Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Fiscal Year
OIG-18-04 We identified limitations with FAMS contributions to aviation security. Details related to FAMS operations and flight coverage presented in the report are classified or designated as Sensitive Security Information. We are making five recommendations that when implemented, should improve FAMS

 

>FAMS’ Contribution to Aviation Transportation Security is Questionable (Unclassified Summary) 		2018
OIG-18-03 USCIS site visits provide minimal assurance that H-1B participants are compliant and not engaged in fraudulent activity. These visits assess whether petitioners and beneficiaries comply with applicable immigration laws and regulations. USCIS can approve more than 330,000 H-1B petitions each year, which could include extensions and amendments. As of April 2017, USCIS reported more than 680,000 approved and valid H-1B petitions. However, during FYs 2014–16, USCIS conducted an average of 7,200 ASVVP site visits annually. For the limited number of visits conducted, USCIS does not always ensure the IOs are thorough and comprehensive in their approach. Further limiting the site visits’ effectiveness, USCIS does not ensure the agency always takes proper and timely action when IOs identify potential fraud or noncompliance. USCIS also uses targeted site visits to respond to indicators of fraud; however, the agency does not completely track the costs and analyze the results of these visits.

 

>USCIS Needs a Better Approach to Verify H-1B Visa Participants 		2018
OIG-18-01 Mississippi Emergency Management Agency (MEMA) followed applicable Federal grant requirements.  It is FEMA’s responsibility to hold Mississippi accountable for proper grant administration.  MEMA did not provide proper oversight of a $29.9 million Hazard Mitigation grant, or follow Federal Regulations and FEMA guidelines when accounting for grant funds.  As a result, FEMA has no assurance that MEMA properly accounted for and expended Federal funds.

>Hazard Mitigation Grant Funds Awarded to MEMA for the Mississippi Coastal Retrofit Program 		2018
OIG-18-02 In 2013 and 2014, we conducted an audit of the District of Columbia’s (DC) management of the Homeland Security Grant Program (HSGP) for grants awarded from fiscal years 2010 through 2012. In September 22, 2014, we issued an audit report entitled, District of Columbia’s Management of Homeland Security Grant Program Awards for Fiscal Years 2010 Through 2012 (OIG-14-147), which included 11 recommendations to improve the overall effectiveness of DC’s management of the Homeland Security Emergency Management Agency’s (HSEMA) State Homeland Security Program (SHSP) and Urban Area Security Initiative (UASI) funds. We determined that DC HSEMA met the intent of our prior recommendations and demonstrated improvements in its SHSP and UASI subrecipient monitoring and oversight. We also confirmed DC HSEMA submitted required THIRA reports to FEMA. Overall, FEMA and DC HSEMA’s implementation of our prior recommendations achieved the intended results of strengthening grant program management, performance, and oversight

>Verification Review of District of Columbia's Management of Homeland Security Grant Program Awards for Fiscal Years 2010 Through 2012 		2018
OIG-17-113-D We determined that while the Commission has a system in place to account for funds on a project-by-project basis and generally expended Public Assistance grant funds according to FEMA guidelines, the Commission needs additional assistance in developing long-term solutions for repetitive damages to county roads and managing its $5.4 million FEMA grant. We found that the Commission did not receive adequate guidance from FEMA and Alabama concerning Hazard Mitigation funding for long-term solutions to repetitive damages to roads; thus, potentially costing FEMA millions of dollars in the future; and project formulation, causing improperly written project scopes.  Additionally, the Commission did not have proper procurement procedures to ensure that small businesses, minority-owned firms, and women’s business enterprises have an opportunity to bid on Federal contracts; and adequate procedures to ensure proper documentation is collected to support $24,000 in costs. The report contains five recommendations to the Regional Administrator, FEMA Region IV, to provide the Commission with additional guidance to properly manage its $5.4 million and save millions in the future.  FEMA agreed with all recommendations.

>The Covington County Commission Needs Additional Assistance in Managing a $5.4 Million FEMA Grant 		2017
OIG-17-120-D The Audit Tips provides an overview of OIG responsibilities; applicable disaster assistance Federal statutes, regulations, and guidelines; the audit process and frequent audit findings; and key points to remember when administering FEMA grants.  Using this report should assist disaster assistance applicants to (1) document and account for disaster-related costs; (2) minimize the loss of FEMA disaster assistance funds; (3) maximize financial recovery; and (4) prevent fraud, waste, and abuse of disaster funds.  We have updated the report to include information on FEMA’s second edition of the Public Assistance Program and Policy Guide that supersedes many of the Public Assistance publications and individual policy documents

>Audit Tips for Managing Disaster-Related Project Costs 		2017
OIG-17-121-MA We are providing this report to emphasize the potential housing challenges and risks that FEMA needs to address during Hurricane Harvey’s recovery efforts based on our observations and discussions with FEMA officials at the Austin, Texas Joint Field Office.  FEMA is currently responding to Hurricanes Harvey, Irma, and Maria, some of the most catastrophic disasters in recent United States history.  Damages from Hurricane Harvey are estimated to exceed $100 billion.  On September 22, 2017, the State of Texas General Land Office entered into an Intergovernmental Service Agreement to provide assistance to FEMA in the delivery of Direct Housing Assistance (DHA) to Hurricane Harvey survivors on a temporary basis.  FEMA estimates these costs will reach approximately $1 billion.  The agreement does not clearly identify basic controls to ensure DHA funds are spent according to Federal regulations. For instance, the agreement does not include approval authorities and physical inspections, or separation of duties and independent certifications.  We are concerned that without adequate controls in place the Federal funds may be at risk of fraud, waste, and abuse.  Therefore, it is imperative that FEMA ensure Texas’ proposed project management plan clearly identifies the internal controls needed to ensure that Federal funds will be properly spent.  Our report also provides observations on the current and past issues with FEMA’s use of direct housing assistance programs.

>Management Alert - Observations and Concerns with FEMA's Housing Assistance Program for Hurricane Harvey Efforts in Texas 		2017
OIG-17-117-D We identified that the Diocese generally accounted for FEMA funds on a project-by-project basis as required by Federal regulations and FEMA guidelines.  However, it did not follow Federal procurement standards in awarding two contracts totaling $897,955. The Diocese and its parishes did not provide supporting documentation for procurements or their local procurement processes.  This occurred primarily because the Diocese was not familiar with certain Federal regulations and FEMA guidelines.  As FEMA’s grantee, New York should have done more to ensure the Diocese was aware of and complied with Federal procurement standards and documentation requirements.  FEMA should emphasize New York’s role in proper grant administration.

>Audit of FEMA Grant Funds Awarded to the Roman Catholic Diocese of Brooklyn, New York 		2017
OIG-17-119 We determined that the seven facilities we inspected were generally following U.S. Immigration and Customs Enforcement (ICE) guidance for documenting decisions on segregating detainees with mental health conditions and promptly reporting segregation placement information for detainees with mental health conditions to ICE field offices.  However, the field offices we reviewed did not record and promptly report all instances of segregation to ICE headquarters, nor did their system properly reflect all required reviews of ongoing segregation cases.  Also, ICE does not regularly compare segregation data in the electronic management system with information at detention facilities to assess the accuracy and reliability of data in the system.  Unless ICE field offices comply with requirements to report and record these reviews, ICE headquarters cannot be sure required reviews are taking place and may not have all the information needed to assess the use of segregation, which could put detainees and facility staff at risk of harm.  We made three recommendations to ICE to improve oversight and accountability for segregation of detainees with mental health conditions.

>ICE Field Offices Need to Improve Compliance with Oversight Requirements for Segregation of Detainees with Mental Health Conditions 		2017
OIG-17-116-VR We determined that due to changes DHS made to the process, political appointees do not influence Freedom of Information Act (FOIA) processors to delay or withhold the release of FOIA information.  Unlike the former process, the new process does not provide opportunities for political appointees in headquarters to inappropriately interfere with releases of significant FOIA information, and we did not identify any instances in which headquarters officials used the process to engage in those activities.  However, because DHS has not issued final guidance for the process, it is vulnerable to misuse in the future.  We recommended that the Chief FOIA Officer/Chief Privacy Officer issue final guidance on the 1-Day Awareness Notification Process.  The guidance should state 1) the purpose of the process is to inform senior officials of the imminent release of information that may raise public interest and 2) FOIA staff determine whether information should be released or withheld under FOIA’s exceptions and exemptions.

 

>DHS Review of Responses to Significant Freedom of Information Act Requests (Verification Review of OIG-11-67) 		2017
OIG-17-118-D We determined that the County accounted for and expended the majority of FEMA grant funds according to Federal regulations and FEMA guidelines.  However, the County claimed $246,294 of ineligible and unsupported costs for two large projects.  County officials said these issues occurred because FEMA officials provided inconsistent guidance regarding the types of direct administrative costs that were eligible; and internal clerical errors for overstated material costs.  We recommended FEMA disallow $246,294 of ineligible and unsupported costs and provide clearer guidance for documenting eligible direct administrative costs.

>FEMA Should Disallow $246,294 of $3.0 Million in Public Assistance Grant Funds Awarded to Lincoln County, Missouri 		2017
OIG-17-115-MA We conducted unannounced inspections of U.S. Customs and Border Protection (CBP) immigration holding facilities to determine if conditions are adequate, the quality of care provided is reasonable, and standards outlined in CBP’s National Standards on Transport, Escort, Detention, and Search are being met.  During these inspections, we identified physical security issues that pose a potential threat to Border Patrol agents, assets, and operations at Border Patrol stations.  We also identified security issues related to cameras and access at other Border Patrol stations.  As a result, we are recommending that CBP promptly address the physical security issues, ensure cameras are operable, and facility access is secure.

>Management Alert - Security and Safety Concerns at Border Patrol Stations in the Tucson Sector (Redacted) 		2017
OIG-17-114 We determined that U.S. Customs and Border Protection (CBP) IT systems and infrastructure did not fully support its border security objective of preventing the entry of inadmissible aliens to the country.  The slow performance of a critical system used for pre-screening travelers reduced Office of Field Operations officers’ ability to identify any passengers who may pose concerns, including national security threats.  Further, incoming passenger screening at U.S. international airports was hampered by system outages that created passenger delays and public safety risks.  IT systems and infrastructure also did not fully support Border Patrol and Air and Marine Operations border security activities between ports of entry.  Poor systems performance and network instability resulted in processing backlogs and agents’ inability to meet deadlines for submitting potential criminal alien prosecution cases.  Also, network outages hindered air and marine surveillance operations, reducing the situational awareness needed to detect inadmissible aliens and cargo approaching U.S. borders.  CBP has not yet addressed these long-standing IT systems and infrastructure challenges, due in part to ongoing budget constraints.  We recommended that CBP take steps to address passenger screening and border security IT systems and infrastructure challenges.  We made seven recommendations and CBP concurred with all seven of our recommendations.

>CBP's IT Systems and Infrastructure Did Not Fully Support Border Security Operations 		2017
OIG-17-110 We determined that FEMA is unable to assess flood hazard miles to meet its program goal and is not ensuring mapping partner quality reviews are completed in accordance with applicable guidance.  FEMA needs to improve its management and oversight of flood mapping projects to achieve or reassess its program goals and ensure the production of accurate and timely flood maps.  We made four recommendations that would help FEMA strengthen its management and oversight of flood mapping projects to achieve program goals.  FEMA concurred with all four recommendations.

>FEMA Needs to Improve Management of its Flood Mapping Program 		2017
OIG-17-112 We conducted covert tests to determine the effectiveness of TSA's checkpoint screening equipment and screener performance in identifying and resolving potential security threats at airport security checkpoints. We identified vulnerabilities with TSA's screener performance, screening equipment, and associated procedures. Details related to our testing results presented in the report are classified or designated Sensitive Security Information. We are making eight recommendations that when implemented, should improve TSA's screening checkpoint operational effectiveness.

>Covert Testing of TSA’s Screening Checkpoint Effectiveness 		2017
OIG-17-111 We determined that 9,389 aliens identified as having multiple identities had received an immigration benefit.  When taking into account the most current immigration benefit these aliens received, we determined that naturalization, permanent residence, work authorization, and temporary protected status represent the greatest number of benefits, accounting for 8,447 or 90 percent of the 9,389 cases.  Benefits for the remaining 10 percent of cases include applications for asylum and appeals to immigration court decisions.  U.S. Citizenship and Immigration Services (USCIS) has drafted a policy memorandum, Guidance for Prioritizing IDENT Derogatory Information Related to Historical Fingerprint Enrollment Records, outlining how it will review cases of individuals with multiple identities whose fingerprints were uploaded into the Automated Biometric Identification System through Historical Fingerprint Enrollment Records.  We did not make any recommendations.

>Individuals with Multiple Identities in Historical Fingerprint Enrollment Records Who Have Received Immigration Benefits 		2017
OIG-17-109 We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. This report was issued to the Office of the Inspector General of the Intelligence Community (IC IG).

>Review of DHS' Information Security Program for Intelligence Systems for Fiscal Year 2017 (U) 		2017
OIG-17-108-D We determined that FEMA’s policies are not sufficient enough to prohibit unaccredited, unlicensed, unregistered, and non-state approved non-profit schools from receiving Public Assistance funds.  We made one recommendation for the FEMA Assistant Administrator for the Recovery Directorate to strengthen its policies and guidelines pertaining to non-profit schools eligibility for Public Assistance.  FEMA agreed with our finding and recommendation, and will take corrective action to resolve the recommendation by February 28, 2018; therefore, we consider the recommendation resolved and open.

>FEMA Should Strengthen Its Policies and Guidelines for Determining Public Assistance Eligibility of PNP Schools 		2017
OIG-17-107 We determined that although a complainant alleged there were systemic security challenges in the Office of Intelligence and Analysis (OIA), there were few documented security incidents over the past 5 years, all of which OIA addressed with corrective actions.  Further, OIA has improved the effectiveness of its Field Intelligence Division and the Field Intelligence Officers by hiring qualified, experienced intelligence professionals and implementing clear policies and procedures, but it could enhance officer training.  OIA is also addressing weaknesses in coordination among its watches and perceived delays in intelligence reporting.  We made two recommendations to improve the effectiveness of OIA operations; the Transportation Security Administration (TSA) concurred with both recommendations.

>TSA's Office of Intelligence and Analysis Has Improved Its Field Operations 		2017
OIG-17-105-D We determined that the County’s accounting policies, procedures, and business practices appear adequate to account for FEMA grant funds according to Federal regulations and FEMA guidelines.  However, the County could benefit from Florida, as FEMA’s grant recipient, providing additional technical assistance and monitoring of its pending projects.

>St. Johns County, Florida, Could Benefit from Additional Technical Assistance and Monitoring to Ensure St. Johns County, Florida, Could Benefit from Additional Technical Assistance and Monitoring to Ensure Compliance with FEMA Grant Requirements 		2017
OIG-17-106-D We determined that Downe Township did not always follow Federal procurement standards in awarding contracts for disaster work.  We recommended that FEMA disallow $832,040 of $2.5 million in grant funds awarded to the Township.  The Township did not have support for $445,385 of the questioned costs.  We also recommended that the Administrator, FEMA Region II, deobligate unused project costs, and withhold $2.3 million in funds requested for additional project work until New Jersey provides assurance that the Township complies with all Federal procurement standards for FEMA funded work.  FEMA Region II concurred with all of our recommendations.

>Audit of FEMA Public Assistance Grant Funds Awarded to Downe Township, New Jersey 		2017
OIG-17-103-MA We determined that two DHS Components – CBP and U.S. Immigration and Customs Enforcement (ICE) created their own internal authorizations for executive protection details and staffed them without clear legal authority. We made two recommendations to the DHS secretary to direct CBP and ICE to (1) discontinue security details pending a legal review by the DHS General Counsel and (2) develop directive regarding the scope and circumstances  when a security detail is permitted for DHS component heads including the requirements for departmental level authorization; pending the results of the legal review.

>Management Alert - Unclear Rules Regarding Executive Protection Details Raise Concerns (OIG-17-103-MA) 		2017
OIG-17-104 TSA Office of Inspection Accountability Act of 2015 (Public Law 114-53), required us to review the Federal Air Marshal Service’s (FAMS’) policies and procedures for identifying misuse of Government resources, as well as the administration of FAMS’ code of conduct or integrity policies with respect to instances of misconduct. We incorporated this requirement into our ongoing department-wide audit of conduct and discipline, which seeks to determine whether DHS and its components have sufficient processes and procedures to address conduct issues. We determined that FAMS has sufficient policies and procedures to establish expectations for appropriate conduct, identify misuse of government resources, and address misconduct allegations. The report contains no recommendations.

>The Federal Air Marshal Service Has Sufficient Policies and Procedures for Addressing Misconduct 		2017
OIG-17-102-D We determined that the City followed Federal regulations and FEMA guidelines when accounting for FEMA funds; however, FEMA mistakenly obligated $587,538 of ineligible funding because of a mathematical error.  We made two recommendations to the Regional Administrator, FEMA Region IV, to disallow $587,538 as ineligible costs.  FEMA agreed with our finding and recommendations, and has taken corrective action to resolve both recommendations.  Therefore, we consider these recommendations resolved and closed with no further action required from FEMA.

>Audit of FEMA Public Assistance Grant Funds Awarded to the City of Pensacola, Florida 		2017
OIG-17-101 We determined that DHS had only approved implementation plans for 4 of 23 strategic objectives of the Enterprise Data Strategy, and planned to finalize the remaining plans in late FY 2017.  While we found that DHS had taken some effective actions to coordinate component investments in data sharing and management, component officials identified other ways that DHS could improve by coordinating Enterprise-wide tools and data integration efforts.  We recommended that DHS take actions to finalize implementation plans for the remaining 19 strategic objectives by the end of FY 2017, and work with components to identify and provide the training for Enterprise-wide data analysis and management tools.  We made two recommendations and Intelligence and Analysis and the Office of the Chief Information Officer concurred with both of our recommendations. 

>Improvements Needed to Promote DHS Progress toward Accomplishing Enterprise-wide Data Goals 		2017
OIG-17-100 We observed a strong “unity of effort” and commitment among DHS leaders in working together to promote and support the JTFs.  Although the JTFs are a step forward for DHS, they face challenges, including a need for dedicated funding and outcome-based performance measures.  Without dedicated funding, the JTFs rely on components that may have competing or conflicting priorities.  Without performance metrics, the JTFs cannot show the value they add to homeland security operations.  During our fieldwork, Congress passed the 2017 National Defense Authorization Act, prompting us to modify our report objective.  This abbreviated report provides our views of successes and some challenges the JTFs face in achieving their mission.  We made no recommendations.

>DHS' Joint Task Forces 		2017
OIG-17-99-MA We found that CBP administered polygraph examinations to unsuitable applicants who provided disqualifying information during the pre-test interview.  This occurred because CBP’s process is not sufficient to prevent unsuitable applicants from continuing the polygraph examination.  We made two recommendations to CBP to improve its screening by establishing an in-person pre-security interview process, requiring examiners to use the on-call adjudication process, and discontinue testing of unsuitable applicants.  CBP concurred with both recommendations and agreed that conducting the in-person pre-security interview prior to the polygraph examination is a best practice.  CBP has implemented one of the recommendations and has initiated a pilot program for a new polygraph format.

>Management Alert - CBP Spends Millions Conducting Polygraph Examinations on Unsuitable Applicants (OIG-17-99-MA) 		2017
OIG-17-98-SR This is a DHS OIG special report regarding DHS’ efforts to hire an additional 15,000 law enforcement officers.  This is the first in a series of reports.  This report describes lessons learned from prior DHS OIG, Government Accountability Office, and DHS departmental reports on challenges relating to hiring and other important areas of human capital management.  We made no recommendations in this report.

>Special Report: Challenges Facing DHS in Its Attempt to Hire 15,000 Border Patrol Agents and Immigration Officers 		2017
OIG-17-97-D We determined that FEMA did not have sufficient evidence to support its decision that Hurricanes Katrina and Rita directly caused damages to the roads and water distribution system.  The demonstration of direct cause is necessary for work to be considered eligible for Federal disaster assistance funding, as required by the Stafford Act and FEMA’s own policies.  As a result, FEMA should not have awarded the initial $785 million, or the additional $1.25 billion to complete the repairs.  We recommended that FEMA disallow $2.04 billion in questioned costs —the initial award of $785 million, plus the additional $1.25 billion award.  We made two recommendations and FEMA non-concurred with both of our recommendations.

>FEMA Should Disallow $2.04 Billion Approved for New Orleans Infrastructure Repairs 		2017
OIG-17-45-MA The Inspector General advised the Acting Administrator of the Transportation Security Administration (TSA) regarding internal TSA guidance to employees that, if followed, would improperly delay and restrict the OIG’s access to documents.  The Management Alert contained one recommendation with which TSA concurred.

>Management Alert Regarding Inspector General Access to Information (OIG 17-45-MA) 		2017
OIG-17-94 We determined that the Department failed to report 6 conferences in FY 2014 and 14 conferences in FY 2015 that were greater than $100,000 in its Annual Report to the Office of Inspector General and on the public website, as required by Federal regulations.  The total dollar value of these unreported conferences was $862,881 and $2,822,561 for FYs 2014 and 2015, respectively.  In addition, the Department did not always report actual conference costs timely or accurately.  We made five recommendations that would improve conference reporting and recordkeeping and ensure the accuracy and timeliness of conference submissions.  DHS concurred with all five of our recommendations and has implemented corrective actions, resulting in the resolution and closure of all the recommendations.

>Audit of Department of Homeland Security's Fiscal Years 2014 and 2015 Conference Spending 		2017
OIG-17-96 KPMG, under contract with DHS OIG, audited the Management Directorate’s financial statements and internal control over financial reporting.  The resulting management letter discusses five observations related to internal control for management’s consideration.  These issues were related to journal entry review; financial system reconciliations; ineffective obligation analysis; contract expense approval, improper invoice posting; and intra-governmental payment and collection expense approval.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>Management Directorate's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-95-D We determined that The Hospital accounted for FEMA funds on a project-by-project basis as Federal regulations and FEMA guidelines require.  However, as of February 2017, the Hospital had not arranged for an audit of its Federal award, which it must complete and submit to the Federal Audit Clearinghouse by June 30, 2017.  We recommended that the Regional Administrator, FEMA Region IV, direct the South Carolina Emergency Division to actively monitor the Hospital’s compliance with the annual audit requirements.  If the Hospital does not meets it audit requirement by the June 30, 2017, due date, FEMA should direct South Carolina to impose appropriate additional award conditions to ensure the integrity of the FEMA award.

>Williamsburg Regional Hospital, South Carolina, Generally Accounted for and Expended FEMA Grant Funds Awarded for Emergency Work Properly 		2017
OIG-17-93-D We determined the Borough of Lavallette did not always account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines.  Therefore, FEMA should disallow $3.9 million of $13.2 million in grant funds awarded to the Borough.  We made six recommendations to the Regional Administrator, FEMA Region II, to disallow duplicate costs, ineligible labor, contract and excessive equipment costs, unsupported equipment costs, unapplied credits, unneeded funds to put to better use and improve the State’s grant management activities.

>FEMA Should Recover $3.9 Million of $13.2 in Grant Funds Awarded to the Borough of Lavallette, New Jersey 		2017
OIG-17-92 KPMG, under contract with DHS OIG, audited the National Protection and Programs Directorate’s financial statements and internal control over financial reporting.  The resulting management letter discusses 14 observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies in several processes including revenue accrual, personnel actions, journal entry reviews, performance reviews, contract expense approvals, time keeping, and intra-governmental payment and collection expense approvals.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>National Protection and Programs Directorate's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-88 Most of the deficiencies identified by the independent public accounting firm KPMG LLP were related to access controls and configuration management of the Management Directorate’s core financial systems.  The deficiencies collectively limited the Management Directorate’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommend that the Management Directorate make improvements to DHS’ financial management systems and associated information technology security program.

>Information Technology Management Letter for the Management Directorate Component of the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-90 KPMG, under contract with DHS OIG, audited Customs and Border Protection’s (CBP) fiscal year (FY) 2016 consolidated financial statements.  The resulting management letter discusses 12 observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies in a number of processes, including deobligation of undelivered orders, review of Federal Employee Compensation Act claims, and the seized and forfeited property inventory.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on U.S. Customs and Border Protection’s FY 2016 Consolidated Financial Statements, dated January 18, 2017, included in CBP’s FY 2016 Performance and Accountability Report.

>Management Letter for U.S Customs and Border Protection's Fiscal Year 2016 Consolidated Financial Statements Audit 		2017
OIG-17-91 We determined that DHS’ Performance and Learning Management System (PALMS) does not address the Department’s critical need for an integrated department-wide system.  As of October 2016, PALMS has not met DHS operational requirements for effective administration of employee learning and performance management activities.  In addition, the PALMS program office did not effectively implement the acquisition methodology selected for PALMS and did not monitor contractor performance.  Finally, between August 2013 and November 2016, the Department spent more than $5.7 million for unused and partially used subscriptions; incurred more than $11 million to extend contracts of existing learning management systems; and more than $813,000 for increased program management costs.  The Department also did not identify $72,902 in financial credits stemming from the contractor not meeting performance requirements.  The Government Accountability Office (GAO) also reported in its February 2016 report, GAO-16-253, that the Department experienced programmatic and technical challenges that led to years-long schedule delays.  We made seven recommendations to address the challenges with the PALMS acquisition and to improve future acquisitions.  The Department concurred with all seven of our recommendations.

>PALMS Does Not Address Department Needs 		2017
OIG-17-89 KPMG, under contract with DHS OIG, audited the United States Coast Guard’s financial statements and internal control over financial reporting.  The resulting management letter discusses 12 observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies in several processes including financial disclosure reports; accounts receivable; civilian and military payroll; financial reporting process; and accounts payable accrual.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>United States Coast Guard's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-86 KPMG LLP, under contract with DHS OIG, audited the Office of Financial Management’s financial statements and internal control over financial reporting.  The resulting management letter discusses four observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies and the need for improvement in several processes including financial disclosure reviews; designation of intra-governmental transactions as non-acquisition; reconciliation of unfilled customer order and undelivered order balances; and inadequate review of closing package notes.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2015 Agency Financial Report.

>Office of Financial Management's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-87 KPMG LLP, under contract with DHS OIG, audited the United States Secret Service’s financial statements and internal control over financial.  The resulting management letter discusses four observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies in several processes including financial reporting; time and attendance approval; invoice entry and disbursements; and confidential financial disclosure reporting.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>United States Secret Service's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-75 Most of the deficiencies identified by the independent public accounting firm KPMG, LLP were related to access controls and configuration management of Federal Law Enforcement Training Centers (FLETC) core financial systems.  The deficiencies collectively limited FLETC’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommend that FLETC, in coordination with the Department of Homeland Security’s Chief Information Officer (CIO) and Acting Chief Financial Officer (ACFO), make improvements to FLETC’s financial management systems and associated information technology security program.

>Information Technology Management Letter for the Federal Law Enforcement Training Centers Component of the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-85 Most of the deficiencies identified by the independent public accounting firm KPMG LLP were related to access controls and configuration management of Office of Financial Management (OFM) and Office of the Chief Information Officer (OCIO) core financial and feeder systems.  The deficiencies collectively limited OFM’s and OCIO’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommend that OFM and OCIO make improvements to DHS’ financial management systems and associated information technology security program.

>Information Technology Management Letter for the Office of Financial Management and Office of the Chief Information Officer Components of the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-83-D Fort Bend County, Texas (County), needs additional technical assistance to account for FEMA Public Assistance grant funds according to Federal regulations and FEMA guidelines. Specifically, the County needs to revise its accounting policies and procedures to ensure it can fully support the disaster work it intends to complete with its own labor force. In addition, although the County’s procurement policies and procedures generally comply with Federal procurement standards, they did not include all required contract provisions in either of their disaster contracts. Because of our audit, the County revised its policies and procedures to include implementing a plan that specifically addressed Federal requirements for documenting and accounting for disaster-related costs and compliance with Federal procurement standards.

>Fort Bend County, Texas, Needs Additional Assistance and Monitoring to Ensure Proper Management of Its FEMA Grant 		2017
OIG-17-84 KPMG LLP, under contract with DHS OIG, audited USCIS’ financial statements and internal control over financial reporting.  The resulting management letter discusses four observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies in several processes including monitoring and recording employee completion of the annual ethics and integrity training; review and approval of H1-B and L fraud fee journal entries; recording of property, plant, and equipment; and inaccurate and unsupported data in some systems.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>United States Citizenship and Immigration Services' Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-76 Most of the deficiencies identified by the independent public accounting firm KPMG, LLP were related to access controls for the United States Citizenship and Immigration Service’s (USCIS) core financial and feeder systems.  The deficiencies collectively limited USCIS’ ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommend that USCIS, in coordination with the Department of Homeland Security’s CIO and ACFO, make improvements to USCIS’ financial management systems and associated information technology security program.

>Information Technology Management Letter for the U.S. Citizenship and Immigration Services Component of the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-82 KPMG LLP, under contract with DHS OIG, audited the S&T financial statements and internal control over financial reporting.  The resulting management letter discusses three observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies in several processes including journal entry review processes; procurement and financial management system reconciliations; and intra-governmental payment and collection expense review and approval.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>Science and Technology Directorate's' Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-81 The Science and Technology Directorate (S&T) main financial application is owned and operated by U.S. Immigration and Customs Enforcement (ICE).  As a service provider, ICE provides support to S&T.  KPMG identified general information technology control deficiencies at ICE that could potentially impact S&T’s financial data, and as such, issued a finding.  The deficiencies collectively limited S&T’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommended that S&T, in coordination with the Department of Homeland Security’s CIO and ACFO, make improvements to S&T’s financial management systems and associated information technology security program.

>Information Technology Management Letter for the Science and Technology Directorate Component of the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-74-IQO The objective of this review was to determine whether the United States Coast Guard Investigative Service (CGIS) was complying with applicable policies.  However, significant issues with the agency’s case management system prevented us from making substantive observations about compliance with investigative policies.  We also noted issues with outdated policies, an absence of a Privacy Impact Assessment, poor training records management, and inconsistent documentation of finalized investigations.  CGIS employees voiced concerns with trust in senior leadership as well as questionable hiring practices, and articulated a need for more resources.  We made 32 recommendations to address the findings of our review and CGIS concurred with all of them.

>Oversight Review of the US Coast Guard Investigative Service 		2017
OIG-17-79-D We conducted this audit early in the Public Assistance process to identify areas where the Department may need additional technical assistance, or monitoring to ensure compliance, before improperly expending any of the Federal grant funds.  We determined if the Department conforms to its policies, procedures, and business practices, FEMA has reasonable assurance, but not absolute, that the Department will properly manage the Public Assistance grant funds it receives. During our audit, we determined the Department did not always use the lowest of FEMA and local rates for equipment costs.  Department officials agreed with this finding and took immediate corrective action by notifying Oregon that they would revise and resubmit payment reimbursement claims with correct equipment rate costs.  The Department has revised its procurement procedures for small contracts to include affirmative steps and assure the use of DBEs when possible, as 2 CFR 200.321 requires.  We are not requiring any further action from FEMA, therefore we consider this audit closed. 

>Linn County Road Department, Oregon, Has Sufficient Policies, Procedures, and Business Practices 		2017

*NDAA, Pub. L. 117-263, section 5274 Response Received. View responses

Return to top of page