311 Cannon House Office Building
Chairman McCaul, Ranking Member Thompson, and distinguished Members of the Committee,
Thank you for the opportunity to appear before you as the Deputy Secretary of Homeland Security to testify on the subject of management at this important hearing entitled “Preventing Waste, Fraud, Abuse and Mismanagement in Homeland Security – a GAO High-Risk List Review.” I, along with Secretary Johnson, appreciate and welcome the Committee’s continued focus on this subject and for the oversight you exercise. It is my firmly-held belief that good oversight not only delivers accountability critical to good government, but that it also drives innovation. Thank you, and thank you to the members of your Staff.
I also wish to express my gratitude to the U.S. Government Accountability Office (GAO). Under Comptroller General Gene Dodaro’s leadership, GAO has spent considerable time and energy providing our Department with its valued, independent assessment of our work in areas critical to the effective management of our resources and execution of our responsibilities. GAO has issued recommendations to our Department that, collectively, help provide a blueprint for success. It is in response to GAO’s independent reviews and recommendations that in January 2011 our Department issued the first Integrated Strategy for High Risk Management, an operational framework to address GAO’s recommendations. Since we issued the Integrated Strategy, we have updated it twice yearly to document the progress our Department has made in addressing GAO’s recommendations. It pleases me to note that we have come far in the last five years; today the Department eagerly engages with GAO about outstanding recommendations. We seek out GAO.
Like the responsibility of the GAO to provide its independent assessment of the Department’s execution of responsibilities, it is the duty of the Office of the Inspector General to deliver its own independent and high-quality review of Departmental functions. I am grateful to testify before you today alongside the Department’s new Inspector General, John Roth. I look forward to supporting the work of Inspector General Roth and to ensuring the Department’s transparency and full cooperation as he and I work to improve and strengthen the Department in our respective roles.
When I became the Deputy Secretary of DHS in late December 2013, the first action I took was to schedule a meeting with Comptroller General Dodaro. In our meeting I had the opportunity to also meet George Scott, the Managing Director of GAO’s Homeland Security and Justice team. Mr. Scott and I have met on several occasions since then, and he and his team are outstanding in their commitment to improving our Department. With Mr. Scott’s and his team’s independent efforts, with the oversight of GAO and that of this Committee, DHS will mature and improve.
The number of open GAO recommendations to DHS has decreased steadily and, significantly, in GAO’s latest High Risk List update it narrowed the subject from “Implementing and Transforming DHS” to “Strengthening DHS Management Functions.” Additionally noteworthy is the fact that GAO stated in that update that our Department’s Integrated Strategy, “if implemented and sustained, provides a path for DHS to be removed from GAO’s High Risk List.” DHS has made significant progress.
At the same time, DHS has additional work to do. Since I became the Deputy Secretary I have invested considerable time in working with GAO and with my very talented and dedicated DHS colleagues to ensure that this additional work is done as effectively and swiftly as possible. Earlier this year, we developed specific action plans to address the thirty key outcomes GAO identified in the areas of management integration, human capital, information technology, financial management, and acquisitions. Our action plans now provide month-to-month goals that provide a better road map to success. Our development of these action plans provided us with the opportunity to freshly review our previous efforts and, in certain critical areas, to accelerate our timetables materially.
Strengthening Department of Homeland Security Management Functions
Before discussing the work that DHS has undertaken to make progress on key GAO High Risk List areas, I wish to highlight the actions we have recently taken that speak to our Departmental commitment to sound management practices. On April 22, 2014, the Secretary sent a memorandum to Department leadership entitled, “Strengthening Departmental Unity of Effort.” The purpose of this effort is to capitalize on the many strengths of the Department, starting with the professionalism, skill, and dedication of its people and the rich history and tradition of its Components, while identifying ways to enhance the cohesion of the Department as a whole. The Secretary’s guidance is targeted at improvements to four main lines of effort: inclusive senior leader discussion and decision-making forums that provide an environment of trust and transparency; strengthened fundamental and critical management processes for investment (including requirements, budget, and acquisition processes) that look at cross-cutting issues across the Department; focused, collaborative Departmental strategy, planning, and analytic capability that support more effective DHS-wide decision-making and operations; and, enhanced coordinated operations to harness the significant resources of the Department more effectively. Many of the elements of this effort are described below, as they cut across the several management areas discussed in GAO’s High Risk List.
GAO’s High Risk List focus on “Strengthening DHS Management Functions” identified the need to achieve progress in key management areas, including human capital management, financial management, acquisitions, information technology, and management integration. The Department’s Integrated Strategy for High Risk Management provides the framework for our efforts to address GAO’s recommendations and integrate and strengthen our management infrastructure across the Department; our monthly action plans help ensure that we have goals and timelines to help us deliver success in timely fashion. I would like to share with you our efforts in each key area of focus.
Human Capital Management
The Department of Homeland Security’s greatest asset is its dedicated and talented workforce. GAO has identified areas in which the Department must mature its human capital systems to ensure that its workforce is properly equipped and supported to achieve the Department’s challenging missions. The Department, in turn, has accelerated timelines in its monthly action plans to achieve success in this critical area.
The low employee morale in several parts of the Department is an area of particular focus. Under the direction of Secretary Johnson, I am taking a series of steps to address the root causes of the low morale and to deliver for the workforce the Department it deserves. I have formed a steering committee comprised of personnel from each of the Department’s Component agencies and from Department headquarters to focus on, among other things, the following areas that the workforce has identified in the Federal Employee Viewpoint Survey and in other feedback vehicles as ones in which the Department can improve:
- The hiring and promotion process. DHS employees have expressed concerns that the hiring and promotion process is sometimes opaque. The Department can build greater employee confidence in the process through greater transparency and communication and by setting clear hiring and promotion standards.
- Training and professional development. DHS employees have expressed a desire for enhanced training opportunities to ensure they are equipped to perform their jobs at the highest levels of excellence. They also have sought professional development opportunities that will enable them to achieve the promotions or new opportunities to which they aspire.
- Rewards and recognition. DHS employees perform extraordinary acts of patriotism and courage each and every day throughout the nation and the world. They deserve to be recognized, rewarded, and championed for their achievements. The Department is reintroducing the Secretary’s annual awards to recognize outstanding individual and team achievements from across the Department. In addition, the Department will institutionalize the practice of regularly championing its workforce and rewarding them when appropriate.
- Performance management. Performance management is a critical tool in promoting priorities and values and driving accountability. The steering committee will focus on ensuring that each Component and office in the Department has a performance management system that reflects the appropriate measures of success and drives each employee to achieve that success.
Financial Management
In Fiscal Year 2013, DHS achieved an historic unqualified clean audit opinion of all five financial statements, a confirmation of DHS’s ongoing commitment to sound financial management practices. This benchmark represented a huge accomplishment for the many DHS employees who work every day to increase transparency and accountability for the taxpayer resources entrusted to the Department. Americans have the right to expect that we will be responsible stewards of every homeland security dollar with which we are entrusted.
The Department expects to sustain this progress and receive its second clean audit opinion for Fiscal Year 2014. In the past four years, DHS has also eliminated 10 audit qualifications, reduced Department-wide material weaknesses in internal controls over financial reporting from 10 to 4, and significantly reduced the number of Component conditions contributing to material weaknesses from 25 to 2. The Department is executing a multi-year plan to achieve an unqualified clean opinion for internal control of financial reporting by Fiscal Year 2016.
Financial system modernization is a priority area for the Department. DHS is executing specific modernization efforts in order to meet the Department’s mission while minimizing and eliminating spending in duplicative systems. The current strategy conforms to guidance from the Office of Management and Budget to use shared services where possible and to split modernization projects into smaller, simpler segments with clear deliverables. One of our challenges in the shared services domain is that no one federal agency has sufficient capacity to house all of the Department’s financial management data. As a result, we are evaluating the capabilities of the federal agencies who offer shared services arrangements. The DHS Chief Financial Officer has established enterprise-wide standards for each Component to follow and has prioritized a deployment strategy based on those Components with the highest business needs.
Acquisitions Management
The strategic decisions of the Department’s senior leadership are only as good as the processes that support and give effect to those decisions in investments and in the conduct of operations. Historically, DHS has generally developed and executed Component-centric requirements, which has resulted in inefficient use of limited resources. Much work has been done to date in the areas of joint requirements analysis, program and budget review, and acquisition oversight, including an effort over the past four years by the DHS Management Directorate to improve the Department’s overall acquisitions process and reform even the earliest phase of the investment life cycle where requirements are first conceived and developed. The Secretary’s April 22, 2014 memorandum on “Strengthening Departmental Unity of Effort” focuses and reinforces existing structures and creates new capability, where needed, as identified in the recent Integrated Investment Life Cycle Management (IILCM) pilot study and other process analyses that examined the linkages between these inter-related planning processes and operations. These analyses underscored the need to further strengthen all elements of the process, particularly the upfront development of strategy, planning, and joint requirements, and to ensure through collaborative, inclusive senior leadership dialogue and decision that they function in a way that considers DHS-wide missions and functions, rather than focusing on those of an individual Component.
As an example, I am leading the Deputies Management Action Group in an expedited review to provide strategic alternatives for enhancing the current DHS joint requirements process. This review will include options for developing and facilitating a DHS Component-driven, joint requirements process, including a program for oversight of a development test and evaluation capability, to identify priority gaps and overlaps in Departmental capability needs, provide feasible technical alternatives to meet capability needs, and recommend to me the creation of joint programs and joint acquisitions to meet Department-wide mission needs. This enhanced process will be used in expanding the mission portfolios studied in the IILCM pilot, which included Cybersecurity, Biodefense, and Screening and Vetting, to include Border Security and Air Domain.
DHS recently announced two important decisions that speak to our commitment to responsible and cost-effective acquisitions. First, DHS cancelled the BioWatch acquisition of autonomous detection technology (also known as Gen-3). Currently deployed in more than 30 metropolitan areas across the country, BioWatch provides public health officials with a warning of a biological agent release before potentially exposed individuals develop symptoms of illness. While autonomous detection is an important capability, the Gen-3 acquisition did not reflect the best use of resources in our current fiscal environment. DHS remains committed to the BioWatch program and will ensure that current BioWatch operations continue as part of our layered approach to biodefense. Second, DHS is putting on hold a FEMA Logistics Supply Chain Management System contract until further review. FEMA’s Logistics Supply Chain Management System was developed to provide full disaster supply chain management capability and visibility to FEMA and its partners. The Department has determined that the program has not met all of its operational requirements and that it needs to be reviewed in the context of broader logistical operations. That review is underway, which will include a third-party evaluation of the most cost-effective manner. These decisions are in line with the Department’s focus on efficiency, ensuring that we continue to pursue cost-effective acquisition without compromising our security. The Secretary and I will continue to hold our acquisition programs accountable to ensure they are responsible and cost-effective.
Additionally, the DHS Chief Financial Officer has strengthened and enhanced the Department’s programming and budgeting process by incorporating the results of strategic analysis and joint requirements planning into portfolios for review by issue teams. Using this approach, substantive, large-scale alternative choices will be presented to the Deputies Management Action Group as part of the annual budget development. This review process will also include the Department’s existing programmatic and budgetary structure, not just new investments. It will include the ability for DHS to project the impact of current decisions on resource issues such as staffing, capital acquisitions, operations and maintenance, and similar issues that impact the Department’s future ability to fulfill its mission responsibilities. As its first task, the Deputies Management Action Group will focus this enhanced programming and budgeting process on the development of options for the Fiscal Year 2016 budget request.
In the oversight phase, we will continue to leverage the Component Acquisition Executive structure and enhanced business intelligence to proactively identify performance problems with existing programs throughout their lifecycle. While there is work to be done to sustain our progress, we are encouraged by an Office of the Inspector General report that stated that DHS has significantly strengthened our acquisition management oversight.
We have also made significant progress in strengthening the document review process. In 2013, the Under Secretary for Management issued a decision memorandum stating that no new program can proceed without the approved acquisition documentation, including life cycle cost estimates, mission needs statements, test and evaluation plans, and operational requirements documents.
To ensure we have an adequately staffed and trained acquisition workforce, the Department has engaged on multiple fronts to enhance acquisition staffing and training. The DHS Acquisition Professional Career Program (APCP) is sponsored by the Chief Procurement Officer and provides a steady pipeline of entry level contracting and procurement talent to the Components. APCP interns are hired into career ladder positions and engage in a three-year program where they receive quality training and rotate between Components to gain valuable on-the-job training. In Fiscal Year 2013 alone, 63 interns graduated and have been placed in Components. Thus far in Fiscal Year 2014, an additional 60 interns have been placed.
The Department’s Homeland Security Acquisition Institute continues to serve as the principal training academy for the DHS acquisition workforce. In Fiscal Year 2013, over 9,400 DHS acquisition professionals completed classroom or online training courses contributing to the issuance of over 3,200 acquisition certifications. Thus far in Fiscal Year 2014, an additional 1,300 acquisition certifications have been issued. To date, DHS has issued 10,732 certifications across nine acquisition disciplines, including Contracting, Program Management, Systems Engineering, Test and Evaluation, Cost Estimating, Life Cycle Logistics Management, Program Financial Management, Ordering Official, and Contracting Officer’s Representative.
DHS continues to support small businesses around the country. In recognition of its performance, the Department has received an “A” rating for five consecutive years from the Small Business Administration in the areas of prime contracting, small business subcontracting, and a written progress plan.
Information Technology Management
In the Information Technology (IT) area, DHS has made substantial progress to drive efficiencies through consolidation of data centers. To date, 18 primary data centers have been consolidated, with an additional two consolidations scheduled for completion in Fiscal Year 2014. Migrations from commercial data centers resulted in annual cost savings of 43%, and migrations from federal data centers resulted in an average annual cost savings of 12% for similar capabilities.
Recognizing that information technology is constantly improving and changing and that our own IT organization has matured, we are working to increase the integration of previously fragmented Departmental oversight reviews into a defined, efficient governance process that is tailored to the size and criticality of each program. This will result in improved project tracking and oversight and will also help DHS meet our IT-related mission needs.
Security of internal IT systems and networks also remains a priority. DHS continues to enhance the IT security of the Department’s internal systems and networks through periodic upgrades to software. In addition, IT staff performs independent validation and verification of implemented corrective actions to address material weaknesses related to financial systems security. All Components are implementing a desktop image based on the United States Government Configuration Baseline (USGCB) settings.
Management Integration
Management Integration refers to the development and implementation of consistent and consolidated processes within and across the management functional areas discussed above. From individual performance evaluations to the Department’s most costly investment decisions, we have the obligation to operate efficiently and in a manner that best enables us to meet our mission.
The Management Integration area has made substantial progress in the past three years, reflected by the fact that both DHS and GAO agree that the majority of the outcomes in the Management Integration area are fully addressed. DHS has made considerable progress towards integrating management across the enterprise. As an example, we have strengthened the delegations of authority to clarify the roles of and enhance oversight between Headquarters and Components, and we have implemented the pilot phase of the IILCM to ensure we base investment decisions on closing capability gaps and meeting mission goals and outcomes. Based on the lessons learned from the pilot, the Secretary has determined, through the Unity of Effort initiative, to focus immediate attention on further maturing the Strategy and Capabilities & Requirements phases.
Secretary Johnson and I are committed to integrating all phases of our investment life cycle as we prepare for the Fiscal Year 2016 budget submission. Advancing the IILCM framework, which is a principal tenet of the Department’s overall integration strategy, continues to be a major initiative that builds on the progress we have made. In the near future, as I referenced above, I will oversee a re-constituted Joint Requirements Council as we evaluate Fiscal Year 2016 resource allocation plans and attempt to harmonize and unify requirements across the DHS enterprise.
The Secretary and I are capitalizing on these previous efforts and broadening them in our “Strengthening Departmental Unity of Effort” initiative. This effort focuses on improving our planning, programming, budgeting, and execution processes through strengthened Departmental structures and increased capability. In making these changes, we will have better traceability between strategic objectives, budgeting, acquisition decisions, operational planning, and mission execution to improve Departmental cohesiveness and operational effectiveness.
We are in the final stages of evolving our business intelligence capability by consolidating management data systems onto a common platform. This effort allows for more current and integrated data across all lines of business, both at Headquarters and into DHS’s many Components.
Other DHS High Risk List Areas
We recognize the critical role that strengthened management functions have in the Department’s ability to achieve success. GAO has identified other areas of Department responsibilities that also play an integral role in our mission delivery and, while these non-management areas are not the focus of this hearing, I hope it will be beneficial to this Committee for me to provide a brief overview of our work in a few of these areas.
Establishing Effective Mechanisms for Sharing and Managing Terrorism-Related Information to Protect the Homeland
DHS is a key participant in the Federal Information Sharing Environment and continues to develop policies and technical solutions across Sensitive but Unclassified, Secret, and Top Secret/Sensitive Compartmented Information networks that enhance safeguarding and sharing of information with a wide variety of federal, state, local, and private sector stakeholders. In January 2013 and immediately following the release of the National Strategy for Information Sharing and Safeguarding, the Department issued the DHS Information Sharing and Safeguarding Strategy focused on goals to share, safeguard, manage and govern risk, and measure performance. Through a detailed Implementation Plan, the Department has identified key priority objectives with synchronized milestones to effectively execute the Strategy, and has prepared an Implementation Guide that defines the processes to identify gaps, root causes, performance measures, risks and resourcing for its top information sharing and safeguarding initiatives.
National Flood Insurance Program
The National Flood Insurance Program (NFIP) serves as the foundation for national efforts to reduce the loss of life and property from flood disasters. NFIP remains on the High Risk List largely because it does not generate sufficient revenues to repay the billions of dollars borrowed from the U.S. Department of the Treasury to cover claims from the 2005 and 2012 hurricanes or from future catastrophic losses. The lack of sufficient revenues has highlighted structural weaknesses in how the program is funded, including statutorily mandated subsidies.
DHS and FEMA have been working with GAO to address the challenges identified in GAO’s recommendations to improve management and operations. FEMA changed the process for Write Your Own (WYO) company performance under the WYO Financial Control plan, implemented procedures to select statistically representative samples of all claims for conducting claims re-inspections, and requested an independent audit of the NFIP’s financial statements. FEMA’s focus on implementing GAO recommendations in areas including Strategic Planning, Management and Oversight of the NFIP, and modernizing the NFIP IT system, have resulted in the closure of many of GAO’s recommendations. We are actively engaged on those GAO recommendations that remain open.
With the passage of the Biggert-Waters Flood Insurance Act of 2012 and the Homeowners Flood Insurance Affordability Act of 2014, the NFIP now has authority to phase in actuarial rates for some policies and charge policyholders a surcharge, which will improve the financial and operational position of the program over time; however, as a result, policyholders will not pay actuarial rates. Specifically, these two laws raise the statutory limit on annual rate increases, mandate premium increases for certain subsidized policies, establish a reserve fund that will allow the NFIP to build surplus capital to pay losses in a greater-than-average loss year, and mandate a $25 annual surcharge for most policyholders and a $250 annual surcharge for non-residential properties and residential properties that are not a primary residence, until actuarial rates are reached.
Protecting the Federal Government’s Information Systems and the Nation’s Cyber Critical Infrastructures
I appreciate GAO’s continued engagement on Federal agency cybersecurity and the cybersecurity of critical infrastructure. Since 2009, the Department has managed this area actively, and each subsequent update to the GAO High Risk List has recognized DHS efforts. The Department works closely with the White House and interagency partners to ensure a whole-of-government approach to cybersecurity. At the same time, DHS is committed to working with Congress as it explores legislative proposals.
DHS directly supports federal civilian departments and agencies in developing capabilities that will improve their own cybersecurity posture through the Continuous Diagnostics and Mitigation (CDM) program. 108 departments and agencies are currently covered by Memoranda of Agreement with the CDM program, encompassing over 97 percent of all federal civilian personnel. In Fiscal Year 2014, DHS issued the first delivery order for CDM sensors and awarded a contract for the CDM dashboard.
The National Cybersecurity Protection System (NCPS), a key component of which is referred to as EINSTEIN, is an integrated intrusion detection, analytics, information sharing, and intrusion-prevention system designed to support DHS responsibilities for protecting Federal civilian agency networks. These current capabilities, and future capabilities such as CDM, are used by the Department’s National Cybersecurity and Communications Integration Center, in concert with its analysis, warning, and incident response capabilities, to protect Federal civilian agencies and assist them when incidents occur. In July 2013, NCPS’s EINSTEIN 3 Accelerated (E3A) became operational and provided services to the first federal agency. With the adoption of E3A, DHS will assume an active role in defending .gov network traffic and significantly reduce the threat vectors available to malicious actors seeking to harm Federal networks. NCPS continues to expand intrusion prevention, information sharing, and cyber analytic capabilities at Federal agencies, marking a critical shift from a passive to an active role in cyber defense and the delivery of enterprise cybersecurity services to decision-makers across cybersecurity communities.
With respect to critical infrastructure, the Department continues to grow the critical infrastructure Cyber Information Sharing and Collaboration Program, which is a unique voluntary environment for public-private information sharing and collaboration. In addition, we recently launched the Critical Infrastructure Cyber Community or C3 (“C Cubed”) Voluntary Program to assist critical infrastructure owners and operators as they build cybersecurity into their risk management approaches. Much work remains to be completed and we are committed to actively managing this High Risk area.
When I met with Comptroller General Dodaro, we agreed to develop a set of detailed criteria that GAO and the Department can use to strengthen the Nation’s cybersecurity and critical infrastructure resilience. As part of that process, I will receive monthly status updates from DHS Components that we will share with GAO.
Conclusion
It is our fundamental responsibility to manage the Department of Homeland Security effectively and efficiently. Sound management is critical to our ability to execute our mission successfully, and it is incumbent upon us as guardians of the public trust to be careful and scrupulous in our expenditure of public funds. You have my commitment that I will continue to focus intensely on strengthening the Department’s management functions, and that I will work closely with this Committee and with GAO to achieve that goal.
Thank you for the opportunity and the privilege to appear before you.