The Government Accountability Office (GAO) says the Department of Homeland Security (DHS) can’t be sure its Component Acquisition Executives are qualified or consistently fulfilling their responsibilities.
The DHS’s Chief Acquisition Officer designates Component Acquisition Executives (CAE) to oversee each component’s acquisition programs and policies, the acquisition workforce, and program data collection and reporting.
The Transportation Security Administration (TSA), Coast Guard, Customs and Border Protection (CBP), and the Countering Weapons of Mass Destruction Office have implemented the process to formally nominate and designate CAE. But GAO’s review found that four of the five individuals filling the CAE role—three as acting CAE—in the Management Directorate have not been subjected to this process. The process entails preparing a nomination package for DHS to vet candidates’ qualifications against criteria, and designating the selected individual in writing.
The Management Directorate is a support component that generally provides assistance and guidance to other DHS components and external organizations and also manages acquisition programs.
DHS claims that the direct reporting relationship of acting CAE to the DHS Chief Acquisition Officer makes designating CAE in the Management Directorate through this process unnecessary. But GAO said the Department may be lacking insight into the background of the acting CAE and missing gaps in experience that need to be mitigated. For example, the CAE for the Coast Guard was nominated and designated, but GAO found the CAE did not have the acquisition experience that guidance suggests for the position. In the nomination documentation, the Coast Guard identified this issue and described the experienced staff that will support the nominated CAE.
GAO’s review also revealed that the CAE position was not the primary function for some of the components. The CAE for the Coast Guard is also the Vice Commandant, for example, and the CAE for the Office of Biometric Identity Management is also the office’s Director.
Five of the nine CAE that GAO reviewed have established component acquisition policies that generally align with department-level policy, as well as with GAO key practices for effective acquisition management. TSA’s and CBP’s acquisition guidance includes the basic set of documents for major acquisition programs and also add further required documents for the CAE to review, such as an acquisition plan, increasing opportunities for CAE oversight.
GAO made four recommendations as a result of its review. First, it recommends that the Under Secretary for Management should ensure that the Office of Program Accountability and Risk Management (PARM) and component heads execute the CAE nomination and designation process consistently, as described in its guidance. This should include nominating and designating CAE to oversee all acquisition programs. DHS concurred and said it would rectify any issues identified by September 30, 2021.
Next, GAO called for the Under Secretary for Management to ensure that the CAE that are responsible for oversight of acquisition programs comply with DHS direction to complete CAE support staffing plans. DHS agreed and said PARM will also engage more directly with CAE support staff.
The Under Secretary for Management should also identify, in policy or guidance, the expertise that constitutes critical acquisition positions for effective CAE oversight, GAO said. DHS responded that it would do so by September 30, 2021.
Finally, GAO recommends that the Under Secretary for Management should direct PARM to establish a time frame for completing its assessment of the Investment Evaluation, Submission, and Tracking (INVEST) system data fields for which the CAE certification is necessary, based on current use and reporting requirements, and take appropriate actions based on the results. DHS also concurred with this recommendation and stated that PARM budgeted in FY 2021 for a new acquisition data analytics platform tool to better standardize , collect, connect, validate, store, manage and analyze data used to support PARM governance, business processes, reporting, and decision analysis requirements. Work to meet this recommendation is also expected to conclude by September 30, 2021.