Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Fiscal Year
OIG-15-25 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Customs and Border Protection’s (CBP) Detailed Accounting Submission. CBP management prepared the Table of fiscal year 2014 Drug Control Obligations (Table) and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Some of the assumptions CBP used for computing obligations by decision units are based on surveys completed in prior years. While CBP management represented that the assumptions used continue to be valid for purposes of computing obligations presented in the Table, KPMG was unable to perform review procedures supporting that representation. Based on its review, except for matters noted above, nothing came to KPMG LLP’s attention that caused it to believe that the Detailed Accounting Submission for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Customs and Border Protection's FY 2014 Detailed Accounting Submission 		2015
OIG-15-27 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Coast Guard’s (Coast Guard) fiscal year 2014 Drug Control Performance Summary Report. Coast Guard management prepared the Performance Summary Report and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Performance Summary Report for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Coast Guard's FY 2014 Drug Control Performance Summary Report 		2015
OIG-15-28 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Coast Guard’s (Coast Guard) Detailed Accounting Submission. Coast Guard’s management prepared the Table of FY 2014 Drug Control Obligations and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Detailed Accounting Submission for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Coast Guard's FY 2014 Detailed Accounting Submission 		2015
OIG-15-24 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Immigration and Customs Enforcement’s (ICE) Detailed Accounting Submission. ICE management prepared the Table of FY 2014 Drug Control Obligations and related disclosures to comply with the requirements of the Office of National Drug Control Policy’s ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Detailed Accounting Submission for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Immigration and Customs Enforcement's FY 2014 Detailed Accounting Submission 		2015
OIG-15-26 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Customs and Border Protection’s (CBP) fiscal year (FY) 2014 Drug Control Performance Summary Report. CBP management prepared the Performance Summary Report and related disclosures to comply with the requirements of ONDCP circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Performance Summary Report for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Customs and Border Protection's FY 2014 Drug Control Performance Summary Report 		2015
OIG-15-23 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Immigration and Customs Enforcement’s (ICE) fiscal year (FY) 2014 Drug Control Performance Summary Report. ICE management prepared the Performance Summary Report and related disclosures to comply with the requirements of ONDCP’s circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Performance Summary Report for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Immigration and Customs Enforcement's FY 2014 Drug Control Performance Summary Report 		2015
OIG-15-08 Although Ohio took steps in recent years to improve its management of funds awarded under the HSGP, the Federal Emergency Management Agency (FEMA) cannot be assured that Ohio effectively managed grant funds from fiscal years (FY) 2010 through 2012. Specifically, Ohio needs to improve its performance measures, the accounting for grant funds, the timeliness of releasing funds to subgrantees, and its monitoring of subgrantees, including their procurement and property management practices. Although we identified many of these same challenges in two previous audits of Ohio’s management of HSGP funding, FEMA has not changed its oversight practices to target Ohio’s areas of repeated deficiencies. Ohio continues to disregard some Federal regulations and grant guidance. Consequently, the State may be limited in its ability to prevent, prepare for, protect against, and respond to natural disasters, acts of terrorism, and other manmade disasters.

>Ohio’s Management of Homeland Security Grant Program Awards for Fiscal Years 2010 Through 2012 (Revised) 		2015
OIG-15-20 We conducted this evaluation in response to a whistleblower disclosure concerning employees in the U.S. Border Patrol’s (USBP) El Centro Sector Headquarters in El Centro, California. The whistleblower alleged that Border Patrol agents detailed to the El Centro Sector Headquarters as CrossFit instructors claim administratively uncontrollable overtime (AUO), but fail to perform duties that qualify for AUO. Border Patrol agents also serve as CrossFit instructors in seven other Border Patrol sector headquarters. Federal regulations allow agencies to pay AUO annually to employees in positions that require substantial amounts of irregular or occasional overtime work and in which the hours of duty cannot be controlled administratively. Employees must remain on duty not merely because it is desirable, but because of compelling reasons inherently related to continuance of their duties, and of such a nature that failure to carry on would constitute negligence. CrossFit is a fitness program that employs endurance and fast-switch strength movements as a form of physical conditioning. Eight USBP sectors include CrossFit classes in their physical fitness programs. Six of the eight sectors paid AUO to Border Patrol agents engaged as CrossFit instructors. AUO paid to Border Patrol agents for CrossFit instruction and related activities, such as gym maintenance and class preparation, was inconsistent with Federal AUO regulations. The hours of duty for CrossFit instruction and related activities could have been controlled administratively. In addition, CrossFit duties were not so compelling that failure to complete those duties would have constituted negligence. USBP discontinued AUO payments for CrossFit instruction and related activities in January 2014.

>Evaluation of Alleged AUO Misuse by U.S. Border Patrol Agents Engaged as CrossFit Instructors 		2015
OIG-15-18 As part of our Technical Security Evaluation Program, we evaluated technical and information security policies and procedures of Department of Homeland Security components at the John F. Kennedy International Airport. Four Department components – the Transportation Security Administration, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, and U. S. Secret Service – operate information technology systems that support homeland security operations at this major airport. Our evaluation focused on how these components have implemented operational, technical, and management controls for computer security at the airport and nearby locations. We performed onsite inspections of the areas where these assets were located, interviewed departmental staff, and conducted technical tests of computer security controls. We also reviewed applicable policies, procedures, and other relevant documentation. The Department’s sensitive system security policies, the information technology security controls implemented at several sites had deficiencies that, if exploited, could have resulted in the loss of confidentiality, inte grity, and availability of the components’ information technology systems.

>Audit of Security Controls for DHS Information Systems at John F. Kennedy International Airport (Redacted) (Revised) 		2015
OIG-15-17 We conducted this audit to determine the effectiveness and cost of the Unmanned Aircraft System program, in which U.S. Customs and Border Protection ( CBP) has invested significant funds. Although CBP’s Unmanned Aircraft System program contributes to border security, after 8 years, CBP cannot prove that the program is effective because it has not developed performance measures. The program has also not achieved the expected results. Specifically, the unmanned aircraft are not meeting flight hour goals, and we found little or no evidence CBP has met its program expectations. We estimate it costs $12,255 per flight hour to operate the program; CBP’s calculation of $2,468 per flight hour does not include all operating costs. By not recognizing all operating costs, CBP cannot accurately assess the program’s cost effectiveness or make informed decisions about program expansion. In addition, Congress and the public may be unaware of all the resources committed to the program. As a result, CBP has invested significant funds in a program that has not achieved the expected results, and it cannot demonstrate how much the program has improved border security. The $443 million CBP plans to spend on program expansion could be put to better use by investing in alternatives.

>U.S. Customs and Border Protection's Unmanned Aircraft System Program Does Not Achieve Intended Results or Recognize All Costs of Operations 		2015
OIG-15-19-D We received two Office of Inspector General (OIG) Hotline complaints about insurance reviews of Florida disaster assistance applicants. In addition, three OIG audits of Florida grant recipients raised similar concerns. The quality of FEMA’s insurance reviews in Florida was not adequate to maximize insurance available under applicants’ policies and to ensure that duplication of benefits did not occur. FEMA’s Florida Recovery Office knew about these deficiencies in its insurance review process but did not correct them. As a result, FEMA may have funded up to $177 million that insurance should have covered.

>FEMA Insurance Reviews of Applicants Receiving Public Assistance Grant Funds for 2004 and 2005 Florida Hurricanes Were Not Adequate 		2015
OIG-15-13 In most instances, the CBP Miami Field Office complied with CBP policies and procedures. We found only minor deficiencies in CBP Miami Field Office operations for cargo targeting and seized asset management. For passenger screening, Miami International Airport leveraged an existing system to track passengers who have records for violations of laws or other significant events. Other Miami Field Office ports of entry could benefit from this “one-stop system” that would allow them to document, monitor, and report on targeting passengers in real time. The field office could improve the consistency of its recordkeeping for changes to the biometric watchlist. Also, the CBP Miami Field Office needs to improve its compliance with safeguards for using high security bolt seals during cargo screening. Lastly, the CBP Miami Field Office needs to update its policy and procedures for agriculture inspections so they align with current U.S. Department of Agriculture procedures.

>Inspection of U.S. Customs and Border Protection Miami Field Office Ports of Entry 		2015
OIG-15-16 We reviewed Department of Homeland Security’s (DHS) information security program in accordance with the Federal Information Security Management Act of 2002 (FISMA). Our objective was to determine whether DHS’ information security program is adequate, effective, and in compliance with FISMA requirements. DHS has taken steps to improve its information security program. For example, DHS expanded the ongoing authorization program to improve the security of its information systems through a revised risk management approach. Additionally, DHS developed and implemented the Fiscal Year 2014 Information Security Performance Plan, which defines the performance requirements, priorities, and overall goals for the Department. DHS has also taken actions to address the President’s cybersecurity priorities, which include the implementation of trusted internet connections, continuous monitoring of the Department’s information systems, and strong authentication. While these efforts have resulted in some improvements, Components are not consistently following DHS’ policies and procedures to update the system inventory and plan of action and milestones in the Department’s enterprise management systems. Further, Components continue to operate systems without the proper authority.

>Evaluation of DHS' Information Security Program for Fiscal Year 2014 		2015
OIG-15-15-D The Gulf Coast Mental Health Center (Center) received an award of $2.1 million from the Mississippi Emergency Management Agency, a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Katrina, which occurred in August 2005. Our audit objective was to determine whether the Center accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. The Center generally accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. However, we identified $61,200 of duplicate benefits for costs recoverable from another source. This amount represented about 4 percent of the $1.4 million we reviewed for five projects.

>Gulf Coast Mental Health Center, Mississippi, Generally Accounted for and Expended FEMA Public Assistance Grant Funds According to Federal Requirements 		2015
OIG-15-11 The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure concerning employees at U.S. Customs and Border Protection’s (CBP) National Targeting Center–Cargo, in Herndon, Virginia and the National Targeting Center– Passenger, in Reston, Virginia. The whistleblower alleged that employees in both locations regularly claim administratively uncontrollable overtime (AUO), but fail to perform duties that qualify for AUO. OSC referred this allegation to DHS Acting Secretary Rand Beers. The Department subsequently requested our assistance with this allegation and several other AUO-related allegations from other DHS components. We assembled a taskforce of auditors, program analysts, investigators, and attorneys to review these allegations. Federal regulations allow agencies to pay AUO annually to employees in positions that require substantial amounts of irregular or occasional overtime work and in which the hours of duty cannot be controlled administratively. The National Targeting Center did not have sufficient AUO documentation to allow us to specifically identify a violation of law, rule, or regulation. However, most of the tasks employees performed during AUO hours appear to have been administratively controllable.

>Evaluation of Alleged AUO Misuse at U.S. Customs and Border Protection's National Targeting Center 		2014
OIG-15-14 This report responds to the annual reporting requirement and summarizes 18 audits completed in fiscal year 2014. The audits included about $447 million in State Homeland Security Program and Urban Areas Security Initiative grants awarded by the Federal Emergency Management Agency (FEMA) to 13 states, 4 territories, and the District of Columbia during 3-year periods between fiscal years 2009 and 2012. During fiscal year 2014, we issued reports for Alabama, Alaska, American Samoa, Delaware, District of Columbia, Guam, Hawaii, Idaho, Iowa, Maine, New Hampshire, North Dakota, Northern Mariana Islands, Oregon, Puerto Rico, South Dakota, Vermont, and Wyoming. In most instances, the states and urban areas administered grant programs efficiently and effectively and in compliance with grant guidance and regulations. We also identified one innovative practice that other jurisdictions could consider using. We identified two major areas for improvement: strategic planning and oversight of grant activities. We also identified about $14.5 million in questioned costs.

>Annual Report to Congress on States’ and Urban Areas’ Management of Homeland Security Grant Programs Fiscal Year 2014 		2015
OIG-15-12-D The District received a Public Assistance grant award of $4.9 million for damages resulting from Hurricane Katrina, which occurred in August 2005. Our audit objective was to determine whether the District accounted for and expended FEMA grant funds according to Federal regulations and FEMA guidelines. For the projects we reviewed, the Gulfport School District, Mississippi, (District) properly accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines.

>Gulfport School District, Mississippi, Properly Accounted for and Expended FEMA Public Assistance Grant Funds Awarded for Hurricane Katrina Damages 		2015
OIG-15-10 The independent public accounting firm, KPMG LLP, has issued an unmodified (clean) opinion on the Department of Homeland Security's (DHS) consolidated financial statements. In the independent auditors’ opinion, the financial statements present fairly, in all material respects, the financial position of DHS as of September 30, 2014.

>Independent Auditors' Report on DHS' FY 2014 Financial Statements and Internal Control over Financial Reporting 		2015
OIG-15-09 We have identified major challenges that affect both the Department as a whole, as well as individual components. DHS must continually seek to integrate management operations under an authoritative governing structure capable of effectively overseeing and managing programs that cross component lines. DHS’ mission to protect the Nation from domestic and international threats and respond to natural and manmade disasters is further challenged by the unpredictable nature of these hazards. DHS must overcome the challenges inherent with uniting the Department under the Secretary’s Unity of Effort Initiative, as well as those over which it has little control. This year, we are reporting the Department’s major challenges in the following areas: (1) DHS Operations Integration, (2) Acquisition Management, (3) Financial Management, (4) IT Management and Privacy Issues, (5) Transportation Security, (6) Border Security and Immigration Enforcement. (7) Grants Management, (8) Employee Accountability and Integrity, (9) Infrastructure Protection, Cybersecurity, and Insider Threat

>Major Management and Performance Challenges Facing the Department of Homeland Security 		2015
OIG-15-07 The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure concerning U.S. Customs and Border Protection’s Ysleta Border Patrol Station (Ysleta Station) in El Paso, Texas. The whistleblower alleged that supervisors and border patrol agents at the Ysleta Station claim administratively uncontrollable overtime (AUO), but fail to perform duties that qualify for AUO. The whistleblower also alleged that supervisors at the Ysleta Station authorize AUO to compensate injured agents who are assigned administrative duties and are not working overtime hours. OSC referred this allegation to DHS Acting Secretary Rand Beers. The Department subsequently requested our assistance with this allegation and several other AUO-related allegations from other DHS components. We assembled a taskforce of auditors, program analysts, investigators, and attorneys to review these allegations. Federal regulations allow agencies to pay AUO annually to employees in positions that require substantial amounts of irregular or occasional overtime work and in which the hours of duty cannot be controlled administratively. Ysleta Station did not have sufficient AUO documentation to allow us to specifically identify a violation of law, rule, or regulation. However, most activities that second-line supervisory border patrol agents performed during AUO hours and some activities that first-line supervisory agents and nonsupervisory agents performed appear to have been administratively controllable. We did not find evidence to substantiate that Ysleta Station agents who sustained work-related injuries were paid AUO improperly.

>Evaluation of Alleged AUO Misuse at U.S. Border Patrol, Ysleta Station 		2015
OIG-15-06-D Between 1994 and 2013, FEMA operated seven Long Term Recovery Offices. FEMA obligated and spent more than $4 billion in administrative costs and more than $1 billion in salaries for these offices. Our audit objective was to determine whether FEMA’s policies, procedures, and performance measures for establishing, operating, and closing Long Term Recovery Offices meet Federal statutes and are consistently applied. FEMA does not track costs or data associated with performance measures for Long Term Recovery Offices. Without tracking costs or data, FEMA cannot determine whether these offices are cost effective. FEMA establishes, operates, and closes Long Term Recovery Offices without standardized policies, procedures, and performance measures. Without these controls in place, FEMA is at risk for mismanagement of Federal disaster funds and cannot ensure consistency in establishing and managing these offices. Correcting these deficiencies will provide FEMA the information and guidance it needs to determine whether Long Term Recovery Offices are cost effective. In addition, FEMA can better ensure consistency in establishing and managing these offices.

>FEMA Needs To Track Performance Data and Develop Policies, Procedures, and Performance Measures for Long Term Recovery Offices 		2015
OIG-15-05 The Coast Guard has undertaken a project to modernize information technology onboard certain ships and aircraft. This technology is referred to collectively as Command, Control, Communication, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) systems. The C4ISR project is a major information technology investment with an acquisition life cycle cost of $1.5 billion through fiscal year 2026. The Coast Guard has implemented information technology systems that effectively support the mission needs of some ships and aircraft. Specifically, the systems have met overall performance requirements and have improved operational capabilities, including increased situational awareness, better communication within the Coast Guard and with its partners, and enhanced sensor capabilities. The Coast Guard, however, has not carried out some planned system enhancements that were necessary to support mission needs of certain aircraft and legacy ships. These enhancements were not carried out because of significant budget reductions. Revised plans do not fully address how the Coast Guard will meet the critical technology needs of these aircraft and legacy ships. As a result, these ships and aircraft continue to rely on obsolete technology which impacts mission performance and makes operations and maintenance more difficult and costly.

>U.S. Coast Guard Command, Control, Communication, Computers, Intelligence, Surveillance, and Reconnaissance Modernization 		2015
OIG-15-04-IQO The Office of Integrity and Quality Oversight, Investigations Quality Assurance Division conducted an oversight review of the Federal Law Enforcement Training Center, Office of Professional Responsibility from June 2014 to August 2014. The review covered OPR activity from October 1, 2011, (FY 2012) to June 1, 2014 (FY 2014). We found that the Office of Professional Responsibility generally complied with applicable directives, policies, guidelines, and investigative standards. We observed commendable practices with the thoroughness of investigations, the quality of reports, and the productive relationships maintained with operational entities within the Federal Law Enforcement Training Center. We found particular issues with the agency’s underreporting of complaints to the Office of Inspector General, the absence of annual Law Enforcement Availability Pay documentation and certifications, and weaknesses in safeguarding evidence. We made 21 recommendations to the Office of Professional Responsibility Division Chief who agreed with them in whole or in part. There are no open recommendations in this report.

>Oversight Review of the Department of Homeland Security Federal Law Enforcement Training Center Office of Professional Responsibility 		2015
OIG-15-03-D The County received over $24 million in Public Assistance awards for three federally declared flooding events. Our objective was to determine whether the County accounted for and expended FEMA grant funds according to Federal regulations and FEMA guidelines. The County has procedures in place to account for disaster-related costs on a project-by-project basis. The County however, has completed very little of the work FEMA approved for the three federally declared disasters. At the time of our field work, the County did not have sufficient records available for us to determine whether the County is fully capable of managing the three Federal grants.

>The State of North Dakota Needs to Assist Ramsey County in Completing $24 Million of FEMA Public Assistance Projects for Three Federally Declared Disasters that Occurred in 2009–2011 		2015
OIG-15-02-D The Hospital received an award of $110 million from the Indiana Department of Homeland Security, a FEMA grantee, for damages caused by severe storms and flooding that occurred May 30, through June 27, 2008. Our objective of the audit was to determine whether the Hospital accounted for and expended FEMA grant funds according to federal regulations and FEMA guidelines. Columbus Regional Hospital, Columbus Indiana, (Hospital) generally accounted for FEMA projects on a project-by-project basis as Federal regulations and FEMA guidelines require. However, the Hospital’s claim included ineligible costs.

>FEMA Should Recover $3 Million of Ineligible Costs And $4.3 Million of Unneeded Funds from the Columbus Regional Hospital 		2015
OIG-15-01-D The Administrators of the Tulane Educational Fund(Tulane) received a Federal Emergency Management Agency (FEMA) Public Assistance award of $291.9 Million for damages caused by Hurricane Katrina in August 2005. The objective our audit was to determine whether Tulane accounted for and expended the FEMA grant funds correctly. Tulane’s contractor could not support or justify $13.0 million of the $36.1 million (gross) that we audited. These findings occurred because (1) the contractor could not show that it actually incurred the costs that it billed Tulane; (2) Tulane did not ensure that its contractor’s billings were valid, eligible, and supported; and (3) Louisiana, as the grantee, did not effectively execute its responsibilities to ensure compliance with Federal regulations and FEMA guidelines.

>FEMA Should Recover $13 Million of Grant Funds Awarded to The Administrators of the Tulane Educational Fund, New Orleans, Louisiana 		2015
OIG-14-147 HSGP guidance requires a state administrative agency to administer and manage grant funding awarded under the HSGP. According to the District of Columbia Homeland Security and Emergency Management Agency (DCHSEMA), in March 2007, it was designated as the state administrative agency for HSGP. As such, DC HSEMA is responsible for managing the SHSP and UASI grants in accordance with established Federal guidelines. DC HSEMA was allocated SHSP grant funds for the District of Columbia, as well as UASI grant funds for the National Capital Region (NCR). During fiscal years (FYs) 2010 through 2012, FEMA awarded the DC HSEMA SHSP and UASI grant funds totaling about $189 million. Figure 1 illustrates the UASI funding the NCR received and the SHSP funding the District of Columbia received over the 3 year period. UASI funding for the NCR averaged about $57 million per year during FYs 2010 through 2012, the period covered by our audit. The District of Columbia received its highest level of SHSP funding in FY 2010, but faced a decline of more than $7 million from FYs 2010 to 2012

>District of Columbia’s Management of Homeland Security Grant Program Awards for Fiscal Years 2010 Through 2012 		2014
OIG-14-151 We audited the Federal Emergency Management Agency’s (FEMA) Logistics Supply Chain Management System program. According to FEMA, the Logistics Supply Chain Management System replaced its earlier logistics operations systems to automate and track distribution better and deliver emergency supplies more dependably. FEMA also intended for the system to help track supplies provided by partners in other Federal agencies; nongovernmental organizations; state, local, and tribal governments; and the private sector. Our audit objective was to determine whether FEMA’s Logistics Supply Chain Management System is able to support Federal logistics operations effectively in the event of a catastrophic disaster. After spending about $247 million over 9 years, FEMA cannot be certain that its supply chain management system will be effective during a catastrophic disaster. FEMA estimated that the life cycle cost of the system would be about $556 million—$231 million more than the original life cycle cost estimate. According to FEMA, the Logistics Supply Chain Management System became fully operational in January 2013, which was about 19 months behind schedule. However, the system could not perform as originally planned. Specifically, it cannot interface with the logistics management systems of FEMA’s partners, nor does FEMA have real time visibility over all supplies shipped by its partners. As of March 2014, the Logistics Supply Chain Management System still had not achieved full operational capability. We attribute these deficiencies to inadequate program management and oversight by the Department of Homeland Security (DHS) and FEMA. As a result, FEMA may not be able to efficiently and effectively aid survivors of catastrophic disaster.

>FEMA’s Logistics Supply Chain Management System May Not Be Effective During a Catastrophic Disaster 		2014
OIG-14-149-D We audited Public Assistance grant funds awarded to the East St. Tammany Events Center (Center) in Slidell, Louisiana, (Public Assistance Identification Number 103-USUFP-00). Our audit objective was to determine whether the Center accounted for and expended Federal Emergency Management Agency (FEMA) grant funds according to Federal regulations and FEMA guidelines. The Louisiana Governor’s Office of Homeland Security and Emergency Preparedness (Louisiana), a FEMA grantee, awarded the Center $3.7 million ($2.8 million after insurance reductions) for damages resulting from Hurricane Katrina, which occurred on August 29, 2005. The award provided 100 percent funding for four large and nine small projects. 1 The audit covered the period August 29, 2005, through July 31, 2014, the cutoff date of our audit, and included a review of all projects, or 100 percent of the total award (see Exhibit, Schedule of Projects Audited). As of our cutoff date, the Center had claimed $2.7 million and had completed all projects.

>East St. Tammany Events Center Generally Followed Regulations for Spending FEMA Public Assistance Funds 		2014
OIG-14-152-D Our audit objective was to determine whether the Utility District accounted for and expended Federal Emergency Management Agency (FEMA) funds according to Federal regulations and FEMA guidelines. The Utility District received a Public Assistance grant award of $2.5 million from the Mississippi Emergency Management Agency (Mississippi), a FEMA grantee, for damages resulting from Hurricane Katrina, which occurred in August 2005. The award provided 100 percent FEMA funding for debris removal activities, emergency protective measures, and repairs to permanent buildings and facilities. The award consisted of three large projects and six small projects.

>West Jackson County Utility District, Mississippi, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Hurricane Katrina Damages 		2014
OIG-14-148-D he Louisiana Governor’s Office of Homeland Security and Emergency Preparedness (Louisiana), a FEMA grantee, awarded the Foundation $11.2 million for damages resulting from Hurricane Katrina, which occurred on August 29, 2005. The award provided 100 percent funding for 12 large projects.1 The audit covered the period August 29, 2005, through January 9, 2014, the cutoff date of our audit, and included a review of 12 large projects totaling $11.2 million, or all projects (see Exhibit, Schedule of Projects Audited).2 At the time of our audit, the Foundation had completed all 12 projects and had claimed $5.3 million, but had not requested any projects be closed. Therefore, all of the projects remained open.

>FEMA Should Disallow $9.6 Million of Disaster-Related Costs Incurred by the University of New Orleans Research and Technology Foundation, New Orleans, Louisiana 		2014
OIG-14-150-D We audited Hazard Mitigation Grant Program (HMGP) funds the Federal Emergency Management Agency (FEMA) awarded to the State of Louisiana from September 2005 through March 2014. Our objectives were to determine (1) the amount of HMGP funds FEMA authorized; (2) the amount of HMGP funds FEMA obligated; and (3) the progress the Governor’s Office of Homeland Security and Emergency Preparedness (Louisiana), a FEMA grantee, is making in closing approved HMGP grants.

>FEMA and the State of Louisiana Need to Accelerate the Funding of $812 Million in Hazard Mitigation Grant Program Funds and Develop a Plan to Close Approved Projects ( 		2014
OIG-14-146-D The County received a Public Assistance award of $6.2 million from the Georgia Emergency Management Agency (Georgia), a FEMA grantee, for damages resulting from tornadoes and strong winds, which occurred in April 2011. The award provided 75 percent FEMA funding for debris removal activities and emergency protective measures. The award consisted of 5 large projects and 14 small projects

>Catoosa County, Georgia, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Severe Storms and Flooding in April 2011 		2014
OIG-14-145-D We audited Public Assistance grant funds awarded to the City of Cedar Rapids, Iowa (City) (Public Assistance Identification Number 113-12000-00). Our overall audit objective was to determine whether the City accounted for and expended Federal Emergency Management Agency (FEMA) grant funds according to Federal regulations and FEMA guidelines. The specific objective of this phase of the audit was to determine whether FEMA (1) correctly applied the "50 Percent Rule" when deciding to replace, rather than repair, City facilities, and (2) properly approved facility relocations.

>FEMA’s Incorrect Decisions to Replace Rather than Repair Facilities in Cedar Rapids, Iowa Cost Taxpayers Over $12 Million 		2014
OIG-14-142 The Transportation Security Administration (TSA) is responsible for protecting the Nation's transportation systems to ensure freedom of movement for people and commerce. As part of its mission, TSA screens checked baggage to deter, detect, and prevent the carriage of any prohibited items, such as explosives and incendiaries, onboard passenger commercial aircraft. TSA primarily relies on its screening workforce and two types of equipment to screen checked baggage - explosives detection systems and explosives trace detection. Through covert testing conducted at domestic airports, we determined whether Transportation Security Officers were following established policies and procedures to prevent threat items from being placed onto commercial aircraft. We also determined the operational effectiveness of TSA's checked baggage screening technology. We identified vulnerabilities in this area caused by human and technology-based failures.

>(U) Vulnerabilities Exist in TSA's Checked Baggage Screening Operations 		2014
OIG-14-143-D Our audit objective was to determine whether the Village’s policies, procedures, and business practices are adequate to account for and expend Federal Emergency Management Agency (FEMA) grant funds according to Federal regulations and FEMA guidelines. We conducted this audit early in the Public Assistance process to identify areas where the Village may need additional technical assistance or monitoring to ensure compliance. In addition, by undergoing an audit early in the grant cycle, grant recipients have the opportunity to correct non-compliance with Federal regulations before they spend the majority of their funding. It also allows them the opportunity to supplement deficient documentation or locate missing documentation before too much time elapses.

>The Village of Corrales, New Mexico, Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements 		2014
OIG-14-144 An anonymous whistleblower alleged that USBP agents assigned to headquarters “illegally claim” AUO daily but do not perform duties justifying their AUO claims. Further, the whistleblower asserted that, “the duties and responsibilities of Border Patrol headquarters employees are regular, predictable, and controllable and that headquarters work is not sufficiently urgent to warrant the use of AUO.”

>Evaluation of Alleged AUO Misuse at U.S. Border Patrol Headquarters ( 		2014
OIG-14-141-D Our audit objective was to determine whether the Department’s policies, procedures, and business practices are adequate to account for and expend Federal Emergency Management Agency (FEMA) grant funds according to Federal regulations and FEMA guidelines. We conducted this audit early in the Public Assistance process to identify areas where the Department may need additional technical assistance or monitoring to ensure compliance. In addition, by undergoing an audit early in the grant cycle, grant recipients have the opportunity to correct non-compliance with Federal regulations before they spend the majority of their funding. It also allows them the opportunity to supplement deficient documentation or locate missing documentation before too much time elapses.

>New York City Department of Correction Has Adequate Policies, Procedures, and Business Practices in Place to Effectively Manage FEMA Public Assistance Grant Funds 		2014
OIG-14-140 This report presents our annual review of the United States Coast Guard’s (USCG) mission performance, as required by the Homeland Security Act of 2002. The act defines the USCG’s 11 statutory missions as either non homeland security missions or homeland security. The act also prohibits the Secretary of Homeland Security from substantially reducing any of the USCG’s missions after its transfer to the Department of Homeland Security, except as specified in subsequent acts.

>Annual Review of the United States Coast Guard's Mission Performance (FY 2013) 		2014
OIG-14-136-D Our audit objective was to determine whether the City's policies, procedures, and business practices are adequate to account for and expend Federal Emergency Management Agency (FEMA) grant funds according to Federal regulations and FEMA guidelines. We conducted this audit early in the Public Assistance process to identify areas where the City may need additional technical assistance or monitoring to ensure compliance. In addition, by undergoing an audit early in the grant cycle, grant recipients have the opportunity to correct non-compliance with Federal regulations before they spend the majority of their funding.

>The City of Albuquerque, New Mexico, Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements 		2014
OIG-14-137 The Department of Homeland Security (DHS) Visa Security Program is intended to prevent terrorists, criminals, and other ineligible applicants from receiving visas. DHS assigns special agents with expertise in immigration law and counterterrorism to U.S. diplomatic posts overseas to perform visa security activities . We reviewed the program’s effectiveness in preventing ineligible applicants from receiving U.S. visas; DHS’ annual reporting to Congress on the program’s expansion; and the efforts to expand the program to additional overseas posts, including the potential impact of a new initiative, the Pre ‐ Adjudicated Threat Recognition and Intelligence OperationsTeam.

>The DHS Visa Security Program 		2014
OIG-14-139 The United States Customs and Border Protection (CBP) employs radio frequency identification technology in its Trusted Traveler Programs to allow preͲscreened travelers expedited processing at designated ports of .Radio frequency identification is a form of automatic identification and data capture technology that uses radio frequencies to transmit information. The flexibility and portability of radio frequency identification technology has introduced new security risks to agency systems, such as cloning of an identification tag and the security of the database that stores personal data. Without effective security controls and procedures over this technology and its supporting infrastructure, unauthorized individuals could modify identification tag content or access sensitive data stored in the system databases.

>Enhancements in Technical Controls and Training Can Improve the Security of CBP’s Trusted Traveler Programs 		2014
OIG-14-138 In 2007,TSA began deploying advanced imaging technology to screen airline passengers for weapons, explosives, and other concealed objects. In 2009 and 2010, TSA used American Recovery and Reinvestment Act funds to purchase 251 Secure 1000SP advanced imaging technology units from Rapiscan Systems. By June 2013, TSA had removed the units from service because the company could not develop enhanced software to enable the units to comply with the privacy requirements of the FAA Modernization and Reform Act of 2012. Rapiscan Systems assumed all costs associated with their removal and storage. In May 2013, Representative Bennie Thompson requested that we review TSA’s management of its advanced imaging technology inventory. Specifically, Mr. Thompson requested that we review the removal and potential redistribution of the noncompliant units, and related costs.

>TSA’s Management of Secure 1000SP Advanced Imaging Technology Units 		2014
OIG-14-135 We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security anagement Act, we reviewed the Department’s security program including its policies, procedures, and system security controls for enterprise-wide intelligence systems. In doing so, we assessed the Department’s continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones, remote access, contingency planning, contractor systems and security capital planning. The United States Coast Guard (USCG) has migrated the Coast Guard Intelligence Support System into a new system that is supported by DHS, the Defense ntelligence Agency and USCG.

>(U) Review of DHS' Information Security Program for Intelligence Systems for Fiscal Year 2014 		2014
OIG-14-134-D During 2004, the Louisiana Legislative Auditor and our office issued Audit reports on the State’s management of the Hazard Mitigation, Unmet Needs, and Flood Mitigation Assistance grant programs. The scope of our 2004 audit included funding for the Hazard Mitigation Grant Program and Unmet Needs programs totaling $40,524,912 in Direct project costs and administrative and management costs from Eight disasters declared between September 1998 and October 2002. We recommended that, among other actions, FEMA identify and deobligate any ineligible, unsupported, or duplicate funding. In March 2005, as a result of our recommendations, FEMA Region VI started the process of recouping $30.4 million from the State. By May 2007, the State had provided FEMA Region VI with sufficient documentation to reduce the original debt from $30.4 million to $26.6 million. In July 2010, the Regional Administrator, after applying cost overruns, reduced the debt to $23.1 million and referred it to the FEMA Finance Center in September 2010 for issuance of the Bill for Collection. In January 2012, the FEMA Finance Center transferred the debt to Treasury. As of May 2014, Treasury still held the uncollected debt.

>FEMA’s Efforts To Collect a $23.1 Million Debt from the State of Louisiana Should Have Been More Aggressive 		2014
OIG-14-132 We audited security controls for Department of Homeland Security Information technology systems at Dallas/Fort Worth International Airport. Four Department components—the Management Directorate, Transportation Security Administration, U.S. Customs and Border Protection, and U.S. Immigration and Customs Enforcement—Operate information technology systems that support homeland security operations at this airport. Our audit focused on how these components have implemented computer security operational, technical, and management controls for their systems at the airport and nearby locations.

>Audit of Security Controls for DHS Information Technology Systems at Dallas/Fort Worth International Airport 		2014
OIG-14-133-D Our audit objective was to determine whether the Corporation accounted for and expended Federal Emergency Management Agency (FEMA) grant funds according to Federal regulations and FEMA guidelines. Although it has been almost 9 years since Hurricane Katrina, the Corporation has not spent the majority of its funding. Therefore, we expanded our audit objective to determine whether its policies, procedures, and business practices are adequate to properly account for and expend FEMA grant funds. Our goal was to identify areas where the Corporation may need additional technical assistance or monitoring to correct noncompliance with Federal regulations before it spends the majority of its funding

>Louisiana Should Monitor $39.8 Million of FEMA Funds Awarded to Pontchartrain Housing Corporation I to Ensure Compliance with Federal Regulations 		2014
OIG-14-131 U.S. Customs and Border Protection (CBP) secures our Nation’s borders and facilitates lawful international trade and travel while enforcing Federal laws and regulations. To accomplish its mission, CBP often stations officers and agents in remote areas of the country without adequate housing options. In 2008, CBP identified a need for employee housing along the southwest border, particularly in Arizona and Texas, given the remoteness and limited housing market. CBP began planning the construction of employee housing in Ajo, Arizona, in 2008 and completed construction in late 2012. We conducted this audit to determine whether CBP followed good business practices in planning and managing employee housing in Ajo, Arizona.

>CBP Did Not Effectively Plan and Manage Employee Housing in Ajo, Arizona (Revised) ( 		2014
OIG-14-130-D At the time of audit fieldwork, the New Jersey Office of Emergency Management (New Jersey), a FEMA grantee, had awarded the City just over $18 million for damages resulting from Hurricane Sandy, which occurred on October 29, 2012. The award provided 90 percent funding for debris removal (Category A), emergency protective measures (Category S), and permanent work {Categories C-G) for nine projects (eight large projects and one small).1 We included five of the nine projects totaling $16.8 million or 93 percent of the award in our review (see Exhibit, Schedule of Projects Reviewed). The audit covered the period October 26, 2012, through April 9, 2014. At the time of our fieldwork, the City had not submitted any claims to New Jersey for work under the projects in our audit scope.

>The City of Elizabeth, New Jersey, Has Adequate Policies, Procedures, and Business Practices in Place to Effectively Manage FEMA Public Assistance Grant Funds 		2014
OIG-14-127-D Our audit objective was to determine whether the County accounted for and expended Federal Emergency Management Agency {FEMA) funds according to Federal regulations and FEMA guidelines. The County received a Public Assistance grant award of $87.7 million from the Mississippi Emergency Management Agency (Mississippi), a FEMA grantee, for damages resulting from Hurricane Katrina, which occurred in August 2005. The award provided 100 percent FEMA funding for debris removal, emergency protective measures, and permanent repairs to buildings and facilities. The award consisted of 126 large projects 1 and 109 small projects.

>FEMA Should Recover $4.9 Million of $87.7 Million in Public Assistance Grant Funds Awarded to the Hancock County, Mississippi, Board of Supervisors for Hurricane Katrina Damages 		2014

*NDAA, Pub. L. 117-263, section 5274 Response Received. View responses

Return to top of page