What GAO Found
GAO's prior work includes four areas for agency officials' consideration when evaluating or implementing a reorganization or transformation.
First, GAO reported in May 2012 on key questions to consider when evaluating an organizational change that involves consolidation, such as what are the goals of the consolidation and how have stakeholders been involved in the decision-making? For reorganization implementation, GAO's prior findings reported in July 2003 include lessons learned from the experiences of large private and public sector organizations. The resulting practices GAO developed include ensuring that top leadership drives the transformation and establishing a communication strategy to create shared expectations and report related progress.
Second, GAO reported in March 2012 that successful government reorganizations balanced executive and legislative roles. Specifically, GAO reported that all key players should be engaged in discussions about reorganizing government: the President, Congress, and other parties with vested interests. It is important that consensus is obtained on identified problems and needs, and that the solutions the U.S. government legislates and implements can effectively remedy the problems the nation faces in a timely manner. Fixing the wrong problems, or even worse, fixing the right problems poorly, could cause more harm than good.
Third, GAO's applicable high-risk work identifies areas that agency officials should consider as part of a reorganization. For example, one high-risk area is securing cyber critical infrastructure and federal information systems and protecting the privacy of personally identifiable information. Specifically, safeguarding the systems that support critical infrastructures—referred to as cyber critical infrastructure protection—is a continuing concern cited in GAO's 2015 High Risk Series Update report. Given the National Protection and Programs Directorate's (NPPD) current cybersecurity activities, addressing these concerns in any reorganization effort would be critical. For example, NPPD conducts analysis of cyber and physical critical infrastructure interdependencies and the impact of a cyber threat or incident to the Nation's critical infrastructure. Sustained attention to this function is vitally important.
Fourth, GAO has identified areas where agencies may be able to achieve greater efficiency or effectiveness by reducing programmatic duplication, overlap, and fragmentation. Since 2011, GAO has reported annually on this topic. Several of its findings in the reports relate to DHS and NPPD activities. For example, in 2015 GAO reiterated a September 2014 recommendation that DHS should mitigate potential duplication or gaps by consistently capturing and maintaining data from overlapping vulnerability assessments of critical infrastructure and improving data sharing and coordination among the offices and components involved with these assessments, of which NPPD is one. DHS agreed with the recommendation. Attention to potential programmatic overlap, duplication, and fragmentation during an NPPD reorganization could improve the agency's overall efficiency.
Why GAO Did This Study
NPPD is the DHS component responsible for addressing physical and cyber infrastructure protection, a mission area of critical importance in today's threat environment. Critical infrastructure owners and operators continue to experience increasingly sophisticated cyber intrusions and a “cyber-physical convergence” has changed the risks to critical infrastructure ranging from energy and transportation to agriculture and health care, according to a DHS strategic review.
NPPD's potential reorganization is the latest in DHS's organizational evolution. In 2003, GAO designated implementing and transforming DHS as high risk because DHS had to transform 22 agencies—several with major management challenges—into one department. The overriding tenet has consistently remained DHS's ability to build a single, cohesive, and effective department that is greater than the sum of its parts—a goal that requires effective collaboration and integration of its various components and management functions. This statement describes key factors for consideration in a NPPD reorganization. It includes observations from GAO's prior work on organizational change, reorganization, and transformation, applicable themes from GAO's high risk list, and NPPD related areas from GAO's work in assessing programmatic duplication, overlap, and fragmentation.
This testimony is based on reports we issued from 2003 through 2015.
For more information, contact Chris Currie at (404) 679-1875 or curriec@gao.gov.