Chairman Duncan, Ranking Member Barber, and Members of the Subcommittee:
I am pleased to be here today to discuss the
In 2008 the department initiated TECS Modernization (TECS Mod) to modernize existing system functionality, address known capability gaps, and move the program's infrastructure to DHS's new data centers. TECS Mod is managed as two separate programs working in parallel:
The work on which my testimony is based was conducted from
TECS is an information technology (IT) and data management system that supports DHS's core border enforcement mission. According to CBP, it is one of the largest, most important law enforcement systems currently in use, and is the primary system available to CBP officers and agents from other departments for use in determining the admissibility of persons wishing to enter the country. In addition, it provides an investigative case management function for activities carried out by ICE agents, including money-laundering tracking and reporting; telephone data analysis; and intelligence reporting and dissemination.
Over time, TECS has evolved into a multifaceted computing platform that CBP describes as a system of systems. This mainframe-based system dates back to the 1980s and interfaces with over 80 other systems from within DHS, other federal departments and their component agencies, as well as state, local, and foreign governments. It contains over 350 database tables, queries and reports (e.g., querying law enforcement records to determine if a traveler appears on a terrorist watch list), and multiple applications (e.g., ICE's existing investigative case management system). CBP agents and other users access TECS via dedicated terminals. The system is managed by
On a daily basis, the system is used by over 70,000 users and handles more than 2 million transactions--including the screening of over 900,000 visitors and approximately 465,000 vehicles every day. In addition, federal, state, local, and international law enforcement entities use TECS to create and disseminate alerts and other law enforcement information about "persons of interest." Ten federal departments and their numerous component agencies access the system to perform a part of their missions.
The current TECS system uses obsolete technology, which combined with expanding mission requirements, have posed operational challenges for CBP and others. For example, users may need to access and navigate among several different systems to investigate, resolve, and document an encounter with a passenger. In addition, CBP identified that TECS's search algorithms do not adequately match names from foreign alphabets. TECS's obsolescence also makes it difficult and expensive to maintain and support. Specifically, DHS estimates that TECS's licensing and maintenance costs are expected to be
In 2008, DHS initiated efforts to modernize TECS by replacing the mainframe technology, developing new applications and enhancing existing applications to address expanding traveler screening mission needs, improving data integration to provide enhanced search and case management capabilities, and improving user interface and data access. DHS's plan was to migrate away from the existing TECS mainframe by
CBP expects that its modernization efforts will yield certain improvements over the existing system, including the following.
. Enhancements to TECS's search algorithms to better match names from foreign alphabets; address gaps in current processes that could result in missing a person of interest. This includes an improved ability for inspectors to update information on travelers at air and sea borders at the time of encounter.
. Improvements in the flow and integration of data between CBP and its partner agencies and organizations. This is intended to aid the agency's inspectors by providing timely, complete, and accurate information about a traveler during the secondary inspection process.
CBP planned to develop, deploy, and implement these capabilities incrementally across five projects from 2008 to 2015.
. Secondary Inspection: This project is to support processing of travelers referred from primary inspection for either enforcement or administrative reasons. According to CBP, this project's functionality was fully deployed to all air and sea ports of entry in 2011, and was fully deployed to all land ports of entry in 2013.
. High Performance Primary Query and Manifest Processing: This project is intended to improve TECS data search results in order to expedite the processing of manifests from individuals traveling to
. Travel Document and Encounter Data: This project is intended to improve CBP's ability to query and validate travel documentation for both passengers and their means of conveyance. It is to be fully operational by
. Lookout Record Data and Services: This project is intended to improve the efficiency of existing data screening and analyses capabilities. It is to be fully operational by
. Primary Inspection Processes: This project is intended to modernize the overall inspection process and provide support for additional or random screening and communication functions. It is to be fully operational by
As part of each of these projects, CBP is also developing an online access portal, called TECS Portal, for authorized users to access information remotely using a modern web browser, along with security and infrastructure improvements, and the migration of data from the current system to databases in the new environment at the DHS datacenter. Ultimately, TECS Mod functionality is to be deployed to over 340 ports of entry across
ICE's TECS Mod effort is to focus on specific law enforcement and criminal justice functions; tools to support ICE officers' collection of information, data analysis, and management operations; enhanced capabilities to access and create data linkages with information resources from elsewhere in DHS and other law enforcement agencies; and capabilities to better enable investigative and intelligence operations, corresponding management activities, and information sharing. Similar to CBP, ICE intended to deliver functionality in multiple phases:
. Phase 1: Core Case Management: This phase was to encompass all case management functions currently residing in the existing TECS system. ICE planned to develop and deploy these functions in three releases beginning in 2009, and was scheduled to deploy Release 1 by
. basic electronic case management functions, including opening cases, performing supervisory review of cases, and closing cases within the system;
. development of reports for use as evidentiary material in court proceedings arising from ICE agents' investigations;
. maintenance of records relating to the subjects of ICE investigations; and
. audit capabilities to monitor system usage.
. Phase 2: Comprehensive Case Management: This phase was to expand on the features delivered as part of phase one and to be delivered in four increments starting in 2016, with an estimated completion date in fiscal year 2017.
DHS Oversight of Major IT Programs
Schedule and Cost of Both TECS Modernization Programs Are Unclear
CBP has begun delivering functionality to its users; however, its schedule and cost commitments continue to change and are still being revised. Specifically, CBP intends to modernize the functionality, data, and aging infrastructure of legacy TECS and move it to DHS's data centers. CBP plans call for developing, deploying, and implementing these capabilities in five distinct projects that are to be delivered by 2015. To date, CBP has completed one of these five projects, having completed its deployment of functionality to improve its secondary inspection processes to air, sea, and land ports of entry in 2013. CBP is in the process of revising its schedule baseline for the second time in under a year, making it unclear when the program ultimately intends to deliver needed functionality.
Exacerbating this situation is the fact that CBP has not developed its master schedule sufficiently to effectively manage work activities or monitor the program's progress. n4 Specifically, the program has not linked all the work activities in the individual project schedules, nor has it defined dependencies that exist between projects in the master schedule: approximately 65 percent of CBP's remaining work activities were not linked with other associated work activities. Thus, any delays early in the schedule do not "ripple" (i.e., transmit delays) to activities later in the schedule, meaning that management will be challenged to determine how a slip in the completion date of a particular task may affect the overall schedule. In our report, we also noted that CBP had not yet developed a detailed schedule for significant portions of the program. CBP reported in
Program officials stated these deficiencies existed because the program has only two staff members with skills needed to properly develop and maintain the schedules, and that fully documenting all the dependencies would be time consuming, and in their view, not sufficiently important to warrant the additional resources necessary to complete them. However, without a complete and integrated master schedule that includes all program work activities and associated dependencies, CBP is not in a position to accurately determine the amount of time required to complete its TECS modernization effort and develop realistic milestones.
The program's cost estimates have also changed as a result of rebaselining and are also being revised. The program's baselined life-cycle cost estimate as of
Meanwhile, ICE is replanning its
TECS Modernization's Risk Management Is Generally Consistent with Leading Practices, but Requirements Management Has Had Mixed Results
Both CBP and ICE implemented risk management practices that are generally--though not fully--consistent with leading practices, and both had mixed results in managing program requirements. Of four leading practices associated with effective risk management, CBP and ICE each fully implemented two (establishing documented risk management processes and assigning roles and responsibilities for managing risks) and partially implemented the other two (capturing all known risks and managing risk mitigation efforts through to completion). Specifically, neither program identified all known risks, nor escalated them for timely review by senior management.
Further, of four leading practices for managing program requirements, CBP fully implemented three (establishing a requirements management process, assigning roles and responsibilities for requirements development and management activities, and defining a change control process) while partially implementing the one other (eliciting user needs). However, CBP began executing key requirements activities before such practices were established, and as a result, CBP officials reported that some TECS Mod requirements were not as consistently well-formed or detailed because their process during that time lacked rigor. In ICE's case, management weaknesses and the lack of appropriate guidance for the program's requirements management process led to technical issues, testing failures, and ultimately, the deferral and/or deletion of about 70 percent of the program's original requirements. ICE issued new requirements guidance for the program in
DHS's Governance Bodies Have Taken Actions Aligned with Leading Practices, but Incomplete and Inaccurate Data Have Limited Their Effectiveness
DHS's governance bodies have taken actions to oversee the two TECS Mod programs that are generally aligned with leading practices. Specifically, they have monitored TECS Mod performance and progress and have ensured that corrective actions have been identified and tracked. However, a lack of complete, timely, and accurate data have affected the ability of these governance bodies to make informed and timely decisions, thus limiting their effectiveness. For example:
. Steering committees. In an
Moreover, the Quarterly Program Accountability Report is not issued in a timely basis, and as such, is not an effective tool for decision-makers. For example, the most recent report was published on
Until these governance bodies base their reviews of performance on timely, complete, and accurate data, they will be limited in their ability to effectively provide oversight and to make timely decisions.
Implementation of Recommendations Could Improve DHS's Efforts to Develop and Implement Its TECS Mod Programs
In our report, we made several recommendations to improve DHS's efforts to develop and implement its TECS Mod programs. Specifically, we recommended that the Secretary of Homeland Security direct the CBP Commissioner to: (1) develop an integrated master schedule that accurately reflects all of the program's work activities, as well as the timing, sequencing, and dependencies between them; (2) ensure that all significant risks associated with the TECS Mod acquisition are documented in the program's risk and issue inventory--including acquisition risks mentioned in our report--and are briefed to senior management, as appropriate; (3) revise and implement the TECS Mod program's risk management strategy and guidance to include clear thresholds for when to escalate risks to senior management, and implement as appropriate; and (4) revise and implement the TECS Mod program's requirements management guidance to include the validation of requirements to ensure that each is unique, unambiguous, and testable. In
We further recommended that the Secretary of Homeland Security direct the Acting Director of ICE to: (1) ensure that all significant risks associated with the TECS Mod acquisition are documented in the program's risk and issue inventory--including the acquisition risks mentioned in our report--and briefed to senior management, as appropriate; (2) revise and implement the TECS Mod program's risk management strategy and guidance to include clear thresholds for when to escalate risks to senior management, and implement as appropriate; and (3) ensure that the newly developed requirements management guidance and recently revised guidance for controlling changes to requirements are fully implemented.
We also recommended that the Secretary of Homeland Security direct the Under Secretary for Management and acting Chief Information Officer to ensure that data used by the department's governance and oversight bodies to assess the progress and performance of major IT acquisition programs are complete, timely, and accurate.
DHS concurred with all but one of our recommendations, disagreeing with the recommendation regarding the weaknesses in CBP's schedule. In response, DHS stated that CBP's scheduling efforts for TECS Mod were sound. However, given the weaknesses in CBP's master schedule, we continue to believe that management will be unable to determine how a slip in the completion date of a particular task may affect the overall project or program schedule, and thus, absent any changes, continuing to use it as a tool to track progress will remain ineffective.
In conclusion, after spending nearly a quarter billion dollars and over 4 years on its two TECS Mod programs, it remains unclear when DHS will deliver them and at what cost. While CBP's program has delivered one of the five major projects that comprise the program, its commitments are being revised again and the master schedule used by the program to manage its work and monitor progress has not been fully developed. Moreover, ICE's program has made little progress in deploying its system, and is now completely overhauling its original design and program commitments, placing the program in serious jeopardy of not meeting the 2015 deadline and delaying system's deployment. The importance of having updated cost and schedule estimates for both the CBP and ICE programs cannot be understated, as this important management information will provide
Chairman Duncan, Ranking Member Barber, and Members of the Subcommittee, this concludes my statement. I would be happy to answer any questions at this time.
n1 TECS was created as a system of the Customs Service, which was then a component within the
n2 GAO, Border Security: DHS's Efforts to Modernize Key Enforcement Systems Could be Strengthened, GAO-14-62 (
n3 The Acquisition Management Directive provides the overall policy and structure for acquisition management within the department and is used in planning and executing acquisitions.
n4 Our research has identified, among other things, that a key element associated with a complete and useful schedule or roadmap for executing a program such as TECS Mod is to logically sequence all work activities so that start and finish dates of future activities, as well as key events based on the status of completed and in-progress activities, can be reliably forecasted. See GAO, GAO Schedule Assessment Guide: Best Practices for Project Schedules, Exposure Draft, GAO-12-120G (
n5 This estimate is in the program's
Read this original document at: http://docs.house.gov/meetings/HM/HM09/20140206/101720/HHRG-113-HM09-Wstate-PownerD-20140206.pdf
Most Popular Stories
- Major Phone Makers Sign Anti-Phone-Theft Pledge
- India Recognizes Transgender People as 'Third Gender'
- 'Beige Book' Federal Reserve Survey, April 2014: Full Text
- Michael Bloomberg Takes Aim at the NRA
- Brands Get Caught in Bitter-Tweet Traps
- U.S. Job Market Still Needs Fed Stimulus: Yellen
- Dems in Energy States Back Away From Obama
- Depp, Pfister Are Tech Philosophers
- Man Arrested After Driving Stolen Car to Court Hearing
- U.S. Housing Starts up in March After Bitter Winter