Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Sort ascending Fiscal Year
OIG-19-48 DHS Needs to Improve Its Oversight of Misconduct and Discipline 2019
OIG-19-44 Audit of DHS' Issuance and Management of Other Transaction Agreements Involving Consortium Activities 2019
OIG-19-43 The Department of Homeland Security did not comply with the Improper Payments Elimination and Recovery Act of 2010 (IPERA) because the Department did not meet two of the six requirements. Specifically, the Department omitted the percent of recaptured amounts from the Other Information section in its Agency Financial Report and did not meet its annual reduction target established for one of eight programs deemed susceptible to significant improper payments.The Department also did not comply with Executive Order 13520, Reducing Improper Payments, because DHS did not make available to the public its Quarterly High-Dollar Overpayment report for the second quarter of fiscal year 2018.

>Department of Homeland Security's FY 2018 Compliance with the Improper Payments Elimination and Recovery Act of 2010 and Executive Order 13520, Reducing Improper Payments
2019
OIG-19-42 DHS expanded the Insider Threat Program from monitoring user activity on its classified networks to monitoring cleared and non-cleared employees’ activity on unclassified networks. We initiated a project to determine Insider Threat Program progress in monitoring, detecting, and responding to malicious insider threats on unclassified DHS systems and networks. Before continuing its planned expansion of the Insider Threat Program, DHS needs to address several deficiencies that may hinder program effectiveness and efficiency. Although the expanded program was approved in January 2017, the Office of the Chief Security Officer has yet to revise, obtain approval for, and reissue required documentation.

>DHS Needs to Address Oversight and Program Deficiencies before Expanding the Insider Threat Program
2019
OIG-19-39 This report presents the results of KPMG LLP’s (KPMG) work conducted to address the performance audit objectives relative to the Audit of Department of Homeland Security’s Fiscal Year 2017 Conference Spending. KPMG performed the work during the period of September 18, 2017 to August 30, 2018, and our scope period for testing was October 1, 2016 through September 30, 2017. KPMG LLP (KPMG) found that DHS management has policies and procedures over conference spending and reporting, improvements are needed. KMPG made seven recommendations to improve conference spending reporting.

>Audit of Department of Homeland Security's Fiscal Year 2017 Conference Spending
2019
OIG-19-41 Special Report: Review Regarding DHS OIG's Retraction of Thirteen Reports Evaluating FEMA's Initial Response to Disasters 2019
OIG-19-34-UNSUM We determined that DHS' information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective this year as the Department achieved “Level 4 – Managed and Measurable” in three of five cybersecurity functions, based on current reporting instructions for intelligence systems. However, we identified deficiencies in DHS’ overall patch management process and the Cybersecurity and Infrastructure Security Agency’s weakness remediation and security awareness training activities.

 

We made one recommendation to the Office of Intelligence and Analysis and two recommendations to the Cybersecurity and Infrastructure Security Agency to address the deficiencies identified. DHS concurred with all three recommendations.

>(U) Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems for Fiscal Year 2018
2019
OIG-19-23 Within U.S. Customs and Border Protection (CBP), Border Patrol agents are responsible for patrolling our international land borders and coastal waters surrounding Florida and Puerto Rico. We conducted this audit to determine to what extent Border Patrol agents meet workload requirements related to investigative and law enforcement activities. Border Patrol needs to manage its workforce more efficiently, effectively, and economically. CBP and Border Patrol must expedite the development and implementation of a workforce staffing model for Border Patrol as required by Congress. Without a complete workforce staffing model, Border Patrol senior managers are unable to definitively determine the operational needs for, or best placement of, the 5,000 additional agents DHS was directed to hire per the January 2017 Executive Order.

>Border Patrol Needs a Staffing Model to Better Plan for Hiring More Agents
2019
OIG-19-04 The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2018.

KPMG issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2018. The report identifies the following six significant deficiencies in internal control, the first two of which are considered material weaknesses, and four instances where DHS did not comply with laws and regulations.

>Independent Auditors' Report on DHS' FY 2018 Financial Statements and Internal Control over Financial Reporting
2019
OIG-19-01 Annual report, Major Management and Performance Challenges Facing the Department of Homeland Security. Pursuant to the Reports Consolidation Act of 2000, the Office of Inspector General is required to issue a statement that summarizes what the Inspector General considers to be the most serious management and performance challenges facing the agency and briefly assess the agency’s progress in addressing those challenges. We acknowledge past and ongoing efforts by Department’s senior leadership to address the challenges identified in this report. At the same time, our aim in this report is two-fold to identify areas that need continuing focus and improvement and to point out instances in which senior leadership’s goals and objectives are not executed throughout the Department. We highlight persistent management and performance challenges that hamper the Department’s efforts to accomplish the homeland security mission efficiently and effectively.

>Major Management and Performance Challenges Facing the Department of Homeland Security
2019
OIG-18-88 DHS did not complete an assessment of the security value of the Transportation Worker Identification Credential (TWIC) program as required by law.  This occurred because DHS experienced challenges identifying an office responsible for the effort.  As a result, Coast Guard does not have a full understanding of the extent to which the TWIC program addresses security risks in the maritime environment.  This will continue to impact the Coast Guard’s ability to properly develop and enforce regulations governing the TWIC program. For example, Coast Guard did not clearly define the applicability of facilities that have certain dangerous cargo in bulk when developing a final rule to implement the use of TWIC readers at high-risk maritime facilities.  Without oversight and policy improvements in the TWIC program, high-risk facilities may continue to operate without enhanced security measures, putting these facilities at an increased security risk. In addition, Coast Guard needs to improve its oversight of the TWIC program to reduce the risk of transportation security incidents.  Due to technical problems and lack of awareness of procedures, Coast Guard did not make full use of the TWIC card’s biometric features as intended by Congress to ensure only eligible individuals have unescorted access to secure areas of regulated facilities.  During inspections at regulated facilities from FYs 2016 through 2017, Coast Guard only used electronic readers to verify, on average, about one in every 15 TWIC cards against TSA’s canceled card list.  This occurred because the majority of the TWIC readers in the field have reached the end of their service life.  Furthermore, the Coast Guard’s guidance governing oversight of the TWIC program is fragmented, which led to confusion and inconsistent inspection procedures.  This resulted in fewer regulatory confiscations of TWIC cards.  The Department concurred with our four recommendations, and described the corrective actions it is taking and plans to take.

>Review of Coast Guard's Oversight of the TWIC Program
2018
OIG-18-82 Department of Homeland Security shall submit a report not later than October 15, 2017, to the DHS Office of Inspector General listing all grants and contracts awarded by other than full and open competition (OTFOC) during fiscal years 2016 and 2017. We contracted with Williams, Adley & Company-DC, LLC to review the OTFOC report and assess DHS compliance with applicable laws, regulations, and departmental procedures.  Williams Adley concluded that DHS complied with applicable statutes, regulations, and policies governing grants and contracts awarded by OTFOC in FY 2017. During that year, DHS awarded 62 noncompetitive grants worth about $140 million and 121 noncompetitive contracts worth about $118 million through OTFOC. The independent auditors determined that DHS’ Report on OTFOC for FY 2017 as well as the information related to these grants and contracts in the Federal Procurement Data System – Next Generation and USASpending.gov were accurate. The auditors also found that DHS followed written policies and procedures and the requirements of the Federal Funding Accountability and Transparency Act of 2006 when awarding grants and contracts

noncompetitively.

>DHS Grants and Contracts Awarded through Other Than Full and Open Competition FY 2017
2018
OIG-18-81 DHS support components do not have sufficient processes and procedures to address misconduct. Support Components provide resources, analysis, equipment, research, policy development, and other specific assistance to operational components. These deficiencies exist because no single office or entity

is responsible for managing and overseeing misconduct issues across support components. According to Government Accountability Office (GAO) guidance, it is important for agencies to establish organizational structure, assign responsibility, and delegate authority, so they can achieve their objectives. Support components need to improve their processes and procedures for addressing misconduct. Specifically, support components do not maintain comprehensive data about misconduct  allegations; refer misconduct allegations consistently to OIG; provide guidance for supervisors and investigators on handling misconduct; and manage misconduct allegations effectively.

>DHS Support Components Do Not Have Sufficient Processes and Procedures to Address Misconduct
2018
OIG-18-73 Not all forms DHS and its components use to create NDAs include the required WPEA statement. Further, although many of the settlement agreement templates and settlement agreements in the sample we reviewed included provisions that might restrict or prevent disclosure of information, nearly three-fourths of these documents did not contain the WPEA statement. Omitting the statement in NDAs and personnel settlement agreements could lead to confusion about what information may be disclosed to permissible recipients, which could deter reporting of fraud, waste, or abuse and impede DHS Office of Inspector General (OIG) activities.

>DHS' Non-disclosure Forms and Settlement Agreements Do Not Always Include the Required Statement from the Whistleblower Protection Enhancement Act of 2012
2018
OIG-18-72 DHS did not comply with IPERA because it did not meet one of the six IPERA requirements. Specifically, DHS did not meet its annual reduction targets for 2 of 14 programs. Additionally, we determined that DHS did not provide adequate oversight of the component’s improper testing and reporting.

>Department of Homeland Security's FY 2017 Compliance with the Improper Payments Elimination and Recovery Act of 2010
2018
OIG-18-69 Since FY 2014, DHS improved conference spending reporting and implemented policies and procedures to ensure proper oversight and accurate and timely reporting. However, we found instances where DHS did not comply with annual conference reporting requirements. The Department failed to report two conferences costing more than $100,000 each. The Department also did not always report all hosted conferences costing more than $20,000 to OIG within 15 days of the conclusion of each conference. In addition, the Department did not always properly record actual costs accurately and within 45 days of the conclusion of each conference. Although DHS did not always comply with reporting requirements, in most cases, its FY 2016 conference expenses appeared appropriate, reasonable, and necessary.

>Audit of Department of Homeland Security's Fiscal Year 2016 Conference Spending
2018
OIG-18-59 Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. Since our FY 2016 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices. In addition, the United States Coast Guard is in the process of migrating its intelligence users to a system that is jointly managed by the Defense Intelligence Agency and the National Geospatial Agency.

>Fiscal Year 2017 Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems
2018
OIG-18-57 The Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) requires the Office of Inspector General to conduct an annual risk assessment and periodic audits on agency charge card programs. We conducted this audit to determine whether the Department of Homeland Security implemented internal controls to prevent illegal, improper, and erroneous purchases and payments. During fiscal year 2016, DHS reported spending approximately $1.2 billion in purchase, travel, and fleet card transactions. Although the Department has established internal controls for its charge card programs, the components we reviewed did not always follow DHS’ procedures. Our testing results of purchase, travel, and fleet card transactions revealed internal control weaknesses. Specifically, we found major internal control weaknesses that persisted at the United States Coast Guard and some control weaknesses within CBP’s Fleet Card Program.

>Fiscal Year 2016 Audit of the DHS Bankcard Program Indicates Moderate Risk Remains
2018
OIG-18-56 We reviewed DHS’ information security program in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). Our objective was to determine whether DHS’ information security program and practices were adequate and effective in protecting the information and information systems that supported DHS’ operations and assets in fiscal year 2017.

>Evaluation of DHS' Information Security Program for Fiscal Year 2017
2018
OIG-18-55 Department of Homeland Security (DHS) Under Secretary for Intelligence and Analysis (USIA) David J. Glawe used a personal email account to send an invitation to his ceremonial swearing-in event to staff members of the United States Senate Committee on Homeland Security and Governmental Affairs. Because the invitation came from a non-DHS email account and resembled a phishing email, Senator Claire McCaskill asked the DHS Office of Inspector General to review the circumstances surrounding the invitation

>Special Review: Swearing-In Ceremony of David J. Glawe, DHS Under Secretary for Intelligence and Analysis
2018
OIG-18-52 In light of the heightened public and congressional interest in the misuse of government-owned, government-leased, and chartered aircraft, the Department of Homeland Security (DHS) Office of Inspector General (OIG) conducted a special review of the use of government aircraft by the heads of the Department and several of DHS’s operational components. DHS OIG’s review also included a review of other-than-coach-class travel by this same group of senior officials. We determined that each instance of the use of government aircraft by DHS’s senior leaders during the time period of our review generally complied with relevant laws, rules, regulations, policies, and guidance.

With respect to DHS senior leaders’ other-than-coach-class (OTCC) commercial air travel over the same time period, we determined that such travel generally qualified as allowable premium travel. We could not definitively determine, however, whether one trip taken by a former Deputy Secretary met all of the Department’s criteria for allowable OTCC travel. We also identified two specific instances of non-compliance with the Department’s internal request and approval processes for such travel; however, the related travel was properly justified, and the process deviations were quickly identified and corrected by the Department.

>Special Review: DHS Executive Travel Review
2018
OIG-18-41 DHS Needs to Strengthen Its Suspension and Debarment Program 2018
OIG-18-34 The DATA Act required the OIG to review a statistically valid sample of DHS’ fiscal year 2017, 2nd quarter spending data posted on USASpending.gov and to submit to Congress a report assessing the data’s completeness, timeliness, quality, and accuracy; and DHS’ implementation and use of Government-wide financial data standards. The Digital Accountability and Transparency Act of 2014 (DATA Act) required DHS to submit, by May 2017, complete, accurate, and timely spending data to the Department of the Treasury (Treasury) for publication on USASpending.gov beginning with the 2nd quarter of FY 2017. DHS successfully certified and submitted its FY 2017/Q2 spending data for posting on USASpending.gov in April 2017. Although DHS met the DATA Act’s mandated submission deadline, we identified issues concerning the completeness and accuracy of its first data submission that hinders the quality and usefulness of the information.

 

>DHS' Implementation of the DATA Act
2018
OIG-18-24 DHS reported using its Other Transaction Authority to work with non-traditional contractors, DHS did not always follow statutory requirements when entering, modifying, and overseeing its agreements. Inadequate internal policies contributed to DHS falling short of meeting all statutory requirements for using OTAs. In addition, DHS acquisition policy staff reported that competing priorities prevented timely reporting to Congress. As a result, DHS may have taken on more risks and costs than necessary and impeded Congress’ ability to oversee DHS’ use of OTAs.

>Department of Homeland Security's Use of Other Transaction Authority
2018
OIG-18-16 Independent Auditors' Report on DHS' FY 2017 Financial Statements and Internal Control over Financial Reporting 20187
OIG-18-11 Department leadership must commit itself to ensuring DHS operates more as a single entity. rather than a collection of components. The lack of progress in reinforcing a unity of effort translates to a missed opportunity for greater effectiveness. Second, Department leadership must establish and enforce a strong internal control environment typical of a more mature organization. The current environment of relatively weak internal controls affects all aspects of the Department’s mission, from border protection to immigration enforcement and from protection against terrorist attacks and natural disasters to cybersecurity. We have seen little evidence of proactive effort by leadership to view the organization holistically, to forcefully communicate the need for cooperation among components, and to establish programs or policies that ensure unity, even though such effort is a necessary precondition to unified action.

 

>Major Management and Performance Challenges Facing the Department of Homeland Security
2018
OIG-18-10 The Department faces challenges to effectively sharing cyber threat information across Federal and private sector entities. Without acquiring a cross-domain information processing solution and automated tools, DHS cannot analyze and share threat information timely. Further, without enhanced outreach, DHS cannot increase participation and improve coordination of information sharing across Federal and private organizations.

 

>Biennial Report on DHS’ Implementation of the Cybersecurity Act of 2015
2018
OIG-18-07 ICE, CBP, and USCIS continue to experience challenges with emerging immigration enforcement and administration activities. Although DHS has established unity of effort initiatives to break silos and centralize decision making related to immigration, problems remain. We identified challenges related to mission allocation and expenditure comparisons, the affirmative asylum application process, and the Department’s struggle to understand immigration outcomes and decisions. DHS will continue to allow vulnerabilities that may affect national security and public safety to persist.

 

>DHS Needs a More Unified Approach to Immigration Enforcement and Administration
2018
OIG-18-05 DHS personnel do not always safeguard sensitive assets that, if lost, would result in critical mission impact or loss of life. Between fiscal years 2014 and 2016, the Department of Homeland Security personnel lost a total of 2,142 highly sensitive assets — 228 firearms; 1,889 badges; and 25 secure immigration stamps. Although this represents a slight improvement from our last audit, more than half of the lost items we reviewed (65 of 115) revealed that component personnel did not follow policy or used poor judgment when safeguarding these assets. In these cases, components did not always hold personnel accountable nor did they receive remedial training for failing to safeguard these sensitive assets.

>DHS' Controls Over Firearms and Other Sensitive Assets
2018
OIG-17-116-VR We determined that due to changes DHS made to the process, political appointees do not influence Freedom of Information Act (FOIA) processors to delay or withhold the release of FOIA information.  Unlike the former process, the new process does not provide opportunities for political appointees in headquarters to inappropriately interfere with releases of significant FOIA information, and we did not identify any instances in which headquarters officials used the process to engage in those activities.  However, because DHS has not issued final guidance for the process, it is vulnerable to misuse in the future.  We recommended that the Chief FOIA Officer/Chief Privacy Officer issue final guidance on the 1-Day Awareness Notification Process.  The guidance should state 1) the purpose of the process is to inform senior officials of the imminent release of information that may raise public interest and 2) FOIA staff determine whether information should be released or withheld under FOIA’s exceptions and exemptions.

 

>DHS Review of Responses to Significant Freedom of Information Act Requests (Verification Review of OIG-11-67)
2017
OIG-17-109 We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. This report was issued to the Office of the Inspector General of the Intelligence Community (IC IG).

>Review of DHS' Information Security Program for Intelligence Systems for Fiscal Year 2017 (U)
2017
OIG-17-101 We determined that DHS had only approved implementation plans for 4 of 23 strategic objectives of the Enterprise Data Strategy, and planned to finalize the remaining plans in late FY 2017.  While we found that DHS had taken some effective actions to coordinate component investments in data sharing and management, component officials identified other ways that DHS could improve by coordinating Enterprise-wide tools and data integration efforts.  We recommended that DHS take actions to finalize implementation plans for the remaining 19 strategic objectives by the end of FY 2017, and work with components to identify and provide the training for Enterprise-wide data analysis and management tools.  We made two recommendations and Intelligence and Analysis and the Office of the Chief Information Officer concurred with both of our recommendations. 

>Improvements Needed to Promote DHS Progress toward Accomplishing Enterprise-wide Data Goals
2017
OIG-17-98-SR This is a DHS OIG special report regarding DHS’ efforts to hire an additional 15,000 law enforcement officers.  This is the first in a series of reports.  This report describes lessons learned from prior DHS OIG, Government Accountability Office, and DHS departmental reports on challenges relating to hiring and other important areas of human capital management.  We made no recommendations in this report.

>Special Report: Challenges Facing DHS in Its Attempt to Hire 15,000 Border Patrol Agents and Immigration Officers
2017
OIG-17-68 KPMG LLP, under contract with DHS OIG, audited Federal Law Enforcement Training Centers’ financial statements and internal control over financial reporting.  The resulting management letter discusses three observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies across multiple processes including financial system reconciliation; review and approval of intra-governmental payment and collection expenses; and improper allocation of gross costs on the Statement of Net Cost and footnote.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report, dated November 13, 2016, included in the DHS FY 2016 Agency Financial Report.

>Federal Law Enforcement Training Centers' Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit
2017
OIG-17-59 We determined that DHS did not fully comply with the Improper Payments Elimination and Recovery Act of 2010 (IPERA) because it did not publish accurate accompanying materials to the Agency Financial Report (AFR) as required by Office of Management and Budget (OMB) guidance.  The Department also did not meet its annual reduction targets established for each high-risk program.  DHS did comply with Executive Order 13520 by properly compiling and making available to the public DHS’ FY 2016 Quarterly High-Dollar Overpayment reports. Additionally, we determined DHS did not properly perform oversight of the components’ improper payment testing and reporting.  We made five recommendations that would help DHS’ Risk Management and Assurance Division (RM&A) strengthen its oversight and review procedures for IPERA risk assessments.  We also recommended that RM&A follows OMB requirements to comply with IPERA.

>Department of Homeland Security's FY 2016 Compliance with the Improper Payments Elimination and Recovery Act of 2010 and Executive Order 13520, Reducing Improper Payments
2017
OIG-17-54 We determined that most of the deficiencies identified by the independent public accounting firm KPMG resulted from a lack of properly documented, fully designed, adequately detailed, and consistently implemented financial system controls to comply with requirements of DHS Sensitive Systems Policy Directive 4300 A, Information Technology Security Program, and National Institute of Standards and Technology guidance.  The deficiencies collectively limited DHS’ ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommended that the Acting Chief Information Officer and Chief Financial Officer, in coordination with DHS components, make improvements to DHS’ financial management systems and associated information technology security program.

>Information Technology Management Letter for the FY 2016 Department of Homeland Security Financial Statement Audit
2017
OIG-17-52 The resulting management letter discusses 103 observations related to internal control for management’s consideration.  These issues, which are not critical and are below the level of a significant deficiency, include:  a lack of internal controls related to undelivered orders, inaccurate financial data, and inadequate and/or untimely reviews of transactions.  Internal control weaknesses considered significant deficiencies were presented in our Independent Auditors’ Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>Management Letter for the Department of Homeland Security's Fiscal Year 2016 Financial Statements Audit
2017
OIG-17-24 Despite the progress made, Components were not consistently following DHS’ policies and procedures to maintain current or complete information on remediating security weaknesses timely. Components operated 79 unclassified systems with expired authorities to operate.  Further, Components had not consolidated all internet traffic behind the Department’s trusted internet connections and continued to use unsupported operating systems that may expose DHS data to unnecessary risks.  Our review identified deficiencies related to configuration management and continuous monitoring. We made four recommendations to the Chief Information Security Officer.  The Department concurred with all four recommendations.

>Evaluation of DHS' Information Security Program for Fiscal Year 2016
2017
OIG-17-22 We determined that DHS has not done enough to minimize the risk of improper use of force by law enforcement officers.  Specifically, the Department does not:  (1) have an office responsible for managing and overseeing component use of force activities; (2) ensure the collection and validation of component data needed to assess use of force activities, minimize risks, and take corrective actions; (3) ensure use of force policies have been updated to reflect current operations and lessons learned; or (4) establish consistent requirements for less-lethal recurrent training and ensure training was completed as required.  Additionally, each component varies on their use of force activities.  Without improvements in the management and oversight of use of force activities, the Department may increase its risk of improper use of force by law enforcement officers.  DHS concurred with our two recommendations, which, if implemented, will help the Department actively oversee and assist with component use of force activities, update policies, and improve training.

>DHS Lacks Oversight of Component Use of Force (Redacted)
2017
OIG-17-15 We determined that in most instances, Texas distributed and spent the awards in compliance with applicable laws and regulations; however, the State lacked adequate controls over more than $1 million in grant funds we reviewed.  This occurred because the Federal Emergency Management Agency and the State did not ensure adequate management and oversight of Homeland Security Grant Program funds.  We made three recommendations, which when implemented, should enhance Texas’ effectiveness in the overall use of the grant funds to improve preparedness and response capabilities.  Better management and oversight should also reduce the risk associated with the State’s management of grant funds.  FEMA concurred with all three recommendations.

>Texas Management of Homeland Security Grant Program Awards for Fiscal Years 2012-14
2017
OIG-17-12 KPMG LLP (KPMG), under contract with DHS OIG, conducted an integrated audit of DHS’ FY 2016consolidated financial statements and internal control over financial reporting. KPMG expressed an unmodified (clean) opinion on the Department’s FY 2016 financial statements. However, KPMG identified six significant deficiencies in internal control; three of which are considered material weaknesses. Consequently, KPMG issued an adverse opinion on DHS’ internal control over financial reporting. KPMG also reported instances in which DHS did not comply with four laws and regulations. The Department concurred with all of the recommendations in the report.

>Independent Auditors' Report on DHS' FY 2016 Financial Statements and Internal Control over Financial Reporting
2017
OIG-17-09 We determined that the Department’s oversight of its drug interdiction efforts did not align with the Office of National Drug Control Policy’s (ONDCP) National Drug Control Strategy.  .  This occurred because DHS lacks formal oversight roles and responsibilities to ensure its drug interdiction performance activities met both ONDCP and legislative requirements.  As a result, DHS could not ensure its drug interdiction efforts met required national drug control outcomes nor accurately assess the impact of the approximately $4.2 billion it spends annually on drug control activities.  We made two recommendations that, if implemented, will improve DHS’ drug interdiction efforts.  DHS concurred with both recommendations.

>DHS Drug Interdiction Efforts Need Improvement
2017
OIG-17-08 This report summarizes what we consider the most serious management and performance challenges to both the Department as a whole, as well as individual components challenges.  We remain concerned about the systemic nature of these challenges, some of which span multiple Administrations and changes in Department leadership.  We also assess the Department’s progress in addressing those challenges.  This year, we are reporting the Department’s major challenges in the following areas: Unity of Effort, Employee Morale and Engagement, Acquisition Management, Grants Management, Cybersecurity, Management Fundamentals.  We did not make any new recommendations in this report.

>Major Management and Performance Challenges Facing the Department of Homeland Security
2017
OIG-17-05 We determined that CBP, ICE and USSS have been able to maintain staffing levels close to the authorized number of law enforcement personnel, but they continue to have significant delays in hiring. The additional steps in the hiring process add to the time it takes to hire law enforcement officers, but the components also do not have the staff or comprehensive automated systems needed to hire personnel as efficiently as possible.  Although they have taken steps to reduce the time it takes to hire law enforcement personnel, it is too early to measure the long-term effects of the Department’s and the components’ recent actions. We made five recommendations to make the law enforcement hiring process more efficient.

>DHS Is Slow to Hire Law Enforcement Personnel
2017
OIG-16-142 Title IV, Section 406 of the Cybersecurity Act of 2015 requires Inspectors General to assess agency National Security Systems (NSS) and other systems that provide access to personally identifiable information (PII). We reviewed information security policies and practices for logical access and data protection at the Department of Homeland Security in four key areas, asrequired by the Act.

>Review of the Department of Homeland Security's Implementation of the Cybersecurity Act of 2015
2016
OIG-16-141 The Reducing Over- Classification Act requires Federal Government Inspectors General of departments that make original classification determinations to conduct no less than two evaluations of their agencies’ classification policies, procedures, rules, and regulations. The Department of Homeland Security (DHS) implemented the two recommendations from our first evaluation. In this second evaluation, we assessed DHS’ progress in its classification management program after implementing the recommendations. What We

>DHS Has Not Trained Classified Network Users on the Classification Management Tool
2016
OIG-16-138 In 2012, we reported on DHS’ challenges in implementing an effective information technology (IT) management program. FITARA was enacted in 2014 to institutionalize IT reform across the Federal Government. We conducted this audit to determine the extent to which DHS has implemented FITARA to improve department-wide IT management and oversight.

>DHS’ Progress in Implementing the Federal Information Technology Acquisition Reform Act
2016
OIG-16-131 We evaluated the Department of Homeland Security (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. We assessed DHS programs for continuous monitoring management, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones, remote access management, contingency planning, and contractor systems. This report will be issued to the Office of the Inspector General of the Intelligence Community, in accordance with reporting instructions dated May 10, 2016.

>Review of DHS’ Information Security Program for Intelligence Systems for Fiscal Year 2016
2016
OIG-16-129 The Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) requires the Office of Inspector General to conduct an annual risk assessment on agency charge card programs. We conducted this risk assessment to determine whether the Department of Homeland Security implemented sufficient internal controls to prevent illegal, improper, and erroneous purchases and payments.

>Fiscal Year 2015 Risk Assessment of the DHS Bank Card Program Indicates Moderate Risk
2016
OIG-16-108 Management Advisory - DHS Should Better Evaluate the Performance of Its Working Capital Fund 2016