High-Risk Series: Government-wide 2013 Update and Progress Made by the Department of Homeland Security

What GAO Found

In the past 2 years, notable progress has been made in the vast majority of areas that were on GAO's 2011 High Risk List. Congress passed several laws and took oversight actions to help address high-risk areas. Top administration officials at the Office of Management and Budget and the individual agencies have continued to show their commitment to ensuring that high-risk areas receive attention and action. Additional progress is both possible and needed in all the high-risk areas on GAO's 2013 list.

Sufficient progress has been made to remove the high-risk designation from two high-risk areas on the 2011 list, Management of Interagency Contracting and Internal Revenue Service Business Systems Modernization. While these two areas have been removed from the list, GAO will continue to monitor them.

This year, GAO also has added two areas, Limiting the Federal Government's Fiscal Exposure by Better Managing Climate Change Risks, and Mitigating Gaps in Weather Satellite Data.

In 2003, GAO designated implementing and transforming the Department of Homeland Security (DHS) as high risk because DHS had to transform 22 agencies--several with major management challenges--into one department, and failure to address associated risks could have serious consequences. While challenges remain across its missions, DHS has made considerable progress in transforming its original component agencies into a single department. As a result, GAO narrowed the scope of the high-risk area and changed the name from Implementing and Transforming the Department of Homeland Security to Strengthening the Department of Homeland Security Management Functions.

To more fully address this high-risk area, DHS needs to further strengthen its acquisition, information technology, and financial and human capital management functions. Of the 31 actions and outcomes GAO identified as important to addressing this area, DHS has fully or mostly addressed 8, partially addressed 16, and initiated 7. Moving forward, DHS needs to, for example, do the following:

• Acquisition management. Validate required acquisition documents in a timely manner, and demonstrate measurable progress in meeting cost, schedule, and performance metrics for its major programs. GAO reported in September 2012, for example, that 42 major programs experienced cost growth, schedule slips, or both, and most programs lacked foundational documents needed to manage risk and measure performance.

• Information technology management. Demonstrate for at least two consecutive investment increments that actual cost and schedule performance is within established baselines, and that associated mission benefits have been achieved. DHS has begun to implement a governance structure to improve program management consistent with best practices, but the structure covers less than 20 percent of DHS's major information technology investments.

• Financial management. Achieve clean opinions for at least two consecutive years on departmentwide financial statements, and implement new or upgrade existing components' financial systems. DHS received a qualified opinion on its fiscal year 2012 financial statements, and is in the early planning stages of its financial systems modernization efforts.

Why GAO Did This Study