A GAO report has found that surface inspectors from the TSA should align their activities more closely with identified risks. It makes four recommendations which include addressing limitations in TSA’s data system and defining objectives for the RMAST program.
The U.S. Government Accountability Office (GAO) was asked to review the activities of Transportation Security Administration (TSA) surface inspectors. TSA surface transportation security inspectors conduct a variety of activities in order to implement the agency’s surface security mission. Regulatory inspections and non-regulatory assessments and assistance are two ways inspectors accomplish this. Beyond mission-related activities, inspectors also assist with aviation-related activities. GAO found that TSA has incomplete information on the total amount of time inspectors spend on the previously mentioned activities due to limitations on TSA’s data system. In addition, GAO found that TSA did not incorporate results from risk assessment when planning and monitoring activities; this resulted in TSA prioritizing inspector activities with the lowest risk. While TSA has implemented a new risk mitigation program in the last year (Risk Mitigation Activities for Surface Transportation – RMAST), the report found that TSA has not identified or prioritized high-risk entities and locations that the program was intended to focus on.
The report conducted by GAO addresses two areas within TSA surface inspector activities: (1) how TSA surface inspectors implement TSA’s surface transportation security mission, and (2) the extent that TSA has used a risk-based approach for prioritizing and implementing surface inspector activities. This report was conducted using data from 2013 through March of 2017, along with a review of TSA program risk documents and guidance, as well as observation and interviews. The resulting GAO recommendations for TSA are as follows: (1) limitations in data systems must be addressed, (2) inspector activities are more closely aligned with results from risk assessments, (3) the risk mitigation program must identify and prioritize entities and locations, and (4) clear and measurable objectives for the program must be defined.