COSO. Enterprise Risk Management — Integrated Framework – Executive Summary. Committee of Sponsoring Organizations of the Treadway Commission. September 2004. (CORE1106)

/0 Comments/in , , , , , , , , /by

Summary: The Committee of Sponsoring Organizations of the Treadway Commission, COSO, defines Enterprise Risk Management, ERM, as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. The entity objectives are set forth in following four categories: (i) Strategic – high-level goals, aligned with and supporting its mission; (ii) Operations – effective and efficient use of its resources; (iii) Reporting – reliability of reporting; and (iv) Compliance – compliance with applicable laws and regulations. According to COSO, ERM enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. Within the context of FP7-CORE project – and, supply chain security management in general – ERM can be seen as a useful approach particularly when it comes to aligning security risk appetite and strategy; to enhancing security risk response decisions; and to reducing security related operational surprises and losses. Some other ERM aspects such as seizing opportunities (“positive risks”) may not apply in supply chain security management context. One more interesting note, which could also be applied for supply chain security: everyone in an entity has some responsibility for ERM. This executive summary document is available for download at: http://www.coso.org/documents/coso_erm_executivesummary.pdf

[s2If is_user_logged_in()]

Full review:
Background: The first version of the “Internal Control – Integrated Framework” was issued by the Committee of Sponsoring Organizations of the Treadway Commission, COSO, in early 1990s, to help businesses and other entities assess and enhance their internal control systems. The change of the millennium saw heightened concern and focus on risk management, and it became clear that a need exists for a robust framework to effectively identify, assess, and manage risk.  In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers, to develop a framework that would be readily usable by managements to evaluate and improve their organizations’ enterprise risk management.
According to COSO (p.1), Enterprise Risk Management, ERM, encompasses:
•    Aligning risk appetite and strategy – Management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks.
•    Enhancing risk response decisions –Enterprise risk management provides the rigor to identify and select among alternative risk responses – risk avoidance, reduction, sharing, and acceptance.
•    Reducing operational surprises and losses – Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses.
•    Identifying and managing multiple and cross-enterprise risks – Every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks.
•    Seizing opportunities – By considering a full range of potential events, management is positioned to identify and proactively realize opportunities.
•    Improving deployment of capital – Obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation.
COSO (pp.3-4) states that ERM consists of eight interrelated components, derived from the way management runs an enterprise and are integrated with the management process:
•    Internal Environment – The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.
•    Objective Setting – Objectives must exist before management can identify potential events affecting their achievement.  Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite.
•    Event Identification – Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes.
•    Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed.  Risks are assessed on an inherent and a residual basis.
•    Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite.
•    Control Activities – Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.
•    Information and Communication – Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities.  Effective communication also occurs in a broader sense, flowing down, across, and up the entity.
•    Monitoring – The entirety of enterprise risk management is monitored and modifications made as necessary.  Monitoring is accomplished through ongoing management activities, separate evaluations, or both.
Lastly, as potential readers / users of this report, COSO suggests following: Board of Directors; Senior Management; Managers and other personnel; Regulators; Professional Organizations; and Educators.
CORE1106
https://www.dropbox.com/s/aetbp8jr6dr4z31/CORE1106-coso_erm_executivesummary.pdf?dl=0

[/s2If]

COSO. Enterprise Risk Management — Integrated Framework – Executive Summary. Committee of Sponsoring Organizations of the Treadway Commission. September 2004. (CORE1106)

/0 Comments/in , , , , , , , , , /by

Summary: The Committee of Sponsoring Organizations of the Treadway Commission, COSO, defines Enterprise Risk Management, ERM, as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. The entity objectives are set forth in following four categories: (i) Strategic – high-level goals, aligned with and supporting its mission; (ii) Operations – effective and efficient use of its resources; (iii) Reporting – reliability of reporting; and (iv) Compliance – compliance with applicable laws and regulations. According to COSO, ERM enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. Within the context of FP7-CORE project – and, supply chain security management in general – ERM can be seen as a useful approach particularly when it comes to aligning security risk appetite and strategy; to enhancing security risk response decisions; and to reducing security related operational surprises and losses. Some other ERM aspects such as seizing opportunities (“positive risks”) may not apply in supply chain security management context. One more interesting note, which could also be applied for supply chain security: everyone in an entity has some responsibility for ERM. This executive summary document is available for download at: http://www.coso.org/documents/coso_erm_executivesummary.pdf

[s2If is_user_logged_in()]

Full review:

Background: The first version of the “Internal Control – Integrated Framework” was issued by the Committee of Sponsoring Organizations of the Treadway Commission, COSO, in early 1990s, to help businesses and other entities assess and enhance their internal control systems. The change of the millennium saw heightened concern and focus on risk management, and it became clear that a need exists for a robust framework to effectively identify, assess, and manage risk. In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers, to develop a framework that would be readily usable by managements to evaluate and improve their organizations’ enterprise risk management.

According to COSO (p.1), Enterprise Risk Management, ERM, encompasses:

  • Aligning risk appetite and strategy – Management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks.
  • Enhancing risk response decisions –Enterprise risk management provides the rigor to identify and select among alternative risk responses – risk avoidance, reduction, sharing, and acceptance.
  • Reducing operational surprises and losses – Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses.
  • Identifying and managing multiple and cross-enterprise risks – Every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks.
  • Seizing opportunities – By considering a full range of potential events, management is positioned to identify and proactively realize opportunities.
  • Improving deployment of capital – Obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation.

COSO (pp.3-4) states that ERM consists of eight interrelated components, derived from the way management runs an enterprise and are integrated with the management process:

  • Internal Environment – The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.
  • Objective Setting – Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite.
  • Event Identification – Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes.
  • Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis.
  • Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite.
  • Control Activities – Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.
  • Information and Communication – Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.
  • Monitoring – The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.

Lastly, as potential readers / users of this report, COSO suggests following: Board of Directors; Senior Management; Managers and other personnel; Regulators; Professional Organizations; and Educators.

CORE1106

[/s2If]

C-TPAT Program Benefits Reference Guide, 2014 (CORE1032)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This guidebook outlines the key elements and benefits of the Customs-Trade Partnership Against Terrorism (C-TPAT) program that is designed to secure global supply chains and to improve United States border security. Document is available at: https://www.cbp.gov/sites/default/files/documents/C-TPAT%20Program%20Benefits%20Guide.pdf (link tested on 3 March 2016)

[s2If is_user_logged_in()]

Full review: C-TPAT partners receive a wide range of benefits listed below:

  • C-TPAT Partners are examined at a considerably lower rate than non-C-TPAT Partners.
  • C-TPAT certified/validated highway carrier Partners are granted expedited border crossing privileges. C-TPAT Partners at many Canada/Mexico land border ports of entry have access to Free and Secure Trade (FAST) Lanes.
  • Some categories of C-TPAT importer Partners are exempt from stratified exams.
  • C-TPAT shipments subject to examination are moved ahead of any non-C-TPAT shipments, to the extent possible.
  • In the event of a significant disruption/delay in cargo processing operations, actions are taken to maintain communication and coordination with C-TPAT Partners for business resumption.
  • C-TPAT Partners’ trade compliance issues are given priority over those issues related to non-C-TPAT Partners.
  • Each C-TPAT Partner is assigned a Supply Chain Security Specialist (SCSS) who coordinates between the C-TPAT Partner and the US Customs and Border Protection agency (CBP). The Specialist also assists the Partner with supply chain security issues.
  • Partners have access to the C-TPAT’s automated Portal system, to communicate with CBP and exchange program related information in a secure manner.
  • C-TPAT Partners are eligible to attend C-TPAT events like the annual Conference and other training seminars organized by the program.
  • C-TPAT importer Partners are eligible to participate in the Importer Self-Assessment (ISA) Program.
  • The Penalty Mitigation benefit is granted to sea carriers for late submission of data required under the Importer Security Filing requirements.
  • C-TPAT members are eligible to participate in other U.S. Government pilot programs, such as the Food and Drug Administration’s Secure Supply Chain program.

In addition, some benefits are associated with Mutual Recognition Arrangements (MRAs) when two customs authorities formally acknowledge the security requirements or standards of one program, as being equivalent to the other program. Some of the resulting benefits to the trade community are illustrated below:

  • C-TPAT importer Partners that also conduct export operations and Partners of the foreign Customs Administration programs (manufacturers and exporters of record) are granted a reduction in their overall cargo risk score, implying fewer examinations at export and import ports.
  • A C-TPAT validation for an overseas partner is not required if an MRA is in place because CBP recognizes the status of the Partner in the foreign partnership program.
  • Companies covered by MRAs need only to comply with a common set of security requirements, avoiding the hassle of following multiple sets of requirements from one partnership program to another.
  • MRAs lead to more transparency in international commerce. Mutual exchange of information between these partners facilitates trade across Mutual Recognition Partner nations.

CORE1032

[/s2If]

C-TPAT Best Practices Catalog Addendum, 2009 (CORE1031)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This addendum document lists cargo security best practices with focus on prevention of weapons of mass effect, terrorists, and/or contraband from infiltrating into the international supply chain. Each best practice is linked to a specific business entity, such as a Manufacturing Company, a Highway Carrier, an Importer or a Foreign Consolidator but these may apply to other business types as well. The document is available at: https://www.cbp.gov/sites/default/files/documents/ctpat_bpa_2009_0.pdf (link tested on 3 March 2016)

[s2If is_user_logged_in()]

Full review: The best practices are outlined as follows:

Risk assessment: Programs are in place to enable the identification of the most vulnerable supply chain areas, to grade suppliers supply chain security criteria. Specific processes have been developed to manage the supplier’s products, software and services and internal monitoring systems to enhance the safety and security procedures.

Business partner requirements: Several security measures have been taken by entities. These include conducting supply chain security audits to ensure compliance of non-C-TPAT business partners; carrying out security audits of a foreign manufacturer; making security self-assessments, conducting onsite inspections to ensure freight security; shipping cargo only through accredited ports and steamship lines; monitoring compliance of manufacturing facilities; screening procurements to identify ineligible status of suppliers, and performing audits of business partners.

Conveyance/Container/Trailer Security: Examples of such security practices are: integrating special security features in the GPS (global positioning system); using laser beams to protect trailers; using colour codes for matching consignments; installing infrared sensors in docks to prevent unauthorized access; using special codes to identify correct shipments; documenting all seal changes for shipments in transit; ensuring delivery by authorized Company drivers; sealing containers; operating through C-TPAT carriers; using only “seaworthy” containers; installing in-transit temperature data sensors to ensure product quality; enclosing container storage area; conducting non-intrusive inspection prior to loading a vessel; establishing specific inspection points; using multiple security devices on each container; using automated container yards; instructing foreign suppliers to provide inspection checklists; using dock locking arms for container storage; installing motion sensors in a trailer; operating through contracted highway carriers and security services; documenting a seal destruction policy, and so forth.

Physical Access Controls: Some practices by Importers include establishing multiple security stations within the building; using metal detectors for employees; installing an electronic swipe card/ lock box systems for access control for sensitive documents; conducting electronic scanning of visitors’ drivers licenses; utilizing a third-party software system to manage key inventory; and providing panic buttons for company employees.

Physical Security: Several innovative solutions have been designed to ensure physical security, such as electronically closing gates and activating tire puncturing devices to prevent vehicle exits; using an electronic security information reporting system, installing invisible electronic fences; installing laser sensors; setting up optical light beams to detect intruders; fitting double locks on doors; Installing infrared sensors on fences; using body alarm functions for emergencies; appointing patrolling guards, using multiple glass meeting rooms; using multiple interior infrared security alarm beams to detect unauthorized access; and installing security guard view towers.

Personnel Security: An Importer requires business partners to provide a monthly master list of employees and immediately notify when their employees are hired or terminated, in order to ensure that only authorized business partner’s employees enter the manufacturing facilities.

Security Training/Threat Awareness/Outreach: Business entities have invested in a wide range of training programs. One such initiative is the four-tier C-TPAT training targeted for management and supervisors, shipping and receiving personnel, internal personnel dealing with contractors and hourly staff. Other businesses use different approaches, like establishing an online training portal;; offering general security training and of site-specific training for security guards; issuing security advisories; making regular security awareness assessments; establishing a situation matrix chart to address possible incidents; establishing a direct communication channel between the president of the company and employees; putting in place a toll free hotline for company personnel; conducting security drills and exercises; establishing a web-based security awareness training; documenting security incidents in a central database; and establishing a global communication system to contact all employees and contractors remotely.

Procedural Security: Instances of this type of security measures include a bio-thermal intrusion alarm system; a global SAP network to generate all written orders for import and export; automatic screening procedures of purchase orders for restricted parties; lock boxes for sensitive documentation; an automated loading module called the Automatic Truck Loading System (ATLS); a container seal number as the shipment tracking (invoice/bill of lading) number, and so forth.

Information Technology (IT) Security: Such security practices include a biometric fingerprint door lock; a remote data backup center; a retina scanning system for access to the computer system; requiring supervisory approval to copy data; use of electronic password protected purchase orders; establishing a daily “e-test” for employees to access computers, and so forth.

CORE1031

[/s2If]

SUPPLY CHAIN SECURITY – U.S. Customs and Border Protection Has Enhanced Its Partnership with Import Trade Sectors, but Challenges Remain in Verifying Security Practices, GAO, April 2008 (CORE1011)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The GAO report discusses the progress the Customs and Border Protection (CPB), a component agency of the US Department of Homeland Security (DHS), has made since 2015 with its flagship business-private supply chain security program Customs-Trade Partnership Against Terrorism (C-TPAT). The report focuses on three main areas of the C-TPAT’s management and governance: (1) awarding benefits for the C-TPAT compliant companies, (2) validating the member companies’ security compliance and (3) addressing CBP’s staffing challenges that the increasing popularity of the C-TPAT program brings. The report recommends CPB to improve its C-TPAT validation processes and instruments and to establish performance criteria for assessing the program’s impact on supply chain security and trade facilitation. The C-TPAT program and this GAO report contain useful information for the CORE’s demonstrations that import goods into the US. Also the CORE’s risk cluster can learn about opportunities and challenges a voluntary, risk-based supply chain security entails. The report is available at http://www.gao.gov/assets/280/274773.pdf.

[s2If is_user_logged_in()]

Full review: This report contains information that is particularly useful for two CORE demonstrators that cover US imports. The first WP9 demonstration is about shipping automobile parts from the EU to the US via the port of Bremerhaven. In this demo, the General Motors (GM) is the importer. Because GM holds a C-TPAT certificate, most of the information this report offers about the status and challenges of the C-TPAT program must be of interest for the company and for its CORE demonstration. The same applies to the WP14 demonstration “FALACUS” that is about importing ceramic tiles from Italy to the US via the Port of La Spezia. The demonstration has to deal with the C-TPAT program, and therefore the demo partners’ might benefit from studying this GAO report. In addition to the demonstrations, this report might support the work of the CORE’s risk cluster because the document discusses in detail challenges and possibilities of a voluntary, risk-based supply chain security program, which builds on business-government collaboration.

Cross-references:

Supply Chain Security: Examinations of High-Risk Cargo at Foreign Seaports Have Increased, but Improved Data Collection and Performance Measures Are Needed. GAO-08-187. Washington, D.C.: January 25, 2008.

Maritime Security: The SAFE Port Act and Efforts to Secure Our Nation’s Seaports. GAO-08-86T. Washington, D.C.: October 4, 2007.

Maritime Security: Observations on Selected Aspects of the SAFE Port Act. GAO-07-754T. Washington, D.C.: April 26, 2007.

Combating Nuclear Smuggling: Additional Actions Needed to Ensure Adequate Testing of Next Generation Radiation Detection Equipment. GAO-07-1247T. Washington, D.C.: September 18, 2007.

Cargo Container Inspections: Preliminary Observations on the Status of Efforts to Improve the Automated Targeting System. GAO-06-591T. Washington, D.C.: March 30, 2006.

Additional keywords: Border security, customs-trade partnership against terrorism (C-TPAT), supply chain security, counter-terrorism

CORE1011

[/s2If]

SUPPLY CHAIN SECURITY – Examinations of High- Risk Cargo at Foreign Seaports Have Increased, but Improved Data Collection and Performance Measures Are Needed, GAO, January 2008 (CORE1010)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This report reviews the progress that the US Customs and Border Protection (CBP) has made with the Container Security Initiative (CSI) – a program for screening US-bound high-risk shipping containers in foreign ports with X-ray and radiation detection solutions – since the latest 2005 GAO review. The report discusses how the CBP’s CSI efforts have (1) contributed to the long-term, strategic planning on the US supply chain security, (2) strengthened CSI activities worldwide and (3) established means to evaluate performance of the CSI activities. The report recommends CBP to develop its data collection practices that are related to the CSI team performance and the host government’s inspections of the US-bound containers. This report provides relevant information for CORE demonstrations that deal with US-bound maritime logistics and commerce. Also the risk cluster might benefit from the descriptions of the US risk-based supply chain security scheme – Automated Targeting System (AST), 24-hour rule and the importer security filing 10+2 – that the report elaborates in detail. The report is available at http://www.gao.gov/new.items/d08187.pdf.

[s2If is_user_logged_in()]

Full review: This GAO report elaborates the status and challenges of the US Container Security Initiative, but it also provides a comprehensive outlook on the US maritime supply chain security. This information is likely to be relevant for the CORE’s demonstrations (WP9 and WP14) that deal with US-bound container traffic. The report is a good reference document for those CORE work packages that seek to describe the state-of-the-art of the global supply chain and that are producing relevant training material on supply chain security. The CORE’s risk and IT clusters benefit from the information the report offers on risk-based security solutions that use advance cargo information to calculate risk scores for US-bound shipments by the aid of automatic risk assessment algorithms.

Cross-references:

  • Preventing Nuclear Smuggling: DOE Has Made Limited Progress in Installing Radiation Detection Equipment at Highest Priority Foreign Seaports. GAO-05-375. Washington, D.C.: March 31, 2005.
  • Homeland Security: Process for Reporting Lessons Learned from Seaport Exercises Needs Further Attention. GAO-05-170. Washington, D.C.: January 14, 2005.
  • Port Security: Better Planning Needed to Develop and Operate Maritime Worker Identification Card Program. GAO-05-106. Washington, D.C.: December 10, 2004.
  • Maritime Security: Substantial Work Remains to Translate New Planning Requirements into Effective Port Security. GAO-04-838. Washington, D.C.: June 30, 2004.
  • Homeland Security: Summary of Challenges Faced in Targeting Oceangoing Cargo Containers for Inspection. GAO-04-557T. Washington, D.C.: March 31, 2004.
  • Container Security: Expansion of Key Customs Programs Will Require Greater Attention to Critical Success Factors. GAO-03-770. Washington, D.C.: July 25, 2003.

Additional keywords: Container Security Initiative (CSI), counter-terrorism, homeland security, maritime supply chain security

CORE1010

[/s2If]

SUPPLY CHAIN SECURITY – CBP Works with International Entities to Promote Global Customs Security Standards and Initiatives, but Challenges Remain, GAO, August 2008 (CORE1009)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This report discusses how the US Customs and Border Protection (CBP) has (1) contributed to international supply chain security standards and (2) promoted mutual recognition in the customs security area and (3) how the agency expects to implement the 100% scanning requirement of the containerized US-bound maritime cargo. The report provides a detailed outlook on the US customs supply chain security scheme, and it highlights challenges and problems that the US government faces in promoting its supply chain security strategy internationally. The development and the implementation of the World Customs Organization’s (WCO) SAFE Framework of Standards, a suite of best practices on customs security, is a central theme throughout this GAO report. Because of its broad scope, the customs-related supply chain security, this document contains information that is likely to be useful for all CORE work packages, and especially for those that involve customs administrations. The report is available at http://www.gao.gov/assets/280/279730.pdf.

[s2If is_user_logged_in()]

Full review: This document provides a detailed outlook on customs-centric supply chain security from the US government’s perspective. This unique view on the customs security is going to be useful for the CORE’s early work packages that seek to describe the state-of-the-art of the global supply chain security. The information is also useful for the CORE demonstrations, in which customs administrations are involved. In particular, the demonstrations (WP9 and WP14) that are about US-bound trade and logistics benefit from the detailed description of the customs security initiatives that the US government has introduced since the 9/11 tragedy.

Cross-references:

  • Supply Chain Security: Challenges to Scanning 100 Percent of U.S.-Bound Cargo Containers. GAO-08-533T. Washington, D.C.: June 12, 2008.
  • Supply Chain Security: Examinations of High-Risk Cargo at Foreign Seaports Have Increased, but Improved Data Collection and Performance Measures Are Needed. GAO-08-187. Washington, D.C.: January 25, 2008.
  • Maritime Security: The SAFE Port Act: Status and Implementation One Year Later. GAO-08-126T. Washington, D.C.: October 30, 2007.
  • Maritime Security: One Year Later: A Progress Report on the SAFE Port Act. GAO-08-171T. Washington, D.C.: October 16, 2007.
  • Maritime Security: The SAFE Port Act and Efforts to Secure Our Nation’s Seaports. GAO-08-86T. Washington, D.C.: October 4, 2007.
  • Combating Nuclear Smuggling: Additional Actions Needed to Ensure Adequate Testing of Next Generation Radiation Detection Equipment. GAO-07-1247T. Washington, D.C.: September 18, 2007.
  • Maritime Security: Observations on Selected Aspects of the SAFE Port Act. GAO-07-754T. April 26, 2007.
  • Customs Revenue: Customs and Border Protection Needs to Improve Workforce Planning and Accountability. GAO-07-529. Washington, D.C.: April 12, 2007.
  • Cargo Container Inspections: Preliminary Observations on the Status of Efforts to Improve the Automated Targeting System. GAO-06-591T. Washington, D.C.: March 30, 2006.
  • Combating Nuclear Smuggling: Efforts to Deploy Radiation Detection Equipment in the United States and in Other Countries. GAO-05-840T. Washington, D.C.: June 21, 2005.
  • Container Security: A Flexible Staffing Model and Minimum Equipment Requirements Would Improve Overseas Targeting and Inspection Efforts. GAO-05-557. Washington, D.C.: April 26, 2005.

Additional keywords: Mutual recognition, regulatory harmonization, 100% scanning legislation, SAFE framework of standards, World Customs Organizations, Authorized Economic Operators (AEO) programs, Customs-Trade Partnership against Terrorism

CORE1009

[/s2If]

AVIATION SECURITY – Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, GAO, April 2007 (CORE1008)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This GAO reports reviews the current state and future challenges of the Transportation Security Administration’s (TSA) and the Customs and Border Protection’s (CBP) efforts for enhanced security of foreign origin US-bound air cargo. The report also discusses how the Department of Homeland Security (DHS) has reached out to the air cargo industry and foreign authorities in order to strengthen the international air cargo security. The GAO report recommends that the DHS would establish a risk-based air cargo security strategy, improve interagency communication nationally, to step up compliance monitoring for the air cargo industry’s stakeholders and to assess the foreign authorities’ intent and capabilities to meet US expectations on the air cargo security that is the foundation for mutual recognition and international harmonization of regulatory frameworks on the air cargo security. This GAO report is going to be useful for the CORE risk and education cluster as well as for all the demonstrations that involve shipping of air cargo by air. The report is available at http://www.gao.gov/assets/600/590789.pdf.

[s2If is_user_logged_in()]

Full review: This GAO report provides a comprehensive picture of the air cargo security in the US, in a country that is no doubt the leading force in supply chain security in general, and in air cargo security in particular. All CORE work that is related to air transport might benefit from the insights and information this GAO report offers. The DHL demonstration, that involves transport of parts for military aircraft from the US to Spain, is the most obvious work detail in CORE that can directly benefit from this GAO report. In addition, the CORE’s risk cluster can use the description of the US approach to risk-based air cargo security as a starting point when designing the CORE-specific risk-based strategies. Given that the report is very detailed and informative, the CORE’s education cluster can benefit from the report’s analysis and learn from its conclusions.

Cross-references:

  • GAO, Aviation Security: Federal Coordination for Responding to In-flight Security Threats Has Matured, but Procedures Can Be Strengthened, (Washington, D.C.: July 31, 2007).
  • GAO, Aviation Security: Transportation Security Administration May Face Resource and other Challenges in Developing a System to Screen All Cargo Transported on Passenger Aircraft
  • GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, GAO-07-660 (Washington, D.C.: April 2007).
  • GAO, Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, GAO-07-448T (Washington, D.C.: February 13, 2007).

Additional keywords: Air cargo security, mutual recognition, regulatory harmonization, screening, advance cargo information, and counterterrorism

CORE1008

[/s2If]

MARITIME SECURITY – DHS Could Benefit from Tracking Progress in Implementing the Small Vessel Security Strategy, GAO, October 2013 (CORE1016)

/0 Comments/in , , , , , , , , , , , , , , , , , , /by

Summary: This GAO report reviews current activities the Department of Homeland Security, its component agencies and its stakeholders are doing to protect the US-centric seaborne trade and logistics from threats arising from small vessels. The report argues that the small vessels pose two “great threats” to the US maritime system: (1) explosive-laden small vessels can be used to ram into maritime structures or (2) the small vessels can be used as vehicles for transporting tools, weapons and tools for terrorism into the US. The GAO report highlights that DHS has its Small Vessel Security Strategy (SVSS), but the organization is not monitoring the progress its component agencies are doing in meeting its objectives. This report focuses mainly on security initiatives that affect navigation of small vessels at the US territorial waters and ports and operations of the US coastal guards and customs. Although US-based maritime logistics operations benefit from the increased security the small vessel security initiatives likely bring, they can continue their business as usual. Therefore, the CORE’s early work packages can use this report’s information to define the context of the global supply chain security, the CORE demonstrations do not need much attention to the small vessel security initiatives or this GAO report. The report is available at: http://gao.gov/assets/660/658703.pdf

[s2If is_user_logged_in()]

Full review: This report provides interesting background information about the US government’s efforts to secure their domestic maritime logistics and transportation from the threat of small vessels that navigate largely anonymously and unregulated. The document might be useful for the CORE early work packages that describe the context of the global supply chain security. It is however unlikely that the demonstrators would need to pay much attention to the US small vessel security initiatives because the legal requirements of the initiatives do not affect the operations of large commercial vessels, which carry most of the world’s seaborne cargo. Of course the small vessel security initiatives also affect the way the component agencies of DHS operate, but because CORE does not involve these agencies directly, in CORE, there is no need to put much effort on understanding technicalities of the small vessel security initiatives. Finally, the CORE’s clusters on education and training as well as risk management might anyhow consider the information of this GAO report relevant.

Cross-references:

  • Critical Infrastructure Protection: An Implementation Strategy Could Advance DHS’s Coordination of Resilience Efforts across Ports and Other Infrastructure. GAO-13-11. Washington, D.C.: October 25, 2012.
  • Supply Chain Security: CBP Needs to Conduct Regular Assessments of Its Cargo Targeting System. GAO-13-9. Washington, D.C.: October 25, 2012.
  • Maritime Security: Progress Made but Further Actions Needed to Secure the Maritime Energy Supply. GAO-11-883T. Washington, D.C.: August 24, 2011.
  • Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers. GAO-10-12. Washington, D.C.: October 30, 2009.

CORE1016

Additional keywords: Maritime security, small vessel security, terrorism, smuggling

[/s2If]

TRANSPORTATION SECURITY – Action Needed to Strengthen TSA’s Security Threat Assessment Process, GAO, 2013 (CORE1015)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The GAO report is about measuring the performance of the Adjudication Centre that is a department within the Transportation Security Administration (TSA) responsible for administering background checks for people who need access to secure facilities unescorted. The centre issues the access credentials based on a through vetting of the applicant’s criminal history, immigration status, and connections to terrorist groups, among other checks. The report argues that the Adjunction Centre could improve the efficiency of the background checks – the individual security threat assessment – by improving its performance measurement system through better data and indicators. Although this GAO report focuses on a rather narrow topic, management of the background checking process, the report’s insights could benefit the CORE’s risk management cluster and those demonstrations that deal with access control matters. The report is available at: http://gao.gov/assets/660/656051.pdf

[s2If is_user_logged_in()]

Full review: This GAO document is closely related to the work the CORE’s risk cluster. The report describes problems the TSA’s Adjudication Centre faces when it manages the background checking process of the US-based transportation worker identification credentials (TWIC), hazardous materials endorsements (HME) and Aviation Worker (AV) authorization programs. Moreover, since access control is a central security solution in nearly all CORE demonstrators, the demonstrations might benefit from tips and guidance this report offers. At the final stages of the project, this GAO report might prove a useful document when the project consortium produces training materials on how to manage access control systems and how to administer background checks.

Cross-references:

  • Port Risk Management: Additional Federal Guidance Would Aid Ports in Disaster Planning and Recovery. GAO-07-412. Washington, D.C.: March 28, 2007.
  • Critical Infrastructure Protection: An Implementation Strategy Could Advance DHS’s Coordination of Resilience Efforts across Ports and Other Infrastructure. GAO-13-11. Washington, D.C.: October 25, 2012.

CORE1015

Additional keywords: Terrorism, background checks

[/s2If]