Written testimony of MGMT Office of the Chief Financial Officer Departmental GAO-OIG Liaison Office Director Jim Crumpacker for a Senate Committee on Homeland Security and Governmental Affairs, Subcommittee on Regulatory Affairs and Federal Management hearing titled “Implementing Solutions: The Importance of Following through on GAO and OIG Recommendations”

P>342 Dirksen Senate Office Building

Good morning Chairman Lankford, Ranking Member Heitkamp, and distinguished Members of the Subcommittee. I appreciate the opportunity to appear before you today to discuss U.S. Department of Homeland Security (DHS) implementation of recommendations made by the U.S. Government Accountability Office (GAO) and Offices of Inspector General (OIGs). My testimony today will address (1) DHS GAO-OIG relationships, (2) how we collaboratively work with auditors, and (3) selected successes achieved—all with an emphasis on process.

As background, I currently serve as the DHS Director of the Departmental GAO-OIG Liaison Office, which reports to the Under Secretary for Management through the Office of the Chief Financial Officer. I am the executive management official responsible for maintaining mutually beneficial and productive relations with GAO, the DHS OIG, and any other audit organization with an interest in DHS programs, operations, and activities. I also serve as an advisor to senior DHS leadership—including the Secretary, Deputy Secretary and General Counsel—providing advice on audits conducted in broad and diverse areas. In addition, I ensure appropriate auditor access to DHS records and employees, and provide oversight of Component audit liaison activities throughout the Department.

DHS GAO-OIG Relationships

Today I am proud to say that the Department’s relationships with the GAO, DHS OIG, and other OIGs with whom Department personnel interact have never been stronger or healthier. Within the Department, we believe that audits truly do help make us better, and thus we are committed to collaboratively working with the dedicated professionals that comprise the GAO and OIGs to ensure a homeland that is safe, secure, and resilient against terrorism and other hazards.

The positive relationships we enjoy with our auditors today are attributable to actions we took to improve a previously contentious relationship with GAO dating back to 2005. This situation had attracted Congressional attention just two years after the creation of DHS and was discussed during as many as eleven Congressional hearings from May 2005 through July 2008. Since this time, DHS Secretaries, as well as their respective Deputy Secretaries, General Counsels, and Under Secretaries for Management, have steadfastly followed through on and expanded efforts to improve not only the GAO relationship, but also the OIG relationship.

In short, DHS and its auditors have benefited from (1) a sustained DHS senior leadership commitment—at the highest levels—to having a relationship based on openness and transparency, (2) the significantly increased lines of communication put in place during the past six years among the DHS Headquarters, its Components, and our auditors, and (3) perhaps most importantly strengthening and improving the Departmental GAO-OIG Liaison Office and DHS-wide audit liaison community. Recently DHS Inspector General (IG) John Roth told me, “That your office even exists is a testament that DHS has a mature and constructive attitude toward what we do.” I am confident that GAO would agree with IG Roth’s assessment.

Today DHS interacts with its GAO and OIG auditors using the operating principles of engagement, responsiveness, and mutual respect. This has resulted in changing the culture across the Department from one in which audits were generally viewed as unimportant, to one in which leadership, program officials, and others at all organizational levels understand that audits are also important and deserve an appropriate level of attention among competing priorities and demands in protecting the homeland.

In addition, the identification of an executive Senior Component Accountable Official (SCAO) for GAO and OIG activities (as an additional duty, typically at the Chief of Staff or equivalent level) within Components across DHS has been tremendously beneficial. SCAOs serve as the individuals with the Component-wide influence who can resolve any internal Component consternation among offices or others that might represent an impediment to the open and transparent relationships we seek with our auditors.

A large part of the success of the DHS relationship with its auditors is attributable to the clear and formal delegation of authority from the Secretary to the Under Secretary for Management and, in turn, to the Chief Financial Officer for DHS-wide authority and responsibility for the oversight and direction of audit liaison and relations with GAO and OIG. This includes the authority to establish policies and procedures, and oversee the Department-wide implementation of such, as deemed appropriate. In addition, DHS senior leadership has allowed my office to reach out directly to anyone across the Department, at any time, to work on issues associated with any GAO or OIG audit. Through DHS leadership engagement in this area, vestiges of stove piped or parochial viewpoints that may have previously existed regarding interactions with GAO and OIG based solely on Component perspectives have been eliminated in most cases. Interactions with our auditors are now based on a DHS-wide perspective. This is particularly important because DHS missions are complex and highly diverse, and few audits today involve only one Component.

At DHS we say that “Liaison = Relationships + Communications.” Relationships are not like light switches that can just be turned on and off. One has to maintain relationships or they atrophy with all parties’ participants. As for communications, they have to be continuous and two-way. Our goal is to have strong, healthy relationships with GAO and OIG at all organizational levels of the Department. Maintaining and improving our audit relationships requires ongoing efforts to ensure that we continue to make progress. Examples of our relationships and communications building and sustainment activities include:

• Monthly meetings between the DHS IG and Secretary Jeh Johnson and separate monthly meetings between the DHS IG and Deputy Secretary Alejandro Mayorkas. In addition, the IG has “as needed” meetings with other senior leadership, such as the General Counsel, to discuss various issues of interest, as appropriate. The Secretary, Deputy Secretary, and Under Secretary for Management also periodically meet with the Comptroller General of the United States and GAO’s Managing Director for Homeland Security and Justice.
• Quarterly senior leadership coordination meetings between the DHS Under Secretary for Management and the General Counsel with GAO’s Managing Director for Homeland Security and Justice, George Scott, and his senior Directors and legal counsel, to discuss newly started audits and those nearing final report issuance, any issues concerning auditor access to information and people, the closure of recommendations, and other relevant topics.
• Other ad hoc senior leadership outreach activities. For example, a U.S. Border Patrol Chief spoke at a GAO Speakers’ Series on border security issues earlier this year. Additionally, planned meetings between the Vice Commandant of the U.S. Coast Guard and his SCAO with IG Roth and GAO’s George Scott, along with senior members from their staffs, to discuss on-going audits, open recommendations, and other issues.
• Monthly DHS-wide meetings—led by my office—with audit liaisons and others, including Office of General Counsel participation, to discuss current activities, expectations, roles and responsibilities, processes, performance measures and goals, and other topics of interest.
• Periodic “town hall” meetings with DHS leadership, audit liaisons, program officials, subject matter experts, GAO and OIG leadership and staff, and others to put “names with faces,” discuss expectations and processes, and share open “question and answer” sessions among ourselves.

How We Collaboratively Work with Auditors

During the past four years, DHS has averaged approximately 200 ongoing audits at any one time, or about 118 GAO and 82 DHS OIG audits. This does not include work related to:

• GAO’s biennial “High Risk” list update activities,
• GAO’s annual fragmentation, overlap, and duplication reporting,
• OIG’s annual major management and performance challenges report,
• OIG disaster-related public assistance grant audits that focus on grantees and recipients at the state and local levels,
• OIG annual financial statements-related audits, and
• Various GAO and OIG congressional testimonies.

In addition, DHS averages involvement with approximately 12 ongoing audits at any one time conducted by non DHS OIGs, such as the U.S. Postal Service and Departments of Justice, State, Treasury, and Transportation OIGs. These audits typically are not looking at DHS programs, operations, or activities; but rather represent opportunities for the Department and its Components to share information and help inform audits of other agencies, when appropriate. An example of this would be the Postal Service OIG audit initiated earlier this year looking at the Postal Service’s handling of inbound international mail at the John F. Kennedy International Service Center in New York. The OIG’s objective was to determine if the Postal Service was complying with established inbound international mail policies and procedures, with which the DHS U.S. Customs and Border Protection also has involvement.

The vision of the DHS Departmental GAO-OIG Liaison Office is to be “A trusted and reliable PARTNER, both internally and externally, to the Department.” We see ourselves as facilitating good successful outcomes for everyone in the DHS-wide audit liaison community, which includes our GAO and OIG auditors. Although we represent “management” we do not pick sides when it comes to working audit issues, but instead work equally with all parties involved. Our overriding goals are to ensure:

• all parties that need to be involved in a particular audit are involved;
• the audits are worked in concert with our operating principles of engagement, responsiveness, and mutual respect;
• audit issues are worked at the lowest organizational level possible and only elevated to more senior leadership when absolutely necessary; and
• “no surprises” for anyone at the end of the process.

How do we collaboratively work with auditors? First, we have set clear expectations for departmental interactions with auditors. Specifically, DHS has a formal directive that applies to everyone throughout the Department (with the exception of the OIG) regarding its relations with GAO. This directive acknowledges the important role GAO has in our constitutional system of government and serves as the foundation of the Department’s commitment to fully cooperating, consistent with well-established Executive Branch privileges and responsibilities, with GAO in its reviews. Expectations for cooperating with OIG were reaffirmed in a memorandum that Secretary Johnson sent to all DHS employees in May 2014, updating similar guidance that Former Secretary Chertoff issued in 2008.

DHS has also instituted a number of formal processes to ensure it works collaboratively with auditors and, in turn, effectively resolves and implements audit findings and recommendations. Examples include:

• DHS has documented formal performance measures and goals in this area. These include ones related to monitoring the timeliness of the submission of program office corrective action plans for GAO and OIG reports with recommendations, quarterly follow-up actions to ensure that agreed upon actions are being taken, and that recommendations are ultimately being closed, ideally within 24 months.
• The Deputy Secretary also chairs bi-monthly oversight meetings with Component SCAOs and other senior leaders, such as the General Counsel and Under Secretary for Management, to discuss the status of the more significant audits being accomplished across the Department and to monitor progress achieving performance measures and other goals. The status of the ten oldest open GAO and OIG recommendations, respectively, is also reviewed during each meeting.

In addition, DHS has a standardized process for communicating and documenting management feedback (i.e., “technical comments”) to GAO and OIG on statements of facts (GAO) or notices of findings and recommendations (OIG), draft reports, and other similar work products. These comments are not intended to substantively alter any of GAO or OIG’s findings, conclusions, or recommendations, but rather to strengthen audit products by improving accuracy, helping to ensure and validate workable solutions, minimizing the number of disagreements, etc., as appropriate.

More specifically, the process requires cross-indexing comments to the page and line of auditor work products and specifically identifying the program official or subject matter expert submitting the comment, along with contact information so the auditor can follow-up directly with that person for any clarifications or additional information that might be needed. The process helps foster mutually beneficial and productive relationships with GAO and OIG, while maintaining and respecting auditor independence. Since implementing the process, DHS and its auditors now spend less time discussing the accuracy of final reports issued and more time discussing recommendation implementation and closure.

DHS has also increased standardization of management responses provided for draft GAO and OIG audit reports. Gone are the days when DHS and its Components may have never responded to a report or did so informally by telephone or email. Today, a signed letter or memorandum is provided to the auditors for all reports having recommendations to the Department. And, in almost all cases, these letters specifically state agreement or disagreement (i.e., concur or non-concur) with each recommendation, as we have nearly eliminated any “partially concur” responses—we now fall to one side of the fence or the other in agreeing or disagreeing with recommendations or outlining proposed alternative corrective actions. DHS responses also specifically state:

• which office is responsible for actions already taken, on-going, or planned to address recommendations, and
• if actions are not already completed, the estimated completion date.

Estimated completion dates can generally be up to 12 months out from the anticipated date of the final report, and if program officials anticipate needing more time we include interim milestones in the response to the extent identifiable. When dates are not yet known, we will say “To Be Determined;” however, our expectation is that program officials will be able to identify specific date(s) by the time more fully developed corrective action plans are submitted to the auditors (i.e., the 60- and 90-day letters for GAO and OIG reports, respectively).

Selected Successes Achieved

Audit follow-up and resolution is an integral part of good management and taking corrective action on resolved findings and recommendations is essential to improving the effectiveness and efficiency of agency programs, operations, and activities. DHS appreciates the GAO and OIG’s understanding that this is a shared responsibility of agency management officials and auditors.

Examples of a few of our successes in this regard are shown below. DHS recognizes that these successes would not have been possible without audit leadership’s willingness to work together with our program officials, subject matter experts, and others, as appropriate.

• Closed more GAO and OIG audit recommendations than auditors issued for the fifth year in a row (632 closed versus 498 issued during FY 2015).¹ FY 2015 ended with 14% fewer recommendations open than at the end of FY 2014.

   

  

• Reduced the percentage of total open GAO and OIG audit recommendations aged more than 24 months closer to our 20% goal, from 42% at the end of FY 2014 to 32% at the end of FY 2015.²

   

  

• Steadily reduced the number of open DHS OIG recommendations by 65 percent from a high of 1,663 in FY 2011 to 583 in FY 2015.

   

  

• Reduced the number of unresolved, open recommendations (i.e., those with disagreements) that are more than six months old by 97% from a high of 691 in FY 2011 to 21 in FY 2015, which included the closure of all open unresolved financial statement audit-related recommendations.

   

  

• Reduced the DHS-wide average number of days for signing out statutorily-required GAO “60-day” letters to Congress and the U.S. Office of Management and Budget, falling 48 percent (from 120 to 62) from FY 2012 to FY 2015. During FY 2008, DHS took an average of 18 ½ months (538 days) to sign out these letters. This has now been reduced by 88 percent.

   

  

• Met or exceeded the standard for signing out DHS-mandated “90-day” letters for OIG reports for the third year in a row, ending FY 2015 with a DHS-wide average of 79 days (12 percent below the standard and 36 percent below the FY 2011 average).

   

  

Conclusion

It is a fundamental responsibility of us all to ensure that the millions of dollars spent annually for GAO and OIG audits provide a “return on investment” for taxpayers, namely improved effectiveness and efficiency of our programs, operations, and activities.

DHS is in a very different place than it was just a few years ago with its GAO and OIG relationships. This includes not only the openness and transparency with which we work with our auditors and a significantly lower number of open recommendations, but also our institutional attitude towards oversight. We are committed to continuing improvements.

Thank you Mr. Chairman for the opportunity and privilege to appear before you today. I would be pleased to address any questions that you or other Members of the Subcommittee may have.