GAO urges external reviews of Homeland Security acquisition

The Homeland Security Department could strengthen its problem-ridden contract system by improving interagency communication and inviting external reviews, according to a report released Wednesday by the Government Accountability Office.

DHS has faced contracting oversight problems since 2003, when it was created from 22 different agencies, nine with their own pre-existing contract offices and acquisition procedures. The report (GAO-07-900) praised the department's current contract oversight program, saying it "incorporates basic principles of an effective and accountable acquisition function." Nonetheless, GAO said there are many ways DHS can continue to improve.

The report cited inefficiencies in DHS acquisition planning. GAO also recommended that the department undergo semi-regular third-party acquisition reviews to make sure the oversight plan doesn't become ineffective over time, and distribute the results of these reviews throughout the department so heads of internal agencies can discuss and learn from them.

The acquisition planning process came under heavy fire after the Hurricane Katrina disaster in 2005. According to an inspector general report released in December 2006, inadequate contract planning by DHS and the Federal Emergency Management Agency, which is part of the department, led to overspending and inefficient resource allocation during the hurricane. In response to the criticism, DHS revamped its acquisition planning review process. But the new process still has too many loopholes, GAO said.

The DHS chief procurement officer must review any acquisition plans that exceed a contract value of $50 million, for most agencies within the department. The CPO can suggest changes, but GAO said the current system doesn't require agencies to implement the suggestions.

The second part of acquisition planning relies on the agencies' head contracting officers to perform annual reviews. The CPO, however, does not track whether these reviews actually take place. GAO found that many DHS agency heads were unaware of the requirement and hadn't done the review.

Finally, all agency contracting heads must submit contract information to a department-wide database. The database would make it easier for the CPO to keep track of the agency's contract commitments. But currently there's no way for the CPO to monitor whether the required information is entered into the database, and the database itself doesn't contain historical data.

DHS agreed with GAO's assessment. In a written reply, the department said it will make it mandatory for agencies to apply the CPO's reforms to their contracting systems if the CPO finds, upon review, that the agency doesn't comply with existing regulations. Additional training for agency contracting chiefs will stress the importance of CPO suggestions and acquisition planning reviews, and the department will change the database to accommodate historical data.

DHS also will explore the possibility of establishing third-party reviews, performed by groups with experience in federal acquisition. The department will disseminate the results of internal and external reviews at monthly meetings with agency contracting heads, and use the results to come up with performance goals for head contracting officers.

Department officials disagreed with only one of GAO's recommendations. Auditors suggested that since agency contracting heads report indirectly to the CPO, the CPO has insufficient authority to enforce the oversight program. GAO offered similar criticism in previous reports. DHS responded by saying that currently, the CPO can "revoke or restrict" the authority of any agency's head contracting officer, and that the CPO helps select and evaluate agency contracting chiefs.

GAO found that the three other key aspects of DHS' acquisition oversight plan -- a self-assessment to be performed by each agency, an operational status review to be done by the agency acquisition head and the CPO, and an on-site review -- were generally sound. The first and second assessments are already underway, and the system will be effective so long as agencies are encouraged to adopt the CPO's suggested reforms.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.