[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]







   BUILDING ONE DHS: WHY CAN'T MANAGEMENT INFORMATION BE INTEGRATED?

=======================================================================

                                HEARING

                               before the

                       SUBCOMMITTEE ON OVERSIGHT,
                     INVESTIGATIONS, AND MANAGEMENT

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             SECOND SESSION

                               __________

                             MARCH 1, 2012

                               __________

                           Serial No. 112-72

                               __________

       Printed for the use of the Committee on Homeland Security


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


      Available via the World Wide Web: http://www.gpo.gov/fdsys/

                               __________


                  U.S. GOVERNMENT PRINTING OFFICE

76-599 PDF                WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2250  Mail: Stop SSOP, Washington, DC 
20402-0001





                     COMMITTEE ON HOMELAND SECURITY

                   Peter T. King, New York, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Daniel E. Lungren, California        Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Michael T. McCaul, Texas             Henry Cuellar, Texas
Gus M. Bilirakis, Florida            Yvette D. Clarke, New York
Paul C. Broun, Georgia               Laura Richardson, California
Candice S. Miller, Michigan          Danny K. Davis, Illinois
Tim Walberg, Michigan                Brian Higgins, New York
Chip Cravaack, Minnesota             Cedric L. Richmond, Louisiana
Joe Walsh, Illinois                  Hansen Clarke, Michigan
Patrick Meehan, Pennsylvania         William R. Keating, Massachusetts
Ben Quayle, Arizona                  Kathleen C. Hochul, New York
Scott Rigell, Virginia               Janice Hahn, California
Billy Long, Missouri                 Vacancy
Jeff Duncan, South Carolina
Tom Marino, Pennsylvania
Blake Farenthold, Texas
Robert L. Turner, New York
            Michael J. Russell, Staff Director/Chief Counsel
               Kerry Ann Watkins, Senior Policy Director
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

       SUBCOMMITTEE ON OVERSIGHT, INVESTIGATIONS, AND MANAGEMENT

                   Michael T. McCaul, Texas, Chairman
Gus M. Bilirakis, Florida            William R. Keating, Massachusetts
Billy Long, Missouri, Vice Chair     Yvette D. Clarke, New York
Jeff Duncan, South Carolina          Danny K. Davis, Illinois
Tom Marino, Pennsylvania             Bennie G. Thompson, Mississippi 
Peter T. King, New York (Ex              (Ex Officio)
    Officio)
                  Dr. R. Nick Palarino, Staff Director
                   Diana Bergwin, Subcommittee Clerk
              Tamla Scott, Minority Subcommittee Director









                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas, and Chairman, Subcommittee on 
  Oversight, Investigations, and Management:
  Oral Statement.................................................     1
  Prepared Statement.............................................     3
The Honorable William R. Keating, a Representative in Congress 
  From the State of Massachusetts, and Ranking Member, 
  Subcommittee on Oversight, Investigations, and Management......     4
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Prepared Statement.............................................     6

                               Witnesses

Mr. Rafael Borras, Under Secretary for Management, U.S. 
  Department of Homeland Security:
  Oral Statement.................................................     7
  Prepared Statement.............................................     9
Mr. David C. Maurer, Director, Homeland Security and Justice 
  Team, Government Accountability Office:
  Oral Statement.................................................    14
  Prepared Statement.............................................    15
Mr. Charles K. Edwards, Acting Inspector General, U.S. Department 
  of Homeland Security:
  Oral Statement.................................................    23
  Prepared Statement.............................................    24

                                Appendix

Questions Submitted by Chairman Michael T. McCaul for Rafael 
  Borras.........................................................    37
Questions Submitted by Chairman Michael T. McCaul for David C. 
  Maurer.........................................................    42
Questions Submitted by Ranking Member William R. Keating for 
  David C. Maurer................................................    43
Questions Submitted by Chairman Michael T. McCaul for Charles K. 
  Edwards........................................................    45
Questions Submitted by Ranking Member William R. Keating for 
  Charles K. Edwards.............................................    45

 
   BUILDING ONE DHS: WHY CAN'T MANAGEMENT INFORMATION BE INTEGRATED?

                              ----------                              


                        Thursday, March 1, 2012

             U.S. House of Representatives,
    Subcommittee on Oversight, Investigations, and 
                                        Management,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 9:30 a.m., in 
Room 311, Cannon House Office Building, Hon. Michael T. McCaul 
[Chairman of the subcommittee] presiding.
    Present: Representatives McCaul, Farino, Keating, and 
Davis.
    Mr. McCaul. The committee will come to order.
    First, I would like to acknowledge the Coast Guard 
announced that one of its helicopters with four crewmen aboard 
crashed during a training mission in the vicinity of Mobile Bay 
in the Gulf of Mexico Tuesday night.
    We lost one crew member and search-and-rescue efforts are 
on-going for the others. So our hearts and thoughts and prayers 
go out to the families of these brave men and women.
    Let me thank the witnesses for being here today. I now 
recognize myself for an opening statement. This hearing is a 
second in the series of oversight hearings examining the extent 
to which the Department of Homeland Security has made progress 
building a more cohesive, efficient, and integrated One DHS, a 
department that can effectively thwart terrorist attacks by 
protecting air travelers, securing our borders, and enforcing 
our immigration laws.
    According to House Rules, each standing committee of the 
Congress must hold an oversight hearing on an issue the 
Government Accountability Office has deemed high-risk for 
waste, fraud, and mismanagement, and this is one of those 
hearings. After nearly a decade, DHS's failure to integrate its 
management practices remains on the GAO's high-risk list. 
Stovepiped management information systems continue to plague 
DHS with mismanagement, redundancies, and duplication and 
inefficient use of resources that has increased costs within 
the Department and bungled the implementation of security 
operations.
    According to the GAO, as of December 2011, DHS has fully 
addressed only two out of the 31 key actions and outcomes 
required to be removed from the high-risk list for implementing 
and transforming DHS. Although Secretary Napolitano has said 
she wants to build a more cohesive DHS without integration and 
consolidation of management functions, a One DHS will not 
happen. Equally important, taxpayer dollars will be wasted and 
security objectives will not be met. Unfortunately, there have 
been too many examples where DHS has failed at developing and 
acquiring new technologies to address the various threats to 
the homeland, including border surveillance, screening 
equipment, and nuclear detection equipment.
    SBInet is one example where the Secretary ended the 
original program after costing taxpayers nearly $1 billion to 
monitor only 53 miles of the Southwest Border. SBInet failed 
due to the lack of effective program management, poorly defined 
requirements, inaccurate cost estimates, and limited access to 
expert guidance and unavailable and unreliable performance data 
to make informed decisions.
    The advanced spectroscopic portal program, or ASP, designed 
to improve radiation and nuclear detection capabilities at our 
seaports and land border crossings is another example where 
inaccurate data and poor acquisition management resulted in 
underestimated cost and overstated benefits.
    DHS spent $230 million on the program before it was 
cancelled. Recognizing the inherent risk of acquisitions, it is 
essential that the Department effectively leverage best 
practices, institutionalize clear governing rules and processes 
and enable greater disability of acquisition programs so 
immediate action can be taken when a program begins to 
experience schedule delays and cost overruns.
    GAO defines management and integration as the development 
of consistent and consolidated processes, systems, and people 
in areas such as information technology financial management 
acquisition and human capital that lead directly to greater 
efficiency and effectiveness of management in programs. It is 
essential that the integration not be limited just within each 
individual management function but also be integrated 
horizontally across all core management functions of the 
Department.
    Without full integration, inconsistent reporting 
requirements and varying definitions for cost estimations 
across the Department can create inaccurate reports on a 
program's true cost. The lack of integrated and consolidated 
core management functions, something that is required to 
effectively run any large organization, has resulted in 
manually-intensive data entry on Excel spreadsheets and data 
calls to prepare financial statements.
    I have a tough time understanding how Americans can 
seamlessly sign into their checking accounts on-line to check 
their balances, yet DHS is unable to produce reliable, timely, 
and useful financial information on where it is spending 
billions of taxpayer dollars. Being unable to fully monitor 
expenditures of billions of dollars is unacceptable, and the 
American people deserve better.
    At a time of reduced Federal budgets, the American people 
expect greater transparency on how Washington manages limited 
resources. Industry has demonstrated through mergers and 
acquisitions, management information integration can be 
accomplished effectively. Without it, it is impossible for any 
manager, either Government or private corporation, to conduct 
oversight, improve inefficiencies, and prevent duplicative 
programs.
    According to the GAO, DHS continues to face challenges 
implementing its human capital strategic plan. DHS lacks an 
integrated human resource information technology, or HRIT, 
management system to track workforce information critical to 
human resource planning. For example, the Federal Protective 
Service has yet to implement a human capital plan to track and 
report hiring, training, and retention programs.
    DHS's failure to address these basic management integration 
challenges are hindering our ability to provide the required 
training, equipment, and information to men and women working 
to protect the United States' homeland.
    GAO states some progress has been made in the area of 
management integration by instituting a decision support tool 
to monitor acquisitions and a Center of Excellence to share 
best practices throughout the Department. However, GAO also 
says considerable work lies ahead addressing the issue of 
management integration. I look forward to receiving the 
testimony today on what the Department is doing to ensure that 
management integration issues will not continue to get in the 
way of the Department's need to carry out its mission of 
protecting the American people and saving taxpayer dollars.
    With that, I will recognize the Ranking Member of the 
subcommittee, Mr. Keating.
    [The statement of Mr. McCaul follows:]
                Statement of Chairman Michael T. McCaul
                             March 1, 2012
    This hearing is the second in a series of oversight hearings to 
examine the extent to which the Department of Homeland Security has 
made progress building a more cohesive, efficient, and integrated ``One 
DHS''--a Department that can effectively thwart terrorist attacks by 
protecting air travelers, securing our borders, and enforcing our 
immigration laws.
    According to House Rules, each standing Committee of the Congress 
must hold an oversight hearing on an issue the Government 
Accountability Office has deemed high-risk for waste, fraud, and 
mismanagement.
    After nearly a decade, DHS's failure to integrate its management 
practices remains on the GAO's High-Risk list.
    Stove-piped management information systems continue to plague DHS 
with mismanagement, redundancies, and duplication, and inefficient use 
of resources that has increased costs within the Department and bungled 
the implementation of security operations.
    According to GAO, as of December 2011 DHS has fully addressed only 
2 out of 31 key actions and outcomes required to be removed from the 
high-risk list for ``Implementing and Transforming DHS.''
    Although Secretary Napolitano has said she wants to build a more 
cohesive, effective, and efficient ``One DHS,'' without integration and 
consolidation of management functions, a ``One DHS'' will not happen; 
and equally important, taxpayer dollars will be wasted and security 
objectives will not be met.
    Unfortunately there have been too many examples where DHS has 
failed at developing and acquiring new technologies to address the 
various threats to the homeland including border surveillance, 
screening equipment, and nuclear detection equipment.
    SBInet is one example where the Secretary ended the original 
program after costing taxpayers nearly $1 billion to monitor only 53 
miles of the Southwest Border.
    SBInet failed due to the lack of effective program management, 
poorly defined program requirements, inaccurate cost estimations, 
limited access to expert guidance, and unavailable and unreliable 
performance data to make informative decisions.
    The Advanced Spectroscopic Portal Program, or ASP, designed to 
improve radiation and nuclear detection capabilities at our seaports 
and land border crossings is another example where inaccurate data and 
poor acquisition management resulted in underestimated costs and 
overstated benefits. DHS spent $230 million on the program before it 
was cancelled.
    Recognizing the inherit risks of acquisitions, it is essential that 
the Department effectively leverage best practices, institutionalize 
clear governing roles and processes, and enable greater visibility of 
acquisition programs so immediate action can be taken when a program 
begins to experience schedule delays and/or cost overruns.
    GAO defines management integration as the development of consistent 
and consolidated processes, systems, and people--in areas such as 
information technology, financial management, acquisition, and human 
capital--that lead directly to greater efficiency and effectiveness of 
management and programs.
    It is essential that integration not be limited just within each 
individual management function, but also be integrated horizontally 
across all core management functions of the Department.
    Without full integration, inconsistent reporting requirements and 
varying definitions for cost estimations across the Department can 
create inaccurate reports on a program's true cost.
    The lack of integrated and consolidated core management functions, 
something that's required to effectively run any large organization, 
has resulted in manually-intensive data entry on Excel spreadsheets and 
``data calls'' to prepare financial statements.
    I have a tough time understanding how Americans can seamlessly sign 
into their checking accounts on-line to check their balances yet DHS is 
unable to produce reliable, timely, and useful financial information on 
where it's spending billions of taxpayer dollars.
    Being unable to fully monitor expenditures of billions of dollars 
is unacceptable. The American people deserve better.
    At a time of reduced Federal budgets, the American people expect 
greater transparency on how Washington manages limited resources.
    Industry has demonstrated, through mergers and acquisitions, 
management information integration can be accomplished effectively.
    Without it, it is impossible for any manager, either Government or 
private corporation, to conduct oversight, improve efficiencies, and 
prevent duplicative programs.
    According to GAO, DHS continues to face challenges implementing its 
Human Capital Strategic Plan. DHS lacks an integrated Human Resource 
Information Technology, or HRIT management system to track workforce 
information critical to human resource planning.
    For example, the Federal Protective Service has yet to implement a 
human capital plan to track and report hiring, training, and retention 
programs.
    DHS' failure to address these basic management integration 
challenges are second-handedly hindering our ability to provide the 
required training, equipment, and information to men and women working 
to protect the U.S. homeland.
    GAO states some progress has been made in the area of management 
integration by instituting a decision support tool to monitor 
acquisitions and a Center of Excellence to share best practices 
throughout the Department. However GAO also says considerable work lies 
ahead addressing the issue of management integration.
    I look forward to receiving testimony today on what the Department 
is doing to ensure that management integration issues will not continue 
to get in the way of the Department's need to carry out its mission of 
protecting the American people, and saving taxpayer dollars.

    Mr. Keating. Thank you, Mr. Chairman.
    Earlier this year, we had the opportunity to go back 10 
years and look at the 9/11 Commission report. I would just like 
to mention at the outset that one of the gaping holes that was 
called into question dealing with not having an integrated 
block so the public safety people at all levels can talk to 
each other has been addressed since then. We have the passage 
of the 700 megahertz dedicated to that that will save lives 
should we face another natural disaster or a terrorist attack, 
and the so-called D Block is there, and it is worth noting we 
have made some progress on that since we had a hearing that 
emphasized that earlier this year.
    I also want to thank the panelists for being here.
    Under Secretary Borras, it is great to see you again.
    The Department of Homeland Security is one agency formed 
with 22 other legacy agencies. Legacy is worth mentioning 
because it is part of the problem we still are grasping trying 
to deal with today as we look for integration. There is no 
secret that since the Department's inception in 2003, that its 
unique history has caused DHS officials, particularly the 
management division, to face multiple challenges in building 
One DHS.
    The Government Accountability Office subsequently 
categorized the Department's transformation efforts as high-
risk because of the economic and National security implications 
dealing with this kind of integration.
    To address this designation, the Department provided the 
Government Accountability Office with its integrated strategy 
for high-risk management and has issued updates of the strategy 
in June and December 2011, identifying the causes of its 
management challenges.
    I appreciate the Department's efforts to further 
consolidate these efforts, but with approximately $60 billion 
in budgetary authority and over 200,000 in personnel, the need 
is greater than ever for the Department to mature into a 
cohesive organization with streamlined management functions and 
operations with the capacity to fulfill its homeland security 
missions.
    The Government Accountability Office has issued upwards of 
100 recommendations since 2003 to assist the Department in 
shoring up its management integration initiatives. In an 
increasingly strained budget climate, it is imperative that the 
Department move to implement these recommendations with all 
deliberate speed. It is no longer sufficient for the Department 
to just develop plans and processes. It is a time to execute 
and build on the foundation that has been established in the 
interest of National security.
    In the last Congress, the Department suffered considerable 
funding and staff reductions, yet progress has been made by 
Under Secretary for Management Borras and advancing key 
management initiatives that have the potential to redirect 
management functions and operations. Notably, for the first 
time, the Department received a qualified opinion on its 
financial statements in fiscal year 2011.
    Now the Department must build on this milestone by 
accelerating the complete implementation of initiatives to 
stabilize its internal controls and to modernize its management 
of financial management. Acquisition, management, and human 
capital information technology also have to accelerate in terms 
of their management capabilities. To succeed in achieving 
management integration, Under Secretary Borras needs sufficient 
enforcement authority to ensure the Department's many component 
agency heads and personnel are able to carry out the mandates 
for changing how business is conducted. Also, the Under 
Secretary and senior leaders must ensure that they secure the 
cooperation of component agency personnel if they are to 
succeed in implementation of their agenda for achieving 
management integration.
    With that, I look forward to today's hearing and the 
testimony. I yield back my time.
    Mr. McCaul. I thank the Ranking Member.
    With that, I will introduce the witnesses. We have votes 
around 10:15, so if we can make those opening statements 
concise so the Members can ask questions and we can hopefully 
be done before the votes occur.
    First, Mr. Rafael Borras is the Under Secretary for 
Management and Chief Acquisitions Officer for the Department. 
He oversees management of the Department's nearly $40 billion 
budget, the appropriations, expenditures of funds, accounting, 
and finance. He administers control over the Department's $17 
billion in procurements. He is also responsible for directing 
human capital and personnel programs for the employees.
    Next, we have Mr. David Maurer, who is the director with 
the U.S. Government Accountability Office, Homeland Security 
and Justice Team, where he leads GAO's work reviewing DHS and 
the Department of Justice management issues. His recent work in 
these areas include management integration, examination of the 
Quadrennial Homeland Security Review, Secret Service financial 
management, DOJ grant management, the Federal Prison System, 
and others.
    One final witness is Mr. Charles Edwards, the Acting 
Inspector General of the Department of Homeland Security. He 
assumed his position in February 2011. He served previously as 
a Deputy Inspector General of the Department of Homeland 
Security and has 20 years of experience in the Federal 
Government and has held several leadership positions.
    Other committee Members may have statements and they will 
be included for the record.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                             March 1, 2012
    I would first like to thank Chairman McCaul for convening this 
hearing.
    We are here today to discuss the integration of the Department of 
Homeland Security's (Department) management functions and examine 
whether there is room for improvement.
    When the Department was created in 2002, it was the largest 
reorganization and consolidation of Government agencies, personnel, 
programs, and operations since the creation of the Department of 
Defense in 1949, some 53 years earlier.
    Twenty-two different agencies, many with management challenges of 
their own, were combined into one.
    These agencies brought with them aged financial management systems, 
cumbersome acquisition policies, and inconsistent human capital 
policies.
    Since that time, the Department has made efforts to build these 
disparate operations into one seamless system so that the thousands of 
men and women that work every day to secure our Nation will have the 
proper administrative and management functions they need to operate on 
a daily basis.
    When FEMA enters into a contract with a vendor for one amount, and 
then CBP enters into a contract with the same vendor for the same 
product for a different amount, that's a problem. If those contracts 
were combined, money could be saved.
    When a TSA human resources manager has to log out and log into 
three different systems to determine: (1) Time and attendance records; 
(2) current salary; and (3) training attendance for one employee, 
that's a problem. Combining these systems into one can save time, 
reduce errors, and streamline bureaucracy.
    When an employee that works for the Chief Financial Officer has a 
meeting with an employee that works for the Chief Information Officer 
and has to travel 30 minutes to get to the meeting location, that's a 
problem. Consolidating the Department's headquarters into one location 
will reduce costs, travel time, and create a more harmonious 
environment among the Department's personnel.
    Fortunately, as reflected by the President's fiscal year 2013 
budget request, the Department has come a long way in streamlining its 
efforts and under new initiatives intends to go even further.
    The new Human Resource Information Technology program, in addition 
to plans to finalize existing Data Center consolidation efforts, and 
the new strategy for financial modernization are all steps in the right 
direction.
    If fully funded, these programs will go a long way in improving the 
Department's integration efforts.
    I look forward to hearing testimony from Under Secretary Borras on 
additional Department plans and strategies and from our witnesses from 
the Government Accountability Office and the Officer of the Inspector 
General on improvements that have been made in the last 3 years and 
recommendations for future progress.
    I yield back the balance of my time.

    Mr. McCaul. With that, I now recognize Mr. Borras for his 
opening statement.

  STATEMENT OF RAFAEL BORRAS, UNDER SECRETARY FOR MANAGEMENT, 
              U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Borras. Thank you, Mr. Chairman, Ranking Member Keating 
and the other distinguished Members of the committee. Thank you 
for the opportunity to appear before you today.
    Also, Mr. Chairman, thank you for acknowledging the loss of 
our brave Coast Guard servicemen who lost their lives not quite 
36 hours ago in a training mission in the Mobile area.
    One of my top priorities during my tenure as Under 
Secretary for Management has been to improve the way we 
collect, store, and manage and use information across the 
Department. When I arrived at the Department almost 2 years 
ago, I was frustrated with the time and effort needed to access 
the necessary information to facilitate responsible decision 
making in a multibillion dollar enterprise. In my private-
sector experience, I was accustomed to having essential 
financial information at my fingerprints to support my 
decision-making responsibilities.
    While significant progress has been made to leverage 
business intelligence and integrate disparate processes and 
systems to improve our decision-making abilities, we still have 
not reached a fully integrated operational state. However, we 
have made very important progress during the past 2 years. I am 
especially proud of the progress we made to enhance how we have 
managed information in three key areas; acquisition, finance, 
and human capital.
    As chief acquisition officer, I oversee the policies and 
processes and procedures used to acquire over $18 billion worth 
of goods and services each year. During my tenure, I have 
focused significant attention on successful delivery of major 
acquisition programs, which are imperative to supporting the 
front-line operations. A crucial step to improve the process 
was taken last year when I restructured the oversight of all 
major acquisition programs. A key part of that restructuring 
was to elevate the Office of Program Accountability and Risk 
Management, called PARM, to be a direct report to me.
    I also issued a program management and execution playbook 
to the acquisition workforce. The playbook is my vision for 
strengthening program management and execution capabilities as 
an important step to mature the acquisition management system. 
Most importantly, at my direction, PARM developed and 
implemented a business intelligence tool to monitor the 
operational status of each acquisition program. The decision 
support tool, or DST, is a web-enabled tool that provides DHS 
leaders and program managers with a central dashboard for 
accessing and tracking the health of major acquisition 
programs, projects, and our portfolio programs.
    As a result of the DST and our enhanced acquisition 
oversight, we can be much more responsive and generate factual 
detail information on the health of a program investment 
quickly. Since October 1, 2011, the DST is being used to 
monitor the cost, schedule, and performance of all of our 
acquisition programs.
    I am also pleased to report the Department's financial 
management capabilities are improving. For 2011, we received a 
qualified audit opinion on two of the Department's financial 
statements, a key accomplishment which could not have occurred 
without greatly improved ways of collecting and using data. We 
are harnessing the lessons learned from this process to design 
and implement broader business intelligence capabilities that 
will modernize financial management systems.
    Through business intelligence, we will have better access 
to current financial data, which will inform management 
decisions, increase accountability to stakeholders and improve 
the overall health and financial management of the Department. 
In March 2011, I launched a Financial Reporting Dashboard 
System, FRDS, an enterprise-wide repository and business 
intelligence tool. FRDS uses the monthly budget execution data 
provided to Congress to produce enterprise level reports and 
trend analysis in user-friendly formats. Although it is only 
part of the capability we will ultimately need, we have 
expanded our ability to extract financial information to 
improve the visibility of the component's financial condition.
    As we move beyond the financial consolidation efforts of 
the past, we recognize the difficult financial pressures we 
face and will focus on an incremental and financially 
responsible approach, which includes shoring up near-term 
system capabilities before moving on to the deployment of 
modernized core financial systems in those components that have 
the most pressing needs.
    One effort in aligning Human Resource Information 
Technology, or HRIT, is another key priority. In September 
2010, I established and chaired an HRIT executive steering 
committee to provide cross-departmental leadership to the 
modernization efforts of our human resource processes. Through 
the executive steering committee, we have developed a strategic 
plan to consolidate multiple HR systems throughout DHS. One of 
the first activities was completing a Department-wide human 
resources target architecture, which serves as the blueprint 
for our HR systems' end state. This work was recently awarded a 
2011 Excellence in Enterprise Architecture Award for our staff.
    In the coming months, we will standardize data sets and 
initiate pilots on enterprise business intelligence capability. 
My goal is for the decision support capability to serve as the 
primary source for DHS dashboards, where performance program 
and portfolio management, financial acquisition and human 
capital information, and other DHS data sets are obtained from 
the DHS systems of record. Those dashboards will be integrated 
to provide a better view into the Department's mission 
performance and identify efficiency opportunities.
    My approach to using information to help integrate DHS can 
be summed up as follows: I am building a solid sustainable 
foundation that is being implemented and executed using best 
practices with good stewardship of the taxpayer's dollars. We 
will continue to use a modular and agile approach to add 
capabilities that avoid duplication while enhancing our ability 
to collect, analyze, and report on the business of DHS to help 
informed decision making and enhance our management 
integration. Along the way, we are helping to foster the One 
DHS culture that is necessary to continue to mature our 
Department and support our operators in the execution of their 
mission.
    Once again, I thank you for the opportunity to be before 
you today, and I look forward to answering your questions.
    [The statement of Mr. Borras follows:]
                  Prepared Statement of Rafael Borras
                             March 1, 2012
    Chairman McCaul, Ranking Member Keating, and other distinguished 
Members of the committee, I thank you for the opportunity to appear 
before you today and discuss our efforts to integrate management 
information and to build One DHS.
    One of my top priorities during my tenure as Under Secretary for 
Management (USM) has been to improve the way we collect, store, and 
manage data across the Department in order to improve executive level 
decision making. When I arrived at the Department almost 2 years ago, I 
was frustrated with the time and effort needed to retrieve data I 
needed to oversee a multi-billion dollar enterprise. In my private 
sector experience, I was accustomed to having key financial, human 
capital, and procurement data at my fingertips.
    One of my first actions was to direct my line-of-business chiefs to 
work with their component counterparts to mature the Department's data 
management and better support our enterprise level decision-making 
capabilities. While significant progress has been made to leverage 
business intelligence and integrate disparate processes and systems, we 
still have work to do in order to reach a fully integrated operational 
state. Today, I would like to present some of the important progress 
that has been made over the past 2 years and outline the way forward to 
continue to build out the support systems to allow DHS to make better-
informed decisions. In many ways, this effort is at the core of 
improving our ``One DHS'' culture.
    Historically, much of the data available to Department of Homeland 
Security (DHS) leadership has been generated through manual data calls, 
which are labor-intensive and have a greater risk of inaccurate or 
incomplete content. In response, we have begun developing standard data 
sources and reporting mechanisms to provide timely and accurate data 
across all lines of business.
    We have made progress in implementing several systems to reduce 
manual data calls and improve accuracy and completeness of information. 
Some of our solutions that are successfully providing quality data are 
the Department of Homeland Security Treasury Information Executive 
Repository, the Fleet Management Analysis and Reporting System, the 
Financial Reporting Dashboard System, and most recently the Decision 
Support Tool, which became the official source of acquisition program 
execution information and data on October 1, 2011. These solutions 
provide robust business intelligence (BI) over disparate data sources, 
collating information to improve decision-making through access to 
accurate program data and metrics. Deploying business intelligence 
solutions across the financial management spectrum has improved 
Departmental compliance with the Chief Financial Officer (CFO) Act and 
DHS Financial Accountability Act, OMB guidance, other regulations, and 
Government accounting standards.
    I firmly believe that utilizing BI tools will improve the 
effectiveness of management and achieve compliance, performance, and 
quality improvement goals by providing:
   Enhanced access to key financial data across organizational 
        boundaries,
   Key indicators of acquisition health that are data-driven 
        and risk-informed, and
   Improved human capital and resource management to enable 
        emerging organizational opportunities.
    To house the BI solutions, the Department recognizes the need for a 
common place for systems and data to reside in a private cloud 
environment. In alignment with OMB's Federal Data Center Consolidation 
Initiative, our Office of the Chief Information Officer (CIO) is in the 
process of consolidating 43 of the Department's legacy data centers 
into two Enterprise Data Centers (EDC), known as ``DC1'' and ``DC2.'' 
The consolidation of numerous component systems at our EDCs enables 
more effective collection and use of business information across the 
enterprise and the Department's fiscal year 2013 budget request 
includes nearly $65 million to fully complete the migration of data 
centers for three of our largest components.
    One example of this increased effectiveness is the deployment of 
SharePoint-as-a-Service in our EDCs. Numerous human resource, 
financial, and administrative systems use SharePoint. By migrating 
these SharePoint systems to a common platform within our data centers, 
we enable the appropriate data aggregation across components to improve 
enterprise decision-making. Additional benefits of consolidation 
include ensuring that DHS has a seamless disaster recovery capability 
and significantly enhancing the cybersecurity posture of DHS systems.
    Since I last testified before this committee, I have worked closely 
with my colleagues in the components, as well as my line-of-business 
chiefs, to mature our organizational effectiveness across DHS. I am 
especially proud of our progress to enhance the three key management 
disciplines of acquisition management, financial management, and human 
capital management. The Department has made significant progress to 
improve in these areas.
    I welcome the opportunity to focus first on the significant 
achievements in the acquisition management area.
                         acquisition management
    The successful delivery of major programs is imperative to our 
Department. Nearly half of the DHS budget is dedicated to obtaining 
goods and services to support and improve our capabilities, including 
over $18 billion in investments in our acquisition programs. Due to the 
nature of how quickly the Department was stood up and the many legacy 
and new agencies it encompassed, DHS's earliest acquisition processes 
were imperfect and slow to mature. Today's acquisition practices are 
vastly improved in terms of process, oversight, and collaboration. We 
are working collaboratively with our partners across DHS to enhance our 
acquisition practices so that we are efficient and effective in 
delivering critical capabilities.
    In the early days, DHS was operating in disparate silos focused on 
purchasing goods and services with minimal management of requirements. 
Today we are much more efficient because we have a more robust 
acquisition practice that focuses on requirements and program 
management, enhanced guidance on testing, and training and 
certification of our professional workforce. Departmental leadership is 
better equipped than ever to make risk-informed acquisition decisions.
    A crucial step in this process was taken in the second quarter of 
fiscal year 2011, when I restructured oversight of all major 
acquisition programs. A key part of this restructuring was the 
elevation of the Program Accountability and Risk Management (PARM) to 
be a direct report to me to support my role as the Under Secretary for 
Management. PARM manages and implements Acquisition Management 
Directive (MD) 102-01, serves as the Executive Secretariat to the 
Acquisition Review Board (ARB) and the Component Acquisition Executive 
(CAE) Council, and guides managers of major investments through the 
acquisition governance process. PARM also provides independent 
assessments of major investment programs and works with DHS partners to 
enhance business intelligence to inform ARB decisions. It monitors 
programs between formal reviews to identify any emerging issues that 
DHS needs to address to keep the programs on track. PARM guides 
programs to success.
    To establish a vision for enhancing program execution, in December 
2011, I issued the Program Management & Execution Playbook, called the 
Playbook, to the acquisition workforce. The Playbook is my vision for 
strengthening program management and execution capabilities, and 
maturing the acquisition management system. The Playbook addresses 
several management priorities, including increasing the expertise and 
capabilities of the acquisition and program management workforce, 
improving program execution, increasing access to expert guidance and 
best practices, and increasing access to reliable and useful program 
performance data.
    In addition to managing the day-to-day oversight of acquisition 
programs, PARM has developed and implemented a business intelligence 
tool to monitor the operational status of each acquisition program. The 
Decision Support Tool (DST) is a web-enabled tool that provides DHS 
leaders, governance boards, and program managers with a central 
dashboard for assessing and tracking the health of major acquisition 
projects, programs, and portfolios. The DST creates graphs, charts, and 
other views of key indicators of program health, such as cost, funding, 
and schedule. My goal is to improve program accountability and to 
strengthen the Department's ability to make sound strategic decisions 
throughout the life cycle of major acquisitions.
    The DST became the official source of Acquisition Decision Event 
information and data on October 1, 2011. It is already informing ARBs 
with standardized information. On February 13, 2012, I issued a 
memorandum once again calling on all components and programs to ensure 
that on a monthly basis all acquisition program information reported in 
the Department existing data systems is complete, accurate, and valid.
    One aspect of the DHS vision is to shift the program management 
paradigm toward being more data-driven, with emphasis on the 
criticality of maintaining quality data within DHS source systems. One 
significant result of this shift in culture is evidenced in the 
development and delivery of the Comprehensive Acquisition Status Report 
(CASR).
    The CASR provides the status of DHS major acquisitions listed in 
the ``Department of Homeland Security Major Acquisition Oversight 
List.'' Previous DHS Congressional reports provided limited detail and 
took several months to compile. The new CASR format increases the 
quality of information and can be produced in less time. As our 
business intelligence capability and data fidelity efforts continue to 
mature, the already greatly condensed time line will leverage DST 
automation to mine program data to feed the CASR in near-real-time.
    From the procurement perspective, the Department has also matured. 
In November 2011, we implemented a comprehensive Procurement Health 
Assessment Program for all nine contracting activities across DHS. This 
Health Assessment is a robust management information system to monitor 
and evaluate the performance of contracting operations and support 
across 30 specific Chief Procurement Officer (CPO) initiatives. In 
order to integrate our assessment system throughout all DHS procurement 
activities, we implemented a business intelligence tool, the Enterprise 
Reporting Application (ERA), to extract data from several sources into 
a single data warehouse. This system allows each Head of Contracting 
Activity (HCA) and the CPO to monitor key performance metrics, such as 
competition rates, small business contracting progress, acquisition 
savings initiatives, data accuracy, and employee training and 
certification status on a daily basis and take immediate corrective 
action. Our Health Assessment Program also provides us with the ability 
to perform an extensive mid-year and end-of-year performance review 
with each contracting activity, as well as to establish specific goals 
for the upcoming fiscal year.
    The Department is making significant progress to improve 
acquisition management and program execution. We are continuing to 
drive our governance processes forward to ensure greater program 
accountability.
                          financial management
    The Department is designing and implementing business intelligence 
capabilities that will modernize financial systems. Through BI, we will 
have better access to current financial data, which will inform 
management decisions, increase accountability to stakeholders, and 
improve the overall health of financial management.
    For the past 4 years, we have generated the audited financial 
statements for the Department and components through a critical 
reporting tool known as DHSTIER (Department of Homeland Security 
Treasury Information Executive Repository). The tool consolidates 
summary-level financial data from fifteen components and offices, 
generating the core financial reporting for the Department.
    The use of DHSTIER has enhanced the efficiency of generating 
financial statements and is essential for meeting our reporting 
requirements, as well as the accelerated time frames for producing the 
Annual Financial Report. DHSTIER provides near-real-time financial 
statement data immediately upon data upload in the system. The system 
is proven, audited, and consistently delivers the required financial 
reports for DHS.
    Currently, we are implementing a new DHS data element to capture 
Program Project Activity (PPA) in financial systems. By the second 
quarter of fiscal year 2013, PPA data will feed into DHSTIER from the 
component financial systems, giving us an automated, standardized way 
of categorizing and accounting for DHS PPA funds and providing 
visibility into budget execution data reporting down to the program 
level.
    In March 2011, I launched the Financial Reporting Dashboard System 
(FRDS), an enterprise-wide data repository and business intelligence 
tool. FRDS uses the monthly budget execution data provided to Congress 
to produce enterprise-level reports and trend analysis in user-friendly 
formats for Departmental leadership. This system increases our ability 
to validate and improve data, which in turn provides greater 
transparency and better information for decision making. Automating the 
collection and validation of budget execution data will improve our 
response time to inquiries from stakeholders.
    FRDS provides some additional reporting capabilities and automates 
others that were previously compiled manually. We can produce reports 
that display data from multiple levels and sources, including 
Departmental totals. Further, we can drill down from these enterprise-
level reports to obtain execution data by component or by Treasury 
Account Fund Symbol (TAFS). We are also bringing DHSTIER financial data 
into FRDS, which will strengthen and validate the Monthly Execution 
Report.
    We have established standard data elements and are working to 
implement a common line of accounting to provide timely, accurate, 
useful, and actionable financial information to decision makers and 
stakeholders and to prevent waste, fraud, and abuse. This will increase 
data sharing capabilities and interoperability, minimize the time 
required to crosswalk data elements, and include applicable Federal and 
National standards to provide the foundation for accurate, timely, and 
reliable Departmental financial reporting.
Qualified Opinion
    A significant example of the progress being made in the 
Department's financial management area is exhibited by our recent 
qualified opinion. Obtaining this opinion is significant progress 
towards addressing a key weakness identified by GAO.
    The CFO conducted targeted risk assessments to identify and 
remediate weaknesses in accounting and financial reporting. We 
established mission action plans for the Department's most significant 
challenge areas and monitored progress against those plans throughout 
the fiscal year. As a result of these efforts, DHS received a qualified 
audit opinion on its fiscal year 2011 Consolidated Balance Sheet and 
Statement of Custodial Activity. This accomplishment is significant 
because it increases transparency and accountability for the 
Department's resources.
    The CFO will expand the scope of the fiscal year 2012 audit, with 
the goal of obtaining an opinion on all five financial statements. The 
Department will continue to implement a risk-based approach to audit 
remediation and will work closely with components to mitigate any risk 
of new material weaknesses or audit qualifications as a means to 
sustain prior-year successes.
    Finally, DHS has also made significant progress identifying and 
recovering improper payments through general recovery audits, testing 
of high-risk programs, and execution of corrective action plans. In 
fiscal year 2011, the CFO began targeted recovery audits for high-risk 
payment types. One such audit focused on telecommunication invoices and 
resulted in $4 million in recoverable improper payment claims, $100,000 
in immediate cost savings, and $2 million in estimated future cost 
savings. We are developing additional measures, such as risk-based 
analytic tools and stronger internal controls, to reduce the 
probability of future improper payments.
                       human resources management
    Aligning human resources information technology (HRIT) to increase 
timeliness and efficiency of DHS human capital operations is a goal 
included in the Department's Workforce Strategy for FY 2011-2016.
    In September 2010, I established the Human Resources Information 
Technology Executive Steering Committee, a formal governance board of 
human capital, training, and IT executive representatives from every 
DHS component and additional leadership from across my organization. 
Our first order of business was initiating the first application of 
Federal Segment Architecture at DHS. The Human Capital Segment 
Architecture (HCSA) project provided a clear understanding of the best 
and most appropriate ways to align the Department's Human Capital 
resources--people, technology, data, and systems--to serve the 
Department's critical mission effectively and efficiently. DHS received 
an award titled, Leadership in Government Transformation Using 
Enterprise Architecture, for this project at the annual Excellence in 
Enterprise Architecture Awards ceremony in November 2011.
    In 2010, the Office of the Chief Human Capital Officer (CHCO), in 
partnership with CBP, implemented the COGNOS Business Intelligence 
environment that provides self-service data analysis and reporting for 
CHCO end-users to better direct their programs. A few significant 
accomplishments to date include: Field definitions and value 
calculations have been identified and standardized in accordance with 
regulatory classifications established by OPM; all personnel historical 
data has been populated; desktop capability for end-users to generate 
reports has been developed along with recurring reports; and the 
capability for recipients to execute their own reports has been 
developed. We have created end-user canned reports for inclusion in the 
standard report library which provides a more efficient means for 
producing enterprise reports. Planned initiatives are to populate the 
COGNOS technology with payroll data and automate the HR dashboard.
    Additionally, during 2011, I directed CHCO to partner with CIO to 
create a capability to electronically transfer personnel files, 
including background investigations. Our implementation of the 
eDelivery feature eliminated the need to get in a car and drive to the 
location(s) where the investigative files were located. This also 
eliminated hours of manual processing. We can now get what we need in 
near-real-time, greatly reducing the time to adjudicate on the back end 
of the on-boarding process. In fiscal year 2011, we averaged 
approximately 25 days to adjudicate a case. Today, we average 
approximately 15 days, five fewer days than that required to meet 
Federal guidelines. Therefore, we have reduced the time by 10 days, 80 
percent of which is attributed to the eDelivery system.
Other Uses of Business Intelligence
    Clearly, BI is helping to transform our acquisition, financial, and 
human capital management practices across the Department. We are also 
focusing on going beyond capturing data to inform decisions but also to 
control our limited resources. The improved management of our physical 
assets has the added benefit of detecting waste, fraud, and abuse. 
While these initiatives may be different, each initiative shares a 
similar technical solution which leads us to building integration and 
``One DHS.'' The Office of the Chief Administrative Officer (CAO) has 
business intelligence initiatives capturing and reporting on asset 
data.
    In December 2010, we initiated an agency-wide review of the fleet 
program focusing on Vehicle Allocation Methodology (VAM). Each of the 
13 DHS components operating motor vehicles participated in this 
collaborative effort, which included DHS headquarters. This analysis 
identified the current and future vehicle inventory requirements to 
achieve a diverse set of missions across the agency. As a result of 
this collaborative review components identified a 3 percent reduction 
in vehicle inventory. A 3 percent reduction translates to approximately 
$74 million in cost avoidance with the combination of acquisitions, 
fuel, and maintenance. The VAM analysis will be conducted annually, and 
DHS will continue to review its fleet program with the goal to further 
reduce its vehicle fleet while maintaining affordable readiness.
    To date, DHS has identified and centralized all real estate 
holdings and is in the process of integrating this data with multiple 
components' personal property systems as a means to populate and 
maintain data currency in the data warehouse. In addition, the platform 
utilized by each line-of-business is standardized and will be 
integrated to promote enterprise use of data sets across business 
lines. This capability will serve as a ``One DHS'' decision support and 
management intelligence service in the area of personal property that 
will utilize integration as a key element to maturing the Department 
towards a ``One DHS'' model.
                               conclusion
    The Department has made good progress to date. All Management 
Directorate line-of-business offices are developing information 
standards for their respective functions and are using the Department's 
business intelligence service to develop dashboards from both internal 
and external stakeholders. It is expected that over the next 12 months, 
we will standardize data sets and initiate pilots on enterprise 
business intelligence capability.
    My goal is for the decision support capability to serve as the 
primary source for DHS dashboards where performance, program and 
portfolio management, financial, acquisition, human capital, asset 
management, enterprise architecture, cyber, and other DHS data sets are 
obtained from the DHS systems of record. Those dashboards will be 
integrated to provide a better view into the Department's mission 
performance and identify efficiency opportunities.
    As I have stated in previous public statements, one of my first 
official acts upon becoming Under Secretary for Management was to issue 
a memo authorizing a manual data call. At that time, a manual data call 
was the only method to collect information across the Department. It 
was clear to me then, as it is now, that to best serve the Department 
of Homeland Security and allow leadership to make more timely and 
accurate mission-related decisions, building better and integrated 
information systems needed to be a priority. In fact, these 
capabilities now exist through a powerful set of systems that form the 
core of our emerging suite of our business analytics. These tools are 
bringing DHS more in line to become, as the Secretary has prioritized, 
a better integrated or One DHS.
    Once again, I thank you for the opportunity to appear before you 
today, and I look forward to answering your questions.

    Mr. McCaul. Thank you, Mr. Borras.
    The Chairman now recognizes Mr. Maurer for his opening 
statement.

 STATEMENT OF DAVID C. MAURER, DIRECTOR, HOMELAND SECURITY AND 
         JUSTICE TEAM, GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Maurer. Good morning, Chairman McCaul, Ranking Member 
Keating, and other Members and staff. I am pleased to be here 
today to discuss DHS's on-going efforts to build an integrated 
and unified department.
    As you have already noted, from the day DHS opened its 
doors in 2003, GAO designated its implementation as high-risk. 
Completing its transformation into a cohesive department is 
critical to achieving its homeland security missions. Doing so 
will require continued progress in human capital, information 
technology, and acquisition in financial management, as well as 
integrating these functions across the Department.
    Now, these are broad areas so I am going to focus my 
comments this morning on a few key points. First, to carry out 
its vital daily missions, DHS needs a strong uniformed 
management foundation. This includes the ability to obtain a 
clean financial opinion, deploy new technologies on time and 
within budget, and identify and fill key skill gaps across the 
Department. We have provided DHS 31 outcomes like these, which 
DHS has agreed to accomplish. Collectively, these outcomes 
identify where they want to go. But DHS isn't there yet.
    It currently lacks vital management capabilities to 
integrate the Department into something greater than the sum of 
its parts. For example, DHS faces challenges identifying and 
meeting acquisition program requirements, and only a small 
number of DHS's major acquisitions have validated cost 
estimates. DHS twice attempted and was unable to build an 
integrated Department-wide financial management system. DHS 
also lacks comprehensive Department-level visibility over key 
human capital information.
    Now, in recent years, DHS has worked hard to fix its 
management problems and has achieved some key successes. For 
example, last year DHS obtained a qualified audit opinion on 
its balance sheet for the first time since its creation. DHS 
has lowered its senior level--senior leadership vacancy rates 
from a peak of 25 percent in 2006 to 10 percent in 2011. We 
have also seen significant senior level support for a series of 
plans to help ensure DHS missions are ably supported by a sound 
management infrastructure. In particular, the Department's 
December 2011 strategy for addressing high risk is a good 
roadmap for moving DHS from where it is now, a department with 
several management challenges, to where it wants to be, a 
unified department supported by integrated management functions 
that is no longer on our high-risk list.
    To further strengthen its plans, we would suggest among 
other things establishing measures and reporting on progress 
for all initiatives, which brings me to my final point, which 
is especially important: DHS needs to focus on executing its 
plans. The Department has laid out an ambitious agenda and has 
considerable work ahead to achieve its goals. For example, DHS 
is rolling out plans for improving how it manages investments 
across the Department. However, it still needs to implement 
several changes to make this happen. DHS continues to face 
challenges implementing information security controls and 
managing its IT acquisitions, which it is trying to address 
through, among other things, a new approach to overseeing IT 
investments. On the financial front, DHS recently announced a 
new approach for modernizing its financial systems but is still 
years away from complete implementation and continues to have 
material weaknesses and internal controls over financial 
reporting.
    In short, while DHS has made important strides addressing 
its management challenges, the Department still has a great 
deal of work ahead of executing its plans. Doing so is 
important because building a solid management foundation will 
help DHS carry out its important missions.
    Mr. Chairman, thank you for the opportunity to testify this 
morning. I look forward to your questions.
    [The statement of Mr. Maurer follows:]
                 Prepared Statement of David C. Maurer
                             March 1, 2012
                             gao highlights
    Highlights of GAO-12-365T, a testimony before the Subcommittee on 
Oversight, Investigations, and Management, Committee on Homeland 
Security, House of Representatives.
Why GAO Did This Study
    Since 2003, GAO has designated the implementation and 
transformation of DHS as high-risk because, among other things, DHS had 
to combine 22 agencies, while ensuring no serious consequences for U.S. 
National and economic security. This high-risk area includes challenges 
in DHS's management functions--financial management, human capital, IT, 
and acquisitions; the effect of those challenges on implementing DHS's 
missions; and integrating the functions. In November 2000, GAO 
published criteria for removing areas from its high-risk list. In 
September 2010, GAO identified 31 actions and outcomes critical to 
addressing this high-risk area. This testimony addresses DHS's progress 
in: (1) Developing a strategy for addressing its high-risk designation, 
and (2) achieving outcomes critical to addressing this high-risk area. 
This statement is based on GAO products issued from June 2007 through 
February 2012, including selected updates. It also includes preliminary 
observations from GAO's on-going work reviewing DHS's IT governance. 
GAO reviewed documents on IT governance and interviewed officials.
What GAO Recommends
    This testimony contains no new recommendations. GAO has made over 
100 recommendations to DHS since 2003 to strengthen the Department's 
management and integration efforts. DHS has implemented many of these 
recommendations and is in the process of implementing others.
department of homeland security.--continued progress made improving and 
          integrating management areas, but more work remains
What GAO Found
    The Department of Homeland Security (DHS) has updated and 
strengthened its strategy for how it plans to address GAO's high-risk 
designation and resolve the Department's management challenges. In 
January 2011, DHS provided GAO with its Integrated Strategy for High-
Risk Management, which summarized the Department's preliminary plans 
for addressing the high-risk area. GAO found that this strategy, which 
was later updated in June and December 2011, was generally responsive 
to the actions and outcomes needed to address GAO's high-risk 
designation. For example, the January 2011 strategy generally 
identified multiple, specific actions and target completion time frames 
consistent with the outcomes GAO identified. However, the strategy did 
not address the root causes of problems, among other things. In its 
June 2011 strategy, DHS, among other things, identified 10 root causes 
that cut across the management areas and their integration. 
Nevertheless, GAO identified ways the strategy could be strengthened, 
including consistently reporting the progress of its initiatives and 
corrective actions. In its most recent update, DHS better positioned 
itself to address its management challenges. For example, for the first 
time, DHS included ratings of the Department's progress addressing its 
high-risk outcomes. However, GAO believes that DHS could more 
consistently report on available resources and corrective actions, 
establish measures and report on progress made for all initiatives, and 
stabilize its methodology for measuring progress. These changes, if 
implemented and sustained, provide a path for DHS to address GAO's 
high-risk designation.
    DHS has made progress, but has considerable work ahead to achieve 
actions and outcomes critical to addressing this high-risk area. Among 
other accomplishments, DHS realigned its acquisition management 
functions within a new office to assess the health of major 
acquisitions and investments; conducted program and portfolio reviews 
of hundreds of information technology (IT) investments; and reduced the 
number of material weaknesses in internal controls. DHS also 
demonstrated top leadership commitment by identifying roles and 
responsibilities for its key management initiatives. However, DHS has 
more work ahead to fully implement its plans and address its management 
challenges. For example, in June 2010 GAO reported that over half of 
the programs reviewed awarded contracts to initiate acquisition 
activities without component or Department approval of essential 
planning documents. In addition, DHS faces challenges fully defining 
key system investment and acquisition management policies and 
procedures. Further, as of September 30, 2011, due to material 
weaknesses in internal controls over financial reporting, DHS was 
unable to provide assurance that these internal controls were operating 
effectively. In September 2011 we reported that DHS also continues to 
face challenges implementing some key human capital initiatives, such 
as its workforce strategy. DHS also needs to continue to demonstrate 
sustainable progress in integrating its management functions within and 
across the Department and its components, including making progress 
with its model for managing investments across components and 
management functions. GAO will continue to assess DHS's efforts to 
address its high-risk designation and will report its findings on the 
Department's progress in the high-risk update that it expects to issue 
in early 2013.
    Chairman McCaul, Ranking Member Keating, and Members of the 
subcommittee: I am pleased to be here today to discuss the Department 
of Homeland Security's (DHS) on-going efforts to build a single, 
unified department. DHS now has more than 200,000 employees and almost 
$60 billion in budget authority, and completing its transformation into 
a cohesive department is critical to achieving its homeland security 
missions. Our prior work on mergers and organizational transformations, 
undertaken before the creation of DHS, found that successful 
transformations of large organizations, even those faced with less-
strenuous reorganizations than DHS, can take years to achieve.\1\ Since 
the Department's creation in 2003, GAO has designated the 
implementation and transformation of DHS as high-risk because DHS had 
to combine 22 agencies--several with major management challenges--into 
one department, and failure to effectively address DHS's management and 
mission risks could have serious consequences for U.S. National and 
economic security.\2\ This high-risk area includes challenges in 
strengthening DHS's management functions--financial management, human 
capital, information technology (IT), and acquisition management--the 
effect of those challenges on DHS's mission implementation, and 
challenges in integrating management functions within and across the 
Department and its components.
---------------------------------------------------------------------------
    \1\ See GAO, Highlights of a GAO Forum: Mergers and 
Transformations: Lessons Learned for a Department of Homeland Security 
and Other Federal Agencies, GAO-03-293SP (Washington, DC: Nov. 14, 
2002) and Results-Oriented Cultures: Implementation Steps to Assist 
Mergers and Organizational Transformations, GAO-03-669 (Washington, DC: 
July 2, 2003).
    \2\ GAO, High-Risk Series: An Update, GAO-03-119 (Washington, DC: 
January 2003). In addition to this high-risk area, DHS has 
responsibility for other areas we have designated as high-risk. 
Specifically, in 2005 we designated information sharing for homeland 
security as high-risk, involving a number of Federal departments to 
include DHS, and in 2006, we identified the National Flood Insurance 
Program as high-risk. Further, in 2003 we expanded the scope of the 
high-risk area involving Federal information security, which was 
initially designated as high-risk in 1997, to include the protection of 
the Nation's computer-reliant critical infrastructure. GAO High-Risk 
Series: An Update, GAO-09-271 (Washington, DC: January 2009); High-Risk 
Series: An Update, GAO-07-310 (Washington, DC: January 2007); and High-
Risk Series: An Update, GAO-05-207 (Washington, DC: January 2005).
---------------------------------------------------------------------------
    In November 2000, we published our criteria for removing areas from 
the high-risk list.\3\ Specifically, agencies must have: (1) A 
demonstrated strong commitment and top leadership support to address 
the risks; (2) the capacity (that is, the people and other resources) 
to resolve the risks; (3) a corrective action plan that identifies the 
root causes, identifies effective solutions, and provides for 
substantially completing corrective measures in the near-term, 
including but not limited to steps necessary to implement solutions we 
recommended; (4) a program instituted to monitor and independently 
validate the effectiveness and sustainability of corrective measures; 
and (5) the ability to demonstrate progress in implementing corrective 
measures.
---------------------------------------------------------------------------
    \3\ GAO, Determining Performance and Accountability Challenges and 
High Risks, GAO-01-159SP (Washington, DC: November 2000).
---------------------------------------------------------------------------
    On the basis of our prior work, in September 2010 we identified and 
provided to DHS 31 actions and outcomes that are critical to addressing 
the challenges within the Department's management areas and in 
integrating those functions across the Department. These key actions 
and outcomes include, among others, obtaining and then sustaining 
unqualified audit opinions for at least 2 consecutive years on the 
Department-wide financial statements; validating required acquisition 
documents in accordance with a Department-approved, knowledge-based 
acquisition process; and demonstrating measurable progress in 
implementing its IT human capital plan and accomplishing defined 
outcomes.\4\ DHS committed to taking actions to address all 31 of these 
outcomes. Achieving and sustaining progress in these areas would 
demonstrate the Department's ability and commitment to addressing our 
five criteria for removing issues from the high-risk list.
---------------------------------------------------------------------------
    \4\ An unqualified opinion states that the financial statements 
present fairly, in all material respects, the financial position, 
results of operations, and cash flows of the entity in conformity with 
generally accepted accounting principles.
---------------------------------------------------------------------------
    My testimony this morning will discuss our observations, based on 
prior and on-going work, on DHS's progress in: (1) Developing a 
strategy for addressing its high-risk designation for the 
implementation and transformation of the Department, and (2) achieving 
outcomes critical to addressing the high-risk designation.
    This statement is based on prior reports and testimonies we issued 
from June 2007 through February 2012, as well as letters we submitted 
to DHS in March and November 2011 providing feedback on the 
Department's January and June 2011 versions of its Integrated Strategy 
for High-Risk Management.\5\ The statement is also based on selected 
updates we obtained from May 2011 through February 2012. For the past 
products, among other things, we interviewed DHS officials; analyzed 
DHS strategies and other documents related to the Department's 
implementation and transformation high-risk area; and reviewed our past 
reports, issued since DHS began its operations in March 2003. All of 
this work was conducted in accordance with generally accepted 
Government auditing standards, and more-detailed information on the 
scope and methodology from our prior work can be found within each 
specific report. For the updates, we obtained information from DHS on 
its transformation and management integration efforts through, among 
other things: (1) Obtaining the December 2011 version of the Integrated 
Strategy for High-Risk Management, and (2) meeting with DHS officials, 
including the Under Secretary for Management and Deputy Under Secretary 
for Management. This statement is also based on preliminary 
observations from our on-going work in response to your request to 
review DHS's progress in implementing the new IT governance approach. 
For this work, among other things, we are reviewing DHS documentation 
on its planned IT governance process and interviewing DHS officials 
responsible for implementing this process. We are conducting this work 
in accordance with generally accepted Government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe that 
the evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives.
---------------------------------------------------------------------------
    \5\ See the related products list at the end of this statement.
---------------------------------------------------------------------------
 dhs has updated its strategy for addressing its high-risk designation
    Since January 2011, DHS has continued to update and strengthen its 
strategy for how the Department plans to address our high-risk 
designation and resolve its management challenges. In January 2011, DHS 
provided us with its initial Integrated Strategy for High-Risk 
Management, which summarized the Department's preliminary plans for 
addressing the high-risk area. The January 2011 strategy, which DHS 
later updated in June 2011 and December 2011, was generally responsive 
to the actions and outcomes we identified for the Department to address 
this high-risk area. Specifically, in our March 2011 written response 
to DHS's January 2011 update, we stated that:
   the strategy generally identified multiple, specific actions 
        and target completion time frames consistent with the outcomes 
        we identified;
   designated senior officials to be responsible for 
        implementing most actions; and,
   included scorecards to depict, at a high level, the 
        Department's views of its progress in addressing each high-risk 
        area and a framework for monitoring implementation of 
        corrective actions through, among other things, quarterly 
        meetings between DHS and us.
    However, the January 2011 update generally did not discuss the root 
causes of problems. Further, while the strategy identified whether DHS 
believed it had the resources available to implement planned actions, 
it did not identify what the specific resource needs were or what 
additional resources may be needed, making it difficult to assess the 
extent to which DHS has the capacity to implement those actions.
    In June 2011, DHS updated its Integrated Strategy for High-Risk 
Management. The update demonstrated the Department's continued 
leadership commitment to address the high-risk designation and 
represented continued progress. For example:
   DHS identified 10 root causes that cut across the four 
        management functions and management integration. By identifying 
        these root causes, the Department better positioned itself to 
        determine corrective actions for addressing the underlying 
        problems that have affected its management implementation 
        efforts, and to assess the extent to which progress made in 
        implementing the corrective actions has mitigated those 
        underlying problems.
   DHS organized its corrective actions into 16 key management 
        initiatives (e.g., financial management controls, IT program 
        governance, and procurement staffing model) to address its 
        management challenges and the 31 actions and outcomes we 
        identified.
    Identifying key management initiatives should help DHS prioritize 
its efforts and resources for addressing its root causes and management 
challenges, and provide a useful framework for monitoring the 
Department's implementation of the initiatives and associated 
corrective actions. However, elements of the update could be 
strengthened or clarified to better address our high-risk criteria and 
the actions and outcomes we previously identified, including: (1) 
Better defining the root causes of its management problems; (2) 
clarifying the resources available to implement corrective actions; (3) 
consistently reporting the progress of its corrective actions; and (4) 
more clearly and consistently reporting the progress of its key 
management initiatives.
    DHS provided its most recent update to its strategy in December 
2011. Overall, we believe that the December update positions the 
Department to address its management challenges and the implementation 
and transformation high-risk area. For example:
   DHS updated its initiatives--removing two initiatives from 
        the management integration area and adding four new 
        initiatives, including human resources information technology, 
        management health assessment, strategic sourcing, and 
        acquisition workforce development;\6\
---------------------------------------------------------------------------
    \6\ DHS reported eliminating: (1) The policies, procedures, and 
management directive initiative because all of the actions had been 
completed, and (2) the Department-wide performance management 
initiative because it did not address the high-risk outcomes.
---------------------------------------------------------------------------
   DHS included, for the first time, ratings of the 
        Department's progress addressing the 31 high-risk outcomes; 
        and:
   DHS enhanced its reporting and rating methodology for its 
        key management initiatives. Specifically, DHS replaced a color-
        coded (green, yellow, or red) rating system used in previous 
        updates with a new system for self-reporting progress. DHS now 
        measures and reports its progress addressing the five criteria 
        for removal from high-risk in two ways. One way uses standard 
        indicators for measuring progress and a pie graph for reporting 
        such progress across all of its key management initiatives 
        against the first four criteria--leadership commitment, 
        capacity, corrective action plans, and monitoring. The second 
        way uses specific performance measures unique to each 
        initiative for measuring progress and a fuel-type gauge for 
        reporting on the fifth criterion--demonstrated progress. 
        According to DHS, the revised methodology, amongst other 
        things, results in a more objective view of each initiative's 
        progress.
    However, the December 2011 update could be strengthened or 
clarified to better enable DHS and GAO to assess the Department's 
progress, in the following ways:
   More clearly and consistently report the resources available 
        to implement corrective actions.--DHS identified whether it had 
        sufficient resources to implement most of the corrective 
        actions. However, as we also reported to DHS regarding the 
        January and June 2011 strategies, for many corrective actions 
        DHS did not provide information on what the specific resource 
        needs are or what additional resources may be needed to 
        implement the corrective actions. The absence of resource 
        information makes it difficult to fully assess the extent to 
        which DHS has the capacity to implement these actions, 
        particularly within the time frames identified for the 
        corrective actions.
   Consistently report on corrective actions.--DHS provided 
        information on the Department's rationale for eliminating and 
        adding key management initiatives, but has not consistently 
        provided such information for the corrective actions it 
        established for each initiative. For example, the December 
        strategy contained three new corrective actions for the IT 
        program-governance initiative that were not in the June 2011 
        strategy, but did not include three corrective actions that had 
        been in the June 2011 strategy. The December strategy did not 
        consistently explain the Department's rationale for eliminating 
        or adding corrective actions from the June strategy, such as 
        whether the corrective actions were already completed, or if 
        the corrective actions were no longer appropriate or feasible. 
        Without consistently providing information on the basis for 
        DHS's decision to add or remove corrective actions, it is 
        difficult for DHS and us to track the status and progress of 
        the Department's efforts to fully implement its management 
        initiatives.
   Establish measures and report on progress for all 
        initiatives.--DHS established a total of 58 measures to track 
        its demonstrated progress in implementing the 18 initiatives 
        included in the December 2011 strategy. While these measures 
        provide additional insight into DHS's self-reported progress 
        and represent an important improvement from the June 2011 
        strategy, DHS has not yet established measures for one of its 
        initiatives--the new management health assessment initiative--
        and did not report on its progress for more than 40 percent (24 
        of the 58) of the measures in the December 2011 strategy. 
        Without establishing measures and consistently reporting on 
        their progress, neither DHS nor we can fully assess the 
        Department's progress in implementing its initiatives.
   Stabilize its methodology for measuring progress.--We 
        believe that the enhanced methodology DHS established for 
        assessing its progress in implementing its initiatives 
        generally allows for a more objective assessment. However, the 
        evolving nature of DHS's methodology, which the Department 
        revised in the June 2011 strategy and again in the December 
        strategy, makes it difficult to effectively monitor the 
        Department's progress over time.
    By strengthening these four aspects, we believe the December 2011 
strategy, if implemented and sustained, provides a path for DHS to 
address our high-risk designation. We will continue to closely monitor 
and assess DHS's progress in addressing the high-risk designation and 
the Department's overall transformation efforts as part of our work for 
the 2013 high-risk update, which we plan to issue in January 2013.
   dhs has made progress, but more work remains to achieve high-risk 
                                outcomes
    DHS has made progress addressing management challenges and 
achieving high-risk outcomes in some key areas. The Secretary and 
Deputy Secretary of Homeland Security, and other senior officials, have 
demonstrated commitment and top leadership support to address the 
Department's management challenges. As the following examples 
illustrate, DHS is making progress achieving the long-term goal of 
enhancing its management capabilities and building a more-integrated 
Department.
   In June 2011, we reported that, per Departmental acquisition 
        guidance, DHS's Science and Technology Directorate reviewed and 
        approved test and evaluation documents and plans for programs 
        undergoing testing, and conducted independent assessments for 
        the programs that completed operational testing.\7\ In October 
        2011, to enhance the Department's ability to oversee major 
        acquisition programs, DHS realigned the acquisition management 
        functions previously performed by two divisions within the 
        Office of Chief Procurement Officer to establish the Office of 
        Program Accountability and Risk Management (PARM). PARM, which 
        is responsible for program governance and acquisition policy, 
        serves as the Management Directorate's executive office for 
        program execution and works with DHS leadership to assess the 
        health of major acquisitions and investments. To help with this 
        effort, PARM is developing a database, known as the Decision 
        Support Tool, intended to improve the flow of information from 
        component program offices to the Management Directorate to 
        support its governance efforts. DHS also included a new 
        management initiative in its December 2011 update (strategic 
        sourcing) to increase savings and improve acquisition 
        efficiency by consolidating contracts Department-wide for the 
        same kinds of products and services, and reported awarding 14 
        strategically-sourced contracts in fiscal year 2011. We 
        currently have on-going work related to both of these areas 
        that we will report on later this year.\8\
---------------------------------------------------------------------------
    \7\ GAO, DHS Science and Technology: Additional Steps Needed to 
Ensure Test and Evaluation Requirements Are Met, GAO-11-596 
(Washington, DC: June 15, 2011).
    \8\ We are doing this work at the request of the Senate Committee 
on Homeland Security and Governmental Affairs. Our strategic sourcing 
work is also being done for the House Committee on Oversight and 
Government Reform.
---------------------------------------------------------------------------
   In February 2012, we reported that the DHS Chief Information 
        Officer (CIO) and Chief Human Capital Officer were coordinating 
        to streamline and consolidate the Department's human resources 
        investments.\9\ Specifically, in 2010 and 2011, the DHS CIO 
        conducted program and portfolio reviews of hundreds of IT 
        investments and systems. DHS evaluated portfolios of 
        investments within its components to avoid investing in systems 
        that are duplicative or overlapping, and to identify and 
        leverage investments across the Department. DHS also 
        consolidated: (1) 6 personnel security-related systems into its 
        Department-wide Integrated Security Management System--with an 
        additional personnel security system planned for consolidation 
        in 2012, and (2) two components' portals into the Homeland 
        Security Information Network, with plans to consolidate 12 
        additional portals before 2014.
---------------------------------------------------------------------------
    \9\ GAO, Information Technology: Departments of Defense and Energy 
Need to Address Potentially Duplicative Investments, GAO-12-241 
(Washington, DC: Feb. 17, 2012).
---------------------------------------------------------------------------
   DHS has reduced the number of material weaknesses in 
        internal controls from 18 since the inception of the Department 
        in 2003 to 5 in fiscal year 2011.\10\ In addition, in fiscal 
        year 2010 DHS committed to the goal of receiving a qualified 
        audit opinion on its consolidated balance sheet in fiscal year 
        2011 by, for example, remediating financial management issues 
        at the U.S. Coast Guard (USCG).\11\ In fiscal year 2011, DHS 
        achieved this goal by moving from a disclaimer of opinion to a 
        qualified audit opinion on its balance sheet and statement of 
        custodial activity for the first time since the Department's 
        creation.\12\ In its December 2011 strategy, DHS reported plans 
        to expand the audit to all financial statements in fiscal year 
        2012. DHS believes this will identify additional areas for 
        corrective action and help it to obtain a clean audit opinion 
        on all financial statements by September 2013, although there 
        is no clear plan for how full auditability will be achieved.
---------------------------------------------------------------------------
    \10\ A material weakness is a significant deficiency, or a 
combination of significant deficiencies, in internal control such that 
there is a reasonable possibility that a material misstatement of the 
entity's financial statements will not be prevented or detected and 
corrected on a timely basis. A significant deficiency is a deficiency, 
or combination of deficiencies, in internal control that is less severe 
than a material weakness, yet important enough to merit attention by 
those charged with governance. A deficiency in internal control exists 
when the design or operation of a control does not allow management or 
employees, in the normal course of performing their assigned functions, 
to prevent, or detect and correct, misstatements on a timely basis.
    \11\ A qualified opinion states that, except for the effects of the 
matter(s) to which the qualification relates, the audited financial 
statements present fairly, in all material respects, the financial 
position, results of operations, and cash flows of the entity in 
conformity with generally accepted accounting principles. The matter(s) 
to which the qualification relates could be due to a scope limitation, 
or the audited financial statements containing a material departure 
from generally accepted accounting principles, or both.
    \12\ A disclaimer of opinion states that the auditor does not 
express an opinion on the financial statements (e.g., scope 
limitations).
---------------------------------------------------------------------------
   In February 2012, we reported that DHS consolidated five 
        time-and-attendance systems into a Department-wide time-and-
        attendance system and plans to incorporate an additional 
        component by June 2012.\13\ This consolidation effort is part 
        of DHS's broader human resources IT initiative. This initiative 
        is intended to, among other things: (1) Support the development 
        and implementation of consistent and consolidated human 
        resources IT systems across DHS, and (2) strengthen and unify 
        the Department's ability to collect and share human resource 
        information. We also reported in February 2012 that DHS had 
        initiated a Senior Executive Service Candidate Development 
        Program in May 2011 to build its senior leadership pipeline 
        within the Department--consolidating what had been four 
        individual leadership programs into a single DHS-wide program--
        and lowered its senior leadership vacancy rates from a peak of 
        25 percent in 2006 to 10 percent at the end of fiscal year 
        2011.\14\
---------------------------------------------------------------------------
    \13\ GAO, Information Technology: Department of Defense and Energy 
Need to Address Potentially Duplicative Investments, GAO-12-241 
(Washington, DC: Feb. 17, 2012).
    \14\ GAO-12-264.
---------------------------------------------------------------------------
   In February 2011, we reported that the Department put in 
        place common policies, procedures, and systems within 
        individual management functions, such as human capital, that 
        help to integrate its component agencies.\15\ DHS has also 
        demonstrated top leadership commitment by identifying roles and 
        responsibilities at the departmental level for the key 
        management initiatives it has included in the December 2011 
        strategy. Additionally, DHS has promoted accountability for 
        management integration among Department and component 
        management chiefs by, among other things, having the Department 
        chiefs provide written objectives that explicitly reflect 
        priorities and milestones for that management function as well 
        as aligning the component chiefs' individual performance plans 
        to the Department's goals and objectives.
---------------------------------------------------------------------------
    \15\ GAO, Department of Homeland Security: Progress Made and Work 
Remaining in Implementing Homeland Security Missions 10 Years after 9/
11, GAO-11-881 (Washington DC: Sept. 7, 2011); GAO, DHS: A 
Comprehensive Strategy Is Still Needed to Achieve Management 
Integration Department-wide, GAO-10-318T (Washington, DC: Dec. 15, 
2009).
---------------------------------------------------------------------------
    In its December 2011 strategy, DHS presented detailed plans to 
address a number of management challenges. However, in many instances, 
DHS has considerable work ahead to fully implement these plans and 
address these challenges.
   Our prior work has identified challenges related to 
        acquisition oversight, cost growth, and schedule delays, 
        including Departmental concerns about the accuracy of cost 
        estimates for some of DHS's major programs. For example, in 
        June 2010 we reported that over half of the programs we 
        reviewed awarded contracts to initiate acquisition activities 
        without component or Department approval of documents essential 
        to planning acquisitions, such as mission need statements 
        outlining the specific functional capabilities required to 
        accomplish DHS's mission and objectives; operational 
        requirements; and acquisition program baselines.\16\ 
        Additionally, we reported that only a small number of DHS's 
        major acquisitions had validated cost estimates. Further, DHS 
        reported in its December 2011 strategy that senior executives 
        are not confident enough in the data to use the Decision 
        Support Tool developed by PARM to help make acquisition 
        decisions. However, DHS's plans to improve the quality of the 
        data in this database are limited. At this time, PARM only 
        plans to check the data quality in preparation for key 
        milestone meetings in the acquisition process. This could 
        significantly diminish the Decision Support Tool's value 
        because users cannot confidently identify and take action to 
        address problems meeting cost or schedule goals prior to 
        program review meetings.
---------------------------------------------------------------------------
    \16\ GAO, Department of Homeland Security: Assessments of Selected 
Complex Acquisitions, GAO-10-588SP (Washington, DC: June 30, 2010).
---------------------------------------------------------------------------
   DHS continues to face challenges in managing its IT 
        acquisitions, ensuring proper implementation and Department-
        wide coordination, and implementing information security 
        controls. For example, as we reported in 2011, DHS faces 
        challenges fully defining key system investment and acquisition 
        management policies and procedures for IT.\17\ Moreover, the 
        extent to which DHS implemented these investment and 
        acquisition management policies and practices in major IT 
        programs has been inconsistent. We also reported that major IT 
        acquisition programs were not subjected to executive-level 
        acquisition and investment management reviews. As a result, 
        major programs aimed at delivering important mission 
        capabilities had not lived up to their capability, benefit, 
        cost, and schedule expectations. DHS is currently pilot testing 
        a new approach for overseeing and managing its IT acquisitions. 
        We are currently reviewing this new governance approach and 
        expect to report the results of our work later this year. 
        Further, we previously reported on the need for Federal 
        agencies, including DHS, to improve implementation of 
        information security controls, such as those for configuring 
        desktop computers and wireless communication devices.\18\ DHS 
        reports that, as of December 2011, it mostly addressed IT 
        security. However, the DHS Office of Inspector General 
        continues to report a material weakness in this area and 
        identifies information security as a major management challenge 
        facing the Department.
---------------------------------------------------------------------------
    \17\ GAO-11-881.
    \18\ GAO, Information Security: Federal Agencies Have Taken Steps 
to Secure Wireless Networks, but Further Actions Can Mitigate Risk, 
GAO-11-43 (Washington, DC: Nov. 30, 2010); and Information Security: 
Agencies Need to Implement Federal Desktop Core Configuration 
Requirements, GAO-10-202 (Washington, DC: Mar. 12, 2010).
---------------------------------------------------------------------------
   Due to material weaknesses in internal controls over 
        financial reporting, DHS was unable to provide assurance that 
        internal controls over financial reporting were operating 
        effectively as of September 30, 2011. According to DHS, due to 
        existing internal control weaknesses and focus on corrective 
        actions, the audit opinion on internal controls over financial 
        reporting will likely remain a disclaimer in fiscal year 2012. 
        DHS also faces challenges in modernizing its financial systems. 
        We previously reported that DHS twice attempted to implement an 
        integrated Department-wide financial management system, but had 
        not been able to consolidate its disparate systems. 
        Specifically, in June 2007, we reported that DHS ended its 
        Electronic Managing Enterprise Resources for Government 
        Effectiveness and Efficiency effort after determining that the 
        resulting financial management systems would not provide the 
        expected system functionality and performance.\19\ In December 
        2009, we reported that the Transformation and Systems 
        Consolidation program had been significantly delayed by bid 
        protests and related litigation.\20\ In March 2011, DHS ended 
        this program and reported that moving forward it would consider 
        alternatives to meet revised requirements. In 2011, DHS decided 
        to change its strategy for financial system modernization. 
        Rather than implement a Department-wide integrated financial 
        management system solution, DHS opted for a decentralized 
        approach to financial management systems modernization at the 
        component level. Specifically, DHS reported in its December 
        2011 strategy that it plans to replace financial management 
        systems at three components it has identified as most in need, 
        including the Federal Emergency Management Agency (FEMA), USCG, 
        and Immigrations and Customs Enforcement (ICE). As of February 
        2012, DHS officials stated that they first planned to modernize 
        FEMA's system, which would start using a Federal shared service 
        provider at the beginning of fiscal year 2015. DHS officials 
        told us they had not yet identified the specific approach or 
        necessary resources and time frames for implementing new 
        systems at USCG and ICE. It is not clear whether DHS's new, 
        decentralized approach to financial system modernization will 
        ensure that component's financial management systems can 
        generate reliable, useful, timely information for day-to-day 
        decision making; enhance the Department's ability to 
        comprehensively view financial information across DHS; and 
        comply with related Federal requirements at DHS and its 
        components. We will continue to monitor DHS's actions in this 
        area.
---------------------------------------------------------------------------
    \19\ GAO, Homeland Security: Department-wide Integrated Financial 
Management Systems Remain a Challenge, GAO-07-536 (Washington, DC: June 
21, 2007).
    \20\ GAO, Financial Management Systems: DHS Faces Challenges to 
Successfully Consolidating Its Existing Disparate Systems, GAO-10-76 
(Washington, DC: Dec. 4, 2009).
---------------------------------------------------------------------------
   DHS continues to face challenges implementing some of its 
        key human capital initiatives and functions. For example, the 
        DHS Chief Information Officer's (CIO) September 2011 assessment 
        of the human resources IT program identified two risks that 
        could have adverse effects on the cost and schedule of the 
        program. First, if the program is unable to meet its 
        established baseline schedules, there is a high probability of 
        program breach and potential loss of funding due to lack of 
        prioritization. Second, if a thorough understanding of existing 
        legacy applications and processes across the DHS components is 
        not achieved, the new, consolidated system will not adequately 
        replace existing functionality nor provide the stable 
        operational functionality needed from the program. DHS has also 
        struggled with low job satisfaction among its employees since 
        its inception. For the 2011 Federal Employee Viewpoint Survey, 
        DHS scored below the Government-wide average on the Office of 
        Personnel Management's Job Satisfaction Index and ranked 31st 
        of 33 Federal agencies on employee satisfaction, according to 
        the Partnership for Public Service's analysis of the survey 
        results. At the subcommittee's request, we currently have work 
        underway evaluating the effectiveness of DHS's plans and 
        efforts to address its employee morale issues and expect to 
        report our findings later this year. Further, in June 2011, DHS 
        reported that it was developing component operational plans to 
        implement its Department-wide workforce strategy and align the 
        component plans with the goals, measures, and objectives of the 
        strategy. However, in its December 2011 strategy, DHS reported 
        that it had not finished providing feedback to components on 
        their fiscal year 2011 plans.
   DHS needs to continue to demonstrate sustainable progress in 
        integrating its management functions within and across the 
        Department and its components and take additional actions to 
        further and more effectively integrate the Department. 
        Specifically, in its January 2011 high-risk strategy, DHS 
        described plans to establish an Integrated Investment Life 
        Cycle Model (IILCM) for managing investments across its 
        components and management functions; strengthening integration 
        within and across those functions; and ensuring mission needs 
        drive investment decisions. This framework seeks to enhance DHS 
        resource decision making and oversight by creating new 
        department-level councils to identify priorities and capability 
        gaps, revising how DHS components and lines of business manage 
        acquisition programs, and developing a common framework for 
        monitoring and assessing implementation of investment 
        decisions. DHS reported in December 2011 that the IILCM 
        initiative had made little progress since January 2011 though 
        the Department planned to begin using the IILCM by the end of 
        September 2012. The Department also indicated it had not 
        determined resource needs to accomplish any of the eight 
        associated corrective actions it has identified for this 
        initiative.
    While DHS has made progress, the Department still faces 
considerable challenges. Going forward, DHS needs to continue 
implementing its Integrated Strategy for High-Risk Management and show 
measurable, sustainable progress in implementing its key management 
initiatives and corrective actions and achieving outcomes. We will 
continue to monitor and assess DHS's implementation and transformation 
efforts through our on-going and planned work, including the 2013 high-
risk update that we expect to issue in early 2013.
    Chairman McCaul, Ranking Member Keating, and Members of the 
subcommittee, this concludes my prepared statement. I would be pleased 
to respond to any questions that you may have.

    Mr. McCaul. Thank you Mr. Maurer for your testimony.
    The Chairman now recognizes Mr. Edwards for his testimony.

STATEMENT OF CHARLES K. EDWARDS, ACTING INSPECTOR GENERAL, U.S. 
                DEPARTMENT OF HOMELAND SECURITY

    Mr. Edwards. Good morning, Chairman McCaul, Ranking Member 
Keating, and distinguished Members of the subcommittee.
    Thank you for inviting me today to testify about the 
integration of information across the Department, specifically 
in the areas of financial and acquisition management.
    The Department achieved a significant milestone in the area 
of financial management in fiscal year 2011. For the first time 
since 2003, DHS was able to produce an auditable balance sheet 
and a statement of custodial activity. The independent auditors 
rendered a qualified opinion on those financial statements.
    Nevertheless, the Department still has much work to do. The 
independent auditors were unable to perform procedures 
necessary to form an opinion on DHS internal control of 
financial reporting on fiscal year 2011 balance sheet and the 
statement of custodial activity. As part of the fiscal year 
2011 audit, the independent auditors identified a pervasive 
financial system functionality limitation at all of the 
significant DHS components.
    The Department's financial information technology system 
infrastructure is aging and has limited functionality, which is 
hindering the Department's ability to implement efficient 
corrective actions and produce reliable financial statements. 
The auditors noted that many of the financial systems in use at 
DHS components have been inherited from legacy agencies and 
have not been substantially updated since DHS's inception.
    As a result, on-going financial system functionality 
limitations are contributing to the Department's challenges in 
addressing systemic internal control weaknesses and 
strengthening the overall control environment. Since 2003, the 
Department has made several efforts to consolidate its 
component financial systems.
    Most recently, the Department cancelled a solicitation for 
the transformation and system consolidation, or TASC, program 
in May 2011. We have communicated with the Department regarding 
its plans for the modernization of its financial systems, and 
we will begin a review of its new efforts later this month.
    With respect to acquisition management, acquisitions 
consume a significant part of DHS's annual budget and are 
fundamental to the Department's ability to accomplish its 
mission. In April 2011, we published an audit report regarding 
DHS oversight of component acquisition programs. In that 
report, we found that the Department needs to provide 
additional guidance and improved controls in some areas. One of 
the areas that we targeted for improvement concerned the use of 
the Next Generation Periodic Reporting System, or nPRS.
    nPRS is an integrated system that provides visibility to 
the Department to track component acquisition investments. 
Component personnel are responsible for entering and updating 
information in nPRS, including cost, budget, performance, and 
scheduled data. As a result of our audit, we determined that 
the Department has issued conflicting guidance and enforcement 
for reporting in nPRS since the system became operational in 
2008.
    For the 17 acquisition programs to be reviewed during our 
audit, we found that components were not completing and 
reporting all key information in nPRS. We found some other 
inconsistencies during our audit. Not all of the 86 programs 
identified by the Department on its list of major acquisition 
programs were reported in nPRS by components. When we 
questioned the Department personnel about the differences 
between the list of major acquisition programs and nPRS, they 
stated that the differences were due to timing issues.
    However, we were not able to reconcile the differences to 
verify that they were timing-related. Our audit report 
recommended that the Department mandate the use of nPRS for all 
acquisition programs and issue improved guidance regarding nPRS 
reporting. The chief procurement officer agreed with our 
recommendation and stated that by April 30, 2011, it would 
issue guidance to components to require inclusion of all level 
1, 2, and 3 acquisition programs within the nPRS tracking tool. 
We are continuing to monitor the implementation of this 
recommendation. On February 16, 2012, we received the 
Department's latest update. In that update, the Department 
stated that it was integrating its components to ensure that 
all acquisition programs are recorded accurately in nPRS on a 
monthly basis.
    While we are encouraged by the Department's actions, this 
effort does not meet the full intent of our recommendation that 
the use of nPRS is mandated across the Department.
    Chairman McCaul, this concludes my prepared remarks, and I 
would be happy to answer any questions that you or other 
Members may have. Thank you.
    [The statement of Mr. Edwards follows:]
                Prepared Statement of Charles K. Edwards
                             March 1, 2012
    Good morning Chairman McCaul, Ranking Member Keating and 
distinguished Members of the subcommittee: I am Charles K. Edwards, 
Acting Inspector General of the Department of Homeland Security (DHS). 
Thank you for inviting me to testify today about the integration of 
information across the Department, specifically in the areas of 
financial management, acquisition management, and human capital 
management.
    As you know, the DHS Office of Inspector General (OIG) was 
established in January 2003 by the Homeland Security Act of 2002 by 
amendment to the Inspector General Act of 1978. The DHS OIG seeks to 
promote economy, efficiency, and effectiveness in DHS programs and 
operations and reports directly to both the DHS Secretary and the 
Congress. We fulfill our mission primarily by issuing audit, 
inspection, and investigative reports that include recommendations for 
corrective action, and by referring cases to the United States Attorney 
General for prosecution.
    I am pleased to have the opportunity to testify about two of our 
audit reports today. My testimony will focus on the areas of financial 
management and acquisition management.
    I will describe some of the challenges facing DHS, the steps DHS 
has taken and its progress in addressing those challenges, as well as 
provide details regarding further improvements the Department can make.
                          financial management
    In an effort to reduce redundancy, weaknesses, and vulnerabilities 
in its financial systems, DHS has made several attempts to consolidate 
its financial systems since the Department's creation.
    The first attempt, known as the Electronically Managing Enterprise 
Resources for Government Effectiveness and Efficiency project, was 
canceled in December 2005, due to technical challenges in the 
integration efforts. The second attempt, a task order issued in August 
2007, for a solution architect to develop and implement a new system 
under the Enterprise Acquisition Gateway for Leading Edge Solutions 
contract ended when no bids were received. The third attempt, called 
Transformation and Systems Consolidation (TASC) Baseline, focused on 
moving DHS components to one of two financial systems platforms: SAP or 
Oracle. On March 17, 2008, the TASC baseline approach ended when a 
Federal court ruled against DHS in the court case of Savantage 
Financial Services, Inc. vs. United States. The court ruled that DHS' 
decision to use Oracle and SAP financial software systems via ``Brand 
Name Justification'' was an improper sole source procurement in 
violation of the Competition in Contracting Act.
    In May 2008, the TASC initiative was revised to acquire an 
integrated financial, acquisition, and asset management solution for 
DHS. This approach was a larger effort than DHS had attempted 
previously because it attempted to not only consolidate component 
financial systems but also to implement DHS-wide asset management and 
procurement systems. TASC was a Department-wide effort co-sponsored by 
the DHS Under Secretary for Management (USM) and the Chief Financial 
Officer.
    In January 2009, the TASC program issued a RFP for a vendor to 
integrate, test, deploy, manage, operate, and maintain the transformed 
business processes and services of an integrated financial acquisition 
and asset management solution for DHS. In July 2010, we issued an audit 
report, DHS Needs to Address Challenges to Its Financial Systems 
Consolidation Initiative. The objective of our audit was to determine 
whether DHS was making progress in developing and implementing the TASC 
initiative. Our audit report included five recommendations; the 
Department concurred or partially concurred with all five. 
Subsequently, in May 2011, the Department announced that it was 
cancelling the solicitation for the TASC program and was considering 
alternatives to meet revised requirements. We understand that the 
Department is considering options, and we will continue to be in 
communication with the Department regarding its plans.
    Although the Department has not completed the modernization and 
consolidation of its financial systems, it continued to improve 
financial management in fiscal year 2011 and achieved a significant 
milestone. For the first time since 2003, the Department was able to 
produce an auditable balance sheet and statement of custodial activity 
and the independent auditors rendered a qualified opinion on those 
financial statements. Nevertheless, the Department still has much work 
to do. The independent auditor was unable to perform procedures 
necessary to form an opinion on DHS' internal control over financial 
reporting of the fiscal year 2011 balance sheet and statement of 
custodial activity.
    The independent auditors identified pervasive financial system 
functionality limitation at all of the significant DHS components. The 
Department's financial information technology system is aging and has 
limited functionality, which is hindering the Department's ability to 
implement efficient corrective actions and produce reliable financial 
statements. The auditors noted that many of the financial systems in 
use at DHS components have been inherited from the legacy agencies and 
have not been substantially updated since DHS' inception. As a result, 
on-going financial system functionality limitations are contributing to 
the Department's challenges in addressing systemic internal control 
weaknesses and strengthening the overall control environment.
                         acquisition management
Background
    Acquisitions consume a significant part of the Department of 
Homeland Security's annual budget and are fundamental to the 
Department's ability to accomplish its mission. In fiscal year 2010, 
DHS awarded over $13 billion for more than 88,000 procurement actions.
    The USM is responsible for the overall DHS acquisition process. As 
the Department's Chief Acquisition Officer, the USM is responsible for 
managing, administering, and overseeing the Department's acquisition 
policies and procedures. The USM delegates the responsibility for 
effective Department-wide procurement policies and procedures, 
including procurement integrity, to the Chief Procurement Officer 
(CPO). The Office of the CPO (OCPO) is responsible for oversight of 
most DHS acquisition activities and services, including management, 
administration, and strategic sourcing. OCPO responsibilities also 
include developing and publishing Department-wide acquisition 
regulations, directives, policies, and procedures.
    The USM also delegates the responsibility for developing and 
implementing the governance processes and procedures for program 
management over DHS' various acquisition programs to the Acquisition 
Program Management Division (APMD), now called the Program 
Accountability and Risk Management Office. Separation of the OCPO 
procurement management responsibilities for acquiring goods and 
services and APMD's program management of the acquisition process 
provides a layered approach to DHS' acquisition oversight.
       steps taken by dhs to improve its acquisitions management
    In 2003, the Government Accountability Office (GAO) designated 
implementing and transforming the Department of Homeland Security as 
high-risk.\1\ GAO stated that the Department's efforts to integrate 22 
independent agencies into a single department was an ``enormous 
undertaking,'' partly because many of the major components faced at 
least one management problem, including financial management 
vulnerabilities. In a 2011 update, GAO noted that acquisition 
management weaknesses have prevented major programs from meeting 
capability, benefit, cost, and schedule expectations.\2\ To address 
management challenges, GAO recommended ``validating key acquisition 
documents during the acquisition review process.''\3\
---------------------------------------------------------------------------
    \1\ GAO-03-119, High-Risk Series: An Update (Jan. 2003). GAO 
maintains a program to identify Government operations that are high-
risk due to greater vulnerabilities to fraud, waste, abuse, and 
mismanagement or the need for transformation to address economy, 
efficiency, or effectiveness. Since 1990, GAO has designated over 50 
areas as high-risk and subsequently removed over one-third of the areas 
due to progress made.
    \2\ GAO-11-278, High-Risk Series: An Update (Feb. 2011), p. 93.
    \3\ Id., 33-34.
---------------------------------------------------------------------------
    In September 2005, we published a report identifying significant 
weaknesses that threatened the integrity of the Department's 
procurement and program management operations.\4\ We made five 
recommendations to address the vulnerabilities in the Department's 
acquisition operations. DHS concurred with all five recommendations and 
agreed to move ahead with expanded procurement ethics training, 
enhancement of oversight, and establishment of a Departmental program 
management office to address procurement staff shortages and staff 
authority. Since our 2005 report, DHS has implemented management 
directives and organizational changes, and developed acquisition 
training programs intended to identify inefficiencies in the 
acquisition process and prevent procurement ethics violations.
---------------------------------------------------------------------------
    \4\ OIG-05-53, Department of Homeland Security's Procurement and 
Program Management Operations (Sept. 2005).
---------------------------------------------------------------------------
    In November 2008--recognizing the continued increase in the 
quantity and complexity of DHS acquisitions--the Chief Acquisition 
Officer classified acquisitions into three levels to define the extent 
and scope of required project and program management and the specific 
official who serves as the Acquisition Decision Authority. For level 1 
acquisitions (greater than or equal to $1 billion), the Acquisition 
Decision Authority is at the Deputy Secretary level. For level 2 
acquisitions, ($300 million or more, but less than $1 billion), it is 
the Chief Acquisition Officer. For level 3 acquisitions (less than $300 
million), the Acquisition Decision Authority is at the Component Head 
level. Acquisition Management Directive 102-01, Revision No. 1 
(Directive 102-01), also identifies specific alternate Acquisition 
Decision Authorities for each level.
    While the Department has taken these and other significant steps to 
improve its acquisition oversight processes and controls, our report 
OIG-11-71, DHS Oversight of Component Acquisition Programs (April 2011) 
identified additional areas for improvement, including improved 
guidance to components regarding their use of the next Generation 
Periodic Reporting System (nPRS), an integrated system that provides 
visibility to the Department to track components' level 1, 2, and 3 
acquisition investments.
               additional guidance needed for use of nprs
    In DHS Oversight of Component Acquisition Programs, we recognized 
that the Department has made improvements to its acquisition oversight 
processes and controls through implementation of a revised acquisition 
management directive. However, the Department needs to provide 
additional detailed guidance and improve controls in some areas. One of 
the areas we identified for improvement is the use of nPRS, an 
integrated system that provides visibility to the Department to track 
components' level 1, 2, and 3 acquisition investments. It can also 
store working and approved key acquisition documents, earned value 
management information, and risk identification. Component personnel 
are responsible for entering and updating information regarding their 
acquisition programs in nPRS. This information includes, but is not 
limited to, cost, budget, performance, and schedule data.
    Since nPRS became operational in 2008, the Department has issued 
conflicting guidance and enforcement for reporting level 1, 2, and 3 
acquisition programs. According to APMD personnel, level 1 and 2 
acquisition programs are the only programs that require nPRS reporting, 
while reporting level 3 acquisition programs is optional. Despite APMD 
personnel's explanation of the nPRS reporting requirements, in November 
2008 they required level 1, 2, and 3 acquisitions to follow the DHS 
periodic reporting process identified in the nPRS manual. Then in May 
2009, the USM issued a memorandum requiring major acquisition programs, 
level 1 and 2, to transition to nPRS by the end of the month. In July 
2009, the Office of the Chief Information Officer issued guidance that 
required components to report all programs to nPRS. In September 2009, 
the Director of APMD issued a memorandum designating nPRS as the 
Department's system of record for acquisition management data and 
official reporting system for all level 1, 2, and 3 acquisition 
programs. In January 2010, the APMD issued the final Directive 102-01, 
which required all level 1, 2, and 3 acquisition programs to comply 
with the DHS periodic reporting process. This conflicting verbal and 
written guidance confused component personnel, who were not sure 
whether to report all acquisition programs or only level 1 and 2 
programs.
    In May 2010, the USM issued a list of major acquisition programs 
that identified 86 level 1 and 2 acquisition programs and elevated some 
level 3 acquisition programs for Departmental oversight. According to 
APMD personnel, the Department and components jointly create the major 
acquisition program and project list. The APMD obtains information from 
nPRS and requests updated information from the components regarding 
their current number of acquisition programs. Once APMD personnel 
receive the information, they create the final list and the USM signs 
and issues the new list.
    As of July 2010, we identified six acquisition programs listed on 
the USM letter, but components did not report them in nPRS. We also 
identified five level 1 and 2 acquisition programs reported in nPRS but 
not on the USM letter. When we questioned Department personnel about 
the differences between the USM letter and nPRS, they stated that the 
differences were due to timing issues. However, we were not able to 
reconcile the differences to verify that they were timing related. 
Table 1 compares the list of acquisition programs in the May 2010 USM 
memo with the nPRS database as of July 2010.

     TABLE 1.--ACQUISITION PROGRAM REPORTING SYSTEM INCONSISTENCIES
------------------------------------------------------------------------
          USM Memo--May 2010                nPRS Database--July 2010
------------------------------------------------------------------------
Consolidated Mail System Program.....  No Entry.
Electronic Records Management System.  No Entry.
St. Elizabeth's......................  No Entry.
National Security System Program.....  No Entry.
Online Tracking Information System...  No Entry.
Federal Protective Services..........  No Entry.
No Entry.............................  Critical Infrastructure
                                        Technology and Analysis.
No Entry.............................  CBP--Infrastructure.
No Entry.............................  FEMA--Infrastructure.
No Entry.............................  ICE--Infrastructure.
No Entry.............................  USSS--Infrastructure.
------------------------------------------------------------------------

    To identify the number of acquisition programs in the Department, 
we requested a list of all programs from nPRS, but the Department could 
provide only level 1 and 2 acquisition programs. In March 2010, we 
requested that the components provide us with a list of all level 1, 2, 
and 3 acquisition programs so we could gain a complete inventory of 
acquisition programs throughout the Department. Table 2 shows some 
inconsistencies between the Department's totals and the components' 
totals.

              TABLE 2.--ACQUISITION PROGRAM INCONSISTENCIES
------------------------------------------------------------------------
         Department            Level 1    Level 2    Level 3     Total
------------------------------------------------------------------------
USM Letter--Apr 23, 2009....         42         25          0         67
nPRS datapull March 2010....         43         20          0         63
USM Letter--May 26, 2010....         46         40          0         86
nPRS datapull June 2010.....         49         33          0         82
nPRS datapull July 2010.....         50         32         70        152
                             -------------------------------------------
      COMPONENTS............         48         22        152        222
------------------------------------------------------------------------

    We obtained the Department's totals at five different times. Though 
we understand that there may be differences in timing due to the 
intervals, the Department needs to make sure that components are 
consistently reporting all acquisition programs into the standard 
system. In July 2010, we obtained our last data from nPRS that showed 
progress regarding the number of level 3 acquisition programs 
components entered in the system. However, at the time of the 
publication of our report, nPRS still did not reflect half of the total 
number of level 3 programs components reported outside nPRS.
                       use of nprs by components
    Because the Department has not ensured or mandated that components 
use nPRS, some components have developed systems comparable to nPRS. 
According to APMD personnel, nPRS allows components to create a copy of 
nPRS software and integrate it to meet their needs. The copy, which is 
called the nPRS Sandbox, allows the components to duplicate the nPRS 
software and to use the already developed nPRS as their oversight tool 
for draft documents and approval of documentation and earned value 
management, as well as cost and schedule status. The component's 
Sandbox copy of nPRS is not visible by DHS headquarters or other 
components because nPRS restricts access to authorized users. As of 
July 2010, Transportation Security Administration (TSA), the Federal 
Emergency Management Agency (FEMA), and the DHS Chief Financial Office 
had requested use of the nPRS Sandbox feature.
    Component personnel have developed, or are in the process of 
developing, their own data-tracking systems because the Department has 
not consistently mandated use of nPRS or its tools. For example:
   TSA hired and spent approximately $100,000 for a contractor 
        in 2005 to develop the TSA Acquisition Program Status Report, 
        which served as its data-tracking system. As of June 2010, TSA 
        had merged its acquisition program portfolio, levels 1, 2, and 
        3, into nPRS and will no longer use the TSA Acquisition Program 
        Status Report. As of August 2010, nPRS is TSA's official 
        tracking system for acquisition programs.
   FEMA, Customs and Border Protection (CBP), Immigration and 
        Customs Enforcement, and U.S. Secret Service use internally-
        developed systems based on software programs such as Microsoft 
        SharePoint.
   CBP personnel were in the process of developing an 
        additional database to track acquisitions throughout the 
        Acquisition Lifecycle Framework. We were not able to determine 
        the cost of this tracking database. According to CBP personnel, 
        the database development was a verbal agreement between CBP 
        personnel and the contractor. The statement of work under which 
        the contractor was performing other work for CBP did not 
        contain any mention of the verbal agreement.
    In summary, the Department does not always know what is in its 
acquisition portfolio because of the conflicting written and verbal 
guidance provided to the components. The USM has not ensured that 
components report all level 1, 2, and 3 acquisition programs in nPRS, 
which hinders its ability to have complete visibility into component 
acquisition programs. By mandating use of nPRS for all acquisition 
programs, the USM would have visibility into components' acquisition 
programs and could provide better oversight for its acquisition 
portfolio.
    We recommended that the Department direct components to report all 
acquisition programs (levels 1, 2, and 3) to nPRS. The Chief 
Procurement Officer agreed with our recommendation and stated that by 
April 30, 2011 it would issue guidance to components to require 
inclusion of all level 1, 2, and 3 acquisition programs within the nPRS 
tracking tool. We are continuing to monitor this recommendation and it 
remains resolved and open. On February 16, 2012, we received the 
Department's latest update. In that update the Department stated that 
it was encouraging its components to ensure that all acquisitions 
program information is reported accurately monthly. While we are 
encouraged by the Department's actions, this effort does not meet the 
full intent of our recommendation.
    Chairman McCaul, this concludes my prepared remarks. I would be 
happy to answer any questions that you or the Members may have. Thank 
you.

    Mr. McCaul. Thank you, Mr. Edwards.
    I understand we will be voting probably in 15 to 20 
minutes. We are going to keep the 5-minute rule very tightly. 
The 9/11 Commission basically said that 9/11 was a result of a 
failure of imagination. We can imagine many threats out there. 
When we have failed programs and we see taxpayer dollars 
wasted, that is not only a management issue; it is an issue 
that puts the American people more at risk. It is an issue that 
prohibits the Department from doing its core mission, and that 
is protecting the homeland.
    It is not hard to imagine a nuclear threat. When we look at 
the situation in Iran with Israel and Iran getting closer to 
having a nuclear capability, when we see Iran's relationship 
with Venezuela and Cuba, Hezbollah in the Western Hemisphere, 
Hezbollah in Mexico, Hezbollah in the United States, and yet we 
had a program, a nuclear detection program, the ASP, that 
totally failed; $230 million of taxpayer dollars wasted. We had 
a program, SBInet, a border security program; $1 billion, 
nearly $1 billion, wasted. In the private sector, if that 
occurred, people would be held accountable. In the private 
sector, a business would be accountable to their shareholders. 
They would be accountable to the Federal regulators. They would 
be accountable to the Justice Department. Yet here are just two 
examples of tremendous failures that in my judgment put the 
American people more at risk to a nuclear attack across our 
Southwest Border and yet no one was held accountable. There was 
no accountability.
    It is not just about management; it is about American lives 
at stake. So that is how I see this issue. It is an issue of 
integration. You have 22 different departments merged into one 
giant agency.
    Mr. Borras, I know you have a great challenge on your 
hands, and you inherited a lot of this, and it is very 
difficult to merge 22 agencies. But when they are stovepiped by 
acquisition and procurement and they are not integrated, we see 
these failures. Again, radiation detection ASP, $230 million of 
taxpayer money; SBInet $1 billion. Again, it is not some 
glazed-over management issue. This puts American lives at stake 
to a nuclear threat that exists, that is real. Not only the 
nuclear threat but the border, which coming from the State of 
Texas, I view as a tremendous threat to our security. So, with 
that, Mr. Borras, if you would explain to me what happened with 
the ASP program; what happened, and was anybody held 
accountable within the Department?
    Mr. Borras. Mr. Chairman, certainly both the SBI program 
and the ASP, as well as other programs, were highly informative 
certainly to me when I came in. SBInet was initiated in 2006; 
ASP shortly thereafter. As we now know, the Secretary called a 
halt to the SBI program to take a look at the factors that went 
into the cost overruns and the lack of good requirements. 
Similarly, with ASP, in April 2011, we had an acquisition 
review board meeting where we reviewed the progress and the 
lack of success with ASP, and we directed that that program be 
ended, the contract not be extended.
    What I am saying to you, Mr. Chairman, is that those 
programs in the past suffered from the lack of oversight. There 
was no mechanism to review, back in 2006-2007, departmental 
programs. What we have put in place, which I have described and 
my colleagues have acknowledged exist, is now we have a robust 
acquisition review process. We are using information-gathering 
tools like the DST to be able to now monitor much more closely 
the project process and the progress of a program. But it is 
not just catching programs when they fail. Because we have to 
manage these investments, it is very important that we maintain 
the sustainability of a program, so we have to increase its 
probability of success while reducing its risk.
    So now we have a mechanism, and we have documented over the 
last 2 years over 70 instances where we have called programs 
before the Department, where they are subject to a 
comprehensive review, and as a result of these reviews they 
have been giving adjustments, modifications, in some programs 
like ASP, they have been told to cease. They have been told to 
perform other functions to modify their process to improve the 
success of those programs. So, Mr. Chairman, I will say to you 
that we are far from perfect, but we are much better stewards 
of the investment dollars today than we were back in 2006-2007.
    Mr. McCaul. Well, I certainly hope so. Was anybody held 
accountable for these failures?
    Mr. Borras. Both of those programs were initiated certainly 
before my time at the Department, so I am not aware or 
cognizant of any action that was taken prior to my arrival in 
2010.
    Mr. McCaul. I just think too often--you know, I was in the 
Justice Department for a decade, but I think too often, the 
Federal Government, when failures like this are made, nobody is 
held accountable. You know, if this was in the private sector 
again, a private company, corporation, heads would have rolled 
over this thing, and yet I don't see any accountability here. I 
mean, I applaud your efforts to transform the agency. You have 
a great task in front of you. But it is this accountability 
issue that seems to be lacking in my judgment.
    Finally, and I have to move on very quickly, but Mr. Maurer 
or Mr. Edwards, do you have any thoughts on this issue in terms 
of what needs to be done to prevent these failures from 
occurring again?
    Mr. Maurer. I think the first thing the Department needs to 
do is execute the plans that it has already put in place. That 
traditionally has been a challenge DHS has faced from the time 
it was stood up. They have had plans to address IT and human 
capital and acquisition from the time it was created in 2003. 
They haven't always executed on those plans. So I think that is 
sort of the first thing going forward.
    I think the second thing going forward is accountability. 
As you correctly point out, Mr. Chairman, it is important to 
have accountability and oversight of these on-going efforts, 
and we have been working very closely with DHS in this regard 
and will continue to do so.
    Mr. McCaul. Just very briefly, Mr. Edwards.
    Mr. Edwards. The Department has matured the initiative 
focusing on keeping the public safe. Most of the resources were 
dedicated to that. Now they are focusing on improving 
management control standardizing policies, procedures, and 
developing systems to integrate. I think this is a huge 
monumental task, and the Department is making progress and 
moving in the right direction.
    Mr. McCaul. Let me just close by saying I think the 
Department of Defense had a lot of growing pains. The 
Goldwater-Nichols plan, I think, you should be looking at. 
Finally, I come from Austin, where there is a lot of 
technology. I really think technology can be your best friend 
in terms of integration. I do applaud your efforts to bring in 
the cloud, where you have the 22 different agencies integrated 
through technology. But with use of the cloud, I think that 
could really move the Department forward into the right 
direction. With that, I now recognize the Ranking Member.
    Mr. Keating. Thank you, Mr. Chairman.
    We are running out of time, so I will go to what my 
prepared questions are.
    Mr. Edwards, when you laid out the success of the qualified 
audit and you laid out what there should be done, does your 
review also look forward in terms of what resources are there, 
what the cost of those resources, what the Department doesn't 
have at its disposal to do it and what the cost figures were to 
do it, instead of just here is the Department's 
responsibilities, this is where they have to go? Do you also 
say that they don't have the resources available to do this and 
what the cost of that would be for the Department to do that?
    Mr. Edwards. No, sir, we have not done that. We have just 
looked at because the--you know, the number of 22 agencies 
coming together with legacy systems.
    Mr. Keating. Okay. I just wanted to qualify this. It is 
great to say, here is what the Department should do. What I 
think we need as well is a better understanding of, where are 
they going to get the resources to get this done? I will turn 
that to Mr. Maurer, the same thing. When you are reviewing 
this, I know that you can turn it back and say, well, that is 
your job, Congressman, to give the resources. That being said, 
we could use a roadmap here in Congress because these are 
issues of security and the safety of the public.
    So, Mr. Maurer, do you think that is a better approach to 
not only say what is not done, but to say the resources that 
are necessary to do it include these kind of resources? Because 
doing--we are all doing less--we all are trying to do more with 
less resources, but these are issues of National security and, 
in the long run, could be cost-effective if we could do a 
better job of providing those management resources.
    Mr. Maurer. Absolutely. We certainly agree that investing 
in management resources is key to the Department's overall 
success in achieving its key missions. One of the things that 
we are looking at when we assess the various Department plans 
for addressing our high risk is their own assessment of the 
resources that they say they need to carry out what they plan 
to do. We have had some questions along those lines about 
whether or not they have the ability to put the resources to 
bear to actually execute on these plans.
    Mr. Keating. That will lead in, and I am just going to do a 
three-part one question because of the time. So, Mr. Borras, 
getting right to you, going down the line here, I think the 
starting point we all acknowledge for homeland security was a 
very difficult one. One quick question and then just react to 
the question I ask about resources that are necessary. I am 
curious, what you control for all of DHS, how much of that is 
under your direct budget, how much isn't?
    Mr. Borras. Well, Congressman, the way the budget is 
organized the Under Secretary has authority for the good 
stewardship of the entire budget spent through the financial, 
including the way that we are organized the components have 
authority in the way that Congress has set up the funding for 
those organizations. They aren't under the control of the 
component heads. But as it relates to the resources, and we 
have put together plans that show the resource requirements 
needed to implement many of these initiatives, I will tell you, 
I have tried to be very frugal, very mindful of the financial 
state that we currently exist in. I have not asked for any 
significant increases in our budget. We are attempting to use, 
as the Chairman mentioned, leverage technology, our existing 
resources. It is often a challenge because oftentimes, we are 
pitted against each other; do we invest in the management 
backbone of the Department, or do we invest in the operations 
of the Department? Clearly the Secretary has made it clear she 
is not going to sacrifice the operations of the Department. So 
we are trying to do the best we can with the resources we have 
available and leveraging technology.
    Mr. Keating. With the focus of today's hearing and coming 
years ago from my MBA perspective on things, I honestly think 
that we should really look carefully. One of the outcomes of 
this hearing should be, are we investing enough in management 
resources, so you are not in this situation, well, here is 
operations, here is management; we don't have enough to do 
both. Well, if you don't have good tools to manage then that 
operational budget is not going to be used as efficiently as 
possible. So my thinking is, too, that all too often, we just 
keep looking at what we have to do to get by, and that is 
important in tough times. But we are losing the opportunity to 
save money and be more efficient in the long run and to do a 
better job and to meet these requirements that Mr. Edwards 
talked about, Mr. Maurer talked about, and getting the job 
done. Sometimes not investing up front is going to cost you 
more down the road, and that that not only is a cost in 
dollars; it is a cost in safety. That is what I would like to 
see more of a focus upon.
    Mr. McCaul. I thank the Ranking Member.
    The Chairman now recognizes the gentleman from 
Pennsylvania, Mr. Marino.
    Mr. Marino. Thank you, Chairman.
    Gentlemen, thank you for being here. I do not have any 
questions, but I do have a brief statement to make. First of 
all, I want to thank you for stepping up to the plate and 
assuming these roles and your staff as well. It is an awesome 
responsibility. You have thousands and thousands of people just 
in the agency alone for whom you are responsible and of course 
responsible to the citizens of the United States.
    No one forced you to take these positions. What I am tired 
of hearing since I have been here the last year and 2 months 
is, I inherited a mess, okay. None of you have said that, and I 
applaud you for not saying that. But again, you assumed the 
responsibility. Now the ball is in your court. You have to make 
this agency the best security agency in the world and the most 
efficient.
    You have an awesome responsibility. But we are going to be 
watching. We are going to assist you wherever we are able to do 
it, keeping in mind that we have a finite amount of dollars and 
an infinite amount of problems. So I leave you with good luck. 
If my office or any of us can be of any assistance to you, 
please don't hesitate to contact us.
    But the next time we are talking, it is your responsibility 
now to get this agency where it should be. Thank you.
    I yield back my time.
    Mr. McCaul. I thank the gentleman for your comments.
    I wholeheartedly agree with what you just said. I think too 
often, we get into gotcha politics in the Congress. Our sincere 
effort is to--this is too important to the American people, the 
mission.
    So we are here really to help you. Mr. Marino served as 
United States attorney for many years, and I was in the Justice 
Department for many years. The Ranking Member was a district 
attorney. We certainly understand, coming from the Government's 
perspective, where you are, and so we do want to help you.
    Mr. Marino. Can I just----
    Mr. McCaul. I yield to Mr. Marino.
    Mr. Marino [continuing]. Qualify it with one thing. No one 
forced me to run for Congress either, and I took on this 
responsibility. It is mine now; it is ours. So we are sort of 
in the same boat. We have a mission to do together.
    I yield back. Thank you for yielding.
    Mr. McCaul. Well, thanks for your comments.
    The Chairman now recognizes the gentleman from Illinois, 
Mr. Davis.
    Mr. Davis. Thank you.
    Thank you very much, Mr. Chairman.
    I would certainly echo the last comments made by yourself 
and the gentleman from Pennsylvania, but I also note that the 
failures that you discussed earlier actually did occur during 
the prior administration, and notwithstanding that, it is 
difficult to not start where you start and to not deal with 
what you have inherited because you have got to deal with that.
    So let me ask you Under Secretary, in his written testimony 
to this committee on September 8, 2011, Gene Dodaro, the 
Comptroller, noted that the Department, and I am quoting now, 
``has not yet developed an integrated financial management 
system, impacting its ability to have ready access to reliable 
information for informed decision making''.
    Is it your view that the Department's new approach to its 
financial management system will be able to promote informed 
decision making, despite its component-by-component approach?
    Mr. Borras. Congressman Davis, thank you, again, for your 
comment and question. The Department has embarked on a series 
of attempts to modernize the financial systems in the 
Department; eMerge2 and TASC were two of the very visible ones. 
Both of those had as a goal to comprehensively overhaul the 
entire financial management apparatus of the Department and put 
the Department on a single financial platform. That is a very 
expensive, a very complicated, very resource-intensive 
undertaking. The approach we have taken now is much more what I 
would call modular, much more agile, and much more mindful of 
the resources that we have available.
    Also, we have to recognize that in the Department, the 
components of the Customs and Border Protection, the Secret 
Service, and FLETC currently operate certified good-standing 
financial systems. There is no reason in my judgment to spend 
taxpayer money to modernize three major systems that are 
already producing good financial outcomes.
    So our approach has been to identify those components that 
have the greatest need in terms of either modernizing the 
system or upgrading the current system. That is a much more 
responsible financial approach. It will take us a little bit 
longer, but there is no need to invest in an entire 
comprehensive one financial system. So we will fix those that 
are in need, and we will tie those systems together, which 
using technology is a much more cost-effective way to do it, 
rather than build a very big cumbersome system.
    Mr. Davis. Thank you very much.
    Will each of you quickly respond to the Under Secretary's 
comments?
    Mr. Maurer. Absolutely. We certainly had a series of 
reports over the years talking about the Department's past 
failed efforts to modernize the financial systems. I would 
certainly agree with the Under Secretary's comments that it is 
a difficult, expensive, and complex undertaking.
    Having said that, from our perspective, what we are looking 
for are the actual outcomes of whatever strategy DHS decides to 
take in modernizing its systems. We certainly understand it has 
taken a different approach, and we will be watching that 
carefully. What we are looking for are actual results and the 
ability to provide actionable financial information to help tie 
the Department together and allow senior leadership to make 
better-informed decisions.
    Mr. Davis. Mr. Edwards.
    Mr. Edwards. Thank you, Congressman.
    I agree with the Under Secretary, they are making lots of 
progress. But the Department needs to standardize policies and 
procedures and definitions across the Department. It was such a 
huge manual lift to get the opinion last year. So as long as 
the Department can do this, and we are going to be doing a 
review later this month meeting with them on their process 
going forward.
    Mr. Davis. Thank you very much.
    Thank you, Mr. Chairman. I yield back.
    Mr. McCaul. I thank the gentleman.
    I want to just follow up with a comment about what the 
Under Secretary said, and that is leveraging existing 
technologies. I talk about that a lot. For instance, you know, 
the Department of Defense has great technologies we have used 
in Afghanistan and Iraq in terms of sensor surveillance that we 
can use on the Southwest Border for instance. But that can 
apply to so many different other areas as well. It doesn't make 
any sense to have to start from scratch and build it from 
within the Department when you can actually leverage existing, 
whether it is within the Federal Government or whether it is in 
the private sector. The private sector has a lot of great 
technology out there that we can leverage. I think in the end, 
it is more cost-effective as well.
    I appreciate your comments about being frugal because I 
think this is a time where we really have to tighten our belts. 
We don't like it. I prefer to put more money into the 
Department, but we are under very serious budgetary 
constraints.
    So, with that, I want to thank the witnesses for your 
testimony. The hearing record will be open for 10 days. If 
Members have additional questions, they may send you those, and 
you can respond in writing.
    So, with that, this hearing is adjourned.
    [Whereupon, at 10:35 a.m., the subcommittee was adjourned.]


                            A P P E N D I X

                              ----------                              

  Questions Submitted by Chairman Michael T. McCaul for Rafael Borras
    Question 1. Recently the Office of Program Accountability and Risk 
Management (PARM) was created to implement four new core initiatives: 
Streamline program execution and governance processes, establish a 
``Centers of Excellence'' to share best practices, increase visibility 
of the health of acquisition programs, and advance the development of 
the acquisition workforce. What is the status of those four initiatives 
and how will they further your efforts to be removed from GAO's high-
risk list?
    Answer. As the executive office for program execution, PARM is 
responsible for the principle DHS policy for acquisition management, 
Acquisition Management Directive (MD) 102-01. PARM is working with 
Component Acquisition Executives (CAEs), program managers, and other 
stakeholders within DHS to change the construct of MD 102-01 provide a 
functionally structured policy with the flexibility, through an 
innovative structure, that enables DHS to streamline and improve the 
policy based on stakeholder feedback without needing to re-open the 
Department's policy change process for the entire Directive. The new 
process will also facilitate development of new guidebooks, addressing 
areas such as: Portfolio governance, cost/schedule monitoring, service 
contracts, and Quarterly Program Accountability Reports (QPARs).
    To advance Centers of Excellence (COE) for Acquisition and Program 
Management, PARM supported the formation of eight COEs, which have 
begun providing program offices best practices, guidance, and expertise 
in their respective disciplines. The COEs are: Cost Estimating & 
Analysis COE and Program Management COE (sponsored by PARM); 
Accessibility Compliance COE, Enterprise Architecture COE, and 
Requirements Engineering COE (sponsored by the Office of Chief 
Information Officer); Privacy COE (sponsored by the Privacy Office); 
and Systems Engineering COE and Test & Evaluation COE (sponsored by 
Science & Technology Directorate). The core team for each COE contains 
a dedicated Federal FTE along with voluntary subject matter expert 
participation from the components and DHS lines of business. PARM 
established a COE Council to provide strategic direction to the COEs, 
and a COE Coordinating Office to provide planning and communications 
services to the COEs. The Executive Director of PARM chairs the COE 
Council. The COE initiative supports the effort to remove DHS from the 
GAO high-risk list by building program management capabilities, sharing 
best practices across components, and proactively identifying and 
addressing program gaps before they become major problems.
    DHS is driving a program management paradigm shift to emphasize the 
criticality of quality performance data in the decision-making process, 
not only during Acquisition Review Boards (ARBs), but between formal 
reviews as well.
    In addition, PARM launched the Decision Support Tool (DST) in 
October 2011, which provides DHS leadership a central dashboard for 
assessing and tracking the health of major projects, programs, and 
portfolios. DHS uses the DST capability to inform ARBs with 
standardized information. Additionally, PARM formed an independent 
analytic group to translate DST data and build the knowledge needed for 
effective decision making. Moreover, PARM has also produced the 
Quarterly Program Accountability Report (QPAR), which is used to 
perform a high-level, ``vital signs'' analysis of each major 
departmental program (on a quarterly basis) based on 15 criteria. Like 
the CASR, the QPAR leverages data from DHS source systems, thus 
minimizing time-consuming data calls.
    PARM is advancing the professional development of the workforce by 
building the Program Management (PM) Corps. PARM collaborates with 
Acquisition Workforce/Office of Chief Procurement Officer (OCPO), Lines 
of Business Chiefs (CXOs), Component Acquisition Executives (CAEs), 
Program Management Offices (PMOs), and the Centers of Excellence (COEs) 
for Acquisition and Program Management. To date this has been 
accomplished, through the development of acquisition courses for 
different PM Corp career paths (Program Manager, Cost Estimator), 
certifications and analysis of workforce gaps. PARM's focus is to 
ensure that adequate numbers of experienced, trained, and certified 
professionals are positioned where they are needed most, and to raise 
standards of professionalism and performance.
    The Under Secretary for Management's Program Management & Execution 
Playbook* outlines the core initiatives described above. The Playbook 
establishes a vision for program governance and management that 
emphasizes critical thinking, problem solving, and program 
accountability at all levels.
---------------------------------------------------------------------------
    * The document has been retained in committee files.
---------------------------------------------------------------------------
    Question 2. You recently released an Acquisition Management 
Playbook to place greater emphasis on critical thinking and 
accountability for results, rather than merely procedural compliance. 
Do you as Under Secretary for Management and Chief Acquisition Officer 
have the proper authorities to effectively conduct oversight and manage 
all component acquisition programs?
    Answer. Yes, the USM and CAO positions currently possess sufficient 
authority to oversee all investments, including acquisition programs, 
throughout their life cycles. I presently delegate authority to 
Component Acquisition Executives (CAEs), the senior-most acquisition 
officials within the components. Acquisition Management Directive (MD) 
102-01, as well as the Acquisition Playbook, provides the necessary 
policy and procedural guidance to inform the acquisition workforce. 
Those documents provide the necessary standards to conduct proper 
oversight of programs.
    Question 3. In order to be successful integrating management 
systems across the Department, there needs to be standardization of 
definitions and procedures. For example, different components have 
different definitions on what is a ``cost estimate'' for an acquisition 
program. Without standardization any integrated data would be 
inaccurate and useless. What actions have you taken to address these 
concerns?
    Answer. I recently directed by LOB Chiefs to form a Business 
Intelligence/Dashboard Executive Steering Committee (ESC) to address 
business intelligence issues, including the standardization of 
definitions and procedures. The group's charter identifies data 
standardization and a common lexicon as a top priority. The ESC 
includes cross-functional representation from across the Department and 
will focus first on the Department's acquisition and program management 
data terms. This work will be integrated with DHS training, educational 
activities, and communications.
    All the Acquisition and Program Management Centers of Excellence 
will serve as a forum for engaging the acquisition and program 
workforce in building a common language and discipline for managing the 
Department's major investment programs. An example is the Cost 
Estimating and Analysis Center of Excellence (CE&A COE), which is 
charged with building the Department's acquisition and program 
management capabilities related to cost estimating and analysis. The 
CE&A COE developed and published a standard and guidance on cost 
estimating for acquisition programs.
    Question 4. Many acquisition programs fail as a result of not 
having solid and well-defined program requirements.
    How will your new initiatives improve the quality of program 
requirements at the front end and ensure that DHS doesn't set up 
acquisition programs for failure?
    Answer. The Department has instituted several changes to improve 
the quality of how program requirements are developed early in a 
program's life cycle. The principle changes involve the creation of 
eight Centers of Excellence (COE) to assist the major acquisition 
disciplines to in all phases of the life cycle. These COE provide the 
program managers with proven practices, tools, standards, and expert 
support to mature requirements definition and program management.
    The Requirements Engineering COE, Systems Engineering COE, and 
Enterprise Architecture COE engage with program managers early in the 
life cycle to establish well-defined requirements, traceability, and 
configuration management processes for the programs. The Test and 
Evaluation COE provides expert support directly to the programs so that 
Key Performance Parameters are stabilized early in the life cycle. This 
ensures testability and improved the probability that future 
developmental and operational test are successful.
    The Cost Estimating & Analysis COE is working to build an organic 
capability within program offices to develop Life Cycle Cost Estimates 
(LCCE). The CE&A COE is utilizing the GAO publication on cost 
estimating to validate program LCCE.
    The Program Management COE manages the end-to-end acquisition 
processes and provides coaching and mentoring to programs and 
components. These include integrated scheduling, organizational 
structures, and contracting approaches.
    The Privacy COE and Accessibility COE are integrated into the 
Systems Engineering processes to establish those requirements with 
programs. The technical reviews described in each Systems Engineering 
Lifecycle Tailoring Plan ensure that programs are achieving the 
requirements associated with these important areas.
    Fostering solid business relationships with industry is also an 
essential part of improving the quality of program requirements at the 
front end. At the DHS Industry Day held in January 2012, I emphasized 
the importance of forging the right kind of relationships with industry 
so that we get maximum benefit from the investments funded by 
taxpayers. All PMs will be required to conduct comprehensive market 
research early in the process and document their findings so future 
contract reviews can verify that this important step has been 
completed. The Senior Procurement Executive is spearheading a process 
to encourage early and frequent engagement with industry and sites 
visits. We have created Component Industry Liaison positions to respond 
to industry questions and facilitate more meaningful reaction between 
DHS and industry, and I have directed senior managers to improve the 
quality of feedback in debriefings, and to enter information into the 
Contractor Performance Assessment Reporting System (CPARS).
    The Department's effort to place greater emphasis on the ``front-
end'' strategic phase of the acquisition process will ultimately result 
in a more informed and accurate procurement forecast.
    Question 5. One of your initiatives to better manage acquisitions 
is the establishment of the Investment Review Board. How is it 
different that the old Acquisition Review Board?
    Answer. Plans are underway to expand the functions of the 
Acquisition Review Board (ARB) to include emphasis about non-
acquisition ``investments.'' When fully deployed toward the end of 
fiscal year 2012, the Investment Review Board (IRB) will focus more on 
investments that may include private-sector type information beyond 
what is traditionally associated with Government contracts. Examples 
might include grants, interagency agreements, leases, and human 
capital, which collectively represent approximately 60% of the 
Department's total budget. The enhanced IRB is intended to provide a 
more holistic view of DHS investments and resources by reviewing the 
entire landscape of both acquisition programs and non-acquisition 
investments. IRB members will also view the efficiency and 
effectiveness of investments and determine whether redundant or poor 
performing programs should be cancelled or combined with other programs 
to improve the Department's return on investment.
    The composition of the governance boards (e.g., IRBs) consists of: 
The Under Secretary for Management, Under Secretary for Science and 
Technology, Assistant Secretary for Policy, General Counsel, Chief 
Financial Officer, Chief Procurement Officer, Chief Information 
Officer, Chief Human Capital Officer, Chief Administrative Officer, and 
Chief Security Officer, as well as senior component officials.
    Question 6. GAO has reported that the various versions of the 
Integrated Strategy for High-Risk Management do not consistently 
identify the specific resources the Department needs to implement 
planned corrective actions, making it difficult to assess the extent to 
which DHS has the capacity to implement these actions.
    What challenges is DHS facing in identifying the specific resources 
needed to implement its planned corrective actions? More specifically, 
what are the resources needed? How is the current budget environment 
affecting these needs?
    Answer. As of February 2012, each LOB Chief has solidified their 
resource plans within each Corrective Action Plan (CAP) and identified 
a CAP lead to spearhead each initiative. Where practical, the goal of 
each Line of Business (LOB) Chief is to furnish dedicated resources, 
either through internal DHS employees or contractor support. As 
programs mature, LOBs are able to integrate their teams with resources 
from other organizations.
    Question 7. What are DHS's challenges with integrating its 
financial information and systems, what are the plans for overcoming 
these challenges, and what are the time frames for achieving reliable, 
useful, and timely financial information for Department-wide decision 
making on a day-to-day basis?
    Answer. One of the most significant challenges faced by DHS is 
multiple, disparate financial management systems. Many of the existing 
systems are outdated, expensive to maintain and present significant 
obstacles to the Department's ability to provide timely, accurate 
enterprise-level information. Recognizing this challenge, DHS has 
unsuccessfully pursued implementation of a seamlessly integrated 
Department-wide financial management system. After several attempts to 
acquire a centralized financial information system, the Department has 
changed course to focus on a decentralized approach to financial system 
modernization while improving Department-wide business process 
standardization, implementing a common accounting line, and building 
enterprise-wide business intelligence capabilities.
    These business intelligence capabilities will provide accurate, 
timely, and reliable financial management reporting across the 
Department. The approach includes consolidating component financial 
data, using data checks and analytics to improve data quality and 
better understand trends to improve decision making, and enhancing and 
automating financial reporting for the Department, Congress, OMB, and 
other key stakeholders.
    Business intelligence tools and data standardization will enable 
DHS to collect and map data from component systems to report 
Department-wide information and decrease our reliance on stand-alone 
data calls and data-entry spreadsheets. DHS plans to begin 
incrementally building business intelligence capability to report 
Department-wide financial information consolidated from component core 
financial systems in fiscal year 2012 and plans to continue to develop, 
expand, and refine this during fiscal year 2013 and fiscal year 2014.
    Question 8. GAO has reported that: (1) Few acquisitions have life-
cycle cost estimates, (2) DHS lacks a sufficient financial management 
system, and (3) DHS senior executives are not confident in using 
acquisitions' and investments' performance data captured by the 
Decision Support Tool.
    What is the percentage of DHS acquisitions and investments that 
have a validated and DHS-approved life-cycle cost estimate?
    Given that DHS cannot document how much it is spending or how much 
it actually needs to acquire and maintain its current acquisitions and 
investments, how does DHS determine that it can afford the acquisitions 
needed to secure the homeland?
    What steps is DHS taking to ensure that the Decision Support Tool 
accurately captures program performance on a consistent basis?
    Answer. I created a Cost Estimating & Analysis Center of Excellence 
(CE&A COE) to build the Department's cost estimation capabilities and 
to mature the cost estimates of major DHS acquisitions and investments. 
The CE&A COE, which is led by the Office of Program Accountability and 
Risk Management (PARM), is tasked with providing components and major 
program offices best practices, processes, guidance, tools, operating 
models, and expert counsel in cost estimating and analysis.
    DHS can document how much it is spending. After years of being on 
the high-risk list maintained by the Government Accountability Office, 
the Department of Homeland Security received its first qualified 
opinion on its fiscal year 2011 balance sheet and statement of 
custodial activities. Obtaining a qualified opinion is a pivotal step 
in increasing transparency and accountability, as well as accurately 
accounting for the Department's resources. Moreover, it is a 
significant milestone that highlights how significantly financial 
management has improved at DHS. This year's audit results provide clear 
evidence of continued management improvements at DHS.
    In order to make informed investment decisions, DHS directs 
components to provide life-cycle cost estimates (LCCEs) in support of 
their acquisition programs. A LCCE attempts to identify all the costs 
of an acquisition program, from its initiation through disposal of the 
resulting system at the end of its useful life. LCCEs are used to 
assess whether the investment is affordable within DHS's long-term 
funding profile. This affordability is a key consideration during 
Investment Review Board deliberations at milestones in the investment 
life cycle, and annually as part of Department resource allocation 
decision making.
    Based on these initiatives, DHS has made progress in getting life 
cycle cost estimates approved. We are on track, at a minimum, to double 
the number approved life-cycle cost estimates in fiscal year 2012 over 
prior years. DHS currently has 13.3% level 1 LCCEs acquisitions 
approved with an anticipation of that to grow to 20% by the end of 
fiscal year 2012. We expect to see this incremental progress to 
continue as the cost estimating community of practice matures within 
DHS.
    The Department is taking a number of steps to ensure that program 
performance data used in the Decision Support Tool (DST) is complete, 
accurate, and valid. The DST, which is managed by PARM, pulls data from 
existing source systems of record, which are populated directly by the 
program offices.
    On February 13, 2012, I signed a memorandum on business 
intelligence, emphasizing DHS reporting requirements. The memorandum 
reminds Component Acquisition Executives (CAEs) and major programs 
offices of their responsibility to report accurate and complete 
acquisition program information in DHS systems of record. To further 
encourage accountability, DHS added performance objectives on data 
management and reporting to CAE performance plans.
    In addition, PARM is creating DST reports to identify any programs 
that are not compliant with the reporting requirements. These reports 
will document incomplete data fields for each major investment. PARM is 
also conducting manual data deficiency reviews on major investments, as 
well as continued outreach to DHS stakeholders (workshops, briefings, 
and one-on-one communications) to underscore the importance of 
reporting compliance. PARM's outreach serves to set expectations that 
the Department is using reported performance data to inform Acquisition 
Review Boards (ARB), annual and quarterly Comprehensive Acquisition 
Status Reports (CASR), Quarterly Program Accountability Reports (QPAR), 
as well as day-to-day decisions between formal program reviews.
    Question 9. DHS plans to establish a new framework (the Integrated 
Investment Life Cycle Model) for managing investments across its 
components and management functions. This framework includes creating 
new department-level councils to identify priorities and capability 
gaps, make resource decisions, and monitor and assess the 
implementation of investment decisions.
    DHS has had previous department-level resource decision-making 
bodies, such as the Joint Requirements Council. What were the 
roadblocks for previous department-level resource decision-making 
bodies?
    What steps is DHS taking to ensure that these new councils are 
successful in managing a broad portfolio of mission needs, 
acquisitions, and investments?
    What is the status of standing up these new decision-making bodies, 
specifically the Department Strategy Council, Functional Coordination 
Offices, and Capabilities and Requirements Council?
    Answer. Since its inception in 2001, the Department has 
continuously worked to improve how it manages its multi-billion dollar 
investment portfolio. Creating a Joint Requirements Council (JRC) in 
2003 was an important achievement to identify cross-cutting 
opportunities and leverage common requirements. According to GAO, the 
JRC lacked adequate oversight and accountability. I was mindful of this 
information when I directed my staff to develop the IILCM, which is 
designed to consider a broader range of investment factors.
    For example, since my arrival to the Department nearly 2 years ago, 
I committed to strengthen all phases of acquisition management. This 
includes better cost estimating, deploying business intelligence to 
inform key strategy decisions and expanding the responsibilities of the 
ARB to have a more holistic view of DHS resources by reviewing both 
acquisition programs and non-acquisition investments.
    However, before any substantive changes could be made, I concluded 
that key structural changes to the way decisions are evaluated and 
concluded had to be one of my first steps. While the JRC was an 
important forum, it was just one part of the overall landscape. Working 
with my counterparts in the components, as well as my direct reports 
(e.g., LOB Chiefs), we developed the IILCM. The IILCM is a conceptual 
framework to consider the viability of investment decisions, from the 
time it is first conceptualized through execution.
    In general terms, the IILCM has already been initiated, albeit in a 
phased approach given the need to pilot/test the concepts and account 
for the challenges of an incrementally funded budget process through 
the use of continuing resolutions.
    The IILCM concept is multi-dimensional, not linear. Each phase 
requires testing and coordination at both the Department and component 
levels. Rather than adopting a single, ``big bang'' approach, each 
function (e.g., Board/Council) is being ``initiated'' in phases or 
segments. Some phases have matured faster than others, especially those 
functions that fall within the domain of the Management Directorate 
lines of business.
    Figure 1 displays the key tenets of the IILCM and provides a multi-
dimensional, inter-related process that ties investments to mission 
goals. This model integrates the top mission objectives identified by 
the Secretary with the long-standing Planning, Programming, Budgeting, 
and Execution process. In addition, it identifies participants and 
decision makers from key organizations whose involvement is based, in 
part, on their functional responsibility.


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



    In general terms, the IILCM has already been initiated, albeit in a 
phased approach, given the need to pilot/test mission-related concepts 
and the challenges posed by an incrementally-funded budget process. The 
IILCM is multi-dimensional, not linear. This means that changes or 
decisions made by an ARB could, and likely will, have a ripple effect 
on earlier stages (e.g., DSC, CRC). For example, Program A may be 
determined at the ARB to be underperforming or possess obsolete 
technology. As such, the CRC may determine during a trade-off exercise 
that to improve the quality and viability of investment decisions.
 Questions Submitted by Chairman Michael T. McCaul for David C. Maurer 
                                  \1\
---------------------------------------------------------------------------
    \1\ [ . . . ]The responses are based on previously issued GAO 
products.[ . . . ]See GAO, Department of Homeland Security: Continued 
Progress Made Improving and Integrating Management Areas, but More Work 
Remains, GAO-12-365T (Washington, DC: Mar. 1, 2012); GAO, Information 
Technology: Department of Defense and Energy Need to Address 
Potentially Duplicative Investments, GAO-12-241 (Washington, DC: Feb. 
17, 2012); GAO, Financial Management Systems: DHS Faces Challenges to 
Successfully Consolidating Its Existing Disparate Systems, GAO-10-76 
(Washington, DC: Dec. 4, 2009); GAO, Department of Homeland Security: 
Billions Invested in Major Programs Lack Appropriate Oversight, GAO-09-
29 (Washington, DC: Nov. 18, 2008); and GAO, Financial Management: 
Long-standing Financial Systems Weaknesses Present a Formidable 
Challenge, GAO-07-914 (Washington, DC: Aug. 3, 2007).
---------------------------------------------------------------------------
    Question 1. Do you believe the President's fiscal year 2013 budget 
proposal provides DHS the resources and capacity to make greater 
progress removing them from the high-risk list?
    Answer. The absence of resource information for many of the 
corrective actions DHS identified in its strategy for addressing our 
high-risk designation makes it difficult to fully assess the extent to 
which the Department has the resources and capacity to implement its 
strategy. Without this information, neither DHS nor we can fully assess 
the extent to which the Department has the capacity to implement these 
actions. Specifically, in its December 2011 Integrated Strategy for 
High-Risk Management, DHS did not consistently provide information on 
what the specific resource needs are or what additional resources may 
be needed to implement the corrective actions--actions intended to move 
the Department toward removal from our high-risk list.
    Question 2a. For nearly a decade DHS has attempted to modernize and 
integrate its financial management systems. As of May 2011, DHS 
canceled the Transformation and Systems Consolidation (TASC) program, 
its third attempt to integrate financial systems. Now DHS is attempting 
to move forward with a new Financial Modernization effort.
    Do you have any reservations with their new strategy to enhance its 
integration of financial management systems?
    Answer. It is too soon to assess DHS's new, decentralized approach 
for modernizing its financial management systems because this approach 
is in its early stages with many pieces still being defined by the 
Department. However, we have previously reported that agencies that do 
not have integrated systems, such as DHS, are likely to expend more 
time, effort, and resources in compiling routine financial information 
and periodic financial statements.\2\ Without any definitive 
information on DHS's new approach, it is not clear whether the approach 
will result in systems that generate reliable, useful, timely financial 
information for day-to-day decision making and agency oversight. 
Specifically, as of February 2012, DHS had not identified the Federal 
service provider that will be used by the Federal Emergency Management 
Agency's financial management system--the first system scheduled for 
modernization. Additionally, DHS has not yet identified the specific 
approach or necessary resources and time frames for implementing new 
systems at U.S. Coast Guard and Immigration and Customs Enforcement--
the next two components identified for modernization.
---------------------------------------------------------------------------
    \2\ GAO-07-914.
---------------------------------------------------------------------------
    Further, agencies that embark on financial system modernization 
projects without having a clear road map increase the risk of cost 
overruns, schedule delays, and other project failures. We have 
consistently reported that agencies should develop planning documents 
that describe, at a high level: (1) How all agency financial systems 
would relate to each other, (2) how information would flow from and 
through these systems, and (3) which system would be considered the 
official system of record for master data.\3\ Further, planning 
documents provide a useful tool to explain how financial management 
systems at the component and department levels would operate 
cohesively. The planning documents should be geared to an agency-wide 
solution rather than individual component, stove-piped efforts and 
establish mechanisms to monitor program cost, schedule, and 
performance. We will continue to monitor DHS's financial management 
system modernization efforts.
---------------------------------------------------------------------------
    \3\ GAO-10-76.
---------------------------------------------------------------------------
 Questions Submitted by Ranking Member William R. Keating for David C. 
                                 Maurer
    Question 1a. GAO first designated DHS's implementation and 
transformation as high-risk in 2003 because of the difficulty of 
transforming 22 disparate agencies into one department. In addition, 
many of these individual agencies were facing their own management and 
mission challenges. But most importantly, the failure to effectively 
address DHS's management challenges and program risks could have 
serious consequences for our homeland security as well as our economy. 
DHS transformation remained on the high-risk list in 2005, 2007, 2009, 
and 2011 and GAO is preparing to issue its next high-risk update in 
January 2013.
    What actions has the Department taken since GAO's 2011 high-risk 
update to transform and integrate the Department?
    Answer. DHS has taken several actions to implement and transform 
the Department in each of the management areas--human capital, 
financial management, information technology, and acquisition 
management--and management integration as illustrated in the examples 
below.
   DHS initiated a Senior Executive Service Candidate 
        Development Program in May 2011 to build its senior leadership 
        pipeline within the Department.
   DHS achieved its goal of receiving a qualified audit opinion 
        on its consolidated balance sheet in fiscal year 2011 by moving 
        from a disclaimer of opinion to a qualified audit opinion on 
        its balance sheet and statement of custodial activity for the 
        first time since the Department's creation.\4\
---------------------------------------------------------------------------
    \4\ A qualified opinion states that, except for the effects of the 
matter(s) to which the qualification relates, the audited financial 
statements present fairly, in all material respects, the financial 
position, results of operations, and cash flows of the entity in 
conformity with generally accepted accounting principles. The matter(s) 
to which the qualification relates could be due to a scope limitation, 
or the audited financial statements containing a material departure 
from generally accepted accounting principles, or both. A disclaimer of 
opinion states that the auditor does not express an opinion on the 
financial statements (e.g., of scope limitations).
---------------------------------------------------------------------------
   DHS consolidated six personnel security-related systems into 
        its Department-wide Integrated Security Management System as 
        part of its efforts to streamline and consolidate the 
        Department's human resources investments.\5\
---------------------------------------------------------------------------
    \5\ GAO-12-241.
---------------------------------------------------------------------------
   In October 2011, DHS established the Office of Program 
        Accountability and Risk Management (PARM) to enhance its 
        ability to oversee major acquisition programs--realigning the 
        acquisition management functions previously performed by two 
        divisions within the Office of Chief Procurement Officer and 
        elevating PARM to report directly to the Under Secretary for 
        Management.
   In the management integration area, DHS has promoted 
        accountability for management integration among Department and 
        component management chiefs by, among other things, having the 
        Department chiefs provide written objectives that explicitly 
        reflect priorities and milestones for that management function 
        as well as aligning the component chiefs' individual 
        performance plans to the Department's goals and objectives.
    In addition, DHS has continued to update and strengthen its 
strategy for addressing our high-risk designation for implementing and 
transforming the Department. Specifically, DHS provided updates to its 
Integrated Strategy for High-Risk Management in June and December 2011. 
These updates identify, among other things, the Department's management 
initiatives and corrective actions for addressing its management 
challenges. The Department is working on another update to the 
strategy, which it expects to provide us in June 2012.
    Question 1b. What should be the Department's focus going forward?
    Answer. DHS needs to focus on executing its Integrated Strategy for 
High-Risk Management and show measurable, sustainable progress in 
implementing its management initiatives and corrective actions and 
achieving outcomes.
    Question 2a. In February 2012, GAO reported that DHS had developed 
and started to implement an Integrated Strategy for High-Risk 
Management and corrective action plans for acquisition, information 
technology, financial, and human capital management functions.
    What is GAO's assessment of the plan?
    Answer. Overall, we believe that the December 2011 Integrated 
Strategy for High-Risk Management positions DHS to address its 
management challenges and the implementation and transformation high-
risk area. We identified four areas in which the Department could 
strengthen or clarify the strategy to better enable DHS and GAO to 
assess the Department's progress: (1) More clearly and consistently 
report the resources available to implement corrective actions; (2) 
consistently report on DHS's rationale for adding or removing 
corrective actions; (3) establish measures and report on progress for 
all initiatives; and (4) stabilize the methodology for measuring 
progress. By strengthening these four aspects, we believe the December 
2011 strategy, if implemented and sustained, provides a path for DHS to 
address our high-risk designation.
    Question 2b. What actions is DHS taking to implement the Integrated 
Strategy?
    Answer. DHS is taking actions to implement its Integrated Strategy 
in each of the management areas--human capital, financial management, 
information technology, acquisition management, and management 
integration--as illustrated in our response to question 3a.
    Question 2c. Is DHS committed to implementing this strategy, 
including dedicating the resources required to fully implement the 
corrective actions set forth in the strategy?
    Answer. DHS's Secretary and Deputy Secretary and other senior 
officials have demonstrated commitment and top leadership support to 
implementing the Department's Integrated Strategy for High-Risk 
Management. However, it is not always clear whether DHS is dedicating 
the resources required to fully implement the corrective actions set 
forth in the strategy because the Department has not consistently 
identified the resources it needs or met its target completion dates.
    Question 3. GAO reported that its prior work has identified 
challenges related to acquisition oversight, cost growth, and schedule 
delays, including Departmental concerns about the accuracy of cost 
estimates for some of DHS's major programs.
    What progress has DHS made in establishing an oversight body to 
inform high-level trade-off decisions about its acquisition programs?
    Answer. DHS has made some progress overseeing individual 
acquisition programs, but does not have a high-level, decision-making 
body for considering trade-offs across its entire portfolio of 
investments. In 2003, DHS established the Joint Requirements Council 
(JRC) to identify cross-cutting opportunities and common requirements 
among DHS components, and help determine how DHS should use its 
resources. When it met regularly, the JRC played a key role in 
identifying several examples of overlapping investments, including 
passenger screening programs. During 2006, the JRC stopped meeting 
after the chair was assigned to other duties within the Department. In 
2008, DHS representatives recognized that strengthening the JRC was a 
top priority, and we recommended that DHS reinstate it or establish 
another joint requirements oversight board.\6\
---------------------------------------------------------------------------
    \6\ GAO-09-29.
---------------------------------------------------------------------------
    In September 2010 we identified and provided to DHS 31 actions and 
outcomes that are critical to addressing the challenges within the 
Department's management areas and in integrating those functions across 
the Department. Among these actions and outcomes, we reiterated the 
need to create a joint requirements oversight board, and in response, 
DHS stated that it would establish an executive decision structure--
presented as the Integrated Investment Life Cycle Model (IILCM)--to 
prioritize capabilities and requirements across components by the end 
of fiscal year 2011. As part of this proposed structure, a 
``Capabilities and Requirements Council'' would consider trade-off 
decisions across DHS's portfolio of investments. However, in the 
December 2011 version of the Department's Integrated Strategy for High-
Risk Management, DHS reported that the IILCM will not begin operations 
until the end of fiscal year 2012.
    DHS has operated an Acquisition Review Board--recently renamed the 
Investment Review Board--since 2008, and this board has instructed 
individual programs to identify alternative acquisition approaches, 
reconsider requirements, and pursue cost-saving efforts. The board has 
also instructed individual programs to produce summaries of related 
activities within DHS and the Department of Defense. However, DHS 
continues to operate without an oversight board, similar to the JRC, 
responsible for considering trade-offs across its entire portfolio of 
investments.
   Questions Submitted by Chairman Michael T. McCaul for Charles K. 
                                Edwards
    Question 1a. DHS has stated, ``The Department has not ensured or 
mandated that components use all available acquisition tools and best 
practices guidance to provide transparency and efficiency.''
    Do components knowingly choose not to use these ``best practice'' 
acquisition tools for support? Or, are they not aware that these tools 
even exist?
    Answer. The Department has generally made progress in its 
acquisition oversight processes and controls through implementation of 
a revised acquisition management directive. However, the Department did 
not ensure that components were using all acquisition tools available 
and that all components had adequate policies and procedures in place 
to manage acquisition programs. As we reported this past year, the 
Department had not ensured or mandated that components use all 
available tools and supporting programs, including the next-generation 
Periodic Reporting System (nPRS) and the Department's Strategic 
Sourcing Program Office (SSPO), to provide transparency and efficiency 
of component acquisition programs. Some components developed systems 
comparable to nPRS and may have awarded contracts without consideration 
of the SSPO. As a result, the Department did not have complete 
visibility of all programs within its acquisition portfolio.
    Question 1b. What needs to be done to ensure that these new Centers 
of Excellence to share tools and best practices will be successful?
    Answer. The Department's Acquisition Program Management Division 
recently reorganized to become the Office of Program Accountability and 
Risk Management (PARM) on October 1, 2011 under a Centers of Excellence 
model. The Department has not taken steps to ensure that all components 
have developed prescribed policies and procedures for oversight of 
acquisition programs. Directive 102-01 states that components retain 
the authority to set internal acquisition processes and procedures, as 
long as they are consistent with the spirit and intent of the 
directive. However, not all components have created such policies and 
procedures, and the Department has not taken steps to ensure the 
adequacy of the processes and procedures that components developed. We 
recommended that DHS implement a plan of action for Department-wide 
finalization of acquisition management policies and procedures. The DHS 
Under Secretary for Management addressed the desire for each component 
to have a Component Acquisition Executive to lead a process and staff 
to provide acquisition and procurement oversight, policy, and guidance 
to ensure that statutory, regulatory, and higher-level policy 
requirements are fulfilled. This is a good start. However, PARM needs 
to effectively implement their Centers of Excellence model, and 
aggressively work with Component Acquisition Executives if they are to 
ensure their Centers of Excellence model successfully shares tools and 
best practices.
Questions Submitted by Ranking Member William R. Keating for Charles K. 
                                Edwards
    Question 1. The latest version of the OIG's annual report on major 
management challenges facing the Department states that it's 
Department's financial management reporting ``has achieved a 
significant milestone. For fiscal year 2011, the Department was able to 
produce an auditable balance sheet and statement of custodial activity; 
and the independent auditors rendered a qualified opinion on those 
statements.''
    Please discuss the importance of this achievement by the Department 
relative to the scope of the financial management challenges it faces?
    Answer. DHS' achievement of a qualified opinion on its balance 
sheet and statement of custodial activity in fiscal year 2011 is 
important because it shows that DHS is improving controls over the 
financial administration of its programs and operations.
    However, the independent auditor noted that DHS' financial 
information technology (IT) infrastructure is aging and found financial 
system functionality limitations at all of the significant DHS 
components. As a result, some components are forced to use extensive 
inefficient manual processes and workarounds to process reports and 
report financial data. In addition, weaknesses in the general control 
environment are interfering with more extensive use of IT application 
controls needed to improve efficiencies in operations and reliability 
of financial information. Until DHS modernizes its aging financial 
systems and IT controls and systems, functionality limitations will 
continue to be a major factor contributing to DHS financial management 
challenges.
    Question 2a. Improving the acquisition workforce has been noted as 
a key acquisition management priority at the Department. Recently, the 
Department added acquisition workforce development as a management 
initiative.
    What progress has the Department made in building and sustaining a 
sufficient, capable, and properly trained workforce to support its 
acquisition portfolio?
    Answer. DHS made progress in the recruitment and retention of a 
workforce capable of managing a complex acquisition program. The number 
of procurement staff has more than doubled since 2005. In addition, 
participation in the Acquisition Professional Career Program, which 
seeks to develop acquisition leaders, increased 62% from 2008 to 2010. 
Nevertheless, DHS continues to face acquisition workforce challenges 
across DHS. For example:
   GAO reported that the United States Coast Guard (Coast 
        Guard) reduced its acquisition workforce vacancies from 
        approximately 20 percent to 13 percent. According to its August 
        2010 human-capital staffing study, program managers reported 
        concerns with staffing adequacy in program management and 
        technical areas. To make up for shortfalls in hiring systems 
        engineers and other acquisition workforce positions for its 
        major programs, the Coast Guard uses support contractors, which 
        constituted 25 percent of its acquisition workforce as of 
        November 2010.
   Acquisition staff turnover in FEMA has exacerbated file 
        maintenance problems and resulted in multimillion-dollar 
        contracts not being managed effectively or consistently. One of 
        FEMA's challenges is hiring experienced contracting officers to 
        work at disasters. The majority of FEMA staff at a disaster 
        site work on an on-call, intermittent basis.
    Question 2b. Please explain the current shortfalls of the 
Department's acquisition workforce and how the Office of Program 
Accountability and Risk Management is addressing these shortfalls.
    Answer. In its March 2010 Acquisition Human Capital Plan, DHS 
defined acquisition workforce as ``contracting specialists/officers, 
program managers, and contracting officer's technical 
representatives.'' The Plan says that one of the hardest-to-fill 
occupational series within the Federal Government is the 1102 
contracting series (contract specialist) and focuses on attracting and 
maintaining 1102s.
    The Plan projected that DHS needed to annually increase the number 
of 1102s by 5% each year to maintain a workforce that keeps pace with 
projected workload. From a presumed adequate base of 1,326 at the end 
of fiscal year 2009, DHS estimated that it will need 299 more 1102s by 
the end of fiscal year 2014. In the March 2011 Plan update, DHS 
reported that it will continue to expand the acquisition workforce 
through the acquisition certification programs, acquisition 
professional career program, and centralized acquisition training 
program. The Plan update also indentified new initiatives that will 
allow DHS to capture certification and training records of the 
acquisition workforce and develop a staffing tool to determine optimal 
1102 staffing levels relative to workload volume and complexity.
    In response to OIG and GAO recommendations, the DHS Under Secretary 
for Management restructured oversight of all major acquisition programs 
in fiscal year 2011. A key part of this restructuring was the elevation 
of the Program Accountability and Risk Management (PARM) Office to be a 
direct report to him. The PARM Office was designed to: (1) Manage, 
implement, and guide DHS managers of major investments through the 
acquisition governance process, (2) provide independent assessments of 
major investment programs, (3) work with DHS partners to enhance 
business intelligence to inform Acquisition Review Board decisions, and 
(4) monitor programs between formal reviews to identify any emerging 
issues that DHS needs to address to keep the programs on track.
    We have not yet reviewed the new PARM initiative and what effect it 
may have on the acquisition workforce. However, if fully implemented 
and sustained, we believe this program is a good approach toward more 
effective acquisition management at DHS.
    Question 3. In the current fiscal environment of doing more with 
less, are the Department's efforts to develop a better acquisition 
workforce reasonable (i.e., affordable and practical)?
    Answer. DHS has taken action to implement and transform its 
acquisition workforce, but like many Federal agencies it still faces 
challenges recruiting and retaining quality staff. Rebuilding the 
Federal acquisition capability represents a sensible investment where 
money spent on hiring and training should pay off in terms of improved 
contracting and a reduction in waste and fraud. While progress is being 
made, much remains to be accomplished before procurements are managed 
effectively. Almost every contracting challenge facing DHS--in 
particular, poor acquisition planning, unjustified sole-source 
contracts and inadequate oversight of contractors--can be traced back 
to the Federal Government's failure, beginning in the early 1990's, to 
invest in the Federal acquisition workforce.
    While the size of the acquisition staff is important, ultimately, 
it is the quality of the workforce that determines the quality of 
acquisition outcomes. To be successful, as DHS finishes their capacity-
building initiative, it will need to focus attention on:
   developing ways to deal with the acquisition 
        ``sustainability question'' to retain interns and new hires for 
        more than just a few years;
   improving the capability of the acquisition workforce that 
        they currently have, which includes training, right-sizing, and 
        right-shaping the workforce;
   becoming ``One DHS'' focused on establishing a cohesive, 
        efficient, and effective organization; and
   enhancing and integrating acquisition processes and 
        technology.
    Question 4a. The DHS OIG continues to report a material weakness 
related to information technology security and has identified 
information security as a major management challenge. In the December 
2011 Integrated Strategy for High-Risk Management, the Department 
reports that it mostly addressed information technology security.
    What specific steps is the Department taking to strengthen its 
information technology security and to address the weakness identified 
by the Office of Inspector General?
    Answer. For the DHS Annual Financial Statement, KPMG continues to 
identify a material weakness in the area of Information Security. 
During the fiscal year 2011 financial statement audit, DHS did show 
some improvements toward strengthening its information technology 
security. The drivers for the material weakness in information 
technology during fiscal year 2011 were the Coast Guard and FEMA. 
Specific steps that the Coast Guard, FEMA, and the remainder of the 
Department have taken to strengthen information technology are:
    For Coast Guard:
   During fiscal year 2011 audit, Coast Guard took corrective 
        action to address nearly half of the prior year IT control 
        weaknesses. Coast Guard made improvements by strengthening its 
        system security settings over some of its systems located at 
        the Operations Systems Center (OSC), Aviation Logistics Center 
        (ALC), and USCG Finance Center; strengthening controls over 
        audit log reviews at ALC; and improving data center controls at 
        OSC and ALC.
   Coast Guard took actions to improve aspects of its system 
        password settings, data center physical security, and scanning 
        for system vulnerabilities.
    For FEMA:
   FEMA made improvements over implementing certain logical 
        controls over FEMA and National Flood Insurance Program 
        information systems, as well as development and implementation 
        of controls around patch management and vulnerability 
        management.
   FEMA made improvements in IT entity-level controls, 
        including those related to incident response and handling, 
        contractor management, and IT investment life-cycle management.
    Question 4b. What are some key indicators of success that 
weaknesses have either been mitigated or corrected by the Department?
    Answer. Key indicators that we feel show that the Department is 
successfully mitigating or correcting the material weakness:
   The number of prior-year IT audit findings for the 
        Department as a whole has decreased.
   There have been fewer new IT issues identified at the 
        Department this past audit year. This is due to the increased 
        focus of the components on remediating the prior-year issues 
        and beginning to identify the root causes of the system-related 
        issues.