As of January 2017, 14 of the 26 major Department of Homeland Security (DHS) acquisition programs deployed capabilities before meeting all key performance parameters (KPP)—the most important requirements that a system must meet, according to a new Government Accountability Office (GAO) audit report.
“As a result,” GAO found, “DHS may be deploying much-needed capabilities—such as border surveillance equipment and Coast Guard cutters—that do not work as intended. Programs did not meet KPPs for a variety of reasons, such as KPPs were not yet ready to be tested, systems failed to meet KPPs during testing, or KPPs were poorly defined.”
GAO said, “Contrary to acquisition best practices, DHS policy requires programs to establish schedule, cost and performance baselines prior to gaining full knowledge about the program’s technical requirements. As a result, DHS programs do not match their needs with available resources before starting product development, which increases programs’ risk for cost growth, schedule slips and inconsistent performance.”
In Fiscal Year 2016, DHS planned to invest about $7 billion in major acquisitions. DHS’s acquisition activities are on GAO’s High Risk List, in part due to program management, requirements and funding issues.
In 2016, GAO explained, “DHS strengthened implementation of its acquisition policy by, for example, focusing on program staffing needs, requiring programs to obtain department-approval for key acquisition documents, and revising the process for when programs breach their cost goals, schedules or KPPs.”
“However,” GAO found, “DHS could better document leadership’s acquisition decisions to improve insight into cases that diverge from policy. For example, DHS approved six programs to proceed through the acquisition life cycle even though required documentation was not comprehensive or had not been approved, as required by DHS’s policy. Senior DHS officials told GAO these decisions were also based on discussions held at the programs’ formal acquisition reviews, but these considerations were not documented. Federal internal control standards require clear documentation of significant events. DHS leadership’s decisions may be reasonable, but unless these decisions are documented, insight for internal and external stakeholders is limited.”
“Furthermore, no programs reported a performance breach, even though some programs had not met KPPs,” GAO reported, adding, “DHS’s policy is not clear on how to determine whether a performance breach has occurred. As a result, DHS lacks insight into potential causes of performance issues that may contribute to poor outcomes.”
GAO recommended that DHS should ensure programs define technical requirements before setting baselines; document rationale for key acquisition decisions; and clarify when not meeting KPPs constitutes a breach.
DHS concurred with GAO’s recommendations.
GAO noted that, “For the first time since GAO began its annual assessments of DHS’s major acquisitions, all 26 programs that were reviewed had a department-approved baseline. During 2016, over half of the programs reviewed (17 of the 26) were on track to meet their initial or revised schedule and cost goals. However, 7 of these 17 programs only recently established baselines, 6 of which operated for several years and deployed capabilities without approved baselines. The remaining 9 programs experienced schedule slips, including 4 that also experienced cost growth.”
“It is good GAO does this report because it keeps the appropriate oversight pressure on very important acquisition programs at DHS,” former DHS chief procurement officer Nick Nayak told Homeland Security Today, noting, “Many of the acquisition programs at DHS are very complicated, and baselines change because requirements change over time.”
Nayak explained that, “All [of GAO’s] recommendations are pretty vanilla and apply to any acquisition anywhere in government — write a good requirement and document success.”
“The biggest risk,” Nayak said, “is if the DHS acquisition workforce is inappropriately staffed.”