Audits rip DHS' tech investment controls, gaps in port security

The Homeland Security Department's haphazard technology investment management came in for strong criticism from congressional auditors in a report today. The General Accounting Office described risks in the department's use of technology to implement a port security law enacted last year in a second report, but also cited progress in that arena.

In the report on technology management, GAO stated that DHS had not fully defined eight of 11 required policies and procedures that the congressional audit agency's IT Investment Management framework developed under the Clinger-Cohen Act.

'Specifically, while DHS has documented the policies and related procedures for project-level management, some of these procedures do not include key elements,' the technology investment control report said. 'For example, procedures for selecting investments do not cite either the specific criteria or steps for prioritizing and selecting new IT proposals.'

GAO said department officials had told them that other investment management tasks had taken priority over the job of adopting the missing technology management controls.

The auditors warned, 'Until DHS fully defines and documents policies and procedures for investment management, it risks selecting investments that will not meet mission needs in the most cost-effective manner.'

Department officials told GAO they had recently hired a portfolio manager and are recruiting another second. 'Until DHS fully implements processes to control its investments, both at the project and portfolio levels, it increases the risk of not meeting cost, schedule, benefit and risk expectations,' the IT investment report concluded.

In a written response to the investment management report, DHS officials stated that they agreed with GAO's findings and recommendations on IT investment management and would use the report to improve their policies and procedures.

Steven Pecinovsky, director of DHS' Office for Liaison with the GAO and the Inspector General Office, noted in a reply to the audit agency that Secretary Michael Chertoff's Management Directive 0007.1 assigned authority over IT investments costing more than $2.5 million to the department's chief information officer.

The second report discussed how DHS is implementing the SAFE Port Act of 2006.

The Coast Guard is taking the lead role in the task. 'Many port facility security requirements are being implemented, but not always on schedule,' the report stated.

In general, the audit agency found that despite improvements in port security, much work remains to be done.

One critical area is that of the Transportation Security Administration's troubled Transportation Worker Identification Credential (TWIC) program.

The auditors said TSA had developed plans to fix the problems and brought in additional experts to handle them, but the effectiveness of those reforms will become clear only later.

One key element of TWIC is a background check process for port workers. 'While DHS has created the Screening Coordination Office (SCO) to better coordinate the various background checks, it will be challenged to fully coordinate all the DHS screening programs, ensuring that the cost and benefits of potentially eliminating or keeping different screening programs are properly considered, and coordinating with other federal screening programs outside DHS,' the auditors warned.

inside gcn

  • cybersecurity (vs148/Shutterstock.com)

    NIST lays groundwork for encrypting IoT devices

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group