Port Security Grant Program: Risk Model, Grant Management, and Effectiveness Measures Could Be Strengthened
Highlights
From fiscal years 2006 through 2010, the Department of Homeland Security (DHS) has awarded nearly $1.7 billion dollars to port areas through its Port Security Grant Program (PSGP) to protect critical maritime infrastructure and the public from terrorist attacks. The Federal Emergency Management Agency (FEMA)--a DHS component agency--is the agency responsible for distributing grant funds. GAO was asked to evaluate the extent to which DHS has (1) allocated PSGP funds in accordance with risk; (2) encountered challenges in administering the grant program and what actions, if any, DHS has taken to overcome these challenges; and (3) evaluated the effectiveness of the PSGP. To address these objectives, GAO reviewed the PSGP risk model, funding allocation methodology, grant distribution data, and program documents, such as PSGP guidance. Additionally, GAO interviewed DHS and port officials about grant processes, funding distribution, and program challenges, among other things.
In 2010 and 2011, PSGP allocations were based largely on port risk and determined through a combination of a risk analysis model and DHS implementation decisions. DHS uses a risk analysis model to allocate PSGP funding to port areas that includes all three elements of risk--threat, vulnerability, and consequence--and DHS made modifications to enhance the model's vulnerability element for fiscal year 2011. For example, DHS modified the vulnerability equation to recognize that different ports can have different vulnerability levels. However, the vulnerability equation is not responsive to changes in port security--such as the implementation of PSGP-funded security projects. Additionally, the vulnerability equation does not utilize the most precise data available in all cases. DHS addressed prior GAO recommendations for strengthening the vulnerability element of grant risk models, but the PSGP model's vulnerability measure could be further strengthened by incorporating the results of past security investments and by refining other data inputs. FEMA has faced several challenges in distributing PSGP grant funds, and FEMA has implemented specific steps to overcome these challenges. Only about one-quarter of awarded grant funding has been drawn down by grantees, and an additional one-quarter remains unavailable (see table below). Funding is unavailable--meaning that grantees cannot begin using the funds to work on projects--for two main reasons: federal requirements have not been met (such as environmental reviews), or the port area has not yet identified projects to fund with the grant monies. Several challenges contributed to funds being unavailable. For example, DHS was slow to review cost-share waiver requests--requests from grantees to forego the cost-share requirement. Without a more expedited waiver review process, grant applicants that cannot afford the cost-share may not apply for important security projects. Other challenges included managing multiple open grant rounds, complying with program requirements, and using an antiquated grants management system. FEMA has taken steps to address these challenges. For example FEMA and DHS have, among other things, increased staffing levels, introduced project submission time frames, implemented new procedures for environmental reviews, and implemented phase one of a new grants management system. However, it is too soon to determine how successful these efforts will be in improving the distribution of grant funds. FEMA is developing performance measures to assess its administration of the PSGP but it has not implemented measures to assess PSGP grant effectiveness. Although FEMA has taken initial steps to develop measures to assess the effectiveness of its grant programs, it does not have a plan and related milestones for implementing measures specifically for the PSGP. Without such a plan, it may be difficult for FEMA to effectively manage the process of implementing measures to assess whether the PSGP is achieving its stated purpose of strengthening critical maritime infrastructure against risks associated with potential terrorist attacks. GAO recommends that DHS strengthen its methodology for measuring vulnerability in ports by accounting for how past security investments reduce vulnerability and by using the most precise data available. GAO also recommends that DHS evaluate the cost-share waiver review process and take steps to expedite the process where appropriate and develop a plan with milestones for implementing performance measures for the PSGP. DHS concurred with GAO's recommendations.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Homeland Security | To help strengthen the implementation and oversight of the PSGP, to strengthen DHS's methodology for measuring vulnerability in ports, and to improve the precision of grant allocations to high-risk port areas, the Secretary of Homeland Security should direct the FEMA Administrator to develop a vulnerability index that accounts for how security improvements affect port vulnerability, and incorporate these changes into future iterations of the PSGP risk model. | The Department of Homeland Security (DHS) concurred with our recommendation that it develop a vulnerability index that accounts for how security improvements affect port vulnerability, and incorporate these changes into future iterations of the Port Security Grant Program (PSGP) risk model. DHS stated that although incorporating the effects of completed security projects on vulnerability is complex, it remains a key goal of the PSGP risk methodology and is revisited annually. However, DHS did not provide details regarding its plan to implement this recommendation. FEMA's February 2013 recommendation update noted that the agency remained committed to working with its partners, including... USCG, to improve the measure of vulnerability within the PSGP risk methodology by capturing changes in port vulnerability due to the implementation of security enhancements. FEMA officials noted that they had worked with USCG and FEMA's National Preparedness Directorate's (NPD) National Preparedness Assessment Division (NPAD) to review existing assessments of port vulnerability and performance measurement data to determine if they are suitable for inclusion in the PSGP risk formula. However, FEMA officials stated that the ability to incorporate the effects of completed security projects on the vulnerability measure is complex and not currently achievable. In February 2014, FEMA provided an update to this recommendation. In their update, FEMA stated that they have worked with the U.S. Coast Guard (USCG) to determine if the current vulnerability index of the PSGP risk methodology can be enhanced to account for how security improvements can affect port vulnerability. FEMA stated that they have determined this specific enhancement is not achievable for the following reasons: (1) FEMA lacks the resources to annually measure the reduced vulnerability attributed to enhanced PSGP security measures at defined and all other ports, and (2) the MSRAM model was not designed to analyze vulnerability mitigation resulting from port-wide projects that may benefit multiple assets in a port. FEMA concluded by stating that they will continue to use the existing vulnerability measure in PSGP risk methodology, which does represent a measure of the vulnerability of the nation's highest risk port areas. Despite the limitations that FEMA has presented, GAO continues to believe that a better approach is needed to understand how grant funded projects change risk. By not consistently measuring changes in vulnerability attributed to grant projects, FEMA may not be appropriately targeting funding or accurately measuring the progress being made in enhancing port security. This recommendation is closed, not implemented.
View More |
| Department of Homeland Security | To help strengthen the implementation and oversight of the PSGP, to strengthen DHS's methodology for measuring vulnerability in ports, and to improve the precision of grant allocations to high-risk port areas, the Secretary of Homeland Security should direct the FEMA Administrator to coordinate with the Coast Guard to determine the most precise data available to populate the data elements within the vulnerability index and to utilize these data as an interim measure, until a revised vulnerability index is developed. | DHS concurred with our recommendation that FEMA coordinate with the Coast Guard to determine the most precise data available to populate the data elements within the vulnerability index and to utilize this data as an interim measure until a revised vulnerability index is developed. Specifically, DHS stated that FEMA will continue to coordinate with subject matter experts, including the Coast Guard, to determine the best data available for use in the vulnerability index. Further, DHS stated that FEMA and the Coast Guard will continue discussions regarding data elements to be used in future grant years, and that these meetings will focus on what data elements are currently available for...
|
| Federal Emergency Management Agency | To help strengthen the implementation and oversight of the PSGP, and to ensure that waiver requests--including those submitted under previous cost-share years in which money remains unassigned and those that may be submitted in future grant rounds if a cost-share requirement is applied--are evaluated promptly, the FEMA Administrator---in conjunction with the Office of the Secretary of Homeland Security should evaluate the waiver review process to identify sources of delay and take measures to expedite the process. | On March 2, 2012, the Secretary of the Department of Homeland Security (DHS) signed a delegation to provide the Administrator of the Federal Emergency Management Agency (FEMA) with the authority to approve cost-share adjustments for Port Security Grants pursuant to section 102(a) of the Maritime Transportation Security Act of 2002 (Pub. L. No. 107-295). This action fulfills our recommendation because it resulted in an expedited review process for cost-share waiver requests. We reported that the cost-share waiver approval process in effect at the time of our review required 22 separate steps, a process that took 126 days to complete, on average. As a result of the Secretary delegating...
|
| Department of Homeland Security | To help strengthen the implementation and oversight of the PSGP, and to strengthen the administration, oversight, and internal controls of the PSGP, and to streamline processes, the Secretary of Homeland Security should direct the FEMA Administrator to develop---in collaboration with the Coast Guard---time frames and related milestones for implementing performance measures to monitor the effectiveness of the PSGP. | DHS concurred with our recommendation that it develop time frames and related milestones for implementing performance measures to monitor the effectiveness of the PSGP. Specifically, DHS stated that FEMA's Grant Programs Directorate was in the process of developing external measures to determine how effective grantees are in managing and administering the grants and that these external measures would be completed by January 1, 2012. Further, DHS stated that FEMA was also developing performance objectives for core capabilities, as required by Presidential Policy Directive 8 and the new National Preparedness Goal, and would be reviewing all prevention and protection measures, including...
|