Department of Homeland Security (DHS) component agencies “such as the US Coast Guard and Customs and Border Protection lack the information needed to effectively oversee their non-major acquisitions because they cannot confidently identify all of them,” according to a new Government Accountability Office (GAO) audit report.
GAO explained that, "Each year, DHS acquires a wide array of systems intended to help its component agencies execute their many critical missions." GAO had "previously reported that DHS’s process for managing its major acquisitions is maturing. However, non-major acquisitions (generally those with cost estimates of less than $300 million) are managed by DHS’s component agencies and have not received as much oversight."
GAO recently reported on a non-major acquisition that was executed poorly, limiting DHS’s ability to address human capital weaknesses.
GAO said it “identified over $6 billion in non-major acquisitions… [but] 8 of the 11 components could not identify them all. Several officials indicated that their focus had been on major acquisitions historically, and they had not turned their attention to non-major acquisitions until more recently.”
“Many component officials said they were still in the process of identifying all of these acquisitions, but it was unclear when they would complete these efforts,” GAO reported, noting, “DHS headquarters had not established time frames for components to do so, which may have resulted in components losing traction in their efforts.”
GAO explained that, “Federal internal controls standards establish that management should obtain relevant data from reliable sources in a timely manner. Another key challenge involves the use of baselines, which establish a program’s critical cost, schedule and performance parameters. Component officials identified 38 non-major acquisitions that were active at the start of Fiscal Year 2017 (as opposed to acquisitions that have been delivered to end users and are considered to be non-active).”
GAO found most of the active non-major acquisitions (23 of 38) have no approved baselines, “and that the value of the acquisitions without baselines constituted nearly half of the total value of the active acquisitions.”
At the beginning of FY 2017, GAO found, “some components did not require approved baselines. However, in response to GAO’s preliminary findings, in February 2017 DHS required component leadership to approve baselines for non-major acquisitions, which should help components oversee them more effectively.”
To address these issues, DHS headquarters has begun to take steps to help components agencies establish more effective management controls for non-major acquisitions.
“In 2015, DHS headquarters officials established a process to review them annually. In February 2017, in response to GAO’s preliminary findings, DHS established that components shall use the annual reviews to assess the extent to which non-major acquisitions are on track to meet cost, schedule and performance parameters from approved baselines,” GAO said, adding, “DHS leadership has also established ongoing reporting requirements for non-major acquisitions. All components have started entering non-major acquisition data into DHS’s central acquisition information system, and headquarters officials are taking steps to improve the reliability of these data."
GAO recommended DHS headquarters establish time frames for components to identify all non-major acquisitions.
DHS concurred with GAO’s recommendation and directed components to identify all non-major acquisitions by October 31.
Similarly, Homeland Security Today reported this past week that as of January 2017, GAO hadfound that 14 of the 26 major DHS acquisition programs deployed capabilities before meeting all key performance parameters (KPP)—the most important requirements that a system must meet.
“As a result,” GAO stated, “DHS may be deploying much-needed capabilities—such as border surveillance equipment and Coast Guard cutters—that do not work as intended. Programs did not meet KPPs for a variety of reasons, such as KPPs were not yet ready to be tested, systems failed to meet KPPs during testing, or KPPs were poorly defined.”
