standard business processes and a 
standard line of accounting; 

* supporting timely, complete, and accurate financial management and 
reporting; 

* enabling DHS to acquire goods and services of the best value that 
ensure that the department's mission and program goals are met; and: 

* enabling consolidated asset management across all components. 

DHS officials stated that the strategy for the TASC program is to 
acquire a COTS-based system already configured and being used at a 
federal entity as a starting point for the department's efforts. This 
approach differs from other financial management system implementation 
efforts we have reviewed in which an agency first acquired a COTS 
product and then performed the actions necessary to configure the 
product to meet the agency's specific requirements.[Footnote 12] 

Our review found that the strategy being taken by DHS does not contain 
the elements needed to evaluate whether the acquired system will 
provide the needed functionality or meet users' needs. For example, it 
does not require DHS to (1) perform an analysis of the current 
processes to define the user requirements to be considered when 
evaluating the various systems, (2) perform a gap analysis[Footnote 13] 
before the system is selected,[Footnote 14] and (3) assess the extent 
to which the COTS-based system used at another agency has been 
customized for the respective federal entities. Studies have shown that 
when an effective gap analysis was not performed, program offices and 
contractors later discovered that the selected system lacked essential 
capabilities. Furthermore, adding these capabilities required expensive 
custom development and resulted in cost and schedule overruns that 
could have been avoided.[Footnote 15] Without a comprehensive strategy 
and plan for the TASC program that considers these issues, DHS risks 
implementing a financial management system that will be unnecessarily 
costly to maintain. 

DHS Has Recently Developed a Concept of Operations for the TASC 
Program: 

The January 2009 request for proposal states that the selected 
contractor will be required to provide a concept of operations for the 
TASC program. This concept of operations is expected to provide an 
operational view of the new system from the end users' perspective and 
outline the business processes as well as the functional and technical 
architecture for their proposed systems. In October 2009, DHS officials 
provided us with a concept of operations for the TASC program and they 
stated that the document was prepared in accordance with the Institute 
of Electrical and Electronics Engineers (IEEE) standards.[Footnote 16] 
However, it is unclear how the DHS-prepared concept of operations 
document will relate to the selected contractor's concept of operations 
document called for in the request for proposal. 

According to the IEEE standards,[Footnote 17] a concept of operations 
is a user-oriented document that describes the characteristics of a 
proposed system from the users' viewpoint. A concept of operations 
document also describes the operations that must be performed, who must 
perform them, and where and how the operations will be carried out. DHS 
needs to develop a concept of operations that is based on a vision 
statement, outlined in the TASC strategy, and the enterprise 
architecture. The concept of operations for the TASC program should, 
among other things, 

* define how DHS's day-to-day financial management operations are and 
will be carried out to meet mission needs, 

* clarify which component and departmentwide systems are considered 
financial management systems, 

* include a transition strategy that is useful for developing an 
understanding of how and when changes will occur, 

* develop an approach for obtaining reliable information on the costs 
of its financial management systems investments, and: 

* link DHS's concept of operations for the TASC program to its 
enterprise architecture. 

A completed concept of operations prior to issuance of the request for 
proposal would have benefited the offerors in developing their 
proposals so that they could identify and propose systems that more 
closely align with DHS's vision and specific needs. 

DHS Has Not Fully Incorporated Disciplined Processes into the TASC 
Program: 

While DHS has draft risk management, project management, and 
configuration management plans, DHS officials told us that other key 
plans relating to these disciplined processes generally considered to 
be best practices will not be completed until after the TASC contract 
is awarded. These other plans include the requirements management, 
[Footnote 18] data conversion and system interfaces,[Footnote 19] 
quality assurance, and testing plans.[Footnote 20] Offerors were 
instructed in the latest request for proposal to describe their 
testing, risk management, and quality assurance approaches as well as 
component migration and training approaches. The approaches proposed by 
the selected contractor will become the basis for the preparation of 
these plans. While we recognize that the actual development and 
implementation of these plans cannot be completed until the TASC 
contractor and system have been selected, it will be critical for DHS 
to ensure that these plans are completed and effectively implemented 
prior to moving forward with the implementation of the new system. 

Disciplined processes represent best practices in systems development 
and implementation efforts that have been shown to reduce the risks 
associated with software development and acquisition efforts to 
acceptable levels and are fundamental to successful system 
implementations. The key to having a disciplined system development 
effort is to have disciplined processes in multiple areas, including 
project planning and management, requirements management, configuration 
management, risk management, quality assurance, and testing. Effective 
processes should be implemented in each of these areas throughout the 
project life cycle because change is constant. Effectively implementing 
the disciplined processes necessary to reduce project risks to 
acceptable levels is hard to achieve because a project must effectively 
implement several best practices, and inadequate implementation of any 
one may significantly reduce or even eliminate the positive benefits of 
the others. 

As we have previously reported, other agencies' business transformation 
efforts have failed because of a lack of commitment to disciplined 
processes. For example, we reported[Footnote 21] in 2005 that the 
Navy's failure to adhere to requirements management contributed to a 
largely wasted investment of approximately $1 billion in four pilots of 
enterprise resource planning (ERP)[Footnote 22] solutions. Because the 
pilots would not meet its overall requirements, the Navy started over 
and developed a new ERP system to standardize the Navy's business 
processes across its dispersed organizational environment.[Footnote 23] 

DHS Has Not Yet Identified All Business Processes Needing Reengineering 
and Standardization across the Department: 

Although DHS has identified nine end-to-end business processes[Footnote 
24] that will be addressed as part of the TASC program, the department 
has not identified all of its existing business processes that will be 
reengineered and standardized as part of the TASC program. It is 
important for DHS to identify all of its business processes so that the 
department can analyze the offerors' proposed systems to assess how 
closely each of these systems aligns with DHS's business processes. 
Such an analysis would position DHS to determine whether a proposed 
system would work well in its future environment or whether the 
department should consider modifying its business processes. Without 
this analysis, DHS will find it challenging to assess the difficulties 
of implementing the selected system to meet DHS's unique needs. 

For the nine processes identified, DHS has not yet begun the process of 
reengineering and standardizing those processes. DHS has asked offerors 
to describe their proposed approaches for the standardization of these 
nine processes to be included in the TASC system. According to an 
attachment to the TASC request for proposal, there will be additional 
unique business processes or subprocesses, beyond the nine standard 
business processes identified, within DHS and its components that also 
need to be supported by the TASC system. For DHS's implementation of 
the TASC program, reengineering and standardizing these unique business 
processes and subprocesses will be critical because the department was 
created from 22 agencies with disparate processes. A standardized 
process that addresses, for example, the procurement processes at the 
U.S. Coast Guard, FEMA, and the U.S. Secret Service, as well as the 
other DHS components, is essential when implementing the TASC system 
and will be useful for training and ensuring the portability of staff. 

DHS Has Not Yet Developed Plans for Migrating the New System to Its 
Components: 

Although DHS officials have stated that they plan to migrate the new 
system first to its smaller components and have recently provided a 
high-level approach the department might use, DHS has not outlined a 
conceptual approach or plan for accomplishing this goal throughout the 
department. Instead, DHS has requested that TASC offerors describe 
their migration approaches for each of the department's components, as 
well as data conversion, overall migration strategy, training approach, 
and staffing. 

While the actual migration approach will depend on the selected system 
and events that occur during the TASC program implementation, critical 
activities include (1) developing specific criteria requiring component 
agencies to migrate to the new system rather than attempting to 
maintain legacy business systems; (2) defining and instilling new 
values, norms, and behaviors within component agencies that support new 
ways of doing work and overcoming resistance to change; (3) building 
consensus among customers and stakeholders on specific changes designed 
to better meet their needs; and (4) planning, testing, and implementing 
all aspects of the migration of the new system. For example, a critical 
part of a migration plan for the new system would describe how DHS will 
ensure that the data currently in legacy systems are fully prepared to 
be migrated to the new system. 

An important element of a migration plan is the prioritizing of the 
conversion of the old systems to the new systems. For example, a FEMA 
official stated that the agency has not replaced its outdated financial 
management system because it is waiting for the implementation of the 
TASC program. However, in the interim, FEMA's auditors are repeatedly 
reporting weaknesses in its financial systems and reporting, an 
important factor to be considered by DHS when preparing its migration 
plan. Because of the known weaknesses at DHS components, it will be 
important for DHS to prioritize its migration of components to the new 
system and address known weaknesses prior to migration where possible. 
Absent a comprehensive migration strategy, components within DHS may 
seek other financial management systems to address their existing 
weaknesses. This could result in additional disparate financial 
management systems instead of the integrated financial management 
system that DHS needs. 

DHS Has Begun Hiring, but Has Not Developed a Human Capital Plan for 
the TASC Program: 

While DHS's RMTO has begun recruiting and hiring employees and 
contractors to help with the TASC program, the department has not 
identified the gaps in needed skills for the acquisition and 
implementation of the new system. DHS officials have said that the 
department is unable to determine the adequate staff levels necessary 
for the full implementation of the TASC program because the integrated 
solution is not yet known; however, as of May 2009, the department had 
budgeted 72 full-time equivalents (FTE)[Footnote 25] for fiscal year 
2010. The 72 FTEs include 38 government employees and 34 contract 
employees, (excluding an IV&V contractor). DHS officials told us that 
this level of FTEs may be sufficient for the first deployments of the 
new system. 

In its comments dated November 16, 2009, DHS stated that RMTO staff 
included the following: 1 level III program manager, 13 project 
management professionals, 14 certified contracting officer technical 
representatives, 3 certified public accountants, 5 level II program 
managers, and 5 level I program managers. In addition, according to 
RMTO officials, the OCFO and some of DHS's larger components, such as 
U.S. Immigration and Customs Enforcement have dedicated staff to work 
on the TASC program. Moreover, as stated in its agency comments, DHS 
plans to continue to build the capabilities within RMTO. 

Many of the department's past and current difficulties in financial 
management and reporting can be attributed to the original stand-up of 
a large, new, and complex executive branch agency without adequate 
organizational expertise in financial management and accounting. Having 
a plan that includes sufficient human resources with the requisite 
training and experience to successfully implement a financial 
management system is critical to the success of the TASC program. 

Planned TASC Implementation Efforts Pose Unnecessary Risks: 

While updating the status of the six prior recommendations, we 
identified two issues that pose unnecessary risks to the success of the 
TASC program. These risks are DHS's significant reliance on contractors 
to define and implement the new system and the lack of independence of 
DHS's V&V function[Footnote 26] for the TASC program. 

Significant Reliance Placed on Contractors to Define and Implement the 
TASC Program: 

The department plans to have the selected contractor prepare a number 
of key documents including plans needed to carry out disciplined 
processes, define additional business processes to be standardized, and 
propose a migration approach. However, DHS has not developed the 
necessary contractor oversight mechanisms to ensure that its 
significant reliance on contractors for the TASC program does not 
result in an unfavorable outcome. 

Other systems acquisition and implementation efforts that have placed 
too much reliance on contractors have resulted in systems efforts 
plagued with serious performance and management problems. For example, 
regarding the U.S. Coast Guard's Deepwater Program,[Footnote 27] we 
reported[Footnote 28] that the Commandant of the U.S. Coast Guard 
stated in April 2007 that the U.S. Coast Guard had relied too heavily 
on contractors to do the work of the government and that both industry 
and government had failed to accurately predict and control costs. The 
Commandant announced improvements to program management and oversight 
that would "change the course of Deepwater." The major change was that 
the U.S. Coast Guard took over the lead role in systems integration. As 
part of this shift to an acquisition managed and controlled by the U.S. 
Coast Guard, the Commandant noted his plan to build a government 
workforce to manage this large acquisition, citing the dearth of 
federal contracting expertise and a loss of focus on critical 
government roles and responsibilities for managing and overseeing 
systems acquisitions such as Deepwater.[Footnote 29] 

Moreover, in a recent report,[Footnote 30] DHS's Office of Inspector 
General (OIG) reported that CBP had not established adequate controls 
and effective oversight of contract workers responsible for providing 
Secure Border Initiative (SBI) program support services. Given the 
department's aggressive SBI program schedule and shortages of program 
managers and acquisition specialists, CBP relied on contractors to fill 
the staffing needs and get the program under way. However, CBP had not 
clearly distinguished between roles and responsibilities that were 
appropriate for contractors and those that must be performed by 
government employees. CBP also had not provided an adequate number of 
contracting officer's technical representatives (COTR) to oversee 
support services contractors' performance. As a result, according to 
the OIG report, contractors were performing functions that should have 
been performed by government workers. According to the OIG, this heavy 
reliance on contractors increased the risk of CBP relinquishing its 
responsibilities for SBI program decisions to support contractors, 
while remaining responsible and accountable for program outcomes. 

Verification and Validation (V&V) Review Function for the TASC Program 
Was Not Independent: 

We found that DHS's V&V contractor was not an independent reviewer 
because RMTO was responsible for overseeing the contractor's work and 
authorizing payment of the V&V invoices. Specifically, the V&V 
contractor was reporting on work of RMTO, the program manager for the 
TASC program, and the RMTO Director was serving as the COTR[Footnote 
31] for the V&V contract. As part of the COTR's responsibilities, RMTO 
approved the V&V contractor's invoices for payment. On October 21, 
2009, DHS officials indicated that they had restructured the V&V 
contract to address our concerns by changing the reporting relationship 
and the organization that is responsible for managing the V&V contract. 
However, at that time, these officials did not provide us with 
documentation to support this reorganization. The independence of the 
V&V contractor is a key component of a reliable verification and 
validation function. 

Use of the V&V function is a recognized best practice for large and 
complex system development and acquisition projects, such as the TASC 
program. The purpose of the V&V function is to provide management with 
objective insight into the program's processes and associated work 
products. For example, the V&V contractor would review system strategy 
documents that provide the foundation for the system development and 
operations. According to industry best practices, the V&V activity 
should be independent of the project and report directly to senior 
management to provide added assurance that reported results on the 
project's status are unbiased.[Footnote 32] An effective V&V review 
process should provide an objective assessment to DHS management of the 
overall status of the project, including a discussion of any existing 
or potential revisions to the project with respect to cost, schedule, 
and performance. The V&V reports should identify to senior management 
the issues or weaknesses that increase the risks associated with the 
project or portfolio so that they can be promptly addressed. DHS 
management has correctly recognized the importance of such a function; 
however, to be effective, the V&V function should be performed by an 
entity that is technically, managerially, and financially independent 
of the organization in charge of the system development, or 
acquisition, or both that it is assessing. 

Conclusions: 

Six years after the department was established, DHS has yet to 
implement a departmentwide, integrated financial management system. DHS 
receives billions of taxpayer dollars and continues to need a financial 
management systems solution that will help it overcome its financial 
management deficiencies, while strengthening its ability to meet 
programmatic and mission needs. DHS has started, but not completed 
implementation of the six recommendations we made in June 2007, aimed 
at helping the department to reduce risk to acceptable levels, while 
acquiring and implementing an integrated departmentwide financial 
management system. We reaffirm the open recommendations from our prior 
report, as they continue to be vital to the success of the TASC 
program. In addition, as DHS moves toward acquiring and implementing a 
departmentwide financial management system, it has selected a path 
whereby it is relying heavily on contractors to define and implement 
the TASC program. Therefore, adequate DHS oversight of key elements of 
the system acquisition and implementation will be critical to reducing 
risk. Given the approach that DHS has selected, it will be critical 
that DHS develop oversight mechanisms to minimize risks associated with 
contractor-developed documents such as the concept of operations, 
migration plans, and plans associated with a disciplined development 
effort including requirements management plans, quality assurance 
plans, and testing plans. Another important factor will be having the 
right people with the right skills to acquire and implement the system. 
Moreover, independence of DHS's V&V function is important to provide 
objective information to key decision makers. In closing, DHS faces a 
monumental challenge in consolidating and modernizing its financial 
management systems. Failure to minimize the risks associated with this 
challenge could lead to the department developing a system that does 
not meet cost, schedule, and performance goals. 

Recommendations for Executive Action: 

To mitigate the risks of heavy reliance on contractors for acquiring 
and implementing an integrated departmentwide financial management 
system, we recommend that the Secretary of Homeland Security take the 
following seven actions: 

* Direct RMTO to expedite the completion of the development of the TASC 
financial management strategy and plan so that the department is well 
positioned to move forward with an integrated solution. 

* Identify the business processes needing standardization to facilitate 
implementation of the new system. 

* Establish contractor oversight mechanisms to monitor the TASC 
program. Such oversight mechanisms should emphasize the following 
critical elements for guiding and implementing the TASC program: 

- completion of the concept of operations to guide the acquisition and 
implementation of the integrated solution; 

- development and implementation of disciplined process plans, such as 
those for requirements management, data conversion and system 
interfaces, quality assurance, and testing to minimize the risks 
associated with systems acquisition and implementation efforts; and: 

- completion of migration plans, including consideration of existing 
financial management weaknesses, to determine the order in which the 
new system will be implemented in the components. 

- Develop a human capital plan for the TASC program that identifies 
needed skills for the acquisition and implementation of the new system. 

- Designate a COTR for the IV&V contractor that is not in RMTO, but at 
a higher level of departmental management, in order to achieve the 
independence needed for the V&V function. 

Agency Comments and Our Evaluation: 

We received written comments on a draft of this report from the DHS 
Acting Chief Financial Officer, which are reprinted in appendix I. In 
commenting on the report, the department agreed with our 
recommendations and appreciated that GAO had recognized that progress 
on addressing certain recommendations will not be made until after the 
contract award. The department agreed that it must be vigilant and 
disciplined in its oversight and management of major acquisition 
projects, such as the TASC program, to ensure their success. Regarding 
our recommendation to designate a COTR for the verification and 
validation contractor that is independent of RMTO, DHS noted in its 
comments that it had taken immediate actions to do so. On November 18, 
2009 DHS provided us with documentation confirming that the new COTR 
was independent of RMTO. We are encouraged that DHS acted so 
expeditiously to address this recommendation. DHS also described 
actions it has taken and plans to take regarding our other 
recommendations. We are particularly concerned that some of the actions 
DHS described in its comments may not fully address the recommendations 
we made related to the concept of operations document and the financial 
management strategy. 

In its comments, DHS stated that the department has developed a robust 
concept of operations in accordance with the IEEE standard, as 
recommended by GAO. DHS also acknowledges in its comments that the 
concept of operations document will need to be updated when the system 
is acquired to include system-specific information. Further, as we 
discussed in the report, DHS has also asked the selected contractor to 
provide a concept of operations document for the TASC program, so it is 
unclear which concept of operations document will ultimately be used to 
implement the program. 

With respect to our recommendation that DHS complete the development of 
a financial management strategy and plan, in commenting on the report, 
DHS stated that it has a clearly defined strategy and plan to move 
forward with its financial management systems integration efforts. 
However, we take exception with this statement because as we stated 
earlier in the report, the approach being taken by DHS does not contain 
the elements needed to evaluate whether the acquired system will 
provide the needed functionality or meet users' needs. For example, one 
of the most critical missing elements in DHS's strategy and plan is the 
gap analysis. DHS does not plan to perform a gap analysis before the 
system is selected. When an effective gap analysis is not performed, 
program offices and contractors have later discovered that the selected 
system lacked essential capabilities. Further this strategy does not 
consider the current business processes needed to define the user 
requirements to be considered when evaluating the various systems. As a 
result, DHS cannot determine with any certainty which of the 
department's current business processes that must be reengineered until 
the configured system is selected. By selecting an already configured 
system from another federal entity, the department is also purchasing 
the other entity's reengineered processes, which may or may not address 
the DHS's mission and component needs. 

DHS also provided technical comments on a draft of this report that we 
have incorporated throughout the report, as appropriate. 

We are sending copies of this report to the appropriate congressional 
committees, the Secretary of Homeland Security, and other interested 
parties. The report is available at no charge on the GAO Web site at 
[hyperlink, http://www.gao.gov]. 

If you or your staff have any questions about this report or wish to 
discuss the matter further, please contact Kay L. Daly at (202) 512- 
9095 or dalykl@gao.gov or Nabajyoti Barkakati at (202) 512-4499 or 
barkakatin@gao.gov. Contact points for our Offices of Congressional 
Relations and Public Affairs may be found on the last page of this 
report. Other key contributors include Chris Martin, Senior Level 
Technologist; Chanetta Reed, Assistant Director; Sandra Silzer; and 
Michael Grimes. 

Signed by: 

Kay L. Daly: 
Director: 
Financial Management and Assurance: 

Signed by: 

Nabajyoti Barkakati: 
Director: 
Center for Technology and Engineering: 

List of Congressional Addressees: 

The Honorable David E. Price: 
Chairman: 
The Honorable Harold Rogers: 
Ranking Member: 
Subcommittee on Homeland Security: 
Committee on Appropriations: 
House of Representatives: 

The Honorable Susan M. Collins: 
Ranking Member: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

The Honorable Bennie G. Thompson: 
Chairman: 
Committee on Homeland Security: 
House of Representatives: 

The Honorable Robert C. Byrd:
Chairman:
The Honorable George V. Voinovich:
Ranking Member:
Subcommittee on Homeland Security:
Committee on Appropriations:
United States Senate: 

The Honorable Thomas R. Carper: 
Chairman: 
Subcommittee on Federal Financial Management, Government Information, 
Federal Services, and International Security: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

[End of section] 

Appendix I: Comments from the Department of Homeland Security: 

U.S. Department of Homeland Security: 
Washington, DC 20528: 
[hyperlink, http://www.dhs.gov] 

November 16, 2009: 

Ms. Kay L. Daly: 
Director: 
Financial Management and Assurance: 
U.S. Government Accountability Office: 
441 G Street, NW: 
Washington, DC 20548: 

Thank you for the opportunity to review and comment on the draft 
Government Accountability Office's (GAO) report GAO-10-76, Financial 
Management Systems: DHS Faces Challenges to Successfully Consolidate 
Its Existing Disparate Systems. 

The Department of Homeland Security (DHS) appreciates the guidance and 
oversight that GAO has provided to strengthen the Transformation and 
Systems Consolidation (TASC) program and looks forward to working 
collaboratively with the GAO to successfully consolidate, modernize, 
and integrate the Department's financial and business systems. The 
Department agrees with the GAO recommendations and continues to make 
significant progress against them, such as taking immediate action to 
ensure the independence of the Verification and Validation function. 
The Department appreciates that GAO recognizes progress on addressing 
certain recommendations will not be made until after contract award. 
However, the Department agrees it must be vigilant and disciplined in 
its oversight and management of major acquisition projects, such as 
TASC, to ensure their success. 

Attached is a summary of the actions DHS has taken and plans to take to 
continue to address the GAO recommendations. I appreciate the continued 
support GAO has shown the Department and look forward to working with 
you to make the TASC program a success. If you have any questions, 
please feel free to contact me at (202) 447-5751. 

Sincerely, 

Signed by: 

Peggy Sherry: 
Acting Chief Financial Officer: 

Enclosure: 

[End of letter] 

Following is a summary of the actions taken and planned to continue to 
address the GAO recommendations discussed in the draft report GAO-10-
76, Financial Management Systems: DHS Faces Challenges to Successfully 
Consolidate Its Existing Disparate Systems. 

The purpose of the Transformation and Systems Consolidation (TASC) 
project is to provide a Department-wide integrated financial, 
acquisition and asset management system solution with standardized 
business processes using a common DHS accounting structure. DHS plans 
to procure a system solution that is operational in the federal space 
and complies with the Financial Systems Integration Office (FSIO) 
standard business processes. DHS is in the process of acquiring the 
system solution and is on target to select a vendor by the second 
quarter of fiscal year (FY) 2010. This project will enhance mission 
support and improve the Department's ability to report accurate and 
timely financial data. 

Recommendation 1: Clearly define and document a department-wide 
financial management strategy and plan to move forward with its 
financial management system integration efforts. 

Response: DHS has a clearly defined strategy and plan to move forward 
with its financial management systems integration, articulated in 
multiple business planning documents as required by the DES System 
Engineering Lifecycle and Acquisition Review Board processes. For 
example, the TASC Mission Needs Statement documents the DHS need to 
take action to resolve serious shortfalls in our ability to 
consistently and accurately track and report on our resources; the TASC 
Operational Requirements Document (ORD) describes the operational 
performance and related operational parameters for a consolidated 
system solution. Additionally, the TASC Request for Proposals (RFP) 
Statement of Objectives clearly describes the strategy for implementing 
the TASC solution. The solution demonstration step of the proposal 
evaluation process was a key part of our strategy to ensure the 
solution will meet DHS requirements, support our business processes, 
and mitigate the risks associated with significant system 
customizations. The acquisition strategy is to award a five-year 
indefinite delivery, indefinite quantity contract with five option 
years to migrate to and support a consolidated system solution. The DHS 
Chief Financial Officer (CFO) will centrally fund Component migrations, 
lead the business process standardization groups to include internal 
controls and the standard accounting line, and oversee organizational 
change management. 

Recommendation 2: Develop a comprehensive concept of operations 
document. 

Response: The Department acknowledges the importance of a well-written 
Concept of Operations (ConOps) that describes the characteristics of 
the system from the viewpoint of the user. DHS has developed a robust 
ConOps, following the Institute of Electrical and Electronics Engineers 
standard. As recommended by GAO, the TASC ConOps includes: 

* an overview of current and future day-to-day financial management, 
acquisition and asset operations; 

* discussion of current Component systems and the process that will be 
followed in implementing the system solution; 

* a discussion of the roles of the stakeholders involved throughout the 
process; 

* a notional time and schedule for phased migration to the TASC 
solution; and; 

* costs for current financial management systems. 

The ConOps establishes the overarching framework for the proposed 
solution and allows for the inclusion of further system-specific 
information once a solution is selected. The description of the 
proposed system incorporates extensive component user input and is 
comprised of operational scenarios for the proposed solution. The 
overview of the proposed system in the ConOps also aligns with 
requirements included in the RFP. To maintain a full and open 
competition, the ConOps could not be tailored to a specific system 
solution. The Resource Management Transformation Office (RMTO) serves 
as the Program Management Office (PMO) for DHS and will update the 
ConOps as needed during the system engineering life cycle, beginning 
after contract award. 

Recommendation 3: Utilize and implement these specific disciplined 
processes to minimize project risk: (1) requirements management, (2) 
testing, (3) data conversion and system interfaces, (4) risk 
management, (5) configuration management, (6) project management, and 
(7) quality assurance. 

Response: The CFO agrees the success of TASC is predicated on having a 
disciplined set of processes from requirements management to quality 
assurance. DHS has begun to take action to establish specific 
disciplined processes but additional work is required once the system 
solution is selected. The following are specific areas where progress 
has been made: 

* Developed a governance plan and program management office charter, 
which define the decision making and change control processes for the 
program; 

* Completed a Component engagement toolkit that defines a clear and 
replicable engagement process with Components; 

* Continuing to define the FSIO compliant business standardization 
processes; 

* Developing a standard accounting structure using the common 
government-wide accounting classification elements; and; 

* Completed the component systems architecture and inventory discovery 
activities that describe the process for engaging Components in 
understanding their core financial, asset, and acquisition systems' 
enterprise architecture. 

RMTO will develop additional processes for testing and configuration 
management at later stages in the project life cycle. RMTO has hired a 
full time, government Configuration Manager for the TASC effort. The 
TASC initiative is supported by seasoned leadership with extensive 
experience in systems migrations and data conversion. RMTO is 
leveraging extensive lessons learned from financial management system 
implementations at other Federal agencies. Additionally, since TASC 
will be implemented in a phased migration approach, DHS will build upon 
the successes and lessons learned with each subsequent migration and 
will refine its repeatable methodology for each migration. DHS will use 
lessons learned to refine contractor requirements in each subsequent 
task order. 

Recommendation 4: Reengineer business processes and standardize them 
across the department, including applicable internal control. 

Response: DHS has several efforts underway to make progress on this 
recommendation. The Department has identified nine end-to-end business 
processes that represent the full lifecycle of FSIO compliant core 
financial, asset and acquisition management processes. Component-
specific business processes, gathered during the various phases prior 
to and during the TASC acquisition process, will he addressed through 
the detailed analysis prior to component migration. Additionally, the 
Department has identified and initiated a comprehensive common 
Government-wide Accounting Classification (CGAC) working group to 
develop a standard DHS accounting line structure. The extensive work 
done by the DHS Internal Controls PMO will be incorporated. The 
proposed system solution must support these processes, which serve as 
the core departmental financial management functions. Additionally, as 
detailed in the TASC Business Process Standardization document, teams 
from across DHS will work together to review and reengineer, as needed, 
these nine processes, and standardize them for Department-wide 
implementation. These processes will align to FSIO's process standards 
and FSIO system requirements. 

DHS has compared current component processes to the standard FSIO 
processes and has begun identifying and resolving gaps. Additional 
analysis is needed after the system solution is selected. Internal 
controls are a focal point of TASC as the proposed systems must follow 
OMB Circular A-123 objectives with system-controlled segregation of 
duties to safeguard against unauthorized use or misappropriation. A-123 
objectives include providing effectiveness and efficiency of 
operations, reliability of financial reporting with transaction-level 
detail, and compliance with applicable laws and regulations, such as 
Federal Managers' Financial Integrity Act (FMFIA). 

Recommendation 5: Develop a detailed plan for migrating and 
consolidating various DHS components to an internal shared services 
approach if this approach is sustained. 

Response: DHS acknowledges the importance of developing a detailed 
migration strategy which prioritizes component migrations to the system 
solution and addresses known weaknesses prior to migration. The 
Department has created a phased notional migration schedule and 
conceptual migration approach and priorities. Once the system solution 
is selected, the Department will update its notional schedule to create 
a comprehensive migration schedule that aligns with the chosen 
solution. Additionally, the TASC PMO developed a Component Engagement 
Toolkit to map out a clear and repeatable engagement process with 
Components, the PMO, CFO and Chief Information Officer (CIO). The PMO 
team is leveraging the Toolkit to create Component Integrated Project 
Teams to identify TASC partners in each Component and prepare 
Components for the data clean-up and project planning work that will 
occur. 

Recommendation 6: Carefully consider key human capital practices as DHS 
moves forward with its financial management transformation efforts so 
that the right people with the right skills are in place at the right 
time. 

Response: The Department agrees with this recommendation and recognizes 
that a strong, well-structured PMO is critical to implementing and 
succeeding in financial management systems transformation. GAO 
identified the need to ensure necessary contractor oversight mechanisms 
are in place. Among other things, DHS learned from the eMerge2 program, 
as well as other efforts, that diligent monitoring of contractor 
performance with clearly defined deliverables is necessary for the 
success of this project. As a result, DHS has taken steps to ensure 
adequate staffing, including putting in place a team of full-time 
federal employees with expertise in project management, systems 
accounting, change management, acquisition management, business 
intelligence, accounting services and systems to successfully manage 
TASC. 

While a contractor will be engaged to support the migration and 
operations of the system solution, RMTO is responsible for setting 
requirements and performance standards, and for actively monitoring and 
overseeing contract execution. RMTO will monitor the contractor's 
performance in several ways. First, contract task order requirements 
will be established up front and will be performance based where the 
successful execution of each task will be evaluated and managed against 
established performance metrics. Each individual task order will begin 
with a pre-task order award meeting which identifies clear deliverables 
and measurements for success and end with a post-task order assessment. 

Task orders will be monitored using standard practices such as a 
Quality Assurance Surveillance Plan (QASP), Earned Value Management 
Systems reports (EVMS), Service Level Agreements (SLAs), monthly 
reporting, monthly invoices and task order close out reports. The QASP 
defines acceptable quality levels and surveillance methodology that the 
government will use to evaluate contractor performance. The government 
will use monthly EVMS reports to track costs and schedule against work 
completed. RMTO will also use FSIO performance metrics in defining SLAs 
and measuring contractor performance. RMTO has taken a proactive 
approach to planning for contractor management and plans to continue to 
build the capabilities within the PMO. 

To help build the right program office management structure, the 
recommendations of an independent third party assessment of the PMO 
structure was incorporated into staffing plans. Currently, RMTO staff 
includes the following: one Level III Program Manager, thirteen Project 
Management Professionals, fourteen Certified Contracting Officer 
Technical Representatives, three Certified Public Accounts, five Level 
II Program Managers, and five Level I Program Managers. 

[End of section] 

Footnotes: 

[1] GAO, High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: January 
2009). 

[2] GAO, Homeland Security: Despite Progress, DHS Continues to Be 
Challenged in Managing Its Multi-Billion Dollar Annual Investment in 
Large-Scale Information Technology Systems, [hyperlink, 
http://www.gao.gov/products/GAO-09-1002T] (Washington, D.C.: Sept. 15, 
2009). 

[3] The eMerge2project was expected to establish the strategic 
direction for migration, modernization, and integration of DHS's 
financial, accounting, procurement, personnel, asset management, and 
travel systems, processes, and policies. 

[4] Statement by Scott Charbo, Chief Information Officer, and Eugene 
Schied, Deputy Chief Financial Officer, Department of Homeland 
Security, March 29, 2006. 

[5] GAO, Homeland Security: Departmentwide Integrated Financial 
Management Systems Remain a Challenge, [hyperlink, 
http://www.gao.gov/products/GAO-07-536] (Washington, D.C.: June 21, 
2007), and Homeland Security: Transforming Departmentwide Financial 
Management Systems Remains a Challenge, [hyperlink, 
http://www.gao.gov/products/GAO-07-1041T] (Washington, D.C.: June 28, 
2007). 

[6] Disciplined processes represent best practices in systems 
development and implementation efforts that have been shown to reduce 
the risks associated with software development and acquisition efforts 
to acceptable levels and are fundamental to successful system 
implementations. 

[7] The use of the term "acceptable levels" acknowledges the fact that 
any systems acquisition has risks and can suffer the adverse 
consequences associated with defects. 

[8] The mandate is in House Report No. 110-862, Homeland Security 
Appropriation Bill, 2009, (H.R. 6947), Title I, Departmental Management 
and Operations, Financial System Transformation, at p. 21 (Sept. 18, 
2008). 

[9] GAO, Financial Management Systems: DHS Faces Challenges to 
Successfully Consolidate Its Existing Disparate Systems, [hyperlink, 
http://www.gao.gov/products/GAO-10-210T] (Washington, D.C.: Oct. 29, 
2009). 

[10] Oracle Federal Financials was already in use within the U.S. Coast 
Guard, the Transportation Security Administration, and the Domestic 
Nuclear Detection Office. SAP was already in use within U.S. Customs 
and Border Protection. 

[11] [hyperlink, http://www.gao.gov/products/GAO-07-536]. 

[12] GAO, Business Modernization: Improvements Needed in Management of 
NASA's Integrated Financial Management Program, [hyperlink, 
http://www.gao.gov/products/GAO-03-507] (Washington, D.C.: Apr. 30, 
2003), and DOD Business Systems Modernization: Navy ERP Adherence to 
Best Business Practices Critical to Avoid Past Failures,[hyperlink, 
http://www.gao.gov/products/GAO-05-858] (Washington, D.C.: Sept. 29, 
2005). 

[13] A gap analysis is an evaluation performed to identify the gaps 
between needs and system capabilities. 

[14] Software Engineering Institute, Rules of Thumb for the Use of COTS 
Products, CMU/SEI-2002-TR-032 (Pittsburgh: December 2002). 

[15] Department of Defense, Commercial Item Acquisition: Considerations 
and Lessons Learned (Washington, D.C., June 26, 2000). 

[16] IEEE Guide for Information Technology - System Definition - 
Concept of Operations (ConOps) Document, Standard 1362-1998. 

[17] IEEE Standard 1362-1998. 

[18] According to the Software Engineering Institute, requirements 
management is a process that establishes a common understanding between 
the customer and the software project manager regarding the customer's 
business needs that will be addressed by a project. A critical part of 
this process is to ensure that the requirements development portion of 
the effort documents, at a sufficient level of detail, the problems 
that need to be solved and the objectives that need to be achieved. 

[19] Data conversion is defined as the modification of existing data to 
enable them to operate with similar functional capability in a 
different environment. 

[20] Testing is the process of executing a program with the intent of 
finding errors. 

[21] [hyperlink, http://www.gao.gov/products/GAO-05-858]. 

[22] An ERP solution is an automated system using COTS software 
consisting of multiple, integrated functional modules that perform a 
variety of business-related tasks such as payroll, general ledger 
accounting, and supply chain management. 

[23] As we later reported, the Navy had later effectively implemented 
an important requirements management activity, traceability, in its 
ERP. 

[24] These nine processes are Request to Procure, Procure to Pay, 
Acquire to Dispose, Bill to Collect, Record to Report, Budget 
Formulation to Execution, Grants Management, Business Intelligence 
Reporting, and Reimbursable Management. 

[25] According to Office of Management and Budget guidance, an FTE or 
work year generally includes 260 compensable days or 2,080 hours. These 
hours include straight-time hours only and exclude overtime and holiday 
hours. 

[26] Institute of Electrical and Electronics Engineers Standard 1012- 
2004--Standard for Software Verification and Validation (June 8, 2005) 
states that the verification and validation processes for projects are 
used to determine whether (1) the products of a given activity conform 
to the requirements of that activity and (2) the software satisfies its 
intended use and user needs. This determination may include analyzing, 
evaluating, reviewing, inspecting, assessing, and testing software 
products and processes. The verification and validation processes 
should assess the software in the context of the system, including the 
operational environment, hardware, interfacing software, operators, and 
users. 

[27] The Deepwater Program, using a system-of-systems approach, is 
intended to recapitalize the U.S. Coast Guard's fleet and includes 
efforts to build or modernize five classes each of ships and aircraft 
and procure other key capabilities. 

[28] GAO, Coast Guard: Change in Course Improves Deepwater Management 
and Oversight, but Outcome Still Uncertain, [hyperlink, 
http://www.gao.gov/products/GAO-08-745] (Washington, D.C.: June 24, 
2008). 

[29] U.S. Coast Guard leadership has increased accountability by 
bringing the Deepwater Program in-house and restructuring its 
acquisition function and vesting its government project managers with 
responsibilities formally held by the system integrator. U.S. Coast 
Guard project managers are now responsible for defining, planning, and 
executing the acquisition projects within established cost, schedule, 
and performance constraints. 

[30] Department of Homeland Security, Office of Inspector General, 
Better Oversight Needed of Support Services Contractors in Secure 
Border Initiative Programs, OIG-09-80 (Washington, D.C., June 17, 
2009). 

[31] COTRs are responsible for monitoring the contractors' progress in 
fulfilling the technical requirements specified in the contracts. COTRs 
often approve invoices submitted by contractors for payment. 

[32] To provide this objective evidence, V&V contractors analyze, 
evaluate, review, inspect, assess, and test software products and 
processes. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: