GAO Report Says C-TPAT Reduces Scrutiny With Limited Assurance of Improved Security (Part II - Final)

This report examines: (1) what benefits U.S. Customs and Border Protection (CBP) provides to Customs-Trade Partnership Against Terrorism (C-TPAT) members, (2) how CBP determines eligibility for C-TPAT benefits, (3) what process CBP uses to verify that members have implemented security measures, and (4) how well CBP manages C-TPAT.

This is Part II, the final part of a two-part series of summaries on this GAO report. Part II describes the GAO's finding that CBP has made incomplete progress in addressing C-TPAT management weaknesses, the GAO's recommendations for executive action, as well as CBP's response to these recommendations. (See ITT's Online Archives or 06/21/05 news, 05062110, for Part I of BP's summary of the GAO's report, which outlined CBP's C-TPAT validation process and certain verification weaknesses.)

CBP Has Made Incomplete Progress in Addressing Management Weaknesses

The GAO's report describes various areas where CBP's progress in addressing C-TPAT management weaknesses has been incomplete. These areas include:

CBP has not completed a human capital plan. The GAO explains that as a companion to developing a strategic plan for C-TPAT (see below for details of the strategic plan), CBP is developing an implementation plan to address the lower-level strategies for carrying out the program's goals. CBP told the GAO that it is still developing the implementation plan for the program but that it will include those elements required in a human capital plan.

CBP has not completed development of performance measures. CBP has told the GAO that it continues developing a comprehensive set of performance measures and indicators for C-TPAT and notes that it has been tasked to develop the following two performance measures for C-TPAT and its other programs: (1) a main measure that would reflect program outcomes; and (2) an efficiency measure that would reflect time or cost savings achieved through the program.

CBP officials have explained that developing performance measures has been difficult in the case of C-TPAT. These officials explain that it is difficult to measure program effectiveness as CBP lacks data necessary to exhibit whether a program has prevented or deterred a terrorist activity. CBP also commented that it has developed initial measures for C-TPAT but will continue to develop and refine these measures to ensure program success.

C-TPAT records management practices are inadequate. The GAO contends that CBP's record keeping for C-TPAT is incomplete, as key decisions are not always documented and programmatic information is not updated regularly or accurately. Among other issues, the GAO notes that in reviewing C-TPAT records, it was not always clear what aspect of the security profile was being validated and why a particular site was selected at which to conduct the validation because there was not always documentation of the decision-making process.

CBP officials have stated to the GAO that CBP recently revised the C-TPAT validation report format to better capture any justification for report recommendations and best practices identified.

The GAO further notes that C-TPAT validation report files were generally not complete, with most files not containing anything beyond copies of the member's C-TPAT agreement, security profiles, and validation report. The GAO also notes that CBP has no requirement that supply chain specialists document their communications.

Moreover, the GAO found that CBP's database information was also incomplete, as many of the data fields were either missing or inaccurate. CBP officials told GAO that they are currently exploring other data management systems, working to develop a new, single database that would capture pertinent data, as well as developing a paperless environment for the program.

GAO Recommends DHS Secretary and CBP Commissioner Take Certain Actions

In order to help CBP achieve C-TPAT objectives and address the challenges associated with its continued development, the GAO is recommending that the Secretary of Homeland Security and the CBP Commissioner take the following five actions:

Provide guidance to specialists conducting validations. Strengthen the validation process by providing appropriate guidance to specialists conducting validations, including what level of review is adequate to determine whether member security practices are reliable, accurate, and effective;

Determine numbers and percentage of members that should be validated. Determine the extent (in numbers or percentage) to which members should be validated in lieu of the original goal to validate all members within 3 years of certification;

Develop performance measures. Complete the development of performance measures, to include outcome-based measures and performance targets, to track the program's status in meeting its strategic goals;

Complete human capital plan. Complete a human capital plan that clearly describes how the C-TPAT program will recruit, train, and retain sufficient staff to successfully conduct the work of the program, including reviewing security profiles, vetting, and conducting validations to mitigate program risk; and

More reliable records management. Implement a records management system that accurately and timely documents key decisions and significant operational events, including a reliable system for: (1) documenting and maintaining records of all decisions in the application through validation processes, including but not limited to documentation of the objectives, scope, and methodologies, and limitations of validations; and (2) tracking member status.

CBP's Response to GAO's Recommendations

CBP has already issued a final strategic plan. The GAO also states that its draft report included a recommendation to complete a formal strategic plan clearly articulating goals, linkages, and strategies. In January 2005, CBP issued a final strategic plan for C-TPAT. The GAO states that its brief review of this document indicates that the strategic plan appears to address the intent of the GAO's recommendation. The GAO also offers suggestions for ensuring the effectiveness CBP's strategic plan. See ITT's Online Archives or 01/19/05 news, 05011905, for BP summary of CBP's final strategic plan for C-TPAT.

CBP agrees with recommendations regarding validation process. The GAO states that CBP agreed with its two recommendations on validations and said CBP will readdress the validation process. Specifically, CBP states that it was developing standard operating procedures, guidance, and written baseline criteria for the validation process, as well as an automated validation tool to document validations.

CBP also agreed to determine the extent to which C-TPAT members should be validated, stating that it will develop member selection criteria and an automated system to standardize and assist in the selection of companies for validation. The GAO believes that, if properly implemented, these actions should address the intent of these recommendations.

(According to a CBP Trade Symposium document and recent testimony by CBP's Commissioner, in April 2005 C-TPAT specialists began using an Automated Validation Assessment Tool, which is an electronic questionnaire that automatically scores and weighs the findings of the Supply Chain Specialist to produce an overall assessment of the supply chain security measures in place.

In addition, CBP is now prioritizing the importer and carrier sectors in its validation selection process, as these are the C-TPAT enrollment sectors with the greatest ability to leverage their corporate strength and demand more security enhancement from foreign entities. See ITT's Online Archives or 06/14/05 and 06/17/05 news, 05061410 and 05061705, for BP summaries.)

CBP agrees with recommendation to develop performance measures. The GAO states that CBP also agreed with the recommendation that it develop performance measures and has developed initial measures relating to membership, inspection percentages, and validation effectiveness. The GAO notes that CBP has developed new performance measures for use in the Fiscal Year (FY) 2006 Homeland Security Plan and plans to enlist the help of a contractor to develop other outcome-based performance measures and targets. The GAO surmises that if properly implemented, these plans should help address the intent of this recommendation.

CBP still developing implementation plan that will include human capital elements. In response to the GAO's recommendation that it complete a human capital plan for the C-TPAT program, CBP stated that it is still developing an implementation plan for the program that will include those elements required in a human capital plan.

See GAO report for more details of CBP's response, including its concerns with certain aspects of the report, etc.

(See ITT's Online Archives or 06/20/05 news, 05062010, for BP summary of an expert's Congressional testimony on C-TPAT and CSI benefits and shortcomings as well as recommended solutions, including third party validations.

See ITT's Online Archives or 06/17/05 news, 05061705, for BP summary of CBP Commissioner's Congressional testimony on CBP's move to a two-tiered system for certain C-TPAT benefits, based on whether or not a member company has been validated.)

GAO Report (GAO-05-404, dated March 2005) available athttp://www.gao.gov/new.items/d05404.pdf