Information Technology: Homeland Security Should Better Balance Need for System Integration Strategy with Spending for New and Enhanced Systems

GAO-04-509 May 21, 2004
Highlights Page (PDF)   Full Report (PDF, 31 pages)   Accessible Text   Recommendations (HTML)

Summary

The Department of Homeland Security (DHS) faces the daunting task of bringing together 22 diverse agencies to lead efforts to protect the homeland. Among the challenges posed by this transformation is integrating these agencies' diverse information technology (IT) systems: mission support, administration, and infrastructure (e.g., networks). GAO was asked to determine (1) whether DHS has defined its IT systems integration strategy and (2) how DHS is ensuring that IT investments made by component agencies (specifically focusing on the Federal Emergency Management Agency, the Transportation Security Administration, and the Coast Guard) are aligned with the department's strategic direction.

DHS is developing an IT systems integration strategy through its ongoing efforts to finalize and implement an IT strategic plan, an enterprise architecture, and IT capital planning and investment control processes. According to the department, these three elements--which are essential parts of a framework for achieving effective systems integration--are areas of focus and planned to be fully in place before the end of 2004. The DHS Chief Information Officer (CIO) attributed the limited progress on the systems integration framework to date to (1) insufficient staffing, (2) higher priority demands (such as establishing a departmentwide e-mail system), and (3) near-term high-payoff opportunities (such as consolidating wireless communication capabilities). In the interim, DHS and its components have taken steps intended to promote the alignment of its components' ongoing and planned IT investments with the department's strategic direction. The steps include (1) subjecting major investments to review and approval by various departmental investment review boards, (2) continuing to have component agencies follow the IT strategic management structures and processes that they had before the department was formed, and (3) having meetings between component staff responsible for IT investments and staff working on the department's IT strategic management framework. GAO corroborated the department's use of this approach through analysis of IT investments being pursued by three DHS components, which the components indicated were representative of their general approach to aligning investments with the department's evolving strategic direction. While these steps have merit, they do not provide adequate assurance of strategic alignment across the department. For example, the second step simply continues the various approaches that produced the diverse systems that the department inherited, while the third relies too heavily on oral communication about complex IT strategic issues that are not yet fully defined--which increases the chances of misunderstanding and missed opportunities for integration. Moreover, the DHS CIO does not have authority and control over departmentwide IT spending--although such control is important for effective systems integration, as shown by GAO's research on successful private and public sector organizations and experience at federal agencies. Until its IT strategic framework is fully defined and effectively implemented, DHS runs the risk that the component agencies' ongoing investments--collectively costing billions of dollars in fiscal year 2004--will need to be reworked in the future, so that they can be effectively integrated and provide maximum value across DHS.



Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Implemented" or "Not implemented" based on our follow up work.

Director:
Team:
Phone:
Randolph C. Hite
Government Accountability Office: Information Technology
(202) 512-6256


Recommendations for Executive Action


Recommendation: In determining the cost-effectiveness of these IT investments, the Secretary of Homeland Security should direct the heads of DHS's directorates and agencies to ensure that full consideration be given to the estimated cost of any future system rework that would be needed to later align the system with the department's emerging systems integration strategy.

Agency Affected: Department of Homeland Security: Directorate of Management

Status: Implemented

Comments: DHS has taken actions consistent with this recommendation. For example, as discussed below, in canceling the eMerge2 system, DHS considered the cost of reworking the system, including building the management capacity to do so, and decided it was cheaper and less risky to rely on existing system capabilities as the means to addressing the department's IT business needs.

Recommendation: The Secretary of Homeland Security should examine the sufficiency of IT spending authority vested in the CIO and take appropriate steps to correct any limitations in authority that constrain the CIO's ability to effectively integrate IT investments in support of department-wide mission goals.

Agency Affected: Department of Homeland Security: Directorate of Management

Status: Implemented

Comments: Consistent with our recommendations, the Secretary examined the sufficiency of IT spending and other authorities vested in the CIO and identified limitations that constrained the CIO's ability to effectively integrate IT investments. As a result of this examination, the Secretary issued a management directive (MD 0007.1, Information Technology Integration and Management) in February 2007 that provided the CIO additional authorities with regard to department and component IT management, including (1) reviewing and approving all department and component IT acquisitions over $2.5 million; (2) reviewing and approving the components' annual IT budget submissions; (3) providing component CIOs with written performance objectives; (4) helping prepare component CIOs' performance appraisals; and (5) collaborating with component heads in recruiting and selecting component CIOs.

Recommendation: Until DHS's strategic IT management framework is completed and available to effectively guide and constrain the billions of dollars that it is spending on IT investments, the Secretary of Homeland Security should direct the heads of the department's directorates and agencies to limit spending on their respective IT investments to cost-effective efforts that are congressionally directed; take advantage of near-term, relatively small, low-risk opportunities to leverage technology in satisfying a compelling homeland security need; support operations and maintenance of existing systems critical to DHS's mission; involve deploying an already developed and fully tested system; and support establishment of a DHS strategic IT management framework, including IT strategic planning, enterprise architecture, and investment management.

Agency Affected: Department of Homeland Security: Directorate of Management

Status: Implemented

Comments: DHS has taken actions consistent with our recommendation. For example, in September 2005, DHS canceled a major border security IT system investment, called American Shield Initiative, due to serious concerns about, among other things, the system's alignment with the department's enterprise architecture. Similarly, in December 2005, DHS canceled a key department-wide financial management system investment called eMerge2 because further investment in the project was viewed as high risk. Instead, the department adopted the low risk approach of satisfying its financial management needs via existing systems.