"The implementation and transformation of DHS is an enormous undertaking that will take time--five or more years--to achieve in an effective and efficient manner," the General Accounting Office says in a report released by House Government Reform chairman Tom Davis, R.-Va., and Senate Governmental Affairs Committee chairwoman Susan Collins, R.-Maine. "DHS's prospective components already face a wide array of existing management and operational challenges. Failure to effectively carry out its mission exposes the nation to potentially very serious consequences."
Davis says he wasn't surprised that GAO added Homeland Security to its high-risk list. "The federal government faces an enormous task in trying to get the department off the ground," Davis says. "It's going to take a lot of work, but we are moving in the right direction."
The GAO report points out that many of the agencies that make up the department had existing major management challenges and program risks. One department directorate has responsibility for critical infrastructure systems protection, an area that GAO already deemed a high risk. Indeed, many of the department's agencies, including the Immigration and Naturalization Service, the Transportation Security Administration, the Customs Service, the Federal Emergency Management Agency, and the Coast Guard, face at least one major management problem such as strategic human-capital risks, IT management challenges, or financial-management vulnerabilities.
In its 58-page report, the GAO says improving IT management will be critical to transforming the new department. "Not only will DHS face considerable challenges in integrating the many systems and processes that provide management with decision information, but it must sufficiently identify its future needs in order to build effective systems that can support the national homeland security strategy in the coming years," the GAO says.
The White House Office of Management and Budget, in its re-examination of technology and management information systems, has taken a first step to evaluate the new department's component systems. Much more needs to be done, the GAO says, before the department can achieve the needed systems integration, including the development and implementation of an enterprise architecture, or corporate blueprint, to guide its information technology investments. Other key IT management capacities that it needs to establish include effective computer security, investment management processes, and system- and service-acquisition management practices.
GAO issued a red flag, noting that several agencies being merged have inherent IT problems. It cites the INS's longstanding difficulty developing field IT to support its operations. "Since 1990," the GAO says, "we have reported that INS managers and field officials did not have adequate, reliable, and timely information to effectively carry out the agency's mission. For example, INS's benefit fraud investigations have been hampered by a lack of integrated information systems. Because INS's four service centers investigating benefit fraud operate different information systems that do not interface with each other, INS officers may be making decisions without routine access to significant information, resulting in benefits being granted to individuals not entitled to receive them.
"More recently, INS's alien address information could not be fully relied on to locate many aliens who were believed to be in the country and who might have knowledge that would assist the nation in its antiterrorism efforts. Contributing to this situation was INS's lack of written procedures and automated controls to help ensure that reported changes of address by aliens are recorded in all of INS's automated databases."
The GAO says it has made recommendations to correct the weaknesses, which the INS is now addressing.
But much more needs to be done, the GAO says. "The success of the national homeland security strategy relies on the ability of all levels of government and the private sector to communicate effectively with one another," the report says. "Activities that are hampered by organizational fragmentation, technological impediments, or ineffective collaboration blunt the nation's collective efforts to prevent or minimize terrorist acts."