Summary
In 2003 GAO designated the merger of 22 separate federal entities into the Department of Homeland Security (DHS) as a high risk area because of the criticality of the department's mission and the enormous transformation challenges that the department faced. Given that the effective use of information technology (IT) is a critical enabler of this merger, GAO has previously reported on a number of DHS efforts aimed at institutionalizing an effective information and technology governance structure and investing in new IT systems that are intended to better support mission operations. Now that DHS has been operating for over a year, GAO was asked to, based largely on its prior work, describe DHS's progress in meeting its information and technology management challenge.
DHS's overall IT challenge is to standardize and integrate the legacy system environments and management approaches that it inherited from its predecessor agencies, while concurrently attempting to ensure that present levels of IT support for critical homeland security operations are not only maintained but improved in the near term. To accomplish this, the department is in the process of instituting seven information and technology management disciplines that are key elements of an effective information and technology management structure. DHS's progress in institutionalizing these key information and technology management elements has been mixed, and overall remains a work in progress. Such progress is not unexpected, given the diversity of the inherited agencies and the size and complexity of the department's mission operations. Nevertheless, because DHS has not yet fully institutionalized these governance elements, its pursuit of new and enhanced IT investments are at risk of not optimally supporting corporate mission needs and not meeting cost, schedule, capability, and benefit commitments. Accordingly, GAO has previously made recommendations relative to most of these areas to the department's chief information officer and other responsible DHS entities. Lastly, DHS has developed a draft IT strategic plan, which GAO finds lacking in explicit goals, performance measures, milestones, and knowledge of whether it has properly positioned IT staff with the right skills to accomplish these things.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change
from "In process" to "Implemented" or "Not implemented" based on our follow up work.
Director:
Team:
Phone:
Randolph C. Hite
Government Accountability Office: Information Technology
No phone on record
Recommendations for Executive Action
Recommendation: To strengthen DHS's IT strategic planning process, the Secretary of Homeland Security should direct the CIO, in conjunction with the DHS CIO Council, to establish IT goals and performance measures that, at a minimum, address how information and technology management contributes to program productivity, the efficiency and effectiveness of agency operations, and service to the public.
Agency Affected: Department of Homeland Security: Directorate of Management: Chief Information Officer
Status: Implemented
Comments: DHS has taken actions consistent with our recommendation. Specifically, DHS established its key IT initiatives and associated goals as part of its 2005-2006 Information Technology Strategy, which links key IT initiatives and goals to DHS's overarching mission and goals, such as providing service to the public and increasing the efficiency and effectiveness of agency operations and program productivity.
Recommendation: To strengthen DHS's IT strategic planning process, the Secretary of Homeland Security should direct the CIO, in conjunction with the DHS CIO Council, to establish milestones for the initiation and completion of major information and technology management activities.
Agency Affected: Department of Homeland Security: Directorate of Management: Chief Information Officer
Status: Implemented
Comments: DHS has taken actions consistent with this recommendation. As part of its 2005-2006 Information Technology Strategy, the department established milestones for the initiation and completion of its key IT initiatives. For example, the strategy stated that implementing a DHS wide email/active directory was a key initiative and established fiscal year 2005 as the timeframe for completing the effort. It also identified the creation and implementation of a data management center of excellence as a key initiative and established the first quarter of fiscal year 2005 as the timeframe for completion.
Recommendation: To strengthen DHS's IT strategic planning process, the Secretary of Homeland Security should direct the CIO, in conjunction with the DHS CIO Council, to analyze whether DHS has appropriately deployed IT staff with the relevant skills to obtain its target IT structure and, if it does, whether they are allocated appropriately.
Agency Affected: Department of Homeland Security: Directorate of Management: Chief Information Officer
Status: Implemented
Comments: DHS has taken actions consistent with this recommendation. Specifically, in developing the department's May 2005 IT human strategic capital plan (for 2005-2010) and related planning documents, the CIO and key human capital officials analyzed whether DHS had appropriately deployed IT staff with the relevant skills. In particular, the offices of the CIO and Chief Human Capital Officer, working with the CIO Council's Human Capital Resource Center, together performed a gap analysis between existing and future skills needs and began examining strategies for reducing identified gaps. As part of these efforts, they also developed and issued a plan (in March 2006) to mitigate the risk of developing, operating, and maintaining department systems until existing IT skill gaps are reduced.
