311 Cannon House Office Building
Chairman Duncan, Ranking Member Barber, and Members of the Subcommittee, thank you and good afternoon. Today I will discuss efforts we are making at headquarters and across the Components at the Department of Homeland Security (DHS) to ensure effective delivery of IT programs to support the missions of DHS. My 26 years of experience in public and private sector large scale IT organizations has given me unique insight in how to effectively leverage IT to support the mission and business needs of a large organization.
I will first describe what DHS is doing as an enterprise to support delivery of mission capabilities, with particular emphasis on how we are working to systemically improve our acquisition and program management capabilities to ensure successful delivery of programs. Second, I will highlight four major programs that support our border security and immigration missions, namely the United States Custom and Border Protection’s (CBP) TECS Modernization, CBP’s Automated Commercial Environment (ACE), U.S. Citizenship and Immigration Service’s (USCIS) Transformation, and U.S. Immigration and Custom Enforcement’s (ICE) Detention and Removal Operations Modernization (DROM).
Improving DHS’s Ability to Deliver Successful IT Programs
When I evaluate the health of an IT program, I focus on three areas: whether a program has the correct management structure and the proper set of skilled and experienced individuals to fill key program management roles; proper alignment of key stakeholders and oversight to help address issues that may arise; and whether the program is leveraging program, project, and technical best practices to minimize program risk and therefore maximize its chance for success. It is important to note during this period of fiscal austerity that all three contribute directly to a program’s ability to deliver as efficiently and cost effectively as possible. Below I provide more detail on each of these three key areas, with particular focus on how DHS is, as an enterprise, working to mature our institutional capability in each.
Program Management Structure, Skills, and Experience
Programs are not successful when they lack experience and skills in critical program management positions or a solid program management office (PMO). For large, complex IT programs, having a program manager (PM) who has successfully managed and delivered numerous IT programs is vital.
Large, complex IT programs vary greatly, so there is not one model that fits every program. While every program should have a qualified program manager, additional positions vary based on its complexity and should be considered on a case-by-case basis. The following positions, however, are typically core, and programs lacking solid individuals filling these positions at higher risk: systems architect; data architect; requirements manager; development and integration manager; test manager; configuration manager; operations manager; contracting officer; and contracting officer’s representative.
In addition to the above core positions, when organizations embark on large IT programs, it is critical to ensure the right business or mission owner involvement. It is necessary to have full-time representatives of the business who can not only successfully work within the program to define requirements of the system, but also help the PMO make the trade-off decisions that are a constant in a program. In assessing a program, I look for individuals who are steeped in the current process end-to-end, who have true credibility with senior management, and who demonstrate flexibility to deal with unending change as a program unfolds and matures. While we often need strong contractor teams to help execute large complex programs, successful PMOs are staffed with strong government staff who can provide the leadership and oversight necessary to direct the work. It is essential that each program find the approximate mix of federal and contractor personnel to staff their PMO and ensure the PMO is fully integrated.
DHS is taking aggressive steps to ensure that we can properly staff our major IT programs with skilled and experienced personnel. We have a number of training programs, most notably a PM certification course. In addition to a standard PM certification, we have additional specialty courses for PMs that run IT programs. Further, we have course tracks in other key skill areas as outlined above, to include requirements engineering, systems engineering, and test and evaluation methodologies. Finally, we have built into our program evaluation criteria the recognition that the PMO is key to success. The skills and experience of the staff in the PMO is the most heavily weighted criteria in how we evaluate our IT programs.
Even the best program manager will have challenges if the governance model does not work. Governance drives alignment amongst key decision makers in an organization. We have heard for decades that IT programs fail because of ill-defined requirements or poorly managed requirements scope throughout the life cycle of a program. While true, this is a symptom of a more fundamental underlying cause: the inability for all key stakeholders in a program to be “on the same page” in defining desired outcomes and approaches to meet those outcomes.
Change is inevitable in all IT programs, so achieving such alignment is not a one-time event occurring at the start of a program. Alignment is an on-going process that is critical throughout an investment’s strategic planning, design, and development, as well as its implementation; hence, governance must be viewed as a full life-cycle process. Sometimes the change is significant, making on-going alignment even more crucial to successfully driving the promised Return on Investment (ROI) and ensuring accountability. Further, for complex IT systems, there are at least a half-dozen stakeholder organizations that must be aligned, to include the strategy organization, business or mission owner of the system, IT, finance, procurement, security, and privacy. Ensuring all key stakeholders are involved in key decisions is an essential element to assuring genuine alignment.
Based on my experience, establishing a strong, active program governance board is required to ensure such alignment. Program governance boards provide guidance, decision-making, and oversight of one or more programs. The function of the program governance board is not to usurp the authorities of the PM, but rather to provide a forum by which the PM can bring key issues and trade-off decisions to an informed, empowered body that has a vested interest in that program’s success and that views the PM as a trusted advisor and true subject matter specialist. In today’s environment of more modular and agile development, a program in design or development should have a program governance board that meets no less than monthly, and in some cases weekly, depending on the type of program and life-cycle stage of the investment. Not only does an active program governance board support accountability, it also fosters transparency.
Within DHS, we have developed a management directive and are maturing our program governance processes. At the enterprise level, we have a governance board known as the Acquisition Review Board (ARB), chaired by the DHS Undersecretary for Management and with all the DHS Lines-of-Business as members, which has ultimate authority over all DHS programs. DHS has embarked on a tiered governance model in which Executive Steering Committees (ESCs) are chartered by the ARB to provide governance of a program or related set of programs. While not fully implemented across all programs, the ESC structure is chartered for programs rated at higher risk. Of the 88 major IT programs, my office (DHS Office of the Chief Information Officer or OCIO), working with the DHS Program Accountability and Risk Management Office (PARM), has identified 16 programs that would immediately benefit from the governance model of an ESC. I am pleased to write that all 16 of those programs now have the oversight of an ESC. Further, I am personally involved or have a senior representative from my office as a member of each of these ESCs.
In addition to the tiered governance model, DHS OCIO partners with PARM to monitor all major programs based on monthly status reporting from each program. If a major IT program is showing negative indicators in monthly reporting, we will hold a Techstat on the program, which is a program review to identify the issues affecting the program along with a set of remediation actions to address the issues. Within the last two weeks, a Techstat on one program resulted in 11 remediation actions, to include the establishment of an ESC for the program.
IT Program and Technical Best Practices
Even with a solid PMO and proper governance, it is critical that IT programs leverage the practices and tools that are appropriate for the work at hand. Using the proper methods to capture requirements, complete a systems design, implement a configuration management process, and properly test the system are just a handful of the myriad practices that must be implemented in a large IT program. Even a skilled and experienced set of individuals cannot be expected to deeply understand current best practices in all areas, so it can be greatly beneficial for programs to acquire guidance and help from subject matter experts in varied disciplines that cross the program, project, and technical disciplines.
Within DHS, we are implementing such a model under what we call our Acquisition and Program Management Centers of Excellence (A&PM COEs). The COEs provide a number of services to programs to include: 1) development or adoption of proven practices, guidance, document templates and examples; 2) support program management workforce development through development of training programs and mentoring; 3) expert support (support the standup of new programs; support program reviews; and provide subject matter expertise for programs that have skills gaps or are struggling; 4) identification and development of enterprise tools to enable more effective program management; and 5) identification of program health criteria that recognizes what program success looks like.
To date, DHS has established eight COEs to support programs, including COEs for program management (to include schedule and, risk management as well as life cycle logistics), cost estimating and analysis, enterprise architecture, systems engineering, requirements engineering, test and evaluation, privacy, and accessibility. A key to making this work is to draw from expertise across DHS, so individuals from each Component can participate in their particular area of expertise. Through this federation, we work to create communities of practice bringing ideas from across DHS that strengthen the work of each COE. While we have made significant progress in establishing COEs, we continue to work on maturing our efforts, and plan to review the need for additional COEs in years to come.
Key DHS Programs Supporting Border Security and Immigration
The remainder of the testimony highlights a number of key IT programs, both in terms of how they support DHS missions in border security and immigration, and how we are leveraging the work outlined above to improve the delivery of these major IT programs.
CBP - Automated Commercial Environment (ACE)
ACE is a multi-year program with sunk costs of $3.2 billion to modernize the business processes essential to securing U.S. borders, speeding the flow of legitimate shipments, and targeting illicit goods. ACE modernizes and enhances trade processes and forms the backbone for the “single window” through which the international trade community will electronically provide all information needed by federal agencies for the import and export of cargo. The ACE program is essential to improving the ability of CBP’s agents and officers and those of 47 Partner Government Agencies (PGAs) to assess cargo for security, health, and safety risks, while speeding the flow of legitimate trade and ensuring compliance with U.S. trade laws.
Cost and Schedule Performance
In 2010, the program was placed on the Office of Management and Budget’s (OMB) list of 26 troubled federal IT projects. In addition, the DHS ARB placed ACE on a pause status while the program worked to address its issues. Since that time, CBP, with the support of DHS and OMB, has worked aggressively to turn the program around. While parts of ACE are in operations and maintenance, much functionality remains to be developed. Therefore, working with DHS, CBP has developed a plan for the completion of core trade processing capabilities in ACE and decommissioning the legacy system within approximately three years. A key component of this plan is the implementation of an agile software development methodology which focuses on the production of smaller pieces of functionality more frequently, resulting in a more flexible user-focused development process. CBP’s plan addresses the priorities identified by internal system users as well as key trade community and PGA stakeholders: cargo release, entry summary edits, and exports.
With respect to the program’s funding strategy, CBP has made great progress in reducing ACE Operations and Maintenance (O&M) costs and identifying internal sources of CBP funds to support remaining ACE development and migration.
CBP has addressed a number of basic organizational and governance challenges as it administered the ACE program. Based on direction from the ARB and with DHS’s support, CBP responded with program changes as documented in the ACE Improvement Plan submitted to OMB. Specifically, CBP has:
- Established an ACE Business Office in the Office of International Trade to better define business needs through an enhanced business requirements process
- Increased stakeholder engagement through the establishment of an Executive Steering Committee (ESC) that includes all levels of DHS and CBP leadership.
- Also increased engagement with all impacted CBP program offices, volunteer government field personnel serving as ACE Ambassadors, the Trade Community, and Partner Government Agencies
- Defined baseline needs through an enhanced business requirements process
- Executed a new approach for the development of functionality by building in modular components that treat each piece of distinct functionality as a separate project for frequent delivery of smaller segments of functionality
- Conducted more effective oversight of contractors through greater internal controls and governance.
CBP has taken significant steps to reposition ACE for success. Skills gaps in the ACE PMO were identified and are being addressed; the PMO is working well and has embedded business expertise. As noted above, the governance model has been strengthened with the addition of an ESC chaired by the Deputy Commissioner. Finally, the program has worked closely with a number of the PM COEs to ensure best practices are being leveraged across the program. For instance, technical complexity is being reduced by transitioning the program to a simplified architecture that relies less on a large stack of complex proprietary solutions and more on a few well-proven open source technologies. This will greatly simplify development, and allow rapid integration of the solution so that it can be quickly fielded in an incremental fashion.
The program is also embedding domain knowledge experts in the development process to help ensure frequent and timely feedback to developers as the solution is produced, greatly reducing requirements uncertainty and allowing for the program to adjust to changing requirements rapidly. The program is using a feature-based approach to manage requirements to achieve formal software releases every six months. This shorter and iterative release cycle is being mandated to ensure value is quickly realized by the CBP agents and officers along with other PGAs in the field on a regular recurring schedule.
The strong program governance and organizational changes, active stakeholder engagement and support, and sound funding strategy demonstrate that the program is on the right course.
CBP - TECS Modernization
TECS (no longer an acronym) is a key border enforcement system supporting the screening of travelers entering the United States and the screening requirements of other federal agencies used for law enforcement and benefit purposes. TECS supports more than 70,000 users who represent more than 20 federal agencies responsible for traveler processing, investigations, vetting, entry/exit, and research requirements. The TECS Modernization program is primarily focused on modernizing server infrastructure, databases, and user interfaces to sustain and improve current screening capabilities well into the future. The program also provides for highly scalable functionality that meets constantly emerging screening requirements. Some of the mission benefits of modernizing TECS include: enhancing the capability to protect the Nation from the entry of individuals who may pose a threat to national security or public safety; ensuring the efficient flow of lawful people crossing U.S. borders; and enabling effective decision-making through improved information sharing.
The modernization of the legacy TECS system is being accomplished through two separate programs, one within CBP and the other within ICE. Each is funded and being executed separately. While both modernization programs remain focused on continued support of each agency’s unique mission, each program coordinates common interests regarding planning, development, and data migration efforts.
Cost and Schedule Performance
TECS Mod began the eight year modernization effort in 2008, and is on track to complete the project in 2015 as scheduled. TECS is being modernized incrementally with five projects that focus on major functional areas. These projects are: Secondary Inspection (SI); High Performance Primary Query and Manifest Processing (HPPQ); Travel Document and Encounter Data (TDED); Lookout Record Data and Services (LRDS); and Primary Inspection Processes (PIP).
Functionality, such as Secondary Inspection, has already been delivered and is being used successfully at ports of entry. In 2013, TECS Mod will deliver additional capabilities that were designed and developed in previous years. Operational Testing for the High Performance Primary Query, Travel Documents and Encounter Data, and the Lookout Records and Data Services Projects will begin in 2014.
Currently the TECS Modernization program is on schedule to complete by the end of FY 2015 as detailed in the Acquisition Program Baseline. Some of the major accomplishments to date include:
- LRDS Watch List Service, which provides terrorist records to DHS, activated August 2010
- Secondary Inspection to all Air/Sea Ports Of Entry (POEs) implemented May 2011 and deployed Secondary Inspection to two Land ports of entry (POEs) in November 2012 for operational testing
- High Performance Primary Query (HPPQ) Service for Advance Passenger Information System activated in November 2012
- HPPQ Initial Operation Capability (IOC) met on February 1, 2013.
USCIS - Transformation
In 2008, USCIS embarked on a program to transition the Agency from a fragmented, paper-based operational environment to an integrated, paperless, electronic operational environment. The new operational environment, known as USCIS Electronic Immigration System (ELIS),enables customers to file requests for immigration benefits and USCIS officers to adjudicate those benefit requests within the same system. USCIS ELIS heavily leverages proven methods from the Government and the private sector to meet mission requirements for improved efficiency, quality, customer service, and features that support our national security. USCIS ELIS is a person-centric system that is already improving collaboration and information sharing within DHS and with other Federal agencies.
USCIS launched the first release of USCIS ELIS in May 2012. This release delivered the foundational technology components and basic end-to-end capabilities for applicants for certain benefit types using Form I-539, “Application to Extend/Change Nonimmigrant Status.” This release included capabilities for online account set-up, electronic filing, security checks, case management, direct electronic correspondence with customers, and issuance of notices and decisions to customers. Feedback on USCIS ELIS performance from USCIS staff and customers has been positive.
Cost and Schedule Performance
The USCIS Transformation, when started in 2008, used a traditional “waterfall” approach to development and a single contractor as a lead systems integrator. The initial requirements development process took almost two years and development for the first release required an additional 14 months, including seven months of testing and defect remediation. Although the initial release included much of the basic functionality to support the future development of additional benefit product lines, USCIS determined that such an approach was not sustainable in the long-term.
After the initial release in May 2012 USCIS decided to temporarily reduce the size of the contractor team while it transitioned to an agile development process and put in place improved governance mechanisms, with the intention of ramping up the program up again once these were in place. During 2012, as the program improved its agile approach, the number of agile teams was increased from three to six. The program intends to eventually scale up to 12 agile teams of approximately 10 developers and testers each, in order to reach Final Operating Capability as quickly as possible. A Lifecycle Cost Estimate (LCCE) and a roadmap have been completed for the program.
The difficulties in delivering the first release prompted USCIS, in collaboration with the DHS OCIO, PARM, and the Federal Chief Information Officer (CIO) to conclude that there were fundamental issues in the USCIS Transformation program management structure and skills, the role and performance of the lead systems integrator, the overall governance framework, the technical architecture of the solution, and the development approach. Under the direction of the ARB, the DHS CIO’s Office worked with USCIS to set up an ESC to oversee the program, with the DHS CIO as a voting member. DHS also participated in a Techstat review of the program with the Federal CIO, worked with USCIS to create a Lifecycle Cost Estimate (LCCE) and an Integrated Master Schedule (IMS), and facilitated the program’s adoption of technical best practices by assisting it in migrating to DHS-provided cloud services.
Since late 2011, USCIS, in conjunction with my office and under the direction of the ARB, has taken significant steps to address each of its challenges, including:
- Revamped the program management office to take on more of the program’s management and add needed skills
- Modified the role of the lead systems integrator to drive improved performance
- Modified the governance framework to include establishment of an Executive Steering Committee, chaired by the Director of USCIS
- Create a Lifecycle Cost Estimate (LCCE) and Integrated Master Schedule (IMS)
Simplified the ELIS architecture to be more modular and to leverage open source software to the extent possible
- Transitioned to modular framework, with releases delivered under an agile approach.
Since May 2012, USCIS has successfully delivered one schedule two additional USCIS ELIS production releases using the agile development approach and with all planned functionality completed. The first agile release was delivered in September 2012 and the second in January 2013. These releases provided additional enhancements to I-539 functionality and technology that had been delayed in order to deploy the initial release in May 2012. The next two agile releases are scheduled for May and July 2013. Each release will add a new benefit type to USCIS ELIS.
In March 2013, USCIS completed successful development and modifications to the technology architecture that should better support agile delivery. In addition to modifying the architecture, USCIS is also transitioning away from a single large contract to a series of smaller contracts that will better support agile development and delivery. In May 2013, USCIS intends to begin agile development of the first production release under the modified architecture. After the modified architecture is completed, new capabilities will be released into USCIS ELIS approximately every four months. The modifications to the architecture and the new contracting approach should enable USCIS to stay within estimated costs and schedule.
ICE – Detention and Removal Operations Modernization (DROM)
The DROM Program was initiated in late 2006 to improve the operational effectiveness of Enforcement and Removal Operations (ERO), formerly Detention and Removal Operations (DRO), and to strengthen the alignment of the ERO mission with the Secure Border Initiative (SBI).
Through improved interoperability, enhanced and new capabilities, and an expansion of data exchange and sharing with its enforcement partners, DROM empowers ERO operations and field agents/officers by providing the technical tools necessary to execute ERO’s primary mission of upholding U.S. immigration laws through adequate and appropriate custody management of detainees in a cost-effective manner. DROM applications produce expected business outcomes to monitor and support improvements such as:
- Reduction in the length of stay for detainees
- Increased bed-space availability
- Faster document processing and transmission
- More accurate, complete, and flexible data reporting
- Elimination of data redundancy.
With its overall primary goal of increasing the throughput of detainees from apprehension to case adjudication and removal, the DROM Program and its applications have streamlined ERO operations, resulting in significant cost and time savings. For example, the electronic Travel Documents (eTD) project has reduced the time to issue documents identifying a detainee’s country of origin and authorizing his or her repatriation, from over fourteen days to eight days on average for participating countries (i.e., Dominican Republic, El Salvador, Guatemala, and Honduras). Including Mexico, participating countries account for approximately 90 percent of aliens repatriated.
The electronic Online Bonds System (eBonds), which automates the posting of surety bonds, allows ERO field personnel to process those bonds within hours instead of days. The Online Detainee Locator System (ODLS), an application highlighted in the White House’s 2011 Blueprint to Immigration Reform for its ingenuity in facilitating the proposed reforms, has significantly reduced phone inquiries to field offices from family members, attorneys, and other interest parties. Finally, Operations Management Module 2 (OM2), formerly the Fugitive Case Management System (FCMS), will be integrated into the ENFORCE Alien Removal Module (EARM) before the end of FY 2013. This integration will improve architecture and security compliance and provide a robust application with a more scalable and flexible design and greater operational efficiencies.
Cost and Schedule Performance
The DROM Program and its applications are expected to reach its full sustainment phase by FY 2014. With an adjusted lifecycle cost estimate of roughly $320 million DROM has achieved most of its major goals, moving to full sustainment ahead of schedule, and has produced new and enhanced capabilities that improved the operational effectiveness of ERO. Additionally, DROM has supported, through data sharing, the high-priority effort to detain and remove criminal aliens.
ERO’s implementation of a new series of detention reform initiatives in 2009 required the program to restructure its schedule and re-define deliverables. The overarching key objectives remain intact; however, the reform initiatives changed the program direction, producing new capabilities and terminating specific projects.
In addition, EARM, the core module of the suite of ERO applications, has grown exponentially within a short period of time. The decision was made to use EARM as the framework and portal for all DROM applications with over 12 interfaces to internal and external government entities. As a result of the rapid growth and re-definition, the build environment of EARM has become very large, making it harder to manage. Coding, debugging, and testing have become more complex as developers are required to understand the logic of the entire code base and the intrinsic dependencies within that logic. These challenges became more apparent during the test phase of releases, causing minor schedule shortfalls. ICE OCIO has taken the following steps to mitigate future potential schedule slippages related to these issues:
- Condense schedule to allow testing to occur in parallel with other activities
- Early involvement of ERO users to ensure that capabilities meet their business needs
- Daily collaboration with internal stakeholders to ensure faster resolution to unexpected technical issues
- Prioritization of capabilities for potential de-scoping effort to meet schedule constraints.
Finally, delays of EARM 3.0 release 2 and EARM 4.0 releases for higher-priority initiatives as the data center migration consolidation and the Risk Classification Assessment (RCA) module resulted in ERO delaying deployment of existing requirements within those packaged releases. In honoring those requests, some re-work and schedule slippage were necessary.
Despite the technical and operational challenges, DROM is targeted to move into full sustainment by FY 2014, providing full operating capabilities of the DROM applications while coming in under budget based on the prior year cost estimate. In addition, the final software release is estimated to bring down the Operations and Maintenance cost by integrating most functionality into the core module, EARM, thus reducing the need to have separate operating support costs for individual applications. In summary, DROM has accomplished its mission by streamlining and executing more cost-efficient operations within ERO.
The ability for an IT organization to support its mission and business customers is highly dependent on its ability to field new capabilities that are developed in partnership with those customers. At DHS, we are working hard to mature our ability to deliver such capabilities, through improving the skills of our staff to manage programs, through effective oversight of those programs, and through harnessing of best practices in how we run those programs. We continue to drive this maturation through harnessing good work and talent across DHS, and its Components, increasing our ability to support the Homeland Security Enterprise.
Thank you and I am pleased to address your questions.