US security savings prove hard to pin down

The consolidation and integration of IT systems from the 22 federal agencies that now make up the US Department of Homeland...

The consolidation and integration of IT systems from the 22 federal agencies that now make up the US Department of Homeland Security were supposed to save taxpayers tens of millions of dollars.

But in the 12 months since the DHS officially opened its doors, the agency has had no way of knowing for sure how much, if any, savings have or will accrue from that consolidation, according to a report released by the US General Accounting Office (GAO), which reports to Congress. 

The reason cited by the GAO is that the department's IT Investment Review Group, which includes DHS chief information officer Steve Cooper and 11 other senior officials, relied on "an informal and undocumented process" to review and approve more than $4bn in IT investments. 

Those reviews were required after the White House Office of Management and Budget (OMB) in July 2002 froze the IT budgets of the agencies moving into the new department until they could be studied to ensure they supported the DHS overall IT strategy. 

Potential savings over a two-year period from DHS-wide consolidation and integration were estimated at between $100m and $200m for IT infrastructure and at $65m to $85m for business systems.

However, an OMB IT representative told GAO investigators that these estimates were rough approximations and that no documentation existed to support how they were derived. 

Although GAO investigators acknowledged that the DHS is making progress in reviewing approximately 100 IT programs that are eligible for review by its two top-level departmental investment management boards, the agency is having difficulty bringing all of these programs before the boards in a timely manner.

In addition, the "DHS has not established a process to ensure that key reviews of component agency IT investments subject to departmental reviews are performed in a timely manner", the GAO report concluded. 

And, while the department's capital planning and investment-control guide stated that the Office of the CIO was responsible for maintaining a control review schedule for all initiatives in the DHS IT investment portfolio, as of 2 January this year, this schedule had not been developed. 

DHS officials did not provide any detailed comments on the report. Instead, officials from the office of the CIO informed the GAO that the report was "factually accurate". 

However, CIOs and analysts said that for such a large organisation to manage a $4bn integration effort without formal, documented processes is unheard of in private industry. 

"It is extremely odd," said Norbert Kubilus, a CIO-for-hire with Tatum CIO Partners in Los Angeles. "That's a disaster waiting to happen. They should have done an integration study to create a future model of where they want to go."

He added that DHS officials should be able to compare costs with future costs with a reasonable amount of accuracy. "It's a basic post-merger-and-acquisition scenario." 

Most senior executives and consultants tend to underestimate the effort required to achieve IT consolidation, Kubilus said.

Dan Verton writes for Computerworld

Read more on IT legislation and regulation