Skip to main content

Border Security: DHS's Efforts to Modernize Key Enforcement Systems Could be Strengthened

GAO-14-62 Published: Dec 05, 2013. Publicly Released: Jan 06, 2014.
Skip to Highlights

Highlights

What GAO Found

Customs and Border Protection (CBP) has defined the scope for its TECS (not an acronym) modernization (TECS Mod) program, but its schedule and cost continue to change; while Immigration and Customs Enforcement (ICE) is overhauling the scope, schedule, and cost of its program after discovering that its initial solution is not technically viable. CBP's $724 million program intends to modernize the functionality, data, and aging infrastructure of legacy TECS and move it to DHS's data centers. CBP plans to develop, deploy, and implement these capabilities between 2008 and 2015. To date, CBP has deployed functionality to improve its secondary inspection processes to air and sea ports of entry and, more recently, to land ports of entry in 2013. However, CBP is in the process of revising its schedule baseline for the second time in under a year. Further, portions of CBP's schedule remain undefined and the program does not have a fully developed master schedule. These factors increase the risk of CBP not delivering TECS Mod by its 2015 deadline. Regarding ICE's $818 million TECS Mod program, it is redesigning and replanning its program, having determined in June 2013 that its initial solution was not viable and could not support ICE's needs. As a result, ICE halted development and is now assessing design alternatives and will revise its schedule and cost estimates. Program officials stated the revisions will be complete in December 2013. Until ICE completes the replanning effort, it is unclear what functionality it will deliver, when it will deliver it, or what it will cost to do so, thus putting it in jeopardy of not completing the modernization by its 2015 deadline.

CBP and ICE have managed many risks in accordance with some leading practices, but they have had mixed results in managing requirements for their programs. In particular, neither program identified all known risks and escalated them for timely management review. Further, CBP's guidance defines key practices associated with effectively managing requirements, but important requirements development activities were underway before these practices were established. ICE, meanwhile, operated without requirements management guidance for years, and its requirements activities were mismanaged as a result. For example, ICE did not complete work on 2,600 requirements in its initial release, which caused testing failures and the deferral and deletion of about 70 percent of its original requirements. ICE issued requirements guidance in March 2013 that is consistent with leading practices, but it has not yet been implemented.

The Department of Homeland Security's (DHS) governance bodies have taken actions to oversee the two TECS Mod programs that are generally aligned with leading practices. Specifically, DHS's governance bodies have monitored TECS Mod performance and progress and have ensured that corrective actions have been identified and tracked. However, the governance bodies' oversight has been based on sometimes incomplete or inaccurate data, and therefore the effectiveness of these efforts is limited. For example, one oversight body rated CBP's program as moderately low risk, based partially on the program's use of earned value management, even though program officials stated that neither they nor their contractor had this capability. Until these governance bodies base their performance reviews on timely, complete, and accurate data, they will be constrained in their ability to effectively provide oversight.

Why GAO Did This Study

DHS's border enforcement system, known as TECS, is the primary system available for determining admissibility of persons to the United States. It is used to prevent terrorism, and provide border security and law enforcement, case management, and intelligence functions for multiple federal, state, and local agencies. It has become increasingly difficult and expensive to maintain because of technology obsolescence and its inability to support new mission requirements. Accordingly, in 2008, DHS began an effort to modernize the system. It is being managed as two separate programs working in parallel by CBP and ICE.

GAO's objectives were to (1) determine the scope and status of the two TECS Mod programs, (2) assess selected CBP and ICE program management practices for TECS Mod, and (3) assess the extent to which DHS is executing effective executive oversight and governance of the two TECS Mod programs.

To do so, GAO reviewed requirements documents and cost and schedule estimates, and determined the current scope, completion dates, and life cycle expenditures. GAO also reviewed risk management and requirements management plans, as well as governance bodies' meeting minutes.

Recommendations

GAO is recommending DHS improve its efforts to manage requirement and risk, as well as its governance of the TECS Mod programs. DHS agreed with all but one of GAO's eight recommendations, and described actions planned and underway to address them.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Homeland Security To improve DHS's efforts to develop and implement its TECS Mod programs, the Secretary of Homeland Security should direct the CBP Commissioner to ensure that the appropriate individuals develop an integrated master schedule that accurately reflects all of the program's work activities, as well as the timing, sequencing, and dependencies between them.
Closed – Implemented
The Department of Homeland Security (DHS) has taken steps to address this recommendation. Specifically, in August 2016, officials from U.S. Customs and Border Patrol (CBP) shared with us how the TECS Mod master schedule files (developed in MS Project) were integrated with the TECS Mod's system architecture tool, such that both would display the timing of project tasks. Further, in May 2017, the CBP program manager further clarified how the master schedule files showed the activity sequencing and dependencies. For example, the program manager discussed how the main project tasks were linked between MS Project and the system architecture tool, how dependencies were represented, and the...
Department of Homeland Security To improve DHS's efforts to develop and implement its TECS Mod programs, the Secretary of Homeland Security should direct the CBP Commissioner to ensure that the appropriate individuals ensure that all significant risks associated with the TECS Mod acquisition are documented in the program's risk and issue inventory inventory--including acquisition risks mentioned in this report report-- and are briefed to senior management, as appropriate.
Closed – Implemented
The Department of Homeland Security (DHS) agreed with and has taken steps to address this recommendation. In August 2016, U.S. Customs and Border Protection (CBP) officials stated that the program had established a new contract to implement earned value management (EVM) and was making progress in implementing it on three TECS Mod projects: Lookout Record Data and Services, Manifest Processing, and Primary Inspection Processes. Further, officials stated that the program has been monitoring cost and schedule performance to ensure alignment of the program life cycle cost estimate and integrated master schedule with the approved program baseline. In May 2017, the CBP TECS Mod program manager...
Department of Homeland Security To improve DHS's efforts to develop and implement its TECS Mod programs, the Secretary of Homeland Security should direct the CBP Commissioner to ensure that the appropriate individuals revise and implement the TECS Mod program's risk management strategy and guidance to include clear thresholds for when to escalate risks to senior management, and implement as appropriate.
Closed – Implemented
The Department of Homeland Security (DHS) agreed with, and has taken action to address, this recommendation. Specifically, in January 2014, U.S. Customs and Border Protection (CBP) updated its TECS Mod Program Risk Management Plan to include thresholds for when risks should be escalated. For example, the risk management plan states that all risks with a high impact rating will be escalated to the Passenger Systems Program Directorate (PSPD) Executive Director for awareness and decision making in implementing the associated issue action plan. Further, the plans establishes criteria regarding when the PSPD Executive Director and TECS Mod Program Manager will escalate high severity risks to...
Department of Homeland Security To improve DHS's efforts to develop and implement its TECS Mod programs, the Secretary of Homeland Security should direct the CBP Commissioner to ensure that the appropriate individuals revise and implement the TECS Mod program's requirements management guidance to include the validation of requirements to ensure that each is unique, unambiguous, and testable.
Closed – Implemented
The Department of Homeland Security (DHS) agreed with and has implemented this recommendation. Customs and Border Protection (CBP) officials provided an updated version of its requirements management plan (dated Nov. 23, 2013) that includes specific criteria requiring each requirement to be unique, unambiguous and testable. By revising its plan, CBP should have greater assurance that TECS Mod will perform as intended in the user environments and has reduced the risk of deployment delays as a result.
Department of Homeland Security The Secretary of Homeland Security should direct the Acting Director of ICE to ensure that the appropriate individuals ensure that all significant risks associated with the TECS Mod acquisition are documented in the program's risk and issue inventory--including the acquisition risks mentioned in this report-- and briefed to senior management, as appropriate.
Closed – Implemented
The Department of Homeland Security (DHS) agreed with and has taken steps to address this recommendation. In February 2014, the department stated in written correspondence that the U.S. Immigration and Customs Enforcement (ICE) TECS Mod program office had created a program-level acquisition risk and added it to its risk inventory. In December 2015, the department provided an IT program health assessment for the ICE TECS Mod program that identifies the assigned risk level for the acquisition and discusses mitigation strategies. A DHS Management and Program analyst from the Enterprise Business Management Office stated that the program's acquisition risk is one of the factors the CIO...
Department of Homeland Security The Secretary of Homeland Security should direct the Acting Director of ICE to ensure that the appropriate individuals revise and implement the TECS Mod program's risk management strategy and guidance to include clear thresholds for when to escalate risks to senior management, and implement as appropriate.
Closed – Implemented
The Department of Homeland Security (DHS) agreed with and has taken steps to address this recommendation. In February 2014, the department stated in written correspondence that the U.S. Immigration and Customs Enforcement (ICE) TECS Mod program office had refined its criteria for escalating risks and identified 3 risk events that could trigger an escalated status for a given risk: if a risk has a score that exceeds a certain threshold; if a risk meets a trigger date/event; or if the Risk Advisory Board exercises its discretion to escalate a given risk. In addition, ICE's May 2016 TECS Mod risk management plan included the criteria for elevating risks. In November 2016, ICE provided two...
Department of Homeland Security The Secretary of Homeland Security should direct the Acting Director of ICE to ensure that the appropriate individuals ensure that the newly developed requirements management guidance and recently revised guidance for controlling changes to requirements are fully implemented.
Closed – Implemented
The Department of Homeland Security (DHS) agreed with and has taken steps to address this recommendation. In February 2014, the department stated in written correspondence that the U.S. Immigration and Customs Enforcement (ICE) TECS Mod program office had updated its requirements management plan, revised its requirements baseline, and approved a change control package that are intended to address this recommendation. In November 2016, ICE provided an updated copy of its requirements management plan, which included details on how changes to requirements are to be managed. The agency also provided the charter for the program's change control board and documentation of its change control...
Department of Homeland Security The Secretary of Homeland Security should direct the Under Secretary for Management and acting Chief Information Officer to ensure that data used by the department's governance and oversight bodies to assess the progress and performance of major information technology program acquisition programs are complete, timely, and accurate.
Closed – Implemented
The Department of Homeland Security (DHS) agreed with and has taken steps to address this recommendation. For example, the department directed use of a decision-making support tool intended to improve governance decisions. It also discussed information available via the Information Technology Dashboard and how that information could be used to support decision-making activities. In April 2015, DHS further described efforts to implement this recommendation for 3 programs. In addition, in December 2015, DHS officials provided examples of how information in the investment tool is used to support decision-making for the program. For example, they provided an investment summary page from the...

Full Report

GAO Contacts

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

Best practicesBorder controlBorder securityCase management servicesHomeland securityInspectionLaw enforcementProgram managementRisk managementTerrorismTesting