Stakeholder actions are needed to better manage physical security risks to the National Mall in Washington, D.C., the U.S. Government Accountability Office (GAO) found in a recent investigation.
The National Mall is a destination for more than 24 million people ever year and home to some of America’s most iconic symbols, including the Washington Monument and the Lincoln Memorial, and major museums.
“Threats to these assets—whether acts of terrorism, violence, or vandalism or theft of artifacts or art—could result not only in the loss of life but also the loss of iconic monuments or irreplaceable items from the Smithsonian’s or National Gallery’s collections,” GAO explained.
In a public version of a classified report released this week, GAO found that federal entities on the Mall are assessing the physical security risks to their respective assets—demonstrating that they are taking a risk management approach to security.
The U.S. Department of Interior, the Smithsonian Institution, and the National Gallery of Art collect information on aspects of their physical security programs’ performance and use that information to create goals, measures, and tests to assess the performance of their systems.
GAO, however, found that each stakeholder would benefit from taking additional steps to manage their physical security risks.
For instance, the National Gallery is assessing security risks to its galleries by voluntarily following the Risk Management Process for Federal Facilities: An Interagency Security Committee Standard (RMP), but does not have complete documentation of its risk management decisions—a requirement of the RMP.
“Without documentation, decision makers may not effectively understand the rationale behind decisions—or, in the case of risk management—make important security-related decisions and direct resources to address unmitigated risks,” the report said.
During GAO’s audit of the National Gallery, officials told GAO investigators that a lack of complete documentation limited their institutional knowledge of the National Gallery’s risk management decisions related to physical security.
“Because of a lack of documentation, [GAO] received inconsistent or incomplete information throughout that review,” according to the report. “While National Gallery officials agreed to address the concerns we raised to them, we believe there is an opportunity for the National Gallery to address gaps in its institutional knowledge and help ensure more informed decision-making—specifically, by developing a process to document its risk management decisions.”
GAO also found that U.S. Park Police, the Smithsonian, and the National Gallery can all take a “more strategic approach to performance measurement,” the report explained.
For example, GAO recommended each stakeholder develop goals where needed and link performance measures to those goals to assess the effectiveness of their security programs.
“Linking performance measures and goals could help these entities monitor and evaluate their efforts, which is an essential part of risk management,” GAO said. “The information the entities can gain from performance measures that are aligned with goals could also provide these entities with a clearer view of the effectiveness of their physical security programs and better position them to prioritize security needs.”
The Department of Interior, the Smithsonian, and the National Gallery agreed with GAO’s recommendations and said they will begin to take steps to address them.