GAO-07-504T, Secure Border Initiative: SBInet Planning and Management Improvements Needed to Control Risks


This is the accessible text file for GAO report number GAO-07-504T 
entitled 'Secure Border Initiative: SBInet Planning and Management 
Improvements Needed to Control Risks' which was released on February 
28, 2007. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony before the Subcommittee on Homeland Security, Committee on 
Appropriations, House of Representatives: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 3:00 p.m. EST: 

Tuesday, February 27, 2007: 

Secure Border Initiative: 

SBInet Planning and Management Improvements Needed to Control Risks: 

Statement of Richard M. Stana, Director: 
Homeland Security and Justice Issues: 
Randolph C. Hite, Director: 
Information Technology Architecture and Systems Issues: 

GAO-07-504T: 

GAO Highlights: 

Highlights of GAO-07-504T, a testimony before the Subcommittee on 
Homeland Security, Committee on Appropriations, House of 
Representatives 

Why GAO Did This Study: 

This testimony summarizes GAO’s February 2007 report on SBInet, one 
element of the Department of Homeland Security’s (DHS) Secure Border 
Initiative (SBI). SBInet is responsible for developing a comprehensive 
border protection system. By legislative mandate, GAO reviewed SBInet’s 
fiscal year 2007 expenditure plan. This testimony focuses on (1) the 
extent that the plan provided explicit and measurable commitments 
relative to schedule and costs, (2) how DHS is following federal 
acquisition regulations and management best practices, and (3) 
concurrency in SBInet’s schedule. GAO assessed the plan against federal 
guidelines and industry standards and interviewed program officials. 

What GAO Found: 

SBInet’s December 2006 expenditure plan offered a high-level and 
partial outline of a large and complex program that forms an integral 
component of the broader multiyear initiative. However, the SBInet 
expenditure plan, including related documentation and program 
officials’ statements, lacked specificity on such things as planned 
activities and milestones, anticipated costs and staffing levels, and 
expected mission outcomes. This, coupled with the large cost and 
ambitious time frames, adds risk to the program. Without sufficient and 
reliable information on program goals, status and results, Congress and 
DHS are not in the best position to use the plan as a basis for 
assessing program outcomes, accounting for the use of current and 
future appropriations, and holding program managers accountable for 
achieving effective control of the border. 

As of December 2006, SBInet was using, at least to some extent 
acquisition best practices, but DHS had not fully established the range 
of capabilities needed to effectively mitigate risks and to 
successfully manage the program. To its credit, the SBInet contract was 
generally competed in accordance with federal requirements. However, 
the SBInet contract does not fully satisfy the federal regulatory 
requirement to specify a maximum dollar value or the number of units 
that may be ordered. We also reported that important management 
controls provided for in Office of Management and Budget (OMB) guidance 
and best practices were not yet in place, although the program manager 
stated that he was committed to doing so. Until they are in place, the 
program is at increased risk of failure. 

DHS’s plan to execute SBInet activities through a series of concurrent 
task orders introduces additional risk. With multiple related and 
dependent projects being undertaken simultaneously, SBInet is exposed 
to possible cost and schedule overruns and performance problems. 
Without assessing this level of concurrency and how it affects project 
implementation, SBInet runs the risk of not delivering promised 
capabilities and benefits on time and within budget. SBI and SBInet 
officials told us that they understand the risks inherent in 
concurrency and are addressing these risks. However, as of December 
2006, they had not provided evidence that identified the dependencies 
among their concurrent activities and that they were proactively 
managing the associated risk. 

What GAO Recommends: 

GAO recommended that DHS 
(1) ensure that future expenditure plans include explicit and 
measurable commitments relative to the capabilities, schedule, costs, 
and benefits associated with individual SBInet program activities; (2) 
modify the SBInet contract to include a maximum quantity or dollar 
value; and (3) re-examine the level of concurrency and appropriately 
adjust the acquisition strategy. DHS concurred with the first and third 
recommendations, but not the second. DHS stated that the contract 
already contains a maximum quantity. GAO disagrees and believes DHS 
needs to modify the contract to ensure that it is consistent with 
regulations. 

[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-504T]. 

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact Rich Stana at (202) 512-
8816 or stanar@gao.gov, or Randy Hite at (202) 512-3439 or 
hiter@gao.gov. 

[End of section] 

United States Government Accountability Office: 

Washington, DC 20548: 

Mr. Chairman and Members of the Subcommittee: 

We are pleased to be here today to discuss the Secure Border 
Initiative's SBInet program's planning and management challenges. 

In November 2005, the Department of Homeland Security (DHS) established 
the Secure Border Initiative (SBI), a multiyear, multibillion dollar 
program aimed at securing U.S. borders and reducing illegal 
immigration. One element of SBI is SBInet, the program responsible for 
developing a comprehensive border protection system. DHS estimates that 
the total cost for completing the acquisition phase for the southwest 
border is $7.6 billion from fiscal years 2007 through 2011. Of this 
total, approximately $5.1 billion is for the design, development, 
integration, and deployment of fencing, roads, vehicle barriers, 
sensors, radar units, and command, control, and communications and 
other equipment, and $2.5 billion is for integrated logistics and 
operations support during the acquisition phase for the southwest 
border. According to DHS, work on the northern border is not projected 
to begin before fiscal year 2009. 

The Department of Homeland Security Appropriations Act, 2007, required 
DHS to submit to Congress an expenditure plan to establish a security 
barrier along the border of the United States composed of fencing and 
vehicle barriers and other forms of tactical infrastructure and 
technology.[Footnote 1] This plan was to address nine legislative 
conditions and was submitted to Congress on December 4, 2006. As 
required by the act, we reviewed the expenditure plan, and found that 
the plan, including related documentation and program officials' 
statements, satisfied four legislative conditions, partially satisfied 
four legislative conditions, and did not satisfy one legislative 
condition.[Footnote 2] See appendix I for a summary of the legislative 
conditions and to what extent they were satisfied. 

The legislatively mandated expenditure plan for SBInet is a 
congressional oversight mechanism aimed at ensuring that planned 
expenditures are justified, performance against plans is measured, and 
accountability for results is ensured. Although the program is in its 
early stages, a comprehensive expenditure plan is intended to provide 
Congress with the information needed to effectively oversee the program 
and hold DHS accountable for program results. Effective program 
planning and execution require a range of management controls. These 
controls, which are carved out in federal requirements and best 
practices, are instrumental in minimizing a program's exposure to cost, 
schedule, and performance risks. Without adequate management controls, 
there is increased risk that SBInet will not produce the right 
solution, not be managed the right way, and not be implemented within 
cost estimates. 

Our testimony today is based on our recent report for the House and 
Senate Appropriations Committees on the fiscal year 2007 SBInet 
expenditure plan. It focuses on the following issues: 

* the extent to which the expenditure plan and related documentation 
provided explicit and measurable commitments relative to schedule and 
costs, 

* how DHS defined and is following federal acquisition requirements and 
program management best practices, and: 

* the concurrency in SBInet's program schedule. 

To accomplish our objectives, we analyzed the SBInet December 2006 
expenditure plan and supporting documentation. We also interviewed 
cognizant program officials and contractors. We did not review the 
justification for cost estimates included in the expenditure plan. We 
conducted our work at DHS's U.S. Customs and Border Protection (CBP) 
headquarters in the Washington, D.C., metropolitan area from October 
2006 through December 2006, in accordance with generally accepted 
government auditing standards. 

Summary: 

SBInet's December 2006 expenditure plan offered a high-level and 
partial outline of a large and complex program that is to form an 
integral component of the broader multiyear initiative. However, the 
SBInet expenditure plan, including related documentation and program 
officials' statements, lacked specificity on such key things as planned 
activities and milestones, anticipated costs and staffing levels, and 
expected mission outcomes. This, coupled with the large cost and 
ambitious time frames, adds considerable risk to the program. Without 
sufficient and reliable information on program goals, status and 
results, Congress and DHS are not in the best position to use the plan 
as a basis for assessing program outcomes, accounting for the use of 
current and future appropriations, and holding program managers 
accountable for achieving effective control of the border. 

As of December 2006, SBInet was using, at least to some extent 
acquisition best practices, but DHS had not fully established the range 
of capabilities needed to effectively mitigate risks and to 
successfully manage the program, as defined by federal acquisition 
requirements and associated best practices, and in legislative 
requirements relative to the Office of Management and Budget (OMB) 
Circular A-11 guidance. The SBInet contract was generally competed in 
accordance with federal requirements; however, the contract does not 
fully satisfy the federal regulatory requirement to specify a maximum 
dollar value or the number of units that may be ordered. We also 
reported that important management controls provided for in OMB 
guidance and best practices were not yet in place, although the program 
manager stated that he was committed to doing so. Until they are in 
place, the program is at increased risk of failure. 

DHS's plan to execute SBInet activities through a series of concurrent 
task orders introduces additional risk. With multiple related and 
dependent projects being undertaken simultaneously, SBInet is exposed 
to possible cost and schedule overruns and performance problems. 
Without assessing this level of concurrency and how it affects project 
implementation, SBInet runs the risk of not delivering promised 
capabilities and benefits on time and within budget. SBI and SBInet 
officials told us that they understand the risks inherent in 
concurrency and are addressing them. However, as of December 2006, they 
had not provided evidence that identified the dependencies among their 
concurrent activities and that they were proactively managing the 
associated risk. 

We made three recommendations to help ensure that Congress has the 
information necessary to effectively oversee SBInet and hold DHS 
accountable for program results, and to help DHS manage the SBInet 
program and ensure that future SBInet expenditure plans meet the 
legislative requirements. Specifically, we recommended that DHS (1) 
ensure that future expenditure plans include explicit and measurable 
commitments relative to the capabilities, schedule, costs, and benefits 
associated with individual SBInet program activities; (2) modify the 
SBInet systems integration contract to include a maximum quantity or 
dollar value; and (3) re-examine the level of concurrency and 
appropriately adjust the acquisition strategy. DHS concurred with the 
first and third recommendations, but not the second. DHS stated that 
the contract language discussed above is sufficient to meet regulation 
requirements. We disagree and believe DHS needs to modify the contract 
to ensure that it is consistent with regulations. 

Background: 

SBI is a comprehensive, multiyear, multibillion dollar program 
established in November 2005 by the Secretary of Homeland Security to 
secure U.S. borders and reduce illegal immigration. SBI's mission is to 
promote border security strategies that help protect against and 
prevent terrorist attacks and other transnational crimes. Elements of 
SBI will be carried out by several organizations within DHS. One 
element of SBI is SBInet, the program within CBP that is responsible 
for developing a comprehensive border protection system. The SBInet 
program is managed by the SBInet Program Management Office (PMO). The 
PMO reports to the CBP SBI Program Executive Director. 

SBInet is a large and complex program that is responsible for leading 
the effort to ensure that the proper mix of personnel, tactical 
infrastructure, rapid response capability, and technology is deployed 
along the border. DHS defines control of the U.S. border as the ability 
to detect illegal entries into the United States, identify and classify 
these entries to determine the level of threat involved, efficiently 
and effectively respond to these entries, and bring events to a 
satisfactory law enforcement resolution. SBInet's initial focus will be 
on the southwest border investments and areas between ports of entry 
that CBP has designated as having the highest need for enhanced border 
security due to serious vulnerabilities. 

In September 2006, CBP awarded an indefinite delivery/indefinite 
quantity systems integration contract for 3 years, with three 
additional 1-year options. The minimum dollar amount is $2 million; the 
maximum is stated as "the full panoply of supplies and services to 
provide 6,000 miles of secure U.S. border." According to DHS, the 
SBInet solution is to include a variety of sensors, communications 
systems, information technology, tactical infrastructure (roads, 
barriers, and fencing), and command and control capabilities to enhance 
situational awareness of the responding officers. The solution is also 
to include the development of a common operating picture that provides 
uniform data, through a command center environment, to all DHS agencies 
and is interoperable with stakeholders external to DHS. See figure 1 
for examples of existing technology along the border. 

Figure 1: Existing Technology along the Border: 

[See PDF for image] 

Source: CBP. 

[End of figure] 

SBInet Documentation Includes General Program Information but Lacks 
Detailed Implementation Plans: 

Our statement will now focus on what type of information DHS has 
provided on explicit and measurable commitments relative to schedule 
and costs. 

The SBInet expenditure plan included general cost information for 
proposed activities and some associated milestone information. DHS 
estimates that the total cost for completing the acquisition phase for 
the southwest border is $7.6 billion for fiscal years 2007 through 
2011. Of this total, approximately $5.1 billion is for the design, 
development, integration, and deployment of fencing, roads, vehicle 
barriers, sensors, radar units, and command, control, and 
communications and other equipment, and $2.5 billion is for integrated 
logistics and operations support during the acquisition phase for the 
southwest border. In addition, the SBInet expenditure plan and related 
documentation discussed generally how approximately $1.5 billion 
already appropriated will be allocated to SBInet activities (see table 
1). For example, about $790 million is allocated for the Tucson Border 
Patrol sector and $260 million for the Yuma sector in Arizona.[Footnote 
3] 

Table 1: 1 SBInet Funding Allocations Fiscal Years, 2005-2007 (dollars 
in thousands): 

Activity: Management task order; 
2005: $36,800; 
2006 supplemental[A]:[Empty]; 
2007: $13,066; 
Total: $49,866. 

Activity: Project 28; 
2005:[Empty]; 
2006 supplemental[A]: $20,000; 
2007:[Empty]; 
Total: 20,000. 

Activity: Common operating picture; 
2005:[Empty]; 
2006 supplemental[A]:[Empty]; 
2007: 100,000; 
Total: 100,000. 

Activity: Tucson sector; 
2005:[Empty]; 
2006 supplemental[A]: 60,000; 
2007: 729,359; 
Total: 789,359. 

Activity: Yuma sector; 
2005:[Empty]; 
2006 supplemental[A]: 204,609; 
2007: 55,075; 
Total: 259,684. 

Activity: Yuma and Tucson tactical infrastructure; 
2005:[Empty]; 
2006 supplemental[A]: 24,391; 
2007:[Empty]; 
Total: 24,391. 

Activity: Tactical infrastructure western Arizona; 
2005:[Empty]; 
2006 supplemental[A]:[Empty]; 
2007: 57,823; 
Total: 57,823. 

Activity: Texas mobile system; 
2005:[Empty]; 
2006 supplemental[A]:[Empty]; 
2007: 20,000; 
Total: 20,000. 

Activity: San Diego fence; 
2005:[Empty]; 
2006 supplemental[A]:[Empty]; 
2007: 30,500; 
Total: 30,500. 

Activity: Advanced technology development; 
2005:[Empty]; 
2006 supplemental[A]: 10,000; 
2007:[Empty]; 
Total: 10,000. 

Activity: Systems engineering support; 
2005:[Empty]; 
2006 supplemental[A]: 6,000; 
2007: 6,000; 
Total: 12,000. 

Activity: Program Management Office support; 
2005:[Empty]; 
2006 supplemental[A]:[Empty]; 
2007: 55,000; 
Total: 55,000. 

Activity: Environmental requirements; 
2005:[Empty]; 
2006 supplemental[A]:[Empty]; 
2007: 61,000; 
Total: 61,000. 

Activity: Other[B]; 
2005:[Empty]; 
2006 supplemental[A]:[Empty]; 
2007: 59,742; 
Total: 59,742. 

Total; 
2005: $36,800; 
2006 supplemental[A]: $325,000; 
2007: $1,187,565; 
Total: $1,549,365. 

Source: GAO analysis of SBInet December 2006 Expenditure Plan. 

[A] According to DHS officials, no fiscal year 2006 funds were 
allocated to SBInet activities. 

[B] Other includes activities related to test and evaluation, 
deployment and installation, and integrated logistics support. 

[End of table] 

The expenditure plan also includes certain milestones, such as starting 
and ending dates, for some but not all activities. For example, 
consistent with DHS's task order approach to managing SBInet's 
implementation, the task order for Project 28 includes detailed 
milestones.[Footnote 4] In other cases, such as the Tucson and Yuma 
sector activities, milestones and costs are preliminary and highly 
likely to change because they are still in the planning and requirement 
setting stage. According to SBInet officials, factors such as 
technological, environmental, and eminent domain constraints can affect 
the timetables and costs of these activities. Figure 2 illustrates the 
extent to which milestones were defined for selected activities. 

Figure 2: Timeline by Selected Project, as of December 2006: 

[See PDF for image] 

Source: SBInet supporting documentation. 

[End of figure] 

Despite including general cost information for proposed activities and 
some associated milestone information, the expenditure plan and related 
documentation did not include sufficient details about what will be 
done, the milestones involved, the performance capability expected, and 
the costs for implementing the program. For example, although the plan 
stated that about $790 million will be spent in the Tucson sector for 
such elements as fencing, ground sensors, radars, cameras, and fixed 
and mobile towers, the plan did not specify how the funds will be 
allocated by element and did not provide specific dates for 
implementation. According to DHS, each task order will define what will 
be done, when, the performance capability, and the total cost. 

The expenditure plan did not include costs incurred to date mainly 
because SBInet activities are in the early stages of implementation and 
costs had not yet been captured by DHS's accounting system (e.g., the 
SBInet systems integration contract was awarded in September 2006 and 
the first two task orders were awarded in September and October 2006). 
Moreover, the expenditure plan did not include a baseline measure of 
miles under control of the border.[Footnote 5] While the plan did not 
discuss progress made to date by the program to obtain control of the 
border, related program documents, such as the bimonthly SBI reports to 
Congress, included information on the number of miles under control in 
the southwest border.[Footnote 6] 

SBInet Has Followed Some but Not All Federal Acquisition Requirements 
and Related Best Practices: 

Our statement will now focus on DHS's use of federal acquisition 
requirements and related program management best practices. 

As of December 2006, SBInet was using several acquisition best 
practices. The extent to which these practices were in use varied, and 
outcomes were dependent on successful implementation. Specifically, 
SBInet was using several of the best practices or "Guiding Principles" 
in DHS Management Directive 1400, such as conducting a competition open 
to all qualified suppliers to award the systems integration contract, 
and using a performance-based approach where the agency identified the 
outcome it was seeking to achieve and allowed the competing companies 
to propose their specific solutions. SBInet plans to use a system for 
comparing costs incurred with progress achieved known as earned value 
management (EVM). 

However, we reported that the SBInet systems integration contract did 
fully satisfy an acquisition requirement to contain a specific number 
of units that may be ordered or a maximum dollar value. According to 
the Federal Acquisition Regulation (FAR), an agency may use an 
indefinite delivery/indefinite quantity contract, such as that used for 
SBInet, when it is not possible to determine in advance the precise 
quantities of goods or services that may be required during performance 
of the contract. Though these types of contracts are indefinite, they 
are not open-ended. The FAR requires that indefinite quantity contracts 
contain a limit on the supplies or services that may be ordered, stated 
in terms of either units or dollars. This limit serves a variety of 
purposes, including establishing the maximum financial obligation of 
the parties. According to DHS, the quantity stated in the contract, 
"6,000 miles of secure U.S. border," is measurable and is therefore the 
most appropriate approach to defining the contract ceiling. We do not 
agree because the contract maximum used in the SBInet contract, "the 
full panoply of supplies and services to provide 6,000 miles of secure 
U.S. border," does not allow anyone to calculate with certainty what 
the maximum financial obligation of the parties might turn out to be 
since the contract does not make clear the total amount of supplies or 
services that would be required to secure even 1 mile of U.S. border. 
In order to ensure that the contract is consistent with the FAR 
requirement, a maximum quantity or dollar value limit needs to be 
included in the contract. 

Managing major programs like SBInet also requires applying discipline 
and rigor when acquiring and accounting for systems and services, such 
as those requirements and practices embodied in OMB and related 
guidance. Our work and other best practice research have shown that 
applying such rigorous management practices improves the likelihood of 
delivering expected capabilities on time and within budget. In other 
words, the quality of information technology (IT) systems and services 
is largely governed by the quality of the management processes involved 
in acquiring and managing them. Some of these processes and practices 
are embodied in the Software Engineering Institute's (SEI) Capability 
Maturity Models®, which define, among other things, acquisition process 
management controls that, if implemented effectively, can greatly 
increase the chances of acquiring systems that provide promised 
capabilities on time and within budget. Other practices are captured in 
OMB guidance, which establishes requirements for planning, budgeting, 
acquisition, and management of federal capital assets. 

As of December 2006, the SBInet program office had not fully defined 
and implemented critical acquisition processes, such as project 
planning, process and product quality assurance, measurement and 
analysis, and requirements management.[Footnote 7] To its credit, the 
program office has developed and begun implementing a draft risk 
management plan, dated September 29, 2006. The draft plan addresses, 
among other things, a process for identifying, analyzing, mitigating, 
tracking, and controlling risks. As part of this process, the program 
office developed a risk management database that identifies for each 
risk, among other things, the status, priority, probability of 
occurrence, the overall impact, consequence, and a mitigation strategy. 
The program office also established a governance structure, which 
includes a Risk Review Board (RRB) that is chaired by the SBInet 
Program Manager. According to the SBInet Risk Manager, a draft RRB 
charter has been developed. 

SBInet had not yet implemented other key management practices, such as 
developing and implementing a system security plan, employing an EVM 
system to help manage and control program cost and schedule, and 
following capital planning and investment control review requirements 
to help ensure that agencies investments achieve a maximum return on 
investment. According to a SBInet program office security specialist, 
as of December 2006, the program office had not developed a system 
security plan because it was too early in the system development life 
cycle. He stated that a plan is to be developed as part of the system 
certification and accreditation process. Regarding EVM, the program 
office is relying on the prime integrator's EVM system to manage the 
prime contractor's progress against cost and schedule goals. The prime 
integrator's system has been independently certified as meeting 
established standards. However, the EVM system had not been fully 
implemented because, as of December 2006, the baselines against which 
progress can be measured for the two task orders that had been issued, 
as of early December (program management and Project 28) had not yet 
been established. According to program officials, these baselines were 
to be established for the program management task order and the Project 
28 task order in mid-December 2006 and mid-January 2007, respectively. 
Further, it is unclear where SBInet is in the DHS capital planning and 
investment control review process. The SBInet expenditure plan did not 
describe the status of the program in the review process, but indicated 
that it is being managed using the DHS framework. However, a SBInet DHS 
Joint Requirements Council and Investment Review Board briefing 
document for fiscal year 2007, dated November 22, 2006, indicates that 
the program office plans to implement the review process on an annual 
basis. According to the SBInet Program Manager, SBInet projects are at 
various stages in the acquisition life cycle. As a result, the program 
office plans to combine multiple projects into a single decision 
milestone for purposes of investment review that is to occur on, at 
least, an annual basis. 

According to the SBInet Program Manager, the program had not fully 
defined and implemented critical management practices because priority 
was given to meeting an accelerated program implementation schedule. 
However, he stated that he was committed to putting these processes in 
place and further stated that the program plans to develop a plan for 
defining and implementing critical acquisition planning processes by 
the spring of 2007. Until the program office fully defines and 
implements these key program management practices, its efforts to 
acquire, deploy, operate, and maintain program capabilities will be at 
a higher risk of not producing promised performance levels and 
associated benefits on time and within budget. 

SBInet's Acquisition Approach Calls for Considerable Concurrency that 
Introduces Additional Risk: 

The SBInet PMO plans to execute SBInet activities through a series of 
concurrent task orders that will be managed by a mix of government and 
contractor staff. The PMO plans to nearly triple its current workforce, 
from about 100 to 270 personnel, by September 2007 in order to support 
and oversee this series of concurrent task orders. As of December 2006, 
SBInet personnel included 38 government employees and 60 contractor 
staff. By September 2007, personnel levels are projected to reach 113 
government employees and 157 contractors. As of December 2006, SBInet 
officials told us that they have assigned lead staff for the task 
orders that have been awarded. However, SBI and SBInet officials 
expressed concerns about difficulties in finding an adequate number of 
staff with the required expertise to support planned activities. 
Staffing shortfalls could limit government oversight efforts. 

As shown in figure 2, SBInet's acquisition approach calls for 
considerable concurrency among related planned tasks and activities. 
For example, according to DHS, lessons learned from the Project 28 task 
order are to be incorporated in the sector task orders. However, the 
task orders for the other sectors will be awarded prior to the 
completion and evaluation of Project 28. The program management task 
order is also to establish the capabilities to manage and oversee all 
of the other task orders. The risk of concurrency is further increased 
because, as discussed earlier, DHS does not have all the management 
processes in place to mitigate the risk and successfully manage the 
program. The greater the degree of concurrency among related and 
dependent program tasks and activities, the greater a program's 
exposure to cost, schedule, and performance risks. SBI and SBInet 
officials told us that they understand the risks inherent in 
concurrency and are addressing these risks. However, as of December 
2006, they had not provided evidence that identified the dependencies 
among their concurrent activities and that they were proactively 
managing the associated risk. 

Conclusions, Recommendations for Executive Action, and Agency Response: 

The legislatively mandated expenditure plan for SBInet is a 
congressional oversight mechanism aimed at ensuring that planned 
expenditures are justified, performance against plans is measured, and 
accountability for results is ensured. We found that Congress and DHS 
are not in the best position to use the plan as a basis for measuring 
program success, accounting for the use of current and future 
appropriations, and holding program managers accountable for achieving 
effective control of the southwest border because the plan has not 
provided information on explicit and measurable commitments relative to 
the capabilities, schedule, costs, and benefits associated with 
individual SBInet program activities. Specifically, DHS needs to 
provide sufficient details on such things as planned activities and 
milestones, anticipated costs and staffing levels, and expected mission 
outcomes. DHS also needs to document that planned SBInet expenditures 
are justified, performance against plans is measured, and 
accountability for results is ensured. We recommended that DHS ensure 
that future expenditure plans include explicit and measurable 
commitments relative to the capabilities, schedule, costs, and benefits 
associated with individual SBInet program activities. 

DHS has not fully established the capabilities needed to effectively 
mitigate risks and to successfully manage the program. We reported that 
although the SBInet contract was generally competed in accordance with 
federal requirements, the contract does not fully satisfy federal 
regulations. Under the FAR, indefinite quantity contracts such as the 
SBInet contract must contain the specific number of units that may be 
ordered or a maximum dollar value. However, the SBInet contract merely 
contains the maximum number of miles to be secured. While SBInet 
officials consider this sufficient to satisfy the FAR requirement, a 
maximum quantity expressed in units other than the overall outcome to 
be achieved or expressed as a dollar value limit would help ensure that 
the contract is consistent with this requirement. We recommended that 
DHS modify the SBInet systems integration contract to include a maximum 
quantity or dollar value. 

DHS's approach to SBInet introduces additional risk because the 
program's schedule entails a high level of concurrency. With multiple 
related and dependent projects being undertaken simultaneously, SBInet 
is exposed to possible cost and schedule overruns and performance 
problems. Without assessing this level of concurrency and how it 
affects project implementation, SBInet runs the risk of not delivering 
promised capabilities and benefits on time and within budget. We 
recommended that DHS re-examine the level of concurrency and 
appropriately adjust the acquisition strategy. 

DHS generally agreed with our findings and conclusions, but did not 
agree with our assessment that the SBInet contract does not contain 
specific numbers of units that may be ordered or a maximum dollar 
value. In addition, DHS stated that CBP intends to fully satisfy each 
of the legislative conditions in the near future to help minimize the 
program's exposure to cost, schedule, and performance risks. 

With respect to our recommendations, DHS concurred with two of our 
recommendations and disagreed with one. Specifically, DHS concurred 
with our recommendation for future expenditure plans to include 
explicit and measurable commitments relative to capabilities, schedule, 
costs, and benefits associated with individual SBInet program 
activities. According to DHS, future SBInet expenditure plans will 
include actual and planned progress, report against commitments 
contained in prior expenditure plans, and include a section that 
addresses and tracks milestones. DHS also concurred with our 
recommendation to re-examine the level of concurrency and appropriately 
adjust the acquisition strategy. In its written comments, DHS stated 
that CBP is constantly assessing the overall program as it unfolds, and 
adjusting it to reflect progress, resource constraints, refinements and 
changes in requirements, and insight gained from ongoing system 
engineering activities. DHS also stated that CBP recognizes the risk 
inherent in concurrency and has plans to address this risk. 

DHS did not agree with our recommendation to modify the SBInet 
integration contract to include a maximum quantity or dollar value. 
According to DHS, the quantity stated in the contract, "6,000 miles of 
secure U.S. border," is measurable and is therefore the most 
appropriate approach to defining the contract ceiling. We do not agree. 
In order to ensure that the SBInet contract is consistent with the FAR, 
we continue to believe that it should be modified to include a maximum 
quantity, either units or a dollar value, rather than the total amount 
of miles to be secured. 

This concludes our prepared testimony. We would be happy to respond to 
any questions that members of the subcommittee may have. 

Contacts and Acknowledgments: 

For questions regarding this testimony, please call Richard M. Stana at 
(202) 512-8816 or StanaR@gao.gov or Randolph C. Hite at (202) 512-3439 
or HiteR@gao.gov. Other key contributors to this statement were William 
T. Woods, Director; Robert E. White, Assistant Director; Deborah Davis, 
Assistant Director; Richard Hung, Assistant Director; E. Jeanette 
Espínola; Frances Cook; Katherine Davis; Gary Delaney; Joseph K. 
Keener; Sandra Kerr; Raul Quintero; and Sushmita Srikanth. 

[End of section] 

Appendix I: Satisfaction of Legislative Conditions: 

The SBInet December 2006 expenditure plan, including related 
documentation and program officials' statements, satisfied four 
legislative conditions, partially satisfied four legislative 
conditions, and did not satisfy one legislative condition. The nine 
legislative conditions and the level of satisfaction are summarized in 
the table below. 

Table 2: Satisfaction of Legislative Conditions: 

Legislative condition: 1. Defines activities, milestones, and costs for 
implementing the program; 
Status: Partially satisfied. 

Legislative condition: 2. Demonstrates how activities will further the 
goals and objectives of the Secure Border Initiative, as defined in the 
SBI multiyear strategic plan; 
Status: Not satisfied. 

Legislative condition: 3. Identifies funding and the organization 
staffing (including full-time equivalents, contractors, and detailees) 
requirements by activity; 
Status: Satisfied. 

Legislative condition: 4. Reports on costs incurred, the activities 
completed, and the progress made by the program in terms of obtaining 
operational control of the entire border of the United States; 
Status: Partially satisfied. 

Legislative condition: 5. Includes a certification by DHS's Chief 
Procurement Officer that procedures to prevent conflicts of interest 
between the prime integrator and major subcontractors are established 
and a certification by DHS's Chief Information Officer that an 
independent verification and validation agent is currently under 
contract for the project; 
Status: Satisfied. 

Legislative condition: 6. Complies with all applicable acquisition 
rules, requirements, guidelines, and best systems acquisition 
management practices of the federal government; 
Status: Partially satisfied. 

Legislative condition: 7. Complies with the capital planning and 
investment control review requirements established by the Office of 
Management and Budget (OMB), including Circular A-11, part 7; 
Status: Partially satisfied. 

Legislative condition: 8. Is reviewed and approved by DHS's Investment 
Review Board, the Secretary of Homeland Security, and OMB; 
Status: Satisfied. 

Legislative condition: 9. Is reviewed by GAO; 
Status: Satisfied. 

Source: GAO analysis of DHS data. 

[End of table] 

FOOTNOTES 

[1] Pub. L. No. 109-295, 120 Stat. 1355, 1359-60. The Appropriations 
Act required that the expenditure plan be submitted within 60 days 
after the enactment of the act. 

[2] On December 7 and December 13, 2006, we briefed the House and 
Senate Appropriations Subcommittees staff, respectively, on the results 
of our work. In February 2007, we issued a report on our work. See GAO, 
Secure Border Initiative: SBInet Expenditure Plan Needs to Better 
Support Oversight and Accountability, GAO-07-309 (Washington, D.C.: 
Feb. 15, 2007). 

[3] The U.S. Border Patrol has 20 sectors responsible for detecting, 
interdicting, and apprehending those who attempt to illegally enter or 
smuggle people, including terrorists, or contraband, including weapons 
of mass destruction, across U.S. borders between official ports of 
entry. 

[4] Project 28 is an effort across 28 miles of the Tucson sector that 
will deploy SBInet tactics. 

[5] DHS defines control of U.S. borders as the ability to: detect 
illegal entries, identify and classify entries and determine their 
respective level of threat, efficiently and effectively respond, and 
bring events to a satisfactory law enforcement action. 

[6] According to the November 2006 bimonthly report, as of August 2006, 
284 miles of the southwest border were under control. 

[7] Project planning processes help to establish and maintain plans and 
define project activities. Process and product quality assurance 
processes provide staff and management with objective insight into 
processes and associated work products. Measurement and analysis 
processes are used to develop and sustain a measurement capability that 
is used to support management information needs. Requirements 
management processes are used to manage the requirements of the 
project's products and product components and to identify 
inconsistencies between those requirements and the project's plans and 
work products. 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts 
newly released reports, testimony, and correspondence on its Web site. 
To have GAO e-mail you a list of newly posted products every afternoon, 
go to www.gao.gov and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office 441 G Street NW, Room LM 
Washington, D.C. 20548: 

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 
512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. 
Government Accountability Office, 441 G Street NW, Room 7125 
Washington, D.C. 20548: 

Public Affairs: 

Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, D.C. 20548: