Summary

The United States Capitol Police (USCP) is responsible for securing the 276-acre Capitol Complex, including protecting Members of Congress, congressional facilities, national treasures, and visitors. In response to heightened security concerns, various requests, and legislative mandates over the years, GAO has reported on management control problems in five key areas: (1) establishing an accountability framework for monitoring recommendations, (2) establishing a risk management framework, (3) ensuring financial management, (4) ensuring strategic and human capital planning, and (5) managing information technology (IT). From January 2004 through March 2007, GAO made 46 recommendations aimed at improving USCP administrative and management operations and achieving strategic goals in these areas. This testimony reports on the status of USCP's efforts to address GAO's recommendations. To conduct its work, GAO analyzed USCP documentation, such as risk matrices, budget documents, and strategic plans. GAO also conducted interviews with USCP officials and contractors on their efforts related to its recommendations. GAO performed this work from October 2007 through April 2008, and updated its work on certain financial management activities in July 2008. USCP generally agreed with GAO's 46 prior recommendations and its findings on the status of those recommendations.

USCP has made significant progress in addressing the 46 recommendations GAO made since 2004. As shown in the table below, USCP has completed actions on 15 recommendations, is making progress toward addressing 30 recommendations, and has not made progress on 1 recommendation. With respect to the five areas, the status of USCP's efforts to address GAO's recommendations is as follows: (1) Accountability Framework for Monitoring Recommendations: USCP has completed actions on creating a framework to monitor progress on addressing GAO's recommendations and on reporting this progress to appropriate congressional committees and the USCP Police Board. (2) Linking Resources to Risks, Threats, and Vulnerabilities: USCP has taken steps to complete risk assessments for 18 of the 19 congressional facilities. However, additional actions will be required to adequately test and review its overall risk management approach. (3) Financial Management: USCP has completed actions on 8 GAO recommendations, including preparing its first full set of financial statements. USCP is making progress in addressing another 15 recommendations related to staffing, training, policies, procedures, and internal controls. (4) Human Capital Management: USCP has implemented one recommendation by adopting a hiring policy and is making progress on seven other recommendations related to workforce planning and training. USCP has not yet addressed a ninth recommendation to monitor and evaluate the results of its strategic workforce plan because this plan is still being developed. (5) Information Technology: USCP has implemented four recommendations related to IT management capabilities and is making progress toward implementing the remaining five recommendations related to enterprise architecture, IT investment management, information security, and continuity of operations planning.