Chairwoman Roybal-Allard, Ranking Member Fleischmann, and Members of the Subcommittee:
Thank you for the opportunity to discuss the Department of Homeland Security (DHS), Office of Inspector General’s (OIG) critical oversight of the Department and our efforts to promote excellence, integrity, and accountability within DHS while continuing to build trust with our stakeholders and the public.
OIG conducts independent audits, inspections, and investigations to ensure integrity in DHS’s operations and programs. Our work and the information we provide to DHS and Congress is designed to continually improve DHS’s operations and programs and ensure robust stewardship of taxpayer dollars.
We leverage our small but highly capable staff to provide necessary oversight of the third-largest Cabinet agency—an agency with more than 250,000 Federal employees, thousands of contractors, and a complex, evolving mission. The successful performance of OIG’s oversight mission requires a broad range of expertise, flexibility, and the capacity to anticipate and plan for future needs.2 Our success is reflected in our work: in FY 2021, we issued 73 audit and inspection reports, and to date in FY 2022, we have issued 35 reports and have nearly 100 ongoing reviews.
Congress’s support has directly enhanced our ability to promote accountability and deter fraud against the Department and its programs. For FY 2023, we submitted a funding request of $222 million, which is $8.9 million over the FY 2023 President’s Budget level. This increase is necessary to maintain oversight capacity commensurate with the Department’s significant program growth in several high-risk areas.
My testimony will focus on our oversight in these high-risk areas — border security and immigration, COVID-19 disaster response efforts, and emerging cybersecurity threats — in addition to the organizational transformation effort we have undertaken to address new and emerging threats to the Department.
ORGANIZATIONAL TRANSFORMATION
In FY 2020, I directed my staff to undertake a review of our organizational structure to ensure programs and offices were properly aligned to allow for maximum efficiency and effectiveness in conducting OIG’s mission. Likewise, in FY 2021, the General Accounting Office (GAO) found numerous areas for strategic, policy, and organizational improvement at DHS OIG. I have embraced GAO’s recommendations, and I have been working closely with top GAO leadership to implement its twenty-one recommendations for our office.
As part of our organizational transformation, we followed GAO’s key principles and implementation steps identified in GAO-03-669, Results-Oriented Cultures: Implementation Steps to Assist Mergers and Organizational Transformations. In April 2021, I reorganized our structure, based on recommendations from senior leaders and based on conversations with staff at all levels. I created the Office of Innovation to chart our [spacing]strategic direction and improve our operational performance. Additionally, the Office of Innovation evaluates all internal and external risk management activities and determines how best to coordinate OIG’s risk-related resources.
I created the Office of Integrity (OI) to promote organizational integrity through independent reviews of OIG programs and operations. OI’s role is to provide agency senior leadership with an independent assessment of programmatic compliance with OIG policies and procedures.
In July 2021, we finalized a comprehensive Strategic Plan (the Plan) covering fiscal years 2022–2026. Based on the Plan, we completed our fiscal year 2022 Annual Performance Plan (FY22 APP) which includes specific strategies and performance indicators to drive change and measure success. We continue to modernize and integrate OIG's business systems and automate manual processes. To that end, we contracted with the MITRE Corporation, a federally funded research and development center. In coordination with MITRE, OIG established an Integrated Project Team, conducted numerous interviews and working group sessions with employees, as well as assessed the capabilities and inadequacies of our existing legacy systems. Through these efforts, we have effectively defined our current ("as-is") business processes and established a roadmap with options and alternatives for our future (''to-be") systems and processes.
Through diligent analysis, planning, and communication, OIG is now clearly structured, and roles are appropriately defined and aligned with OIG’s strategic objectives and priorities. The progress we have made is demonstrated in the quantity and quality of our work and the morale of our employees, which are respectively, at all-time highs. In the FY 2020 Federal Employee Viewpoint Survey (FEVS), OIG showed significant improvement in several different categories measuring employee morale. In the FY 2021 FEVS survey, OIG again showed substantial and sustained improvement in virtually every major category that measures employee morale. We will be pleased to share the detailed results with the Subcommittee, upon public release.
BORDER SECURITY AND IMMIGRATION
OIG provides necessary oversight of the Department’s operations to secure our borders, safeguard and facilitate trade and travel, enforce immigration laws, and properly administer immigration benefits.
In FY 2021, we conducted 24 audits and inspections related to border security and immigration and have numerous reviews ongoing. Earlier this year, we launched a system-wide audit, across all DHS detention facilities, to ascertain the rigor of the approval process for invasive surgical procedures, as well as the propriety of previously-approved invasive medical procedures, in light of medical community standards. We will share the results of these ongoing projects with the Subcommittee when they are finalized.
Investigations
We have allocated significant investigative resources to border oversight, including enhancing the profile of our Southwest border offices. We have prioritized identifying and stopping border corruption. For example, with this enhanced focus, we:
• Worked with the Federal Bureau of Investigation (FBI) to investigate a Border Patrol Agent (BPA) for smuggling a non-citizen through a Border Patrol checkpoint; the former BPA was found guilty and sentenced to 3 years probation and 40 hours of community service.
• Identified two civilians who smuggled numerous non-citizens through a Border Patrol checkpoint; one was sentenced to 60 months incarceration and 2 years supervised release, the other to 267 days incarceration and 1 year of supervised release.
• Worked with partners to investigate a U.S. Customs and Border Protection (CBP) Officer who allowed an undocumented noncitizen, whom he knew to be a felon, into the United States in exchange for a $6,000 cash bribe; the former officer was sentenced to 30 months in prison, 3 years of supervised release, and a $6,000 fine.
• Investigated, with assistance from the CBP Office of Professional Responsibility, a BPA who smuggled more than 5 kilograms of cocaine through a checkpoint on two separate occasions. The BPA pled guilty, and four other individuals have been convicted as part of the investigation for charges related to noncitizen smuggling and bribery.
Unannounced Inspections
During the pandemic, we successfully developed and implemented an innovative, virtual unannounced inspection protocol. We conducted five high-impact, virtual inspections of ICE detention facilities. In July 2021, we returned to our in-person sector inspections of both ICE detention facilities and CBP holding facilities and have conducted a total of eight inspections since returning in person. Whether virtual or in-person, these inspections provide insight into conditions at the facilities and evaluate CBP’s and U.S. Immigration and Customs Enforcement’s (ICE) ability to comply with applicable standards.
We generally scope our inspections to include the relevant standards for health, safety, access to medical and mental health care, grievances, classification and searches, use of segregation, use of force, and language access. At the onset of the pandemic, we added a review of COVID-19 protocols to ensure facilities were meeting ICE’s requirements for COVID-19 response.
Overall, between FY 2020 and FY 2022 to date, we conducted nine inspections of ICE detention facilities as part of our unannounced inspections program. Six of those included analysis by our medical contractors of medical care provided to detainees and the Department’s response to COVID-19. We made 12 recommendations for improvements to medical care.
Again, the continued bipartisan support from Congress enabled us to contract with medical experts beginning in FY 2021 to further enhance our oversight work. For each inspection, our contracted medical team typically consists of a nurse and a doctor, who review detainee medical files and facility medical staffing, training, and protocols to ensure medical care provided is consistent with detention standards.
Medical care at ICE facilities varies greatly and is affected by a number of factors, including staffing, training, and access to medical providers. We have identified numerous deficiencies in medical care at detention centers, such as inadequate medical care in segregation, lack of documentation related to medical visits, untimely response to medical grievances, critical medical understaffing, inadequate medical protocols, and delayed medical treatment and medication refills for detainees.
Most recently, we issued a management alert, recommending immediate removal of detainees from the Torrance County Detention Facility (Torrance) in Estancia, NM.4 Our unannounced inspection in February 2022 found Torrance critically understaffed, which has prevented the facility from meeting contractual requirements that ensure its 176 detainees reside in a safe, secure, and humane environment.
COVID-19 DISASTER RESPONSE OVERSIGHT
In total, the Department has been authorized to expend $99.4 billion under various pandemic-related authorities.5 OIG has been authorized to expend $3M in supplemental funding, less than 1 percent of the total, for oversight of those funds.
The DHS Inspector General (IG) is one of nine statutory IGs who are members of the Pandemic Response Accountability Committee (PRAC), created by Congress through the Coronavirus Aid, Relief, and Economic Security (CARES) Act. We closely coordinate with the PRAC, as appropriate, to share model practices and enhance our effectiveness.
The CARES Act provided DHS $45.9 billion for COVID-19 relief and provided OIG $3 million in supplemental funding, through a transfer from the Disaster Relief Fund (DRF), to conduct oversight of those funds. Given this funding and the range of associated mandates, DHS adopted a layered response to deliver critical supplies and services. The Federal Emergency Management Agency (FEMA), along with other Federal partners, is the DHS component responsible for managing the Federal Government’s COVID-19 pandemic response.
On December 27, 2020, the Consolidated Appropriations Act first required FEMA to provide funeral assistance through its Individual and Household Programs for deaths related to the COVID-19 pandemic. The Act provided $2 billion to reimburse funeral expenses incurred through December 31, 2020, at a 100 percent Federal cost share. On March 11, 2021, President Biden signed the American Rescue Plan Act (ARPA), which appropriated $50 billion to FEMA for costs associated with major disaster declarations, including for funeral assistance, and did not limit the date for expenses incurred. As of July 12, 2021, FEMA has provided more than $606 million to more than 91,000 people to assist with COVID-19-related funeral costs for deaths occurring on or after January 20, 2020. We did not receive an additional allocation to oversee those monies, but nonetheless, we initiated a significant body of work to oversee FEMA’s funeral assistance efforts.
Investigations
Since January 2020, OIG has received a substantial number of COVID-19 fraud complaints nationwide and continues to investigate fraud perpetrated by companies and individuals seeking to exploit DHS-affiliated government programs, including relief programs that FEMA administers. To date, we have received more than 7,000 complaints and initiated 267 investigations. Many of our investigations involve individuals who have also attempted to defraud other COVID-19 programs.
Since the passage of the CARES Act, OIG has been at the forefront to detect, deter, and investigate COVID-19 fraud perpetrated against DHS and its components through our participation in working groups, coordination with the FEMA, and reliance on the expertise of our professional staff.
Our special agents participate in various working groups and task forces at the local, state, and regional level. This includes partnering with the Small Business Administration (SBA) OIG, Department of Labor OIG, Veterans Affairs OIG, United States Postal Inspection Service, Homeland Security Investigations (HSI), United States Secret Service, FBI, and United States Attorney’s Offices.
We also participate in national working groups and task forces including the:
• Department of Justice (DOJ) Stimulus Funds Fraud Working Group;
• COVID-19 Fraud Enforcement Task Force;
• National Unemployment Insurance Fraud Task Force;
• DOJ Procurement Collusion Strike Force;
• DOJ Grant Fraud Working Group; and
• PRAC.
We interface with FEMA through a joint Fraud Working Group. The Fraud Working Group provides fraud training, including indicators and fraud scheme awareness, that is tailored to assist FEMA employees with preventing and reporting suspected fraud. With respect to FEMA’s funeral assistance program, DHS OIG special agents are actively and independently collaborating with FEMA to facilitate early detection of fraud.
OIG also developed an innovative approach to enhance the way we identify COVID-19 fraud schemes. Our team of special agents, forensic accountants, analysts, digital forensic examiners, and data scientists provides a multidisciplinary approach to analyzing large and complex data sets to identify fraud indicators and develop investigative leads. Using its expertise and a suite of cutting-edge data analytics tools, along with support from other Federal, state, and local partners, OIG has uncovered complex, multi-million-dollar fraud schemes involving FEMA personal protective equipment (PPE) contracts and facilitators of major unemployment insurance fraud schemes involving FEMA funds. Over the last 10 months, our team has executed 22 search warrants and seizures, recovered $1.7 million, and realized 51 judicial actions, and our team continues to open new investigations that will likely yield high-impact results. We also developed an analytical dashboard to identify fraudulent FEMA vendors who were under contract with DHS to provide PPE for the National Stockpile. We have shared our model practice with the Inspector General community and through the PRAC.
In addition, we established an internal COVID-19 fraud investigation team dedicated to identifying and investigating unemployment insurance fraud. This team is comprised of geographically dispersed agents who conduct high impact COVID-19 fraud investigations nationwide. In addition to investigating fraud associated with FEMA COVID-19 funding, these agents coordinate with task forces, working groups, and United States Attorney’s Offices nationwide.
Examples of our high-impact COVID-19 fraud investigations include:
Personal Protective Equipment Contract Fraud. On February 3, 2021, the Chief Executive Officer (CEO) of Federal Government Experts, LLC (FGE) pleaded guilty to making false statements, wire fraud, and theft of government funds. The investigation determined the CEO repeatedly, and falsely, claimed to contracting officials from FEMA and the Department of Veteran’s Affairs (VA) that he was in possession of large quantities of PPE, including N95 masks.
Based on the CEO’s statements, FEMA and the VA awarded FGE contracts to deliver more than 6 million N95 masks for a total cost of $38.5 million. FEMA intended to procure the N95 masks for the National Stockpile, and the VA intended to use the PPE to protect employees and patients at various VA facilities. Despite the CEO’s claims, FGE failed to supply any PPE to FEMA and the VA. Ultimately, it was determined that the company was never in possession of large quantities of PPE or N95 masks despite the CEO’s fraudulent claims.
In addition, it was determined the CEO applied for various loans on behalf of FGE under the Federal Payroll Protection Program (PPP) and the Economic Injury Disaster Loan (EIDL) Program. The loan applications submitted by the CEO falsely stated the number of FGE employees and the amount of FGE’s payroll. Specifically, the CEO claimed FGE had 37 employees when, in fact, the company had 9. The CEO also claimed he had a monthly payroll of $322,000 when, in fact, FGE’s monthly payroll was $13,907. FGE was awarded PPP and EIDL loans in the amount of $1.06 million. On June 16, 2021, the CEO was sentenced to 21 months in Federal prison, with 3 years of supervised release, and paid $348,714 in restitution.
Lost Wages Assistance Fraud. In November 2020, we determined that an individual and her co-conspirators fraudulently acquired $436,834 in FEMA Unemployment Insurance (UI) benefits, which included using the identities of state prisoners. On April 8, 2021, the United States Attorney’s Office for the Eastern District of Virginia issued a nine-count indictment charging four defendants with conspiracy to commit fraud in connection with major disaster benefits, fraud in connection with major disaster benefits, and mail fraud. All four defendants pleaded guilty: three received sentences ranging from 57 – 115 months of imprisonment. The fourth defendant’s sentencing is imminent.
In a similar scheme, an individual pleaded guilty on June 11, 2021, to mail fraud for her role in fraudulently obtaining FEMA unemployment benefits for 22 prison inmates. With the assistance of an inmate co-conspirator, the individual used the identities of prisoners to file fraudulent UI claims to collect at least $223,984 in unemployment benefits.
We continue to build and maintain relationships with our Federal, state, and local law enforcement counterparts and to use data analytics to identify significant fraud rings that impacted FEMA’s Lost Wages Assistance Program. Given our current limited funding, we are focusing on Federal, state, and local partners in areas most heavily impacted by unemployment insurance fraud. As we identify new fraud schemes, the number of cases will continue to grow.
Audits and Inspections
In the early days of the COVID-19 pandemic, we identified the need to collect data before launching audit work in this unprecedented area. Therefore, in March 2020, we began gathering DHS and U.S. Department of Health and Human Services (HHS) pandemic response data, in real time. We observed daily and semi-weekly interagency conference calls hosted by FEMA and HHS officials and monitored FEMA’s and HHS’s daily national COVID-19 situation reports. OIG used this information to inform ongoing and proposed projects related to the pandemic.
Since June 2020, our auditors have been monitoring FEMA’s use of CARES Act funds in addition to FEMA’s vaccine support role. Our auditors participate with Federal, state, and local oversight officials on various working groups, including the PRAC and the National Association of State Auditors, Comptrollers and Treasurers COVID-19 Accountability Work Group, to coordinate oversight work across local, state, and Federal agencies and to identify issues related to the administration of the CARES Act and the ARPA funding. Finally, we coordinate internally through our Disaster Relief Working Group, which focuses on our COVID-19 audits and inspections. This group collectively identifies common oversight issues and facilitates coordination and deconfliction.
Since March 2020, we have issued 13 reports related to oversight of the Department’s response to the COVID-19 pandemic and have 13 ongoing projects. We recently issued a management alert that found state workforce agencies (SWA) in the Lost Wages Assistance (LWA) program were not reporting identified or suspected LWA fraud to our office. We made two recommendations to FEMA to notify and reinforce to SWAs that they must report suspected, alleged, and identified fraud to the OIG. FEMA concurred with both recommendations and provided the necessary documentation to close them.
CYBERSECURITY
According to the Department, cybersecurity has become the most dynamic threat to the Homeland.9 OIG is uniquely positioned to conduct targeted oversight, ensure DHS systems are secure, and help detect and deter attacks like SolarWinds. I have prioritized and enhanced our cyber oversight. Between October 2020 and November 2021, we issued 9 reports and 37 recommendations to improve and strengthen DHS’s cybersecurity posture. We have also expanded our portfolio of audits to address the Department’s cyber security risks in accordance with the 2021 Presidential Executive Order and subsequent Office of Management and Budget (OMB) guidance. We have 12 ongoing cybersecurity audits underway.
To enhance our cybersecurity workforce, I relocated the Office of the Chief Data Officer’s (OCDO) data analytics and cybersecurity assessment groups within the newly created OI to better service the entire DHS OIG enterprise and enhance the use of data in our oversight work. We expanded the OCDO by creating new positions, such as a Director of Cybersecurity Risk Assessment Division, a System Administrator, and a Data Operations Manager. Further, funds have been dedicated to hiring contractor support to increase audit scope and capabilities.
We also developed a new in-house cyber audit training program for staff to take “Intro to Cyber Security” and “Intro to Cloud Computing” within FY 2022. These courses will provide our technology audit staff with the core concepts and theories necessary to conduct our growing portfolio of cybersecurity audit work.
We embedded four 2210 information technology (IT) Specialists across the IT Audit organization. Each IT Specialist is responsible for assisting audit teams plan and conducting cyber-focused audits of DHS IT programs, functions, systems, and operations.
The DHS OIG conducts cross-collaboration with other Federal Agency OIGs to plan and conduct joint evaluations and audits of the Department’s cyber practices, and cyber intrusion prevention efforts. We are currently working with the National Security Agency OIG on one such cybersecurity joint review. We collaborate on emerging vulnerability assessment technologies and testing methodologies with other Federal OIG’s and conduct internal coordination and outreach with Department officials to obtain different perspectives on operational risks and challenges.
Additionally, we created an internal Cyber-Attack Working group to meet weekly and discuss newly disclosed vulnerabilities, emerging cyber threats, laws and regulations, news reports of interest, and discuss the Department’s efforts to improve its cyber strategy and posture. This group meeting also includes all relevant stakeholders to strengthen the collaborative relationship and share threat information.
On the technology front, we have invested additional monies in our Cybersecurity Risk Assessment Division, to include a mobile application assessment tool, and have funded additional contract support in FY 2021 to accomplish testing and analysis related to the Department’s technology access controls. We also plan to enhance our analytics capabilities through our current Microsoft Azure contract and expand contractor support for FY 2022 for Federal Information Security Modernization Act (FISMA) system testing.
FY 2023 DHS OIG BUDGET REQUEST
We submitted a funding request of $222 million, an increase of $16.6 million over the FY 2022 President’s Budget request of $205.4 million. Included in our request were $8.9 million in program changes and $7.7 million in cost of living adjustments.
The FY 2023 President’s Budget funding of $214.9 million includes the cost of living adjustments and maintains our current services but does not support our requested program growth. Our requested increase of $8.9 million over the FY 2023 President’s Budget level is necessary to maintain oversight capacity commensurate with the Department’s significant program growth.
Specific areas of critical program growth include:
• $2.5 million for Information Technology Audits to support additional oversight of DHS cybersecurity initiatives, SolarWinds response, and continuity of operations during COVID-19.
• $1 million for Pandemic-Related Investigations to enhance COVID-19 investigative work, including fraud investigations in FEMA’s Lost Wages Assistance and Funeral Assistance programs.
• $1.3 million for Border and Immigration Investigations to support the growing investigative needs related to border corruption and immigration oversight, including allegations of corruption and civil rights violations along the Southwest border.
• $2.9 million for the Office of Innovation to support IT modernization of our core audit, investigative, and inspections IT systems.
• $1.2 million for Facilities Relocations/Reconfigurations to fund the relocation and/or reconfiguration of three field offices with leases expiring in FY 2023 as per the OIG’s Five-Year Strategic Facilities Plan.
Thank you for this Subcommittee’s continued support of the important work of the DHS OIG and our oversight of the Department. This concludes my testimony, and I look forward to answering any questions you may have.