Federal agencies have carried out numerous improvements in physical security in recent years, spurred by the 9/11 attacks, but they have limited ability to track such expenditures, especially since many of the steps were funded partially by another entity, built into rent costs or were not treated as a separate line item in their funding, GAO has said.
GAO noted that the Interagency Security Committee, chaired by DHS, has a risk management standard that federal executive branch entities are to follow, where ISC specifies enhancements entities should implement to effectively minimize risk and meet baseline levels of protection. The ISC has identified six general categories of enhancements: interior security, facility structure, security systems, facility entrance, site improvements, and operations and administration. Enhancements can include, among other things, security systems, contract guard forces, and blast resistant windows.
Auditors examined FEMA, GSA, SSA, the Marshals Service and the Smithsonian, finding that they had made such improvements and had paid for them using a range of methods such as: paying for enhancements as part of their rent to GSA; paying fees to security organizations to install or operate security screening services; and paying for enhancements during renovation projects.
The ISC’s risk management standard states that federal entities should use a cost analysis methodology that considers all costs and should establish a comprehensive performance measurement and testing program to, among other things, help allocate resources, GAO said. However, it found that the entities studied “have had difficulty implementing these parts of the standard to the degree specified by ISC, noting that further guidance would be beneficial.”
DHS concurred with GAO’s recommendation to develop guidance for helping entities meet the cost-effectiveness and performance measurement aspects of ISC’s risk management standard.
