Information Technology Management Letter for the Federal Emergency Management Agency Component of the FY 2014 Department of Homeland Security Financial Statement Audit

We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls, information technology entity level controls, and business process application controls at the Federal Emergency Management Agency (FEMA). KPMG LLP determined that FEMA had taken corrective action to design and consistently implement certain account management and configuration management controls. However, KPMG LLP continued to identify general information technology control deficiencies related to security management, logical access, configuration management, segregation of duties, and contingency planning for FEMA’s core financial and feeder systems. Such control deficiencies limited FEMA’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data.