Although importers and customs brokers have expressed concern that Customs and Border Protection (CBP) will not meet the mandatory deadlines for transitioning to the Automated Commercial Environment (ACE) program, which will automate border processing, the Department of Homeland Security (DHS) Inspector General (IG) found CBP is on track to meet its milestones for theimplementation of the ACE program.
However, CBP may miss future deadlines if it doesn’t implement the appropriate internal controls.
As part of a multi-year modernization effort, CBP began developing the ACE program in 2001 to automate border processing. By the end of 2016, ACE will become the primary system through which the trade community reports imports and exports to the government, which is responsible for determining admissibility.
ACE will streamline manual processes, paper will be eliminated, and allow the international trade community to comply more easily with US laws and regulations.
“Once fully implemented, ACE will become the central trade data collection system for all federal agencies, and the single point of access for this data, which includes data collection, processing, dissemination, and storage,” the IG’s report stated.
The IG found CBP is on track to meet its milestones for implementation of the ACE program and should meet the December 31, 2016 deadline mandated by the Presidential Executive Order 13659.
However, CBP has not ensured the internal control environment has kept pace with the rapid deployment of the ACE program, which may result in missed deadlines. In particular, CBP has not implemented performance measures for the program or conducted risk assessments to identify gaps in data reliability.
The IG determined, “If there weaknesses continue and internal controls do not keep pace with Agile and the rapid implementations of the ACE program, deployment schedules could be adversely impacted, resulting in missed future deadlines and compromised effectiveness of ACE.”
This is not the first time internal controls issues associated with the ACE program were identified. The Department of Homeland Security FY 2014 Integrated Audit conducted by KPMG discovered CBP had not adequately maintained separation of duties or other controls within the ACE production and development environments, which may create potential risks and data reliability concerns.
To improve the efficiency and effectiveness of the program, the IG recommended CBP continuously assess and update internal controls, including conducting risk assessments, and develop specific, measurable, achievable, relevant and time-sensitive performance (SMART) measures.
CBP did not concur with the recommendation, asserting the agency has conducted risk assessments before each deployment to identify potential gaps in data reliability as part of CBP’s Production Readiness Review (PRR) process. CBP also stated it has implemented START performance measures, along with other internal controls.
However, CBP’s own technical comments stated, “The ACE Program did not identify data reliability as a risk and as such, data reliability is not part of the ACE Program risk report.” The IG, on the other hand, contends that “data reliability is the cornerstone of the ACE program,” since ACE will become the central trade collection system for all federal agencies and will be used to collect duties, taxes and fees.
Moreover, the IG concluded CBP is not using SMART performance measures. The documents provided to the IG were determined to be data collection spreadsheets, not performance measurements.
The IG will close the recommendation once proper documentation is received.