Audits, Inspections, and Evaluations

Report Number	Title	Issue Date Sort ascending	Fiscal Year
OIG-15-76	The independent public accounting firm, KPMG LLP, has issued an unmodified (clean) opinion on CBP’s fiscal year 2014 consolidated financial statements. In the independent auditors’ opinion, the financial statements present fairly, in all material respects, the financial position of CBP as of September 30, 2014. >Independent Auditors' Report on U.S. Customs and Border Protection's FY 2014 Financial Statements	04/21/2015	2015
OIG-15-73	KPMG LLP reviewed the National Protection and Programs Directorate’s (NPPD) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations. KPMG LLP reviewed the Science and Technology Directorate’s (S&T) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s considerations. >Science and Technology Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit (	04/21/2015	2015
OIG-15-75	KPMG LLP reviewed the Management Directorate’s (MGMT) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s consideration. >Management Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit	04/21/2015	2015
OIG-15-72	KPMG LLP reviewed the U.S. Citizenship and Immigration Services (USCIS) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations. >U.S. Citizenship and Immigration Services' Management Letter for DHS' FY 2014 Financial Statements Audit	04/21/2015	2015
OIG-15-77	KPMG LLP reviewed the Federal Emergency Management Agency (FEMA) internal control over financial reporting. The management letter contains 15 observations related to internal control and other operational matters for management’s considerations. >Federal Emergency Management Agency's Management Letter for DHS' FY 2014 Financial Statements Audit	04/21/2015	2015
OIG-15-74	KPMG LLP reviewed the National Protection and Programs Directorate’s (NPPD) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations. >National Protection and Programs Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit	04/21/2015	2015
OIG-15-61	In October 2014, we visited former President George H.W. Bush's Houston residence in response to a complaint alleging alarms were inoperable. During our visit, we identified issues with the alarm system at the residence. The system had been inoperable for at least 13 months. During this time, the Secret Service protective detail created a roving post to secure the residence and no security breach occurred. We found problems with identifying, reporting, and tracking alarm system malfunctions, and with repairing and replacing alarm systems. Because these issues may be affecting other residences, we are bringing them to the Secret Service’s attention. >Management Advisory-Alarm System Maintenance at Residences Protected by the U.S. Secret Service (Redacted)	04/20/2015	2015
OIG-15-70	KPMG LLP reviewed the Office of Financial Management’s (OFM) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s considerations. >Office of Financial Management's Management Letter for DHS' FY 2014 Financial Statements Audit	04/17/2015	2015
OIG-15-71	KPMG LLP reviewed the United States Immigration and Customs Enforcement’s (ICE) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations. >United States Immigration and Customs Enforcement's Management Letter for DHS' FY 2014 Financial Statements Audit	04/16/2015	2015
OIG-15-69	We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG LLP assessed certain non-technical areas related to the protection of sensitive information technology and financial information and assets at United State Secret Service (USSS). KPMG LLP performed after-hours physical security walkthroughs and social engineering tests and identified instances where USSS personnel did not adequately comply with requirements for safeguarding sensitive material or assets from unauthorized access or disclosure. The inadequate protection of DHS information systems and data from those without a need to know or a need for access puts USSS’ sensitive electronic and physical data at adverse risk of loss, theft, or misuse. >Information Technology Management Letter for the United States Secret Service Component of the FY 2014 Department of Homeland Security Financial Statement Audit	04/15/2015	2015
OIG-15-68	KPMG LLP reviewed the United States Coast Guard’s (U.S. Coast Guard) internal control over financial reporting. The management letter contains six observations related to internal control and other operational matters for management’s considerations. KPMG LLP noted deficiencies and the need for improvements in certain U.S. Coast Guard processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies. >United States Coast Guards' Management Letter for DHS' FY 2014 Financial Statements Audit	04/15/2015	2015
OIG-15-67-D	As of February 2014, the Port Authority requested an estimated $213 million in Public Assistance funding for 2012 Hurricane Sandy damages. We conducted this audit early in the Public Assistance process to identify areas where the Port Authority may need additional technical assistance or monitoring to ensure compliance with Federal grant requirements. At the time of the grant award, the Port Authority of New York and New Jersey (Port Authority) did not have adequate accounting and procurement policies and procedures in place to ensure compliance with Federal Emergency Management Agency (FEMA) grant requirements. However, in late 2013, the Port Authority made changes to its accounting and procurement policies and procedures for FEMA-funded work. These changes should provide FEMA reasonable assurance that the Port Authority has the capability to account for and expend FEMA grant funds according to Federal requirements. >The Port Authority of New York and New Jersey's Recently Updated Policies, Procedures, and Business Practices Should Be Adequate to Effectively Manage FEMA Public Assistance Grant Funds	04/14/2015	2015
OIG-15-64	U .S. Customs and Border Protection's (CBP) Houston Seaport is the fifth largest port for arriving containers and the largest petrochemical complex in the Nation. CBP is responsible for identifying high-risk cargo shipments arriving at the port that pose a possible threat to national security. We conducted this review to determine whether the Houston Seaport complied with CBP's National Maritime Targeting Policy (NMTP) and Cargo Enforcement Reporting and Tracking System (CERTS) Port Guidance. The Houston Seaport generally complied with the NMTP and CERTS Port Guidance. However, CBP could improve its documentation of waivers and exceptions to mandatory examinations of high-risk cargo. In addition, CBP could improve access controls for authorizing Port Director waivers within CERTS. >CBP's Houston Seaport Generally Complied with Cargo Examination Requirements but Could Improve Its Documentation of Waivers and Exceptions (Redacted)	04/14/2015	2015
OIG-15-66-D	The South Carolina Department of Transportation (Department) expects to claim about $165.2 million in Public Assistance grant funds for debris removal activities associated with a February 2014 severe winter storm. We conducted this audit early in the Public Assistance process to identify areas where the Department may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The Department generally has established policies, procedures, and business practices to adequately account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines. The Department has accounting systems in place to account for disaster costs on a project-by-project basis and has adequate support for costs it plans to claim under the grant award. Further, the contracts the Department awarded to accomplish work under the grant met Federal and FEMA procurement requirements. >South Carolina Department of Transportation Has Adequate Policies, Procedures, and Business Practices to Effectively Manage Its FEMA Public Assistance Grant Funding	04/14/2015	2015
OIG-15-63	We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls and business process application controls at the Other DHS Management components. KPMG LLP performed after-hours physical security walkthroughs and social engineering and identified instances where DHS personnel did not adequately comply with requirements for safeguarding sensitive material or assets from unauthorized access or disclosure. Inadequate protection of DHS information systems and data from those without a need to know or a need for access puts DHS’ sensitive electronic and physical data at risk of loss, theft, or misuse. >Information Technology Management Letter for the Other DHS Management Components of the FY 2014 Department of Homeland Security Financial Statement Audit	04/14/2015	2015
OIG-15-65-D	Holy Cross received an $89 million FEMA grant award for 2005 Hurricane Katrina damages to its campus in the Ninth Ward of New Orleans. By 2011, the school had completed work on 12 of its 16 projects. However, at the time of our audit, Louisiana had not submitted a final claim for the 12 projects and FEMA had closed only 1 large project. Holy Cross did not follow Federal procurement standards in awarding 21 contracts totaling $82.4 million. As a result, FEMA has no assurance that costs were reasonable. This is especially true for projects that FEMA funds at 100 percent of the costs. Further, the lack of open and free competition increased the risk of fraud, waste, and abuse and decreased opportunities for small businesses, minority-owned firms, and women’s business enterprises to compete for federally funded work. For the most part, we do not question costs that Holy Cross incurred to reopen school in January 2006, or to operate temporary facilities in the Ninth Ward. However, in 2007, Holy Cross decided to relocate from the Ninth Ward to the Gentilly neighborhood of New Orleans. Holy Cross set up a temporary campus in Gentilly in 2007 and began work on permanent facilities there in 2008. By 2007, exigent circumstances no longer existed, so Holy Cross should have procured competitive bids according to Federal regulations for the work in Gentilly. >FEMA Should Disallow $82.4 Million of Improper Contracting Costs Awarded to Holy Cross School, New Orleans, Louisiana	04/14/2015	2015
OIG-15-62	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at DHS’ Office of Financial Management and Office of Chief Information Officer. KPMG, LLP continued to identify deficiencies related to access controls and vulnerability management controls of DHS’ core financial system. Inadequate protection of DHS information systems and data from those without a need to know or a need for access puts DHS’ sensitive electronic and physical data at risk of loss, theft, or misuse. >Information Technology Management Letter for the Office of Financial Management and Office of Chief Information Officer Components of the FY 2014 Department of Homeland Security Financial Statement Audit	04/14/2015	2015
OIG-15-59	On January 17, 2014, Congress enacted Public Law 113-76, Consolidated Appropriations Act, 2014. According to Section 520 (a), the Secretary of Department of Homeland Security (DHS) shall submit a report not later than October 15, 2014, to the Office of Inspector General, listing all grants and contracts awarded by any means other than full and open competition during fiscal year (FY) 2014. As required, we reviewed the report and assessed departmental compliance with applicable laws, regulations, and departmental procedures. In FY 2014, DHS awarded 399 noncompetitive contracts worth about $306 million. This represents a continuing decrease of more than $3 billion obligated through noncompetitive contracts over a 6-year period. We reconciled the entire FY 2014 contract listing against the Federal Procurement Data System and found that the data between the two lists were 99.8 percent identical. Also in FY 2014, DHS awarded 66 noncompetitive grants worth about $126 million. Although three noncompetitive grants worth approximately $3.2 million did not meet accuracy, timeliness, or completeness standards, approximately 95.5 percent did meet the requirements as set forth in the Federal Funding Accountability and Transparency Act of 2006. >DHS Contracts and Grants Awarded through Other than Full and Open Competition, FY 2014	04/10/2015	2015
OIG-15-57	U.S. Immigration and Customs Enforcement Air Operations (ICE Air) is responsible for moving and removing detainees in ICE custody by providing air transportation services to Enforcement and Removal Operations’ (ERO) 24 field offices. We reviewed this program to determine whether ICE Air was ensuring the most effective use of its resources. Although ICE Air met its mission by transporting 930,435 detainees over a 3-1/2-year period, it could have used its resources more effectively. In fact, ICE Air may have missed opportunities to improve the program’s overall effectiveness even though it has identified some ways to reduce costs associated with detainee transportation. Furthermore, ICE Air does not capture complete and accurate data essential to support operational decisions. This occurred because ERO did not provide the planning, management, and reporting tools needed to operate effectively, and it does not have a mechanism in place to obtain feedback on how well its processes are performing. ERO management has not developed a data management plan, assessed staffing and training needs, or implemented formal policies and procedures. It also has not conducted a comprehensive analysis of current operations for making informed business decisions that will safeguard the program’s resources. As a result, ICE Air operated charter flights with empty seats and could have realized cost savings of up to $41.1 million upon determining optimum flight capacity. This estimate is based on the average of charter costs incurred during the scope period for the missions analyzed. Although the estimated potential cost savings will not be claimed as funds put to better use, it is an indicator of ICE Air’s potential for future cost savings. >ICE Air Transportation of Detainees Could Be More Effective	04/09/2015	2015
OIG-15-58	KPMG LLP reviewed the United States Secret Service’s (U.S. Secret Service) internal control over financial reporting. The management letter contains seven observations related to internal control and other operational matters for management’s considerations. KPMG LLP noted deficiencies and the need for improvements in certain U.S. Secret Service processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies. >United States Secret Service's Management Letter for DHS' FY 2014 Financial Statements Audit	04/08/2015	2015
OIG-15-56	KPMG LLP reviewed the Transportation Security Administration’s (TSA) internal control over financial reporting. The management letter contains 15 observations related to internal control and other operational matters for management’s considerations. KPMG LLP noted deficiencies and the need for improvements in certain TSA processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies. >Transportation Security Administration's Management Letter for DHS' FY 2014 Financial Statements Audit	04/08/2015	2015
OIG-15-55	USCG has taken some steps to address the risk of insider threats to its information systems and data. For example, USCG established an Insider Threat Working Group designed to implement a holistic program focused on the insider risk. In addition, USCG implemented a process to verify that system administrators have the appropriate level of access to information technology systems and networks to perform their assigned duties. Further, USCG established the Cyber Security Operations Center to monitor and respond to potential insider threat risks or incidents against USCG information systems and networks. However, additional steps are needed to further address the risk posed by trusted insiders at USCG >United States Coast Guard Has Taken Steps to Address Insider Threats, but Challenges Remain	03/27/2015	2015
OIG-15-52	KPMG LLP reviewed National Flood Insurance Program’s internal control over financial reporting. The resulting management letter contains four observations related to internal controls and other operational matters for management’s consideration. KPMG LLP noted deficiencies and the need for improvements in certain National Flood Insurance Program (NFIP) processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year (FY) 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies. >National Flood Insurance Program's Management Letter for DHS' FY 2014 Financial Statements Audit (Redacted)	03/25/2015	2015
OIG-15-54	We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls, information technology entity level controls, and business process application controls at the Federal Emergency Management Agency (FEMA). KPMG LLP determined that FEMA had taken corrective action to design and consistently implement certain account management and configuration management controls. However, KPMG LLP continued to identify general information technology control deficiencies related to security management, logical access, configuration management, segregation of duties, and contingency planning for FEMA’s core financial and feeder systems. Such control deficiencies limited FEMA’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the Federal Emergency Management Agency Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/25/2015	2015
OIG-15-53	The U.S. Customs and Border Protection’s (CBP) Non-Intrusive Inspection (NII) program is vital to securing the Nation’s borders while facilitating efficient flow of legitimate trade and travel. CBP uses NII equipment to screen cargo and conveyances at our Nation’s land, sea, and air ports of entry. In fiscal year 2014, CBP awarded six contracts and one interagency agreement valued at approximately $90.4 million to perform preventive and corrective maintenance of NII equipment. We performed this audit to determine whether maintenance is being performed on CBP’s screening equipment in accordance with contractual requirements and manufacturers’ specifications. CBP monitored NII operations using methods such as conducting daily meetings to discuss NII availability and reviewing field office submissions of utilization reports. However, CBP has not ensured that contractors perform preventive and corrective maintenance on its screening equipment in accordance with contractual requirements and manufacturers’ specifications. This deficiency occurred because CBP has not verified that maintenance is performed in accordance with manufacturers’ specifications, evaluated contractors’ performance, and assessed the reliability of maintenance data. Without a process to validate maintenance data and to evaluate and assess that NII equipment is being repaired and maintained in accordance with manufacturers’ specifications, CBP’s NII equipment may not be repaired and maintained to retain full functionality and maximum useful life. >CBP's Oversight of Its Non-Intrusive Inspection Equipment Maintenance Contracts Needs Improvement	03/25/2015	2015
OIG-15-46	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at the Transportation Security Administration (TSA). KPMG, LLP determined that TSA took corrective action to design and consistently implement certain technical security account controls. However, KPMG, LLP continued to identify general information technology control deficiencies related to logical access to TSA’s core financial and feeder systems. Such control deficiencies limited TSA’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the Transportation Security Administration Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/24/2015	2015
OIG-15-51-D	The Palm Beach County School District, Florida (District) received a $34.0 million grant award from the Florida Division of Emergency Management (Florida), a Federal Emergency Management Agency (FEMA) grantee, for Hurricane Wilma damages in October 2005. The District did not comply with Federal procurement standards or record retention requirements for contracts valued at $9.2 million. Florida, as the grantee, was responsible for ensuring that the District was aware of and followed all Federal requirements. In fact, the District’s 2006 Single Audit report disclosed these problems, yet we found no evidence that either Florida or the District did anything to correct them. As a result, full and open competition did not occur, and the risk that fraud, waste, and abuse occurred is high. Normally, we would question such improper costs; however, we do not in this case because FEMA said the costs were reasonable and allowed the costs at project closeout using the agency’s authority granted under 44 Code of Federal Regulations (CFR) 13.6(c). We also determined that the District claimed $33,239 of costs that were ineligible because it did not credit its claim for rebates it received for installing energy efficient roofs provided for under the award. >Florida and the Palm Beach County School District Did Not Properly Administer $7.7 Million of FEMA Grant Funds Awarded for Hurricane Jeanne Damages	03/19/2015	2015
OIG-15-50-D	The Palm Beach County School District, Florida (District) received a $15.0 million grant award from the Florida Division of Emergency Management (Florida), a Federal Emergency Management Agency (FEMA) grantee for Hurricane Jeanne damages in September 2004. The District did not fully comply with Federal procurement requirements for contract work valued at $7.7 million. Florida, as the grantee, was responsible for ensuring that the District was aware of and followed all Federal requirements. Normally, we would question such improper costs; however, we are not in this case because FEMA said the costs were reasonable and allowed the costs at project closeout using the agency’s authority granted under 44 CFR 13.6(c). We also identified $145,145 of ineligible costs consisting of $98,645 of unreasonable contract costs and $46,500 in duplicate benefits. >Florida and Palm Beach County School District Did Not Properly Administer $9.2 Million of FEMA Grant Funds Awarded for Hurricane Wilma Damages	03/19/2015	2015
OIG-15-49-D	The Palm Beach County School District, Florida (District) received a Public Assistance award of $6.4 million from the Florida Division of Emergency Management, a Federal Emergency Management Agency (FEMA) grantee, for Hurricane Frances damages in September 2004. Our audit objective was to determine whether the District accounted for and expended FEMA funds according to Federal requirements. For the projects we reviewed, the District generally accounted for and expended FEMA Public Assistance grant funds according to Federal requirements. >Palm Beach County School District, Florida, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Hurricane Frances Damages	03/18/2015	2015
OIG-15-48-D	The East Jefferson General Hospital, Metairie, Louisiana (Hospital) received a $14.3 million award from the Louisiana Governor’s Office of Homeland Security and Emergency Preparedness (Louisiana), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Katrina in August 2005. Our audit objective was to determine whether the Hospital accounted for and spent FEMA funds according to Federal requirements. The Hospital did not comply with Federal procurement standards in awarding $9.5 million for 17 contracts. Ten of the 17 contracts were prohibited cost-plus-a-percentage-of-cost contracts for exigent work. We did not question the majority of contract costsbecause contractors performed most of the work under exigent circumstances. We did, however, question $395,032 ofmarkups on costs because Federal regulations strictly forbid the cost-plus-a-percentage-of-cost method of contracting because it provides a disincentive for contractors to control costs. Because of our audit, the Hospital was preparing a Disaster Policy Guide to assist them in complying with Federal regulations for any future disasters. >FEMA Should Recover $395,032 of Improper Contracting Costs from $14.3 Million Grant Funds Awarded to East Jefferson General Hospital, Metairie, Louisiana	03/18/2015	2015
OIG-15-47	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at the United States Coast Guard (USCG). KPMG, LLP determined that USCG took corrective action over designing and consistently implementing certain account management and configuration management controls. However, KPMG, LLP continued to identify general information technology control deficiencies related to security management, logical access, configuration management, segregation of duties, and contingency planning for USCG’s core financial and feeder systems. Such control deficiencies limited USCG’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the United States Coast Guard Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/17/2015	2015
OIG-15-45	The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure alleging a sufficiently notorious convicted felon was improperly cleared for TSA PreCheck screening, creating a significant aviation security breach. The disclosure identified this event as a possible error in the TSA Secure Flight program since the traveler’s boarding pass contained a TSA PreCheck indicator and encrypted barcode. On October 16, 2014, OSC referred this allegation to the Secretary of Department of Homeland Security (DHS). The Department subsequently requested our assistance with this allegation. We determined that TSA did not grant the traveler TSA PreCheck screening through the TSA PreCheck Application Program or managed inclusion (MI). TSA granted the traveler TSA PreCheck screening through risk assessment rules in the Secure Flight program. >Allegation of Granting Expedited Screening through TSA PreCheck Improperly (Redacted)	03/16/2015	2015
OIG-15-44	The Office of Inspector General contracted with the independent accounting firm KPMG LLP to conduct an integrated audit of DHS’ fiscal year 2014 consolidated financial statements and internal control over financial reporting. The Management Letter contains 101 observations related to internal controls and other operational matters for management’s considerations. KPMG LLP noted deficiencies and needed improvements in certain processes. These deficiencies did not meet the criteria to be reported in the Independent Auditor’s Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, of November 14, 2014, included in DHS FY 2014 Agency Financial Report. Internal control deficiencies that meet the criteria were reported, as required, in the independent auditor’s report. >Management Letter for the FY 2014 DHS Financial Statements and Internal Control over Financial Reporting Audit	03/13/2015	2015
OIG-15-43	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at U.S. Citizenship and Immigration Services. KPMG, LLP determined that USCIS had made improvements in designing and consistently implementing controls related to reviewing audit logs and enforcing account security requirements. However, KPMG, LLP continued to identify access control deficiencies related to USCIS’s core financial system. Additionally, many key financial and feeder systems have not been substantially updated since being inherited from legacy agencies several years ago. Such control deficiencies have limited USCIS’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the U.S. Citizenship and Immigration Services Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/12/2015	2015
OIG-15-42	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at U.S. Immigration and Customs Enforcement (ICE). KPMG, LLP determined that ICE had made improvements in designing and consistently implementing controls related to segregation of duties on financial system components and in addressing identified vulnerabilities. However, KPMG, LLP continued to identify general information technology controls deficiencies related to access controls and configuration management of ICE’s core financial system. Such control deficiencies limited ICE’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the Immigration Customs Enforcement Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/12/2015	2015
OIG-15-41	The United States Coast Guard (USCG) operates the Biometrics at Sea System (BASS) to collect biometric data from interdicted aliens. The biometrics are sent to the Department of Homeland Security’s (DHS) Automated Biometric Identification System (IDENT) to identify potential persons of interest, including suspected terrorists. We audited BASS interface with IDENT, security roles and responsibilities, and change control management. We determined that USCG did not have a routine reconciliation process to ensure that all biometrics that it captured on the 23 cutters are maintained in IDENT. Not ensuring reconciliation between the total biometrics USCG submitted and the number stored in IDENT may impede future identification of suspected terrorists, aggravated felons, or other individuals of interest. USCG also allowed application programmers with unrestricted system access to share passwords. The control weakness may result in individuals making unauthorized changes to the system without detection. Further, we determined that the authorization for the transition from the 2-fingerprint to 10-fingerprint application system was not properly documented and security documentation had not been updated. Without a proper authorization process, USCG could not provide assurance that senior executives approved the change prior to implementation. >The Security Posture of the United States Coast Guard's Biometrics At Sea System Needs Improvements	03/03/2015	2015
OIG-15-40-D	We reviewed $1,726,151 of costs the County claimed for one large project (Project 3095). This amount was $945,640 more than the $780,511 that FEMA initially authorized and obligated for the project. The County improperly claimed $945,640 more than the $780,511 that FEMA Region IX initially authorized to construct a wall to stabilize a damaged section of road. The County incurred the additional costs because, rather than adhere to the scope of work that FEMA authorized, it built a superior wall to lessen the susceptibility of damage that anticipated wildfires might cause in that location. FEMA Headquarters ultimately approved this funding and awarded the County both the initial $780,511 and an additional$945,640 for the already-completed project. However, FEMA Headquarters did not provide a reasonable justification for its decision and did not perform a benefit/cost analysis as required to fund mitigation measures. As a result, FEMA and taxpayers had no assurance that the mitigations work was cost effective, as Federal regulations and FEMA guidelines require. >FEMA Needs to Ensure the Cost Effectiveness of $945,640 that Los Angeles County, California Spent for Hazard Mitigation Under the Public Assistance Program	03/03/2015	2015
OIG-15-39	CBP did not effectively target and examine rail shipments entering the United States from Mexico and Canada. Specifically, U.S. Customs and Border Protection Officers (CBPO) did not always target shipments using the mandatory Automated Targeting System (ATS) targeting criteria. CBPOs also did not always use the required radiation detection equipment to examine high-risk shipments. Finally, CBPOs did not always record the results of their rail cargo examinations in the Cargo Enforcement Reporting and Tracking System (CERTS). CBPOs were unaware of the correct targeting criteria or inadvertently used inappropriate criteria. In addition, one port did not have the required radiation detection equipment for its rail team, and CBPOs at two other ports used Personal Radiation Detectors to examine shipments. Rail CBPOs also received insufficient training on the use of ATS and CERTS. Finally, Supervisory CBPOs did not provide sufficient oversight to ensure CBPOs followed CBP policy. As a result, CBP may have failed to target or properly examine rail shipments that were at an increased risk to contain contraband or dangerous materials. In addition, CBP has no assurance that decisions to release these high-risk shipments into U.S. commerce were appropriate. >U.S. Customs and Border Protection Did Not Effectively Target and Examine Rail Shipments From Canada and Mexico	03/02/2015	2015
OIG-15-38	We conducted an audit of S&T’s award and management of its contract with NVS Technologies, Inc. Although S&T properly awarded the contract, we identified deficiencies with S&T’s management of the contract. Specifically, program managers did not document contract oversight because S&T does not have adequate policies and procedures governing contract management. As a result, S&T may have wasted $23 million in incurred costs plus additional cost associated with contract termination. If program performance is not adequately documented, S&T may also have difficulty making well-informed decisions on all its contracts. >Science and Technology Directorate Needs to Improve Its Contract Management Procedures	02/27/2015	2015
OIG-15-37-D	Gwinnett County, Georgia (County) received an award of $6.3 million from the Georgia Emergency Management Agency (Georgia), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from a September 2009 flood. We audited projects totaling $4.6 million to determine whether the County accounted for and expended FEMA funds according to Federal requirements. For the projects we reviewed, the County generally accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. The County’s claim did include $87,208 of ineligible costs that insurance covered; however, this occurred because of a minor FEMA funding error. In addition, Georgia overpaid the County a total of $871,129 under several projects. Although these overpayments to the County do not affect the amount of obligated Federal funds, the County should return the excess funds to Georgia to be put to better use. >Gwinnett County, Georgia, Generally Accounted for and Expended FEMA Public Assistance Grant Funds According to Federal Requirements	02/20/2015	2015
OIG-15-34-D	Larimer County, Colorado (County) received a $22.5 million grant for damages from a September 2013 disaster. We conducted this audit early in the grant process to identify areas where the County may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The policies, procedures, and business practices of the County are not adequate to account for and expend Federal Emergency Management Agency (FEMA) grant funds according to all Federal requirements. As a result, the County is at risk of losing some or all of its FEMA-approved funding, which totaled $22.5 million as of June 2014. >Larimer County, Colorado, Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements	02/13/2015	2015
OIG-15-33	We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Management Act, we reviewed the Department’s security program including its policies, procedures, and system security controls for enterprise-wide intelligence systems. In doing so, we assessed the Department’s continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones for correcting information security weaknesses, contingency planning, and security capital planning . >Fiscal Year 2014 Evaluation of DHS' Compliance with Federal Information Security Management Act Requirements for Intelligence Systems	02/13/2015	2015
OIG-15-35-D	The Imperial Irrigation District (District) received a $10.5 million award of Federal Emergency Management Agency (FEMA) Public Assistance grant funds for damages resulting from an April 2010 earthquake. We audited $7.8 million, or 74 percent of the total award. The District did not always account for and expend FEMA grant funds according to Federal requirements. The District awarded contracts totaling $3.6 million without taking the required affirmative steps to ensure the use of small and minority firms, women’s business enterprises, and labor surplus area firms when possible. As a result, FEMA has no assurance that these types of firms had opportunities to bid on Federal work as Congress intended. The District’s claim also included $45,408 of ineligible contract costs and $1,473 of unsupported equipment costs. In addition, FEMA should deobligate $2.5 million and put those funds to better use because the District completed disaster work and no longer needs those funds. >FEMA Should Recover $6.2 Million of Ineligible and Unused Grant Funds Awarded to the Imperial Irrigation District, California	02/13/2015	2015
OIG-15-36	Evaluation of Alleged AUO Misuse at U.S. Customs and Border Protection, Office of Internal Affairs (OSC File No. DI-14-0666)	02/12/2015	2015
OIG-15-32	After an alteration of the BNSF Railway bridge (Burlington bridge) in Burlington, Iowa, was completed in 2012, the United States Coast Guard (Coast Guard) requested that we audit the sharing of costs, known as the final apportionment of cost, to determine its accuracy. Coast Guard could not provide proper documentation to support the final apportionment of cost for the Burlington bridge alteration, of which $74 million was allocated to the Coast Guard and $8 million to BNSF Railway (BNSF). Specifically, the Coast Guard did not properly document its review of the construction contractors who bid on the new bridge. In addition, the financial documentation for changes to originally planned work did not always support the cost of the work. The Coast Guard also did not have a process to evaluate and verify BNSF’s reported salvage value or expected savings in maintenance and repair costs. Based on our review of available documentation, we were unable to confirm either the Coast Guard’s or BNSF’s share of the final cost to alter the Burlington bridge. As a result, the Coast Guard cannot be certain it was appropriate to pay $74 million as the Federal share of the final cost of the bridge alteration. >United States Coast Guard's Alteration of the Burlington Bridge Project	02/11/2015	2015
OIG-15-21	The United States Secret Service’s acquisition management program office, established in 2011, has adequate oversight and management of its acquisition process, complies with DHS acquisition guidance, and has implemented some best practices. However, the Secret Service does not have its own guidance for acquisitions valued at less than $300 million and, at the time of our audit, the component did not have a designated Component Acquisition Executive. >The United States Secret Service Has Adequate Oversight and Management of its Acquisitions (Revised)	02/10/2015	2015
OIG-15-31	The U.S. Coast Guard’s Travel to Obtain Health Care program is intended to ensure U.S. Coast Guard (Coast Guard) members and their dependents have access to proper medical care while stationed in locations where access to specialty care may not be readily available. From October 2010 through June 2014, the Coast Guard spent almost $4.5 million on this program. We received allegations that unnecessary travel had been approved. As a result, we conducted this audit to determine if the program has sufficient controls to ensure travel is necessary. The program did not have sufficient controls to ensure that travel for medical purposes was necessary. The Coast Guard did not establish, distribute, or ensure implementation of clear policies and procedures for reviewing, approving, and maintaining program requests. Local offices were not provided criteria or training on how to evaluate the requests, did not document that travel was necessary, and did not adequately justify that the location for medical care was appropriate. Ninety-four percent of the records tested were missing essential information, such as physicians’ referrals and cost estimates. Without this information, approving officials may not have been able to evaluate whether the travel was necessary and cost effective. As a result, the Coast Guard may have approved requests for inappropriate health care travel, incurring unnecessary costs and lost productivity. >The U.S. Coast Guard Travel to Obtain Health Care Program Needs Improved Policies and Better Oversight	02/09/2015	2015
OIG-15-22	ICE’s Intensive Supervision Appearance Program offers alternatives to detention. We reviewed whether: (1) the rate at which individuals in the Intensive Supervision Appearance Program have absconded or committed criminal acts has been reduced since 2009; (2) ICE can improve the effectiveness of its alternatives to detention program, either by revising or expanding its Intensive Supervision Appearance Program contract, or through other cost-effective means; and (3) ICE’s Risk Classification Assessment is effective. According to U.S. Immigration and Customs Enforcement (ICE), the Intensive Supervision Appearance Program is effective because, using its performance metrics, few program participants abscond. However, ICE has changed how it uses the program and no longer supervises some participants throughout their immigration proceedings. As a result, ICE cannot definitively determine whether the Intensive Supervision Appearance Program has reduced the rate at which aliens, who were once in the program but who are no longer participating, have absconded or been arrested for criminal acts. ICE should adjust its performance metrics to reflect changes in its criteria for program participation. >U.S. Immigration and Customs Enforcement's Alternatives to Detention (Revised)	02/04/2015	2015
OIG-15-30-D	The City of Loveland, Colorado (City) received a $21.1 million grant for damages from a September 2013 disaster. We conducted this audit early in the grant process to identify areas where the City may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The City generally has established policies, procedures, and business practices to adequately account for and expend FEMA Public Assistance Program grant funds according to Federal regulations and FEMA guidelines. However, we identified areas related to accounting, procurement, and insurance in which the City needs to improve its procedures to ensure compliance with Federal requirements for the $21.1 million Federal disaster award. >The City of Loveland, Colorado, Could Benefit from Additional Assistance in Managing its FEMA Public Assistance Grant Funding	01/29/2015	2015
OIG-15-29	In October 2011, the Transportation Security Administration (TSA) introduced the TSA PreCheck initiative in response to congressional authorization to implement trusted passenger programs. TSA identifies low-risk passengers to receive expedited screening through TSA PreCheck lanes at airport security checkpoints. After initial implementation, Congress directed TSA to (1) certify by the end of December 2013 that 25 percent of air passengers are eligible for expedited screening without lowering security standards and (2) outline a strategy to increase the number of air passengers eligible for expedited screening to 50 percent by the end of December 2014. Our objectives were to determine: (1) what processes and procedures exist to ensure proper vetting of applicants; (2) how TSA assesses member continued eligibility; and (3) how TSA tests its processes for effectiveness and timeliness. As a concept, TSA PreCheck is a positive step towards risk-based security screening; however, TSA needs to modify TSA PreCheck vetting and screening processes. We also determined that TSACheckcommunication and coordination need improvement. We are making recommendations to assist TSA in correcting deficiencies to meet its expedited screening goals. >Security Enhancements Needed to the TSA PreCheck™ Initiative	01/28/2015	2015

Return to top of page