This is the accessible text file for GAO report number GAO-11-146 entitled 'Employment Verification: Federal Agencies Have Taken Steps to Improve E-Verify, but Significant Challenges Remain' which was released on January 18, 2010. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to the Subcommittee on Social Security, Committee on Ways and Means, House of Representatives: December 2010: Employment Verification: Federal Agencies Have Taken Steps to Improve E-Verify, but Significant Challenges Remain: GAO-11-146: GAO Highlights: Highlights of GAO-11-146, a report to the Subcommittee on Social Security, Committee on Ways and Means, House of Representatives. Why GAO Did This Study: E-Verify is a system to electronically verify work eligibility and operated by the Department of Homeland Security’s (DHS) U.S. Citizenship and Immigration Services (USCIS) and the Social Security Administration (SSA). GAO testified in June 2008 that ensuring accuracy and combating fraud were challenges facing E-Verify. As requested, GAO examined the extent to which USCIS and SSA took efforts to (1) reduce tentative nonconfirmations (TNC) and E-Verify’s vulnerability to fraud, (2) safeguard employee personal information, and (3) prepare for possible mandatory use by all employers nationwide. GAO reviewed key policy and procedural documents, interviewed relevant DHS and SSA officials, and conducted site visits to three states selected, in part, based on employer types. What GAO Found: Since GAO last testified in June 2008, USCIS has taken several steps to improve the accuracy of the E-Verify system, including expanding the number of databases queried through E-Verify and instituting quality control procedures. As a result, USCIS data indicate that E- Verify immediately confirmed about 97.4 percent of almost 8.2 million newly hired employees as work authorized during fiscal year 2009, compared to 92 percent from fiscal year 2006 to the second quarter of fiscal year 2007. However, E-Verify errors persist. Also, if an authorized employee’s name is recorded differently on various authorizing documents, the E-Verify system is to issue a TNC for the employee. Because such TNCs are more likely to affect foreign-born employees, they can lead to the appearance of discrimination. USCIS has not disseminated information to employees advising them of the importance of consistently recording their names on documentation provided to employers, and doing so could help USCIS reach its goal to ensure data accuracy. Furthermore, E-Verify remains vulnerable to identity theft and employer fraud. Resolving these issues will be important in combating fraud in the employment verification process. USCIS has taken steps to minimize risks to the privacy of personal information for new employees who are processed through E-Verify by, among other things, publishing privacy notices for the E-Verify program. However, employees are limited in their ability to identify the source of and how to correct information in DHS databases that may have led to an erroneous TNC. To identify and access the source of the incorrect data, employees must use methods such as Privacy Act requests, which, in fiscal year 2009, took on average 104 days. DHS officials acknowledged that the current process for employees to correct their personal records could be improved and said they are discussing ways to provide employees with better access to relevant information. By developing procedures that could enable employees to effectively correct any inaccurate personal information, DHS components could help employees avoid receiving erroneous TNCs. USCIS and SSA have taken actions to prepare for possible mandatory implementation of E-Verify for all employers nationwide by addressing key practices for effectively managing E-Verify system capacity and availability and coordinating with each other in operating E-Verify. However, USCIS’s lifecycle cost estimates for E-Verify do not reliably depict current costs (i.e., do not include all costs associated with maintaining and operating E-Verify) and SSA’s estimates do not consider the risk associated with changes in SSA’s E-Verify workload. Without DHS developing reliable life cycle cost estimates for E- Verify, and SSA assessing the risk associated with its E-Verify workload, the agencies are at increased risk of not securing sufficient resources to effectively execute program plans in the future. What GAO Recommends: GAO recommends, among other things, that USCIS disseminate information to employees on the importance of consistently recording their names, DHS components develop procedures to help employees correct inaccurate personal information, USCIS develop reliable cost estimates for E- Verify, and SSA assess risks associated with its E-Verify workload costs. DHS and SSA generally agreed with most of GAO’s recommendations. SSA disagreed that it should assess risks associated with its workload costs because it believes it already does so. GAO believes the recommendation is valid because SSA’s risk estimate has limitations as discussed in the report. View [hyperlink, http://www.gao.gov/products/GAO-11-146] or key components. For more information, contact Richard M. Stana at (202) 512-8777 or stanar@gao.gov. [End of section] [Refer to PDF for image] [End of figure] Contents: Letter: Background: USCIS and SSA Reduced TNCs, but the Accuracy of E-Verify Continues to Be Limited by Inconsistent Recording of Both Employees' Names and Fraud: USCIS Has Taken Several Actions to Address Employer Noncompliance but Remains Limited in Its Ability to Identify and Prevent Employer Misuse: DHS Has Instituted Employee Privacy Protections for E-Verify, but Resolving Erroneous TNCs and FNCs and Combating Discrimination Can Be Challenging: USCIS and SSA Have Taken Actions to Prepare for Mandatory Implementation of E-Verify by Adopting Practices for Effectively Managing E-Verify System Capacity, but They Face Challenges in Estimating Costs: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Objectives, Scope, and Methodology: Appendix II: The Fair Information Practice Principles: Appendix III: Comments from the Department of Homeland Security: Appendix IV: Comments from the Social Security Administration: Appendix V: GAO Contact and Staff Acknowledgments: Tables: Table 1: USCIS Initiatives to Reduce TNCs: Table 2: Effective Practices for Capacity Management and Planning and the Extent to Which USCIS and SSA Have Addressed Each Practice: Table 3: GAO's Characteristics of a Reliable Cost Estimate: Table 4: Fair Information Practice Principles: Figures: Figure 1: The E-Verify Process for Employees Attesting to Be U.S. Citizens on the Form I-9: Figure 2: The E-Verify Process for Employees Attesting to Be Non-U.S. Citizens on the Form I-9: Figure 3: E-Verify Results for Fiscal Year 2009: Abbreviations: CBP: U.S. Customs and Border Protection: CRCL: Office for Civil Rights and Civil Liberties: DHS: Department of Homeland Security: FNC: final nonconfirmation: ICE: U.S. Immigrations and Customs Enforcement: IRCA: Immigration Reform and Control Act of 1986: IT: information technology: MOU: memorandum of understanding: Numident: Numerical Identification File: OIG: Office of the Inspector General: OMB: Office of Management and Budget: OSC: Office of Special Counsel for Immigration-Related Unfair Employment Practices: SSA: Social Security Administration: TNC: tentative nonconfirmation: USCIS: U.S. Citizenship and Immigration Services: VIS: Verification Information System: [End of section] United States Government Accountability Office: Washington, DC 20548: December 17, 2010: The Honorable Earl Pomeroy: Acting Chairman: The Honorable Sam Johnson: Ranking Member: Subcommittee on Social Security: Committee on Ways and Means: House of Representatives: The opportunity for employment is one of the most powerful magnets attracting immigrants to the United States. There were approximately an estimated 11 million unauthorized immigrants living in the country in early 2009, and an estimated 7.8 million of them, or about 70 percent, were in the labor force, according to the Pew Hispanic Center. Congress, the administration, and states have taken various actions to better ensure that those who work here have appropriate work authorization and to safeguard jobs for authorized employees. Nonetheless, opportunities remain for unscrupulous employers to hire unauthorized workers and for unauthorized workers to fraudulently obtain employment even when employers seek to hire an authorized workforce. Immigration experts believe that as long as opportunities for employment exist, the incentive to enter the United States illegally or to overstay visas will persist and efforts to prevent illegal entry at U.S. borders will be undermined. Immigration experts have noted that deterring illegal immigration requires, among other things, a more reliable employment eligibility verification process and a more robust worksite enforcement capacity. To enhance efforts to verify employment eligibility, an electronic employment authorization system now known as E-Verify was created in 1997 by the former U.S. Immigration and Naturalization Service as the result of statutory direction. E-Verify is a free, largely voluntary, Internet-based system operated by the Verification Division of U.S. Citizenship and Immigration Services (USCIS), a component within the Department of Homeland Security (DHS), in conjunction with the Social Security Administration (SSA).[Footnote 1] E-Verify provides employers a tool for detecting common types of fraudulent identity documents. The goals of E-Verify are to (1) reduce the employment of individuals unauthorized to work, (2) reduce discrimination, (3) protect employee civil liberties and privacy, and (4) prevent undue burden on employers. Pursuant to a 2007 Office of Management Budget (OMB) directive, all federal agencies are required to use E-Verify on their new hires and, as of September 8, 2009, certain federal contractors and subcontractors are required to use E-Verify for both newly hired employees working in the United States as well as existing employees working directly under the contract.[Footnote 2] In addition, a number of states have enacted laws or issued executive orders mandating that some or all employers within the state use E-Verify on new hires. From October 2009 through August 2010, E-Verify processed approximately 14.9 million queries from nearly 222,000 participating employers. In August 2005, we reported that E-Verify was unable to detect identity fraud and ensure employer compliance with the program's rules.[Footnote 3] In June 2008, we testified that USCIS and SSA had taken actions to enhance the E-Verify program but continued to face challenges.[Footnote 4] One challenge was related to USCIS's ability to reduce instances in which work authorized employees are not automatically confirmed by E-Verify. This situation could occur for several reasons, such as employees not updating their naturalization status in SSA databases in a timely manner or not informing SSA of a change in name. For the purposes of this report, we collectively refer to these situations--as well as those in which employers inadvertently make errors in data entry when making E-Verify queries, in which employees provide inconsistent personal information to government agencies, and in which government databases contain errors unrelated to an employer's or employee's action--as erroneous tentative nonconfirmations (TNC).[Footnote 5] Another challenge was related to USCIS's ability to detect the use of fraudulent and stolen identity documents, and identify and curb employer fraud and misuse of the program. We also testified that mandatory implementation of E-Verify would place increased demands on USCIS's and SSA's resources. An evaluation report issued by the Westat Corporation (Westat) in December 2009 stated, among other things, that E-Verify could not detect identity fraud in the majority of cases where unauthorized workers presented their employers with valid documents that were stolen or borrowed.[Footnote 6] To address these and other issues, legislators and immigration experts have proposed a variety of potential solutions, including the creation and implementation of an alternative employment eligibility system to replace E-Verify. Other proposals have included adding biometric information or personal identity numbers to E-Verify to prevent identity fraud, and creating a database that would enable individuals to self-verify their employment eligibility prior to obtaining or changing employment. In response to your request that we review the E-Verify program, we examined the progress that USCIS and SSA have made since we testified in June 2008. Specifically, we examined the extent to which: * USCIS has reduced the incidence of TNCs and E-Verify's vulnerability to fraud, * USCIS has improved its ability to monitor and ensure employer compliance with E-Verify program policies and procedures, * USCIS has provided safeguards for employees' personal information in E-Verify and enabled employees to correct inaccurate information, and: * USCIS and SSA have taken steps to prepare for mandatory E-Verify implementation. To address our first objective, we analyzed our previous reports on E- Verify, as well as reports by other federal agencies and immigration policy organizations. We interviewed senior officials at the State Department and the American Association of Motor Vehicle Administrators regarding sharing information with USCIS. We reviewed videos developed by USCIS's Verification Division, the division overseeing the E-Verify program, and DHS's Office for Civil Rights and Civil Liberties (CRCL) that explain how to resolve TNCs, and SSA documentation intended to assist employees with name and citizenship changes. We analyzed data on the results of E-Verify cases for fiscal year 2009. We interviewed senior E-Verify program officials at USCIS's Verification Division and SSA officials about their procedures for ensuring data quality in the E-Verify transaction database and Numerical Identification File (Numident), respectively.[Footnote 7] Based on our analysis, we determined that these data were sufficiently reliable for the purposes of our report. We also reviewed an E-Verify evaluation released by Westat in December 2009. Although the data were subject to various sources of error, which Westat acknowledged, we believe Westat's approach was appropriate and produced credible estimates of the accuracy of E-Verify. To address our second objective, we analyzed E-Verify standard operating procedures, the E-Verify tutorial and mastery test, documentation on E-Verify educational activities, and USCIS's staffing model and training plan for its Monitoring and Compliance Branch. We conducted interviews with senior DHS officials in USCIS, U.S. Immigration and Customs Enforcement (ICE), and CRCL, as well as in the Office of Special Counsel for Immigration-Related Unfair Employment Practices (OSC) within the Department of Justice's Civil Rights Division to determine what procedures were in place to address and sanction employer noncompliance with E-Verify program rules, and the extent to which the agencies were coordinating with one another to address employer noncompliance. We also analyzed an interagency agreement between USCIS and ICE, and reviewed previous GAO reports that discussed practices for evaluating the effectiveness of training and development programs. To address our third objective, we analyzed documentation from USCIS, including procedures for resolving DHS-related TNCs. We conducted interviews with privacy officials at USCIS to determine what, if any, challenges exist in resolving these TNCs. We assessed the extent to which USCIS's privacy policies and documents for the E-Verify program were consistent with DHS's Fair Information Practice Principles. We reviewed SSA's processes for resolving TNCs and SSA staff's use of the automated response system for TNCs (EV-STAR) to determine how they affect employment authorization decisions. We also analyzed an interagency agreement between USCIS and OSC to determine the extent to which the agencies are coordinating to address discrimination issues related to employer use of E-Verify. We interviewed officials from DHS's Privacy Office and CRCL and from OSC to discuss their roles and responsibilities for assisting employees in dealing with issues related to civil rights and civil liberties, specifically privacy and discrimination, and their efforts to coordinate with USCIS on E-Verify issues. We also interviewed senior officials at SSA to discuss SSA's processes for resolving TNCs and recording decisions into E-Verify. To address our fourth objective, we assessed USCIS's and SSA's existing system capacity requirements and life cycle cost estimates and SSA's workload estimates. We compared documentation on the agencies' processes and procedures for managing and planning system capacity and availability with widely accepted industry practices. [Footnote 8] To determine the reliability of USCIS's and SSA's cost estimates, and their ability to predict future costs in the case of mandatory implementation, we interviewed senior program officials at both agencies and analyzed the derivation of the cost estimates relative to four characteristics of a reliable cost estimate as defined in our Cost Estimating and Assessment Guide.[Footnote 9] For each characteristic, we computed an average score that indicated the extent to which the agencies met that characteristic of a reliable cost estimate. We also performed analyses on SSA's TNC database to determine the validity of SSA's calculations for its workload estimates, and determined that the calculations were valid. To gain a better understanding of how E-Verify is implemented in some states and of users' experiences with E-Verify, we conducted site visits to three states with E-Verify laws--Colorado, North Carolina, and Arizona. We selected these states based on the length of time each state's E-Verify law had been in effect, the range of employer types covered by the law, and geographic dispersion. On these site visits, we interviewed state officials responsible for overseeing implementation of the state E-Verify law, representatives and employers from eight industry associations and four state and local chambers of commerce, representatives from eight immigrant advocacy groups, and E-Verify users from two state universities[Footnote 10]. While the views provided are not generalizable, they provided us with additional perspectives on the benefits and challenges associated with the E-Verify program. In each state, we also interviewed selected (1) SSA regional and field office representatives to obtain information on the effect of use of E-Verify in that state on SSA field office workloads and (2) ICE regional and field office representatives to determine ICE's role in assisting USCIS with E-Verify education, outreach, and employer compliance. (See appendix I for additional details on our scope and methodology.) We conducted this performance audit from June 2009 through December 2010 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Background: Legislative History: The Immigration Reform and Control Act of 1986 (IRCA) made it illegal for employers to knowingly hire immigrants who were unauthorized to work in the United States.[Footnote 11] IRCA established an employment verification process--the Form I-9 process--that required employers to review documents presented by new employees to establish their identity and employment eligibility.[Footnote 12] Employers are required to certify that they have reviewed the documents presented by their employees and that the documents reasonably appear genuine and relate to the individual presenting them. Like all employers, employers participating in E-Verify are required to retain Form I-9s for all newly hired employees in accordance with IRCA. IRCA provides penalties or sanctions against employers that knowingly violate the law. ICE is responsible for enforcing IRCA's employer sanctions provisions. IRCA also prohibits employers from discriminating against employees based on their citizenship or immigration status or national origin. OSC is responsible for enforcing IRCA's antidiscrimination provisions. Employer Use of E-Verify: To participate in E-Verify, employers are required to have access to basic office equipment, including a computer and printer, as well as Internet access with a secure Web browser. To use E-Verify, an employer is required to register as a user and sign a Memorandum of Understanding (MOU) with DHS agreeing to follow the program's rules. [Footnote 13] By signing the MOU, the employer agrees, among other things, to use the system only for new hires--or, in the case of federal contractors, to use the system both for new hires and for existing employees assigned to a federal contract--post a notification that the employer is an E-Verify participant, and verify the employment eligibility of new hires within 3 business days after the employee begins work.[Footnote 14] The MOU also requires employers to comply with antidiscrimination requirements and prohibits employers from prescreening job applicants through E-Verify prior to hiring them, selectively choosing to verify or not verify new hires based on their citizenship status or national origin, or taking any adverse action against employees who choose to contest a TNC. Employers who register with E-Verify are required to take the E-Verify tutorial and pass the mastery test before submitting information into the system. Employers participating in E-Verify are required to enter information from the employee's Form I-9 into E-Verify, which is a secure, USCIS- run Web-based interface. E-Verify is then to route the information to the appropriate data sources to determine employment eligibility. All information related to E-Verify transactions is stored in the Verification Information System (VIS), USCIS's centralized database for E-Verify. For citizens, information from the employee's Form I-9 is first checked against SSA's Numident database.[Footnote 15] If there is a match, the system is to instantly notify the employer that the employee is eligible to work. If there is no match, the system is designed to instantly request that the employer check for possible input errors and, if the employer makes no changes, the system is to automatically check USCIS's naturalization databases to verify the employee's citizenship status. For employees who present a United States passport as identification for the Form I-9, E-Verify is to automatically check the TECS database, which is operated by DHS's U.S. Customs and Border Protection (CBP).[Footnote 16] TECS is a law enforcement database that among other things, stores information on U.S. passport holders. If the passport data in TECS and the information recorded on the employee's passport do not match, the system is to issue a TNC for the employee. If the employee provides identity information other than that from a passport--such as a driver's license--and this information does not match either SSA's or DHS's data, then the system is also to issue a TNC. In both instances, the system is to transmit the TNC finding to the employer, which notifies the employee of the TNC. An employer is required to inform the employee of the TNC in writing by providing a system-generated notice of the finding and the employee's right to contest it. Employees can choose whether to contest a TNC, and if an employee decides to contest it, the employer must electronically refer the TNC case in E-Verify to either SSA or DHS and provide the employee with an additional system-generated referral letter, indicating the specific agency--SSA or DHS---the employee should contact to contest the TNC. Once the employer refers the case to the appropriate agency, the employee has 8 federal working days to initiate contact with the agency. Employees who do not initiate contact with SSA or DHS to resolve their TNC within 8 federal business days are to receive a final nonconfirmation (FNC). The E-Verify process for those attesting to be U.S. citizens on their Form I-9s is depicted in figure 1. Figure 1: The E-Verify Process for Employees Attesting to Be U.S. Citizens on the Form I-9: [Refer to PDF for image: illustration] 1) Employer enters new employee information from the Form I-9 into the E-Verify Web interface. 2) System attempts to match Form I-9 data with SSA database. Is there a match? If yes, go to #4; If no, go to #3. 3) SSA Pre-TNC check conducted. Is there a match? If yes, go to #4; If no, go to #7. 4) Based on Form I-9 data, can citizenship status be verified? If yes, go to #6; If no, go to #5. 5) USCIS naturalization databases automatically checked. Is citizenship status verified? If yes, go to #6; If no, and passport is not presented with Form I-9, go to #8. If no, and passport is presented with Form I-9 and pastport data, go to #7. 6) Confirmed work authorized. 7) CBP database with U.S. passport information is automatically checked. Is citizenship status verified? If yes, go to #6. If no, go to #8. 8) TNC issued. Does employee resolve TNC with SSA? If yes, go to #6. If no, go to #9. 9) If U.S. citizenship status is not confirmed, employee given option to call DHS. Does employee contact DHS? If yes, go to #10; If no, go to #12. 10) USCIS management program analyst compares employee data with various data sources. Is citizenship status verified? If yes, go to #6; If no, go to #11. 11) Case referred back to SSA. Go to #8. 12) SSA final nonconfirmation. Sources: GAO analysis of E-Verify’s procedures for verifying work authorization for U.S. citizens; and Art Explosion (clipart). [End of figure] For noncitizens, information from the employee's Form I-9 is first checked against SSA's Numident database and, if there is a match, E- Verify is to route the information to DHS databases to determine if DHS granted employment authorization to the employee.[Footnote 17] If DHS data verify the employee's information, then E-Verify is to instantly notify the employer that the employee is eligible to work. For noncitizens who show a Permanent Resident ("green") card or employment authorization document as proof of identity and employment eligibility, the system is to transmit a digitally stored photograph of the employee to the employer.[Footnote 18] It is the employer's responsibility to determine whether the photograph provided by the employee matches the electronic photograph provided by E-Verify. If the employer determines that the photograph on the document provided by the employee matches the electronic photograph transmitted by E- Verify, then the employer is to input this decision into E-Verify, and E-Verify is to issue an employment authorized finding. If the employer determines that the photographs do not match, the employer is to input this decision into E-Verify, and the system is to issue a TNC. If DHS's data (for example, the employee's name) do not match the employee information that the employer entered into E-Verify, E-Verify is to instantly request that the employer check for possible input errors. If the employer makes no changes to the information previously submitted, the information is sent to a USCIS management program analyst to manually query other DHS databases and determine if the employee is eligible to work. If the analyst cannot confirm the employee's work eligibility, E-Verify is to issue a TNC and transmit the TNC finding to the employer. An employer is required to inform the employee in writing by providing a system-generated notice of the TNC finding and the employee's right to contest it. As stated above, employees can choose whether to contest the TNC, and if an employee decides to contest it, the employer must electronically refer the TNC case in E-Verify to SSA or DHS and provide the employee with an additional system-generated referral letter that indicates the specific agency the employee should contact to contest the TNC. Once the employer electronically refers the case to the appropriate agency in E-Verify, employees have 8 federal working days to initiate contact with either agency. Employees who do not initiate contact with either SSA or DHS to resolve their TNC with SSA within 8 business days are to receive a FNC.[Footnote 19] The E-Verify process for those attesting to be non-U.S. citizens on Form I-9 is depicted in figure 2. Figure 2: The E-Verify Process for Employees Attesting to Be Non-U.S. Citizens on the Form I-9: [Refer to PDF for image: illustration] 1) Employer enters new employee information from the Form I-9 into the E-Verify Web interface. 2) SSA: System attempts to match Form I-9 data with SSA database. Is there a match? If yes, go to #3; If no, go to #7. 3) UCSIS: System compares Form I-9 data with DHS databases. Is there a match? If yes, go to #4; If no, go to #9. 4) USCIS: Eligible for photo matching. If yes, go to #5; If no, go to #6. 5) USCIS: Is there a photo match? If yes, go to #6; If no, go to #11. 6) USCIS: Confirmed work authorized. 7) SSA: SSA pre-TNC check conducted. Is there a match? If yes, go to #3; If no, ho to #8. 8) SSA: SSA TNC issued. Does employee resolve TNC with SSA? If yes, go to #3; If no, go to #12. 9) USCIS: DHS Pre-TNC check conducted. Is there a match? If yes, go to #4; If no, go to #10. 10) USCIS: USCIS management program analyst checks other DHS databases. Is there a match? If yes, go to #6; If no, go to #11. 11) USCIS: DHS TNC issued. Does employee resolve TNC with USCIS? If yes, go to #6; If no go to #12. 12) Final nonconfirmation. Sources: GAO analysis of E-Verify’s procedures for verifying work authorization for non-U.S. citizens; Art Explosion (clipart). [End of figure] For an employee who does not initiate contact with SSA or DHS within the 8 federal working days allowed for resolving a TNC, the system is to issue a FNC and the employer is expected to promptly terminate the employee's employment. Employers may not take any adverse action against an employee on the basis of a TNC, such as limiting work assignments or pay or terminating the employee while the employee is attempting to resolve any inaccuracies in his or her records. USCIS and SSA Coordination for E-Verify Operation: The fiscal year 2010 DHS Appropriations Act reauthorized the E-Verify program through September 30, 2012, and provided USCIS $137 million for program operations.[Footnote 20] Pursuant to a reimbursable agreement, at the beginning of each fiscal year, USCIS pays SSA the costs for maintaining its system operations, as well as the projected costs for assisting employees with resolving TNCs. At the end of each fiscal year, SSA and USCIS reconcile any differences between actual costs and estimates, and SSA is to return any unspent funds to USCIS. USCIS provides SSA estimates of anticipated transaction volumes to help SSA estimate its future costs for operating E-Verify. In fiscal year 2009, USCIS reimbursed SSA approximately $21.6 million for operating E-Verify, $14 million of which was for SSA developing a new operating environment specifically designed for use by E-Verify. This system, known as the Isolated Environment, processes E-Verify transactions against a copy of SSA's Numident database, and allows SSA to isolate its processing of E-Verify cases from its mission-critical workloads, such as processing disability or retirement claims. Recent Studies on E-Verify: Since our June 2008 testimony, USCIS contracted with Westat for an independent evaluation of E-Verify, which was issued in December 2009. [Footnote 21] Westat analyzed E-Verify transaction data for April through June 2008 to determine how many employees were authorized to work, received a TNC, or received an FNC. Westat concluded that USCIS had decreased the time for employers to process cases through E-Verify and reduced the percentage of erroneous TNCs.[Footnote 22] However, USCIS continued to face challenges in detecting most cases of identity fraud, especially for unauthorized employees who used the legitimate documentation of employment-authorized persons, and in ensuring employer compliance with E-Verify procedures. In January 2010, the SSA Office of the Inspector General (OIG) reported on SSA's use of E-Verify.[Footnote 23] Based on 9,311 new hires for fiscal year 2008 through March 31, 2009, the OIG reported that SSA did not use E-Verify to confirm the employment eligibility of 1,767 (19 percent) of the new hires, 54 of which were new hires who transferred from other federal agencies with no break in federal employment, and according to SSA staff, were not required to be verified through E-Verify. Of the 7,544 new hires processed through E- Verify, SSA did not comply with the 3-day time requirement for verifying all new hires' employment eligibility. The OIG also reported that SSA verified the employment eligibility of 26 employees who were not new hires but had applied for new positions within the agency, 31 volunteers who were not federal employees, and 18 job applicants who SSA did not hire. All of these practices are prohibited by the MOU that employers sign when registering for E-Verify. To help SSA better comply with E-Verify procedures, the OIG recommended, among other things, that SSA confirm the employment eligibility of the 1,713 new hires through E-Verify and establish guidance to remind staff of the requirements of the E-Verify MOU. SSA told us that the agency has taken steps to address the OIG's recommendations. First, SSA personnel offices verified those employees not initially verified under E-Verify to ensure that the agency was in compliance with applicable policies [Footnote 24]. In March 2010, SSA also sent guidance to each regional SSA field office to remind staff to follow E-Verify policy regarding verifying all new hires, conducting verification queries within 3 business days, and prohibiting the verification of existing SSA employees and SSA volunteers. SSA also provided its regional field offices with two E-Verify videos developed by DHS to provide a variety of scenarios regarding information on employer responsibilities and workers' rights related to the Form I-9 and the use of E-Verify. USCIS and SSA Reduced TNCs, but the Accuracy of E-Verify Continues to Be Limited by Inconsistent Recording of Both Employees' Names and Fraud: USCIS has reduced TNCs from 8 percent during the time period June 2004 through March 2007 to almost 2.6 percent in fiscal year 2009 by expanding the number of databases queried through E-Verify and instituting quality control procedures to address data entry errors. However, erroneous TNCs related to name inconsistencies, such as employees' names recorded differently on various authorizing documents, remain an issue. Erroneous TNCs resulting from such inconsistencies can create the appearance of discrimination because of their disparate impact on certain cultural groups. USCIS has taken some actions to address cases of document fraud, but E-Verify continues to remain vulnerable to identity theft and employer fraud. USCIS Has Reduced the Number of TNCs and Enhanced System Efficiencies to Better Allow Employees to Resolve TNCs: USCIS has reduced TNCs from 8 percent during the time period June 2004 through March 2007 to almost 2.6 percent in fiscal year 2009. USCIS data indicate that about 97.4 percent of almost 8.2 million newly hired employees were immediately confirmed as work authorized by E- Verify during fiscal year 2009, compared to 92 percent during June 2004 through March 2007. This represents a 5.4 percentage point increase in immediate confirmations and, in turn, a 5.4 percentage point decrease in TNCs. As shown in figure 3, in fiscal year 2009, about 2.6 percent or over 211,000 of newly hired employees received either a SSA or USCIS TNC, including about 0.3 percent who were determined to be work eligible after they contested a TNC and resolved errors or inaccuracies in their records, and about 2.3 percent, or about 189,000, received an FNC because their employment eligibility status remained unresolved. The approximately 2.3 percent who received an FNC consisted of both unauthorized employees and authorized employees who chose not to contest their TNCs, among others. However, USCIS was unable to determine how many of these employees (1) were authorized employees who did not take action to resolve a TNC because they were not informed by their employers of their right to contest the TNC, (2) independently decided not to contest the TNC, or (3) were not eligible to work. Figure 3: E-Verify Results for Fiscal Year 2009: [Refer to PDF for image: pie-chart] Percentage of employees automatically confirmed as work authorized: 97.4%; Percentage of employees receiving final nonconfirmations: 2.3%; Percentage of employees who receive TNCs later confirmed as work authorized: 0.3%. Source: GAO analysis of DHS data. [End of figure] USCIS has reduced TNCs and increased E-Verify accuracy by expanding the number of databases that E-Verify can query and instituting quality control procedures to screen for data entry errors. For example, as we testified in June 2008, USCIS implemented the Naturalization Phase I enhancement, which automatically checks USCIS naturalization databases before E-Verify issues an SSA TNC because of a citizenship status mismatch. According to USCIS, this reduced the number of SSA TNCs for naturalized citizens by about 35 percent in fiscal year 2009.[Footnote 25] In addition to what we reported in our June 2008 testimony, USCIS has undertaken three other initiatives to reduce the number of erroneous TNCs. Table 1 presents information on the nature and the results of these initiatives. Table 1: USCIS Initiatives to Reduce TNCs: Initiative: Pre-TNC check; Description: In September 2007, USCIS released an enhancement to E- Verify that automatically requires employers to double check their entry of employee information into E-Verify if the system determines that the employee is not work authorized; Results reported by USCIS[A]: Reduced TNCs by 36 percent from October 2007 to August 2010. Initiative: Passport data; Description: In December 2008, USCIS and the State Department signed an MOU to reduce SSA mismatches because of citizenship status for employees who present their U.S. passports as evidence of employment eligibility. If employees present their passport as identification for the Form I-9, E-Verify will automatically check their passports against passport records to determine citizenship status. USCIS began using passport data to reduce citizenship mismatches in February 2009; Results reported by USCIS[A]: Prevented about 65,426 erroneous TNCs from occurring from February 2009 through August 2010. Initiative: Record matching initiative; Description: In December 2009, USCIS added a quality control capability that enables E-Verify to recognize European date format and common clerical errors of transposed visa and passport numbers; Results reported by USCIS[A]: Prevented about 1,914 erroneous TNCs from occurring from December 2009 through August 2010. Source: USCIS. [A] We reviewed USCIS's E-Verify transaction database from which USCIS generated these statistics and found the data sufficiently reliable for reporting purposes. [End of table] USCIS and SSA have taken additional actions to try to increase the accuracy of the E-Verify system. For example: * In fiscal year 2009, working with USCIS, SSA added language to USCIS's A Guide to Naturalization, a booklet that is given to individuals at the naturalization ceremony, to emphasize the importance of visiting the local SSA office to report a change in citizenship status. Among other things, the booklet notes the importance of updating citizenship status for employment authorization purposes, as well as updating any name changes.[Footnote 26] * DHS is in the planning stages of developing a data-sharing initiative, called DHS Autocards, to update SSA's Numident database with information from DHS databases on foreign-born individuals who change citizenship status. Through DHS Autocards, it is anticipated that USCIS will electronically transmit data (including immigration status updates) to SSA for individuals who apply for immigration benefits at offices within the United States. This transmittal is to be done only with an individual's consent. According to SSA, DHS Autocards should reduce visits to SSA field offices and improve the integrity of SSA's replacement card process by sending information directly to SSA from USCIS. Inaccuracies and Inconsistencies in Recording Employees' Names Continue to Produce Erroneous TNCs: Erroneous TNCs occur, in part, because of inaccuracies and inconsistencies in how personal information is recorded on employee documents, in government databases, or both. For example, personal information in employee documents may differ from that in government databases if, for example, employees naturalize or marry or divorce and change their names without informing SSA or DHS of the name change. Additionally, employees' personal information may be inaccurate if the first or last name is incorrectly spelled in government databases or on identification documents. Further, individuals from certain cultural groups, such as those of Hispanic or Arab origin, may have multiple surnames that are recorded differently on their naturalization documents than on their Social Security cards. Such names could be recorded in a different order on the two documents, or one document may contain all the surnames while the other document may contain an abbreviated version of the surnames. Erroneous TNCs resulting from such inconsistencies can create the appearance of discrimination because of their disparate impact on certain cultural groups. According to USCIS, of 22,512 TNCs resulting from name mismatches in fiscal year 2009, approximately 76 percent, or 17,098, were for citizens, and approximately 24 percent, or 5,414, were for noncitizens. Using USCIS's and SSA's estimates that about 60 million queries would be generated annually under E-Verify if the program were made mandatory for new hires nationwide, about 164,000 citizens and noncitizens would receive a name-related TNC each year. However, this number would greatly increase if E-Verify were made mandatory for all employees nationwide and not just new hires[Footnote 27]. USCIS reported that it has contracted with Westat to conduct a study on the effect of complex names, name order, and hyphenated names on E-Verify TNCs. [Footnote 28] In our site visits, 5 of 25 employers commented that TNCs are more likely to occur in situations where Hispanic employees have hyphenated or multiple surnames.[Footnote 29] In these situations, employers are sometimes uncertain which name to enter into the E-Verify fields calling for an employee's first name, last name, and maiden name. USCIS has included information on its Web site to help employers enter hyphenated names to reduce the incidence of erroneous TNCs. Senior E-Verify program officials stated that providing information to employees about how name-related TNCs occur and how to prevent them may help decrease the incidence of these types of erroneous TNCs. They stated that they may consider addressing this issue as they move forward with the E-Verify program, but did not specify how they would do this. USCIS has some mechanisms in place to help employees with the work authorization process, such as guidance on the E-Verify Web site, but the agency does not provide information on how to prevent a name- related TNC. USCIS and DHS's CRCL, the organization responsible for providing policy advice to DHS leadership on civil rights and civil liberties issues, developed a video that provides information to employees about how to resolve a name-related TNC. The video also provides viewers with some reasons for why TNCs occur, such as a name change due to marriage or errors in government databases, but does not specifically discuss ways to prevent them.[Footnote 30] In addition, DHS's A Guide to Naturalization makes clear that name changes have an effect on employment authorization, but it does not specify how name changes specifically relate to the E-Verify process. Furthermore, according to SSA officials, some SSA field office staff attend naturalization ceremonies to help newly naturalized citizens update their information in SSA databases, including citizenship status or name changes, but presence at these ceremonies is not required. Standards for Internal Control in the Federal Government states that agency management should ensure that there are adequate means of communicating with external stakeholders that may have a significant impact on the agency's goals.[Footnote 31] USCIS could better position employees to avoid an erroneous TNC if USCIS disseminated information to employees on the importance of providing consistent name information to employers, SSA, and DHS and on how to record their names consistently. Information could be disseminated, for example, through efforts such as (1) conducting outreach through CRCL's instructional video for employees, (2) incorporating language into DHS's A Guide to Naturalization, and (3) disseminating information at naturalization ceremonies. Disseminating information could also help to increase system accuracy consistent with USCIS's goal, by reducing erroneous TNCs.[Footnote 32] E-Verify Remains Vulnerable to Fraud, but USCIS Has Taken Steps to Reduce It: Despite USCIS and SSA's efforts to reduce erroneous TNCs, identity fraud remains a challenge in part because employers may not be able to determine if employees are presenting genuine identity and employment eligibility documents that are borrowed or stolen.[Footnote 33] E- Verify is to confirm all employees as employment authorized as long as the information entered into E-Verify matches DHS and SSA records. E- Verify also cannot detect cases in which an unscrupulous employer assists unauthorized employees by, for example, providing them with legitimate documents or ignoring a mismatch between the photograph that appears on the employee's permanent resident card and DHS's digital photograph of that individual. Of the 97.4 percent of employees who were confirmed as work authorized by E-Verify in fiscal year 2009, USCIS is unable to determine how many employees E-Verify incorrectly confirmed as authorized to work in the United States. Based on statistical models of E-Verify data for the period covering April through June 2008, Westat estimated that 6.2 percent of employees were not authorized to work in the United States, and that slightly over half of these employees were incorrectly confirmed by E- Verify. This may indicate identity theft, employer fraud, or both. USCIS has taken actions to address fraud, most notably with the fiscal year 2007 implementation of the photo matching tool, which seeks to reduce fraud associated with the use of genuine documents in which the original photograph is substituted for another. The photo matching tool places the burden on employers to determine whether the photograph on the employee's permanent resident card or employment authorization document matches the digitally stored photograph within DHS databases. If the employer determines that the photos do not match, E-Verify rules require that the employer indicate in the system that the photographs do not match, the employee is to receive a TNC, and the employee is to be provided with an opportunity to contest the TNC. According to USCIS, from October 2009 to August 2010, there were 393,574 cases that initiated E-Verify's photo matching tool. Of these cases, employers indicated that 1,569 employees' photos did not match. These nonmatch cases resulted in one contested TNC. USCIS told us that it is unable to determine what percentage of the 1,569 cases involves identity fraud because some individuals may not contest their TNC and USCIS does not have additional information on these cases. However, ICE officials in Arizona told us that unscrupulous employers have learned that the photo matching tool accepts only two documents-- permanent resident cards and employment authorization documents, which are heavily protected from tampering and counterfeiting--and, therefore, employers ask employees whom they believe are not work authorized to provide other identity documents that will not trigger the photo matching tool. Senior ICE officials told us that while ICE does not track statistics on documents used to satisfy the Form I-9 requirements, they believe because of the small number of security features on most state driver's licenses, they are becoming increasingly popular for use as documentation for the Form I-9. While employers are not permitted to ask employees to provide specific types of documents for E-Verify under federal law, the ICE officials said that they know of instances in which employers directed employees to provide driver's licenses or other acceptable forms of identification. They said this has led to an increase in the fraudulent use of other documents, which are not part of the photo matching tool. Based on site visit data for October 2007 through June 2008, Westat's 2009 report indicated that driver's licenses were presented as one form of identification in 53 percent of the cases resulting in TNCs. USCIS incorporated passport photographs and seeks to incorporate driver's licenses into the E-Verify database to help address the issue of identity fraud. In September 2010, pursuant to a signed agreement with the State Department, USCIS gained access to photographs of passport holders in State Department records and incorporated these into E-Verify. USCIS has also been negotiating with the Motor Vehicle Association in one state to pilot the use of driver's license data for E-Verify. USCIS reported that this pilot will begin in 2011.[Footnote 34] Because of individual state privacy laws, USCIS said that it has been unable to negotiate with additional states to share driver's license data or photographs. USCIS has also identified additional tools to help combat identity theft. For example, USCIS is planning to develop a program that would allow victims of identity theft to "lock" their Social Security numbers within E-Verify until they need them to obtain employment authorization.[Footnote 35] According to USCIS, this program remains in the planning stages and is expected to be completed from fiscal years 2011 through 2012. Despite these efforts, identity fraud continues to be a challenge for E-Verify as well as for current employment verification processes. We have previously reported that weaknesses in the Form I-9 system, such as difficulty in detecting document and identity fraud and the large number of acceptable documents for proving work eligibility, have undermined the effectiveness of the employment verification process. [Footnote 36] Because E-Verify is an automated system based on the Form I-9, it possesses the same inherent weaknesses. One example of this was demonstrated in an enforcement action taken in December 2006 by ICE against a meat processing plant that participated in E-Verify. During this investigation, ICE found that approximately 1,340 employees--all of whom ICE believes were processed through E-Verify-- were not authorized to work in the United States. Of the 1,340 unauthorized workers, 274 were charged with identity theft, including the use of valid Social Security numbers belonging to others to get jobs. ICE arrested one individual with immigration violation charges related to document fraud through this investigation. To help combat identity fraud, the use of biometrics has been included in proposed legislation before Congress as an element of comprehensive immigration reform. Leading biometric technologies include facial recognition, fingerprint recognition, hand geometry, and iris recognition. These technologies help to create a verifiable link between identity and authorizing documents and supplement the employer's review of documents on the Form I-9. However, implementing a biometric system has its own set of challenges. For example, the costs of biometric technology include the engineering efforts to design, develop, test, and implement the system, as well as the costs to employers for purchasing and maintaining the hardware and software. In some cases employers might not have access to the necessary office equipment to use such technology. In addition, according to CRCL, representatives of civil liberties groups, privacy experts, and government agencies have expressed concerns about issues such as the adequacy of protections for the use of biometric data. These are important issues that policymakers are currently considering. Resolving these issues will be important if this technology is to be effectively implemented in combating identity fraud in the employment verification process. USCIS Has Taken Several Actions to Address Employer Noncompliance but Remains Limited in Its Ability to Identify and Prevent Employer Misuse: Since our June 2008 testimony, USCIS has increased the number of staff for conducting monitoring and compliance activities, but does not yet have the technology to analyze the E-Verify transaction data in a way that would enable USCIS to discern complex patterns in the data that could be indicative of employer misuse. The Monitoring and Compliance Branch expects to implement an advanced data analysis system to support program activities in fiscal year 2012. USCIS's compliance efforts include educational activities designed to assist employers in complying with E-Verify policies and procedures; however, USCIS could take additional actions to determine whether its efforts are effective in reducing employer noncompliance. Furthermore, USCIS does not have the authority to sanction employers for intentional misuse of E- Verify, other than terminating their participation in the program. USCIS is therefore limited in its ability to ensure compliance with E- Verify policies and procedures. Monitoring and Compliance Staffing Has Increased, but the Branch's Data Analytic Capability Is Limited: Since our June 2008 testimony, USCIS has more than doubled the number of monitoring and compliance staff overseeing employers' use of E- Verify. USCIS increased E-Verify monitoring and compliance staff from 21 in April 2008 to 52 in November 2009, and opened a regional office in Buffalo, New York, to house the additional staff. Of this total, 20 staff in headquarters are responsible for identifying behaviors and activities that could be indicative of employer misuse, and 32 staff in the field are responsible for monitoring employers and conducting compliance activities. USCIS's fiscal year 2010 budget provided funding for USCIS to hire an additional 44 E-Verify monitoring and compliance analyst staff during fiscal years 2010 and 2011 to monitor employer use and help ensure employer compliance with E-Verify. According to USCIS's Verification Division Deputy Division Chief, USCIS hired 22 of the 44 analyst staff budgeted for in fiscal year 2010 and plans to hire the additional 22 staff in fiscal year 2011. According to senior E-Verify program officials, plans are underway to open a second regional office in Lincoln, Nebraska, to house the 22 staff budgeted for in fiscal year 2011, as well an additional 58 staff to provide outreach and customer support for E-Verify's monitoring and compliance activities. USCIS has begun to interview candidates for these positions in anticipation of opening the office this fiscal year. Staff in the Monitoring and Compliance Branch's monitoring section are tasked with identifying trends in employer use of E-Verify that may indicate noncompliance with E-Verify. They examine employer behavior by manually reviewing E-Verify transaction data stored in VIS. To identify incidents of noncompliance, monitoring analysts are to look for six employer behaviors.[Footnote 37] Staff in the branch's compliance section are tasked with, among other things, educating noncompliant employers about proper E-Verify use and addressing this noncompliance by sending employers a letter, calling employers, auditing employers' E-Verify documentation, or making visits to employers' worksites. USCIS's fiscal year 2010 goal was to contact 2 percent (or 15,874) of the 793,706 worksites participating in E-Verify to address issues related to employer noncompliance.[Footnote 38] According to senior E-Verify program officials, compliance staff have contacted 16,125 employers in fiscal year 2010, exceeding USCIS's target by 251 contacts. E-Verify program officials reported that the agency has started to measure the number of employers that have adjusted their behavior after receiving a compliance letter or telephone call. They told us that as of August 2010, about 80 percent of these employers had adjusted their behavior in response to a compliance letter or telephone call. However, USCIS was not able to provide us with data to support the estimate. USCIS expects E-Verify compliance activities to increase as USCIS augments its technology for the Monitoring and Compliance Branch because the majority of the monitoring workload will be automated, allowing staff to focus their attention on addressing employer noncompliance. Because the transaction data currently require manual review by monitoring staff, senior E-Verify program officials reported that the Monitoring and Compliance Branch is limited in its ability to fully identify patterns and trends in the data that could signal employers' noncompliance with all of the E-Verify rules. According to senior E- Verify program officials, the branch will have the technical infrastructure to support intended program activities by fiscal year 2012, when improved technology enabling automated analysis of E-Verify transaction data is expected to be implemented.[Footnote 39] Specifically, USCIS is depending on the implementation of an estimated $6 million advanced data system to gain the capability to conduct complex analyses of E-Verify data. USCIS expects this system, known as the Data Analysis System, to automate about 80 percent of the Monitoring and Compliance Branch's workload. USCIS's plans state that the Data Analysis System is to employ algorithms and statistical techniques to identify complex patterns of employer behaviors, such as discrimination and fraud, while automating the detection of simple behaviors. The plans also indicate that the system is to automatically generate contacts with employers, such as e-mails and letters, and record and store these contacts in a central database to maintain auditable data on instances of system misuse. USCIS's Compliance Efforts Include Employer Education, but the Effectiveness of the Efforts Has Not Been Fully Assessed: USCIS conducts educational activities to facilitate employers' compliance with the E-Verify program. However, the agency has not fully assessed the effectiveness of its efforts and therefore is not in the position to know if they have achieved their intended purpose. E-Verify compliance activities are designed to assist employers in better understanding E-Verify procedures and deter them from improper system use and protect employees against related discriminatory practices. The E-Verify tutorial, which all new E-Verify users are required to complete prior to performing any verification, is USCIS's primary educational tool for registered users of E-Verify. Other USCIS mechanisms for educating employers include presentations to interested groups around the country, webinars (online educational sessions), a customer service line to assist employers, publications, and guidance posted on the E-Verify Web site.[Footnote 40] In addition, as noted earlier, USCIS considers compliance actions, such as placing phone calls and sending letters to noncompliant employers, to be educational efforts. USCIS has taken some actions to collect and use information about its E-Verify educational activities. For example, as stated above, USCIS has started to measure the number of employers that have adjusted their behavior after receiving a compliance letter or telephone call. Senior E-Verify program officials also noted that among other things, USCIS's policy branch collects data from E-Verify users by conducting surveys and uses the feedback to make updates, such as editing E- Verify hotline call scripts and modifying E-Verify messages on the Web site. They said that USCIS also tracks the number and types of calls related to the tutorial, and adjusts information posted on the E- Verify Web site to address the questions raised in these calls. Such efforts to collect information can help USCIS improve its approach to educating users about E-Verify and help users become more compliant with E-Verify rules. However, USCIS has not evaluated the extent to which employers understand the information provided in the E-Verify tutorial and therefore is not in the position to make improvements to the tutorial based on systematic information.[Footnote 41] USCIS administers the mastery test to newly registered users who have completed the E-Verify tutorial and stores data on each correct and incorrect response on the test. However, USCIS has not analyzed the test data to determine if there are patterns in the data indicating that users did not understand certain topics in the tutorial. The tutorial provides information on a variety of topics, including how to initiate and close a case, protect employees' personal information, and properly verify employee eligibility through E-Verify, and on the potential consequences associated with discriminatory behavior and other misuse of E-Verify. Users who fail to achieve a passing grade of 70 percent on the multiple choice mastery test are required to review the tutorial and retake the test until they pass. According to senior E- Verify program officials, as of October 2010, USCIS had not analyzed the responses to the mastery test to determine if there were any questions or topic areas that may be consistently problematic to test takers, and whether the tutorial, the mastery test, or both may benefit from revision. USCIS has not done this because, according to senior E-Verify program officials, the computer program used to analyze responses to the test was not able to generate retrievable information on how test takers responded to individual questions. We previously reported that evaluation is an integral part of training and development efforts, and that agencies need to systematically plan for and evaluate the effectiveness of training.[Footnote 42] Employing systematic monitoring and feedback processes can help determine if there are areas in the E-Verify training or the mastery test that warrant revision. Senior E-Verify program officials told us that in response to our raising this issue, they have met with and directed contractor staff to take steps to ensure that information on each response to each test question is retained and analyzed. According to senior E-Verify program officials, USCIS expects analysis of E-Verify test data to begin in fiscal year 2011 because, by then, there will be sufficient historical data for analysis. However, E-Verify program officials reported that they have not yet identified an approach for analyzing the test data or using the analysis results, for example, what statistical analyses will be conducted on the test data and how will USCIS determine what, if any, test questions and tutorial content should be revised. By developing an analysis plan for the mastery test, and using the analysis results to make fact-based decisions about whether and how to revise the test, the tutorial, or both, USCIS would be able to better target its education efforts and ensure employer compliance with the E-Verify program. Agencies Are Likely to Continue to Face Challenges in Ensuring E- Verify Compliance, Including Challenges in Investigating and Sanctioning Noncompliant Employers: Several factors could continue to make it challenging for USCIS to attain its goal of ensuring employer compliance with E-Verify requirements even after USCIS implements the planned improvements to its monitoring and compliance capability. First, although USCIS has instituted measures to validate the authenticity of registered E- Verify users, the E-Verify transaction data do not allow USCIS to determine whether the individuals who process queries through E-Verify are the same individuals as those certified as E-Verify users. [Footnote 43] This is because individuals who have not completed the tutorial and mastery test are able to borrow the user names and passwords of certified coworkers to gain access to the system. [Footnote 44] These individuals may use the system incorrectly, in a manner that leads to wrongful adverse action against authorized workers who receive erroneous TNCs, or for fraudulent purposes such as running different Social Security numbers and names to see what combinations generate a work authorized decision. Second, USCIS cannot monitor the extent to which employers follow certain program rules as required by the E-Verify MOU because interactions between employers and employees generally occur privately in workplaces where USCIS does not have a presence. For example, USCIS is generally not in the position to determine whether employers carry out activities required by E-Verify, such as posting notice of their participation in the E-Verify program, providing employees the letter informing them of TNC findings, or referring employees to the appropriate agency to resolve the TNC. Similarly, USCIS is generally not in the position to determine whether employers engage in activities prohibited by E-Verify, such as limiting the pay of or terminating employees who receive TNCs, using E-Verify to prescreen job applicants, or screening employees who are not new hires. USCIS may be able to detect some of these noncompliant behaviors in visits to worksites.[Footnote 45] However, workers who are wrongly terminated or suffer other adverse employment consequences because employers fail to follow the MOU receive no protection or remedies under federal law. Third, if employers do not respond or remedy noncompliant behavior after a contact from USCIS compliance staff, USCIS has minimal avenue for recourse because it has limited authority to investigate employer misuse and no authority to impose penalties against such employers. USCIS can terminate an employer's access to E-Verify if USCIS determines that the employer knowingly used the system for an unauthorized purpose. However, this does not ensure that employers are hiring legal workforces. To date, USCIS has not terminated any employers for misuse of E-Verify. For enforcement action for violations of immigration laws, USCIS must rely on ICE to investigate, sanction, and prosecute employers.[Footnote 46] However, ICE has reported that it has limited resources for investigating and sanctioning employers that knowingly hire unauthorized workers or those that knowingly violate E-Verify program rules, and overall, ICE has expended relatively few resources on carrying out such activities. To maximize the impact of limited resources against the most significant threats and violators, senior ICE officials reported that ICE agents apply risk assessment principles to worksite enforcement cases by focusing on detecting and removing unauthorized workers from critical infrastructure sites, such as airports and nuclear power plants, and targeting egregious employers that violate criminal statutes. In fiscal year 2009, ICE spent 5.2 percent of its 10.4 million agent reported workload hours on worksite enforcement, issued 52 fines as a result of Form I-9 audits, and made 444 criminal and 1,654 administrative worksite enforcement arrests.[Footnote 47] We reported in 2005 that worksite enforcement was a relatively low priority under both the U.S. Immigration and Naturalization Service and ICE, and that since fiscal year 1999, a relatively small portion of overall agent resources have been dedicated to the worksite enforcement program. In response, senior ICE officials cited the need to devote their limited resources to what they believe to be higher priorities. In addition to worksite enforcement, ICE is responsible for investigating potential violations of a wide range of federal criminal laws, including international drug smuggling, illegal import and export of drugs and weapons, alien smuggling, intellectual property violations, and money laundering. In December 2008, ICE and USCIS signed a memorandum of agreement that outlined the processes that the agencies are to use for sharing E- Verify program information. Under the agreement, USCIS is to refer significant E-Verify cases to ICE for investigative consideration, with significant cases being those in which USCIS suspects employers of (1) misuse, abuse, and fraudulent use of E-Verify at critical infrastructure sites; (2) violations regarding the employment of unauthorized aliens; (3) criminal activity; (4) failing to use E- Verify for all employees as required by the E-Verify MOU; and (5) retaining employees after receiving FNCs. The agreement also specifies procedures for ICE to request E-Verify transaction data in support of ongoing investigations. Out of the employers that USCIS identified from December 2008 to August 2010 as not complying with E-Verify rules and requiring further action from ICE, USCIS referred 3 cases to ICE for investigation and responded to 19 requests for E-Verify transaction data from ICE. According to senior ICE officials, the cases referred by USCIS were not significant threats or egregious violations and therefore did not warrant a full investigation.[Footnote 48] They stated that referrals from USCIS could be of more assistance if they were more closely aligned with ICE's worksite enforcement priorities. Senior E-Verify program officials told us that USCIS plans to start applying risk assessment principles to its monitoring and compliance activities after USCIS completes developing its technology for the Monitoring and Compliance Branch. Both senior USCIS and ICE officials reported that they are currently coordinating to help USCIS better target its monitoring efforts. Specifically, senior E-Verify program officials said that USCIS is part of a monitoring and compliance task force-- which includes other agencies and subject matter experts--to develop and build requirements for how to use E-Verify transaction data to better target and address the needs of stakeholders, including ICE. An effective employment authorization system requires a credible worksite enforcement program to ensure employer compliance with applicable immigration laws. However, given ICE's existing priorities and resource constraints, ICE is limited in its ability to investigate and sanction employer noncompliance with immigration laws. Senior ICE officials acknowledged that the same limitations would exist if E- Verify became mandatory nationwide. Policy decisions about how to effect a credible worksite enforcement program using E-Verify, including the resources required for it, have yet to be made. The success of the E-Verify program will ultimately be affected by these decisions. DHS Has Instituted Employee Privacy Protections for E-Verify, but Resolving Erroneous TNCs and FNCs and Combating Discrimination Can Be Challenging: USCIS has taken actions to institute safeguards for the privacy of personal information for employees who are processed through E-Verify, but has not established mechanisms for employees to identify and access personal information maintained by DHS that may lead to an erroneous TNC or FNC, or for E-Verify staff to correct such information. USCIS has also not developed policies and procedures for E-Verify management program analysts to document the basis for their work authorization decisions. USCIS has taken actions to mitigate the civil rights and civil liberties risks associated with E-Verify by holding interagency meetings with SSA, CRCL, and OSC. USCIS is coordinating with OSC and CRCL to help reduce incidents of discrimination by helping employees better understand their rights and educating employers about their responsibilities under E-Verify. USCIS Has Taken Actions to Protect the Privacy of Personal Information of Employees Processed through E-Verify: USCIS has taken actions to minimize risks to the privacy of personal information of employees who are processed through E-Verify. The Fair Information Practice Principles, adopted in a 2008 memorandum from DHS's Chief Privacy Officer, are the basis for DHS's privacy policy. These principles include Transparency, Individual Participation, Purpose Specification, Data Minimization, Use Limitation, Data Quality and Integrity, Security, and Accountability and Auditing (see appendix II for additional information on these principles).[Footnote 49] USCIS has generally addressed these principles within the E-Verify program. For example, USCIS has addressed the Transparency principle by publishing privacy notices in 2009 and 2010 that defined parameters, including setting limits on DHS's collection and use of personal information, for the E-Verify program and the Compliance Tracking and Monitoring System.[Footnote 50] These privacy notices defined parameters, including setting limits on DHS's collection and use of personal information residing within E-Verify. USCIS has also published public notices regarding privacy protections on the E-Verify Web site. In addition, the USCIS Verification Division created a Privacy Branch Chief position in January 2007, which DHS Privacy Office officials stated has improved communication between the two offices. USCIS has addressed the data minimization principle by designing E-Verify to collect and share very little personal information about individual employees. Specifically, E-Verify does not require employers to collect any more information on employees than has already been recorded on the Form I-9, and employers do not have access to any of the underlying personal information used by E- Verify to determine an employee's work eligibility. As a result, USCIS has limited the amount of personally identifiable information available to employers through the design of E-Verify. USCIS has addressed the use limitation principle by limiting how management program analysts can access and use information when searching the available databases to confirm citizenship or work authorization status. For example, management program analysts' access is limited to the information that is applicable to the cases that are assigned to them. Employees and E-Verify Staff Face Challenges Resolving Erroneous TNCs and FNCs: Employees Have Limited Ability to Identify, Access, and Correct Information That Causes Erroneous TNCs: Employees are limited in their ability to identify, access, and correct personal information maintained by DHS that may have led to an erroneous TNC. If an employee chooses to contest a TNC, the employer is required to provide the employee a referral letter that identifies which agency an employee needs to visit or call to resolve the TNC and close the case. The process for resolving DHS-related TNCs can be difficult because the E-Verify program does not have a process in place for employees to identify and access personal information that was the source of the erroneous TNCs. Currently, employees are not informed of which specific records are the sources of an erroneous TNC. To identify and access these records, employees must use a Privacy Act request. Privacy Act requests allow individuals to gain access to their personal records (unless the requested records are exempted from disclosure) and to seek correction or amendment of federally maintained records that are inaccurate, incomplete, untimely, or irrelevant. An employee wishing to determine which specific records led to the erroneous TNC may need to make separate Privacy Act requests to several DHS components that may have been the source of information involved in making the determination, because each DHS component maintains its own data and has an independent office in charge of responding to Privacy Act requests. According to senior officials in DHS's Privacy Office, if there is an error in a DHS database, individuals face formidable challenges in getting the inaccuracy or inconsistency corrected because, among other things, they have little information about what database led to the decision. DHS processes Privacy Act and Freedom of Information Act requests in the same manner, and the average response time for these requests in fiscal year 2009 was approximately 104 days.[Footnote 51] DHS's Privacy Office guidance calls for DHS components to adhere to the Individual Participation Principle by providing mechanisms for appropriate access, correction, and redress regarding DHS's use of personally identifiable information.[Footnote 52] Privacy Office officials acknowledged that the current process for employees to access their personal records could be improved, and they said they are discussing with senior E-Verify program officials ways to provide employees with better access to relevant information.[Footnote 53] For example, USCIS could inform employees about which types of records were consulted to make an employment eligibility determination, which could shorten the time and reduce the complexity of locating information because employees could then directly contact the appropriate DHS component to correct the information that led to an erroneous TNC. Developing procedures that enable employees to effectively access their personal information and have inaccuracies or inconsistencies in that information corrected could help DHS minimize the potential for employees receiving repeated erroneous TNCs. In addition to the difficulties employees may experience in accessing their personal information maintained by DHS, some employees might also face challenges in understanding how to contest erroneous TNCs, which is key to their ability to correct inaccurate information about themselves. For example, officials from OSC and CRCL stated that employees have expressed difficulty understanding TNC notification letters and the procedures for requesting reversal of a TNC that they believed to be in error.[Footnote 54] OSC officials stated that employees believe that USCIS should simplify the TNC letters so that people with limited literacy and English proficiency can better understand the process. In June 2010, USCIS released updated versions of both the TNC and referral notices, which include language that according to USCIS can be more easily understood. E-Verify program officials reported that they intend to further simplify the current TNC letters in fiscal year 2012, and combine them with an updated referral letter, so that employees will receive one letter notifying them of both the TNC and the appropriate agency to contact to resolve the TNC.[Footnote 55] USCIS reported that this initiative is a major procedural change and will require revision of current E-Verify processes as well as development of new procedures. Limitations in USCIS's Ability to Correct Employee Information: USCIS has taken actions to improve its ability to correct the personal information that led to erroneous TNCs; however the agency has not established mechanisms for its management program analysts to correct errors in employees' personal information that is obtained from other DHS components' databases. Instead, because it is not the owner of the information, USCIS must contact the component that controls the information and describe the error. Officials at the other DHS components may then decide what steps, if any, to take to correct their records. According to DHS Privacy Office guidance, DHS agencies should, to the extent practicable, adhere to the Data Quality and Integrity Principle by ensuring that personally identifiable information is accurate, relevant, timely, and complete.[Footnote 56] In addition, leading practices call for agencies that routinely work together to establish compatible policies and procedures, including those related to the use of data systems, to effectively operate across agency boundaries. [Footnote 57] DHS could increase the effectiveness of E-Verify in producing accurate results--a stated goal--by ensuring that the department's component agencies have procedures for ensuring that personal information in their records and systems that led to an erroneous TNC is corrected. Doing so could help ensure that the same problems do not recur when individuals take new jobs and are again processed through E-Verify. E-Verify program officials stated that they recently created a Data Integrity Unit that will be tasked with documenting errors in DHS databases and will work with other DHS components, including CBP and ICE, to correct erroneous information contained in their respective databases. This is an important first step but by itself cannot ensure that inaccuracies or inconsistencies are corrected when they are found. Specifically, USCIS, as one component of DHS, may not be in a position to direct other components, such as CBP and ICE, to adopt policies and procedures facilitating the correction of errors. Establishing departmentwide procedures to ensure that all components that own information involved in making work authorization decisions collaborate in correcting inaccuracies or inconsistencies could better position DHS to reduce the number of erroneous TNCs. This is because unresolved inaccuracies or inconsistencies in personal information put employees in the position of facing repeated erroneous TNCs when applying for jobs. E-Verify Staff's Decision-Making Process in Resolving Contested TNCs Is Not Documented, Limiting USCIS's Ability to Ensure Consistent Decisions: USCIS does not require management program analysts to document the process they used to resolve TNCs that were contested by employees. According to Standards for Internal Control in the Federal Government, to be effective, agencies need to clearly document all transactions in a timely manner to ensure that they are making appropriately informed decisions. Moreover, the standards call for clear documentation of policies and procedures that is readily available for examination. Without documentation of the process used to resolve TNCs that were contested by employees, there is no institutional record of the office's actions. Therefore, it may be difficult to review and validate the decision-making process for effective management oversight. Effective management oversight is important for ensuring sound stewardship. Moreover, without documentation of the process used to resolve TNCs that were contested by employees, E-Verify may not be able to ensure that its staff consistently apply criteria it has established, implement procedures as intended, or sustain those efforts over time. E-Verify program officials stated that there is a comment box in the system used by management program analysts to document the actions taken to resolve a TNC, in which they can note additional information related to the resolution of a case. Such a box could be used to document the basis for an analyst's resolution of a case. However, according to E-Verify program officials, management program analysts do not usually put any information in the comment boxes when resolving a TNC because USCIS does not require them to enter this information into the system. E-Verify program officials stated that while these procedures are not currently required, they recognize the importance of making and documenting accurate decisions, and plan to revise the standard operating procedures to require this of management program analysts. As of October 2010, USCIS had not set a timeline for revising and implementing the procedures. By developing procedures for management program analysts to document the basis for their work authorization decisions, USCIS could help employees obtain information about which types of records were consulted in making decisions about contested TNCs and help minimize the potential for recurring erroneous nonconfirmations. In March 2010, USCIS also established the Quality Assurance unit that is intended, among other things, to monitor the accuracy with which management program analysts resolve contested TNCs and ensure that verifications are performed efficiently without compromising accuracy. SSA Has Implemented Controls to Reduce the Number of Erroneous FNCs: According to senior SSA officials, some employees have received erroneous SSA FNCs when they did not notify SSA field office staff that they were attempting to resolve a TNC during a visit to a SSA field office, and when SSA field office staff did not take the appropriate steps to document the status and resolution of TNC cases. SSA reported that the agency is taking steps to address this issue. EV- STAR, an electronic communications link between SSA and the employer that stores information on the status of cases on workers referred to SSA for a TNC, requires SSA employees to note information about a pending TNC resolution in the system. This is an important step because when an employer refers an employee to SSA through E-Verify, an 8-day clock starts. The employee must visit an SSA field office during that time (8 federal workdays) to try to resolve the TNC. The only way to extend the 8 days is for an SSA field office staff member to access EV-STAR. If the employee's information is not verified within this time frame, E-Verify will automatically notify the employer of the FNC. In certain cases, these FNCs can be erroneous because the employee is actually authorized to work but did not have his or her information verified within the specified time frame. SSA field office staff can extend the amount of time for an employee to resolve a TNC to up to 120 days at 30-day intervals, but can only do so if they make a notation in EV-STAR that the case is pending a TNC resolution. However, SSA field office staff are not always aware that the employee is attempting to resolve a TNC, either because the individual does not notify staff that he or she is there for E-Verify reasons or does not provide field office staff with a copy of the TNC referral letter. As a result, staff may not make a notation in EV-STAR to extend the case beyond 8 federal working days. Thus, if an employee does not return with the required documentation within 8 federal working days, the system will send an FNC response to the employer. In addition, even when SSA staff know that an employee is attempting to resolve a TNC, the staff do not always access EV-STAR to update cases as pending because, according to senior SSA officials, EV-STAR is a DHS system that requires staff to log into the system separately outside of the SSA system they regularly use. Furthermore, senior SSA officials told us that staff may also forget to update EV-STAR because of field office workload demands. Senior SSA officials stated that they cannot quantify how frequently erroneous FNCs occur because of incorrect EV-STAR use, but noted that the agency has worked with USCIS and OSC to address this problem. Senior OSC officials noted that while SSA is taking steps to address this issue, there is no formal appeals process for employees who receive FNCs in error, and no mechanism for compensating employees who are laid off or terminated as a result of receiving an erroneous FNC. Senior SSA officials reported that SSA has implemented five actions to address the issue of erroneous FNCs: * SSA has created and distributed to its regional offices EV-STAR usage reports that track the number of times field office staff access EV-STAR. SSA reported that it created this report to enhance awareness of E-Verify and EV-STAR by its regional and field offices. * In October 2010, SSA modified its operating system to add a direct link to EV-STAR. SSA told us that this modification will make it easier for field office staff to access EV-STAR. * SSA has created three alerts within its operating system to notify field office staff when a Social Security number is associated with an SSA TNC. These alerts have been designed to remind staff to access and take appropriate action in EV-STAR. SSA told us that these alerts will be deployed during fiscal year 2011. * SSA has added a slide in its televised broadcast in field offices, and is developing a poster, to advise individuals who are there to resolve a TNC to let the field office staff know that their cases are related to E-Verify. * SSA has developed training for field office staff regarding the use of EV-STAR. While these actions could address the causes leading to employees receiving erroneous FNCs because of SSA field office use of EV-STAR, it is too soon to know if these actions will fully address the problem. USCIS Has Taken Some Actions to Identify and Mitigate Civil Rights and Civil Liberties Risks Associated with E-Verify and Faces Challenges in Combating Employer Discrimination: DHS Relies on Interagency Meetings to Identify and Mitigate Civil Rights and Civil Liberties Risks: Senior USCIS E-Verify program officials and CRCL officials said they address issues related to employees' civil rights and civil liberties risks in interagency meetings. Westat's 2009 report stated that the erroneous TNC rate for employees who were eventually found to be eligible to work was approximately 20 times higher for foreign-born employees than for U.S.-born employees (2.6 percent versus 0.1 percent) from April through June 2008. Based on statistical information provided us by USCIS for fiscal year 2009, the likelihood of noncitizens receiving erroneous TNCs was greater than that for citizens.[Footnote 58] As discussed earlier, employees may also face challenges in understanding TNC letters and how to contest erroneous TNCs. Given this, and USCIS's limited mechanisms for correcting errors in personal information that have caused erroneous TNCs or FNCs, increased potential exists for an adverse impact on individuals' civil rights and civil liberties. Assessing the risks posed by a program to civil rights and civil liberties is intended to determine the extent to which programs, policies, regulations, and guidelines comply with and safeguard civil rights and civil liberties. Formal assessments, such as civil liberties impact assessments, can offer assurance to the public that individuals' rights are being protected. They are typically conducted in instances when, for example, programs may have a direct impact on certain racial or ethnic groups, or require or authorize the federal government to collect personal information about private citizens. [Footnote 59] According to a senior CRCL official, CRCL's approach to addressing civil rights and civil liberties risks related to E-Verify is to hold routine interagency meetings with USCIS to discuss potential risks and recommend improvements to mitigate these risks. The official noted that if E-Verify were to become mandatory, a more formal assessment of civil rights and civil liberties issues could address those issues that may have an impact on civil rights and civil liberties. Challenges to Combating Discrimination: Employees may be vulnerable to discrimination under E-Verify if, for example, employers engage in practices prohibited by E-Verify, such as limiting the pay of or terminating employees who receive TNCs, or prescreening job applicants. In 2009, Westat reported that some employers who responded to its survey acknowledged engaging in such practices. Specifically, of 2,320 survey respondents, 17.1 percent (397) reported restricting work assignments until employment authorization was confirmed; 15.4 percent (357) reported delaying training until employment authorization was confirmed; and 2.4 percent (56) reported reducing pay during the verification process. Westat also reported that employers prescreened job applicants more often than they self-reported. For example, in its employee interviews, Westat found that of 396 workers who reported on their employment status at the time their work authorization was determined through E- Verify, 114 claimed to be job applicants rather than new hires. To investigate job discrimination related to individuals' citizenship status or national origin, USCIS must refer suspected cases of discrimination to OSC. Attempting to identify discrimination within E-Verify is challenging because the E-Verify transaction database does not capture certain employer behaviors that are indicative of discrimination, such as denying employment based on citizenship status or national origin. According to USCIS, its transaction database contains information on two employer behaviors that may serve as indicators of discrimination: (1) terminating an employee who receives a TNC and (2) processing employees who are not new hires through E-Verify. E-Verify program officials stated that these indicators could be used in combination with other information, such as information obtained through a law enforcement request, to pursue charges of discrimination against an employer. Senior E-Verify program officials reported that they have worked with OSC and subject matter experts on a task force to determine how best to extract information from the E-Verify transaction database to target issues such as discrimination. According to USCIS, as it improves its E-Verify technical capability, the agency will be better positioned to identify trends in discrimination. To facilitate the exchange of information between USCIS and OSC, in March 2010, USCIS signed a memorandum of agreement with OSC. According to the agreement, USCIS is to refer to OSC all cases of suspected discrimination that USCIS identifies. The agreement also states that OSC is to refer cases of suspected nondiscriminatory abuse or misuse of E-Verify to USCIS. From March 2010 to August 31, 2010, USCIS responded to approximately 78 requests for E-Verify transaction data from OSC. Of these requests, 50 were requests for technical assistance, and 28 were requests for enforcement purposes. OSC has referred approximately 39 instances of nondiscriminatory employer misuse of E-Verify from March 2010 to August 31, 2010.[Footnote 60] According to OSC, since the two agencies have signed the agreement, USCIS has referred no cases of potential discrimination to OSC. To help employees better understand their rights, USCIS, OSC, and CRCL have taken several actions. First, OSC's "Know Your Rights" poster for employees includes, among other things, notice to employees that it is illegal for employers to deny an employee the right to work based on citizenship status or national origin and provides employees with the contact information for OSC. While this poster was not created specifically for the E-Verify program, employers participating in E- Verify are required under the employer MOU to display the poster in a visible location in both English and Spanish. Second, CRCL developed a "You Should Know Your Rights and Responsibilities Under E-Verify" brochure for employees--available on USCIS's Web site and in different languages--to help employees better understand their rights and responsibilities under E-Verify. Third, in March 2010, USCIS and CRCL developed a video for employees that explains E-Verify rules and policies, stresses the rights of employees, and reminds employees that employers may not use E-Verify to discriminate against or prescreen employees. Fourth, in April 2010, USCIS implemented an E-Verify help line to handle complaints about employer misuse of the E-Verify program and refer to OSC complaints about possible discrimination. USCIS, OSC, and CRCL have also taken actions to better educate employers on E-Verify rules and policies to help prevent both knowing and inadvertent discrimination. For example, OSC has created a set of "E-Verify Dos and Don'ts" to provide a quick reference guide for participating employers on their responsibilities under E-Verify. Through its hotlines for employers and employees, OSC also provides general guidance and handles complaints on a variety issues, including E-Verify issues.[Footnote 61] Lastly, USCIS and CRCL have developed an employer video to stress the importance of following E-Verify procedures to safeguard employee rights. Among other things, the video advises employers that E-Verify requires them to permit workers to contest TNCs with no adverse employment consequences, avoid using the system on job applicants, and protect employee privacy. USCIS and SSA Have Taken Actions to Prepare for Mandatory Implementation of E-Verify by Adopting Practices for Effectively Managing E-Verify System Capacity, but They Face Challenges in Estimating Costs: USCIS and SSA have taken actions to prepare for possible mandatory implementation of E-Verify by addressing widely accepted industry practices for effectively managing E-Verify system capacity and availability and working together to coordinate the shared operation of E-Verify. USCIS and SSA are in the process of developing an agreement to define acceptable and unacceptable levels of service required to support the E-Verify program, but have not established a written service-level agreement to help ensure that SSA will be able to meet E-Verify capacity demands and provide USCIS continuous service in the future, or provided timeframes for when the agreement will be completed. Additionally, in order to ensure that sound decisions are made about future resource needs for E-Verify, USCIS and SSA have developed life cycle cost estimates for the current E-Verify program. However, USCIS's cost estimates do not reliably depict current E- Verify cost and resource needs or cost and resource needs for mandatory implementation. While SSA's cost estimates substantially depict current E-Verify costs and resource needs, SSA has not fully assessed the extent to which its workload costs may change in the future. USCIS and SSA Have Met Five of the Six Capacity Management Practices for E-Verify Operations but Have Not Documented System Requirements for Meeting Future Demands: To manage current E-Verify system capacity and plan for future system capacity needs, USCIS and SSA have met five of six practices identified by the Software Engineering Institute as best practices for establishing and maintaining capacity and availability of system components. These key practices are integral to effective information technology (IT) planning and are widely accepted by IT experts. Table 2 provides examples of how USCIS and SSA have addressed each of the Software Engineering Institute's best practices for capacity management.[Footnote 62] Table 2: Effective Practices for Capacity Management and Planning and the Extent to Which USCIS and SSA Have Addressed Each Practice: Practices for effective capacity management and planning: 1. Establish strategy for managing capacity and availability that defines, among other things, service and resource requirements and availability and system constraints; Met. How USCIS and SSA have addressed each practice: USCIS and SSA developed a project management plan that defines staff resources needed to support E-Verify. USCIS also developed a document that discusses system constraints, such as requirements to meet security standards and use external systems for sources of data. Practices for effective capacity management and planning: 2. Select measures, such as response time and reliability, and analytic techniques to be used in managing the capacity and availability of E- Verify; Met. How USCIS and SSA have addressed each practice: With input from SSA, USCIS defined performance requirements for E-Verify, such as system capacity and availability, along with system reliability and response time requirements for notifying participating employers of verification results. Practices for effective capacity management and planning: 3. Monitor, analyze, and report on current and future demands for system performance; Met. How USCIS and SSA have addressed each practice: USCIS and SSA routinely measure and monitor E-Verify system availability, system response time, and continuity of service based on USCIS service requirements of 99.5 percent system availability and an average response time of 2 seconds per case and on performance reports. Practices for effective capacity management and planning: 4. Establish and maintain system representations, such as simulations of transaction arrival rates and load testing, to provide insight into how a system will work given specific work volumes and resources; Met. How USCIS and SSA have addressed each practice: USCIS and SSA conducted simulations and load tests to confirm that their systems will complete critical functions in a high transaction volume environment without performance delays. E-Verify program officials said that in 2007, USCIS successfully simulated an operational transaction load commensurate with an annual rate of 240 million queries per year--the higher estimate of the number of queries expected to be generated by a mandatory E-Verify program. Practices for effective capacity management and planning: 5. Identify services to be delivered and levels of acceptable and unacceptable service to be provided by an organization to support another organization's business programs; Met. How USCIS and SSA have addressed each practice: According to senior E- Verify program and SSA officials, USCIS and SSA have agreed to proposed performance measures in regards to system availability, average response time, and transaction volumes. Each fiscal year, USCIS provides SSA an annual estimate of E-Verify transaction volumes for the next fiscal year and anticipated volumes beyond that year to help measure performance. Practices for effective capacity management and planning: 6. Define and document the requirements listed above in a service-level agreement; Not met. How USCIS and SSA have addressed each practice: The agencies have not established a written service-level agreement that describes acceptable and unacceptable SSA service levels required to support the E-Verify program. Source: GAO analysis of the actions USCIS and SSA have taken to establish and maintain capacity and availability of system components for E-Verify operations. [End of table] We previously reported that capacity management is one of the most critical responsibilities in the management of an IT environment. [Footnote 63] It provides a structure for agencies to measure and evaluate system performance to prevent or correct problems and to plan for future capacity requirements based on estimated workloads. By using capacity planning tools to prepare for how IT components and resources should be configured to adequately support anticipated future workloads, agencies can avoid interruptions in services and be better prepared to effectively meet future demands. The capacity management actions that USCIS and SSA have taken, as shown in table 2, will enhance the agencies' ability to support future workload demands in the event that E-Verify becomes mandatory nationwide. As of October 2010, USCIS and SSA actions to address E-Verify system capacity and availability issues had not included documenting system requirements in a service-level agreement. Such an agreement could help ensure that the agencies have a common understanding of how to meet current and future E-Verify system demands. As shown in table 2, defining and documenting system requirements in a service-level agreement is the sixth practice for effective planning for establishing and maintaining capacity and availability of system components. This practice involves organizations identifying the levels of acceptable and unacceptable service that one organization is to provide another to support that organization's business programs. In 2008, an independent contractor recommended that USCIS engage in a service-level agreement with SSA to ensure that SSA understands and agrees to the service levels for current and future needs of the E- Verify program.[Footnote 64] According to USCIS, it has developed a draft service-level agreement and provided it to SSA for its review. Senior SSA officials told us that SSA is reviewing the agreement, but they were unable to identify a date for when the agreement would be reviewed and approved by both agencies. SSA reported that a service- level agreement between SSA and USCIS for E-Verify would help guarantee high availability and continuity of service for the program and prevent issues with SSA's operation of E-Verify. SSA reported that it currently monitors E-Verify volume and alerts USCIS of any potential increases in the transaction volumes, but acknowledged that without an agreement that sets forth parameters for system availability and continuity of service, its other workload demands, such as disability and retirement processing, could take precedence over its E-Verify workload and disrupt E-Verify service. E-Verify program officials reported that they are continuing to work with SSA to incorporate additional performance parameters into the agreement, including performance criteria for system availability, data security, and system capacity. They noted, however, that the timeframe for completing the agreement has not yet been worked out. SSA and USCIS reported that the agreement needs to reviewed, negotiated, and approved before it can be included in a future reimbursable agreement. Standards for program management require that the specific steps needed to complete a project be identified and documented, and that milestones and time frames be established for completing projects. [Footnote 65] Until USCIS and SSA document the terms of the service- level agreement, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a time frame with milestones for its completion, USCIS may not have reasonable assurance that SSA will be able to provide continuous service for E-Verify operations and meet the increased demands for system capacity in the future. USCIS and SSA Face Challenges in Accurately Estimating E-Verify Costs: Sound Decisions about Future Resource Needs to Ensure the Success of E- Verify Program Implementation Depend on USCIS and SSA Developing Reliable Cost Estimates: A reliable cost estimation process provides a sound basis for making accurate and well-informed decisions about resource investments, budget formulation, measurement of progress, and accountability for results, and is critical to the success of any program. According to OMB,[Footnote 66] federal agencies must maintain current and well- documented estimates of program costs, and these estimates must encompass the program's full life cycle. Among other things, OMB has stated that a reliable life cycle cost estimate is critical to the capital planning and investment control process. Without such an estimate, agencies are at increased risk of making poorly informed investment decisions, securing insufficient resources to effectively execute defined program plans and schedules, and thus experiencing program cost and schedule overruns and performance shortfalls. Our research has determined that a reliable cost estimate possesses four characteristics, which are summarized in table 3. Table 3: GAO's Characteristics of a Reliable Cost Estimate: Characteristic: Comprehensive; Description: A comprehensive cost estimate should include all government and contractor costs over the program's full life cycle, provide sufficient detail to ensure that cost elements are neither omitted nor double counted, and document all cost-influencing ground rules and assumptions. Characteristic: Well-documented; Description: A well-documented cost estimate should capture in writing such things as the source and significance of the data used, the calculations performed and their results, and the rationale for choosing a particular estimating method or reference. A well- documented estimate can be easily reconstructed by an outside source and should be reviewed and accepted by management. Characteristic: Accurate; Description: An accurate cost estimate should be, among other things, based on historical data reflecting most likely costs, adjusted properly for inflation, and validated against an independent cost estimate. An accurate estimate should be updated regularly to reflect material changes in the program and actual cost experience on the program, and steps should be taken to minimize mathematical mistakes. Characteristic: Credible; Description: A credible cost estimate should discuss any limitations in the analysis caused by uncertainty or biases surrounding the data and assumptions. Major assumptions should be varied, and other outcomes computed to determine how sensitive the estimate is to changes in the assumptions. Risk and uncertainty inherent in the estimate should be assessed and disclosed. Source: GAO Cost Estimating and Assessment Guide. [End of table] We reviewed USCIS's and SSA's cost estimates for E-Verify, compared them against the above four characteristics, and assessed the extent to which the agencies met the characteristics of a reliable cost estimate. A reliable cost estimate consists of 12 best practices that can be grouped into four characteristics. We determined that the characteristic was (1) not met if the agency provided no evidence that satisfied any portion of the criterion, (2) minimally met if the agency provided evidence that satisfied less than one-half of the criterion, (3) partially met if the agency provided evidence that satisfied about one-half of the criterion, (4) substantially met if the agency provided evidence that satisfied more than one-half of the criterion, and (5) met if the agency provided complete evidence that satisfied the entire criterion. We assigned a value ranging from 1 to 5 indicating the extent to which the agencies met each best practice, and averaged the values for the practices that were associated with each characteristic. (See appendix I for a list of the 12 best practices.) USCIS Has Partially Met Three of Four Characteristics of a Reliable Cost Estimate: Our analysis showed that USCIS's E-Verify estimates partially met three of four characteristics of a reliable cost estimate and minimally met one characteristic. In December 2009, USCIS provided us a life cycle cost estimate of $508 million for funding E-Verify as a nonmandatory program through fiscal year 2020, at which time USCIS expects that E-Verify will need to be replaced. The $508 million includes $16 million for planning, $182 million for acquisition, $261 million for operations and maintenance, $17 million for security, and $32 million for government full-time employees. USCIS's cost estimate was: * Partially comprehensive because it was developed by in-house personnel with assistance from subject matter experts, and outlined a schedule for completing the work and the approach for developing the estimate. The cost estimate is not fully comprehensive because USCIS's estimation of E-Verify development costs did not break E-Verify down into its smaller specific components. For instance, USCIS provided high-level cost estimates for both government and contractor efforts associated with developments and enhancements but lacked estimates for detailed system requirements. E-Verify program officials stated that the large number of ongoing enhancements to E-Verify prohibited it from doing a more in-depth analysis sufficient to ensure that all costs have been considered. By breaking costs down into small components, an agency positions itself to more precisely identify which components cause cost or schedule overruns so that root causes can be readily determined if needed. USCIS's cost estimate also did not include detailed E-Verify system requirements, historical cost data, or full life cycle costs. * Partially documented because USCIS briefings and other documents together describe program requirements, purpose, technical characteristics, acquisition strategy, and operational plan. USCIS has not, however, prepared a development plan and identified program risks in accordance with best practices. USCIS's cost estimate also does not include the supporting documentation and calculations that would allow someone unfamiliar with the cost estimate to easily re-create it. * Partially accurate because USCIS used historical data and cost performance reports to help predict future costs. The cost estimate is not fully accurate, however, because it was not validated against an independent cost estimate--a required best practice--and does not include all applicable life cycle costs, as stated above. Moreover, USCIS's and SSA's cost estimates are incongruent, with USCIS' estimate being 15 percent lower than SSA's. In contrast to SSA's detailed cost estimates, USCIS's estimates for SSA were not explained or supported by backup data. * Minimally credible because while USCIS assessed E-Verify's ability to meet the requirements of the current voluntary program, a potential mandated program, and growth under both scenarios with the help of subject matter experts, it did not carry out other activities. For example, the agency did not (1) perform an independent cost estimate on E-Verify, (2) perform a sensitivity analysis to determine which factors could affect the cost estimate, or (3) identify the risks associated with changes in the projected number of E-Verify cases or SSA's E-Verify workload. Projected case volumes can fluctuate for various reasons, such as state legislation or policy changes, and case volumes directly affect SSA's workload. Given that USCIS reimburses SSA for its costs for operating E-Verify, determining these risks would allow USCIS to better predict future costs under different scenarios. USCIS acknowledged the limitations in its cost estimates for E- Verify, and attributed the limitations in the comprehensiveness, documentation, accuracy, and credibility of its estimates to a range of factors, including competing program office priorities and USCIS's limited cost-estimating capabilities. Senior E-Verify program officials told us that since February 2010, USCIS has contracted with a federally funded research and development center to perform a comprehensive analysis of E-Verify's technical infrastructure--VIS-- including developing an independent cost estimate of the life cycle costs of E-Verify in an effort to better comply with our cost- estimating guidance. Senior E-Verify program officials also told us that the agency is working with USCIS's Office of Information Technology's Cost Estimate Section to review and evaluate the cost estimates for VIS's contract re-compete effort, and stated that in June 2010 it launched an initiative to regularly report risks related to VIS and system costs to DHS. However, until it generates a reliable life cycle cost estimate for E-Verify, USCIS is at increased risk of not making informed investment decisions, understanding system affordability, and developing justifiable budget requests for future E- Verify use and potential mandatory implementation. SSA Has Substantially Met Three of Four Characteristics of a Reliable Cost Estimate, but Challenges Exist with Predicting E-Verify Workload: Our analysis showed that SSA's E-Verify estimates substantially met three of four characteristics of a reliable cost estimate and partially met the fourth characteristic. SSA's life cycle cost estimate for fiscal years 2010 through 2015 of almost $66 million includes approximately $14 million in costs that have already been incurred for developing the Isolated Environment, which was designed for dedicated use by E-Verify, $18 million for fiscal years 2010 through 2013 to maintain this system; and $34 million for fiscal years 2010 through 2015 to provide administrative support to SSA field offices and a toll-free number to respond to TNC inquiries. SSA's cost estimate was: * Substantially comprehensive because SSA accounted for both government-and contractor-related cost elements for E-Verify. SSA's ability to develop cost estimates for operating and supporting E- Verify was enhanced by the availability of information on the actual costs of developing E-Verify, as SSA had already developed and deployed the Isolated Environment. SSA's cost estimate was detailed in that costs were neither omitted nor double counted. For example, all development resources and associated cost elements required to develop, produce, deploy, and sustain E-Verify have been accounted for, as required by best practices. In addition, SSA provided detailed assumptions about such things as the skill level of software programmers, level of user involvement, and field office workload, which are important cost drivers of E-Verify development and support costs. Like USCIS, however, SSA did not break E-Verify development costs into its smaller specific components as suggested by best practices. * Substantially well-documented because SSA's estimate addressed many of the best practices we assessed. For example, USCIS gathered data on historical actual costs and from program and technical sources, such as blanket purchase agreements and actual invoices for hardware such as mainframes, and software development data from similar projects. Moreover, based on the documentation SSA provided to us regarding operating and support costs, we were able to easily re-create SSA's cost estimate. SSA's development cost estimate did not fully provide the supporting documentation and calculations, as required under best practices, but since SSA has completed the development effort, it now has a spreadsheet of actual costs that override the initial estimate. * Substantially accurate because, as noted above, SSA has actual costs for its development effort which enabled it to update its estimate with actual development costs. SSA's operating and support cost estimates were supported by data on labor hours and a detailed list of the hardware and software necessary for E-Verify operation. SSA also identified the inflation indexes it used to estimate costs and relied on actual data from its cost accounting systems, as well as earned value management data, to collect actual costs. The cost estimate did not fully meet best practices because it was not validated against an independent cost estimate and did not include all costs associated with maintaining the system. * Partially credible because SSA identified as key cost drivers the costs associated with system hardware, storage, and labor, and also estimated the costs for administrative operations, such as the number of E-Verify cases and SSA E-Verify workload. In addition, SSA conducted a sensitivity analysis to determine which communication technology would best allow SSA field staff to address phone inquiries. Further, there is less risk to SSA's estimates going forward because development efforts for the Isolated Environment are now complete. Regarding operations and support cost estimates, which constituted nearly 80 percent of the cost estimate, however, SSA did not adequately address the inherent risk and uncertainty within the estimate or the limitations associated with the assumptions used to create it. Although SSA stated that it routinely assesses the risk and uncertainty in developing its estimate of E-Verify costs, it does not use statistical models to quantitatively determine the extent of variability around its cost estimate. For example, SSA did not identify the risks associated with changes in the projected number of E-Verify cases or SSA's E-Verify workload, or document and assess the risks of these assumptions varying. Changing the number of projected E- Verify cases can affect SSA's workload projections, and would result in changes to SSA's final cost estimate. We performed our own analysis and found that increasing either the number of cases or SSA's workload projections by 10 percent would increase SSA's total cost by almost $0.5 million. SSA officials attributed the limitations of SSA's documentation of its life cycle cost estimates to the fact that OMB does not require SSA to develop life cycle cost estimates outside of its 5-year window. SSA officials told us that SSA develops costs estimates for only 5 years to better control for changes in system costs, such as hardware upgrades, as these costs tend to be less stable than other costs. SSA officials told us that they have developed system cost estimates through fiscal year 2020 because of the variability associated with the costs involved. SSA officials also attributed the limitations associated with credibility in its cost estimates to its ability to recoup all actual costs for E-Verify system maintenance and operations pursuant to its reimbursable agreement with USCIS. Therefore, according to SSA, SSA will incur more operational work if E-Verify transaction volume increases, but will bear no additional costs because USCIS must reimburse SSA for all expenses. While there is no risk for SSA if cost overruns occur, there is risk to USCIS because it has to pay for all costs incurred by SSA for operating E-Verify and resolving TNCs. For example, SSA's workload increased from processing 85,869 TNC cases in fiscal year 2007 to processing 88,235 TNC cases in fiscal year 2009. However, the extent to which SSA's workload may either increase or decrease in the future is not known. According to cost estimating best practices, a credible cost estimate should discuss any limitations in the analysis caused by uncertainty or biases surrounding the data and assumptions. By not assessing the inherent risk and uncertainty within its estimate or the limitations associated with the assumptions used to create it, SSA will not be able to reliably determine the extent to which its workload costs may change if the projected, or estimated, number of E-Verify cases is greater or less than expected, and may not be able to provide assurance to USCIS that it can provide the required level of support for E-Verify operations if it experiences cost overruns within any one fiscal year.[Footnote 67] Conclusions: E-Verify is a widely used employment verification system in the United States and may become a key part of federal efforts to reform the immigration system. Since we last testified in June 2008, USCIS and SSA have taken actions that have helped improve the accuracy of E- Verify and reduce opportunities for unauthorized workers to use fraudulent documents to gain employment. These efforts notwithstanding, the government's ability to ensure an authorized workforce is limited because E-Verify, like the Form I-9 process on which it is based, is vulnerable to identity fraud. Identity fraud can allow E-Verify to erroneously verify individuals who fraudulently use the valid documents of others to gain employment. Documents with enhanced security features, such as biometrics, may help to resolve some of these weaknesses, but they may be costly and generate privacy concerns. Further, worksite enforcement is an integral part of an effective employment authorization system, but resource limitations have impeded ICE from investigating and sanctioning all but the most egregious employer violators of worksite immigration laws. If E-Verify became mandatory and worksite enforcement resources continued to be limited to egregious employer violators, more unscrupulous employers could have the opportunity to hire unauthorized workers without much risk of detection. USCIS's actions to improve the accuracy of E-Verify have included adding tools to help identify fraudulent documents, expanding the number of databases queried through E-Verify, and instituting quality control procedures to screen for data entry errors. However, USCIS can further improve the accuracy of E-Verify by taking additional actions to help prevent erroneous TNCs attributable to name mismatches, particularly for individuals--often foreign-born, naturalized, or both--who have multiple or hyphenated surnames. Disseminating information to employees on the importance of providing consistent name information to employers, SSA, and DHS can help better ensure data accuracy and reduce the appearance of discrimination toward certain cultural groups because of the disparate impact of these kinds of erroneous TNCs on such groups. With respect to monitoring and compliance, USCIS has increased the size of its staff but remains limited in its ability to ensure employer compliance with E-Verify policies and procedures. As part of its efforts to help employers understand E-Verify rules so that they can better comply with them, USCIS developed an E-Verify tutorial and requires that employers pass a mastery test before they use E-Verify. By developing an analysis plan for the mastery test, analyzing test response data, and using the results of that analysis to revise the test, the tutorial, or both, USCIS would be able to better target its education efforts and ensure employer compliance with the E-Verify program. Regarding privacy protections, USCIS has taken actions to minimize risks to the privacy of personal information for new employees. However, employees are limited in their ability to identify, access, and correct information in DHS databases that has led to erroneous TNCs. Developing procedures that enable employees to effectively access their personal information and have inaccuracies or inconsistencies in that information corrected could help DHS minimize the potential for employees to receive repeated erroneous TNCs. In addition, establishing departmentwide procedures to ensure that all components that own information involved in making work authorization decisions collaborate in correcting inaccuracies or inconsistencies could better position DHS to reduce the number of erroneous TNCs and help to increase the effectiveness of E-Verify by enhancing accuracy. Moreover, because management program analysts are not required to document the actions taken to resolve a TNC, it will be difficult for USCIS to have a basis for ensuring that decisions will be made consistently and obtain reasonable assurance that erroneous TNCs will not continue to occur if the resolution of such TNCs has not been documented. By developing procedures for management program analysts to document the basis for their work authorization decisions, USCIS could help inform employees about which types of records were consulted in making decisions about contested TNCs and help minimize the potential for recurring erroneous nonconfirmations. USCIS and SSA have taken actions to prepare for a possible mandatory E- Verify implementation, but they could be better positioned to ensure that SSA will be able to provide continuous E-Verify service and meet increased demands for system capacity in the future by developing a written service-level agreement. Further, by developing a life cycle cost estimate for E-Verify using the four characteristics of a reliable estimate, USCIS would be better positioned to make informed investment decisions, understand system affordability, and develop justifiable budget requests for future E-Verify use and potential mandatory implementation. Finally, by assessing the risk and uncertainty within SSA's E-Verify workload estimate, as well as the limitations associated with the assumptions used to create it, in accordance with best practices, SSA will be able to provide assurance to USCIS that it can provide the required level of support for E- Verify operations. Recommendations for Executive Action: We are making the following eight recommendations: To reduce the likelihood of name-related erroneous TNCs for employees with multiple or hyphenated surnames, we recommend that the Director of USCIS disseminate information to employees, for example, through CRCL's instructional videos for employees, in DHS's A Guide to Naturalization, and at naturalization ceremonies, on the potential for name mismatches and how to record their names consistently when providing name information to employers, SSA, and DHS. To better target USCIS's education efforts and ensure employer compliance with the E-Verify program, we recommend that the Director of USCIS develop an analysis plan for the mastery test and use the analysis results to make fact-based decisions about whether and how to revise the test, the tutorial, or both. To ensure that employees have the ability to access and correct inaccuracies or inconsistencies in personal information within DHS databases that may have led to erroneous TNCs and minimize the potential for employees receiving repeated erroneous TNCs, we recommend that the Director of USCIS develop procedures that enable employees to access personal information and correct inaccuracies or inconsistent personal information in DHS databases. To improve the accuracy of the source data used to make employment eligibility decisions and decrease the potential for recurring erroneous nonconfirmations, we recommend that the Secretary of Homeland Security direct the heads of DHS components to coordinate with one another to develop procedures to correct inaccurate or inconsistent information in their records and systems that may have led to erroneous TNCs or FNCs. To decrease the potential for recurring erroneous nonconfirmations, we recommend that the Director of USCIS develop procedures for management program analysts to document the basis for their work authorization decisions. To help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service in the future, we recommend that the Director of USCIS and the Commissioner of SSA finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion. To ensure that USCIS has a sound basis for making decisions about resource investments for E-Verify and securing sufficient resources to effectively execute defined program plans, we recommend that the Director of USCIS ensure that a life cycle cost estimate for E-Verify is developed in a manner that reflects the four characteristics of a reliable estimate consistent with best practices--comprehensive, well- documented, accurate, and credible. To ensure that SSA can accurately project costs associated with its E- Verify workload, as well as estimates for potential mandatory implementation of E-Verify, we recommend that the Commissioner of SSA assess the risk and uncertainty within SSA's E-Verify workload estimate as well as the limitations associated with the assumptions used to create it, in accordance with best practices, to ensure that SSA can provide the required level of support to USCIS and E-Verify operations. Agency Comments and Our Evaluation: We provided a draft of this report to DHS and SSA for their review and comment. We received written comments from DHS, which are reprinted in appendix III. DHS generally concurred with the recommendations in this report and discussed actions it has underway or is planning to take in response to these recommendations. However, it is not clear to what extent these actions will fully address the intent of 3 recommendations. DHS also provided us technical comments, which we incorporated as appropriate. To address the first recommendation that USCIS disseminate information to employees that name mismatches can result in erroneous TNCs and how to record their names consistently, DHS stated that it concurred and noted that on November 8, 2010, USCIS began to distribute the U.S. Citizenship Welcome Packet at all naturalization ceremonies to advise new citizens to update their records with SSA. As discussed in the report, USCIS also issued a contract for a study on name-related TNCs and included language in A Guide to Naturalization that advises newly naturalized citizens to update their records with SSA. USCIS plans to use the results from the study, expected in the third quarter of fiscal year 2011, to enhance its name matching algorithms and provide improved guidance to individuals who use the E-Verify system. These are useful steps toward reducing the likelihood of name-related erroneous TNCs, but do not fully address the intent of the recommendation because they do not specifically provide information to employees on how prevent a name-related TNC. Therefore, they still leave open the possibility that employees with multiple or hyphenated surnames will not consistently record their name on various authorizing documents when updating their records. Thus, we continue to encourage USCIS to provide information to employees on the importance of recording their names consistently. Regarding the second recommendation that USCIS develop an analysis plan for the E-Verify mastery test and use the analysis results to make decisions about whether and how to revise the test, the tutorial or both, USCIS concurred and commented that it began to analyze the mastery test results following a June 2010 mastery test revision, although it did not specifically mention when the analysis began. As discussed in the report, as of October 2010, USCIS officials reported that USCIS had not yet begun to analyze the mastery test results. Thus, since USCIS undertook this effort after we concluded our review of this issue in October 2010, we have not examined the extent to which USCIS's analytic approach fully addresses our recommendation. Regarding the third recommendation that USCIS develop procedures to enable employees to access personal information and correct inaccuracies or inconsistencies in such information within DHS databases, DHS stated that USCIS concurred. DHS stated that USCIS is piloting a process whereby USCIS staff assist employees who receive TNCs by submitting an electronic application to request a records update. USCIS's Verification Division Deputy Division Chief explained in a follow-up discussion that this pilot process is limited to a small number of individuals who contact USCIS regarding a TNC and also have a current application for an immigration benefit (such as an application for permanent residency). Therefore, employees receiving a DHS TNC who are not in the immigration benefit application process would not receive this type of assistance. USCIS also commented that individuals who call USCIS to resolve a DHS TNC are referred to local USCIS or CBP offices, and ports of entry, to correct records when inconsistent or inaccurate information is identified. Although such referrals provide employees the ability to access agencies that maintain personal information on them, USCIS does not have operating procedures in place for management program analysts to explain to employees what personal information produced the TNC or what specific steps they should take to correct the information. As noted in the report, DHS also stated that USCIS is developing an E-Verify Self- Check program which will allow individuals to check their own work authorization status against SSA and DHS databases prior to applying for a job. While this should help individuals avoid receiving an erroneous TNC when they are hired for a job, it will not benefit newly hired employees who have already received such a TNC. We encourage USCIS to continue its efforts to develop procedures enabling employees to access and correct inaccurate and inconsistent personal information in DHS databases. Regarding the fourth recommendation that DHS components coordinate with one another to develop procedures to correct inaccurate or inconsistent information in their records and systems that may have led to erroneous TNCs or FNCs, DHS concurred. DHS noted, as stated in the report, that it will continue to work with its components to ensure that E-Verify provides the most accurate and up-to-date information on immigration status and that inaccuracies in various systems' source data are corrected. Regarding the fifth recommendation that USCIS develop procedures for documenting the basis for work authorization decisions, DHS concurred and stated, as noted in the report, that it plans to modify its standard operating procedures in fiscal year 2011 and its Status Verification System in fiscal year 2013 to facilitate documentation of work authorization decisions. Such action is consistent with the intent of the recommendation and should help decrease the potential for recurring erroneous nonconfirmations. To address the sixth recommendation that USCIS and SSA finalize the terms of the service-level agreement to help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service, DHS stated that USCIS concurred and has, as noted in the report, drafted a service-level agreement that is under review at SSA. To address the seventh recommendation that USCIS ensure a life cycle cost estimate for the E-Verify program is developed in a manner that reflects the characteristics of a reliable cost estimate consistent with best practices, DHS stated that USCIS concurred and is in the process of finalizing a new life cycle cost estimate that meets such criteria. Such action should help ensure that DHS has a sound basis for making decisions about its E-Verify resource investment. We also received written comments from SSA, which are reprinted in appendix IV. SSA also agreed with the sixth recommendation that it complete a service-level agreement with USCIS and stated that it plans to have such an agreement in place by March 2011. However, SSA did not agree with the eighth recommendation that it assess the risk and uncertainty within its E-Verify workload estimates to ensure that SSA can provide the required level of support to USCIS and E-Verify operations. SSA stated that it routinely assesses the risk and uncertainty when developing assumptions for E-Verify workload estimates and administrative costs related to proposed legislation. SSA also stated that if E-Verify were to become mandatory, SSA would adapt its budget models and recalculate estimated costs based on the new projected workload volume. As discussed in the report, SSA does not conduct a risk and uncertainty analysis that uses statistical models to quantitatively determine the extent of variability around its cost estimate or identify the limitations associated with the assumptions used to create the estimate. As a result, we continue to believe that SSA should adopt this best practice for estimating risks to help it reduce the potential for experiencing cost overruns for E- Verify. SSA also provided us technical comments, which we incorporated as appropriate. We also provided a copy of this draft to CRCL, OSC, ICE, and the Department of State. CRCL and OSC provided technical comments, which we incorporated as appropriate. ICE and the Department of State informed us that they had no comments. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies to the Secretary of Homeland Security, the Commissioner of the Social Security Administration, and other interested parties. The report also will be available at no charge on the GAO Web site at [hyperlink, http://www.gao.gov]. If you or your staff members have any questions about this report, please contact me at (202) 512-8777 or stanar@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix V. Signed by: Richard M. Stana: Director, Homeland Security and Justice Issues: [End of section] Appendix I: Objectives, Scope, and Methodology: You requested that we examine the Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS) and the Social Security Administration's (SSA) operation of the E-Verify program and their efforts to address previously reported concerns. For this review, we examined the progress that USCIS and SSA have made since we last testified in June 2008. Specifically, we examined the extent to which: * USCIS has reduced the incidence of tentative nonconfirmations (TNC) and E-Verify's vulnerability to fraud, * USCIS has improved its ability to monitor employer noncompliance and ensure compliance with E-Verify program policies and procedures, * USCIS has provided safeguards for employees' personal information in E-Verify and enabled employees to correct inaccurate information, and: * USCIS and SSA have taken steps to prepare for mandatory E-Verify implementation. To determine the extent to which USCIS has reduced the incidence of TNCs and E-Verify's vulnerability to fraud, we analyzed reports on E- Verify issued by SSA's Office of the Inspector General, the Westat Corporation (Westat), USCIS's Ombudsman, and public policy think tanks, such as the Migration Policy Institute and the Center for Immigration Studies. We analyzed relevant legislation pertaining to E- Verify, USCIS and SSA program documentation on enhancements made to the E-Verify program since we testified in June 2008, E-Verify standard operating procedures, indicators and goals for reducing both the TNC rate and identity fraud, performance measures for assessing system accuracy, statistics quantifying the reduction in TNCs and identity fraud as a result of enhancements made, and interagency agreements. We reviewed videos developed jointly by USCIS's Verification Division, the division overseeing the E-Verify program, and DHS's Office for Civil Rights and Civil Liberties (CRCL) on employee rights, and SSA documentation on its initiatives to assist employees with name and citizenship changes. We analyzed data on the results of E-Verify queries for fiscal year 2009. To determine whether the data were reliable, we interviewed senior E-Verify program officials from USCIS's Verification Division about their procedures for ensuring data quality in the transaction database, which stores E- Verify queries, and senior SSA officials about their procedures for ensuring data quality in the Numerical Identification System (Numident), which stores information on all individuals in the United States with Social Security numbers. We questioned E-Verify program and SSA officials about the sources of the data and policies and procedures used to maintain the integrity of these data. We also analyzed the SSA's Office of the Inspector General's report on Numident data accuracy, and determined that its review provided sufficient assurance of the quality of those variables used in the E- Verify process.[Footnote 68] Based on our analysis of the information obtained, we determined that USCIS's and SSA's E-Verify data were sufficiently reliable for reporting purposes. We interviewed senior officials from the State Department to discuss the agency's efforts to coordinate with USCIS on implementation of the photo matching tool and associated challenges with incorporating passport photographs into E- Verify. We interviewed officials from the American Association of Motor Vehicle Administrators to determine the extent to which USCIS has made progress in coordinating with the association to incorporate driver's license data and photographs into E-Verify and what challenges remain. We also reviewed the E-Verify evaluation conducted by Westat in December 2009, including Westat's methodology for collecting data from employers using E-Verify, and for estimating the percentage of unauthorized employees that E-Verify incorrectly confirmed as work eligible. Although the data were subject to various sources of error, which Westat acknowledged in its report, we believe Westat's approach was appropriate and produced a credible estimate given the limitations of the data. To determine the extent to which USCIS has improved its ability to monitor employer noncompliance and ensure compliance with E-Verify program policies and procedures, we analyzed E-Verify program documentation on enhancements made to the Monitoring and Compliance Branch since we testified in June 2008, including USCIS's efforts to develop new technology to assist the branch in better identifying trends in employer noncompliance and open additional regional offices to help oversee employer compliance with the program. We analyzed the branch's standard operating procedures for identifying employer noncompliance, its training plan for its monitoring and compliance analysts, and its plan for contacting noncompliant employers to address incidents of noncompliance with E-Verify policies and procedures. We reviewed USCIS's staffing model for the branch, as well as cost estimates for staffing the branch in fiscal years 2010 and 2011. We analyzed the E-Verify tutorial that USCIS requires employers to complete before participating in E-Verify and the tutorial mastery test, as well as practices for evaluating the effectiveness of training and development programs. We reviewed documentation on other E-Verify educational activities available through the E-Verify Web site that USCIS conducts to assist employers with E-Verify compliance. We conducted interviews with senior E-Verify program officials at USCIS, senior officials at U.S. Immigration and Customs Enforcement (ICE), and senior officials at the Department of Justice's Office of Special Counsel for Immigration-Related Unfair Employment Practices (OSC) to determine what procedures have been put in place to address and sanction employer noncompliance with E-Verify program rules and the extent to which the agencies were coordinating with one another to address employer noncompliance. We also analyzed an interagency agreement between USCIS and ICE to determine the extent to which the agencies are coordinating to address noncompliance issues related to E- Verify. To determine the extent to which USCIS provides safeguards for employees' personal information in E-Verify and enables employees to identify, access, and correct information in personal records that is incorrect or inconsistent, we reviewed the Fair Information Practice Principles adopted by the DHS Chief Privacy Officer and assessed the extent to which USCIS has addressed relevant principles within in E- Verify program. The principles we identified as relevant to E-Verify were Transparency, Individual Participation, Purpose Specification, Data Minimization, Use Limitation, Data Quality and Integrity, Security, and Accountability and Auditing. We analyzed USCIS's standard operating procedures for resolving DHS-related TNCs, and conducted interviews with privacy officials at USCIS to determine what, if any, limitations exist in resolving these TNCs. We analyzed USCIS's privacy impact assessments that were required by the E- Government Act of 2002 and a system of records notice that was required by the Privacy Act of 1974. We analyzed SSA's processes for resolving TNCs and SSA's EV-STAR procedures to determine the impact these processes had employee nonconfirmations. We also interviewed senior officials at SSA to discuss SSA's processes for resolving TNCs and recording decisions in E-Verify. We analyzed an interagency agreement between USCIS and OSC to determine the extent to which the agencies are coordinating to address discrimination issues related to employer use of E-Verify. We reviewed educational and outreach resources provided to employees by OSC, USCIS, and CRCL to help them better understand their rights. We also interviewed officials from DHS's Privacy Office and CRCL and from OSC to discuss their roles and responsibilities for assisting employees in dealing with issues related to civil rights and civil liberties--specifically privacy and discrimination--and their efforts to coordinate with USCIS on these issues. To determine what steps USCIS and SSA have taken to prepare for mandatory E-Verify implementation, we reviewed and assessed USCIS's and SSA's system capacity requirements and life cycle cost estimates. To assess USCIS's and SSA's efforts to ensure that their information technology (IT) infrastructures are capable of supporting increased transaction volumes expected from a mandated E-Verify program, we obtained agency documentation that describes processes and procedures for managing and planning system capacity and availability, and compared these processes and procedures with widely accepted industry practices identified by the Software Engineering Institute.[Footnote 69] We collected results of interagency tests of the E-Verify IT infrastructure, such as those that tested the workload expected if the use of E-Verify is mandated, to validate that both SSA's and the Verification Division's E-Verify systems were scalable to meet performance requirements for increased transaction volumes. We assessed the results of these tests to verify that the agencies were taking steps to ensure that their systems could successfully process increases in IT infrastructure demands. To ensure the reliability of the information we collected, we interviewed senior DHS and SSA officials who were knowledgeable about the E-Verify program and supporting IT infrastructure and discussed with them the agencies' capacity management and planning efforts. To determine the reliability of USCIS's and SSA's cost estimates, we analyzed the derivation of each cost estimate relative to 12 best practices as defined in our Cost Estimating and Assessment Guide. [Footnote 70] The 12 best practices are (1) define the estimate's purpose, (2) develop the estimating plan, (3) define the program's characteristics, (4) determine the estimating structure, (5) identify ground rules and assumptions, (6) obtain the data, (7) develop the point estimate and compare it to an independent cost estimate, (8) conduct sensitivity analysis, (9) conduct risk and uncertainty analysis, (10) document the estimate, (11) present the estimate to management for approval, and (12) update the estimate to reflect actual cost and changes. Our research has determined that these 12 practices can be grouped into the following four characteristics: comprehensive, well-documented, accurate, and credible, and involve an assessment of the methodologies, assumptions, and source data used for the estimate. One analyst reviewed USCIS's and SSA's cost estimates to determine whether the characteristic was (1) not met if the agency provided no evidence that satisfied any portion of the criterion, (2) minimally met if the agency provided evidence that satisfied less than one-half of the criterion, (3) partially met if the agency provided evidence that satisfied about one-half of the criterion, (4) substantially met if the agency provided evidence that satisfied more than one-half of the criterion, and (5) met if the agency provided complete evidence that satisfied the entire criterion. That analyst assigned a value ranging from 1 to 5 indicating the extent to which the agencies met each best practice and averaged the values for the practices that were associated with each characteristic.[Footnote 71] A second analyst independently verified the results. We also interviewed program officials from both agencies responsible for the cost estimate about the estimate's derivation. We also reviewed SSA's E-Verify workload estimates, known as the fallout rate, and workload cost estimates to determine the impact of E- Verify on SSA's current and future workloads. In doing so, we reviewed USCIS's and SSA's reimbursable agreement for SSA's operation of E- Verify, which outlines SSA's responsibilities for operating E-Verify. To determine whether SSA's workload calculations were accurate and reliable, we interviewed senior SSA officials about their procedures for ensuring data quality in the SSA TNC database, which stores all SSA-related TNCs, and SSA's methodology for determining its workload based on data in the TNC database. We performed validation testing to determine that the records in this file contained adequate information to support SSA's calculations for its workload estimates. Based on our review, we determined that SSA's E-Verify workload estimates were sufficiently reliable for reporting purposes. To gain a better understanding of how E-Verify is being implemented at the state level and what users' experiences have been with implementing and operating E-Verify, we conducted site visits to Colorado, North Carolina, and Arizona. We chose these three states based on the length of time each state's E-Verify law had been in effect, the range of employer types covered by the law, and geographic dispersion.[Footnote 72] On these site visits we interviewed state officials responsible for operating E-Verify within their respective state and overseeing implementation of the state's E-Verify law. We interviewed representatives and employers from eight industry associations, representatives from eight immigrant advocacy groups, employers and representatives from four state and local chambers of commerce, and E-Verify users from two state universities to determine what opportunities and challenges exist with operating E-Verify and to gain their insight into some of the issues employers face in attempting to verify employment authorization. Because Arizona law makes local county attorneys partially responsible for overseeing and enforcing Arizona E-Verify laws, we met with officials from the Maricopa County Attorney's and Sheriff's Offices. We conducted in- person and telephone interviews with local SSA regional and field office representatives in each state to learn about the effects of E- Verify on SSA's field office workload. We conducted in-person and telephone interviews with ICE regional and field office staff to determine ICE's role in assisting USCIS with E-Verify education, outreach, and compliance. In Arizona, we met with local USCIS officials to discuss their efforts and coordination with ICE in helping the state implement its E-Verify law. We selected these offices based on several factors, including their proximity to the metropolitan areas we visited, the amount of time SSA field offices spent resolving E-Verify cases, and coordination between ICE and USCIS on outreach efforts. We selected the industry associations representing employers for interviews based on a mix of criteria, such as the type of industry and member use of E-Verify. We selected immigrant advocacy groups to interview based on recommendations obtained from the DHS's CRCL, the National Immigration Law Center, the National Council of La Raza, and the Service Employees International Union. While the views expressed by the representatives in these three states cannot be generalized to all states, industry associations, advocacy groups, and employers, they provided us with additional perspectives on the benefits and challenges associated with E-Verify program. We conducted this performance audit from June 2009 through December 2010 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Appendix II: The Fair Information Practice Principles: Based on the Privacy Act of 1974, the Fair Information Practice Principles are a framework adopted by the DHS Privacy Office that is used to govern the protection of personally identifiable information (PII) throughout DHS. Table 4 outlines the characteristics of each of the eight principles. Table 4: Fair Information Practice Principles: Principle: Transparency; Description: DHS should be transparent and provide notice to the individual regarding its collection, use, dissemination, and maintenance of PII. Principle: Individual Participation; Description: DHS should, to the extent practical, seek individual consent for the collection, use, dissemination, and maintenance of PII and should provide mechanisms for appropriate access, correction, and redress regarding DHS's use of PII. Principle: Purpose Specification; Description: DHS should specifically articulate the authority that permits the collection of PII and specifically articulate the purpose or purposes for which the PII is intended to be used. Principle: Data Minimization; Description: DHS should only collect PII that is directly relevant and necessary to accomplish the specified purpose(s) and only retain PII for as long as is necessary to fulfill the specified purpose(s). Principle: Use Limitation; Description: DHS should use PII solely for the purpose(s) specified in the notice. Sharing PII outside the department should be for a purpose compatible with the purpose for which the PII was collected. Principle: Data Quality and Integrity; Description: DHS should, to the extent practical, ensure that PII is accurate, relevant, timely, and complete, within the context of each use of the PII. Principle: Security; Description: DHS should protect PII (in all forms) through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure. Principle: Accountability and Auditing; Description: DHS should be accountable for complying with these principles, providing training to all employees and contractors who use PII, and auditing the actual use of PII to demonstrate compliance with these principles and all applicable privacy protection requirements. Source: DHS. [End of table] [End of section] Appendix III: Comments from the Department of Homeland Security: US. Department of Homeland Security: Washington, DC 20528: December 8, 2010: Mr. Richard M. Stana: Director, Homeland Security and Justice: U.S. Government Accountability Office: 441 G Street, N.W. Washington, DC 20548: RE: Draft Report GA0-11-146: Employment Verification: Federal Agencies Have Taken Steps to Improve E-Verify, but Significant Challenges Remain, (Job Code 440799): The Department of Homeland Security appreciates the opportunity to review and respond to the Government Accountability Office (GAO) subject report. We are encouraged by GAO's positive findings on the E- Verify Program, particularly our gains in the following areas: * U.S. Citizenship and Immigration Services (USCIS) has reduced the incidence of Tentative Nonconfirmations (TNCs) and E-Verify's vulnerability to fraud. There was a 5.4 percentage point decrease in TNCs between fiscal year (FY) 2007 and FY 2009. * USCIS has improved its ability to monitor and ensure employer compliance with E-Verify Program policies and procedures. Since GAO's testimony in 2008, USCIS has increased staffing levels for monitoring and compliance functions of E-Verify, including expansion into a field office in Buffalo, NY, and, in FY 2011, the opening of a second field office in Lincoln, NE. In FY 2010, USCIS monitored and provided E- Verify compliance assistance to more than 16,000 employers suspected of noncompliance. This exceeded the FY 2010 target for contacting 2 percent of all enrolled employers. * USCIS has provided safeguards for employees' personal information in E-Verify and enabled employees to correct inaccurate information. USCIS Verification Division has its own Privacy Branch dedicated to privacy issues. In June 2010, USCIS updated E-Verify to mask Social Security Numbers (SSNs) when entered into E-Verify. USCIS provides information to employers on safe handling of Personally Identifiable Information (PII). The responsibility to safely handle PII is covered in both the mandatory online tutorial and E-Verify user manual. The E- Verify Web site [hyperlink, http://www.dhs.gov/E-Verify] has a section on privacy principles and provides an overview in eight foreign languages on how an individual's PII is used and stored in E-Verify. In spring 2011, USCIS plans to launch a Self Check feature that enables individuals to check their work authorization status online and provides them with instructions on how to update their records. In FY 2010, USCIS launched a number of employee rights initiatives including an employee hotline and multilingual videos on employee rights and responsibilities produced in partnership with the DHS Office of Civil Rights and Civil Liberties. Furthermore. USCIS signed a Memorandum of Agreement with the Department of Justice's Office of Special Counsel for Unfair Immigration-Related Employment Practices to establish procedures for discrimination case referrals. * USCIS and SSA have taken steps to prepare for mandatory E-Verify implementation. In partnership with SSA, USCIS has used widely accepted industry practices to effectively manage the E-Verify System capacity and availability. USCIS is also in the process of developing a written service-level agreement with SSA. USCIS recognizes there are still opportunities for continued success as the E-Verify Program continues to expand and grow. USCIS concurs with all of GAO's recommendations and can also report that it is taking significant steps toward addressing each of them. USCIS's response follows: Recommendation 1: To reduce the likelihood of name-related erroneous TNCs for employees with multiple or hyphenated surnames, we recommend that the Director of USCIS disseminate information to employees, DHS's Naturalization Guide, and naturalization ceremonies, on the potential for name mismatches and how to record names consistently when providing name information to employers, SSA and DHS. Response: USCIS concurs with this recommendation. USCIS is working with an independent research and evaluation firm to conduct a special study on name-related TNCs. The study, "Evaluation of the Accuracy of E-Verify Findings" will be completed in the 3" quarter of FY 2011 and is focusing on the impact of name and date of birth mismatches on TNCs. USCIS plans to use the study's findings to develop better name matching algorithms and provide enhanced helper text for users. USCIS has included language in the Guide to Naturalization recommending that newly-naturalized citizens update their records with SSA. Page 39 states, "We strongly recommend that you go to your nearest Social Security Administration (SSA) office to update your Social Security record soon after your naturalization ceremony. This is important because your Social Security record will be used to establish eligibility for benefits and to demonstrate authorization to work. The nearest SSA office can be found by calling 1-800-772-1213 or at [hyperlink, http://www.socialsecurity.gov]." The Guide to Naturalization also advises a newly-naturalized citizen to visit SSA if he or she changed his or her name at the oath ceremony and the Certificate of Naturalization does not show their old and new names. Furthermore, it recommends which documents the new citizen needs to present to SSA to complete the name change. In addition, on November 8, 2010, USCIS began an initiative to distribute the U.S. Citizenship Welcome Packet to newly-naturalized citizens at all naturalization ceremonies (both administrative and judicial). This packet specifically advises that each new citizen go to a local SSA office to update his or her Social Security record soon after the naturalization ceremony. Recommendation 2: To better target USCIS's education efforts and ensure employer compliance with the E-Verify Program, we recommend that the Director of USCIS develop an analysis plan for the mastery test and use the analysis results to make fact-based decisions about whether and how to revise the test, the tutorial, or both. Response: USCIS concurs with this recommendation. The E-Verify mastery test is required for all new employers after they have completed the mandatory online tutorial. USCIS began analyzing the mastery test results following a June 2010 mastery test revision to assess what questions may need revision and to determine what concepts may require greater explanation. USCIS identified three questions needing revision and plans to make corresponding changes in E-Verify release 6.0. scheduled for 2011. The analysis will be an ongoing effort, and we will continue to monitor reports to determine changes for future releases. Recommendation 3: To ensure that employees have the ability to access and correct inaccuracies or inconsistencies in personal information within DHS databases that may have led to erroneous TNCs and minimize the potential for employees receiving repeated erroneous TNCs, we recommend that the Director of USCIS develop procedures that enable employees to access personal information and correct inaccuracies or inconsistent personal information in DHS databases. Response: USCIS concurs with this recommendation. As noted in the report, USCIS and other DHS Components have regulatory processes available for the review and correction of personal information under the Privacy Act. However, USCIS recognizes that these processes may need to be supplemented by methods specifically designed for the needs of E-Verify users. USCIS is developing the E-Verify Self Check service that addresses the recommendation made by GAO. E-Verify Self Check will be a free, Web-based service that allows individuals to check their own work authorization status against SSA and DHS databases. If a mismatch occurs the user will be notified of the mismatch and given directions on how to rectify the issue (e.g., visit an SSA field office, contact DHS). To conduct a "self check," users will be required to first go through an identity assurance process to ensure that the correct person is accessing his or her work authorization status. USCIS plans to deploy E-Verify Self Check in spring 2011 through a phased pilot implementation process. Based on the results of the pilot, USCIS will consider expanding E-Verify Self Check to more users as early as 2013. In addition to the future Self Check feature, employees with TNCs who contact USICS are referred to local USCIS offices, Customs and Border Protection (CBP) offices, and Ports of Entry to correct records when they identify errors or inconsistencies. For USCIS system inconsistencies, employees may make an appointment via the Infopass system to visit the local office and have their records reviewed and updated, if appropriate. Additionally, we are currently piloting a process whereby USCIS staff assist employees who receive TNCs by submitting an electronic application through the "Service Request Management Tool" (SRMT) to request a records update. Finally, USCIS will work with internal and external stakeholders to improve quality assurance on the source data that USCIS uses to determine employment authorizations. Recommendation 4: To improve the accuracy of the source data used to make employment eligibility decisions and decrease the potential for recurring erroneous nonconfirmations, we recommend that the Secretary of Homeland Security direct the heads of DHS components to coordinate with one another to develop procedures to correct inaccurate or inconsistent information in their records and systems that may have led to an erroneous TNCs of FNCs. Response: DHS concurs with this recommendation and will continue to work with the components to ensure that data is transmitted or made available to the E-Verify program that provides the most accurate and up-to-date information on immigration status. As noted in the report, the E-Verify program has created a Database Integrity Unit that is tasked with identifying and facilitating the correction of erroneous information contained in DHS component databases. Additionally. The DHS Office of Policy, Screening Coordination Office (SCO) works with USCIS, CBP, and US-VISIT to establish links between the Verification Information System (VIS) and Arrival Departure Information System (ADIS) and I-94W automated systems to provide real time arrival data to USCIS. DHS/SCO has also been working with USCIS and ICE on the upgrades to the Student and Exchange Visitor Information System (SEVIS) data which when completed will provide more accurate information to USCIS on student status. DHS will continue to work closely with the components to ensure that correct and accurate information is transmitted or made available to the E-Verify program and that inaccuracies in the various systems are corrected. Recommendation 5: To decrease the potential for recurring erroneous nonconfirmations, we recommend that the Director of USCIS develop procedures for management program analysts to document the basis for their work authorization decisions. Response: USCIS concurs with this recommendation. USCIS plans to re- engineer our Status Verification System (SVS), which is used to track and manage TNCs, so that Status Verifiers can document the basis for their work authorization decisions. SVS's re-engineering implementation will occur in FY 2013. As noted by GAO, USCIS will implement procedures to address this through the use of a comment box and will update Standard Operating Procedures (SOPs) to require this documentation by the second quarter of FY 2011. Recommendation 6: To help ensure that SSA will be able to meet the capacity demands of the E-Verify Program and provide USCIS with continuous service in the future, we recommend that the Director of USCIS and the Commissioner of SSA finalize the terms of the service- level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E- Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion. Response: USCIS concurs with this recommendation and has drafted a service-level agreement that is under review at SSA. Recommendation 7: To ensure that USCIS has a sound basis for making decisions about resource investments for E-Verify and securing sufficient resources to effectively execute defined program plans, we recommend that the Director of USCIS ensure that a life cycle cost estimate for the E-Verify is developed in a manner that reflects the four characteristics of a reliable estimate consistent with best practices-comprehensive, well-documented, accurate, and credible. Response: USCIS concurs with this recommendation. The current Life Cycle Cost Estimate (LCCE) met three of four characteristics of a reliable cost estimate and partially met one characteristic. USCIS is in the process of finalizing a new Life Cycle Cost Estimate (LCCE) that meets GAO criteria and is based on the Systems Engineering Lifecycle (SELC) process. The Department appreciates the opportunity to comment on the draft report. In addition to this response, technical comments have been provided under a separate cover. Sincerely, Signed by: H. W. Couch, Jr. Deputy Director: Departmental GAO/OIG Liaison Office: [End of section] Appendix IV: Comments from the Social Security Administration: Social Security: Social Security Administration: Baltimore, MD 21235-0001: December 10, 2010: Mr. Richard M. Stana: Government Accountability Office: Director, Homeland Security and Justice: 441 G. Street, N.W. Washington. D.C. 20548: Dear Mr. Stana: Thank you for the opportunity to review the Government Accountability Office (GAO) draft report, "Employment Verification: Federal Agencies Have Taken Steps to Improve E-Verify. But Significant Challenges Remain" (GAO-1 1-146). Our comments on the report are enclosed. If you have any questions, please contact me or have your staff contact Rebecca Tothero, Acting Director. Audit Management and Liaison Staff at (410) 966-6975. Sincerely, Signed by: Dean S. Landis: Deputy Chief of Staff: Enclosure: [End of letter] Comments On The Government Accountability Office (GAO) Draft Report. "Employment Verification: Federal Agencies Have Taken Steps To Improve &Verify, But Significant Challenges Remain" (GA0-11-146): Thank you for the opportunity to review the subject report. We offer the following responses to your recommendations and technical comments. Recommendation: "To help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service in the future, we recommend that the Director of the USCIS and the Commissioner of SSA finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion." Response: We agree. We are developing an E-Verify service-level agreement with the United States Citizenship and Immigration Services (USCIS) and expect to have it in place by March 2011. Recommendation: "To ensure that SSA can accurately project costs associated with its E- Verify workload, as well as estimates for potential mandatory implementation of E-Verify, we recommend that the Commissioner of SSA assess the risk and uncertainty within SSA's E-Verify workload estimate as well as the limitations associated with the assumptions used to create it, in accordance with best practices, to ensure that SSA can provide the required level of support to USCIS and E-Verify operations." Response: We disagree with the implication that we do not assess the risk and uncertainty within our E-Verify workload estimates. We routinely assess the risk and uncertainty when developing assumptions for E- Verify workload estimates and administrative cost estimates related to proposed legislation. We understand that E-Verify workloads may grow and that they would grow substantially with mandatory implementation of E-Verify. If there is mandatory implementation of E-Verify, USCIS would provide us with revised estimated workloads. We would adapt our budget models quickly and re-calculate estimated costs based on the new projected volume. [End of section] Appendix V: GAO Contact and Staff Acknowledgments: GAO Contact: Richard M. Stana, (202) 512-8777 or stanar@gao.gov: Staff Acknowledgments: In addition to the contact named above, Evi Rezmovic, Assistant Director, and Sara Margraf, Analyst-in-Charge, managed this assignment. Blake Ainsworth, David Alexander, Tonia Brown, Frances Cook, Marisol Cruz, John de Ferrari, Julian King, Linda Miller, Danielle Pakdaman, David Plocher, Karen Richey, Robert Robinson, Douglas Sloane, Stacey Steele, Desiree Thorp, Vanessa Taylor, Teresa Tucker, and Ashley Vaughan made significant contributions to the report. [End of section] Footnotes: [1] The Illegal Immigration Reform and Immigrant Responsibility Act, as amended, Pub. L. No. 104-208, div. C, §§ 401-404, 110 Stat. 3009- 546, 3009-655 to -665 (1996),required the former U.S. Immigration and Naturalization Service (whose E-Verify responsibilities were taken over by USCIS) and SSA to operate E-Verify allowing employers to electronically verify an employee's eligibility to work. [2] See Federal Acquisition Regulation (FAR) subpt. 22.18. As of September 8, 2009, with certain exceptions, federal contracting officers are to include the E-Verify requirements in federal prime contracts above $100,000 and require such prime contractors to include the E-Verify requirements in certain subcontracts. The FAR employment eligibility verification contract clause (FAR § 52.222-54) also includes specified exceptions, such as one permitting institutions of higher education and state and local governments to verify only new hires working directly under the contract. [3] GAO, Immigration Enforcement: Weaknesses Hinder Employment Verification and Worksite Enforcement Efforts, [hyperlink, http://www.gao.gov/products/GAO-05-813] (Washington, D.C.: Aug. 31, 2005). [4] GAO, Employment Verification: Challenges Exist in Implementing a Mandatory Electronic Employment Verification System, [hyperlink, http://www.gao.gov/products/GAO-08-895T] (Washington, D.C.: June 10, 2008). [5] A TNC occurs when an employee's information is compared electronically to government records, and SSA cannot match this information to confirm that the employee is eligible for work in the United States. Employees who believe their TNCs were errors must contact either SSA or USCIS to resolve the situation if they wish to continue their employment. [6] Westat Corporation, Findings of the E-Verify Program Evaluation (Rockville, Md., December 2009). [7] USCIS's transaction database stores information on E-Verify transactions and SSA's Numident stores information on individuals with Social Security numbers. [8] Software Engineering Institute, CMMI for Services, Version 1.2 (Pittsburgh, Pa., February 2009). The Software Engineering Institute is a nationally recognized, federally funded research and development center established at Carnegie Mellon University to address software engineering practices. [9] GAO, GAO Cost Estimating and Assessment Guide: Best Practices for Developing and Managing Capital Program Costs, [hyperlink, http://www.gao.gov/products/GAO-09-3SP] (Washington, D.C.: March 2009), 8-13. [10] We selected the eight associations and four chambers of commerce based on industry type and members' use of E-Verify, the eight immigrant advocacy groups based on recommendations obtained from several governmental and nongovernmental organizations, and the two state universities based on their use of E-Verify and proximity to the metropolitan areas we visited. [11] Pub. L. No. 99-603, § 101(a)(1), 100 Stat. 3359, 3360-72 (codified as amended at 8 U.S.C. § 1324a). [12] There are 26 documents that are acceptable for the employment verification process. Six of these documents establish both identity and employment eligibility (e.g., U.S. passport or permanent resident card); 12 documents establish identity only (e.g., driver's license); and 8 documents establish employment eligibility only (e.g., Social Security card without the legend "Not Valid for Employment"). For verification purposes, employees may present either a single document from the first category or a combination of two documents, one from the identity category and one from the employment eligibility category. Employers who participate in E-Verify, however, must agree that if an employee presents a document from the identity-only category, they only will accept such a document if it contains a photograph. [13] Employers may choose to register for E-Verify by deciding to use E-Verify at individual worksites or by limiting the use of E-Verify to certain locations, such as a company's headquarters. Employers may also contract the use of E-Verify to an independent designated agent, to act on their behalf to verify the employment eligibility of their newly hired employees. Companies have the option to extract information from their existing human resources or payroll systems and transmit those data to E-Verify to verify employment authorization. [14] Federal contractors have 90 days from the date they enroll with E- Verify to initiate verification queries on all newly hired employees and existing employees assigned to a federal contract. After this 90- day phase-in period, federal contractors are required to initiate verification of each newly hired employee within 3 business days after the employee's start date. [15] Numident is a repository of personal information on individuals who have a Social Security number. This information includes the number holder's name, date of birth, place of birth, parents' names, citizenship status as recorded by SSA, date of death (if applicable), and the office where the Social Security number application was processed and approved. [16] TECS is an updated and modified version of the former Treasury Enforcement Communications System. [17] USCIS is the agency responsible for reviewing and approving or denying applications for lawful employment in the United States as well as applications for U.S. citizenship. [18] Noncitizens who are not permanent residents but still eligible to work in the United States, such as holders of certain kinds of visas that include employment eligibility, generally need to obtain an employment authorization document from USCIS prior to seeking employment. [19] A TNC may take some time to resolve after the employee has initiated contact with SSA or DHS. An employee is not to receive a FNC or be terminated from employment until SSA or DHS respond to the TNC inquiry. [20] Department of Homeland Security Appropriations Act of 2010, Pub. L. No. 111-83, § 547, 123 Stat. 2142, 2164-65, 2177 (2009). [21] Westat collected information via Web and onsite surveys of employers, in-person surveys of employees processed through the E- Verify system, a stakeholder conference, and interviews with federal employees and contractors. [22] To determine that USCIS had reduced its erroneous TNC rate, Westat compared data in the transaction database from April through June 2005 with data from April through June 2008. [23] Social Security Administration, Office of the Inspector General, The Social Security Administration's Implementation of the E-Verify Program for New Hires, A-03-09-29154 (Baltimore, Md., Jan. 6, 2010). [24] According to SSA, of the 1,713 new hires identified by the OIG as requiring verification through E-Verify, not all were required to be verified per E-Verify policy, specifically, those transfers from other federal agencies, reemployed annuitants, returning students, and military hires. According to SSA, after deducting these hires from the 1,713, only 1,314 required verification. SSA reported that it verified the 1,314 employees in March 2010. [25] USCIS has also taken steps to help naturalized citizens better resolve TNCs. For example, in May 2008, USCIS developed a process to allow naturalized citizens to directly resolve their SSA TNCs with DHS. Almost 94 percent of employees who received an SSA TNC for a citizenship mismatch from October 2009 through August 31, 2010, have chosen to resolve their TNC by calling DHS. USCIS reported that 94 percent of employees who called USCIS after receiving an SSA TNC were determined to be work eligible. [26] According to OSC, it has also worked with USCIS to help educate new citizens about the need to update their information with SSA. [27] E-Verify program officials stated that the 60 million projection is based on the approximate number of individuals that U.S. employers hire each year. [28] E-Verify program officials told us that the agency contracted with Westat in 2008 to conduct a study on the impact of complex names on the name-matching process to determine the frequency of erroneous TNCs attributable to name mismatches and whether they constituted a serious problem and, if so, to identify possible corrective actions. USCIS expects to receive Westat's final report in fiscal year 2011. [29] We did not specifically inquire about name-related TNCs in all of our meetings with employers and therefore do not know how many, if any, of the remaining 20 employers also believed that TNCs were more likely to occur with certain Hispanic employees. [30] According to CRCL, the E-Verify videos are distributed through a variety of sources, including by CRCL during community engagement and speaking events; USCIS through its Web site, during outreach events, and upon request from the public; and OSC upon request from the public and during outreach events. CRCL has drafted a plan to further distribute these videos to a variety of stakeholders, including private sector groups and nongovernmental organizations, but did not provide a time frame for when it will start distribution. [31] GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). [32] USCIS has established a goal to strengthen the security and integrity of the E-Verify program by ensuring data accuracy. [33] GAO has previously reported on the risks associated with the use of fraudulent documents and agencies actions to address them. See GAO, Border Security: Better Usage of Electronic Passport Security Features Could Improve Fraud Detection, [hyperlink, http://www.gao.gov/products/GAO-10-96] (Washington, D.C.: Jan. 22, 2010), and State Department: Undercover Tests Show Passport Issuance Process Remains Vulnerable to Fraud, [hyperlink, http://www.gao.gov/products/GAO-10-922T] (Washington, D.C.: July 29, 2010). [34] According to officials at the American Association of Motor Vehicle Administrators, this pilot automates motor vehicle document verification between motor vehicle agencies and the E-Verify user. This pilot does not include the use of driver's license photographs. The program is designed to allow E-Verify employers to verify a new employee's driver's license, permit, or state-issued identification card directly with the issuing agency, and E-Verify is to send information back to the employer on whether the submitted information matches the motor vehicle agency's data. [35] According to USCIS, a locked Social Security number would halt any attempt by participating E-Verify employers to verify an employee's Social Security number through E-Verify if the employee notifies USCIS that his or her identity has been stolen and can provide supporting documentation to USCIS. [36] [hyperlink, http://www.gao.gov/products/GAO-05-813]. [37] The six behaviors are (1) multiple use of the same Social Security number across all E-Verify transactions, including use of the same Social Security numbers to fraudulently obtain information using various biographic information; (2) employer failure to use E-Verify after registering with the program; (3) employer termination of an employee who receives a TNC; (4) employer failure to perform verification within 3 business days of hire; (5) employer verification of existing employees; and (6) employer verification of employees hired prior to 1986. USCIS identified employer discrimination based on citizenship as a seventh behavior for Monitoring and Compliance Branch staff to examine, but this has not yet been implemented. [38] Since we reported in June 2008, USCIS has adjusted its goal from contacting 6 percent of registered employers to contacting 2 percent of worksites. E-Verify program officials said that monitoring worksites rather than employers enables USCIS to focus on the actual users of E-Verify, because an employer can have multiple worksites, and responsibility for running new hires through E-Verify could be decentralized such that individual worksites are responsible for verifying the employment eligibility of their own employees. [39] In June 2009, USCIS deployed the Compliance Tracking and Management System to serve as its central repository of information about incidents of noncompliant employer behavior. [40] This guidance includes, among other things, the E-Verify User Manual, E-Verify Quick Reference Guide, E-Verify User Manual for Federal Contractors, and the E-Verify MOU. USCIS has also developed an E-Verify compliance and self-audit tool to assist participating employers in better understanding and complying with E-Verify user requirements. [41] In 2007 Westat made 10 recommendations to USCIS to revise the tutorial, and 8 recommendations to USCIS to enhance the user friendliness of its E-Verify employer educational materials. USCIS reported that it has addressed 10 recommendations, 4 of these recommendations with the release of the new E-Verify tutorial in June 2010, and 3 of these recommendations by simplifying and streamlining E- Verify data entry, system navigation, and the process by which employers resolve cases. USCIS reported that it has plans in place to address 3 recommendations from 2011 through 2012 and does not have a timeline for addressing the 4 additional recommendations. [42] GAO, Aviation Security: Efforts to Validate TSA's Passenger Screening Behavior Detection Program Underway, but Opportunities Exist to Strengthen Validation and Address Operational Challenges, [hyperlink, http://www.gao.gov/products/GAO-10-763] (Washington, D.C.: May 20, 2010), and Human Capital: A Guide for Assessing Strategic Training and Development Efforts in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO-04-546G] (Washington, D.C.: March 2004). [43] In June 2010, USCIS completed its Registration Re-engineering Initiative, an effort designed to validate the authenticity of E- Verify users by comparing employer information provided during the registration process with employer information in a commercial database. [44] Westat cited this as an issue, reporting that approximately 16 percent of surveyed employers in 2006 and 10 percent of surveyed employers in 2008 indicated that they had E-Verify system users on staff who had not completed the tutorial. [45] As of August 31, 2010, USCIS reported that it had completed one site visit. [46] USCIS must rely on OSC to investigate, sanction, and prosecute employers that violate the antidiscrimination provision of IRCA. [47] Of the 444 criminal arrests in fiscal year 2009, 114 were arrests of employers and management officials and 330 were arrests of workers. As of August 30, 2010, ICE had made 397 criminal arrests--165 of employers and management officials and 232 of workers--and obtained 270 indictments as a result of worksite enforcement-related investigations. [48] ICE officials said they opened an investigation in one case, but lacked sufficient evidence to prove wrongdoing. ICE officials said that ICE decided not to open investigations for the other two cases because each was limited to a single incident of document fraud. [49] The Fair Information Practice Principles adopted by DHS are a revision of principles, called the Fair Information Practices, first proposed by a U.S. government advisory committee. See Department of Health, Education, and Welfare, Records, Computers and the Rights of Citizens: Report of the Secretary's Advisory Committee on Automated Personal Data Systems (July 1973). [50] The privacy notices included several privacy impact assessments, which are required by the E-Government Act of 2002 and system of records notices, which are required by the Privacy Act of 1974. [51] Department of Homeland Security, 2009 Annual Freedom of Information Act Report to the Attorney General of the United States, October 1, 2008-September 30, 2009 (Washington, D.C., February 2010). [52] Department of Homeland Security, Privacy Policy Guidance Memorandum 2008-01 (Dec. 29, 2008). [53] USCIS reported that it plans to deploy a self-check initiative in spring 2011 to provide individuals a tool for verifying their employment eligibility outside of the hiring process and an opportunity to proactively correct outdated or incorrect information in SSA or DHS databases prior to applying for a job. [54] OSC is the office responsible for enforcing the antidiscrimination provision of the Immigration and Nationality Act, which prohibits discrimination in hiring, firing, recruitment or referral for a fee based on citizenship or immigration status or national origin, along with discriminatory practices in the employment eligibility verification process and retaliation. [55] According to USCIS, it has TNC letters in Spanish, Haitian- Creole, Japanese, Korean, Chinese, Vietnamese, Russian, and Tagalog. [56] Department of Homeland Security, Privacy Policy Guidance Memorandum 2008-01. [57] GAO, Results-Oriented Government: Practices That Can Help Enhance and Sustain Collaboration among Federal Agencies, [hyperlink, http://www.gao.gov/products/GAO-06-15] (Washington, D.C.: Oct. 21, 2005). [58] The USCIS data did not break out the number of TNCs for foreign- born versus U.S-born employees. Therefore, we were unable to determine the extent to which foreign-born employees were more likely to receive erroneous TNCs compared to U.S.-born employees. [59] Senior CRCL officials told us that CRCL is now referring to these assessments as civil rights and civil liberties impact assessments because their review addresses concerns related both civil rights and civil liberties. [60] From October 2009 through February 2010, OSC reported that it had referred 17 instances of nondiscriminatory employer misuse of E-Verify to USCIS. [61] According to OSC, in fiscal year 2010, it handled 992 E-Verify- related hotline calls (or 14 percent of total hotline calls). [62] There are additional established practices for maintaining system capacity and availability. We identified the six practices discussed above by obtaining agency documentation that describes USCIS and SSA processes and procedures for managing and planning system capacity and availability and compared them with the practices established by the Software Engineering Institute. [63] GAO, Computer Operations: FAA Needs to Implement an Effective Capacity Management Program, [hyperlink, http://www.gao.gov/products/GAO/IMTEC-92-2] (Washington, D.C.: Nov. 27, 1991). [64] Booz Allen/Hamilton, Independent Assessment of the E-Verify Architecture (Washington, D.C., Feb. 8, 2008). [65] The Project Management Institute, The Standard for Program Management© (Newton Square, Pa., 2006). [66] OMB Circular No. A-11, Preparation, Submission, and Execution of the Budget; OMB Circular No. A-130 Revised, Management of Federal Information Resources (Nov. 28, 2000); and Office of Management and Budget, Capital Programming Guide: Supplement to Circular A-11, Part 7, Preparation, Submission, and Execution of the Budget (Washington, D.C., June 2006). [67] If this were to occur, either USCIS would be responsible for providing additional funds for SSA to continue E-Verify operations or SSA would have to limit the amount of service its provides to USCIS until a new reimbursable agreement is developed or additional funds become available. [68] Social Security Administration, Office of the Inspector General, Accuracy of the Social Security's Numident File, A-08-06-26100 (Baltimore, Md., Dec. 8, 2006). [69] Software Engineering Institute, CMMI for Services, Version 1.2 (Pittsburgh, Pa., February 2009). The Software Engineering Institute is a nationally recognized, federally funded research and development center established at Carnegie Mellon University to address software engineering practices. [70] [hyperlink, http://www.gao.gov/products/GAO-09-3SP], 8-13. [71] We scored best practice on a scale from 1 to 5 where not met equaled 1, minimally met equaled 2, partially met equaled 3, substantially met equaled 4, and met equaled 5. [72]In Colorado, state law requires state contractors to certify that they will use E-Verify or a state operated Department Program as an alternative to E-Verify for new hires performing work under a state contract for services. In North Carolina, state law requires state agencies, institutions, colleges, and local education agencies to use E-Verify on all employees hired on or after January 1, 2007 (or March 1, 2007, in the case of local education agencies). In Arizona, state law requires all employers, whether public or private, to use E-Verify to verify new hires. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: