Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Sort ascending Fiscal Year
OIG-16-105 Based on GSA’s eRETA system, between fiscal years 2003 and 2014, DHS and its components authorized more than 18,000 RWAs with GSA, totaling $4.1 billion. We conducted this audit to determine whether the Department’s use of RWAs was in compliance with statutory, regulatory, departmental, and component requirements.

>DHS' Use of Reimbursable Work Agreements with GSA
2016
OIG-16-101 The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of HomelandSecurity’s (DHS) consolidated financial statements and internal control over financial reporting.

>National Flood Insurance Program's Management Letter for DHS' FY 2015 Financial Statements Audit (Redacted)
2016
OIG-16-95 The Department of Homeland Security has a substantial number of employees who travel and work abroad. Off-duty misconduct can undermine the Department’s credibility and integrity and hinder its ability to achieve its mission. Our objective was to determine whether DHS has adequate policies and training governing off-duty conduct while abroad.

>DHS Does Not Have Comprehensive Policies or Training for Off-duty Conduct of Employees Traveling and Working Abroad
2016
OIG-16-89 Each year, our independent auditors identify component-level information technology (IT) control deficiencies as part of the DHS consolidated financial statement audit. This letter provides details that were not included in the fiscal year 2015 DHS Agency Financial Report.

>Information Technology Management Letter for Other Department of Homeland Security Components of the FY 2015 Department of Homeland Security Financial Statement Audit
2016
OIG-16-88 Our objective was to determine whether the Department of Homeland Security complied with the Improper Payments Elimination and Recovery Act of 2010 (IPERA). We also evaluated the accuracy and completeness of DHS’ improper payment reporting.

>Department of Homeland Security's FY 2015 Compliance with the Improper Payments Elimination and Recovery Act of 2010
2016
OIG-16-84 Each year, our independent auditors identify component-level information technology (IT) control deficiencies as part of the DHS consolidated financial statement audit. This letter provides details that were not included in the fiscal year (FY) 2015 DHS Agency Financial Report.

>Information Technology Management Letter for the National Protection and Programs Directorate Component of the FY 2015 Department of Homeland Security Financial Statement Audit
2016
OIG-16-82 Each year, our independentauditors identify component-level information technology (IT) control deficiencies as part of the DHS consolidated financial statement audit. This letter provides details that were not included in the fiscal year 2015 DHS Agency Financial Report.

>Information Technology Management Letter for the Science and Technology Directorate Component of the FY 2015 Department of Homeland Security Financial Statement Audit
2016
OIG-16-83 Each year, our independent auditors identify component-level information technology (IT) control deficiencies as part of the DHS consolidated financial statement audit. This letter provides details that were not included in the fiscal year 2015 DHS Agency Financial Report.

>Information Technology Management Letter for the Office of Financial Management and Office of Chief Information Officer Components of the FY 2015 Department of Homeland Security Financial Statement Audit
2016
OIG-16-76 The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting.

>Science and Technology Directorate's Management Letter for DHS' FY 2015 Financial Statements Audit
2016
OIG-16-74 The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. For

>Federal Law Enforcement Training Centers' Management Letter for DHS' FY 2015 Financial Statements Audit
2016
OIG-16-71 The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. For

>Office of Health Affairs’ Management Letter for DHS’ FY 2015 Financial Statements Audit
2016
OIG-16-65 The Chief Financial Officers Act of 1990 (Public Law 101- 576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homelan Security’s (DHS) consolidated financial statements and internal control over financial reporting.

>Office of Financial Management's Management Letter for DHS' FY 2015 Financial Statements Audit
2016
OIG-16-62 The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting.

>Management Directorate's Management Letter for DHS' FY 2015 Financial Statements Audit
2016
OIG-16-58 On March 4, 2015, Congress enacted Public Law 114–4, Consolidated Appropriations Act, 2015. According to Section 518(a), the Secretary of Department of Homeland Security (DHS) shall submit a report not later than October 15, 2015, to the Office o Inspector General, listing all grants and contracts awarded by any means other than full and open competition during fiscal year (FY) 2015. As required, we reviewed the report and assessed departmental compliance with applicable laws, regulations, and departmental procedures.

>DHS Contracts and Grants Awarded through Other Than Full and Open Competition FY 2015
2016
OIG-16-55 We contracted with the independent public accounting firm KPMG LLP (KPMG) to audit DHS’ fiscal year (FY) 2015 consolidated financial statements and internal control over financial reporting. KPMG expressed an unmodified (clean) opinion on the consolidated financial statements, and issued an adverse opinion on DHS’ internal control over financial reporting for FY 2015. The management letter contains 89 observations related to internal control and other operational matters for management’s consideration. KPMG noted deficiencies and the need for improvement in certain processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2015 Financial Statements and Internal Control over Financial Reporting, dated November 13, 2015, included in the DHS FY 2015 Agency Financial Report.

>Management Letter for the Audit of DHS' FY 2015 Financial Statements and Internal Control over Financial Reporting
2016
OIG-16-45 KPMG LLP evaluated selected general IT controls, IT entity-level controls, and business process application controls at DHS components. KPMG determined that the DHS components had made progress in remediating certain IT deficiencies we reported in FY 2014. Approximately 48 percent of the prior year IT deficiencies identified were repeated. The majority of the deficiencies identified by KPMG resulted from a lack of properly documented, fully designed and implemented, adequately detailed, and consistently implemented financial system controls to comply with requirements of DHS Sensitive Systems Policy Directive 4300A, Information Technology Security Program, and National Institute of Standards and Technology guidance. The deficiencies collectively limited DHS’ ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. The deficiencies at Customs and Border Protection, the United States Coast Guard, the Federal Emergency Management Agency, and U.S. Immigration and Customs Enforcement adversely impacted the internal controls over DHS’ financial reporting and its operation, and collectively represent a material weakness reported in the FY 2015 DHS Agency Financial Report.

>Information Technology Management Letter for the FY 2015 Department of Homeland Security Financial Statement Audit
2016
OIG-16-44 We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2015. KPMG, LLP evaluated selected general IT controls and business process application controls at the United States Coast Guard (Coast Guard). KPMG, LLP determined that Coast Guard took corrective actions to address one prior-year IT control deficiency. Specifically, Coast Guard made improvements over implementing certain account management and audit log controls. KPMG, LLP continued to identify general IT controls deficiencies related to access controls, segregation of duties, and configuration management of Coast Guard’s core financial and feeder systems. In many cases, new control deficiencies reflected weaknesses over controls and systems that were new to the scope of the FY15 audit Such deficiencies limited Coast Guard’s ability to ensure that critical financial and operational data were maintained in such a manner to ensure confidentiality, integrity, and availability.

>Information Technology Management Letter for the United States Coast Guard Component of the FY 2015 Department of Homeland Security Financial Statement Audit
2016
OIG-15-94 (Revised) Our objective was to determine whether the Department of Homeland Security (DHS) complied with the Improper Payments Elimination and Recovery Act of 2010 (IPERA). We also evaluated the accuracy and completeness of DHS’ improper payment reporting and DHS’ performance in reducing and recapturing improper payments. Although DHS met all the reporting requirements of IPERA, it did not meet its annual reduction targets established for each high-risk program as required by OMB. As such, we concluded that DHS did not fully comply with IPERA.

>Department of Homeland Security's FY 2014 Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised)
2015
OIG-13-47 In fiscal year 2010, the Federal Government’s total improper payment amount was at a high of $121 billion. In that same year, Congress passed the Improper Payments Elimination and Recovery Act of 2010.(IPERA or the Act) in an effort to reduce improper payments. Our audit objective was to determine whether DHS complied with the Act. Although DHS met all the reporting requirements of the Act, it did not meet its annual reduction targets established for each high‐risk program as required by the Office of Management and Budget. As such, we concluded that DHS did not fully comply with IPERA.

>Department of Homeland Security’s FY 2012 Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised)
2013
OIG-14-64 (Revised) Our audit objective was to determine whether the Department of Homeland Security (DHS) complied with the Act in fiscal year 2013. In addition, we also evaluated the accuracy and completeness of DHS’ improper payment reporting and its efforts to reduce and recover improper payments for fiscal year 2013. Although DHS met all the reporting requirements of the Act, it did not meet its annual reduction targets established for each program deemed susceptible to improper payments. As such, we concluded that DHS did not fully comply with IPERA. We reviewed the accuracy and completeness of DHS’ improper payment reporting and DHS’ efforts to reduce and recover improper payments.

>Department of Homeland Security’s FY 2013 Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised)
2014
OIG-16-39 In fiscal year 2014, DHS spent a total of $12.5 billion using interagency agreements. Past Office of Inspector General audit reports found that a component used Intra/Interagency Reimbursable Work Agreements (RWA) to bypass key internal controls rather than properly implement Interagency Acquisitions. We conducted a department-wide audit to determine whether DHS’s use of RWAs is in compliance with statutory, regulatory, departmental, and component requirements. Components are not issuing RWAs in compliance with the Department’s policy. Specifically, 100 percent of the 43 RWAs we tested—totaling approximately $88 million—had not been reviewed by a Certified Acquisition Official (CAO). In January 2015, DHS issued a policy requiring components to have a CAO review RWAs to ensure they are being issued properly prior to obligating funds. The CAO plays a critical role in ensuring high-risk transactions receive proper oversight. However, 70 percent of the RWAs we tested did not include enough information for a CAO to make an informed decision. DHS did not ensure components updated their policies and procedures to reflect the new requirements. Without a CAO review, components may continue to improperly issue RWAs, circumventing acquisition controls.

>DHS Needs to Improve Implementation of OCFO Policy Over Reimbursable Work Agreements
2016
OIG-16-19 DHS does not have adequate oversight of its workforce training. DHS lacks reliable training cost information and data needed to make effective and efficient management decisions. In addition, it does not have an effective governance structure for its training oversight, including clearly defined roles, responsibilities, and delegated authorities. Finally, DHS has not adequately addressed 29 different recommendations to improve training efficiencies made since 2004 by various working groups. As a result, DHS cannot ensure the most efficient use of resources.

>DHS' Oversight of Its Workforce Training Needs Improvement
2016
OIG-16-08 We reviewed the Department of Homeland Security’s (DHS) information security program in accordance with the Federal Information Security Modernization Act of 2014. Our objective was to determine whether DHS’ information security program is adequate, effective, and complies with FISMA requirements. DHS has taken actions to strengthen its information security program. For example, DHS developed and implemented the Fiscal Year 2015 Information Security Performance Plan to define the performance requirements, priorities, and overall goals of the Department. DHS has also taken steps to address the President’s cybersecurity priorities, such as Information Security Continuous Monitoring; Identity, Credential, and Access Management; and anti-phishing and malware defense. Nonetheless, the Department must ensure compliance with information security requirements in other areas.

>Evaluation of DHS' Information Security Program for Fiscal Year 2015 (Revised)
2016
OIG-16-15 We reviewed the Department of Homeland Security’s (DHS) information security program for intelligence systems in accordance with the Federal Information Security Modernization Act. The objective of our review was to determine whether DHS’ information security program and practices are adequate and effective in protecting the information and the information systems that support DHS’ intelligence operations and assets. We assessed DHS programs for continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones, remote access management, contingency planning, and contractor systems.

>Fiscal Year 2015 Evaluation of DHS' Compliance with FISMA Requirements for Intelligence Systems
2016
OIG-16-07 DHS’ mission to protect the Nation entails a wide array of responsibilities. These range from facilitating the flow of commerce and travelers, countering terrorism, and securing and managing the border to enforcing and administering immigration laws and preparing for and responding to natural disasters. This report identifies major challenges that affect the Department as a whole, as well as its individual components, who work together to achieve this multi-faceted mission. We identified nine areas of most persistent concern for the Department: (1) DHS Management and Operations Integration; (2) Acquisition Management; (3) Financial Management; (4) Information Management and Technology; (5) Transportation Security; (6) Border Security and Immigration Enforcement; (7) Disaster Preparedness and Response; (8) Infrastructure Protection and Cybersecurity; (9) Employee Accountability and Integrity.

>Major Management and Performance Challenges Facing the Department of Homeland Security
2016
OIG-16-06 The independent public accounting firm KPMG LLP has issued an unmodified (clean) opinion on DHS' consolidated financial statements. In the independent auditors’ opinion, the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2015. KPMG LLP issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2015. The report identifies seven significant deficiencies in internal control; three of which are considered material weaknesses. The material weaknesses are in financial reporting; information technology controls and financial system functionality; and property, plant, and equipment. The report also identifies instances of noncompliance with four laws and regulations.

>Independent Auditors' Report on DHS' FY 2015 Financial Statements and Internal Control over Financial Reporting
2016
OIG-15-144 We evaluated the Department of Homeland Security (DHS) enterprise-wide security program for TopSecret/Sensitive Compartmented Information intelligence systems. We assessed DHS programs for continuous monitoring management, configuration management, identify and access management, incident response and reporting, risk management, security training, plans of actions and milestones, remote access management, contingency planning, and contractor systems. This report will be issued to the Office of Inspector General of the Intelligence Community.

>Review of DHS' Information Security Program for Intelligence Systems for Fiscal Year 2015
2015
OIG-15-140 We audited the DHS components’ coordination in performing their cyber missions. We sought to determine whether their cyber roles and responsibilities have been well delineated and a process is in place for department-wide information sharing and coordinated response to cyber incidents and criminal investigations. We also evaluated the components’ compliance with applicable DHS information security requirements. Department of Homeland Security (DHS) components have strengthened coordination in performing their cyber missions. For example, United States Immigration and Customs Enforcement (ICE) and United States Secret Service (USSS) have enhanced relationships with the National Protection and Programs Directorate’s (NPPD) National Cybersecurity and Communications Integration Center to improve information sharing and coordination on incident response and investigation. Despite these positive steps, the Department can take additional actions to improve its cyber mission coordination. For example, the Office of Policy has not developed a cyber strategic implementation plan due to its recent establishment and limited staff. Without a strategic plan, DHS cannot effectively align the components’ cyber responsibilities and capabilities with DHS’ overall mission.

>DHS Can Stregthen its Cyber Million Coordination Efforts
2015
OIG-15-138 The Department of Homeland Security (DHS) manages a diverse warehouse portfolio. According to the Government Accountability Office, managing the Federal government’s real property — which includes warehouses — is a high-risk area. DHS’ components own and lease warehouses for a variety of reasons, such as storing disaster relief supplies, computer equipment, seized assets, and excess property. Our audit objective was to determine the effectiveness of DHS’ process of assessing and managing its warehousing needs. Although DHS has taken steps to assess its warehouses, it cannot effectively manage its warehouse needs because some of the components misclassify many of their warehouses. We found buildings that should not have been on the Department’s warehouse inventory. Conversely, we found buildings that should have been classified as warehouses, but were not. Because the warehouse inventories are inaccurate, DHS cannot manage warehouses or demonstrate compliance with requirements to limit the size of real property inventories and reduce costs. Even though most warehouses we visited were well organized and appeared to support the components’ missions, we identified three warehouses that CBP could potentially consolidate or close and put $1 million per year to better use.

>Accurate Reporting and Oversight Needed to Help Manage DHS' Warehouse Portfolio
2015
OIG-15-121-MA We reviewed whether, from October 1, 2013, to December 31, 2014, DHS components reported conference expenses to OIG and the public as required. During this time period, DHS components reported 28 (15 percent) of 187 conferences they were required to report to OIG; of the 28, 2 (7 percent) were reported within the required 15 days. Based on conference expenses reported in the first quarter of fiscal year (FY) 2015, the components' compliance with the reporting requirement is improving-the percentage of conferences reported rose from 13 percent in FY 2014 to 30 percent in the first quarter of FY 2015. For all but one conference with expenses exceeding $100,000, DHS published conference expenditures on its website as required, but the public cannot easily find this information. We made three recommendations to improve DHS components' required reporting of conferences to OIG and the public. DHS concurred with these recommendations and took responsive action; we consider all three recommendations closed.

>Management Advisory on Department of Homeland Security Components' Reporting of Conference Spending (OIG 15-121-MA)
2015
OIG-15-117 The Government Charge Card Abuse Prevention Act of 2012 requires the Office of Inspector General to conduct an annual risk assessment on agency charge card programs. We conducted this audit to determine whether the Department of Homeland Security (DHS) implemented sufficient internal controls to prevent illegal, improper, or erroneous purchases and payments. DHS conducts a large volume of business using government charge cards each fiscal year. In fiscal years 2012 through 2014, DHS had more than $400 million per year in purchase and travel card transactions. DHS did not ensure components established documented procedures to comply with DHS requirements on charge card use. In addition, DHS components did not have sufficient oversight plans to prevent improper use of charge cards. As a result, there remains a moderate level of risk that DHS’ internal controls will not prevent illegal, improper, or erroneous purchases.

>Fiscal Year 2014 Assessment of DHS Charge Card Program Indicates Moderate Risk Remains
2015
OIG-15-97-VR DHS continues to lack reliable interoperable communications for emergencies, as well as daily operations and planned events. The inability to communicate effectively during an emergency presents serious risks to the health and safety of the public. To better fulfill its mission and unify its efforts, DHS must prioritize interoperable communications and expedite the implementation of the recommended corrective actions in our DHS’ Oversight of Interoperable Communications report.

>Corrective Actions Still Needed to Achieve Interoperable Communications
2015
OIG-15-93 We contracted with the independent public accounting firm KPMG LLP (KPMG) to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG evaluated selected general information technology controls, and information technology (IT) entity-level controls, and business process application controls at DHS’ components. KPMG noted that the DHS Components made progress in the remediation of certain IT deficiencies we reported in FY 2013, approximately 35 percent of the prior year IT deficiencies.

>Information Technology Management Letter for the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-85 DHS uses prosecutorial discretion in deciding to what extent it will enforce immigration laws, including whether to place aliens in or take them out of the removal process. However, the Department does not collect and analyze data on the use of prosecutorial discretion to fully assess its current immigration enforcement activities and to develop future policy. Although the Office of Policy is responsible for developing department-wide policies and programs, DHS has not required this office to gather or use data to assess the effect of prosecutorial discretion on immigration enforcement activities. The Department also does not have a mechanism to continuously monitor its use of prosecutorial discretion and improve future policy. As a result, DHS may not be using its significant investment in immigration enforcement as efficiently as possible. The Department may also be missing opportunities to strengthen its ability to remove aliens who pose a threat to national security and public safety.

>DHS Missing Data Needed to Strengthen its Immigration Enforcement Efforts
2015
OIG-15-80 DHS does not require components to track justifications for making travel reservations offline, that is, by contacting an agent by telephone. Therefore, it is difficult to identify whether offline travel fees are excessive. Making reservations by telephone costs $23 to $27 more per transaction than making a reservation online through the web-based system. The Department is also not effectively managing components’ use of the online system. As a result, the Department may be missing opportunities to reduce offline travel reservation fees and identify cost savings. Finally, although the Senate Appropriations Committee expected DHS to reduce its offline reservation costs in fiscal year 2014, data from DHS showed that, overall, offline costs increased.

>DHS Should Do More to Reduce Travel Reservation Costs
2015
OIG-15-75 KPMG LLP reviewed the Management Directorate’s (MGMT) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s consideration.

>Management Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-70 KPMG LLP reviewed the Office of Financial Management’s (OFM) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s considerations.

>Office of Financial Management's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-63 We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls and business process application controls at the Other DHS Management components. KPMG LLP performed after-hours physical security walkthroughs and social engineering and identified instances where DHS personnel did not adequately comply with requirements for safeguarding sensitive material or assets from unauthorized access or disclosure. Inadequate protection of DHS information systems and data from those without a need to know or a need for access puts DHS’ sensitive electronic and physical data at risk of loss, theft, or misuse.

>Information Technology Management Letter for the Other DHS Management Components of the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-62 We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at DHS’ Office of Financial Management and Office of Chief Information Officer. KPMG, LLP continued to identify deficiencies related to access controls and vulnerability management controls of DHS’ core financial system. Inadequate protection of DHS information systems and data from those without a need to know or a need for access puts DHS’ sensitive electronic and physical data at risk of loss, theft, or misuse.

>Information Technology Management Letter for the Office of Financial Management and Office of Chief Information Officer Components of the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-59 On January 17, 2014, Congress enacted Public Law 113-76, Consolidated Appropriations Act, 2014. According to Section 520 (a), the Secretary of Department of Homeland Security (DHS) shall submit a report not later than October 15, 2014, to the Office of Inspector General, listing all grants and contracts awarded by any means other than full and open competition during fiscal year (FY) 2014. As required, we reviewed the report and assessed departmental compliance with applicable laws, regulations, and departmental procedures. In FY 2014, DHS awarded 399 noncompetitive contracts worth about $306 million. This represents a continuing decrease of more than $3 billion obligated through noncompetitive contracts over a 6-year period. We reconciled the entire FY 2014 contract listing against the Federal Procurement Data System and found that the data between the two lists were 99.8 percent identical. Also in FY 2014, DHS awarded 66 noncompetitive grants worth about $126 million. Although three noncompetitive grants worth approximately $3.2 million did not meet accuracy, timeliness, or completeness standards, approximately 95.5 percent did meet the requirements as set forth in the Federal Funding Accountability and Transparency Act of 2006.

>DHS Contracts and Grants Awarded through Other than Full and Open Competition, FY 2014
2015
OIG-15-44 The Office of Inspector General contracted with the independent accounting firm KPMG LLP to conduct an integrated audit of DHS’ fiscal year 2014 consolidated financial statements and internal control over financial reporting. The Management Letter contains 101 observations related to internal controls and other operational matters for management’s considerations. KPMG LLP noted deficiencies and needed improvements in certain processes. These deficiencies did not meet the criteria to be reported in the Independent Auditor’s Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, of November 14, 2014, included in DHS FY 2014 Agency Financial Report. Internal control deficiencies that meet the criteria were reported, as required, in the independent auditor’s report.

>Management Letter for the FY 2014 DHS Financial Statements and Internal Control over Financial Reporting Audit
2015
OIG-15-16 We reviewed Department of Homeland Security’s (DHS) information security program in accordance with the Federal Information Security Management Act of 2002 (FISMA). Our objective was to determine whether DHS’ information security program is adequate, effective, and in compliance with FISMA requirements. DHS has taken steps to improve its information security program. For example, DHS expanded the ongoing authorization program to improve the security of its information systems through a revised risk management approach. Additionally, DHS developed and implemented the Fiscal Year 2014 Information Security Performance Plan, which defines the performance requirements, priorities, and overall goals for the Department. DHS has also taken actions to address the President’s cybersecurity priorities, which include the implementation of trusted internet connections, continuous monitoring of the Department’s information systems, and strong authentication. While these efforts have resulted in some improvements, Components are not consistently following DHS’ policies and procedures to update the system inventory and plan of action and milestones in the Department’s enterprise management systems. Further, Components continue to operate systems without the proper authority.

>Evaluation of DHS' Information Security Program for Fiscal Year 2014
2015
OIG-15-09 We have identified major challenges that affect both the Department as a whole, as well as individual components. DHS must continually seek to integrate management operations under an authoritative governing structure capable of effectively overseeing and managing programs that cross component lines. DHS’ mission to protect the Nation from domestic and international threats and respond to natural and manmade disasters is further challenged by the unpredictable nature of these hazards. DHS must overcome the challenges inherent with uniting the Department under the Secretary’s Unity of Effort Initiative, as well as those over which it has little control. This year, we are reporting the Department’s major challenges in the following areas: (1) DHS Operations Integration, (2) Acquisition Management, (3) Financial Management, (4) IT Management and Privacy Issues, (5) Transportation Security, (6) Border Security and Immigration Enforcement. (7) Grants Management, (8) Employee Accountability and Integrity, (9) Infrastructure Protection, Cybersecurity, and Insider Threat

>Major Management and Performance Challenges Facing the Department of Homeland Security
2015
OIG-15-10 The independent public accounting firm, KPMG LLP, has issued an unmodified (clean) opinion on the Department of Homeland Security's (DHS) consolidated financial statements. In the independent auditors’ opinion, the financial statements present fairly, in all material respects, the financial position of DHS as of September 30, 2014.

>Independent Auditors' Report on DHS' FY 2014 Financial Statements and Internal Control over Financial Reporting
2015
OIG-14-137 The Department of Homeland Security (DHS) Visa Security Program is intended to prevent terrorists, criminals, and other ineligible applicants from receiving visas. DHS assigns special agents with expertise in immigration law and counterterrorism to U.S. diplomatic posts overseas to perform visa security activities . We reviewed the program’s effectiveness in preventing ineligible applicants from receiving U.S. visas; DHS’ annual reporting to Congress on the program’s expansion; and the efforts to expand the program to additional overseas posts, including the potential impact of a new initiative, the Pre ‐ Adjudicated Threat Recognition and Intelligence OperationsTeam.

>The DHS Visa Security Program
2014
OIG-14-135 We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security anagement Act, we reviewed the Department’s security program including its policies, procedures, and system security controls for enterprise-wide intelligence systems. In doing so, we assessed the Department’s continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones, remote access, contingency planning, contractor systems and security capital planning. The United States Coast Guard (USCG) has migrated the Coast Guard Intelligence Support System into a new system that is supported by DHS, the Defense ntelligence Agency and USCG.

>(U) Review of DHS' Information Security Program for Intelligence Systems for Fiscal Year 2014
2014
OIG-14-129 A severe influenza pandemic presents a tremendous challenge, which may affect millions of Americans, cause significant illnesses and fatalities, and substantially disrupt our economic and social stability. It is DHS’ responsibility to ensure it is adequately prepared to continue critical operations in the event of a pandemic. In 2006, Congress appropriated $47million in supplemental funding to DHS for necessary expenses to plan, train, and prepare for a potential pandemic. DHS reported that it spent this funding on personal protective equipment, pandemic research, exercises, and medical countermeasures. The Department and components purchased personal protective equipment and medical countermeasures (specifically, antiviral medical countermeasures) to reduce potential effects of a pandemic and ensure the workforce can continue operations. We conducted an audit of the DHS pandemic preparedness efforts to determine if DHS effectively manages its pandemic preparedness supply of personal protective equipment and antiviral medical countermeasures.

>DHS Has Not Effectively Managed Pandemic Personal Protective Equipment and Antiviral Medical Countermeasures
2014
OIG-14-126 In fiscal year 2012, Federal agency fleets consisted of more than 650,000 motor vehicles around the world. The Department of Homeland Security (DHS) had the second largest civilian motor vehicle fleet in the Federal Government, owning or leasing about 56,000 vehicles, with reported annual operating costs of about $534 million. Our audit objective was to determine whether, for fiscal year 2012, DHS met requirements to right-size its motor vehicle fleet composition, eliminate underused vehicles, and acquire vehicles that reduce petroleum use and greenhouse gas emissions.

>DHS Does Not Adequately Manage or Have Enforcement Authority Over Its Components' Vehicle Fleet Operations
2014
OIG-14-108 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of Department of Homeland Security fiscal year 2013 consolidated financial statements. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG is responsible for the attached management letter dated March 11, 2014, and the conclusion expressed in it.

>Information Technology Management Letter for the FY 2013 Department of Homeland Security’s Financial Statement Audit – Office of Financial Management and Office of Chief Information Officer
2014
OIG-14-94 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of Department of Homeland Security fiscal year 2013 consolidated financial statements. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG is responsible for the attached management letter dated March 11, 2014, and the conclusion expressed in it.

>Information Technology Management Letter for the FY 2013 Department of Homeland Security’s Financial Statement Audit
2014