The Department of Homeland Security (DHS) modernized its financial management systems, but the department’s cost and schedule estimates weren’t always reliable, a U.S. Government Accountability Office (GAO) study found, and its guidance and plans weren’t consistent.
GAO added DHS to the High Risk List in 2003 and narrowed the high-risk area to IT and financial management in 2023. DHS has been executing a multiyear plan to address this, but much work remained in 2025, the GAO concluded.
GAO reviewed DHS’s modernization efforts to update its July 2024 evaluation of DHS’s systems modernization. It evaluated the cost estimates and schedule assessments for two major DHS system modernizations and identified applicable criteria and leading practices for data migration, organizational change management, and lessons learned.
DHS’s financial management systems affect many of its component agencies including the U.S. Coast Guard, the Federal Emergency Management Agency (FEMA), and U.S. Immigration and Customs Enforcement (ICE).
GAO addresses three areas. It evaluates the extent to which DHS ensured a reliable cost estimate and schedule assessment for two key major modernization efforts. It determines whether DHS’s plans and guidance are consistent with leading practices for data migration, organizational change management, and lessons learned. It determines whether its plans and guidance describe how DHS used the Coast Guard’s implementation experience to inform plans for FEMA’s and ICE’s efforts.
During its research, GAO found that cost estimates for one system modernization was reliable while another met three of four characteristics, two program schedules were unreliable, guidance and financial systems modernization plans varied in consistency, financial systems modernization data migration is partially consistent, and some component planning documents lacked details.
“By not fully incorporating leading practices in both guidance and component planning documentation, DHS increases the risk of data errors, time needed to resolve those errors, potential delays in achieving full operational capability, and limiting users’ ability to effectively operate the system,” GAO said.
GAO made five recommendations for the secretary of Homeland Security and the Joint Program Management Office. They should develop reliable program schedule estimates, ensure relevant offices to update department-wide data migration guidance, update data migration planning documentation, fully apply its guidance in organizational change management plans, and update lessons-learned guidance to be consistent.