GAO: DHS falls short on security, management benchmarks

The Homeland Security Department has failed to perform more than half the expectations that the Government Accountability Office has established for it in 14 major mission and management areas. Out of 171 total expectations, DHS did not achieve 83 of them, GAO said in a report released today, just days before the sixth anniversary of the 2001 terrorist attacks. DHS produced results for 78 of the expectations; 10 were not evaluatedDHS suffers from the lack of a comprehensive and effective management strategy, changing priorities and leadership, and reorganization, the report states. DHS made only limited progress in the benchmarks for emergency preparedness and response, workforce management and information technology management. Its highest ranking was for maritime security, while its performance was considered moderate in the areas of immigration enforcement, aviation security, surface transportation security and critical infrastructure security. DHS has made progress in its mission areas but seriously lags in management, Comptroller General David Walker said. The progress on mission is understandable because DHS has focused on implementing security efforts. GAO did not offer more recommendations; it previously made 700 that the department continues to address. DHS disagreed with GAO’s methodology, scoring and overall assessment. DHS contends that GAO’s methodology does not properly credit or incorporate some assessments that the department believes should be considered as positive. Although DHS has advanced the goal of integrating the 22 agencies into a functioning department, it has not yet begun a departmentwide transformation strategy or applied a risk management approach in implementing its mission and management functions, Walker told the Senate Homeland Security and Governmental Affairs Committee. “I don’t think government spends enough time on management and mergers that can be far more complex than in the private sector,” Walker said. “You must not only have competence but continuity within and between administrations to accomplish these transformations.” Government mergers are more complex because the government has a lot more bosses and requires more transparency, he said. DHS has been on GAO’s high-risk list since 2003. An effective department requires consistent and sustained leadership from top managers to ensure the needed transformation of disparate agencies, programs and mission into an integrated organization. “We have found that successful transformations of large organizations, even those faced with less strenuous reorganizations than DHS, can take at least five to seven years to achieve,” Walker said. At the same time, many factors, including hurricanes Katrina and Rita, threats to and attacks on transportation systems in other countries, and new responsibilities and authorities provided by Congress have forced DHS to reassess its priorities and reallocate resources to address key domestic and international events and to respond to emerging issues and threats, he said. Among the expectations, for example, for aviation security, GAO found that DHS ensured the screening of airport employees against terrorist watch lists and developed standards for determining aviation security staffing at airports. But DHS did not develop and implement an advanced pre-screening system to allow it to compare domestic passenger information to the Selectee List and No Fly List. For information technology management, DHS developed and is using an enterprise architecture as a blueprint for its system investments, established information security program and centralized roles and responsibilities for IT under the CIO. But it did not develop a strategy and plan for IT management, a comprehensive enterprise architecture or measures to assess performance in IT management. Nor did it develop policies and procedures for effective systems development andcquisition.