This key issue page is related to an area on GAO’s 2017 High Risk Update and will be updated shortly. In the meantime, visit the related High Risk area for the newest information.
The Department of Homeland Security was created in 2003 following the September 11 terrorist attacks. Since that time, DHS has been on GAO’s High Risk List because DHS had to combine 22 agencies—several with major management challenges—into one department. Failure to effectively address DHS’s management and mission risks could have serious consequences for U.S. national and economic security.
DHS has made considerable progress in transforming its original component agencies into a single department. However, DHS continues to face challenges that directly affect its ability to carry out its management functions in four key areas:
- Acquisitions. DHS’s efforts to improve the performance of its major acquisition programs are noteworthy, but the programs continue to face challenges. Staffing, funding, and requirements issues increase the likelihood that major acquisition projects will
1. cost more than expected—reducing DHS’s buying power; and
2. take longer to complete than expected—making frontline employees wait for new capabilities.
There can be valid reasons for cost growth or schedule delays, such as a program pursuing expanded capabilities to meet evolving threats. At the same time, other reasons for cost growth and schedule slips are more troubling, such as initial cost estimates that were not comprehensive.
- Human Capital. DHS has sustained its progress in implementing a human capital strategic plan and undertaken actions to identify current and future human capital needs. However, DHS has considerable work ahead to improve its employee morale. For instance, the Office of Personnel Management’s 2015 Federal Employee Viewpoint Survey data showed that DHS ranked last among 37 large federal agencies in all four dimensions of the survey’s index for human capital accountability and assessment (job satisfaction, leadership and knowledge management, results-oriented performance culture, and talent management).
- Financial Management. DHS received a clean audit opinion on its financial statements for fiscal years 2013, 2014, and 2015. However, there are material weaknesses in DHS’s internal controls over financial reporting, such as a lack of adequate controls to prevent or detect financial reporting errors related to property, plant, and equipment. These weaknesses continue to hamper DHS’s ability to provide reasonable assurance that its financial statements have been prepared appropriately. In addition, much work remains to modernize components’ financial management systems. Without sound controls and systems, DHS faces long-term challenges in obtaining and sustaining a clean audit opinion on internal controls over financial reporting, and ensuring its financial management systems generate reliable, useful, and timely information for day-to-day decision making.
- IT. DHS has established and institutionalized a tiered governance and portfolio management structure for overseeing and managing its IT investments. However, in 2015, DHS shifted its IT focus from assets to services. Now, DHS’s IT work includes acquiring services and acting as a service broker (i.e., an intermediary between the purchaser of a service and the seller of that service). According to DHS officials, this change will require a major transition in the skill sets of DHS’s IT workforce, as well as the hiring, training, and managing of staff with those new skill sets. As such, this effort will need to be closely managed in order to succeed. Additionally, DHS has taken steps to enhance its information security program, but continued to experience weaknesses in security. In November 2015, the department’s financial statement auditor reported that DHS had made progress in correcting prior year security weaknesses. However, for the 12th consecutive year, the auditor designated deficiencies in IT security controls over financial systems as a material weakness.
For more on GAO’s reports and recommendations, see the key reports tab above.