GAO-07-309, Secure Border Initiative: SBInet Expenditure Plan Needs to Better Support Oversight and Accountability


This is the accessible text file for GAO report number GAO-07-309 
entitled 'Secure Border Initiative: SBInet Expenditure Plan Needs to 
Better Support oversight and Accountability' which was released on 
February 15, 2007. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to Congressional Committees: 

United States Government Accountability Office: 

GAO: 

February 2007: 

Secure Border Initiative: 

SBInet Expenditure Plan Needs to Better Support Oversight and 
Accountability: 

GAO-07-309: 

GAO Highlights: 

Highlights of GAO-07-309, a report to congressional committees 

Why GAO Did This Study: 

In November 2005, the Department of Homeland Security (DHS) established 
the Secure Border Initiative (SBI) program to secure U.S. borders and 
reduce illegal immigration. One element of SBI is SBInet, the program 
responsible for developing a comprehensive border protection system. By 
legislative mandate, DHS developed a fiscal year 2007 expenditure plan 
for SBInet to address nine legislative conditions, including a review 
by GAO. DHS submitted the plan to the Appropriations Committees on 
December 4, 2006. To address the mandate, GAO assessed the plan against 
federal guidelines and industry standards and interviewed appropriate 
DHS officials. 

What GAO Found: 

The SBInet expenditure plan, including related documentation and 
program officials’ statements, satisfied four legislative conditions, 
partially satisfied four legislative conditions, and did not satisfy 
one legislative condition. The nine legislative conditions and the 
level of satisfaction are summarized in the table. 

Table: Satisfaction of legislative conditions: 

Legislative condition: 1. Defines activities, milestones, and costs for 
implementing the program; 
Status: Partially satisfied. 

Legislative condition: 2. Demonstrates how activities will further the 
goals and objectives of the Secure Border Initiative, as defined in the 
SBI multi-year strategic plan; 
Status: not satisfied. 

Legislative condition: 3. Identifies funding and the organization 
staffing (including full-time equivalents, contractors, and detailees) 
requirements by activity; 
Status: Satisfied. 

Legislative condition: 4. Reports on costs incurred, the activities 
completed, and the progress made by the program in terms of obtaining 
operational control of the entire border of the United States; 
Status: Partially satisfied. 

Legislative condition: 5. Includes a certification by DHS’s Chief 
Procurement Officer that procedures to prevent conflicts of interest 
between the prime integrator and major subcontractors are established 
and a certification by DHS’s Chief Information Officer that an 
independent verification and validation agent is currently under 
contract for the project; 
Status: Satisfied. 

Legislative condition: 6. Complies with all applicable acquisition 
rules, requirements, guidelines, and best systems acquisition 
management practices of the federal government; 
Status: Partially satisfied. 

Legislative condition: 7. Complies with the capital planning and 
investment control review requirements established by the Office of 
Management and Budget (OMB), including Circular A–11, part 7; 
Status: Partially satisfied. 

Legislative condition: 8. Is reviewed and approved by DHS’s Investment 
Review Board, the Secretary of Homeland Security, and OMB; 
Status: Satisfied. 

Legislative condition: 9. Is reviewed by GAO; 
Status: Satisfied. 

Source: GAO analysis of DHS data. 

[End of Table] 

Satisfying the legislative conditions is important because the 
expenditure plan is intended to provide Congress with the information 
needed to effectively oversee the program and hold DHS accountable for 
program results. Satisfying the legislative conditions is also 
important to minimize the program’s exposure to cost, schedule, and 
performance risks. SBInet’s December 2006 expenditure plan offered a 
high-level and partial outline of a large and complex program that 
forms an integral component of a broader multiyear initiative. However, 
the plan and related documentation did not include explicit and 
measurable commitments relative to capabilities, schedule, costs, and 
benefits associated with individual SBInet program activities. In 
addition, the SBInet systems integration contract did not contain a 
specific number of units that may be ordered or a maximum dollar value 
as required by Federal Acquisition Regulation. Further, DHS’s approach 
to SBInet introduces additional risk because the program’s schedule 
entails a high level of concurrency among related planned tasks and 
activities. 

What GAO Recommends: 

GAO recommends that DHS (1) ensure that future expenditure plans 
include explicit and measurable commitments relative to the 
capabilities, schedule, costs, and benefits associated with individual 
SBInet program activities; (2) modify the SBInet contract to include a 
maximum quantity or dollar value; and (3) re-examine the level of 
concurrency and appropriately adjust the acquisition strategy. DHS 
concurred with the first and third recommendations, but not the second. 
DHS stated that the contract already contains a maximum quantity. GAO 
disagrees and believes DHS needs to modify the contract to ensure 
compliance with regulations. 

[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-309]. 

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact Richard M. Stana at (202) 
512-8816 or stanar@gao.gov. 

[End of section] 

Contents: 

Letter: 

Compliance with Legislative Conditions: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments: 

Appendix I: Briefing to the Subcommittees on Homeland Security, Senate 
and House Committees on Appropriations: 

Appendix II: Comments from the Department of Homeland Security: 

Appendix III: GAO Contact and Staff Acknowledgments: 

Abbreviations: 

CBP: Customs and Border Protection: 

CIO: Chief Information Officer: 

CPO: Chief Procurement Officer: 

DHS: Department of Homeland Security: 

EVM: earned value management: 

FAR: Federal Acquisition Regulation: 

IRB: Investment Review Board: 

IV&V: independent verification and validation: 

OMB: Office of Management and Budget: 

PMO: Program Management Office: 

SBI: Secure Border Initiative: 

[End of section] 

United States Government Accountability Office: 
Washington, DC 20548: 

February 15, 2007: 

The Honorable Robert C. Byrd: 
Chairman: 
The Honorable Thad Cochran: 
Ranking Minority Member: 
Subcommittee on Homeland Security: 
Committee on Appropriations: 
United States Senate: 

The Honorable David E. Price: 
Chairman: 
The Honorable Harold Rogers: 
Ranking Minority Member: 
Subcommittee on Homeland Security: 
Committee on Appropriations: 
House of Representatives: 

The Secure Border Initiative (SBI) is a comprehensive, multiyear 
program established in November 2005 by the Secretary of Homeland 
Security to secure U.S. borders and reduce illegal immigration. SBI's 
mission is to promote border security strategies that help protect 
against and prevent terrorist attacks and other transnational crimes. 
Elements of SBI will be carried out by several organizations within the 
Department of Homeland Security (DHS). One element of SBI is SBInet, 
the program within U.S. Customs and Border Protection (CBP) responsible 
for developing a comprehensive border protection system. SBInet is 
responsible for leading the effort to ensure that the proper mix of 
personnel, tactical infrastructure, rapid response capability, and 
technology is deployed along the border. In September 2006, after a 
full and open competition source selection, CBP awarded an indefinite 
delivery/indefinite quantity systems integration contract for 3 years, 
with three 1-year options. The minimum dollar amount is $2 million; the 
maximum is stated as "the full panoply of supplies and services to 
provide 6,000 miles of secure U.S. border." According to DHS, the 
SBInet solution is to include a variety of sensors, communications 
systems, information technology, tactical infrastructure (roads, 
barriers, and fencing), and command and control capabilities to enhance 
situational awareness of the responding officers. The solution is also 
to include the development of a common operating picture that provides 
uniform data, through a command center environment, to all DHS agencies 
and is interoperable with stakeholders external to DHS. 

The Department of Homeland Security Appropriations Act, 2007, required 
DHS to submit to Congress an expenditure plan to establish a security 
barrier along the border of the United States of fencing and vehicle 
barriers and other forms of tactical infrastructure and 
technology.[Footnote 1] This plan was to address nine legislative 
conditions and was submitted on December 4, 2006. As required by the 
act, we reviewed the plan, and on December 7 and December 13, 2006, 
briefed the House and Senate Appropriations Subcommittee staff, 
respectively, on the results. This report transmits these results. The 
full briefing, including our scope and methodology, is reprinted in 
appendix I. 

Compliance with Legislative Conditions: 

The expenditure plan, including related documentation and program 
officials' statements, satisfied four legislative conditions, partially 
satisfied four legislative conditions, and did not satisfy one 
legislative condition. The nine legislative conditions and the level of 
satisfaction are summarized below. 

* Legislative condition 1: Define activities, milestones, and costs for 
implementing the program (partially satisfied). 

The SBInet expenditure plan included general cost information for 
proposed activities and some associated milestone information, such as 
beginning and ending dates. DHS estimates that the total cost for 
completing the acquisition phase for the southwest border is $7.6 
billion for fiscal years 2007 through 2011. However, the plan and 
related documentation did not include sufficient details about the 
activities, milestones, or costs for implementing the program. Although 
the plan stated that about $790 million will be spent in the Tucson 
sector in Arizona for such elements as fencing, ground sensors, radars, 
cameras, and fixed and mobile towers, the plan did not specify how the 
funds will be allocated by element and did not provide specific dates 
for implementation. In addition, the plan did not include activities, 
milestones, or costs for the northern border. According to DHS, work on 
the northern border is not to begin before fiscal year 2009. 

* Legislative condition 2: Demonstrate how activities will further the 
goals and objectives of the SBI, as defined in the SBI multiyear 
strategic plan (not satisfied). 

The SBInet expenditure plan included a section that describes SBI and 
SBInet goals; however, the expenditure plan and related documentation 
did not link individual activities with SBI's goals, as called for by 
the legislative condition. Further, the December 2006 SBI strategic 
plan contained three strategic goals, one of which addresses border 
control. SBI and SBInet senior officials told us all SBInet activities 
link back to the overall goal of controlling the border and that the 
linkage between program goals and activities is intuitive. However, the 
SBInet expenditure plan did not link specific activities to more 
detailed SBI strategic plan goals, such as the annual performance 
goals. 

* Legislative condition 3: Identify funding and organization staffing 
(including full-time equivalents, contractors, and detailees) 
requirements by activity (satisfied). 

The SBInet program is managed by the SBInet Program Management Office 
(PMO). The PMO plans to execute SBInet activities through a series of 
concurrent task orders and to rely on a mix of government and 
contractor staff. The PMO plans to nearly triple its current workforce, 
from approximately 100 to 270 personnel,[Footnote 2] by September 2007 
in order to support and oversee this series of concurrent task orders. 
As of December 2006, SBInet officials told us that they have assigned 
lead staff for the task orders that have been awarded. 

* Legislative condition 4: Report on costs incurred, the activities 
completed, and the progress made by the program in terms of obtaining 
operational control of the entire border of the United States 
(partially satisfied). 

The SBInet expenditure plan and related documentation discussed how 
approximately $1.5 billion will be allocated to SBInet activities. For 
example, about $790 million is allocated for the Tucson Border Patrol 
sector and $260 million for the Yuma sector in Arizona.[Footnote 3] 
However, the plan did not include costs incurred to date mainly because 
SBInet activities are in the early stages of implementation and costs 
had not yet been captured by DHS's accounting system (e.g., the SBInet 
systems integration contract was awarded in September 2006 and the 
first two task orders were awarded in September and October 2006). 
Moreover, the expenditure plan did not include a baseline measure of 
miles under control of the border.[Footnote 4] While the plan did not 
discuss progress made to date by the program to obtain control of the 
border, related program documents, such as the bimonthly SBI reports to 
Congress, included information on the number of miles under control in 
the southwest border. According to the November 2006 bimonthly report, 
as of August 2006, 284 miles of the southwest border are under control. 

* Legislative condition 5: Include a certification by DHS's Chief 
Procurement Officer (CPO) that procedures to prevent conflicts of 
interest between the prime integrator and major subcontractors are 
established and a certification by DHS's Chief Information Officer 
(CIO) that an independent verification and validation agent is 
currently under contract for the project (satisfied). 

On November 30, 2006, DHS's CPO certified that the prime integrator had 
established procedures to prevent conflicts of interest between it and 
its major subcontractors and that DHS is developing a process to 
monitor and oversee implementation of the prime integrator's 
procedures. Also, on November 30, 2006, DHS's Deputy CIO certified that 
the SBInet program had contracted with a private company as the interim 
independent verification and validation (IV&V) agent. However, this 
company is also responsible for performing program activities, 
including requirements management and test and evaluation activities 
and thus is not independent of all the program's products and processes 
that it could review. The Deputy CIO certified that a permanent IV&V 
agent is to be selected by February 28, 2007, and that CBP is to 
provide information sufficient to determine that this independence 
issue has been resolved. 

* Legislative condition 6: Comply with all applicable acquisition 
rules, requirements, guidelines, and best systems acquisition 
management practices of the federal government (partially satisfied). 

SBInet is using, at least to some extent, several acquisition best 
practices. The extent to which these practices are in use varies, and 
outcomes are dependent on successful implementation. However, one 
acquisition requirement not followed was that the SBInet systems 
integration contract did not contain a specific number of units that 
may be ordered or a maximum dollar value. According to the Federal 
Acquisition Regulation (FAR),[Footnote 5] indefinite quantity contracts 
must specify the maximum quantity of supplies or services the agency 
will acquire. This may be stated as a number of units or as a dollar 
value. SBI and SBInet officials told us that the contract already 
contains a maximum quantity of "6,000 miles of secure U.S. border" and 
that this was sufficient to satisfy the FAR requirement. We disagree 
because the statement in the contract about the 6,000 miles of secure 
border merely reflects the agency's overall outcome to be achieved with 
the supplies or services provided but does not specify the maximum 
quantity of supplies or services the agency may acquire. We believe 
that a maximum quantity or dollar value limit should be included in the 
contract in order to ensure that it is consistent with the FAR 
requirement. 

SBInet's acquisition approach calls for considerable concurrency among 
related planned tasks and activities. The greater the degree of 
concurrency among related and dependent program tasks and activities, 
the greater a program's exposure to cost, schedule, and performance 
risks. SBI and SBInet officials told us that they understand the risks 
inherent in concurrency and are addressing these risks. However, they 
have yet to provide evidence that shows they have identified the 
dependencies among their concurrent activities and that they are 
proactively managing the associated risk. 

Further, the program office did not fully define and implement key 
acquisition management processes, such as project planning, 
requirements management, and risk management. According to the SBInet 
Program Manager, this is due to the priority being given to meeting an 
accelerated program implementation schedule. However, the program 
office has begun implementing a risk management process and, according 
to the Program Manager, plans to develop a plan for defining and 
implementing the remaining processes by the spring of 2007. 

* Legislative condition 7: Comply with the capital planning and 
investment control review requirements established by the Office of 
Management and Budget (OMB), including Circular A-11, part 7 (partially 
satisfied). 

As required by OMB, the plan and related documentation provided a brief 
description of SBInet and addressed the program's management structure 
and responsibilities for most of the program office's directorates. In 
addition, the program office developed a draft privacy impact 
assessment and established an earned value management (EVM) 
system[Footnote 6] to manage the prime integrator's progress against 
cost and schedule goals. However, an OMB-required EVM system had not 
been fully implemented because the baselines against which progress can 
be measured for the two task orders that had been issued, as of 
December 4, 2006, were not yet established. Further, the program office 
had not yet developed a system security plan or determined SBInet's 
compliance with the DHS enterprise architecture.[Footnote 7] 

* Legislative condition 8: Include reviews and approvals by DHS's 
Investment Review Board (IRB), the Secretary of Homeland Security, and 
OMB (satisfied). 

DHS's IRB approved the plan on November 22, 2006; the Secretary of 
Homeland Security approved the expenditure plan on November 22, 2006; 
and OMB approved the plan on December 4, 2006. 

* Legislative condition 9: Include a review by GAO (satisfied). 

On December 7, 2006, we briefed the House of Representatives Committee 
on Appropriations staff and on December 13, 2006, we briefed the Senate 
Committee on Appropriations staff regarding the results of our review. 

Conclusions: 

The legislatively mandated expenditure plan for SBInet is a 
congressional oversight mechanism aimed at ensuring that planned 
expenditures are justified, performance against plans is measured, and 
accountability for results is ensured. Because the SBInet expenditure 
plan lacked sufficient details on such things as planned activities and 
milestones, anticipated costs and staffing levels, and expected mission 
outcomes, Congress and DHS are not in the best position to use the plan 
as a basis for measuring program success, accounting for the use of 
current and future appropriations, and holding program managers 
accountable for achieving effective control of the southwest border. 

Under the FAR, indefinite quantity contracts such as the SBInet 
contract must contain the specific number of units that may be ordered 
or a maximum dollar value. However, the SBInet contract merely contains 
the maximum number of miles to be secured. While SBInet officials 
consider this sufficient to satisfy the FAR requirement, a maximum 
quantity expressed in units other than the overall outcome to be 
achieved or expressed as a dollar value limit would help ensure that 
the contract is consistent with this requirement. 

DHS's approach to SBInet introduces additional risk because the 
program's schedule entails a high level of concurrency. With multiple 
related and dependent projects being undertaken simultaneously, SBInet 
is exposed to possible cost and schedule overruns and performance 
problems. Without assessing this level of concurrency and how it 
affects project implementation, SBInet runs the risk of not delivering 
promised capabilities and benefits on time and within budget. 

Recommendations for Executive Action: 

To help ensure that Congress has the information necessary to 
effectively oversee SBInet and hold DHS accountable for program 
results, and to help DHS manage the SBInet program and ensure that 
future SBInet expenditure plans meet the legislative requirements, we 
recommend that the Secretary of Homeland Security direct the U.S. 
Customs and Border: 

Protection Secure Border Initiative Program Management Office Executive 
Director to take the following three actions: 

* ensure that future expenditure plans include explicit and measurable 
commitments relative to the capabilities, schedule, costs, and benefits 
associated with individual SBInet program activities; 

* modify the SBInet systems integration contract to include a maximum 
quantity or dollar value; and: 

* re-examine the level of concurrency and appropriately adjust the 
acquisition strategy. 

Agency Comments: 

In written comments on a draft of this report, DHS generally agreed 
with our findings and conclusions, but did not agree with our 
assessment that the SBInet contract does not contain specific numbers 
of units that may be ordered or a maximum dollar value. In addition, 
DHS stated that CBP intends to fully satisfy each of the legislative 
conditions in the near future to help minimize the program's exposure 
to cost, schedule, and performance risks. DHS's written comments are 
reproduced in appendix II. 

With respect to our recommendations, DHS concurred with two of our 
recommendations and disagreed with one. Specifically, DHS concurred 
with our recommendation for future expenditure plans to include 
explicit and measurable commitments relative to capabilities, schedule, 
costs, and benefits associated with individual SBInet program 
activities. According to DHS, future SBInet expenditure plans will 
include actual and planned progress, report against commitments 
contained in prior expenditure plans, and include a section that 
addresses and tracks milestones. DHS also concurred with our 
recommendation to re-examine the level of concurrency and appropriately 
adjust the acquisition strategy. In its written comments, DHS stated 
that CBP is constantly assessing the overall program as it unfolds, and 
adjusting it to reflect progress, resource constraints, refinements and 
changes in requirements, and insight gained from ongoing system 
engineering activities. DHS also stated that CBP recognizes the risk 
inherent in concurrency and has added this to the program's risk 
management database. 

DHS did not agree with our recommendation to modify the SBInet 
integration contract to include a maximum quantity or dollar value. 
According to DHS, the quantity stated in the contract, "6,000 miles of 
secure U.S. border," is measurable and is therefore the most 
appropriate approach to defining the contract ceiling. We do not agree. 
Under the FAR, an agency may use an indefinite delivery/indefinite 
quantity contract, such as that used for SBInet, when it is not 
possible to determine in advance the precise quantities of goods or 
services that may be required during performance of the contract. 
Though these types of contracts are indefinite, they are not open- 
ended. The FAR requires that indefinite quantity contracts contain a 
limit on the supplies or services that may be ordered, stated in terms 
of either units or dollars. This limit serves a variety of purposes, 
including establishing the maximum financial obligation of the parties. 
In our view, the purported maximum used in the SBInet contract, "the 
full panoply of supplies and services to provide 6,000 miles of secure 
U.S. border," does not allow anyone to calculate with any degree of 
certainty what the maximum financial obligation of the parties might 
turn out to be since the contract does not make clear the total amount 
of supplies or services that would be required to secure even 1 mile of 
U.S. border. In order to ensure that the SBInet contract is consistent 
with the FAR, we continue to believe that it should be modified to 
include a maximum quantity, either units or a dollar value, rather than 
the total amount of miles to be secured. 

We are sending copies of this report to the Chairman and Ranking 
Minority Members of other Senate and House committees that have 
authorization and oversight responsibilities for homeland security. We 
are also sending copies to the Secretary of Homeland Security, the 
Commissioner of Customs and Border Protection, and the Director of the 
Office of Management and Budget. Copies of this report will also be 
available at no charge on the GAO Web site at http://www.gao.gov. 

If you or your staff have any further questions about this report, 
please contact Richard Stana at (202) 512-8816 or StanaR@gao.gov. 
Contact points for our Offices of Congressional Relations and Public 
Affairs may be found on the last page of this report. Key contributors 
to this report are listed in appendix III. 

Signed by: 

Richard M. Stana: 
Director, Homeland Security and Justice Issues: 

Signed by: 

Randolph C. Hite: 
Director, Information Technology Architecture and Systems Issues: 

Signed by: 

William T. Woods: 
Director, Acquisition and Sourcing Management: 

[End of section] 

Appendix I: Briefing to the Subcommittees on Homeland Security, Senate 
and House Committees on Appropriations: 

Briefing on the Secure Border Initiative's SBInet Expenditure Plan: 

Prepared for the House and Senate Appropriations Committees: 

December 7 and December 13, 2006: 

Briefing Overview: 

Objective, Scope, and Methodology: 
Results in Brief: 
Background: 
Findings: 
Conclusions: 
Recommendations for Executive Action: 
Agency Comments and Our Evaluation: 
Attachment 1: Scope and Methodology: 

Objective, Scope, and Methodology: 

Our objective was to determine whether the Secure Border Initiative's 
(SBI) SBlnet December 2006 expenditure plan satisfies nine legislative 
conditions as required by the Department of Homeland Security 
Appropriations Act, 2007.[Footnote 8] 

To accomplish our objective, we analyzed the SBI net December 2006 
expenditure plan and supporting documentation. We also interviewed 
cognizant program officials and contractors. We did not review the 
justification for cost estimates included in the expenditure plan. We 
conducted our work at Department of Homeland Security's (DHS) U.S. 
Customs and Border Protection (CBP) headquarters in the Washington, 
D.C., metropolitan area from October 2006 to December 2006, in 
accordance with generally accepted government auditing standards. 
Details of our scope and methodology are provided in attachment 1. 

Results in Brief: 

Satisfaction of legislative conditions: 

Legislative condition: 1. Defines activities, milestones, and costs for 
implementing the program; 
Status[Footnote 9]: Partially satisfied. 

Legislative condition: 2. Demonstrates how activities will further the 
goals and objectives of the Secure Border Initiative, as defined in the 
SBI multi-year strategic plan; 
Status[Footnote 9]: not satisfied. 

Legislative condition: 3. Identifies funding and the organization 
staffing (including full-time equivalents, contractors, and detailees) 
requirements by activity; 
Status[Footnote 9]: Satisfied. 

Legislative condition: 4. Reports on costs incurred, the activities 
completed, and the progress made by the program in terms of obtaining 
operational control of the entire border of the United States; 
Status[Footnote 9]: Partially satisfied. 

Legislative condition: 5. Includes a certification by DHS’s Chief 
Procurement Officer that procedures to prevent conflicts of interest 
between the prime integrator and major subcontractors are established 
and a certification by DHS’s Chief Information Officer that an 
independent verification and validation agent is currently under 
contract for the project; 
Status[Footnote 9]: Satisfied. 

Legislative condition: 6. Complies with all applicable acquisition 
rules, requirements, guidelines, and best systems acquisition 
management practices of the federal government; 
Status[Footnote 9]: Partially satisfied. 

Legislative condition: 7. Complies with the capital planning and 
investment control review requirements established by the Office of 
Management and Budget (OMB), including Circular A–11, part 7; 
Status[Footnote 9]: Partially satisfied. 

Legislative condition: 8. Is reviewed and approved by DHS’s Investment 
Review Board[Footnote 10], the Secretary of Homeland Security, and OMB; 
Status[Footnote 9]: Satisfied. 

Legislative condition: 9. Is reviewed by GAO; 
Status[Footnote 9]: Satisfied. 

Source: GAO analysis of DHS data. 

[End of Table] 

Background: 

SBI is a comprehensive, multi-year program sponsored by the Secretary 
of Homeland Security, to secure U.S. borders and reduce illegal 
immigration. SBI's mission is to promote border security strategies 
that protect against and prevent terrorist attacks and other 
transnational crimes. 

Elements of SBI will be carried out by several organizations within 
DHS. Under SBI is SBI net, the program within CBP responsible for 
developing a comprehensive border protection system (see fig. 1). SBI 
net will lead the effort to ensure the proper mix of personnel (e.g., 
program staff and Border Patrol agents), tactical infrastructure, rapid 
response capability, and technology are deployed along the border. 

Figure #1: SBI Organizational Chart: 

[See PDF for Image] 

Source: GAO Analysis of DHS data. 

[End of figure] 

DHS defines control of U.S. borders as the ability to: 

1. detect illegal entries into the United States; 

2. identify and classify these entries to determine the level of threat 
involved; 

3. efficiently and effectively respond to these entries; and: 

4. bring events to a satisfactory law enforcement resolution. 

The initial focus of SBlnet will be on southwest border investments and 
areas between the ports of entry that CBP has designated as having the 
highest need for enhanced border security due to serious 
vulnerabilities. Figure 2 shows the topography, interstate highways, 
and some major secondary roads along the southwest border. 

Figure 2: Topography and Road Systems along the Southwest Border: 

[See PDF for image] 

Source: GAO. 

Note: The U.S.-Mexican border is denoted by the black line that starts 
at the far left in San Diego, California, and that moves to the far 
right, ending at Brownsville, Texas. 

[End of figure] 

In September 2006, after a full and open competition source selection, 
Boeing was awarded an Indefinite Delivery/Indefinite Quantity (IDIQ) 
contract for 3 years, with three 1-year options. The minimum dollar 
amount is $2 million; the maximum is stated as "the full panoply of 
supplies and services to provide 6,000 miles of secure U.S. border." 

Boeing's solution will include a variety of sensors, communications 
systems, information technology, tactical infrastructure (roads, 
barriers, and fencing), and command and control capabilities to enhance 
situational awareness of the responding officers (see fig. 3.) The 
solution will also include the development of a common operating 
picture (COP) that will provide uniform data, through a command center 
environment, to all DHS agencies and be interoperable with stakeholders 
external to DHS. 

Figure 3: Existing Technology along the Border: 

[See PDF for image] 

Source: CBP. 

[End of figure] 

DHS's acquisition process for major investments consists of 5 decision 
milestones and requires Investment Review Board approval at key 
decision points (see fig. 4). 

Figure 4: DHS's Acquisition Process: 

[See PDF for image] 

Source: DHS. 

[End of figure] 

Legislative condition #1: Defines Activities, Milestones, and Costs 
(Partially Satisfied): 

The expenditure plan, including related documentation and program 
officials' statements, partially satisfied the condition to define 
activities, milestones, and costs for implementing the program. 

The SBInet expenditure plan should include sufficient details of 
planned activities, milestones, and costs for Congress and DHS to be 
assured that planned use of current and future appropriations offer a 
reasonable expectation of achieving operational control of the U.S 
border, and to provide a basis for measuring program success and 
holding program managers accountable. 

DHS estimates that the total cost for completing the acquisition phase 
for the southwest border is $7.6 billion from FY2007 through FY2011. 

* $5.1 billion is for the design, development, integration and 
deployment of fencing, roads, vehicle barriers, sensors, radar units, 
and command, control, and communications and other equipment. 

* $2.5 billion is for integrated logistics and operations support 
during the acquisition phase for the southwest border. 

DHS expects to have control of the southwest border by October 2011. 
DHS officials have yet to provide draft implementation plans by 
southwest border sectors and years for FY2007-FY2011. 

The expenditure plan does not include activities, milestones, or costs 
for the northern border. According to DHS, work on the northern border 
is not projected to begin before FY2009. 

The expenditure plan provides a general breakdown of how funds will be 
allocated to SBInet's activities.[Footnote 11] See table 1. 

Table 1: SBlnet Funding Allocations FY2005-FY2007 (in thousands): 

Activity: Management task order; 
FY2005: $36,800; 
FY2006 Supplemental: [Empty]; 
FY2007: $13,066; 
Total: $49,866. 

Activity: Project 28; 
FY2005: [Empty]; 
FY2006 Supplemental: $20,000; 
FY2007: [Empty]; 
Total: $20,000. 

Activity: Common operating picture; 
FY2005: [Empty]; 
FY2006 Supplemental: [Empty]; 
FY2007: $100,000; 
Total: $100,000. 

Activity: Tucson sector; 
FY2005: [Empty]; 
FY2006 Supplemental: $60,000; 
FY2007: $729,359; 
Total: $789,359. 

Activity: Yuma sector; 
FY2005: [Empty]; 
FY2006 Supplemental: $204,609; 
FY2007: $55,075; 
Total: $259,684. 

Activity: Yuma and Tucson Tactical Infrastructure; 
FY2005: [Empty]; 
FY2006 Supplemental: $24,391; 
FY2007: [Empty]; 
Total: $24,391. 

Activity: Tactical Infrastructure Western Arizona; 
FY2005: [Empty]; 
FY2006 Supplemental: [Empty]; 
FY2007: $57,823; 
Total: $57,823. 

Activity: Texas Mobile System; 
FY2005: [Empty]; 
FY2006 Supplemental: [Empty]; 
FY2007: $20,000; 
Total: $20,000. 

Activity: San Diego Fence; 
FY2005: [Empty]; 
FY2006 Supplemental: [Empty]; 
FY2007: $30,500; 
Total: $30,500. 

Activity: Advanced Technology Development; 
FY2005: [Empty]; 
FY2006 Supplemental: $10,000; 
FY2007: [Empty]; 
Total: $10,000. 

Activity: Systems Engineering Support; 
FY2005: [Empty]; 
FY2006 Supplemental: $6,000; 
FY2007: $6,000; 
Total: $12,000. 

Activity: Program Management Office Support; 
FY2005: [Empty]; 
FY2006 Supplemental: [Empty]; 
FY2007: $55,000; 
Total: $55,000. 

Activity: Environmental Requirements; 
FY2005: [Empty]; 
FY2006 Supplemental: [Empty]; 
FY2007: $61,000; 
Total: $61,000. 

Activity: Other[Footnote 12]; 
FY2005: [Empty]; 
FY2006 Supplemental: [Empty]; 
FY2007: $59,742; 
Total: $59,742. 

Total;  
FY2005: $36,800;  
FY2006 Supplemental: $325,000; 
FY2007: $1,187,565; 
Total: $1,549,362. 

Source: GAO analysis of SBlnet Expenditure Plan. 

[End of table] 

The expenditure plan includes certain milestones, such as starting and 
ending dates, for some but not all activities. 

For Project 28, the task order has been issued and the milestones are 
defined. 

In other cases, such as the Tucson and Yuma sector activities, 
milestones and costs are preliminary and more likely to change because 
they are in the early stages of planning and requirement setting. 
According to SBInet officials, factors such as technological, 
environmental, and eminent domain constraints can affect the timetables 
and costs of these activities. 

Figure 5 illustrates some key milestones defined by SBInet officials 
for selected activities. 

Figure 5: Timeline by selected project: 

[See PDF for image] 

Source: SBlnet supporting documentation: 

[End of figure] 

Legislative Condition #2: Demonstrates How Activities will Further the 
Goals of SBI's Strategic Plan (Not Satisfied): 

The expenditure plan, including related documentation and program 
officials' statements, did not satisfy the condition to demonstrate how 
activities will further the goals and objectives of the SBI, as defined 
in the SBI multi-year strategic plan. 

As one component of a larger initiative, the SBlnet expenditure plan 
needs to demonstrate the linkage between its individual activities and 
the objectives of SBI. 

The expenditure plan discusses the goals and objectives of four 
strategic plans: DHS, SBI, CBP, and SBI net. (See table 2.) 

However, the plan does not directly link the SBI net activities to 
these goals and objectives. As a result, Congress is not in a position 
to understand how SBInet's activities contribute to SBI's goals and 
objectives. 

Table 2: SBlnet Strategic Alignment of Goals: 

DHS Strategic Plan: Objective 2.1: Secure our borders against 
terrorists, means of terrorism, illegal drugs, and other illegal 
activity; 
DHS Secure Border Strategic Plan: Goal 1: Gain effective control of the 
borders; 
CBP Strategic Plan: Objective 2.2: Maximize border security, along the 
northern, southern and coastal borders, through an appropriate balance 
of personnel, equipment, technology, communications capabilities and 
tactical infrastructure; 
SBInet Strategic Plan: Strategic Goal #1: Ensure border security by 
providing resources and capabilities to gain and maintain control of 
the nation's borders at and between Ports of Entry. 

DHS Strategic Plan: Objective 2.3: Provide operational end users with 
the technology and capabilities to detect and prevent terrorist 
attacks, means of terrorism and other illegal activities; 
DHS Secure Border Strategic Plan: Goal 1.1: Develop and deploy the 
optimal mix of personnel, infrastructure, technology and response 
capabilities to identify, classify and interdict cross-border 
violators; 
CBP Strategic Plan: Objective 3.2: Develop and implement policy, 
management, operations, infrastructure and training initiatives to 
integrate frontline border enforcement personnel; 
SBInet Strategic Plan: Strategic Goal #2: Lead development and 
Deployment of a COP. 

DHS Strategic Plan: Objective 7.4: Improve the efficiency and 
effectiveness of the Department, ensuring taxpayers get value for their 
tax dollars; 
DHS Secure Border Strategic Plan: Core enabler: Strengthen DHS 
management efforts; 
CBP Strategic Plan: Objective 6.2: Improve asset acquisition and 
management methods and procedures, ensuring the effective procurement 
of supplies, services, and equipment in alignment with the CBP mission, 
goals, and priorities; 
SBInet Strategic Plan: Strategic Goal #3: Provide Responsible 
Acquisition Management. 

Source: SBlnet Expenditure Plan. 

[End of table] 

Legislative Condition #3: Identifies Funding and: 

Staffing Requirements by Activity (Satisfied): 

The expenditure plan, including related documentation and program 
officials' statements, satisfied the condition to identify funding and 
the organization staffing (including full-time equivalents, 
contractors, and detailees) requirements by activity. 

The expenditure plan should identify funding[Footnote 13] and staffing 
requirements with sufficient detail to provide reasonable assurance to 
Congress that government oversight of planned major expenditures will 
be adequate to minimize the risk of inefficient or wasteful spending. 

SBInet activities will be executed through a series of task orders. The 
SBInet program plans to rely on a mix of government and contractor 
staff to manage the program. 

As of December 2006, SBInet officials told us that they have assigned 
lead staff for the task orders that have been awarded. In addition, 
SBInet officials told us that their human capital strategy, scheduled 
to be finalized in December, will provide more details on staffing and 
expertise needed for the program. 

The SBI net program is managed by the SBInet Program Management Office 
(PMO). The PMO reports to the CBP SBI Program Executive Director. The 
PMO plans to nearly triple its current workforce by September 2007 in 
order to support and oversee a planned series of concurrent task 
orders. (See fig. 6.) 

SBI and SBI net officials expressed concerns about difficulties in 
finding an adequate number of staff with the required expertise to 
support planned activities. Staffing shortfalls could limit government 
oversight efforts. 

Figure 6: CBP SBI and SBlnet Current and Projected Personnel: 

[See PDF for image] 

Notes: Current Staff is as of December 2006. Projected Staff is as of 
September 30, 2007. 

Source: GAO analysis of data in SBInet's expenditure plan. 

[End of figure] 

Legislative Condition #4: Reports on Costs Incurred, Activities 
Completed and Progress to Date (Partially Satisfied): 

The expenditure plan, including related documentation and program 
officials' statements, partially satisfied the condition to report on 
costs incurred, the activities completed, and the progress made by the 
program in terms of obtaining operational control of the entire border 
of the United States. 

The expenditure plan should include a baseline measure of operational 
control of the border in order to inform Congress on the level of 
progress already achieved. 

The plan and supporting documentation discusses allocations but not 
costs incurred. 

Examples of activities completed to date: 

1. Systems integration contract was awarded in September 2006. 

2. Two task orders have been awarded: 

* Program Management/Systems Engineering - $36.5 million (September 
2006): 

* Project 28 - $20 million (October 2006): 

The plan does not discuss progress to date made by the program to 
obtain operational control of the border. The bi-monthly SBI reports to 
Congress include baseline information. 

Legislative Condition #5: Includes Certifications by CPO and CIO 
(Satisfied): 

The expenditure plan, including related documentation and program 
officials' statements, satisfied the condition to include a 
certification by DHS's Chief Procurement Officer that procedures to 
prevent conflicts of interest between the prime integrator and major 
subcontractors are established and a certification by DHS's Chief 
Information Officer that an independent verification and validation 
agent is currently under contract for the project. 

On November 30, 2006, DHS's Chief Procurement Officer certified that 
the prime integrator has established procedures to prevent conflicts of 
interest between it and its major subcontractors and that DHS is 
developing a process to monitor and oversee implementation of the prime 
integrator's procedures. 

On November 30, 2006, DHS's Deputy Chief Information Officer certified 
the SBInet program has contracted with a private corporation as the 
interim Independent Verification and Validation (IV&V) Agent. However, 
this corporation is also responsible for the program's requirements 
management and test and evaluation activities and thus is not 
independent of all the program's products and processes that it could 
review. The Deputy CIO certified that a permanent IV&V agent is to be 
selected by February 28, 2007. 

Legislative Condition #6: Complies with Acquisition Rules and 
Requirements (Partially Satisfied): 

The plan, including related documentation and program officials' 
statements, partially satisfied the condition to comply with applicable 
acquisition rules, requirements, guidelines, and best systems 
acquisition management practices of the federal government, such as the 
DHS's acquisition guidelines, Federal Acquisition Regulation, and the 
Software Engineering Institute's acquisition guidance and practices. 

DHS Acquisition Guidelines: 

SBInet is using, at least to some extent, several of the best practices 
or "Guiding Principles" in DHS Management Directive 1400, including: 

Competition: 

Earned Value Management: 

Performance-based contracting: 

Spiral Development: 

Risk Management: 

The extent to which these practices are in use varies, and outcomes are 
dependent on successful implementation. 

Federal Acquisition Regulation (FAR): 

Under FAR Part 16, indefinite quantity contracts must specify the 
maximum quantity of supplies or services the agency will acquire. These 
may be stated as number of units or dollars. 

The SBInet contract does not contain specific numbers of units that may 
be ordered or a maximum dollar value. 

Other Issues: 

Fee Structure: The Program Management Task Order includes a relatively 
high base fee of 5 percent. By comparison, the Department of Defense 
regulations and the National Aeronautics and Space Administration 
guidance generally limit base fees to 3 percent or less. Conversely, 
our experience in reviewing contract matters shows that the award fee 
of 3 percent may not be high enough relative to the base fee to 
motivate higher levels of performance. DHS officials said that they 
will establish an appropriate fee structure when issuing future task 
orders. 

Concurrency: The greater the degree of concurrency among related and 
dependent program tasks and activities, the greater a program's 
exposure to cost, schedule, and performance risks. As shown on slide 
17, DHS plans call for considerable concurrency among SBInet planned 
tasks and activities that are related, such as the lessons learned from 
the Project 28 task order that are to be incorporated in the sector 
task orders and the program management task order that is to establish 
the capabilities to manage and oversee all of the other task orders. 
According to program officials, risks associated with concurrency are 
being managed. However, we have yet to receive information showing that 
the program has defined task and activity dependencies and 
relationships, and the risk inventory does not include a risk related 
to concurrency. 

Software Engineering Institute Acquisition Guidance: 

The Software Engineering Institute's recognized guidance on system 
acquisition practices provides a management framework based on 
disciplined and rigorous processes for planning, managing, and 
controlling the acquisition of information technology (IT) resources. 
These processes include, among others, acquisition management, project 
planning, project monitoring and control, requirements management, 
measurement and analysis, process and product quality assurance, and 
risk management. 

The program management office has not fully defined and implemented all 
of these key acquisition management processes. 

According to the SBInet Program Manager, these processes have not been 
fully defined and implemented because of a lack of time due to the 
priority to meet a tight program implementation schedule. He further 
stated that he plans to develop a plan for defining and implementing 
these processes. The plan is to be incorporated in a revised Program 
Management Plan (PMP), which is to be available in the spring of 2007. 

The program office has defined and begun implementing one of these 
process areas --risk management. 

The program office developed a draft risk management plan, dated 
September 29, 2006. This draft plan addressed, among other things, a 
process for identifying, analyzing, mitigating, tracking, and 
controlling risks. As part of its process, the program office has 
established a governance structure, which includes a Risk Review Board 
(RRB) that is chaired by the SBInet Program Manager. According to the 
SBInet Risk Manager, a draft RRB charter has been developed, although 
we have yet to receive it. 

The program office has also begun implementing its process. For 
example, it has developed a risk management database that identifies 
for each risk, among other things, the status, priority, probability of 
occurrence, the overall impact, consequence, and a mitigation strategy. 
The risk inventory, which was provided to us on November 6, 2006, 
identified 30 risks, of which 11 are designated as high risks and 2 are 
designated as issues - understanding overall program cost and program 
management office staffing. According to the SBInet Program Manager, an 
issue is a risk that has been realized. He further stated that the 
program cost issue is to be closed, but the program management office 
staffing issue is still open. 

Examples of other high risks include: 

* Timely completion of environmental risk assessments, 

* Early definition of tactical infrastructure requirements, and: 

* Success of 8-month milestone for Project 28. 

Legislative Condition #7: Complies with Capital Planning and Investment 
Control Review Requirements (Partially Satisfied): 

The plan, including related program documentation and program 
officials' statements, partially satisfied the Capital Planning and 
Investment Control (CPIC) review requirements established by OMB, 
including Circular A-11, part 7, which establishes policy for planning, 
budgeting, acquisition, and management of federal capital assets. 

Examples of our analysis follow. 

A-11 Requirement: 

Provide a brief description of the investment and its status in the 
CPIC review, including major assumptions made about the investment. 

Results of our analysis: 

The expenditure plan includes a brief description of SBlnet. The plan 
does not describe the status of the investment in the DHS CPIC process, 
but indicates that SBlnet is being managed using a CPIC framework. 
However, it is unclear where SBlnet is in the CPIC process. 

According to the SBlnet DHS Joint Requirements Council and IRB briefing 
document for fiscal year 2007, dated November 22, 2006, the program 
office plans to implement the CPIC process on an annual basis. 
According to the SBlnet Program Manager, SBlnet projects are at various 
stages in the acquisition life cycle. As a result, the program office 
plans to combine multiple projects into a single decision milestone 
that is to occur on an, at least, annual basis. 

A-11 Requirement: 

Describes the management structures, responsibilities, and 
qualifications that contribute to achievement of cost, schedule, and 
performance goals. 

Results of our analysis: 

The expenditure plan and other documentation address the management 
structures and responsibilities. Specifically, the program office 
includes six line and four staff directorates reporting to the SBlnet 
Program Manager. The management structure also includes the use of 
integrated project teams that consist of subject matter experts from a 
variety of disciplines required to effectively manage an acquisition 
project. 

The draft Program Management Plan, dated September 18, 2006, identified 
responsibilities for five of the six program office line directorates, 
and for two of the four staff directorates. The plan also identified 
responsibilities for some, but not all, divisions within each of the 
directorates. For example, the plan describes the responsibilities of 
the Mission Engineering Directorate, but it does not describe the 
responsibilities for the five divisions within the Directorate. 

We have not yet seen any documentation that describes the 
qualifications of the program office staff. 

A-11 Requirement: 

Provide a summary of the investment's risk assessment, including how 19 
OMB-identified risk elements are being addressed. 

Results of our analysis: 

The program office has defined and begun implementing a risk management 
process, and developed a risk database that addresses 13 of the 19 OMB- 
identified risk. The risk elements that are not addressed include 
privacy and technical obsolescence. 

A-11 Requirement: 

Provides a summary of the investment's status in accomplishing baseline 
cost and schedule goals through the use of an earned value management 
(EVM) system or operational analysis, depending on the life- cycle 
stage. 

Results of our analysis: 

The program office is currently relying on the prime integrator's EVM 
system to manage the prime contractor's progress against cost and 
schedule goals. The prime integrator's EVM system has been 
independently certified as meeting established standards. 

However, the EVM system has not yet been fully implemented because the 
baselines against which progress can be measured for the two task 
orders that have been issued to date has not yet been established. 
According to program officials, these baselines will be established for 
the program management task order and the Project 28 task order in mid- 
December 2006 and mid-January 2007, respectively. 

A-11 Requirement: 

Demonstrates that the investment is included in the agency's enterprise 
architecture and CPIC process. 

Results of our analysis: 

The expenditure plan did not include a discussion of the program 
office's activities in regard to the DHS enterprise architecture. 

Moreover, according to program officials, the program office has not 
yet determined if SBInet is aligned with the architecture. According to 
these officials, SBInet is to be reviewed by the Enterprise 
Architecture Center of Excellence, which is the DHS entity that 
determines enterprise architecture alignment, by the end of December 
2006. 

With respect to the CPIC requirement, the plan does not describe the 
status of the investment in the DHS CPIC process, but indicates that it 
is being managed using a CPIC framework. Also, as stated previously, it 
is unclear where SBInet is in the CPIC process. 

A-11 Requirement: 

Provides a description of an investment's security and privacy issues. 
Summarizes the agency's ability to manage security at the system or 
application level. Demonstrates compliance with the certification and 
accreditation process, as well as the mitigation of IT security 
weaknesses. 

Results of our analysis: 

The expenditure plan did not include a discussion of security and/or 
privacy. According to a program office security specialist, the program 
office has not yet developed a system security plan because it is too 
early in the system development life cycle. A system security plan is 
to be developed as a part of the system certification and accreditation 
process. 

Regarding privacy, the program office developed a draft privacy impact 
assessment dated October 2006. The assessment addresses several, but 
not all, of OMB's criteria.[Footnote 14]  

Legislative Condition #8: Includes Approvals by IRB, 

DHS Secretary and OMB (Satisfied): 

The expenditure plan, including related documentation and program 
officials' statements, satisfied the condition that the plan be 
reviewed and approved by DHS's Investment Review Board, the Secretary 
of Homeland Security, and OMB. 

DHS's Investment Review Board approved the plan on November 22, 2006. 

The Secretary of Homeland Security approved the expenditure plan on 
November 22, 2006. 

OMB approved the plan on December 4, 2006. 

Accountability * Integrity * Reliability: 

Legislative Condition #9: Is Reviewed by GAO (Satisfied): 

The expenditure plan, including related documentation and program 
officials statements, satisfies the condition that the plan be reviewed 
by GAO. 

The SBInet PMO provided draft versions of the expenditure plan and 
supporting documentation. 

We conducted our review from October 11, 2006, to December 5, 2006. 

Conclusions: 

The SBInet December 2006 expenditure plan, including related 
documentation and program officials' statements, has satisfied four, 
partially satisfied four and not satisfied one of the nine conditions 
legislated by the Congress. Satisfying the legislative conditions is 
important because the expenditure plan is intended to provide Congress 
with the information needed to effectively oversee the program and hold 
DHS accountable for program results. Satisfying the legislative 
conditions is also important to minimize the program's exposure to 
cost, schedule, and performance risks. 

DHS's approach to SBInet introduces additional risk because the 
program's structure entails a high level of concurrency and lacks a 
maximum quantity or dollar value for the integration contract. 

The current expenditure plan offers a high-level and partial outline of 
a large and complex program that forms an integral component of a 
broader multi-year initiative. However, Congress and DHS need 
additional details of planned milestones, anticipated interim and final 
costs, and staffing to be reasonably assured that the current risk to 
the project's cost, schedule, and ultimate effectiveness is minimized. 

Recommendations: 

To ensure that Congress has the information necessary to effectively 
oversee SBInet and hold DHS accountable for program results, and to 
help DHS manage the SBInet program and ensure that future SBInet 
expenditure plans meet the legislative requirements, we recommend that 
the Secretary of Homeland Security direct the U.S. Customs and Border 
Protection Secure Border Initiative Program Management Office Executive 
Director to take the following three actions: 

* ensure that future expenditure plans include explicit and measurable 
commitments relative to the capabilities, schedule, costs, and benefits 
associated with individual SBInet program activities; 

* re-examine the level of concurrency and appropriately adjust the 
acquisition strategy; and: 

* modify the SBInet systems integration contract to include a maximum 
quantity or dollar value. 

Agency Comments and Our Evaluation: 

In their oral comments on a draft of this briefing, DHS, SBI, and 
SBInet officials generally agreed with our findings. However, they did 
not agree with our assessment that the expenditure plan did not satisfy 
legislative condition #2 which requires the expenditure plan to 
demonstrate how activities will further the goals and objectives of 
SBI's strategic plan. They stated that all SBI net activities link back 
to the overall goal of controlling the border and that the linkage 
between program goals and activities is intuitive. We maintain our 
position that the requirement has not been satisfied because the plan 
and supporting documentation does not directly link SBInet's activities 
to SBI's goals and objectives; therefore, Congress is not in a position 
to understand how SBInet's activities contribute to these goals and 
objectives. 

With respect to our recommendations, DHS, SBI, and SBI net officials 
agreed with our first recommendation on the need for future expenditure 
plans to include explicit and measurable commitments relative to 
capabilities, schedule, costs and benefits associated with individual 
SBI net program activities. SBI and SBI net officials stated that more 
details will be available for future expenditure plans as subsequent 
task orders for the program are awarded. 

DHS, SBI, and SBInet officials took issue with our second 
recommendation that they re-examine the level of concurrency and 
appropriately adjust the acquisition strategy. They stated that they 
understand the risks inherent in concurrency and are addressing these 
risks. However, they have yet to provide evidence that shows they have 
identified the dependencies among their concurrent activities and that 
their risk management framework considers the issue of concurrency; 
therefore, we continue to believe that the level of concurrency should 
be proactively addressed through reexamination and appropriate 
adjustment of the acquisition strategy. 

DHS, SBI and SBInet officials also took issue with our third 
recommendation on modifying the SBlnet integration contract to include 
a maximum quantity or dollar value. They stated that the contract 
already contains a maximum quantity of "6,000 miles of secure U.S. 
border" and that this was sufficient to satisfy the FAR requirement. We 
disagree and continue to believe that a maximum quantity or dollar 
value limit should be included in the integration contract in order to 
ensure that it is consistent with FAR requirements. 

DHS, SBI and SBInet officials also provided clarifying information that 
we incorporated as appropriate in this briefing. 

Attachment 1: Scope and Methodology: 

To accomplish our objective, we analyzed the SBInet fiscal year 2007 
expenditure plan and supporting documentation, comparing them to 
relevant federal requirements and guidance, and applicable best 
practices. 

We reviewed draft versions of the expenditure plan, including versions 
1.0 (November 15, 2006); 2.0 (November 27, 2006); and 2.1 (November 29, 
2006). We also reviewed the final version of the plan submitted to 
Congress on December 4, 2006. 

We interviewed DHS, CBP, SBI, and SBInet program officials and 
contractors. 

We did not review the justification for cost estimates included in the 
expenditure plan. In addition, we did not independently verify the 
source or validity of the cost information. 

We reviewed and assessed available program documentation against 
federal and industry acquisition guidelines and practices, such as the 
Software Engineering Institute's acquisition management processes and 
controls. 

We compared available program documentation to capital planning 
guidance (OMB-A-11) to determine whether the information complies with 
the capital planning and investment controls. 

We conducted our work at CBP headquarters in the Washington, D.C., 
metropolitan area from October 2006 to December 2006, in accordance 
with generally accepted government auditing standards. 

[End of section] 

Appendix II: Comments from the Department of Homeland Security: 

U.S. Department of Homeland Security: 
Washington, DC 20528: 

February 5, 2007: 

Mr. Richard M. Stana: 
Director, Homeland Security and Justice: 
Government Accountability Office: 
Washington, D. C. 20548: 

Dear Mr. Stana: 

Thank you for the opportunity to comment on draft report GAO-07-309, 
"Secure Border Initiative: SBInet Expenditure Plan Needs to Better 
Support Oversight and Accountability." 

The U.S. Government Accountability Office (GAO) found that the SBInet 
expenditure plan, including related documentation and program 
officials' statements, satisfied four legislative conditions, partially 
satisfied four legislative conditions, and did not satisfy one 
legislative condition. CBP intends to fully satisfy each of these 
legislative conditions in the near future in order to minimize the 
program's exposure to cost, schedule, and performance risks. 

For legislative condition 1: CBP has more detailed information about 
the activities, milestones, and cost for implementing the program. When 
the plan was submitted to Congress on December 4, 2006, the SBInet 
prime integrator (Boeing) had been under contract for less than 90 days 
and program plans were in the initial stages of development. Future 
expenditure plans will include actual and planned progress towards the 
SBInet solution. 

For legislative condition 2: One of the goals outlined in the Secure 
Border Strategic Plan is to gain effective control of the borders. 
Effective control is measured in terms of miles, based on situational 
awareness (probability to detect, identify, and classify entries) and 
ability to respond. CBP provided documents to GAO under separate cover 
that reflects the number of miles of effective control for the Yuma and 
Tucson sectors today (baseline), the number of miles of effective 
control for FY 2007, and the total number of miles of effective control 
at the initial operational capability (IOC). 

For legislative condition 4: The GAO indicated in its Briefing on the 
SBInet Expenditure Plan that the Plan "should include a baseline 
measure of operational control of the border" (slide 24). CBP feels 
that the documentation for the 388 miles (see legislative condition 2, 
above) satisfies the baseline measure of miles under control of the 
border. 

For legislative condition 6: CBP recognizes the risk inherent in 
concurrency and is focused on managing this risk, not avoiding it. This 
has been reflected in our risk management database. Our goal is to 
deliver SBInet benefits as soon as possible without taking undue risks. 

For legislative condition 7: CBP remains on plan to begin using Earned 
Value Management (EVM) on the Program Management task order in mid 
February 2007 after a successful Integrated Baseline Review (IBR) has 
been conducted. 

The DHS Privacy Office has reviewed the Privacy Impact Assessment and 
their comments have been incorporated into the document. After a formal 
review/coordination cycle, the document will be resubmitted to the DHS 
Privacy Office for final review and approval. 

CBP agrees that two of the three recommendations are essential to 
successful program management, but does not concur with the 
recommendation to modify the integration contract to reflect a maximum 
quantity. CBP has determined that "miles of secured border" is a 
measurable component and that "6,000 miles of secured border" satisfies 
the intent of the Federal Acquisition Regulation (FAR), which does not 
require a breakdown of what goes into making up that quantity. The 
remaining two recommendations have and will continue to be addressed as 
part of the Program Management Office's (PMO) efforts to balance 
quality, cost, schedule, and accountability for program commitments. 

CBP believes the recommendations contained in this report provide 
useful and collaborative improvements in SBInet program management and 
contract execution. CBP recognizes that attention to details on 
activities, milestones and costs are key to a successful program, and 
are essential elements of program management. The method for achieving 
these goals is detailed in the response to each recommendation. 

Recommendation 1: Ensure that future expenditure plans include explicit 
and measurable commitments relative to the capabilities, schedule, 
costs, and benefits associated with individual SBInet program 
activities. 

Response: Concur. 

CBP will ensure that all future expenditure plans contain the most 
accurate information available at the time of publication. The FY 2007 
expenditure plan was required to be submitted to Congress within 60 
days of enactment of the FY 2007 Department of Homeland Security 
Appropriations Act (P.L. 109-295). When the plan was submitted to 
Congress on December 4, 2006, the SBInet prime integrator (Boeing) had 
been under contract for less than 90 days and program plans were in the 
initial stages of development. Future expenditure plans will include 
actual and planned progress. 

Furthermore, to ensure that Congress is informed of SBInet 
developments, future expenditure plans will report progress against 
commitments contained in prior expenditure plans. CBP will include a 
section in future expenditure plans that addresses and tracks 
milestones and other program commitments made in all prior expenditure 
plans. 

Recommendation 2: Modify the SBInet systems integration contract to 
include a maximum quantity or dollar value. 

Response: Non-Concur: 

The determination has been made to express the maximum quantity for 
subject solicitation as "6,000 miles of secured border". CBP has 
determined that "miles of secured border" is a measurable component; 
therefore, this is deemed the most appropriate approach to defining the 
contract ceiling. 

Recommendation 3: Re-examine the level of concurrency and appropriately 
adjust the acquisition strategy. 

Response: Concur: 

CBP is constantly assessing the overall program as it unfolds and 
adjusting it to reflect progress, resource constraints, refinements and 
changes in requirements, and insight gained from on-going system 
engineering activities. Our goal is to deliver SBInet benefits as soon 
as possible without taking undue risks. While initial activities 
(Project 28, Barry M. Goldwater Range Project, Fence Lab) are being 
conducted in parallel with the up-front program-level system 
engineering, they will serve as risk reduction activities and provide 
lessons learned to the main program level activities. The main 
implementation projects for SBInet deployments to Sectors and the 
Common Operating Picture Project have been aligned to be paced by the 
program-level system engineering activities. This will manage 
concurrency, not avoid it. 

The Department thanks you for the work that was done on this engagement 
and the cooperation received from the GAO team under tight timelines. 

Sincerely, 

Steven J. Pecinovsky: 
Director Departmental GAO/OIG Liaison Office: 

[End of section] 

Appendix III: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Richard M. Stana, (202) 512-8816, stanar@gao.gov: 

Staff Acknowledgments: 

In addition to the person named above, Robert E. White, Assistant 
Director; Deborah Davis, Assistant Director; Richard Hung, Assistant 
Director; E. Jeanette Espínola; Frances Cook; Katherine Davis; Gary 
Delaney; Joseph K. Keener; Sandra Kerr; Raul Quintero; and Sushmita 
Srikanth made key contributions to this report. 

FOOTNOTES 

[1] Pub. L. No. 109-295, 120 Stat. 1355, 1359-60. The Appropriations 
Act required that the expenditure plan be submitted within 60 days 
after the enactment of the act. 

[2] As of December 2006, SBInet personnel included 38 government 
employees and 60 contractor staff. Projected personnel as of September 
2007 includes 113 government employees and 157 contractors. 

[3] The U.S. Border Patrol has 20 sectors responsible for detecting, 
interdicting, and apprehending those who attempt to illegally enter or 
smuggle people, including terrorists, or contraband, including weapons 
of mass destruction, across U.S. borders between official ports of 
entry. 

[4] DHS defines control of U.S. borders as the ability to: detect 
illegal entries, identify and classify entries and determine their 
respective level of threat, efficiently and effectively respond, and 
bring events to a satisfactory law enforcement action. 

[5] FAR 16.504(a)(4)(ii). 

[6] EVM is a management tool to help ensure that work performed for a 
program or project is consistent with cost and schedule goals. 

[7] An enterprise architecture defines how any organization operates 
today and how it plans to operate in the future, and it includes a road 
map for transitioning between the two sets of operations. 

[8] Pub. L. No. 109-295, 120 Stat. 1355, 1359-60. The Appropriations 
Act required an expenditure plan to establish a security barrier along 
the border of the United States of fencing and vehicle barriers and 
other forms of tactical infrastructure and technology. In response to 
this requirement, DHS submitted a plan on December 4, 2006, titled 
"SBlnet Expenditure Plan," that defines SBlnet as "the component of SBI 
charged with developing and installing the technology and tactical 
infrastructure solution for border control." The Appropriations Act 
also required GAO to review the expenditure plan. 

[9] Satisfied means that the plan, in combination with supporting 
documentation, either satisfied or provides for satisfying each 
requirement of the condition that we reviewed. Partially satisfied 
means that the plan, in combination with supporting documentation, 
either satisfied or provides for satisfying some, but not all, key 
aspects of the condition that we reviewed. Not satisfied means that the 
plan, in combination with supporting documentation, does not satisfy 
any of the key aspects of the condition that we reviewed. 

[10] The purpose of the Investment Review Board is to integrate capital 
planning and investment control, budgeting, acquisition and management 
of investments. It is also to ensure that spending on investments 
directly supports and furthers the mission and that this spending 
provides optimal benefits and capabilities to stakeholders and 
customers. 

[11] According to DHS officials, no FY2006 funds were allocated to 
SBlnet activities. 

[12] Other includes activities related to test and evaluation, 
deployment and installation, and integrated logistics support. 

[13] See discussion of legislative condition #1 for a review of planned 
activities and costs. 

[14] OMB, Guidance for Implementing the Privacy Provisions of the E- 
Government Act of 2002, OMB M-03-22 (Sept. 26, 2003). 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts 
newly released reports, testimony, and correspondence on its Web site. 
To have GAO e-mail you a list of newly posted products every afternoon, 
go to www.gao.gov and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office 441 G Street NW, Room LM 
Washington, D.C. 20548: 

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 
512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. 
Government Accountability Office, 441 G Street NW, Room 7125 
Washington, D.C. 20548: 

Public Affairs: 

Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, D.C. 20548: