An audit by the Office of Inspector General (OIG) has determined that the Transportation Security Administration (TSA) has not fully met the requirements of the Implementing Recommendations of the 9/11 Commission Act of 2007 and the TSA Modernization Act – both of which are intended to to develop strategies, programs, regulations, reports, and other initiatives to strengthen transportation security. The audit represented OIG’s first review of the TSA Modernization Act.
According to OIG, “although TSA implemented 167 of the 251 (67 percent) requirements in both Acts, 55 of the 167 (33 percent) were not completed by the Acts’ established deadlines, and TSA did not complete the remaining 84 requirements.” The watchdog found that TSA was unable to complete 33 of these requirements because the actions relied on external stakeholders acting first or depended on conditions outside of TSA’s control.
OIG said the shortfalls occurred for three primary reasons. First, that TSA failed to designate a lead office to establish internal controls, conduct oversight, and provide quality assurance for implementing the legislatively mandated requirements; Second, that TSA did not develop formal policies and procedures to ensure consistency and accountability for implementing the requirements on time; and finally, OIG found that TSA did not plan or develop an effective system to maintain relevant supporting documentation for the Acts’ requirements to help ensure information accuracy, continuity, and record retrieval capability. In addition, the watchdog noted that TSA had difficulty completing some mandates that required lengthy regulatory processes or coordination with and reliance on external Government and industry stakeholders.
The audit also considered overlapping requirements of the two Acts. “Our analysis showed overlapping requirements related to explosives detection canine teams in both Acts,” OIG’s report reads. “For example, Section 1307 of the 9/11 Act directs DHS to increase certified explosives detection canine teams by partnering with other entities to increase training capacity for canine detection teams, as well as procure canines trained by these parties, consistent with TSA’s standards and requirements. Section 1307 also requires DHS to establish criteria, performance standards, and other requirements to ensure third parties’ canine teams are adequately trained and maintained. Sections 1928 and 1941 in the TSA Modernization Act list similar requirements. Section 1928 directs TSA to develop standards for third-party explosives detection canine teams to screen individuals and property.
“Section 1928 requires TSA to periodically assess evaluation centers’ programs for training dogs to ensure canine proficiency. TSA is also to establish processes to oversee the certification program and compliance with standards, as well as to procure third-party explosives detection canines. Section 1941 directs TSA to develop standards for third-party explosives detection canines to screen air cargo and to establish a system to audit TSA’s third-party canine teams’ certification process.”
Despite these overlapping requirements related to canine teams, OIG said TSA did not provide evidence that it maintains correspondence with Congress regarding legislative mandates that are duplicative, challenging, and cannot be completed timely due to external factors.
In relation to the 9/11 Act, OIG found that some requirements had been only partially completed. For example, Section 1533 of the 9/11 Act requires DHS to establish a program to conduct security exercises for bus transportation to assess and improve stakeholders’ capabilities in preventing, preparing for, mitigating, responding to, and recovering from terrorist acts. TSA provided some documentation on its security training and exercise program, but it did not provide evidence showing security exercises were based on current risk assessments or addressed the needs of elderly and those with disabilities, which are part of the requirement.
With regards to the TSA Modernization Act, Section 1919 requires TSA to develop a biometrics report with U.S. Customs and Border Protection. The report should include deployment assessments for biometric technologies, such as the operational and security impact of using biometric technology to identify travelers and potential effects on privacy. According to OIG however, the documentation TSA provided was missing portions of the requirement, such as an estimate of the rate at which fraudulent traveler credentials are rejected and an assessment of the detection percentage of fraudulent identification that could be accomplished using conventional methods.
OIG believes TSA should designate a lead office responsible for establishing internal controls, conducting routine oversight, and providing quality assurance for the implementation of outstanding legislative mandates in the 9/11 Act and TSA Modernization Act, as well as future legislation.
In addition to disagreeing with this recommendation, TSA registered its “significant concerns” regarding some of OIG’s findings. Officials argued that OIG weighed partially completed requirements the same as requirements not completed in the overall analysis, which disregards the totality of TSA’s implementation efforts. TSA also noted that the report failed to recognize efforts to implement requirements despite a lack of funding to carry them out and wanted credit for finding ways to partially fulfill some requirements despite funding challenges. OIG countered that TSA did not provide support for lack of funding during the audit, nor could it provide evidence it had communicated its budget challenges to Congress directly or through the Office of Management and Budget.
TSA asserted it has improved its ability to establish internal controls, conduct oversight to ensure implementation actions are documented, and ensure the quality of its actions to implement legislative mandates. Due to records retention issues for documentation of 9/11 Act requirement implementation, officials stated TSA would not be able to “research and locate the support for completing the earlier requirements prior to the OIG’s next audit,” as suggested in the draft report.
While TSA opposed the designation of a lead office as recommended by OIG, it said leadership will “issue a formal directive of established processes for oversight and monitoring of component implementation of enacted legislation, including designating a lead office for oversight responsibilities, as appropriate”.