[July 18, 2011] House Homeland Security Subcommittee on Oversight, Investigations, and Management Hearing Tweet Jul 18, 2011 (Congressional Documents and Publications/ContentWorks via COMTEX) -- Good morning Chairman McCaul, Ranking Member Keating and distinguished Members of the Subcommittee: I am Charles K. Edwards, Acting Inspector General of the Department of Homeland Security (DHS). Thank you for inviting me to testify today about the Department's contracting and acquisition policies. As you know, the DHS Office of Inspector General (OIG) was established in January 2003 by the Homeland Security Act of 2002 by amendment to the Inspector General Act of 1978. The DHS OIG seeks to promote economy, efficiency, and effectiveness in DHS programs and operations and reports directly to both the DHS Secretary and the Congress. We fulfill our mission primarily by issuing audit, inspection, and investigative reports that include recommendations for corrective action, and by referring cases to the United States Attorney General for prosecution. I am pleased to have the opportunity to testify about two of our audit reports today. I will describe some of the serious challenges facing DHS in acquisition management, the steps DHS has taken, and its progress, in addressing those challenges, as well as provide details regarding further improvements the Department can make, specifically in its oversight of components' acquisition programs and acquisition of detection equipment. Background Acquisitions consume a significant part of the Department of Homeland Security's annual budget and are fundamental to the Department's ability to accomplish its mission. In fiscal year (FY) 2010, DHS awarded over $13 billion for more than 88,000 procurement actions. The Under Secretary for Management (USM) is responsible for the overall DHS acquisition process. As the Department's Chief Acquisition Officer, the USM is responsible for managing, administering, and overseeing the Department's acquisition policies and procedures. The USM delegates the responsibility for effective department-wide procurement policies and procedures, including procurement integrity, to the Chief Procurement Officer (CPO). The Office of the CPO (OCPO) is responsible for oversight of most DHS acquisition activities and services, including management, administration, and strategic sourcing, and excluding financial assistance activities. OCPO responsibilities also include developing and publishing department-wide acquisition regulations, directives, policies, and procedures. The USM also delegates the responsibility for developing and implementing the governance processes and procedures for program management over DHS' various acquisition programs to the Acquisition Program Management Division (APMD). Separation of the OCPO procurement management responsibilities for acquiring goods and services and APMD's program management of the acquisition process provides a layered approach to DHS' acquisition oversight. Steps Taken by DHS to Improve Its Acquisitions Management In 2003, the Government Accountability Office (GAO) listed implementing and transforming the Department of Homeland Security on its high-risk list.1 GAO stated that the Department's efforts to integrate 22 independent agencies into a single department was an "enormous undertaking," partly because many of the major components faced at least one management problem, including financial management vulnerabilities. In a 2011 update, GAO noted that acquisition management weaknesses have prevented major programs from meeting capability, benefit, cost and schedule expectations. 2 To address management challenges, GAO recommended "validating key acquisition documents during the acquisition review process."3 In September 2005, we published a report identifying significant weaknesses that threatened the integrity of the Department's procurement and program management operations.4 We made five recommendations to address the vulnerabilities in the Department's acquisition operations. DHS concurred with all five recommendations and agreed to move ahead with expanded procurement ethics training, enhancement of oversight, and establishment of a departmental program management office to address procurement staff shortages and staff authority. Since our 2005 report, DHS has implemented management directives and organizational changes, and developed acquisition training programs intended to identify inefficiencies in the acquisition process and prevent procurement ethics violations. In November 2008--recognizing the continued increase in the quantity and complexity of DHS acquisitions--the Chief Acquisition Officer classified acquisitions into three levels to define the extent and scope of required project and program management and the specific official who serves as the Acquisition Decision Authority. For level 1 acquisitions (greater than or equal to $1 billion), the Acquisition Decision Authority is at the Deputy Secretary level. For level 2 acquisitions, ($300 million to $1 billion), it is the Chief Acquisition Officer. For level 3 acquisitions (less than $300 million), the Acquisition Decision Authority is at the Component Head level. Acquisition Management Directive 102-01, Revision No. 1 (Directive 102-01), also identifies specific alternate Acquisition Decision Authorities for each level. Figure 1 is an overview of the actions DHS has taken since 2005 to improve its acquisition program. Figure 1. Milestones in DHS Procurement and Program Management While the Department has taken these and other significant steps to improve its acquisition oversight processes and controls, our report OIG-11-71, DHS Oversight of Component Acquisition Programs (April 2011) identified additional areas for improvement, including improved guidance to components regarding their use of the next Generation Periodic Reporting System (nPRS), an integrated system that provides visibility to the Department to track components' level 1, 2, and 3 acquisition investments. Additional DHS Oversight Needed for Component Acquisition In DHS Oversight of Component Acquisition Programs, we recognized that the Department has made improvements to its acquisition oversight processes and controls through implementation of a revised acquisition management directive. However, the Department needs to provide additional detailed guidance and improve controls in some areas. The Department has not fully defined an acquisition program for its components, or developed consistent guidance for reporting acquisitions in its standard system. In addition, the Department did not ensure that components were using all acquisition tools available and that all components had adequate policies and procedures in place to manage acquisition programs. As a result, components created program management offices to manage simple procurements, incurring unnecessary administrative program costs without adding value to the programs. Additionally, without adequate controls in place, the Department did not have complete visibility of all programs within its acquisition portfolio. Unclear Guidance The Department has not fully defined when a component should manage an acquisition under the requirements of the Acquisition Lifecycle Framework or manage it as a simple procurement. We found that many components were committed to following the Department's guidance but needed more structure for determining when to establish a program to acquire a product or service. We requested a list of all programs from each component and received numerous questions and conflicting responses. Directive 102-01, which prescribes guidance over the Acquisition Review Process, Acquisition Lifecycle Framework, and Acquisition Review Board, establishes the overall policy and structure for acquisition management within the Department. But the directive does not provide a decision-making tool to determine if an acquisition warrants the higher level of internal controls required by the Acquisition Lifecycle Framework. The supplemental Acquisition Instruction/Guidebook 102-01-001 (Guidebook) provides detailed instructions on implementing and managing acquisitions, but also does not provide clear instruction for determining if an acquisition should become an acquisition program, and in attempts to comply with the directive, components over classified programs. For example, the Federal Law Enforcement Training Center (FLETC) is automating many of its manual processes, such as student registration, class scheduling, planning and forecasting, and student records. The estimated total life cycle cost of this automation is approximately $30 million. FLETC personnel contracted out all of the requirements for the program, including requirements analysis, development, and maintenance of an automated system that used commercial off-the-shelf (COTS) equipment and custom software applications. Because of the unclear instructions, instead of creating a simple procurement, FLETC created an acquisition program that may have unnecessarily increased program management administrative cost. We reviewed several acquisition programs that do not clearly fit into the Acquisition Lifecycle Framework process. Ten of the 17 (59%) programs we reviewed, with an estimated life cycle cost of about $5.3 billion, were acquisitions that identified COTS equipment or existing contracts to fulfill the needs identified by the program office. Component personnel likely could have managed these as simple procurements rather than acquisition programs. For example, the Transportation Security Administration (TSA) classified renovation of an existing warehouse building as an acquisition program. It leased the 104,000-square-foot building in 2003 and renovated approximately 89,000 square feet for about $42 million over the initial 10-year leasing period. In 2008, TSA primarily relied on existing contracts to complete 12,500 of the remaining 15,000 square feet of the warehouse building. According to TSA personnel, the renovation for the additional 12,500 square feet cost about $2.5 million, with construction completed in January 2010. For this small renovation project, TSA personnel could have used simple procurement rules but instead increased administrative costs by implementing the more complicated internal control structure prescribed in Directive 102-01. Based on the definition of an acquisition program in the Guidebook, this renovation could possibly be an acquisition program. However, based on the processes and procedures laid out in Directive 102-01's Acquisition Lifecycle Framework and Acquisition Review Process, this renovation does not meet the intentions of the existing guidance or present a high enough level of risk to warrant the increased costs of being managed as a program. Components should not create acquisition programs for acquiring products and services that are outside the intent and spirit of Directive 102-01. The Department can reduce some of the conflicts at the component level by developing a decision matrix that the components can apply in the pre-planning phases of the purchasing process. Use of Available Tools The APMD and the Office of the Chief Information Officer developed and currently maintain nPRS. nPRS is an integrated system that provides DHS headquarters visibility of components' level 1, 2, and 3 acquisition investments. It can also store working and approved key acquisition documents, earned value management information, and risk identification. Component personnel are responsible for entering and updating information regarding their acquisition programs in nPRS. This information includes, but is not limited to, cost, budget, performance, and schedule data. Tools available within nPRS include the following: * Current and previous contract award data with earned value management * Previous, current, and future budget and funding * Cost, schedule, and performance status based on Acquisition Program Baseline parameters * Information technology program milestone schedule and cost variances * Acquisition Decision Memorandum forms that track action items issued by the Acquisition Review Board * Key documents approved by DHS headquarters or components, such as the Mission Needs Statement, Acquisition Plan, and Acquisition Program Baseline The Department has not ensured or mandated that components use all available tools and supporting programs, including nPRS, to provide transparency and efficiency of component acquisition programs. As a result, some components have developed systems comparable to nPRS. According to APMD personnel, nPRS allows components to create a copy of nPRS software and integrate it to meet their needs. The copy, which is called the nPRS Sandbox, allows the components to duplicate the nPRS software and to use the already developed nPRS as their oversight tool for draft documents and approval of documentation and earned value management, as well as cost and schedule status. The component's Sandbox copy of nPRS is not visible by DHS headquarters or other components because nPRS restricts access to authorized users. As of July 2010, TSA, the Federal Emergency Management Agency (FEMA), and the DHS Chief Financial Office had requested use of the nPRS Sandbox feature. Component personnel have developed, or are in the process of developing, their own data-tracking systems because the Department has not consistently mandated use of nPRS or its tools. For example: * TSA hired and spent approximately $100,000 for a contractor in 2005 to develop the TSA Acquisition Program Status Report, which served as its data-tracking system. As of June 2010, TSA had merged its acquisition program portfolio, levels 1, 2, and 3, into nPRS and will no longer use the TSA Acquisition Program Status Report. As of August 2010, nPRS is TSA's official tracking system for acquisition programs. * FEMA, Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), and U.S. Secret Service (USSS) use internally developed systems based on software programs such as Microsoft SharePoint. * CBP personnel were in the process of developing an additional database to track acquisitions throughout the Acquisition Lifecycle Framework. We were not able to determine the cost of this tracking database. According to CBP personnel, the database development was a verbal agreement between CBP personnel and the contractor. The statement of work under which the contractor was performing other work for CBP did not contain any mention of the verbal agreement. The USM has not consistently mandated and ensured that components use nPRS for all level 1, 2, and 3 acquisition programs. Inconsistent Reporting In addition to the fact that not all components use nPRS for all level 1, 2, and 3 acquisition programs, the information entered into nPRS was not reported consistently. For the 17 acquisition programs we reviewed, with an estimated life cycle cost of about $9.6 billion, we found that components were not completing and reporting all key information in nPRS. Component personnel reported 16 of the 17 programs reviewed (94%) into nPRS; however, despite detailed nPRS guidance, not all reports contained the required information. For example, only 7 of 17 programs (41%) reported Acquisition Program Baseline required milestones, which establish the overall acquisition cost, schedule, and performance values. Only 13 (76%) programs reviewed contained required key documentation. Key documents include the mission needs statement, acquisition plan, operational requirements document, integrated logistics support plan, and the acquisition program baseline. Since nPRS became operational in 2008, the Department has issued conflicting guidance and enforcement for reporting level 1, 2, and 3 acquisition programs. The conflicting verbal and written guidance confused component personnel, who were not sure whether to report all acquisition programs or only level 1 and 2 programs. In May 2010, the USM issued a list of major acquisition programs that identified 86 level 1 and 2 acquisition programs and elevated some level 3 acquisition programs for departmental oversight. According to APMD personnel, the USM and components jointly create the major acquisition program and project list. The APMD obtains information from nPRS and requests updated information from the components regarding their current number of acquisition programs. Once APMD personnel receive the information, they create the final list and the USM signs and issues the new list. As of July 2010, we identified six acquisition programs listed by the USM not reported in nPRS. We also identified five level 1 and 2 acquisition programs reported in nPRS but not by the USM. When we asked USM personnel about the differences, they said that the differences were due to timing issues. However, we were not able to verify this. Table 1 compares the list of acquisition programs in the May 2010 USM memo with the nPRS database as of July 2010. Table 1. Acquisition Program Reporting System Inconsistencies To identify the number of acquisition programs in the Department, we requested a list of all programs from nPRS, but the USM could provide only level 1 and 2 acquisition programs. In March 2010, we asked the components to provide us with a list of all level 1, 2, and 3 acquisition programs so we could gain a complete inventory of acquisition programs throughout the Department. Though we understand that there may be differences due to timing of our data reviews, the USM needs to make sure that components are consistently reporting all acquisition programs into the standard system. In July 2010, we obtained our last data from nPRS that showed progress regarding the number of level 3 acquisition programs components entered in the system. However, nPRS still does not reflect half of the total number of level 3 programs components reported outside nPRS. In sum, the Department does not always know what is in its acquisition portfolio because of the conflicting written and verbal guidance provided to the components. The USM has not ensured that components report all level 1, 2, and 3 acquisition programs in nPRS, which hinders its ability to have complete visibility into component acquisition programs. By mandating use of nPRS for all acquisition programs, the USM would have visibility into components' acquisition programs and could provide better oversight for its acquisition portfolio. We made four recommendations to the Chief Procurement Officer to strengthen management oversight and controls of component acquisition programs. The Chief Procurement Officer agreed with our recommendations and initiated corrective actions. Department-wide Management of Detection Equipment Our recent audit report, OIG-11-47, DHS Department-wide Management of Detection Equipment (March 2011), highlighted some of the acquisition challenges facing the Department when multiple components have similar requirements or are buying the same type of equipment. We identified steps the Department can take to improve its acquisition processes. With improved management, DHS can streamline the acquisition process, improve efficiencies, and provide uniform equipment inventory information. DHS has eight different procurement offices that purchase detection equipment. Seven of these offices are at the component level, and each has its own head of contracting. These components are as follows: * CBP * FEMA * FLETC * ICE * Office of Procurement Operations5 * TSA * United States Coast Guard (USCG) * USSS Components maintain separate inventories for their detection equipment. For FY 2010, the components had a combined inventory of more than $3.2 billion worth of detection equipment, most of which is deployed. The components purchased an average of about $387 million worth of detection equipment in each of the last 3 years, ranging from about $280 million to $511 million. This equipment includes metal detectors, explosive detection systems, and radiation detectors (including some personal protective safety equipment) for screening people, baggage, and cargo at airports, seaports, and land ports of entry, as well as federal buildings. Our audit work showed that DHS can better manage the acquisition of detection equipment by developing processes based on best practices such as strategic sourcing and developing standard data requirements and nomenclature for inventory management. Strategic Sourcing According to a 2005 memorandum from the Office of Management and Budget: Strategic sourcing is the collaborative and structured process of critically analyzing an organization's spending and then using this information to make a business decision about acquiring commodities and services more effectively and efficiently. This process helps agencies optimize performance, minimize price, increase achievement of socio-economic acquisition goals, evaluate total life cycle management costs, improve vendor access to business opportunities, and otherwise increase the value of each dollar spent. 6 DHS has established a Strategic Sourcing Program and has applied strategic sourcing strategies for many common use items, such as firearms, ammunition, and office supplies; however, the Department is not managing its detection equipment through this program. According to DHS officials, components are encouraged but not required to use the Strategic Sourcing Program and generally do not coordinate and communicate when acquiring detection equipment. There is no mechanism in place for components to standardize equipment purchases or identify common mission requirements among components. For example, the Department's Joint Requirements Council is inactive, and components do not have the expertise of commodity councils or single-item managers to rely on when acquiring detection equipment. Further, components view detection equipment as unique to their missions and do not attempt to identify common mission requirements among other components. This results in numerous inefficient purchases by individual components instead of consolidated purchases. Standardizing Equipment Purchases Some components did not standardize equipment purchases and purchased a variety of different detection equipment models. For example, United States Citizenship and Immigration Services (USCIS) has 24 and CBP has 21 different models of small x-ray equipment, and CBP and USCIS each have 14 different models of walk-through metal detectors. When components have multiple models of equipment to meet similar missions, DHS incurs higher procurement administrative costs and logistic support costs for maintenance, training, and support. In contrast, TSA, which uses and maintains the largest inventory of detection equipment in the Department, uses only seven different models of small x-ray equipment and three models of walk-through metal detectors. By limiting the number of models and types of equipment, TSA is in a position to increase efficiencies in procurement, maintenance, and personnel flexibilities. Common Mission Requirements We identified about $170 million worth of small x-ray machines, metal detectors, and personal and hand-held radiation detectors that DHS could acquire through strategic sourcing strategies. Although multiple components were using similar equipment to meet similar screening missions, each component purchased the equipment separately. Components did not coordinate with each other to identify common requirements, consolidate purchases to gain buying power, or consolidate logistic support requirements. DHS Management Directive 1405 (September 2003) established a Joint Requirements Council (JRC) as a senior-level requirements review board to identify cross-cutting opportunities and common requirements among DHS organizational elements for non-information technology investments. The JRC met periodically between fiscal years 2004 and 2006. Representatives on the JRC reviewed programs and processes for potential mission overlap and redundancies. Among the programs reviewed were TSA's Secure Flight and Registered Traveler and CBP's Consolidated Registered Traveler programs. In 2006, the JRC stopped meeting after the Department assigned the council chair to other duties. However, DHS now recognizes the importance of the JRC and indicated that it might revive the council or pursue another alternative to identify duplicate programs and processes across the Department. This undertaking should include an effort to identify common data elements and nomenclature within inventories and to establish a data dictionary for the Department's detection equipment. In addition to the JRC, commodity councils are an integral element of developing an effective strategic sourcing program. Commodity councils include representatives from across the organization. The members act as the subject matter experts in the acquisition process and in establishing requirements for a specific commodity or service. Generally, the component purchasing the largest quantity of a particular item takes the lead role in acquiring the commodity or service and may serve as that commodity's single-item manager. DHS and other federal agencies use the commodity council concept. For example, in 2003, DHS established the Weapons and Ammunition Commodity Council to create a department-wide strategy for consolidating requirements and gaining economies of scale for the acquisition of weapons and ammunition. The council, which includes representatives from each component that uses weapons, developed requirements for firearms, ammunition, and body armor. ICE took the lead role, using service-level agreements with other components to establish one overall contract, which is available to all DHS entities. Inventory Data DHS inventory systems do not use standard inventory data elements and standard nomenclature for similar detection equipment. Currently, DHS is unable to view consolidated inventory information on detection equipment and must rely on data calls to determine its inventory, including type, model, and value of equipment on hand. Each component manages its inventory through eight separate asset management inventory systems that do not interface, are not compatible, and do not use standardized data descriptions or nomenclature based on a uniform data dictionary. DHS does not have a mechanism in place to identify and assign common data elements to these inventory systems. Without a common data dictionary based on common data elements and nomenclature, the Department is not able to efficiently verify the on-hand balances. As a result, the Department may not be able to evaluate its detection equipment requirements and develop a disciplined logistics function to manage its detection equipment. A GAO report, Framework for Assessing the Acquisition Function at Federal Agencies, emphasizes data stewardship as a critical success factor in managing information systems.7 It identifies the need for consistency among data definitions, sources, controls, and edits routines as a best practice. Seven of DHS' asset management inventory systems, however, are legacy systems. DHS implemented the eighth system for headquarters and those components that did not have an internal procurement function. The component legacy systems support the respective components and continue to operate in stovepipes without interfacing with other components. Headquarters relies on data calls from each component to gather department-wide inventory information. As part of our audit on detection equipment acquisition, the components provided us with detection equipment inventories in response to a data call. The information provided was in nonstandard formats, and data elements and nomenclature were not standardized. CBP sent 32,000 lines of data, with some entries dated as early as 1940, but its original submission still did not include all detection equipment on hand and required a follow-up request to obtain a complete universe. Unless DHS establishes a uniform or common data dictionary, the categories and data descriptions will vary among the components and the Department cannot be sure that the inventory data it relies on are complete and accurate. For example: * One component categorized an explosive detection device as "detection equipment," another categorized it as "security equipment," while another categorized it using specific equipment names, with the nomenclature including the name of the individual assigned the equipment. To establish control, oversight, and visibility of the component inventories and until DHS deploys an integrated system; DHS needs to establish a common data dictionary to standardize data elements across component and headquarters systems. Establishing an inventory data dictionary will assist DHS in developing strategic sourcing strategies and support greater efficiencies in its detection equipment inventories. The Department has agreed in principle with our two recommendations, and is taking action to implement the recommendations. DHS is evaluating reestablishing the Joint Requirements Council and other alternatives to achieve the same goal. It will perform a business case analysis of detection equipment and establish a commodity council or working group if it determines that this equipment can be strategically sourced. Conclusion DHS, established by combining 22 agencies with different legacy systems, missions, and cultures, has made considerable strides in establishing its acquisition management practices and procedures. It has established oversight policies, clarified roles and responsibilities for acquisition, and worked to address staff shortages. It needs to continue improvements that affect its cohesion as a Department and its bottom line. Increased use of tools such as strategic sourcing and a commonly applied definition of an acquisition program will help the components work together to leverage resources. n1 GAO-03-119, High Risk Series: An Update (Jan. 2003). GAO maintains a program to identify government operations that are high risk due to greater vulnerabilities to fraud, waste, abuse, and mismanagement or the need for transformation to address economy, efficiency, or effectiveness. Since 1990, GAO has designated over 50 areas as high risk and subsequently removed over one-third of the areas due to progress made. n2 GAO-11-278, High Risk Series: An Update (Feb. 2011), p. 93. n3 Id., 33-34. n4 OIG-05-53, Department of Homeland Security's Procurement and Program Management Operations (Sept. 2005). n5 In 2004, the Department created the Office of Procurement Operations to provide acquisition services to components that did not have a procurement office. n6 Office of Management and Budget memorandum to Chief Acquisition Officers, Implementing Strategic Sourcing (May 20, 2005). n7 GAO-05-218G, September 2005. Read this original document at: http://homeland.house.gov/sites/homeland.house.gov/files/Testimony%20Edwards.pdf [ Back To TMCnet.com's Homepage ]