Summary
The U.S. Customs Service is conducting a multiyear, multibillion dollar project, the Automated Commercial Environment (ACE), a new trade processing system that is planned to support effective and efficient movement of goods into the United States. By congressional mandate, Customs' expenditure plans for ACE must meet certain conditions, including being reviewed by GAO. This study addresses whether Customs' latest plan satisfies these conditions and provides observations about the plan and Customs' efforts to implement GAO's open recommendations for improving ACE management.
Customs' November 2002 ACE expenditure plan, the fourth in a series of legislatively required plans, provides for certain project management tasks as well as the definition, design, and development of the first release of the second of four planned ACE increments. GAO's analysis of the plan shows that it meets the legislative conditions imposed by the Congress. In its series of reports on Customs' management of ACE, GAO has made a number of recommendations, which Customs is currently addressing. However, Customs has been slow to correct weaknesses in two areas fundamental to effective acquisition management--people and processes. These weaknesses increase the risk that ACE will be late, cost more than necessary, and not perform as intended. While the Customs Modernization Office (CMO) has developed a human capital strategy, neither the strategy nor supporting documentation identifies how the commitments made in the strategy will be met, including what steps will be taken and what resources are needed to execute the steps. Further, based on the strategy's timeline, it will be over a year before the CMO fully implements the strategy. Customs has made slow progress in implementing key acquisition practices, such as project office management and acquisition risk management, which GAO first recommended Customs do in 1999. Since that time many practices have been developed, but almost none of them have been implemented. Additionally, Customs' ACE contractor is conducting system tests in accordance with best practices, initial test results are positive, and indicators suggest the contractor is delivering a quality product. However, Customs is not employing independent verification and validation (IV&V) in overseeing ACE testing, which is one way to mitigate the acquisition weaknesses cited above. Without IV&V, Customs states that it is relying on the contractor's reputation and maturity level as guarantors of system quality, which is not adequate for a complex and risky program like ACE.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change
from "In process" to "Implemented" or "Not implemented" based on our follow up work.
Director:
Team:
Phone:
No director on record
No team on record
No phone on record
Recommendations for Executive Action
Recommendation: To ensure that Customs has the requisite capability to manage its ACE acquisition, the Commissioner of the Customs Service should designate strengthening CMO human capital and acquisition processes as priority matters.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: The Commissioner of Customs (Customs is now known as the Bureau of Customs and Border Protection (CBP)) took steps to designate strengthening the Customs and Border Protection Modernization Office's human capital and Software Acquisition Capability Maturity Model (SA-CMM) processes as priority matters. For example, in its June 2003 and October 2003 reports to Congress, CBP explained that it was particularly focused on strengthening both its human capital management and acquisition processes.
Recommendation: The Commissioner of the Customs Service should direct the Chief Information Officer (CIO) to immediately develop and implement each of the missing Software Engineering Institute Software Acquisition Capability Maturity Model practices for the key process areas discussed in this report, and until this is accomplished, report to its appropriations subcommittees quarterly on the progress of its efforts to do so.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: Customs, now known as the Bureau of Customs and Border Protection (CBP), has taken steps to develop and implement each of the key process areas for the SA-CMM level 2 key process areas and the level 3 acquisition risk management area. SEI assessed the acquisition management of Releases 1 through 4 against the SA-CMM level 2 criteria. On November 5, 2003, SEI assigned the program a level 2 rating, meaning that the program has established basic acquisition management processes. Based on the $1.5 billion budgeted for ACE during fiscal years 2004-2008, implementation of GAO's recommendation will result in an estimated cost reduction to the agency of about $158.6 million. SEI also conducted an unrated assessment of the program's acquisition risk management capability in May 2003. The assessment identified two weaknesses: (1) risk management was not integrated into acquisition planning and (2) a defined organizational process was not used to produce the program's acquisition risk management plan. CBP has addressed these weaknesses by updating its acquisition planning process to include risk management activities and by documenting an acquisition risk management process. CBP's October 2003 report to its appropriations committees reported on the status of these acquisition management improvement efforts.
Recommendation: The Commissioner of the Customs Service should direct the CIO to develop and implement the missing human capital management practices discussed in this report, and until this is accomplished, report to its appropriations committees quarterly on the progress of its efforts to do so.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Not Implemented
Comments: Customs, now known as the U.S. Customs and Border Protection (CBP), has taken several steps to improve human capital management for the Automated Commercial Environment (ACE) program, but has not yet applied a complete set of key practices to the program as we previously recommended. In June 2006, CBP executives approved the Office of Information Technology (OIT) Strategic Human Capital Management Plan, a road map intended to ensure effective management of human capital resources across OIT to address enterprise-wide priorities. An ACE-specific appendix was intended to provide better near- and long-term human capital management practices for the OIT offices involved in ACE development. However, neither the OIT nor the ACE-specific plan addresses the basic tenets of effective human capital management, such as defining the positions needed (including core competencies) to perform core program functions; assessing and inventorying current workforce skills and abilities; assessing any gaps between needed and existing workforce levels and capabilities; and filling identified gaps. OIT officials acknowledged these limitations in the plans and stated that they are developing an implementation plan to address these shortfalls. As of July 2007, the implementation plan had not yet been approved and thus was not available for our review. In the absence of an outcome-based human capital approach for ACE, OIT and program officials reported taking various steps to address ACE human capital needs, including requesting direct hiring authority from OPM, augmenting ACE development with IT functional program management expertise, and offering staff training.
Recommendation: The Commissioner of the Customs Service should direct the CIO to establish an IV&V function to assist Customs in overseeing contractor efforts, such as testing.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: Customs and Border Protection (CBP) established an IV&V function to assist in overseeing ACE and awarded an IV&V contract on December 30, 2004. The IV&V contractor is responsible for reviewing ACE products and management processes and is to report directly to the CBP chief information officer.
Recommendation: The Commissioner of the Customs Service should take steps, as appropriate in light of Customs' merger into the Department of Homeland Security, to have future ACE expenditure plans specifically address any proposals or plans, whether tentative or approved, for extending and using ACE infrastructure to support other homeland security applications, including any impact on ACE of such proposals and plans.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security
Status: Implemented
Comments: Customs, now known as the U.S. Customs and Border Protection (CBP), has established mechanisms to identify opportunities for sharing services between the Automated Commercial Environment (ACE) program and other Department of Homeland Security (DHS) applications. These relationships are addressed in ACE's fiscal year 2007 expenditure plan and its quarterly reports to Congress. For example, the fiscal year 2007 expenditure plan discusses efforts to work with participating government agencies in defining and deploying the International Trade Data System (ITDS), with the stated goal to deliver ACE/ITDS in an integrated and coordinated manner. In this regard, the plan discusses workshops to gather requirements from participating agencies for Release 6, a working group to address these agencies' HAZMAT issues, and efforts to develop data element inputs for ACE from other government agencies. In addition, the quarterly reports to Congress cite coordination efforts with related homeland security programs. For example, the report for the first quarter of 2007 states that Container Security Initiative will be supported by ACE Release 6 and Screening capabilities; Customs-Trade Partnership Against Terrorism is coordinating with ACE Release 5 capabilities to provide both CBP and trade representatives with the ability to view the status of CBP programs; and U.S.-Mexico Border Partnership Plan will coordinate with ACE to implement cargo screening standards derived from partnership plan agreements. ACE does not itself provide infrastructure for other homeland security applications. Rather, ACE and other CBP applications share infrastructure (desktops, clients, and local area networks) at the ports of entry. This infrastructure is purchased and maintained by CBP's Office of Information Technology (OIT) Program Integration Division. Each application, including ACE, is responsible for complying with OIT's infrastructure standards.
