Summary
The Department of Homeland Security (DHS) plans to establish a program to strengthen management of the pre-entry, entry, status, and exit of foreign nationals who travel to the United States. The goals of the program, known as the United States Visitor and Immigrant Status Indicator Technology (US-VISIT), are to facilitate legitimate trade and travel, enhance national security, and adhere to U.S. privacy laws and policies. By congressional mandate, DHS is to develop and submit for approval an expenditure plan for US-VISIT that satisfies certain conditions, including being reviewed by GAO. GAO was asked to determine, among other things, whether the plan satisfies these conditions and to provide observations about the plan and DHS's management of the program.
DHS's fiscal year 2003 US-VISIT expenditure plan and related documentation partially satisfied the conditions imposed by the Congress, which include meeting the capital planning and investment control review requirements of the Office of Management and Budget (OMB). For example, DHS fulfilled the OMB requirement that agencies state whether projects are approved by investment review boards and reviewed by Chief Financial and Procurement Officers; the plan was conditionally approved by DHS's review board, which includes DHS's Chief Financial and Procurement Officers. On the other hand, OMB guidance requires that agency plans summarize life cycle costs and include a cost/benefit analysis that covers return on investment. DHS has not yet established a date and plan for developing these for US-VISIT, although program officials stated that they intend to do so. GAO also identified 10 factors affecting US-VISIT and concluded that the program is a very risky endeavor. Some risk factors are inherent to the program, such as its mission criticality, its size and complexity, and its enormous potential costs. Others, however, arise from the program's relatively immature state of governance and management. For example, although the program has governmentwide scope, an accountable governance structure to direct and oversee the program that reflects this scope is not yet established. In addition, a US-VISIT program management capability has yet to be established, important aspects defining the program's operating environment are not decided, facility needs are unclear and challenging, and the mission value to be derived from the program's initial operating capability is unknown. Because of the risk factors, GAO concluded that it is uncertain that US-VISIT will be able to measurably and appreciably achieve DHS's stated goals for the program. Further, DHS's near-term investment in the program is at risk of not delivering promised capabilities on time and within budget and not producing mission value commensurate with investment costs.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change
from "In process" to "Implemented" or "Not implemented" based on our follow up work.
Director:
Team:
Phone:
Randolph C. Hite
Government Accountability Office: Information Technology
(202) 512-6256
Recommendations for Executive Action
Recommendation: To address US-VISIT as a governmentwide program and to minimize the risks facing the program, the Secretary of Homeland Security, in collaboration with cabinet officials from US-VISIT stakeholder departments and agencies, should establish and charter an executive body, chaired by the Secretary's designee, potentially co-chaired by the leadership from key stakeholder departments and agencies, and composed of appropriate senior-level representatives from DHS and each stakeholder organization, to guide and direct the US-VISIT program.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: The Department of Homeland Security (DHS) has established a three-entity governance structure for the US-VISIT program. The three entities are the Homeland Security Council (HSC), the DHS Investment Review Board (IRB), and the US-VISIT Federal Stakeholders Advisory Board. The HSC helps to set policy boundaries for the US-VISIT program and the IRB is to monitor the US-VISIT program's achievement of cost, schedule, and performance goals. The Advisory Board is chaired by the Under Secretary for Border and Transportation Security and is composed of representatives from key US-VISIT stakeholder organizations. Among other things, the Board provides advice on the overarching US-VISIT vision and recommends changes to the US-VISIT vision and strategic direction. The Board has met several times since it was chartered in January 2004.
Recommendation: To address US-VISIT as a governmentwide program and to minimize the risks facing the program, the Secretary of Homeland Security, in collaboration with cabinet officials from US-VISIT stakeholder departments and agencies, should direct this executive body to immediately take steps to (1) ensure that the human capital and financial resources are expeditiously provided to establish a fully functional and effective US-VISIT program office and associated management capability, (2) clarify the operational context within which US-VISIT must operate, and (3) decide whether proposed US-VISIT increments will produce mission value commensurate with costs and risks and disclose to the Congress planned actions based on this body's decisions.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: The program office has taken actions that are consistent with our recommendation, and more actions are underway or planned, which, if effectively executed, should largely satisfy the recommendation's intent. For example, the program office has been established, the program office has revised its Human Capital Plan to feature, among other things, a Human Capital and Training Branch responsible for leading an integrated US-VISIT human capital planning project team, and the program office has received about $1.4 billion in funding, of which we recently reported a sizeable proportion has been devoted to program office and related management activities. Also, DHS continues to evolve its operational context, as evidenced by our recent reports noting that DHS' 2006 enterprise architecture has evolved beyond prior versions and US-VISIT included in its fiscal year 2007 expenditure plan an appendix titled "Comprehensive Strategic Plan for US-VISIT," which conceptually describes some aspects of an overall vision for immigration and border management across multiple departments and external stakeholders with common objectives, strategies, processes, and infrastructures. Further, the program office has expanded its ability to determine the value of US-VISIT investments relative to costs and risks, including for example, improving its cost estimation capabilities by establishing a Cost Process Action Team to refine the program's cost analysis policies and procedures, defining a cost estimation and analysis process, and acquiring professional services in the areas of life-cycle cost modeling and independent cost analysis. In addition, it plans to further strengthen the methodologies and tools for developing business cases. As a result, we are closing this recommendations as having been largely implemented.
Recommendation: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately defining program office positional roles, responsibilities, and relationships.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: US-VISIT has developed charters for its nine component offices that include roles and responsibilities for each. For example, the Acquisition and Program Management Office is responsible, among other things, for establishing acquisition and program management policies and developing policies and procedures for guidance and oversight of systems development and implementation activities. The program has also defined a set of core competencies (knowledge, skills, and abilities) for each position. For example, it has defined critical competencies for program and management analysts that include, among others, flexibility, interpersonal skills, organizational awareness, oral communication, problem solving, and teamwork.
Recommendation: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately developing and implementing a human capital strategy that provides for staffing these positions with individuals who have the requisite core competencies (knowledge, skills, and abilities).
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: The program office has taken actions that are consistent with our recommendation, and more actions are underway or planned, which, if executed effectively, should largely satisfy the recommendation's intent. For example, the program office has revised its Human Capital Plan that provides for, among other things, staffing positions with individuals that have the requisite core competencies for each of its government positions. Additionally, the program office is aggressively recruiting to fill all of its current vacant government positions. According to program officials, measures taken to expedite recruitment processing, such as submission of position classification requests upon notification of an employee's departure, have significantly reduced the amount of time positions remain vacant. As a result, we are closing this recommendation as having been largely implemented.
Recommendation: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately developing and implementing a plan for satisfying key SEI acquisition management controls, to include acquisition planning, solicitation, requirements development and management, project management, contractor tracking and oversight, evaluation, and transition to support.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: The program office has continued to take actions that are consistent with our recommendation, and more activities are underway or planned, which if effectively executed should largely satisfy this recommendation's intent. In May 2005, the program office developed a plan for satisfying SEI acquisition management guidance and began implementing it. In April 2006, the program office updated its plan to focus on six key process areas: acquisition project planning, requirements management, project monitoring and control, risk management, configuration management, and product and process quality assurance. In March 2007, the program office reported that it has made progress in implementing the 113 practices associated with these six key process areas; 83 percent of key practices are now either fully or largely implemented, up from 26 percent in August 2005. Further, the 2007 CMMI implementation plan update provides a road map for continuing to improve in the above areas as well as addressing additional areas, such as solicitation and transition to support. Also, contract tracking and oversight improvements are underway, such as instituting use of oversight plans for each task order and developing requirements for reimbursable contracts. As a result, we are closing this recommendation as having been largely implemented.
Recommendation: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately developing and implementing a risk management plan and ensuring that all high risks and their status are reported regularly to the executive body.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: The program office has continued to take actions that are consistent with our recommendation, and more activities are underway or planned, which if effectively executed should largely satisfy this recommendation's intent. For example, it has approved a risk management plan and put into place a risk management process that includes, among other things, subprocesses for identifying, analyzing, managing, and monitoring risk. The program office has also defined and begun implementing a governance structure to oversee and manage the process, maintains a risk database that is available to program management and staff, and has provided risk management training classes to its personnel. Finally, the program office plans to report risks to the National Programs and Preparedness Directorate. As a result, we are closing this recommendation as being largely implemented.
Recommendation: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately defining performance standards for each US-VISIT system increment that are measurable and reflect the limitations imposed by relying on existing systems for these system increments.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: The program office has continued to take actions that are consistent with our recommendation, and more activities are underway or planned, which if effectively executed should largely satisfy this recommendation's intent. For example, the program office has selected tools to support database management, application management, enterprise management console, event/fault management, capacity planning, and performance management. Furthermore, the program office is defining performance measures and limitations imposed by external systems. For example, the Enterprise Modeling Team Working Group is developing a baseline context model, which uses IDENT historical data to predict system response time and how increased transaction volumes affect it, and it is utilizing other tools to simulate and predict response times, load/capacity volumes, and system response. As a result, we are closing this recommendation as having been largely implemented.
Recommendation: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately developing an analysis of incremental program costs, benefits, and risks, and providing this analysis to the executive body, to assist it in the body's deliberations and decision making.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: The program office has continued to take actions that are consistent with our recommendation, and more activities are underway or planned, which if effectively executed should largely satisfy this recommendation's intent. For example, it has developed analyses of costs, risks, and benefits (business cases) for several projects, including Increments 1B, 2B, and Unique Identity. In addition, the program office has expanded its ability to determine the value of US-VISIT investments relative to costs and risks. For example, it has improved its cost estimation capabilities by establishing a Cost Process Action Team to refine the program's cost analysis policies and procedures, define a cost estimation and analysis process, and the acquire professional services in the areas of life cycle cost modeling and independent cost analysis. In addition, it plans to further strengthen the methodologies and tools for developing analyses involving costs, benefits, and risks. As a result, we are closing this recommendation as having been largely implemented.
