DHS Struggling with Risk Management

Michael Gips

4/1/2006 April 2006

INSURERS AND FINANCIERS have mastered the skill of risk management, which entails anticipating future events, deciding which of those expected risks the organization will bear, and allocating resources to mitigate the rest.

But their goal is profit. Applying risk management to homeland security is proving to be more difficult. A report by the Government Accountability Office (GAO) chronicles that struggle at three branches of the Department of Homeland Security (DHS): the Coast Guard, the Office for Domestic Preparedness (ODP), and the Information Analysis and Infrastructure Protection (IAIP) Directorate.

The Coast Guard has the advantages of longevity—it was established in 1913—and a less complicated mission than IAIP. As a result, it has made the most progress in establishing a risk management approach, according to the report.

It has made progress in all five phases of risk management identified by the GAO: setting goals, assessing risk, evaluating alternatives that reduce risk, applying resources and investments, and implementing and monitoring suitable countermeasures.

Yet even where the Coast Guard has done best—in assessing risk—its assessments are “limited in their reliability and completeness,” according to the government auditors. Also, while the Coast Guard can compare and rank risks at individual ports, it can’t compare or rank relative risks to “various infrastructure across ports.”

For its part, ODP “has made progress in applying risk management to the port security grant program,” but it also faces challenges. For example, it lacks performance measures that identify what outcomes the program aims to achieve.

The IAIP has made the least headway in part because of its young age (it was created in 2003) but also because of the complexity of its risk management task. It must secure all sorts of infrastructure all across the country. Among IAIP’s deficiencies, as specified by the government auditors, are its failure to develop data to determine the relative likelihood of various threats.

The GAO offers solutions, but also warns that the methods of the three agencies studied were not consistent. As a result, the agency “may end up with incompatible systems that have little or no ability to inform spending decisions on homeland security.”