The Federal Protective Service has authority to delegate to individual agencies the responsibility for physical security of their buildings but does not have accurate records of such situations, GAO has said.
FPS is responsible for the security of some 9,000 facilities owned or leased by GSA but also may receive and recommend to its parent DHS requests by agencies to protect their own facilities. The governing “standards for internal control” require FPS to accurately identify all such delegations and provide agencies with reliable and timely information.
GAO, however, found that of 62 such delegations that FPS identified as active, 12 had either expired or rescinded. FPS attributed that to poor record keeping but GAO said the underlying problem is that FPS “has not established procedures to ensure data reliability. Without reliable data on delegations of authority, FPS will face challenges effectively managing this program.”
FPS’s model for estimating the costs associated with a delegation further do not comply with best practices to help ensure estimates that are well documented, accurate, and credible, GAO said. For five of the six agency requests for new or renewed delegations of authority that GAO analyzed, FPS did not conduct the required cost and security- capabilities analyses before making its recommendation to grant, renew, or rescind the delegation, it added.
DHS concurred with recommendations to improve controls in those areas.