[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
DHS FINANCIAL SYSTEMS: WILL MODERNIZATION EVER BE ACHIEVED?
=======================================================================
HEARING
before the
SUBCOMMITTEE ON
OVERSIGHT AND
MANAGEMENT EFFICIENCY
of the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
FIRST SESSION
__________
SEPTEMBER 26, 2017
__________
Serial No. 115-29
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.govinfo.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
28-418 PDF WASHINGTON : 2018
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON HOMELAND SECURITY
Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas Bennie G. Thompson, Mississippi
Peter T. King, New York Sheila Jackson Lee, Texas
Mike Rogers, Alabama James R. Langevin, Rhode Island
Jeff Duncan, South Carolina Cedric L. Richmond, Louisiana
Lou Barletta, Pennsylvania William R. Keating, Massachusetts
Scott Perry, Pennsylvania Donald M. Payne, Jr., New Jersey
John Katko, New York Filemon Vela, Texas
Will Hurd, Texas Bonnie Watson Coleman, New Jersey
Martha McSally, Arizona Kathleen M. Rice, New York
John Ratcliffe, Texas J. Luis Correa, California
Daniel M. Donovan, Jr., New York Val Butler Demings, Florida
Mike Gallagher, Wisconsin Nanette Diaz Barragan, California
Clay Higgins, Louisiana
John H. Rutherford, Florida
Thomas A. Garrett, Jr., Virginia
Brian K. Fitzpatrick, Pennsylvania
Ron Estes, Kansas
Brendan P. Shields, Staff Director
Steven S. Giaier, Deputy Chief Counsel
Michael S. Twinchek, Chief Clerk
Hope Goins, Minority Staff Director
------
SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY
Scott Perry, Pennsylvania, Chairman
Jeff Duncan, South Carolina J. Luis Correa, California
John Ratcliffe, Texas Kathleen M. Rice, New York
Clay Higgins, Louisiana Nanette Diaz Barragan, California
Ron Estes, Kansas Bennie G. Thompson, Mississippi
Michael T. McCaul, Texas (ex (ex officio)
officio)
Ryan Consaul, Subcommittee Staff Director
Erica D. Woods, Interim Subcommittee Minority Staff Director
C O N T E N T S
----------
Page
Statements
The Honorable Scott Perry, a Representative in Congress From the
State of Pennsylvania, and Chairman, Subcommittee on Oversight
and Management Efficiency:
Oral Statement................................................. 1
Prepared Statement............................................. 2
The Honorable J. Luis Correa, a Representative in Congress From
the State of California, and Ranking Member, Subcommittee on
Oversight and Management Efficiency:
Oral Statement................................................. 3
Prepared Statement............................................. 4
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Prepared Statement............................................. 5
Witnesses
Mr. Chip Fulghum, Deputy Under Secretary for Management, U.S.
Department of Homeland Security:
Oral Statement................................................. 6
Prepared Statement............................................. 7
Ms. Michele F. Singer, Director, Interior Business Center, U.S.
Department of the Interior:
Oral Statement................................................. 10
Prepared Statement............................................. 11
Ms. Elizabeth Angerman, Executive Director, United Shared
Services Management, Office of Government-Wide Policy, U.S.
General Services Administration:
Oral Statement................................................. 13
Prepared Statement............................................. 14
Mr. Asif A. Khan, Director, Financial Management and Assurance,
U.S. Government Accountability Office:
Oral Statement................................................. 16
Prepared Statement............................................. 18
Appendix
Questions From Chairman Scott Perry for Chip Fulghum............. 41
Questions From Chairman Scott Perry for Elizabeth Angerman....... 42
DHS FINANCIAL SYSTEMS: WILL MODERNIZATION EVER BE ACHIEVED?
----------
Tuesday, September 26, 2017
U.S. House of Representatives,
Committee on Homeland Security,
Subcommittee on Oversight and
Management Efficiency,
Washington, DC.
The subcommittee met, pursuant to notice, at 2 o'clock
p.m., in Room HVC-210, Capitol Visitor Center, Hon. Scott Perry
[Chairman of the subcommittee] presiding.
Present: Representatives Perry, Duncan, Ratcliffe, Higgins,
Estes, Correa, Rice, and Barragan.
Mr. Perry. The Committee on Homeland Security Subcommittee
on Oversight and Management Efficiency will come to order.
The purpose of this hearing is to examine the failures and
path forward with modernizing the Department of Homeland
Security's financial systems.
The Chair now recognizes himself for an opening statement.
As the third-largest Federal Cabinet agency, the Department
of Homeland Security, or DHS, has a duty to be an effective
steward of taxpayer dollars. Sound management of its finances
is vital to implementing the homeland security mission.
With a multitude of priorities, including responding to
major emergencies like Hurricanes Harvey and Irma, securing our
porous borders, protecting cyber space and enforcing our
immigration laws, DHS's senior leadership needs timely
financial information to inform its decisions.
In addition, DHS needs systems that can be fully protected
against the latest cyber threats to ensure personal and other
sensitive data isn't compromised. Unfortunately, the
Department's third and latest attempt to modernize its flagging
financial systems has failed and DHS is struggling to determine
a solid path forward.
DHS has been attempting to modernize its financial systems
for well over a decade. The two previous attempts wasted, or
cost, over $50 million to build a Department-wide integrated
financial system.
Following these failures--and I say that because we are
still trying, we still don't have anything after the $50
million--but following these failures, DHS chose to modernize
component financial systems with the most critical need first.
In 2013, the Obama administration urged agencies to use
Federal shared service providers to improve financial systems.
Shortly thereafter, DHS decided to enter a discovery phase with
the Interior Business Center, or the IBC, within the Department
of Interior.
By August 2014, DHS had entered into an agreement with the
IBC to modernize systems for the Domestic Nuclear Detection
Office, Transportation Security Administration, and the U.S.
Coast Guard at a cost of $79 million.
Congressional watchdogs at GAO, or the Government
Accountability Office, warned in 2013 that DHS had an increased
risk of, among other things, investing in and implementing
systems that do not provide the desired capabilities and
ineffectively use resources during its financial system
modernization efforts.
GAO's prediction came true. Costs for the project have
ballooned to over $124 million as of August, about 60 percent
more than the original estimate.
However, the truth is that DHS has no idea how much it will
cost in the end. TSA's modernized system will go live over 2
years later than planned and the Coast Guard system will not be
modernized at all under the current agreement with the IBC.
This outcome is simply astounding, reprehensible, and
unacceptable from a pure cost standpoint, if not from an
efficacy standpoint.
It is proof that the Obama administration's Federal shared
service provider concept was doomed to fail for such a large
agency. GAO attributes the failure to numerous causes: Lack of
proper planning, aggressive schedule, complex and changing
requirements, increased cost, and management and communication
failures. DHS is now rushing to implement a new strategy which
will likely put taxpayer dollars at risk to waste.
We are at a critical moment. DHS must fully engage with the
private sector to help salvage this disaster. Leveraging
industry's talents is what should have been done in the first
place and is the only possible way DHS might right this ship.
As a former small-business owner, it baffles me how the
Federal Government can spend over 10 years and hundreds of
millions of dollars and have so little to show for it.
Businesses large and small have to modernize systems and
processes every single day. It may be hard, but it doesn't take
them decades and hundreds of millions of dollars to do it.
Mr. Fulghum, you were on the ground floor of this effort.
You were involved in the negotiations with the IBC and its
implementation as the chief financial officer. I demand on
behalf of the taxpayers a full explanation as to how we got
here and what is being done to fix this mess.
Quite frankly, the magnitude of this failure demands
accountability by those in charge and it calls into question
the management directorate's ability to lead critical
management issues facing DHS in the future based on what has
been done in the past.
[The statement of Chairman Perry follows:]
Statement of Chairman Scott Perry
September 26, 2017
As the third-largest Federal cabinet agency, the Department of
Homeland Security (DHS) has a duty to be an effective steward of
taxpayer dollars. Sound management of its finances is vital to
implementing the homeland security mission. With a multitude of
priorities including responding to major emergencies like Hurricanes
Harvey and Irma, securing our porous borders, protecting cyber space,
and enforcing our immigration laws, DHS's senior leadership needs
timely financial information to inform its decisions. In addition, DHS
needs systems that can be fully protected against the latest cyber
threats to ensure personal and other sensitive data isn't compromised.
Unfortunately, the Department's third, and latest, attempt to modernize
its flagging financial systems has failed, and DHS is struggling to
determine a solid path forward.
DHS has been attempting to modernize its financial systems for well
over a decade. The two previous attempts wasted over $50 million to
build a Department-wide integrated financial system. Following these
failures, DHS chose to modernize component financial systems with the
most critical need first. In 2013, the Obama administration urged
agencies to use Federal shared service providers to improve financial
systems. Shortly thereafter, DHS decided to enter a ``discovery phase''
with the Interior Business Center (IBC) within the Department of
Interior. By August 2014, DHS had entered into an agreement with IBC to
modernize systems for the Domestic Nuclear Detection Office,
Transportation Security Administration, and the U.S. Coast Guard at a
cost of $79 million. Congressional watchdogs at GAO warned in 2013 that
DHS had ``an increased risk of, among other things, investing in and
implementing systems that do not provide the desired capabilities and
inefficiently use resources during its financial system modernization
efforts.''
GAO's prediction came true. Costs for the project have ballooned to
over $124 million as of August--about 60 percent more than the original
estimate. However, the truth is that DHS has no idea how much it will
cost in the end. TSA's modernized system will go live over 2 years
later than planned and Coast Guard's system will not be modernized at
all under the current agreement with IBC. This outcome is simply
astounding, reprehensible, and unacceptable. It is proof that the Obama
administration's Federal shared service provider concept was doomed to
fail for such a large agency. GAO attributes the failure to numerous
causes: Lack of proper planning, aggressive schedule, complex and
changing requirements, increased costs, and management and
communication failures. DHS is now rushing to implement a new strategy,
which will likely put taxpayer dollars at more risk to waste. We are at
a critical moment; DHS must fully engage with the private sector to
help salvage this disaster. Leveraging industry's talents is what
should have been done in the first place and is the only possible way
DHS might right this ship.
As a former small business owner, it baffles me how the Federal
Government can spend over 10 years and hundreds of millions of dollars
and have so little to show for it. Businesses, large and small, have to
modernize systems and processes every day; it may be hard but it
doesn't take them decades and hundreds of millions of dollars to do it.
Mr. Fulghum, you were on the ground floor of this effort. You were
involved in the negotiations with IBC and its implementation as the
chief financial officer. I want a full explanation as to how we got
here and what's being done to fix this mess. Quite frankly, the
magnitude of this failure demands accountability by those in charge and
it calls into question the Management Directorate's ability to lead
critical management issues facing DHS in the future.
Mr. Perry. The Chair now recognizes the Ranking Minority
Member of the subcommittee, the gentleman from California, Mr.
Correa, for his statement.
Mr. Correa. Thank you, Chairman Perry.
I want to thank our witnesses here today, a very important
hearing, very important issues.
An area critical to our Nation's security as well as
safeguarding taxpayer dollars, there is a need for Department
of Homeland Security to have a modern and effective information
technology system.
In 2013 under the Obama administration, the Office of
Management and Budget instructed each Federal agency to
implement a Federal shared service provider for financial
systems management. The goal was simple: To support decision
making and improve the Department's ability to provide timely
and accurate financial reporting. Essentially, how much money
we are spending, when are we spending it, and how we are
spending it.
Following OMB's guidelines, DHS immediately entered into an
agreement with the Department of Interior's shared service
provider, Interior Business Center, becoming the first Cabinet-
level agency to move to a Federal provider for financial
management.
During a year-long discovery phase, many called into
question IBC's ability to transfer large agencies the size of
TSA and Coast Guard, yet the Department and IBC moved ahead
with an agreement anyway. Unfortunately, the plan to transfer
the Domestic Nuclear Detection Office, DNDO, TSA, and Coast
Guard to an IBC solution failed.
It is even more troubling that DHS spent millions of
dollars, as our Chair has said, on this modernization effort
with nothing really to show for it. Financial systems,
financial management is key to the success of DHS and its
mission.
According to DHS financial statement auditors, despite
receiving clean audits, DHS faces long-term challenges in
sustaining a clean audit opinion and providing reliable,
timely, and useful financial data to support operational
decision making. These deficiencies have contributed to the
GAO's decision to designate DHS management functions, including
financial management, as high-risk.
I hope today's witnesses can highlight the errors that
occurred with the financial systems modernization effort and
how DHS can move ahead toward achieving shared service
solutions for financial systems.
Let me say that having come from the State of California,
what we believe is probably the fourth-largest economy in the
world, IT was always a challenge in the State of California. It
was always expensive, never done right, never on time, constant
monitoring was needed. Big contracts, small contracts, private
contracts, in-house contracts, always a challenge.
At the end of the day, I think part of the solution is
going to be constant monitoring, constant reports to this
committee and others to make sure that whatever is being done
in terms of implementing IT is being done right.
With that, I yield the balance of my time, Mr. Chairman.
[The statement of Ranking Member Correa follows:]
Statement of Ranking Member J. Luis Correa
September 26, 2017
This subcommittee has held hearings on a range of matters, some of
which do not have bipartisan agreement. One area we do have common
ground on, however, is the need for the Department of Homeland Security
to have modern, effective information technology systems.
In 2013, under the Obama administration, the Office of Management
and Budget instructed each Federal agency to move towards a Federal
shared service provider for financial systems management. This
initiative was designed to strengthen access to, and quality of,
financial information to support decision making and improve the
Department's ability to provide timely and accurate financial
reporting.
Simply put, DHS should, at any given moment, know how money is
being spent across the Department.
In furtherance of OMB's guidelines, DHS quickly entered into an
agreement with the Department of Interior's shared service provider,
Interior Business Center (IBC), becoming the first Cabinet-level agency
to move to a Federal provider for financial management. During a year-
long discovery phase, many called into question IBC's ability to
migrate large agencies the size of TSA and Coast Guard, yet the
Department and IBC moved forward with an agreement.
Unfortunately, the plan to migrate DNDO, TSA, and Coast Guard to an
IBC solution failed due to a number of problems, including insufficient
product delivery, incompatible expectations, and unexpected delays. I
am troubled to hear that despite such a lengthy discovery period,
neither IBC nor DHS predicted this unfortunate result.
It is even more troubling that DHS spent millions of dollars on
this modernization effort with nothing to show for it. Financial
systems management is critically important to the success of DHS in
fulfilling its mission.
According to DHS financial statement auditors, despite receiving
clean audits, DHS faces long-term challenges in sustaining a clean
audit opinion and providing reliable, timely, and useful financial data
to support operational decision making. These deficiencies contributed
to GAO's decision to designate DHS's management functions, including
financial management, as high-risk.
I hope today's witnesses can shine light onto the errors that
occurred with the financial systems modernization effort and the manner
in which DHS can move towards achieving a shared service solution for
its financial systems.
Too often, DHS has failed to establish effective management and
oversight of its IT improvement efforts. It is time for DHS to fix the
out-of-date, inefficient IT systems currently in use and address these
issues once and for all.
Mr. Perry. The Chair thanks the gentleman from California.
Other Members of the subcommittee are reminded that opening
statements may be submitted for the record.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
September 26, 2017
The recent hurricanes illustrate that when a crippling natural
disaster or other major incident hits our country, the Department of
Homeland Security needs a precise understanding of both its human and
financial resources in order to make timely decisions that will
ultimately affect the American people.
Its goes without saying that knowing how funds are distributed and
spent throughout the Department at any given moment is critical to
ensuring taxpayer dollars are spent effectively and efficiently.
Throughout my tenure on this committee we have initiated multiple GAO
audits and held oversight hearings on financial systems modernization,
and it is clear that it is more than an uphill battle for DHS.
For over a decade, DHS has attempted to modernize its financial
systems, and has been unsuccessful to date. Since DHS's inception there
have been three failed attempts to modernize the agency's financial
systems--leaving billions of taxpayer dollars wasted. Before DHS
embarks on another attempt to modernize its financial systems it should
at least have an adequate and thorough roadmap of how this
modernization is to be achieved.
Unfortunately, President Trump has made it clear that financial
systems modernization is not a priority at DHS, leaving the fate of
financial management systems modernization uncertain. Under the
President's budget, DHS would lose $41 million toward its Financial
Systems Modernization program.
The President's misguided priorities for DHS include diverting
critical resources away from information technology improvements
towards fulfilling campaign fantasies, such as a multi-billion dollar
wall along the Southern Border.
I look forward to hearing from the witnesses today about the
lessons learned from previous modernization efforts and how DHS can
move forward in a positive direction for the good of the Department and
out of respect for the American taxpayers' hard-earned dollars.
Mr. Perry. We are pleased to have a distinguished panel of
witnesses before us today. The witnesses' entire written
statements will appear in the record.
The Chair will introduce the witnesses first and then
recognize each of you for your testimony.
The honorable Chip Fulghum is the deputy under secretary
for management at DHS. Mr. Fulghum joined DHS in October 2012
as its budget director and has served in numerous senior
positions including acting deputy secretary, acting under
secretary for management, and chief financial officer. Prior to
joining the Department, Mr. Fulghum served for 28 years in the
United States Air Force retiring with a rank of colonel.
We thank him for his service.
Ms. Michele Singer has been the director of the Interior
Business Center in the Department of Interior since June 2015.
In this capacity, she leads delivery of shared services to
support interior offices and bureaus as well as over 150 other
Federal agencies. Ms. Singer previously worked on issues
related to Indian Affairs and joined the Department of Interior
in 2000.
Welcome.
Ms. Elizabeth Angerman--is that correct, did I--thank you,
ma'am--has been executive director of Unified Shared Services
Management at the General Services Administration, or the GSA,
since October 2015. In this position, she provided agencies
input and advice on best practices related to designing and
executing shared administrative functions. Prior to GSA, Ms.
Angerman was executive director of the Office of Financial
Innovation and Transformation, or FIT, in the Treasury
Department.
Welcome.
Finally, Mr. Asif Khan is a director for financial
management and assurance issues at the U.S. Government and
Accountability Office. Mr. Khan leads GAO's evaluations related
to financial management issues at the Department of Homeland
Security and Department of Defense. Mr. Khan joined the GAO in
January 2009 after almost 20 years in public accounting with
major firms auditing and advising U.S. Government agencies.
We welcome him.
The Chair now recognizes Mr. Fulghum for his opening
statement.
Sir.
STATEMENT OF CHIP FULGHUM, DEPUTY UNDER SECRETARY FOR
MANAGEMENT, U.S. DEPARTMENT OF HOMELAND SECURITY
Mr. Fulghum. Chairman Perry, Ranking Member Correa, thank
you for the opportunity to appear today to discuss our efforts
regarding financial systems modernization.
Today I will focus my comments on the need for
modernization, the experience with the shared service model,
what we have delivered to date, our lessons learned, and our
path forward.
Since the Department's inception, we have had a clear need
for modernized financial solutions, given that some of today's
systems lack functionality, aren't integrated, contribute to
data inconsistency, rely on old, outdated technology, and
create additional security risks, all of which leads to manual
processes, workarounds, and creates internal control business
process risks.
Despite that fact, I am very proud of the fact that since
2013 the Department of Homeland Security has earned four
straight clean audits, which clearly demonstrates our ability
to be good stewards of the taxpayers' money. We still, however,
need modernized solutions.
Beginning in 2013, we followed OMB direction via memorandum
MD13-08 to pursue a Federal shared service model. We were the
first large Cabinet-level agency to do so. Despite a limited
availability of shared service providers, we partnered with IBC
based on the fact that they were certified by Treasury, FIT,
and the fact that their leadership provided assurance that they
would have the capability and the resources necessary to
service a large Federal Cabinet agency.
Over the next 3\1/2\ years, we have experienced numerous
challenges to include schedule delays and cost increases, which
are unacceptable, primarily driven by a lack of understanding
of our business requirements and the inability of IBC to
adequately staff up.
This caused me to pause the program twice, the first time
in 2015 and again in 2016 when I made the decision along with
IBC to end the relationship with IBC. In spite of these
challenges, we have an integrated financial solution that works
and is the foundation of the effort moving forward for what is
known as the TRIO.
Each day, that system, that has been in place for over 2
years, makes payments, records accurate obligations, provides
timely financial reporting, provides monthly financial
statements, writes contracts, records those obligations in an
integrated fashion into our financial system, provides real-
time funds check and has improved our internal control
capability.
This system meets 75 percent of the requirements. When TSA
functionality is available in October, we will be over 80
percent, which was the plan from the start.
Given past challenges and the lessons learned, we have
determined that IBC's business model does not meet the needs of
a large Federal agency. Moving forward, we will leverage the
investment made in the system and solution that works and build
on the lessons learned to finish out the United States Coast
Guard.
To do this, we will have more frequent check-ins and more
thorough testing of the system, more incremental releases, and
we will have built-in transparency of cost and schedule with a
contractor and a contracting mechanism that is simplified and
performance-based.
We have restructured our program office to have clear
accountability. We will continue to have oversight from both
the Department, USSM, and OMB. We will be able to fully
leverage the Department's resources to include management of
various lines of businesses, which, as GAO has noted in its
most recent high-risk report, continues to mature its processes
and reduce the number of high-risk items.
In closing, I believe we have a solid path forward, but
there is still risk. There is funding risk, there is continued
risk of litigation, there is technical risk, and there is
staffing risk. We will manage those risks by using the
recommendations from GAO in their recent audit to manage more
effectively those risks.
We owe you further results and the buck stops with me. I
remain committed and accountable to deliver results and build
on the system that is working today.
[The prepared statement of Mr. Fulghum follows:]
Prepared Statement of Chip Fulghum
September 26, 2017
Chairman Perry, Ranking Member Correa, and distinguished Members of
the subcommittee, thank you for the opportunity to appear today to
discuss financial systems modernization (FSM) at the Department of
Homeland Security (DHS). My comments will focus on our progress to
date, challenges we have experienced, and why we are on the right path
for this initiative.
We acknowledge that improving DHS financial management systems has
been a long-term effort, but during our recent modernization efforts,
we have achieved successes, and continue to achieve planned milestones.
Twenty-three months ago, we successfully moved the Domestic Nuclear
Detection Office (DNDO) to a new shared services baseline solution that
provides increased functionality, reduces audit risk, and provides
real-time integration. We are preparing to move the Transportation
Security Administration (TSA) functionality into production. The
current solution meets 75 percent of DNDO, TSA, and the U.S. Coast
Guard's (USCG) requirement needs. Once TSA is in production, 85 percent
of DHS functional requirements for DNDO, TSA, and the USCG financial,
acquisition, and asset management will be met.
Additionally, U.S. Customs and Border Protection (CBP) is on a
modernized platform, the Federal Law Enforcement Training Centers
(FLETC) have performed a successful upgrade to its current financial
system, and the U.S. Secret Service is finalizing its implementation of
a solution upgrade to occur in October 2017. We will continue to build
on these successes as we move forward.
DHS has had a critical need to modernize its financial management
systems from its inception. When DHS was first established, there were
13 separate core financial systems across its components, operating
under legacy policies and disparate business processes. These systems
were comprised of outdated technology, were mostly non-integrated--with
many still relying on manual processes which led to inconsistent data
and reporting--and did not fully support DHS goals of strong,
integrated internal controls and enhanced efficiency and security.
Previous attempts to integrate DHS components' financial, asset,
and acquisition management systems include the 2004 eMerge\2\ Program,
which was halted due to its inability to build the necessary and
critical integration among various commercial software products, and
the Transformation and Systems Consolidation (TASC) program.
The Department's efforts to modernize its financial management
systems have been subject to repeated legal challenges before the
Government Accountability Office (GAO), the U.S. Court of Federal
Claims, and the Court of Appeals for the Federal Circuit. Most
recently, the Inter-Agency Agreement process with the Department of the
Interior (DOI) was challenged. The Department prevailed in that
litigation (and the appeal) in October 2016.
Despite having a complex mission and systems that are not
interoperable, DHS has been able to achieve and sustain an unmodified--
clean--audit opinion on our financial statements for the past 4 years.
Working together, the financial management community launched a
multi-year effort to drive the Department toward a clean audit opinion
and a full accounting for how it spends taxpayer dollars. Through
dedication of senior leadership, development and implementation of
standard policies and processes for financial reporting such as the DHS
Accounting Classification Structure (ACS) and Common Appropriation
Structure (CAS), hiring of talented professionals, commitment of our
workforce, improvement of our business intelligence tools, and
consistent and continuous training, DHS has achieved audit success and
reduced the number of material weaknesses in our internal controls over
financial reporting from 18 to 3.
After the TASC program was halted, DHS again moved to meet its
financial management system needs by following direction provided by
the Under Secretary for Management (USM) in a September 2011
memorandum, Moving Forward with Financial Systems Projects. The
approach was to modernize components with the greatest business need
for modernized financial management systems and leverage business
intelligence to aggregate data in lieu of acquiring a Department-wide
solution.
In establishing the FSM program, we followed the OMB memorandum M-
13-08, Improving Financial Management Systems Through Shared Services,
which prescribed a shared service approach for new core accounting
systems proposals or mixed systems upgrades. Following the direction of
the previous USM and the OMB directive's guidance, DHS identified the
USCG, with TSA and DNDO as their customers, as the components with the
most critical need to update their current system.
OMB provided a limited number of Federal Shared Service Providers
(FSSP) certified to service large Cabinet-level agencies such as DHS.
The DOI's Interior Business Center (IBC) is one of four OMB-designated
FSSPs certified through Treasury's Office of Financial Innovation and
Transformation (FIT). In 2013, DHS established an Inter-Agency
Agreement for a Discovery phase to evaluate the IBC solution and its
fit for DNDO, TSA, and the USCG.
Through the Discovery process, IBC validated they could transition
the three components to their solution, and DHS confirmed that the IBC
solution would meet the components' functional and operational support
needs. DHS and IBC worked closely with OMB and Treasury to obtain
approval to proceed with implementation. As a pilot, DNDO, a small DHS
component, migrated to the accounting solution in November 2015 and
then migrated to the procurement part of the solution in March 2016.
Overall, this integrated solution provides improved functionality
and integration, has a lower risk of information security issues, will
provide a consolidated view of project costs across components, and
increases transparency and reliability of information. The solution
also supports the implementation of the DHS ACS.
Throughout our 4-year partnership, there have been several
challenges including an incomplete understanding of the requirements
and complexities related to providing a standard solution for a
Cabinet-level agency the size of DHS. The recent GAO audit also
highlighted five categories that name many of the areas where we faced
these challenges: Complex requirements, project resources, project
schedule, project cost, and project management and communications.
Late in 2016, IBC informed DHS they would not be able to continue
the USCG implementation and could not support further engagement
activities with other DHS components as planned. DHS and IBC agreed
that preserving the investment DHS has made is now paramount and will
move us forward while delivering the best value for the Government.
However, the current structure of the project between IBC and DHS is
not sustainable. DHS and IBC determined the best path is to move the
software solution to a new hosting location, or data center, and for
DHS to assume operation of the system while we continue the TSA and
USCG migrations.
Both IBC and DHS have worked closely together to build out the
remaining requirements for TSA. TSA will transition to the system once
data migration, user training, and organizational change management
activities are complete, the system stability has been proven, and any
risks to auditability are mitigated. Moving forward, our FSM approach
will shift from leveraging FSSPs to reemphasizing the DHS business
process standardization and further reducing our system footprint where
possible.
We have found our personnel have the deepest understanding of DHS
mission needs and how they are best supported through systems and
processes. Our management team remains fully engaged and integrated;
the Office of the Chief Information Officer and the Office of the Chief
Procurement Officer are particularly involved in the day-to-day work of
implementing our integrated financial management solution. We have
reached out to components and brought in additional subject-matter
expertise across relevant business process areas, strengthened our
testing and evaluation program, involved systems engineers from the DHS
Science & Technology Directorate, and are working closely with the
Office of Program Accountability and Risk Management to meet best
practices and minimize risks.
The decision to leverage the solution currently in use by DNDO
provides the best available option to meet DHS financial management
needs for TSA and USCG within a reasonable time frame. DHS will
preserve its robust governance structure, with Acquisition Review Board
oversight, and a fully engaged FSM Executive Steering Committee.
Additionally, the DHS management chiefs and components will continue
working closely together to ensure success as the FSM initiative moves
forward.
To apply the lessons learned from the IBC engagement and better
support the initiative going forward, DHS has changed its
implementation approach from individual component projects to a single
initiative and added a Joint Program Management Office (JPMO). The JPMO
provides centralized program governance and streamlined decision
making; This stands in contrast to our effort with IBC, where
governance and decision making was split across two entities.
The JPMO is responsible for successful execution, schedule
maintenance, risk management, and all other program management
activities. The JPMO is staffed with DHS Headquarters and component
subject-matter experts working together to better identify and mitigate
risk, implement risk mitigation plans, increase component integration,
and support business process standardization across the Department.
DHS will leverage internal program management processes and
expertise to lead the program and introduce implementation support
tools to perform requirements management, evaluate system performance,
and coordinate and document testing. We will require earned value
management from our vendors and establish quality controls for services
and deliverables. We will increase transparency into costing and
status, using a time and materials methodology initially and
transitioning to a firm fixed price once we have a very clear picture
of our detailed requirements for the hosting and system integrators.
The GAO-17-799 Report examines the extent to which DHS followed
best practices in analyzing alternatives and selecting its FSM
approach; whether DHS used best practices when managing the risks of
using IBC; and the key factors and challenges that have impacted the
FSM program and DHS's plans for completing key priorities. DHS concurs
with both GAO recommendations to improve guidance related to conducting
Analysis of Alternatives and to improve our risk management approach.
Actions are already in progress to address these recommendations, and
they will be incorporated into the current FSM efforts.
In summary, DHS has made a significant investment in the IBC
financial management solution, which has delivered a standardized
baseline solution with increased functionality and integration for DNDO
and will deliver improved financial operations for TSA and USCG when
they migrate. We will continue to move forward, exercising sound
business judgment, obtaining the best value for the Department, and
striving for a wise use of public resources while maintaining our clean
audit opinion, mitigating risks, and incorporating lessons learned. We
cannot keep patching our legacy systems at components and never realize
the benefits that come from moving to a modern integrated business
solution that meets our requirements. We will continue to keep you
updated on the progress of our plan for the transition from IBC.
Chairman Perry, Ranking Member Correa, and distinguished Members of
the subcommittee, thank you again for the opportunity to testify today
and I look forward to your questions.
Mr. Perry. Thank you, Mr. Fulghum.
The Chair now recognizes Ms. Singer for an opening
statement.
Ma'am.
STATEMENT OF MICHELE F. SINGER, DIRECTOR, INTERIOR BUSINESS
CENTER, U.S. DEPARTMENT OF THE INTERIOR
Ms. Singer. Thank you. Chairman Perry, Ranking Member
Correa, and Members of the subcommittee, thank you for this
opportunity to discuss the Department of Homeland Security
financial system modernization program.
I am Michele Singer, the director of the Interior Business
Center at the U.S. Department of the Interior, and I began
overseeing this program for IBC in April 2016.
The Interior Business Center is a certified Federal shared
service provider in financial management and human resources
and payroll. We are also an authorized provider for acquisition
services. Currently, we serve more than 170 Federal agencies
and organizations. Like other shared service providers, IBC
supports customer agencies' missions by providing critical
business and administrative support.
The Interior Business Center operates a customer-funded,
full cost-recovery business model and does not receive any
appropriated funds. These unique circumstances can present
significant challenges for scaleability, particularly in
migrating Cabinet-level agency components to a common shared
service solution.
In partnership with IBC since 2014, DHS has undertaken an
effort to modernize, consolidate, and integrate the agency's
vast financial resources and assets. The scheduling costs
provided for in this project were based on requirements
designed to be implemented and shared across the DHS TRIO
component. Over evolution of this program, the identification
of additional requirements resulted in a deviation from a
shared model to a more customized and expensive solution.
Increasing resources to accommodate these needs has and will
continue to increase the overall cost of the program.
The engagement between IBC and DHS has resulted in the
creation of valuable assets. These assets can and will be
transitioned, ensuring that the investments made to date are
preserved. This program has experienced a number of complex and
multifaceted challenges, yet it has also provided for an
opportunity for lessons learned regarding the feasibility and
execution of the shared services implementation of a large
federated agency.
I would like to highlight just a few of those lessons
learned for you today. To achieve strong adoption of standard
business processes, customer agencies must evaluate their
complex business processes with a willingness to differentiate
and potentially eliminate those disparate processes that are
not legally mandated.
With shared services model, existing business processes
must converge into unified processes that can be shared amongst
all components and amongst different agencies. This requires a
strong centralized management team designated in power to drive
standardization. Someone must have the authority to say no to
individualized requests supporting a single component. Customer
agencies must have a clearly-defined communications strategy
that ensures all stakeholders are engaged at appropriate times
and the customer agencies should not defer to a service
provider to communicate across its organization.
Service providers must help a customer agency execute a
comprehensive training plan that needs to ensure employees
understand how to do their jobs within new processes, not just
how to operate the system.
Moving to a shared service provider for mission support
services is challenging; however, with effective change
management plan and business process reengineering, Federal
agencies can modernize their financial management systems and
realize the benefits of a shared service solution.
Thank you for this opportunity, and I do look forward to
your questions.
[The prepared statement of Ms. Singer follows:]
Prepared Statement of Michele F. Singer
September 26, 2017
Chairman Perry, Ranking Member Correa, and Members of the
subcommittee, thank you for this opportunity to discuss the Department
of Homeland Security (DHS) Financial Systems Modernization (FSM)
Program. I am Michele Singer, the director of the Interior Business
Center (IBC) at the U.S. Department of the Interior (Interior). I began
overseeing the DHS FSM Program for IBC in April 2016.
The Interior Business Center is a certified Federal shared services
provider in financial management and human resources/payroll, and an
authorized provider for acquisition services. Currently, we serve more
than 170 Federal agencies and organizations, and like other shared
service providers, IBC supports customer agencies' missions by
providing critical business and administrative support services.
In partnership with IBC since 2014, DHS has undertaken an effort to
modernize, consolidate, and integrate the agency's vast financial
resources and assets. The DHS FSM Program included prioritization of
the DHS components with the most critical business need to modernize
their financial management systems. Integration of the modernized
financial systems with asset management and acquisition systems would
result in component-level integrated financial management systems. With
this effort, DHS became the first Cabinet-level agency to engage a
Federal shared services provider to modernize its core financial
system.
Following the roadmap defined by the Office of Management and
Budget and the Department of the Treasury Office of Financial
Innovation and Transformation that encouraged agencies to use certified
Federal providers for their future modernization efforts, IBC and DHS
entered into an interagency agreement (IAA) for the financial system
implementation of the DHS ``Trio'' components: USCG, TSA, and DNDO.
Before signing the agreement in August 2014, IBC completed a discovery
effort with DHS to determine if IBC's Federalized Oracle Federal
Financials solution \1\ would meet the financial management systems
needs of the DHS Trio components.
---------------------------------------------------------------------------
\1\ Using off-the-shelf functionality as a baseline, IBC implements
and maintains a preconfigured version of Oracle Federal Financials that
incorporates processes common to Federal agencies. The application is
hosted in a shared environment. In addition to the integrated modules
that make up the core financials solution, the preconfigured version
supported by IBC also includes a set of standard reports, which
provides general data elements that are used by most Federal agencies.
---------------------------------------------------------------------------
The IBC operates a customer-funded, full-cost recovery business
model in the working capital fund and Interior Franchise Fund and does
not receive appropriated funds.\2\ These unique circumstances can
present significant challenges for scalability, particularly in
migrating Cabinet-level agency components to a common, shared service
solution. The schedule and costs presented in the IAA were based on
specific requirements designed to be implemented and shared across the
DHS Trio components. Over the evolution of this program, the
identification of additional, unique DHS and component requirements
resulted in a deviation from a shared model to a more customized and
expensive solution. Increasing resources to accommodate the more custom
solution has--and will continue to--increase the overall cost of the
DHS FSM Program.
---------------------------------------------------------------------------
\2\ Interior's Working Capital Fund was established pursuant to 43
U.S. Code Sec. 1467. The Interior Franchise Fund was established
pursuant to the Omnibus Consolidated Appropriations Act of 1997, Pub.
L. 104-208.
---------------------------------------------------------------------------
In January 2017, IBC and DHS began planning for a transition of the
DHS FSM Program components to a new environment. Transitioning the
program to a DHS-only environment has been chosen as the path forward
due to the unique and complex requirements that are incongruous with
the shared service model.
The engagement between the IBC and DHS has resulted in the creation
of valuable assets that can and will be transitioned, ensuring that the
investments made to date are preserved. This program has experienced a
number of complex and multifaceted challenges, yet it has also provided
an opportunity for lessons learned regarding the feasibility and
execution of a shared services implementation for a large, federated
agency. I would like to highlight some of these lessons learned for the
subcommittee today.
business process documentation and redesign
To successfully implement a shared service solution, customer
agencies play an important role in their organizations' change
management. To achieve strong adoption of standard business processes,
customer agencies must evaluate their complex business processes with a
willingness to differentiate (and potentially eliminate) disparate
processes that are not legally mandated. Additionally, a documented
approach for transition, arbitration, and change management must be
communicated and understood by all agency components, obtaining buy-in
and understanding of how the new system will operate.
governance
With a shared service model, existing business processes must
converge into unified standard processes that can be shared between all
components within an agency. This requires a strong, centralized
management team designated and empowered to drive standardization
across the entire organization. Someone must have the authority to say
``no'' to individualized requests supporting a single component.
stakeholder communication and engagement
Customer agencies must have a clearly-defined communication
strategy that ensures that all stakeholders are engaged at the
appropriate times. The customer agency should not defer to or rely on
the service provider to communicate across its organization.
training
Service providers should help customer agencies execute a
comprehensive training plan that ensures employees understand how to do
their jobs within the new processes, not just how to use the system.
This training should include a crosswalk, comparing how business
processes are done today with how they will be done in the new system.
Moving to a shared provider for mission support services is
challenging. However, with an effective change management plan and
business process reengineering, Federal agencies can modernize their
financial management systems and realize the benefits of a shared
service solution.
Thank you and I look forward to your questions.
Mr. Perry. The Chair thanks you, Ms. Singer.
The Chair now recognizes Ms. Angerman for an opening
statement.
STATEMENT OF ELIZABETH ANGERMAN, EXECUTIVE DIRECTOR, UNITED
SHARED SERVICES MANAGEMENT, OFFICE OF GOVERNMENT-WIDE POLICY,
U.S. GENERAL SERVICES ADMINISTRATION
Ms. Angerman. Thank you. Chairman Perry, Ranking Member
Correa, and Members of the committee, it is a pleasure to
appear before you today.
My name is Beth Angerman and I am the executive director of
the Unified Shared Services Management Office in the General
Services Administration. I have served the Federal Government
as a career employee for 12 years and spent the majority of my
career focused on Government-wide programs helping to
consolidate and centralize common administrative activities.
My comments today will focus on the potential benefits that
shared services could bring to the Federal Government and the
lessons learned that are shaping the path forward.
The need for modernization of aging and high-risk IT
systems is an on-going concern for senior leadership across the
Federal landscape. The challenge of funding, managing, and
securing legacy systems distracts resources from the critical
missions that Federal agencies are accountable to deliver.
Furthermore, the work force is performing very similar and
duplicative work across Government and is doing so oftentimes
following manual and legacy processes.
Agencies have been asked to assess how they can reduce this
duplication and put more resources on mission work. Shared
services is an industry best practice that can help.
The USSM office was created within GSA in 2015 to design
the standards for more integrated solutions across
administrative functions, provide transparency into the
performance of shared service providers, and to provide advice
and best practices to agencies who are planning these kinds of
transformative efforts.
The Federal Government has been sharing services for more
than 40 years, but with varying degrees of success. In 2004,
the Government consolidated 26 different payroll systems to
four and saved the Government over $1 billion over 10 years.
More than 70 percent of the Government is using a shared
solution for personnel action processing systems and over 85
percent of all payments are processed from a centralized system
at the Department of Treasury.
Despite this progress, the Government still lags behind
private industry in adopting shared services as a best
practice. The Federal Government has over 100 time-and-
attendance systems and over 40 financial management systems.
These are just two of several examples of the duplications that
exist today.
The Government can do better, but we must acknowledge the
lessons learned as critical input to the strategy moving
forward. Those lessons and best practices are published in a
playbook by USSM to assist agencies in the pivot to a shared
environment.
USSM engaged with several agencies, including the
Departments of the Interior and Homeland Security, and industry
experts to inform the creation of the USSM playbook. The
partnerships delivered a functional financial management
solution that DHS is confident will meet the majority of their
complex needs and they intend to protect the investment as they
transition forward.
Over the course of the last 2 years, USSM has informed the
program on best practices to improve change management,
integrated project management and risk management, and many
improvements were made. However, the gap between the complex
needs of a large Cabinet-level agency like DHS and the intended
service delivery mode at IBC has led these agencies to end
their partnership. This experience has uncovered a critical
opportunity for the Government to document what capabilities it
requires in the future of administrative systems.
USSM has designed a methodology and governance structure
for capturing and maintaining those requirements inclusive of
standard data definitions. The Federal community will need to
reconcile the differences that exist among them today and agree
on standard business rules for common functions. While
uniquenesses do exist because of vastly different missions and
legislation, it is a common belief that there is more alike
about us than different.
This work, coordinated by my office, will allow the
Government to leverage its buying power and manage risk by
sharing the burden of maintaining and securing technology with
industry.
The Government has too many legacy systems today. If we let
agencies replace those systems without consolidating, we will
be building the legacy systems of tomorrow without access to
capital to maintain them. This is challenging work and it
requires leadership to see the long-term potential, but if we
are successful we will have more time, energy, and resources to
dedicate to missions and better meet the needs of American
taxpayers.
I am grateful for the opportunity to speak with you today,
and I would welcome any questions from the committee.
[The prepared statement of Ms. Angerman follows:]
Prepared Statement of Elizabeth Angerman
September 26, 2017
Chairman Perry, Ranking Member Correa, and Members of the
subcommittee, it is a pleasure to appear before you today. My name is
Elizabeth Angerman and I am the executive director of the Office of
Unified Shared Services Management at the U.S. General Services
Administration (GSA). My comments today will focus on the potential
benefits that shared services could bring to the Federal Government and
the lessons learned that are shaping the role that GSA will play to
help agencies recognize those benefits.
The need for modernization of aging and high-risk IT systems is an
on-going concern for senior leadership across the Federal landscape.
The challenge of funding, managing, and securing legacy systems
distracts resources from the critical missions that Federal agencies
are accountable to deliver. Furthermore, common processes to hire and
retain Federal employees, process accounting transactions, and procure
goods and services are also decentralized, redundant, and often manual.
As agencies investigate ways to allocate more resources to their
missions, GSA is well-positioned to advise agencies on best practices
related to shared services and, more importantly, leverage the buying
power of the Federal Government to provide contracts and services that
deliver both modern technology and services that will drive
standardization and efficiency across Government.
The Unified Shared Services Management (USSM) office was created
within GSA in 2015 to design the standards for more integrated
solutions of administrative functions across lines of business, provide
transparency into the performance of Federal Shared Service Providers
to inform agency decision making, and to provide advice and guidance to
agencies that are planning for new administrative solutions based on
lessons learned and best practices. USSM's mission is to transform the
way Government does business internally to improve the way the
Government serves the American public. Given declining resources and a
need to focus more on mission, the time has never been more right to
understand how increased sharing can help agencies address these
challenges.
The Federal Government has been sharing services for more than 40
years with varying degrees of success. In 2004, the Government
consolidated 26 different payroll systems to four, which saved the
Government over $1 billion over 10 years.\1\ Today, more than 70
percent of Federal Government agencies use a shared solution for
personnel action processing systems, and over 85 percent of payments
are processed from a centralized system at the U.S. Department of
Treasury. Last year, the U.S. Government Accountability Office (GAO)
stated that ``moving to shared services can save the Federal Government
billions of dollars as well as reduce duplicative efforts, decrease
systems upgrades, and free up resources for mission-critical
activities'' (GAO Report 16-477).
---------------------------------------------------------------------------
\1\ https://www.opm.gov/services-for-agencies/hr-line-of-business/
cost-benefit-analysis/fy-2011-cost-benefit-analysis-report.pdf.
---------------------------------------------------------------------------
Despite this progress, the Government still lags behind private
industry in adopting shared services for daily business operations. In
comparison, over 90 percent of Fortune 500 companies have implemented
shared services.\2\ IBM, for example, in its Center for the Business of
Government report, stated it reduced spending by $4 billion over 4
years through its own reorganization to a shared services model.
Procter and Gamble saved $900 million in cost savings over an 8-year
transformation. The Technology CEO Council, comprised of chief
executive officers from some of America's largest IT companies,
estimates shared services could lead to $47 billion in cost reductions
for the Government over 10 years.\3\
---------------------------------------------------------------------------
\2\ https://www.pwc.com/us/en/outsourcing-shared-services-centers/
assets/hfs-report-pwc-developing-framework-global-services.pdf.
\3\ ``The Government We Need'', Technology CEO Council, January
2016.
---------------------------------------------------------------------------
The potential of shared services to save taxpayers money and make
Government more efficient is clear, but there is still much work to be
done to fully realize these benefits. According to the Office of
Personnel Management's 2015 Human Resources Line of Business Strategic
Framework, the Federal Government has over 100 time and attendance
systems. The fiscal year 2016 Cross-Agency Priority Goal Report reports
that the Federal Government has over 40 financial management systems,
with many ancillary add-ons. While successful adoption of shared
services has seen various levels of success across Government, these
numbers alone clearly show this is an effort that should not be
abandoned. Instead, the Government must acknowledge the lessons learned
from both successes and failures as critical input to the shared
service strategy moving forward. It is USSM's mission to ensure this
happens.
Over the last 2 years, USSM has consulted with many agencies that
have partnered with Federal Shared Service Providers to provide advice
and guidance on best practices and lessons learned to improve the
likelihood of successful migrations and modernizations. These lessons
and best practices impact both the behavior of customers (demand) and
the expectations of providers (supply), and are published in a playbook
to assist agencies in the pivot to a shared operational environment.
The playbook provides guidance, templates, and a coordinated review
process that can inform management and oversight of these investments
and migrations.
As part of its outreach, USSM engaged with the U.S. Department of
Homeland Security (DHS) and the U.S. Department of the Interior to
inform the creation of the USSM playbook. The partnership delivered a
functional financial management solution that DHS claims meets the
majority of their complex needs and they intend to protect the
investment as they transition to the path forward. Over the course of
the last 2 years, USSM has informed the program on best practices to
improve change management, integrated program management, and risk
management, and many improvements have been made. However, the gap
between the complex needs of a large Cabinet-level agency like DHS and
the current service delivery model at the Interior Business Center has
led to the decision to end the partnership and for DHS to reclaim
ownership of the system. We will continue to use our expertise to
consult with DHS and other agencies, as appropriate, in their journey
to modernize and improve their common administrative functions.
The challenge for the Federal Government is that we have not been
able to articulate, in a coordinated and consistent way, the agreed-
upon business needs for common administrative systems and/or services.
The shared solutions available to agencies today were not designed to
meet the all-encompassing needs of large, Cabinet-level agencies. To
address the lack of Government-wide standards, USSM has designed a
methodology and governance structure for capturing and maintaining
those standards, inclusive of required capabilities, data definitions,
and the intersection of processes across multiple lines of business.
The process to develop these standards involves many agencies working
across administrative functions to deliver a Government-wide framework
that can be the common baseline moving forward. While unique
requirements do exist because of vastly different missions and
statutory authorizations, it is a common belief that there is more
about administrative functions that is alike than different. This work,
coordinated by GSA USSM, will allow the Government to leverage its
buying power for common capabilities and share the burden of
maintaining and securing technology with industry. This is particularly
critical as many of these common functions rely on legacy systems. With
the right strategy, we cannot only retire these legacy systems, but
also avoid building a new generation of future legacy systems by
partnering with the private sector to get modern technology and keep
that technology modern in the future.
GSA's effort to advance shared services is about delivering a more
efficient Government for the American people. The challenge we face
collectively is how to manage the risk and reduce the barriers to
successful modernization and migration. If we are successful in
improving and consolidating mission support services, agencies will
have resources to dedicate more time, energy, and funding to their
missions to better satisfy the needs of the American public.
I am grateful for the opportunity to speak with you today and look
forward to working with the committee on our mutual goal of advancing a
Government that works better and costs less.
Thank you for your time today and I welcome any questions from the
subcommittee.
Mr. Perry. Thank you, Ms. Angerman.
The Chair now recognizes Mr. Khan for an opening statement.
STATEMENT OF ASIF A. KHAN, DIRECTOR, FINANCIAL MANAGEMENT AND
ASSURANCE, U.S. GOVERNMENT ACCOUNTABILITY OFFICE
Mr. Khan. Good afternoon, Chairman Perry, Ranking Member
Correa, and Members of the subcommittee.
I am here to discuss our recent work on the Department of
Homeland Security's effort to improve its financial management
and reporting and the difficult challenges they face.
I would like to thank the subcommittee for holding this
hearing.
DHS's ability to manage its operations and reasonably
ensure effective financial management has been hampered by
deficiencies in its internal controls and its financial
management systems. These deficiencies contributed to our
decisions in designating DHS's management functions, including
financial management, as a high risk in 2003.
DHS has received a clean opinion on its financial
statements for the past 4 years, which is commendable; however,
financial management system deficiencies have continued to
persist and contribute to a material weakness in DHS internal
controls over financial reporting.
Today, I will discuss the results of our recent review of
DHS efforts to modernize its financial management systems that
will assist in sustaining the clean opinion on its financial
statements and help achieve effective internal controls over
financial reporting management decision making.
We reported in 2013 on challenges related to DHS's previous
attempts to implement a Department-wide integrated financial
management system. We also reported on material weaknesses that
limit DHS's ability to process, store, and report financial
data. Since our last report, DHS has adopted a decentralized
approach evaluating options for modernizing its systems,
including the use of shared service providers.
As part of this effort, DHS initiated their TRIO project
focused on migrating three DHS components, the Domestic Nuclear
Detection Office, the Transportation Security Administration,
and the Coast Guard, to a modernized financial management
system provided by the Department of Interior's Interior
Business Center, the IBC.
The TRIO project is a key effort to address longstanding
system deficiencies. Assessing and managing the risks
associated with the projects are essential to realizing DHS's
modernization goals.
In our recent review, we found that DHS and the TRIO
components did not fully follow best practices for conducting
alternatives analysis for modernizing their financial
management systems or for managing the risks related to its use
of IBC on the TRIO project. We have made recommendations to
address these concerns.
Certain key challenges impacting the TRIO project emerged
from our interviews with DHS, IBC, OMB, and other oversight
agencies. We grouped these challenges into five broad
categories. First, project resources. IBC experienced
significant turnover in key positions over the course of this
project.
Second, project schedule. Migrating the TRIO components to
IBC within the original time frame was a significant challenge,
given the overall magnitude and complexity of the project.
Third, complex requirements. Early in the TRIO project, DHS
and IBC agreed to use a newer and unproven technology in this
environment, which introduced additional complexity to the
project's requirements.
Fourth, project costs. These increased significantly due to
schedule delays, unanticipated complexities, and other
challenges.
Last, project management and communication. The TRIO
project team primarily focused on the delivery of technology at
the expense of other project management activities, such as
organizational change management and communication management.
Eventually, in January 2017, DHS and IBC formed a joint
contingency plan working group to assess options for addressing
these challenges. A few months later, DHS decided that
migrating the TRIO components from IBC to a DHS data center was
the best option for its path forward.
Through continued reliance on compensating controls and
complex manual workarounds, DHS has been able to achieve a
clean audit opinion on its financial statements. However, DHS
will continue to face challenges to establishing effective
internal controls over financial reporting because of the lack
of effective financial systems and related processes.
Fully incorporating best practices and lessons learned from
prior commutation efforts would help DHS achieve its goal of
modernizing financial systems which are critical to
establishing sound internal controls that safeguard assets and
ensure proper accountability as well as provide reliable,
timely, and useful information to support day-to-day decision
making and oversight.
To support this subcommittee's oversight, GAO will continue
monitoring the Department's financial management improvement
efforts.
Chairman Perry, Ranking Member Correa, and Members of the
subcommittee, this concludes my statement. I will be pleased to
respond to any questions that you have at this time. Thank you.
[The prepared statement of Mr. Khan follows:]
Prepared Statement of Asif A. Khan
September 26, 2017
Chairman Perry, Ranking Member Correa, and Members of the
subcommittee: I am pleased to be here today to discuss the findings
from our report being released today on the Department of Homeland
Security's (DHS) recent financial management system modernization
efforts.\1\ Since DHS's creation in 2003, its ability to manage
operations and reasonably assure effective financial management has
been hampered by significant internal control and financial management
system deficiencies. These deficiencies contributed to our decision to
designate DHS's management functions, including financial management,
as high-risk.\2\
---------------------------------------------------------------------------
\1\ GAO, DHS Financial Management: Better Use of Best Practices
Could Help Manage System Modernization Project Risks, GAO-17-799
(Washington, DC: Sept. 26, 2017).
\2\ GAO, High-Risk Series: Progress on Many High-Risk Areas, While
Substantial Efforts Needed on Others, GAO-17-317 (Washington, DC: Feb.
15, 2017), and High-Risk Series: An Update, GAO-03-119 (Washington, DC:
January 2003). In 2013, we changed the name of this high-risk area from
``Implementing and Transforming DHS'' to ``Strengthening DHS Management
Functions'' to recognize DHS's progress in its implementation and
transformation since its creation, as well as to focus on its remaining
challenges in strengthening its management functions and integrating
those functions across the Department. The ``Strengthening DHS
Management Functions'' high-risk area includes challenges in
acquisition, information technology, human capital, and financial
management.
---------------------------------------------------------------------------
In 2013, we reported on challenges related to DHS's previous
attempts to implement a Department-wide integrated financial management
system as well as specific actions and outcomes related to modernizing
financial management systems that are critical to addressing high-risk
issues.\3\ We also reported on the existence of certain material
weaknesses that limited DHS's ability to process, store, and report
financial data in a manner that ensures accuracy, confidentiality,
integrity, and availability of data without substantial manual
intervention.\4\ DHS subsequently adopted a decentralized approach to
upgrade or replace legacy financial management systems and has been
evaluating various options for modernizing its systems, including the
use of shared service providers (SSP). As part of this effort, DHS
initiated the TRIO project, which has focused on migrating the Domestic
Nuclear Detection Office (DNDO), Transportation Security Administration
(TSA), and U.S. Coast Guard (Coast Guard), or ``the TRIO components,''
to a modernized financial management system solution provided by the
Department of the Interior's Interior Business Center (IBC). The TRIO
project represents a key effort to address long-standing financial
management system deficiencies, and DHS's efforts to effectively assess
and manage risks associated with this project are essential to
realizing its modernization goals.
---------------------------------------------------------------------------
\3\ GAO, DHS Financial Management: Additional Efforts Needed to
Resolve Deficiencies in Internal Controls and Financial Management
Systems, GAO-13-561 (Washington, DC: Sept. 30, 2013).
\4\ A material weakness is a deficiency, or a combination of
deficiencies, in internal control over financial reporting such that
there is a reasonable possibility that a material misstatement of the
entity's financial statements will not be prevented, or detected and
corrected, on a timely basis. A deficiency in internal control exists
when the design or operation of a control does not allow management or
employees, in the normal course of performing their assigned functions,
to prevent, or detect and correct, misstatements on a timely basis.
---------------------------------------------------------------------------
In 2013, the Office of Management and Budget (OMB) issued direction
to agencies to consider Federal SSPs as part of their alternatives
analysis.\5\ Subsequently, in May 2014, OMB and the Department of the
Treasury (Treasury) designated IBC as one of four Federal SSPs for
financial management to provide core accounting and other services to
Federal agencies.\6\ In addition, Treasury's Office of Financial
Innovation and Transformation's (FIT) responsibilities related to the
governance and oversight of Federal SSPs were subsequently transferred
to the Unified Shared Services Management office (USSM) after USSM was
established in October 2015 as an entity within the General Services
Administration.
---------------------------------------------------------------------------
\5\ Office of Management and Budget, Improving Financial Systems
Through Shared Services, OMB Memorandum M-13-08 (Washington, DC: Mar.
25, 2013). According to this memorandum, agencies must consider, as
part of their alternatives analysis, the use of a Federal SSP, and OMB
will consider funding the use of commercial SSPs as an appropriate
solution if the agency's business case demonstrates that a commercial
SSP can provide a better value to the Federal Government than a Federal
solution.
\6\ Office of Management and Budget and Department of the Treasury,
Reducing Costs and Improving Efficiencies Through Federal Shared
Service Providers for Financial Management (May 2, 2014), accessed
August 3, 2017, https://www.treasury.gov/connect/blog/Pages/Shared-
Service-Providers-for-Financial-Management.aspx.
---------------------------------------------------------------------------
This statement summarizes our report that examined: (1) The extent
to which DHS and the TRIO components followed best practices in
analyzing alternatives, and the key factors, metrics, and processes
used in their choice of a modernized financial management system; (2)
the extent to which DHS managed the risks of using IBC for its TRIO
project consistent with risk management best practices; and (3) the key
factors and challenges that have impacted the TRIO project and DHS's
plans for completing the remaining key priorities.
To accomplish these objectives, we interviewed key officials and
reviewed relevant documents. We compared the information we obtained
to: (1) GAO-identified best practices for conducting an analysis of
alternatives (AOA) process and related characteristics of a reliable,
high-quality AOA process \7\ and (2) best practices published by the
Software Engineering Institute (SEI) for preparing for risk management,
identifying and analyzing risks, and mitigating identified risks.\8\ We
also reviewed TRIO components' alternatives analyses documentation and
evaluated their processes and related DHS guidance against the GAO-
identified 22 best practices for conducting an AOA process. In
addition, we reviewed DHS's and the TRIO components' risk management
guidance and compared documentation and information obtained supporting
their risk management efforts to best practices published by SEI. We
also met with DHS, IBC, FIT, and USSM officials as well as OMB staff to
obtain their perspectives on key factors and challenges that have
impacted the TRIO project and DHS's plans for completing remaining
priorities. The work on which this statement is based was performed in
accordance with generally accepted Government auditing standards. More
details on our scope and methodology can be found in appendix I of our
report.
---------------------------------------------------------------------------
\7\ GAO, Amphibious Combat Vehicle: Some Acquisition Activities
Demonstrate Best Practices; Attainment of Amphibious Capability to be
Determined, GAO-16-22 (Washington, DC: Oct. 28, 2015). That report
updated the AOA best practices initially published in GAO, DOE, and
NNSA Project Management: Analysis of Alternatives Could Be Improved by
Incorporating Best Practices, GAO-15-37 (Washington, DC: Dec. 11,
2014). These AOA best practices are based on long-standing, fundamental
tenets of sound decision making and economic analysis and were
identified by compiling and reviewing commonly-mentioned AOA policies
and guidance that are known to and have been used by Government and
private-sector entities. App. II of our report provides additional
details on GAO-identified AOA best practices and their relationship to
the four characteristics of a reliable, high-quality AOA process; see
GAO-17-799.
\8\ Software Engineering Institute, Capability Maturity Model
Integration (CMMI) for Acquisition, Version 1.3, CMU/SEI-2010-TR-032
(Hanscom Air Force Base, MA: November 2010).
---------------------------------------------------------------------------
In brief, we found that DHS and the TRIO components did not fully
follow best practices for conducting an AOA process and managing the
risks of using IBC on the TRIO project, and we made two recommendations
to address these concerns. DHS agreed with both recommendations and has
taken action or has plans to implement them. In addition, we found that
insufficient resources, complex requirements, and other challenges have
impacted the TRIO project and contributed to a 2-year delay now
expected in the implementation of Coast Guard's and TSA's modernized
solution. In May 2017, DHS determined that migrating away from IBC to a
DHS data center represented the best path forward.
dhs did not always follow aoa best practices
DNDO Substantially Met and Coast Guard and TSA Partially Met Best
Practices for Conducting AOAs
During 2012 and 2013, the TRIO components each completed an
alternatives analysis to determine a preferred alternative for
modernizing their financial management systems. Based on our assessment
of these analyses, we found that DNDO substantially met the four
characteristics that encompass the GAO-identified 22 best practices for
conducting a reliable, high-quality AOA process, while the Coast Guard
and TSA both substantially met one and partially met three of these
four characteristics. For example, although TSA's alternatives analysis
substantially met the ``credible'' characteristic, it partially met the
``well-documented'' characteristic, in part, because risk mitigation
strategies, assumptions, and constraints associated with each
alternative were not discussed in its analysis. Similarly, Coast
Guard's alternatives analysis substantially met the ``comprehensive''
characteristic; however, it partially met the ``credible''
characteristic, in part, because there was no indication that it
contained sensitivity analyses on the impact of changing assumptions on
its overall costs or benefits analyses. Our assessment is summarized in
table 1.
TABLE 1: DHS TRIO COMPONENTS' ADHERENCE TO CHARACTERISTICS OF A RELIABLE, HIGH-QUALITY ANALYSIS OF ALTERNATIVES
PROCESS
----------------------------------------------------------------------------------------------------------------
Overall GAO Assessment
AOA Characteristic ------------------------------------------------------------------------------
Coast Guard TSA DNDO
----------------------------------------------------------------------------------------------------------------
Well-documented.................. Partially met............ Partially met........... Substantially met.
Comprehensive.................... Substantially met........ Partially met........... Substantially met.
Unbiased......................... Partially met............ Partially met........... Substantially met.
Credible......................... Partially met............ Substantially met....... Substantially met.
----------------------------------------------------------------------------------------------------------------
Source: GAO assessment of TRIO component information. For additional information on the methodology used to
assess TRIO components' adherence to characteristics of a reliable analysis of alternatives process, see GAO-
17-799/GAO-17-803T.
Legend: Coast Guard = U.S. Coast Guard; DHS = Department of Homeland Security; DNDO = Domestic Nuclear Detection
Office; TSA = Transportation Security Administration.
Further, we found that DHS's guidance did not fully or
substantially incorporate 5 of the GAO-identified 22 best practices.
For example, although the guidance addressed risk management in general
terms, it did not detail the need to document risk mitigation
strategies for each alternative or address the need for an independent
review--one of the most reliable means to validate an AOA process.
Based on these analyses and other factors, the TRIO components
determined that migrating to a Federal SSP represented the best
alternative, and in 2014, DHS selected IBC as the Federal SSP for the
project. However, because Coast Guard's and TSA's alternatives analyses
did not fully or substantially reflect all of the characteristics noted
above, we concluded that they are at increased risk that the
alternative selected may not achieve mission needs. In our report, we
made a recommendation for DHS to develop and implement effective
processes and improve guidance to reasonably assure that future
alternatives analyses fully follow AOA process best practices and
reflect the four characteristics of a reliable, high-quality AOA
process. In commenting on our report, DHS concurred with GAO's
recommendation and stated that it has issued guidance and instructions
that addressed the recommendation. As part of our recommendation
follow-up process, we will review DHS's guidance and other relevant
information.
dhs met three and partially met four best practices for managing the
risks of using ibc for the trio project
Risk management best practices call for the identification of
potential problems before they occur so that risk-handling activities
can be planned throughout the life of the project to mitigate adverse
impacts on achieving objectives. These best practices involve the
following goals: Preparing for risk management, identifying and
analyzing risks, and mitigating identified risks.\9\ Based on our
evaluation, we found that DHS's processes did not fully follow best
practices for managing project risks related to its use of IBC on the
TRIO project. Specifically, we determined that DHS's processes met
three of seven risk management best practices but partially met the
remaining four best practices largely because its guidance did not
sufficiently address these best practices. For example, although DHS
created joint teams with IBC and provided additional resources to IBC
to help address mitigation concerns, it did not always develop
sufficiently detailed risk mitigation plans that included contingency
plans for selected critical risks in the event that their impacts are
realized. As a result, although IBC's capacity and experience for
migrating large agencies the size of Coast Guard and TSA was identified
as a risk in July 2014, a contingency plan working group to address
this and other concerns was not established until January 2017. Table 2
summarizes the extent to which DHS followed these seven best practices
for managing TRIO project risks.
---------------------------------------------------------------------------
\9\ Software Engineering Institute, CMMI for Acquisition, Version
1.3.
TABLE 2: DEPARTMENT OF HOMELAND SECURITY'S ADHERENCE TO BEST PRACTICES FOR MANAGING TRIO PROJECT RISKS
----------------------------------------------------------------------------------------------------------------
Best Practice Practice Statement GAO Assessment
----------------------------------------------------------------------------------------------------------------
Goal 1: Prepare for risk management:
Preparation for risk management is
conducted:
Determine risk sources and Determine risk sources and categories.... Met.
categories.
Define risk parameters............. Define parameters used to analyze and Partially met.
categorize risks and to control the risk
management efforts.
Establish a risk management Establish and maintain the strategy to be Met.
strategy. used for risk management.
Goal 2: Identify and analyze risks: Risks
are identified and analyzed to determine
their relative importance:
Identify risks..................... Identify and document risks.............. Partially met.
Evaluate, categorize, and Evaluate and categorize each identified Met.
prioritize risks. risk using defined risk categories and
parameters, and determine each risk's
relative priority.
Goal 3: Mitigate risks: Risks are handled
and mitigated as appropriate to reduce
adverse impacts on achieving objectives:
Develop risk mitigation plans...... Develop a risk mitigation plan in Partially met.
accordance with the risk management
strategy.
Implement risk mitigation plans.... Monitor the status of each risk Partially met.
periodically and implement the risk
mitigation plan as appropriate.
----------------------------------------------------------------------------------------------------------------
Source: Software Engineering Institute (best practices) and GAO analysis of DHS data. For additional information
on the methodology used to assess DHS's adherence to risk management best practices, see GAO-17-799/GAO-17-
803T.
Legend: DHS = Department of Homeland Security; Met = DHS-documented processes generally satisfied all elements
of the specific practice; Partially met = DHS-documented processes generally satisfied some but not all
elements of the specific practice.
According to DHS officials, DHS relied heavily on IBC to manage
risks associated with the TRIO project and, in particular, those for
which IBC was assigned as the risk owner. They also acknowledged DHS's
responsibility for overseeing IBC's TRIO project risk management
efforts and described various actions taken to address growing concerns
regarding IBC's efforts, such as offering DHS assistance to IBC's
project management functions to help reduce exposure of underlying
risks. Despite these efforts, DHS officials stated that challenges
associated with the interagency agreement structure and terms of the
performance work statement with IBC on the TRIO project limited DHS's
visibility into IBC's overall cost, schedule, and performance controls
and ability to oversee IBC's risk management efforts.
Further, the issues associated with the best practices we assessed
as partially met were largely attributable to limitations in DHS and
TRIO project guidance and policies. We concluded that by not adopting
important elements of risk management best practices into project
guidance, DHS and the TRIO components increase the risk that potential
problems would not be identified before they occur and that activities
to mitigate adverse impacts would not be effectively planned and
initiated.
In our report, we made a recommendation for DHS to improve its Risk
Management Planning Handbook and other relevant guidance for managing
risks associated with financial management system modernization
projects to fully incorporate risk management best practices. In
commenting on our report, DHS concurred with GAO's recommendation and
identified actions it plans to take to implement it.
key factors and challenges impacting the trio project and dhs's path
forward
DHS, IBC, FIT, and USSM officials and OMB staff identified several
key factors and challenges that have impacted the TRIO project, which
we grouped into five broad categories: Project resources, project
schedule, complex requirements, project costs, and project management
and communications. Examples of the key factors and challenges that
were identified for each of these categories include:
Project resources.--Concerns about IBC's experience and its
capacity to handle a modernization project involving agencies
the size of Coast Guard and TSA were identified as significant
risks in July 2014, prior to DHS and IBC's entering the TRIO
project implementation phase in August 2014. According to DHS
officials and documentation, IBC encountered Federal employee
hiring challenges and was unable to ramp up and deploy the
resources necessary to meet required deliverables and
experienced significant turnover in key leadership and TRIO
project positions over the course of the project. IBC officials
acknowledged these challenges and that staff assigned early in
the project lacked the experience and expertise necessary for
managing large-scale projects and, as a result, many of the
risks initially identified were not effectively addressed.
Project schedule.--Migrating the TRIO components to IBC
within original time frames was a significant challenge given
the overall magnitude and complexity of the TRIO project. DHS
identified delays in stabilizing the production environment
after DNDO's migration to IBC and in meeting proposed baseline
schedules for implementing Coast Guard and TSA on the
modernized solution.
Complex requirements.--DHS, IBC, FIT, and USSM officials
acknowledged the overall complexity of the TRIO project and
that the lack of a detailed understanding of the components'
requirements earlier in the project affected IBC and DHS's
ability to satisfy the requirements as planned. USSM and FIT
officials told us that under the shared services model, the
approach for onboarding new customers usually involves
migrating to a proven configuration of a solution that is
already being used by the provider's existing customers.
However, rather than taking this approach, DHS and IBC agreed
to implement a more recent version of Oracle Federal Financial
software (version 12.2) with integrated contract life cycle and
project modules, increasing the complexity of TRIO project
requirements. A FIT official told us that the functionality of
this more recent version of software is very different than
that of the version IBC's existing customers used and that IBC
did not have the needed Government personnel with knowledge and
experience associated with it.
Project costs.--Estimated costs of the TRIO project
significantly increased because of schedule delays,
unanticipated complexities, and other challenges. According to
a January 2017 summary prepared by DHS, estimated IBC-related
TRIO project implementation costs through fiscal year 2017
increased by approximately $42.8 million (54 percent) from the
$79.2 million provided in the original August 2014 interagency
agreement with IBC, in part, to address challenges affecting
the project.
Project management and communication.--DHS officials
expressed concerns regarding the effectiveness of IBC's project
management efforts, including cost, schedule, and change
management. They also stated that DHS provided significant time
and resources to make up for fundamental project management
activities that were under IBC's control and not performed.
They also acknowledged challenges in DHS's project management
and communication efforts and identified lessons learned to
help improve future efforts, such as being more prepared for
organizational changes and centralizing program management
functions to help reduce duplicate efforts across components.
According to USSM officials, the TRIO project team focused an
unbalanced portion of its efforts on the delivery of technology
at the expense of organizational change management,
communication management, and other project management areas.
An OMB staff member concurred with the lessons learned
identified by DHS and noted the importance of DHS having well-
defined requirements for the project and better coordination to
achieve the desired outcomes.
These challenges contributed to a 2-year delay now expected in the
implementation of Coast Guard's and TSA's modernized solution. To help
address them, DHS and IBC established review teams and have taken other
steps to assess potential mitigating steps. For example, in January
2017, DHS and IBC established a joint contingency plan working group
(CPWG) to assess viable options for addressing stakeholder concerns and
key TRIO priorities moving forward. In February 2017, DHS and IBC
presented two options for addressing these concerns, and in April 2017,
the CPWG recommended moving away from IBC to a commercial service
provider as the best course of action to complete TRIO project
implementation. In May 2017, DHS determined that this option was not
viable and that migrating the solution from IBC to a DHS data center
represented the best option and initiated discovery efforts to further
assess this as its path forward for the TRIO project. As of August
2017, results of these efforts were under review by DHS leadership. As
the path forward is still evolving, it is too early to determine the
extent to which these challenges, and DHS's efforts to effectively
address them, will impact DHS's ability to achieve TRIO project goals.
In commenting on our report, DHS stated that it remains committed
to its financial system modernization program and that it will continue
to apply sound program and risk management best practices to achieve
its modernization goals.
Chairman Perry, Ranking Member Correa, and Members of the
subcommittee, this concludes my statement. I would be pleased to
respond to any questions you may have at this time.
Mr. Perry. The Chair thanks the gentleman.
The Chair now recognizes himself for 5 minutes for
questioning.
I guess I will start with you, Mr. Fulghum. I don't have to
say, you know, what, $50 million the first time, $124 million
this time. I appreciate you saying the buck stops with you, and
I understand to a certain extent that maybe this wasn't your
idea how this should be with the shared services model, but you
were told that is what you were going to do and it was your
mission when you moved out.
But you must understand, and I am sure you do, that we
can't accept that loss of money, that expenditure, without
having a viable product all these years later now.
One of your other testifiers there talked about the
deliverables, and I will ask her about that because I think she
said there is some value that has been retained here.
But to me, you served your country in uniform, and I am
sure you are well familiar with these processes, but any kind
of project, you know, whether it is attacking the enemy or
whether it is cleaning the hangar, you have got some
milestones, right? You know you have got to get past some
things and evaluate your circumstances, see where you are and
see if you are on track.
It doesn't seem to me, and I might be wrong, so I will ask
Ms. Singer at some point, too, but from your standpoint when
you signed this agreement, when you agreed to this whole
prospect, were there milestones in place? If there were,
briefly, what were they?
If there were milestones to make sure that you stayed on
track, it seems like at this point that we have failed to meet
them or recognize them or we just blew past them. What the heck
is going on here?
Mr. Fulghum. So first of all, what I would say is, and to
Michele's point, we do have a system that is functioning and
working and we can talk about that. But as far as the
milestones go, we had an integrated schedule and we sat down
routinely and looked at that schedule. Showing that schedule
was green, green, green in around the May time frame of 2016,
it was turned to yellow and red.
At that point, I called the folks together, including IBC,
her former colleague, and said, what the heck is going on? We
stopped the project at that point. We sat down with them and
said, what can we do to course correct? We put some things in
place in terms of incremental releases, more frequent check-
ins, increased oversight and some other things and also
provided some resources to IBC. We were able to DNDO up and
running.
Subsequently to that, we began on TSA's effort and again
the schedule started to go south. That's about the time Michele
showed up, we sat down again because of their inability to
adequately resource themselves as well as what I would say is a
misunderstanding of requirements of a large, complex Federal
agency that would be a standardized solution for that type of
agency, we made the decision to part ways.
But we do have a solution that is functioning, is making
payments, is writing contracts, is producing financial
statements and is the foundation of the system moving forward,
which is why we made the decision to continue.
Mr. Perry. You just elaborated on the two times that you
stopped it.
Mr. Fulghum. So, yes, sir. We stopped it before we
ultimately got DNDO up and running. Then along with IBC we made
the decision to end the relationship, as she said, in January
2017.
Mr. Perry. Was that, the ending of the relationship, was
that envisioned, so to speak, or at least some tenet of what
would precipitate that in the original agreement? So say this
is what we want to get accomplished, these are our milestones,
if you can't get it done we are going to be done because of
this, this, and this. Was that envisioned at the genesis of the
agreement, or was that never considered?
Mr. Fulghum. It wasn't in the agreement.
Mr. Perry. So if it is not in the agreement, it doesn't
seem like we are going to be very efficient.
Now, I am going to talk to Ms. Singer here for a moment. I
guess my point to that is that, yeah, while you agreed to part
ways, I am not sure we got the best value out of the deal. If
somebody, you know, if somebody is working on my house, and I
have an agreement, and I am going to pay you $50,000 to do X
work on the house, and I know that I am going to terminate it
at some point if you don't perform, I am going to want some of
my money back or I am going to want, you know, X amount of work
done.
But that all has to be determined up front, you can't wait
until you are in the middle of the construction to figure that
out. It is too late, feelings are hurt, so on and so forth.
Really quickly, and maybe we will do a second round here,
Ms. Singer, you said there were value of assets to be
transferred. What is the value? So we spent $124 million on
this round. What do you consider the value of the assets to be?
Ms. Singer. The valuable assets I speak of is Oracle
Federal Financial 12.2, the system that was developed, coded,
tested, and implemented for DNDO. In the next quarter of this
fiscal year, we will have released 3.0 which will include 80
percent of the functionality needed for TSA and Coast Guard.
So at this point, the operational system that DNDO is using
every day will be available for DHS to manage in one of their
data centers and bring live TSA and Coast Guard in the coming
years.
Mr. Perry. So we are 60 percent over budget. I think the
original estimate was $70-some million, we are $124 million.
What do you assess the value to be? Because we have got DNDO
up, right? We have got a shell or a structure or a foundation
for TSA, we have got nothing for Coast Guard. So we have paid
60 percent more, is that the value of it? I mean, are you
saying that was worth $124 million? Did we just miss the
estimate?
Ms. Singer. I absolutely believe the estimate was missed.
Now, my assessment is based on the record assessment of
historical agreements back and forth, the best I could
determine in the last 18 months that I have been managing this.
I also think it highlights IBC at the time did not
understand the complexity and the needs of an agency like DHS.
They were vastly larger than anything we had undertaken. Our 17
other agencies that reside on Oracle Federal Financial 12.1 use
a common solution and we are the No. 1-rated financial services
provider in customer service to those 17 agencies.
So the underestimation of the magnitude of the effort on
both sides was real. But as the director of the shared service
provider looking back over the record, I am extremely
disappointed that I had predecessors who did not recognize that
at the time and exercise more discipline both internally in
their own organization in IBC as well as as a provider with DHS
to help prevent some of the delays and cost overruns.
Mr. Perry. All right, thank you.
My time is long expired.
The Chair now recognizes Ranking Member Correa.
Mr. Correa. Thank you, Mr. Chairman.
First of all, to the witnesses, thank you very much for
your testimony.
Mr. Fulghum, a quick question. Given all of the challenges
that we are talking about here, cyber attacks, are we more
vulnerable, less vulnerable? Where are we with that, protecting
our data from the bad guys?
Mr. Fulghum. I mean, what I would tell you is I call it a
full-contact sport and we have to be diligent 24/7. We have
real threats out there each and every day.
Mr. Correa. Are we more vulnerable than usual or have we
taken care of business?
Mr. Fulghum. I think we have done everything we can to
protect ourselves.
Mr. Correa. Thank you very much.
Ms. Singer, very quickly, we talked about the Oracle
system. The Chairman talked about ownership, what we got out of
our investment. Oracle 3.0, is that what you said? Who owns
that? Do we own that or does Oracle? Is that something
proprietary to Oracle? When we need to, you know, work it,
modify it, does Oracle come in and do it or our in-house folks
do it?
Ms. Singer. It can be a combination. We have in-house folks
who have some skills in modifying the system. But generally, we
do work with industry. It is always a public/private.
Mr. Correa. How is the contract written? Is it proprietary
or non-proprietary?
Ms. Singer. It is not proprietary. The underlying system is
proprietary to Oracle, the out-of-the-box system. However, when
it is coded and additional functionality is added, that is
generally by another----
Mr. Correa. So whatever asset we have, we can possibly use
that since we own it in other areas of government.
Ms. Singer. Absolutely.
Mr. Correa. Given all the lessons learned.
Ms. Singer. Absolutely, this asset----
Mr. Correa. So possibly we do have something of value there
that we are getting out of taxpayer dollars.
If I can now move to Ms. Angerman. USSM's role in
partnership between DHS and the Interior Business Center, IBC,
how engaged with USSM during the discovery phase in the
implementation of the IBC solution?
Ms. Angerman. Thank you for your question. USSM was set up
in 2015 and so the project was very much in flight when USSM
was created. We, however, engaged with the program on a fairly
regular basis to share what we knew to be best practices and
lessons learned on how a shared service can be best
implemented.
Mr. Correa. Now, the lessons learned that were articulated
by IBC, DHS, both thought it was clear that DNDO was failing
the migration. The TSA migration would also be delayed. So
Coast Guard, where were we with that migration?
Ms. Angerman. I think that question may be best answered by
Mr. Fulghum who can provide the status of that program.
Mr. Correa. Mr. Fulghum.
Mr. Fulghum. So currently, we are in the final stages of
planning to transition from IBC to our own data center. Right
now, our notional schedule says, based on funding and some
other things, that we believe we can have it up and running in
fiscal year 2021.
Mr. Correa. Another question, Ms. Angerman. After all these
attempts to standardize into a single platform, are we going to
centralize or decentralize? What are we doing right now in
terms of the philosophy? I find that sometimes we take a shot
at an effort and sometimes we find that maybe there are
shortcomings, so then we take a policy swing from
centralization to decentralization. How would you characterize
right now the status in terms of implementing solutions to
these problems?
Ms. Angerman. I would characterize right now as taking a
step back and really looking at what we have learned today,
both from this program and from others that have attempted
these kinds of transformational efforts.
I think we have two options for moving forward. One is we
step back and we go back to a decentralized model and we let
every agency build their own finance systems and H.R. systems
and then we figure out how to keep those modern and funded. Or
we agree that we want to consolidate that IT and we want to
mitigate that risk for taxpayers and we want to get scale for
the Government.
Mr. Correa. I am running out of time, so let me quickly--we
just talked about Oracle, we have got some value there. So
could that be used in the decentralization process?
Ms. Angerman. We don't know yet. The truth is that we need
to sit down as a Government and include all of the agencies in
a discussion about what requirements we actually have for
future financial management systems, inclusive of large and
small agencies.
We need to be able to articulate that as a Government and
speak with one voice as what we need, and then we will be able
to assess solutions, both that are in Government today and
potentially new solutions from industry that can help us
satisfy financial management needs holistically.
Mr. Correa. Mr. Chair, I yield.
Mr. Perry. The Chair thanks the gentleman.
The Chair now recognizes Mr. Higgins from Louisiana.
Mr. Higgins. Thank you, Mr. Chairman.
Colonel Fulghum, thank you for your service of 28 years,
sir. Your resume is very, very impressive. As an old soldier, I
would imagine that looking at your resume if you can't get this
thing done, I can't imagine who could. So although I recognize
you as a gentleman of great accomplishment, and I also
recognize in your spirit, sir, and read within your statements
great frustrations of what has unfolded and transpired over the
last years. Would that be an accurate assessment?
Mr. Fulghum. I share the committee's frustration.
Mr. Higgins. OK.
Ms. Singer, in your opening statement, you stated that to
achieve strong adoption of standard business processes,
customer agencies must evaluate their complex business
processes with a willingness to differentiate and potentially
eliminate disparate processes that are not legally mandated.
That was many syllables in one sentence. But to me, that means
eliminate unnecessary duplicative policies and procedures.
The GAO report cites IBC officials describing DHS's
approach to project management often resulted in duplicated
meetings and lengthy decision-making process involving several
officials and multiple review and approval processes.
Colonel, did you have the authority to eliminate during the
course? I realize you are dealing with multiple bureaucracies
and perhaps what would be recognized by the citizens that we
serve as the very worst manifestation of heavy bureaucracy in
the Federal Government, and you were in charge of a large
project. Did you have the authority to eliminate some of these
unnecessary lengthy meetings and multiple reviews and approval
processes?
Mr. Fulghum. Yes, sir, and we did.
Mr. Higgins. Did you find during the course of your efforts
to make this thing work, did you find resistance out of the
Executive branch or out of any of the alphabet branches that
you were working with? Has that resistance dissipated over the
course of the last 6 months?
Mr. Fulghum. I think there was a persistence to head toward
the Federal shared services model under the previous
administration. I have seen an increased adaptability to the
model we are going to under this administration.
Mr. Higgins. Thank you, sir.
I would like to ask, I believe, you, Colonel, and Ms.
Singer, any member of the panel that could answer this, were
any private models, best-practice models from private
endeavors, large, massive entities like Walmart or Home Depot,
Lowe's, they have gone through modernization processes through
the course of their existence, were any private models used or
brought in to study their best practices?
Mr. Fulghum. Yes, sir. During our analysis of alternatives,
we looked at the private sector. In addition to that, we had an
independent look at what the private sector is currently doing.
Mr. Higgins. Did you find that--I am honing in on something
here.
Mr. Fulghum. Yes, sir.
Mr. Higgins. The Chairman clearly pointed out that private
businesses have to modernize all the time. We do it with the
most efficient means by which moving forward that we can
possibly find and determine. I am asking, is the bureaucracy of
the agencies that you are working with so thick that the common
best practices found in private industry toward modernization
just doesn't quite work?
Mr. Fulghum. I would say it is a challenge working in the
bureaucracy. That said, our independent look showed that large
corporations also failed in terms of modernizing their systems,
so they didn't always get it right either.
Mr. Higgins. Can you give us an example of that?
I am sorry, Mr. Chairman, I am over my time.
Mr. Fulghum. I don't have a specific example of a
corporation, but we can certainly provide the committee with
the results of our analysis.
Mr. Higgins. That would be interesting to review. Thank you
for your answer and thank you for your service, sir.
Mr. Chairman, I yield.
Mr. Perry. The Chair thanks the gentleman.
The Chair recognizes the gentlelady from California, Ms.
Barragan.
Ms. Barragan. Thank you, Mr. Chairman.
Ms. Angerman, do you know what processes and criteria DHS
used to select IBC as its SSP for financial management?
Ms. Angerman. Thank you for your question. I know that the
process that they went through at DHS to select IBC was largely
driven by the memorandum M13-08 to direct agencies to a shared
service provider.
Ms. Barragan. Do you know if DHS and IBC if they did at all
communicate to ensure whether the systems were interoperable
such that IBC's system could fully integrate DHS's system?
Ms. Angerman. I am aware that during the discovery process
they went into some depth to discuss what the integration needs
would be with other systems that would remain at DHS.
Ms. Barragan. Who was responsible for identifying and
reconciling discrepancies between IBC's systems capabilities
and DHS's system requirements?
Ms. Angerman. That is the purpose of the discovery process,
which is that they sit down and they talk about the way that
the process exists today at the customer agency, how the
process works at the shared service provider, and they try to
close those gaps and figure out how they will change their
processes to adapt to the solution.
Ms. Barragan. Thank you.
Mr. Fulghum, you talked a little bit about at some point
you realized something was wrong and you all sat down to talk
about it. How far after everything started did you realize that
things were going wrong?
Mr. Fulghum. If I recall correctly, it was about 8 months
in.
Ms. Barragan. When we were 8 months in, did you realize
that the Government was going to spend millions more than what
was initially projected?
Mr. Fulghum. That was a part of when we paused the program.
It clearly looked like we were off schedule and that we were
going to have to expend additional resources, yes. But that is
when we went through the replanning effort to see if we could
turn the program around, which, again, we did deliver DNDO on
time. Not on budget, but on time.
Ms. Barragan. Then how much longer after that did you all
decide that this wasn't going to work and you terminated?
Mr. Fulghum. If I remember right, we began those
discussions the following April and eventually determined that
we wouldn't be able to do it.
Ms. Barragan. So pretty early on.
Ms. Angerman, how do inadequate financial systems affect
the operational capacity of DHS?
Ms. Angerman. Inadequate financial systems insomuch that
they are legacy systems that need to be modernized introduce
risk to being able to have access to data in a timely fashion
and to be able to have consistent data across the Department to
be able to make key decisions.
Ms. Barragan. So is this system used to try to determine if
projects are on track cost-wise?
Mr. Fulghum. So this system provides financial information
that can inform future decisions around acquisitions or other
things if that is what you are asking.
Ms. Barragan. Well, I am just thinking, at a time when the
administration is attempting to divert resources to projects
like the border wall, I am curious to know if Congress and DHS
management will have access to a full financial picture of the
Department and where they are in these projects.
Mr. Fulghum. So the Department has consolidated financial
reporting today. We use business intelligence to get it. We
have financial information that we produce every month from a
consolidated nature, so, yes, we have a complete picture of the
Department's finances.
Ms. Barragan. OK. I will yield back.
Mr. Perry. The Chair thanks the gentlelady.
The Chair recognizes the gentleman from Texas, Mr.
Ratcliffe.
Mr. Ratcliffe. Thank you, Mr. Chairman.
Thank all the witnesses for being here today.
We spend a lot of time, it seems, talking about what went
wrong when you realized things went wrong, basically how we got
here and the different initiatives ending in wasting $56
million, I think, and then $124 million.
So having said all that, I guess what I really want to know
and what I haven't heard yet is, why should Congress have any
assurance that the next attempt will be successful, especially
given how aggressive the schedule appears to be?
I want to start with you, Mr. Fulghum, and give you a
chance to answer that.
Mr. Fulghum. So first of all, again, we do have the
foundation of a solution that works. We know a lot more than we
knew 2 years ago.
Mr. Ratcliffe. Well, let me stop you there.
Mr. Fulghum. Yes, sir.
Mr. Ratcliffe. Because you say that, but I heard the
answers, some of the responses from Ms. Singer and Ms.
Angerman, and what I heard was talking about lessons learned
from where we were.
Ms. Angerman, you said, well, we need to step back and
decide whether or not to be decentralized and then you started
and you weren't able to finish that answer.
Ms. Singer, you said, you know, we didn't understand the
need of DHS. That is a lot of don't knows and don't
understands. That doesn't inspire a whole lot of confidence, so
that is the context of my question.
Mr. Fulghum. OK. So what I would say is they didn't know
and didn't understand. They have a much better appreciation
today of our requirements. The solution meets 75 percent of our
requirements. As Ms. Singer said, when 3.0 comes in October, we
will be at over 80 percent. That is how the system was
originally designed. DNDO was to be a pilot with the basic
foundation for an integrated solution, add TSA's functionality
and then add the Coast Guard's. So that is why I say that we
have a system that works to build on.
Mr. Ratcliffe. Thank you, Mr. Fulghum.
Ms. Singer. Ms. Angerman, I will give you a chance to sort-
of weigh in and give your perspective on that as well. But I
want to ask this question in connection with giving your
answer, and that is, if there are lessons learned and there is
a foundation for a solution going forward, what is the biggest
risk that DHS still has to identify or mitigate at this point
with respect to financial management and reporting systems?
Ms. Singer. Thank you for that question. I think the
biggest risk for any large, complex, federated agency--and the
federated part is important because its component parts are
vital, unique, or brought in to be part of the whole with their
disparate systems and processes that they have brought with
them--the biggest risk will always be finding a baseline that
as many of those component parts can live with as possible and
meet their vital and important business needs as well as be
auditable and of sound financial organization.
I think no one is better situated than DHS headquarters to
understand that need. I see no one more committed than Mr.
Fulghum, his leadership team to bring discipline to that
effort. But it is an enormous challenge. The Department of the
Interior went through it and that is an agency more than 150
years old, smaller, and less complex, but still struggled
mightily in implementing one consolidated financial system. I
lived through that and understood the complexities and that
will always be the largest challenge.
It will leave the question whether a large, complex,
federated agency like DHS or others in the Federal Government
belong with one of the existing shared service providers or
whether they are best-suited with help from industry and
guidance from best practices to consolidate on their own. I
think the platform they have now provides that opportunity.
Mr. Ratcliffe. Ms. Angerman, I will give you a chance to
weigh in on those points and questions.
Ms. Angerman. Thank you. I would largely agree with Ms.
Singer's comments. I would say that DHS has recognized that
this will continue to be a challenge and they have created a
joint program management office at headquarters and staffed it
appropriately so that they are prepared to address challenges
going forward.
I would also say that this is an important lesson learned
for the Government at large. So my comments about stepping back
is that when we think about the strategy for shared services at
large for the Government and what we are going to do going
forward, this is really important data for us.
In addition to some of the best practices, we have learned
by talking to Fortune 500 companies who have had the same
challenges when they tell us this is equally as hard for them
to do, but where it has also been a proven best practice. All
of that is really helping us to move forward with a better
strategy.
Mr. Ratcliffe. Thank you.
My time is expired. I yield back.
Mr. Perry. The Chair thanks the gentleman from Texas.
The Chair recognizes the gentleman from Kansas, Mr. Estes.
Mr. Estes. Thank you, Mr. Chair.
In my prior life before I ran for public office, I did some
of this work, so I have got a little bit of understanding of
some of the problems that you have run into in a complex
project like that.
I want to talk a little bit more about where are we going
to go from here, I mean, what is the path forward, which is
part of what we talked about in some of the notes here.
So basically, we are pulling this into an operation by DHS
and kind-of moving away from the shared services concept and
moving forward. That is the plan right now with the use of the
software?
Mr. Fulghum. So what I would characterize it is we are
moving from DOI's environment into DHS's and it will be a
private cloud offering. We still have a shared service, just an
internal shared service provider. So the Coast Guard is
providing the accounting support today for those three
entities. We will have one integrator contractor that will
provide those platform services for all three components; it is
just we are no longer asking for services from another Federal
agency.
Mr. Estes. OK, that makes sense to some degree from a
strategy, I guess. But there is probably another question for
another hearing in terms of talking about where we go with the
shared services model at the total Federal level, but not to
sidetrack from that.
Ms. Singer, one of the things you talked about was that we
were 80 percent of the way with Coast Guard and with TSA, and I
guess expectations are first quarter of 2018 we would have the
TSA software up and available. Is that 80 percent functioning
and provides 80 percent of the functionality that we wanted, or
is it 80 percent of the way to being developed and programmed
and tested?
Ms. Singer. I believe what we mean by that is delivering 80
percent of the desired functionality. There are interfaces to
be developed and a couple of key components that DHS must
decide whether or not they want to develop and implement that
they are best-situated to make that decision.
For a shared service provider, like the Interior Business
Center, those would be developments that I could not offer or
provide to any other agency. They are very specific to DHS.
That is why it doesn't fit within this particular shared
service model, but that does not mean that they are not
necessary or vital to DHS to be able to carry out their
important mission.
It is just that last 20 percent of requirements will be for
DHS to further develop and implement. But the full system is
operating. For that functionality that they would like to see
come on-board soon, there also exists workarounds. It allows
the work to be done, but may be not in exactly the way they
would like to see it.
Mr. Estes. So is the Oracle software platform going to be
used by the Coast Guard to provide that support for TSA?
Mr. Fulghum. Yes, sir, same platform. I would describe it a
little bit differently than Michele. DNDO is a basic 300-person
operation. TSA has got about 60,000 employees, but their basic
operation is fairly straightforward. The Coast Guard has a much
more complex organizational structure and business practice
than TSA. So when we get the 3.0 for TSA it will work for TSA.
We need the last 20 percent to add some increased functionality
because of the complexity of the Coast Guard.
Mr. Estes. So going back to TSA and whether we are up and
running, I mean, how are we going to use that for TSA? So what
is the functionality that is going to be used for TSA come
first quarter of 2018 if we are not using the software or going
live with the software for them?
Mr. Fulghum. So today we will stay on the system that we
are on and continue to stay on the legacy system until we are
ready to migrate into the new solution.
Mr. Estes. OK. One final question that I know may run
longer than the time I have in terms of the answers. How much
have we modified this software so that it makes upgrades
difficult and complex and maybe even impact the ability to use
future upgrades provided by the vendor in the future?
Mr. Fulghum. Well, I will start and Michele probably has
more expertise than I do, but the out-of-the-box commercial
software we are not modifying. What we are describing is, and
it provides some integrated solution in terms of procurement,
what we are talking about is other interfaces for property,
logistics management and those type of things that interface
with the solution. But the software itself we are not
modifying.
Ms. Singer. There are significant additional functionality
interfaces, as Mr. Fulghum noted, to the extent, I mean, if you
looked at lines of code that have been written or
modifications, what we call the requirements traceability
matrix will show a significant number of changes in order to
meet the DHS business needs.
I do believe there are methods to ensure upgrades, enhanced
security, and continued security of the system. It is not
modified outside the realm of what can be continuously secured
and updated.
Mr. Estes. Thank you.
I am out of time. I yield back.
Mr. Perry. The Chair thanks the gentlemen.
We will go for a second round as long as we can.
Ms. Angerman, it is my understanding, so I just want to
make sure I am correct here, that your agency provides input
and advice on best practices related to design and execution.
Is that generally speaking correct?
Ms. Angerman. Yes, that is correct, sir.
Mr. Perry. OK. So, Mr. Khan, in your testimony, you said
that, and I want to make sure once again I am correct, that, in
your opinion, based on your investigation, that the agency
didn't follow best practices. Is that correct?
Mr. Khan. Best practices was in terms of the alternatives
analysis. We found that DNDO followed all the best practices.
These are industry best practices so, I mean, they are well-
known in the industry. However, TSA and Coast Guard did not
follow all elements of the best practices to result in a high-
quality, reliable alternatives analysis.
Mr. Perry. Were you able to determine why they wouldn't? I
mean, has that question been asked or do I need to ask Mr.
Fulghum? You just determined they didn't?
Mr. Khan. Right. We didn't ask why, we just looked at the
end results of their analysis that was done some time before we
started our audit.
Mr. Perry. OK.
Ms. Angerman, do you agree with that? Do you know if they,
in your opinion, if they followed these best practices? I mean,
you are the adviser on these things.
Ms. Angerman. I think there were always--we identified and
observed opportunities to improve in the planning process and
the change management process in the integrated project
management between the two agencies and that they investigated
through their alternatives analysis the options that were
available to them at the time.
Mr. Perry. OK.
Mr. Fulghum, can you comment? I mean, you know, if these
are well-known, widely-ascribed-to best practices, is there
some reason why they can't be followed or just recalcitrance
or, you know, institutional bias for the organization, this is
how we do things, this is how we have always done them, and we
are not going to change, and we are going to resist? What is
your take on this?
Mr. Fulghum. No, sir. We will follow the best practices
that were identified.
I think what GAO found was that, in the case of DNDO, they
had an independent contractor do their alternatives analysis.
While the Coast Guard and TSA went through an extensive review
process, they didn't have that independent contractor perform
the analysis, I think is where we primarily fell short.
Mr. Perry. So are you saying that the Coast Guard and TSA
should have had the independent contractor as----
Mr. Fulghum. I think a best practice would have been to
have an independent review of that analysis. What I am saying,
though, is that there was an extensive review of that analysis
of alternatives by a variety of folks, including Treasury FIT.
Mr. Perry. OK. In your testimony, Colonel, you said that it
would be restructured for clearer accountability moving
forward. Can you tell me what the difference in moving forward
regarding accountability? Can you also describe if the private
sector, so to speak, is going to be involved either more or to
what extent moving forward?
Mr. Fulghum. OK. Well, I will start with the accountability
and a clear line of accountability. What I was referring to is,
when we originally set up the structure we had three program
offices with someone sitting over them and they were four
people with, what I would say, no one really in charge. So when
we stopped to pause the program, one of the things that I did
was I asked the now-acting CFO to go take a hard look at
ourselves to see what is it that we can do better. Out of that
came a joint program office where there is one person, she is
sitting right behind me, who is accountable and in charge.
So from that perspective, I completely agree that we were
fragmented in terms of our communication. I believe we have
fixed that now.
As far as the private sector, we are going, as you know, we
have a draft, an RFP out asking for what I call a systems
integrator. That will be a performance-based contract with
clear visibility into both cost and scheduling.
Mr. Perry. Excellent. Do you want to announce the
gentlelady-behind-you's name who is going to be accountable so
that when the next time we get together maybe she will be
sitting on the dais with you? Or maybe we won't have to get
together, which would be even better.
Mr. Fulghum. I don't expect us to get together on this
topic. But ultimately, as I said at the start, I am the one
that is responsible and accountable.
Mr. Perry. All right. Mr. Fulghum, we are going to hold you
to that. We appreciate that.
With that, I will conclude my questioning and recognize the
Ranking Member, Mr. Correa.
Mr. Correa. Thank you, Mr. Chair.
Just as I am listening to your answers, I learn more and
more and I have even more and more questions. But right now, we
are not talking about all of DHS, we are just talking about
certain portions of DHS. Correct?
Mr. Fulghum. That is correct.
Mr. Correa. OK. So are we looking at eventually getting the
bugs out of this process and then integrating the remainder of
the DHS departments?
Mr. Fulghum. So our plan would be moving forward, again,
and a lot of this is dependent on funding, which, by the way, I
completely understand, given where we are today, we have ICE
with services themselves and four other customers and then we
have FEMA left to go. So based on this model and looking to
standardize and reduce the footprint, we would expect to repeat
this model with both ICE and FEMA.
The rest of DHS is operating on a modernized system, CBP,
Secret Service, and FLETC.
Mr. Correa. So I guess, given the words you have just used,
we are going to be using the best lessons learned here to try
to move forward to essentially address the other departments as
well, ICE and FEMA?
Mr. Fulghum. Right, again using that internal shared
services approach. Yes, sir.
Mr. Correa. Let me say that, again, just based on my State
legislative experience, you have got a challenge on your hands,
we have a challenge on our hands. But I think that all of you
here working together, coordinating with this committee and
subcommittee, can make sure we coordinate and know what is
going on so that we can best prepare for these surprises and we
don't have to be here in a quarter or thereafter and have to
answer tough questions, but rather try to make sure that there
aren't any surprises as we move ahead. There will be.
Again, as I listen to your testimony, I am getting these
nightmares of what we went through in the State of California
as a decentralization, not centralized, private, public,
nothing really ended up being the right answer. But rather, I
think we have to look at the process to make sure that we are
managing the whole process and its implementation and adapting,
I guess, to the circumstance as we move forward.
Mr. Chair, I yield the remainder of my time.
Mr. Perry. The Chair thanks the gentleman.
The Chair recognizes the gentleman from Louisiana, Mr.
Higgins.
Mr. Higgins. Mr. Chairman, I have more of a statement than
a question. I would just like to commend this panel for your
candid and courageous answers. This is a level of complexity to
coordinate for modernization, an endeavor that was envisioned
years ago, and to sit before a Congressional subcommittee like
this and confess that lessons were learned and changes were
made.
I was particularly struck by Ms. Singer's honesty when she
stated that the estimate was missed by her predecessors
regarding the $70 million price tag that has evolved into a
$124 million price tag, and we are not done yet.
So, Mr. Chairman, I think every now and then we have some
very squared-away panelists and this was one of those days.
So we thank you all for your continued efforts.
I yield the balance of my time.
Mr. Perry. The Chair thanks the gentleman and the use of
the terminology ``squared-away,'' which hits close to home to
me, and now recognizes Mr. Estes of Kansas.
Mr. Estes. I guess my first question deals with, what is
the time frame? I know we have talked a little bit about having
to take a step back and say what are we doing, when are we
doing it, how are we doing it, but, you know, what is the time
frame to come up with a plan, particularly for DNDO and Coast
Guard and TSA from a cost standpoint and what to do, when?
Mr. Fulghum. So we are finalizing our plan to transition
from IBC's data center to ours. Once we have that plan
finalized, we will go out on the street for an integration
contractor, which we expect to award by the end of October. By
May, I believe we will have the system transitioned, we will
have DNDO up and running by the first quarter of fiscal year
2019, and then we will have TSA up and running the first
quarter of 2020. The expectation is the Coast Guard the first
quarter of 2021.
Mr. Estes. OK. What is the expectations now for
particularly fiscal year 2018, but maybe even future years we
don't know yet, but for costs in fiscal year 2018 in terms of
doing this work? Is that already laid out in the budget, or did
the change in direction cause----
Mr. Fulghum. So we believe the money we have asked for in
the President's budget in fiscal year 2018 is sufficient to do
what we need to do in fiscal year 2018.
Mr. Estes. OK. So we talked a little bit about lessons
learned. Granted, there was a lot more complexity from a
standpoint of moving into a shared services model and, you
know, as you mentioned, having different groups or different
individuals from different groups trying to work together, but
some of those things were pretty basic, I mean, in terms of the
right resources and tracking the schedule and communication.
So what is our plan to do in the future, going back to the
question that was raised earlier about the confidence level
that this next effort is going to succeed completely?
Mr. Fulghum. So what I would say is I think we have learned
lessons on the amount of testing we do, so we are going to do
more testing than was done previously before Michele got there.
In addition to that, the contract structure that her
predecessors put in place were complex, the relationships were
complex. We have a much more simplified approach.
Then I go back to that joint program office, one voice, one
office that is running the entire project. Those things
combined with the fact that because of Michele's hard work and
her team's hard work we have got a solution that we can use
that will be the foundation for TSA and the Coast Guard.
Mr. Estes. OK, thank you.
I yield back.
Mr. Perry. I think that votes have been called or will be
momentarily, just for Members.
To all the panelists, thank you very much for coming. I
suspect in this regard we won't see Ms. Singer or Ms. Angerman
again on this subject.
However, Mr. Fulghum, I do expect to see you again and
hopefully not on this subject. But if Mr. Khan and his
investigations and requirements determines that we need to sit
down again we will.
We hope to think that we haven't wasted upward of over $50
million on the first round and $124 million on the second. We
appreciate that there are some deliverables that Ms. Singer has
alluded to and, Mr. Fulghum, you have validated. But still, it
is too much. It is our job, all of us as citizens, to make sure
that our taxpayers are getting the most out of every dollar and
every cent. So that is our duty as well as the mission, the
other mission which is to complete these tasks. Right?
So to that end, we are going to keep an eye on things and
hopefully we will have better success in the future. Maybe you
can come in here and tell us that that money was well-spent and
since then we have got all the other agencies, including FEMA,
involved and included in this and we have one model that we can
pull reports from and be integrated. That would be what I think
we would hope for.
So we appreciate your time today. The Chair thanks the
witnesses for their valuable testimony and the Members for
their questions.
Members may have some additional questions for the
witnesses and we ask you, the witnesses, to respond to those in
writing. Pursuant to committee rule VII(D), the hearing record
will remain open for 10 days.
Without objection, the subcommittee stands adjourned.
[Whereupon, at 3:18 p.m., the subcommittee was adjourned.]
A P P E N D I X
----------
Questions From Chairman Scott Perry for Chip Fulghum
Question 1. How will DHS improve its decision-making processes and
communications with the new system integrator? What accountability
mechanisms will exist with the upcoming procurement that did not exist
with the Interagency Agreement with IBC?
Answer. Per the lessons learned from the effort to move the United
States Coast Guard (USCG), the Transportation Security Administration
(TSA), and the Domestic Nuclear Detection Office (DNDO) to the
Department of the Interior's Interior Business Center (IBC), a Federal
shared service provider, changes have been made to improve the DHS
decision-making process. The implementation approach has changed from
individual component projects to a single initiative, which will
streamline decision making. The new joint Program Management Office
(JPMO) now provides centralized program governance, which differs from
our effort with IBC.
To fully staff the JPMO, DHS headquarters has requested and
obtained component detailees with deep knowledge of component business
processes and strong program management skills. The organizational
structure of the JPMO provides single points of contact to communicate
directly with the new system integrator. This eliminates the need for
the system integrator to communicate with both DHS HQ and the component
during the implementation.
DHS will have direct contract oversight and engagement with
vendors' contractors that support this effort. The JPMO is establishing
contract requirements that will enable the JPMO to manage program cost,
schedule, and performance. This will include reports submitted by the
system integrator contractor that captures monthly performance metrics
for the scope, cost, and schedule, which the FSM JPMO will use to
analyze and monitor performance throughout the program. The JPMO will
compare these reports against the planned statement of work, schedule,
and cost to assess the progress towards achieving program objectives,
and inform decision-making activities for this effort.
DHS will utilize a contract management plan to set acceptable
quality levels that will be used to measure the quality of deliverables
based on established, well-defined acceptance criteria. The contract
will include a set of incremental deliverables for the contractor that
will provide evidence of program progress against the planned cost and
schedule, and allow DHS the opportunity to identify issues early, and
develop and implement corrective actions more timely. Delivery of these
artifacts will be aligned with recurrent program gate reviews to assess
overall program progress.
Question 2. What role will IBC play in assisting the new system
integrator? Does the Interagency Agreement require IBC to provide
support for the TSA solution once it is transitioned to DHS? Will the
new system integrator be able to collaborate with IBC after the
transition?
Answer. The transition will require support from DOI IBC resources
for the virtual transition of the solution, and the stand-up, testing,
and validation of such solution once relocated to the DHS data centers.
DOI IBC will facilitate technical knowledge transfer, either through
documentation or discussions with the new hosting and system deployment
vendors. DOI IBC will support the transition of the operation and
maintenance support, including help desk services, to the DHS vendors
and personnel. Lastly, DOI IBC will develop, deliver, and execute a
plan for the careful, safe retirement and decommissioning of DHS
specific information and or systems at the conclusion of the transition
phase.
DOI IBC will not provide direct solution support after the system
has been fully transitioned to the DHS data center. DHS has included
options within the transition Interagency Agreement (IAA) that will
allow DHS and its vendors the ability to consult with DOI IBC after the
transition to DHS is completed.
Question 3. How will DHS ensure that mistakes made in previous
failed modernization efforts with industry vendors will not be
repeated?
Answer. DHS has gathered lessons learned from past attempts at
financial systems modernization and incorporated them into the new
approach.
For example, DHS will segment the implementation using incremental
deliverables with well-defined acceptance criteria. To monitor and
oversee contractor performance, DHS has included EVM reporting
requirements within the new contracts.
To manage and control scope, DHS will leverage existing automated
tools to track and manage requirements from operational, functional,
and technical requirements through testing, with full traceability.
This will allow better tracking of both the global requirements that
are shared across all components and improve the identification and
documentation of component-specific requirements. DHS will incorporate
the full scope of testing activities, including testing of data and
operational testing. Automated tools and extensive testing were noted
lessons learned with our partnership with IBC.
The JPMO will lead the organizational change management effort so
that the organization is prepared from inception through post-
implementation support. DHS will standardize the approach to change
management through the application of a structured process and set of
tools, across components, to better support users through change. This
standardized approach includes early establishment of stakeholder
engagement forums such as peer support networks, targeted, more
frequent communications, and a much-improved approach to training
users. Training will be transitioned from the basic system training
provided by IBC to role-based, business process-based training. DHS
will also move away from the train-the-trainer approach for most
components, and leverage instead professional training resources,
deeply familiar with the system, provided through the new contract.
Improving program-wide change management will enable smoother
transitions, allow users to more quickly become proficient, and
addresses best practices identified through the regular lessons learned
exercises DHS performed during the IBC engagement.
Question 4. Aside from TSA and Coast Guard, what are the
Department's plans, including time frames, for modernizing other
component systems? What risks, if any, exist with modernizing these
systems? What additional costs might the Department incur in
modernizing these systems?
Answer. DHS has begun the planning to establish a strategic
sourcing vehicle to meet the financial management system software needs
for all DHS components. FEMA, ICE, and their customers plan to leverage
the DHS strategic sourcing vehicle.
The ICE and FEMA legacy systems are near end-of-life. The DHS
components will continue to incur costs to maintain the legacy systems
until they are modernized. The modernization risks are similar to those
documented for the TSA and USCG. Risks include availability of funds,
contract management, organization change management, data conversion,
interfaces, and other technical risks. The delay for FEMA will also
have cascading negative effects on other FEMA critical modernization
efforts (Grants Management Modernization and NFIP's insurance system
modernization, known as Pivot). The delayed FSM will require a
connection to FEMA's legacy system now, and then a connection to the
modernized system, which will require additional investment and effort.
The JPMO will begin updating the cost estimates for FEMA, ICE, and
the ICE customers in Q1 fiscal year 2018. After the LCCEs are
completed, we welcome an opportunity to provide an update to the
committee.
Questions From Chairman Scott Perry for Elizabeth Angerman
Question 1. What role will USSM have assisting DHS as it
transitions to away from IBC and takes control of the TRIO solution?
Answer. USSM's role is to advise agencies on lessons learned as
they implement shared services. The USSM Modernization and Migration
Management (M3) Playbook is a valuable compilation of best practices
and lessons learned from Government and industry for system
modernizations in a shared environment. USSM will also continue to work
with the Chief Financial Officer community to design common
requirements for integrated solutions for mission support functions. As
DHS defines its vision for the end-state solution, these integrated
standards will be the foundation for moving forward. However, it
remains the responsibility of the agencies to determine the best path
forward for their modernizations.
USSM recommends that DHS leverage the M3 Playbook as it
consolidates internally. USSM will continue to be available to support
DHS as an independent and objective resource, as needed and
appropriate.
Question 2. What are the biggest risks DHS must identify, monitor,
and mitigate to achieve financial systems modernization for the
Transportation Security Administration (TSA) and the United States
Coast Guard (USCG)?
Answer. Change Management.--The most difficult part of these
projects is re-engineering business processes to align to the solution
and then helping the users to buy into and adopt the change. Focusing
on training, clarifying roles and responsibilities, establishing
service-level agreements, and defining overall success for the program
by providing the proper attention, time, and resources is critical.
Business Process Re-engineering needs to be the preferred
method of resolving any identified gaps over modification/
customization of the software. Governance structures need to
support the idea of ``one decision maker'' for the consolidated
solution.
Sufficient communication with the stakeholder community is
required to prepare them for the change and make sure they
understand the value proposition.
Leveraging the M3 Playbook to create a business and
technical end-state (with metrics to measure success) for the
financial management function at DHS would help to create a
shared vision for success.
Program Management.--DHS should adopt project management best
practices such as developing a resource-loaded schedule which is used
to track actual costs of various program activities.
The value of an integrated, resource-loaded project schedule
and strong schedule management discipline cannot be
underestimated.
Define roles and responsibilities of the headquarters and
component organizations, and assign one responsible official
for decision making.
Define risks, mitigation strategies, and management
practices critical to ensuring success.
Governance.--A single accountable entity is critical as consensus
management is not an effective way to make decisions and govern a large
Department-wide program. An expedited and integrated decision-making
process that addresses issues and mitigates risks is critical and must
include senior officials in the agencies.
There is great value in having an integrated, co-located
program management team to lead the work activities and
identify and resolve gaps, conflicts, and priorities on a daily
basis.
A single accountable entity is critical to resolve disputes
and make decisions.
Scope.--Project planning in the early stages is key. DHS needs to
clearly define and articulate the vision for the end-state solution to
include the strategy and a roadmap to achieve the vision. Stakeholders
at all levels should be bought into the vision.
Importance of early stages of project planning--need to
clearly define and articulate the vision for the financial
management end-state, to include the strategy and a roadmap to
achieve the vision.
All stakeholders need to understand the end-state to ensure
scope creep does not imperil the timely completion of the work
within the defined budget.
[all]