Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Sort ascending Fiscal Year
OIG-22-13 Trusted Traveler Revocations for Americans Associated with the 2018-2019 Migrant Caravan (REDACTED) 2022
OIG-22-10 USCIS' U Visa Program is Not Managed Effectively and is Susceptible to Fraud (REDACTED) 2022
OIG-22-11 FEMA Continues to Phase Out Its Use of Alternative Contracting Methods to Administer the National Flood Insurance Program 2022
OIG-22-14 Medical Processes and Communication Protocols Need Improvement at Irwin County Detention Center 2022
OIG-22-12 Continued Reliance on Manual Processing Slowed USCIS' Benefits Delivery during the COVID-19 Pandemic 2022
OIG-22-06 DHS Needs Additional Oversight and Documentation to Ensure Progress in Joint Cybersecurity Efforts 2022
OIG-22-09 DHS' Implementation of OIG Recommendations Related to Drug Interdiction 2022
OIG-22-08 KPMG LLP (KPMG), under contract with the Department of Homeland Security Office of Inspector General, conducted an integrated audit of DHS’ fiscal year 2021 consolidated financial statements and internal control over financial reporting.  KPMG issued an unmodified (clean) opinion on the financial statements, reporting that they present fairly, in all material respects, DHS’ financial position as of September 30, 2021.  However, KPMG identified material weaknesses in internal control in two areas and other significant deficiencies in four areas.  Consequently, KPMG issued an adverse opinion on DHS’ internal control over financial reporting.  KPMG also reported noncompliance with two laws and regulations.  KPMG made 19 recommendations to improve the Department’s internal control over financial reporting.

>Independent Auditors' Report on DHS' FY 2021 Financial Statements and Internal Control over Financial Reporting
2022
OIG-22-05 Major Management and Performance Challenges Facing the Department of Homeland Security 2022
OIG-22-07 FEMA Did Not Always Accurately Report COVID-19 Contract Actions in the Federal Procurement Data System 2022
OIG-22-04 DHS Continues to Make Progress Meeting DATA Act Requirements, but Challenges Remain 2022
OIG-22-03 Many Factors Hinder ICE's Ability to Maintain Adequate Medical Staffing at Detention Facilities 2022
OIG-22-02 DHS could not provide any performance measures and provided only limited data to demonstrate the full extent or effectiveness of its efforts to enforce wildlife trafficking laws.  In addition, CBP personnel inconsistently recorded data on wildlife encounters, and ICE Homeland Security Investigations (HSI) special agents did not always completely or accurately record actions and data related to wildlife trafficking.  CBP personnel also did not always demonstrate that they involved ICE HSI special agents when suspecting wildlife trafficking crimes.  Finally, DHS did not establish performance goals to measure the results of its efforts to combat wildlife trafficking.  We attributed these issues to DHS, CBP, and ICE not providing adequate oversight, including clear and comprehensive policies and procedures, of wildlife trafficking efforts.  As a result, DHS may be missing opportunities to curtail the spread of zoonotic viruses and disrupt transnational criminal organizations that use the same networks for other illicit trafficking, such as narcotics, humans, and weapons.  We made one recommendation to improve the Department’s efforts to combat wildlife trafficking.  The Department concurred with the recommendation and provided a plan to improve its efforts.

>DHS Needs to Better Demonstrate Its Efforts to Combat Illegal Wildlife Trafficking
2022
OIG-22-01 ICE Needs to Improve Its Oversight of Segregation Use in Detention Facilities 2022
OIG-21-73 FLETC implemented robust protocols to respond to and mitigate COVID-19 at its Glynco training facility.  Before reopening in June 2020, FLETC developed a formal plan to resume in-person training.  Through this plan, along with other policies and procedures, FLETC established protocols in accordance with Centers for Disease Control and Prevention guidance and medical expertise.  DHS students and component officials we spoke with confirmed that these protocols were in place and told us that, overall, they were effective.  However, they also raised concerns related to students socializing inappropriately, and not following some requirements such as mask-wearing.  In instances such as these, FLETC was largely reliant on students’ home agencies to take action to reinforce compliance among their students with safety protocols, or to take disciplinary action, if necessary.  As a result of its measures, FLETC’s rate of positive COVID-19 tests was lower than that of its surrounding county.  We also found, however, that FLETC did not always follow its own protocols for housing assignments related to COVID-19.  For example, some students who were not positive for COVID-19 or were not quarantined for exposure to COVID-19 were still housed in the isolation dormitory.  Some of the students we spoke with who were incorrectly assigned to the isolation dormitory told us that they did not feel safe.  We made one recommendation to the FLETC Director to improve COVID-19 student-housing protocols.  FLETC concurred with the recommendation. 

>FLETC's Actions to Respond to and Manage COVID-19 at its Glynco Training Center
2021
OIG-21-70 CBP's FAST Program Exposes Borders to Security Risks - Law Enforcement Sensitive (REDACTED) 2021
OIG-21-72 In May 2020, the Deputy Under Secretary for Management formally documented the Department’s risk acceptance to allow the Coast Guard to meet FISMA requirements according to Department of Defense, rather than DHS’ reporting requirements.  The Deputy Under Secretary for Management’s decision adversely affected our ability to evaluate the Department’s enterprise-wide information program under this year’s OIG reporting metrics.  Nonetheless, when evaluating the overall effectiveness of DHS’ information security program for FY 2020 FISMA, our rating does not include the Coast Guard.  DHS’ information security program earned a maturity rating of “Managed and Measurable” (Level 4) in three of five functions.  DHS can further improve the effectiveness of its information security program by ensuring components execute all its policies and procedures.  We made four recommendations in our report, with one to the DHS Chief Information Officer, one to the S&T Chief Information Officer, one to the Secret Service Chief Information Officer, and one to the FEMA Chief Information Officer.  The Department concurred with all four recommendations.

>Evaluation of DHS' Information Security Program for Fiscal Year 2020
2021
OIG-21-71 FEMA does not always appropriately report and investigate employee allegations of sexual harassment and workplace sexual misconduct.  For FYs 2012 to 2018, we identified 305 allegations from FEMA employees potentially related to sexual harassment and sexual misconduct such as sexual assault, unwelcome sexual advances, and inappropriate sexual comments.  However, we were unable to determine whether FEMA properly handled 153 of these allegations, because it could not provide complete investigative and disciplinary files.  For allegations that had complete files available, at times we were unable to determine whether FEMA conducted an investigation.  Finally, we found FEMA did not document whether it investigated some sexual harassment EEO complaints as potential employee misconduct.  We attribute the inconsistent investigations and incomplete files to inadequate policies, processes, and training. These shortcomings may fuel employee perceptions that FEMA is not addressing sexual harassment and sexual misconduct and is not supportive of employees reporting that type of behavior.  We made five recommendations to improve FEMA’s handling of sexual harassment and misconduct allegations including establishing a comprehensive case management system; developing and implementing formal processes and procedures to appropriately address all harassment allegations; providing investigative training; and ensuring allegations are appropriately referred to DHS OIG.

>FEMA Must Take Additional Steps to Better Address Employee Allegations of Sexual Harassment and Sexual Misconduct
2021
OIG-21-69 TSA acquired CT systems that did not address all needed capabilities.  These issues occurred because the Department of Homeland Security did not provide adequate oversight of TSA’s acquisition of CT systems.  DHS is responsible for overseeing all major acquisitions to ensure they are properly planned and executed and meet documented key performance thresholds.  However, DHS allowed TSA to use an acquisition approach not recognized by DHS’ acquisition guidance.  In addition, DHS allowed TSA to deploy the CT system even though it did not meet all TSA key performance parameters.  DHS also did not validate TSA’s detection upgrade before TSA incorporated it into the CT system.  As a result, TSA risks spending over $700 million in future appropriated funding to purchase CT systems that may never fully meet operational mission needs.  We made three recommendations to improve DHS’ oversight of TSA’s CT systems acquisition.  DHS concurred with all three recommendations.  

>DHS Did Not Effectively Oversee TSA's Acquisition of Computed Tomography Systems
2021
OIG-21-63 Summary: OFO continues to experience challenges managing searches of electronic devices, similar to those identified in our first audit report, CBP’s Searches of Electronic Devices at Ports of Entry, issued in December 2018.  Specifically, OFO did not properly document and conduct searches of electronic devices, fully assess the effectiveness of the electronic device search program, or adequately manage electronic device search equipment.  This occurred because, although it plans to do so, OFO has not yet fully implemented corrective actions for four of the five recommendations in our previous audit report, including establishing training for staff.  According to an OFO official, there have been delays in fully implementing the prior recommendations due to reviews of existing policy and a capabilities analysis report, and development of additional training.  In addition, OFO does not have adequate processes for auditing electronic device searches, does not track prosecutions and convictions resulting from referrals to other Federal agencies, and does not adequately monitor search equipment usage, functionality, and inventory.  Unless it corrects previously identified deficiencies and better manages searches and equipment, OFO will limit its ability to detect and deter illegal activities related to terrorism; national security; human, drug, and bulk cash smuggling; and child pornography.  We made five recommendations to improve CBP’s oversight of searches of electronic devices at ports of entry.  CBP concurred with all five recommendations.

>CBP Continues to Experience Challenges Managing Searches of Electronic Devices at Ports of Entry - Law Enforcement Sensitive (REDACTED)
2021
OIG-21-67 During our ongoing audit of DHS law enforcement virtual training, we learned that the Coast Guard uses functional firearms to conduct DVD-based simulation training.  We identified this issue in Coast Guard’s Commandant Instruction 3574.5C, 18 September 2014, Coast Guard Judgmental Use of Force Evaluation and observed a demonstration of this training at one Coast Guard location.  According to testimony or policy from four other DHS components that employ or train law enforcement personnel, the use of functional firearms during video-based simulation training is prohibited within their respective components.  By using functional firearms capable of firing ammunition, even if emptied of ammunition, in DVD-based simulation training, Coast Guard increased the risk of unintentional injury or death.  Coast Guard concurred with our recommendation and took immediate corrective actions to discontinue the use of functional firearms during DVD-based simulation training.  The recommendation is resolved and closed.

>Management Alert - The United States Coast Guard Discontinued the Use of Functional Firearms in DVD Simulation Training
2021
OIG-21-68 TSA implemented 167 of the 251 (67 percent) requirements in both Acts, 55 of the 167 (33 percent) were not completed by the Acts’ established deadlines, and TSA did not complete the remaining 84 requirements.  TSA was unable to complete 33 of these requirements because the actions relied on external stakeholders acting first or depended on conditions outside of TSA's control. The shortfalls occurred because TSA did not: (1) designate a lead office to establish internal controls, conduct oversight, and provide quality assurance for implementing the legislatively mandated requirements; (2) develop formal policies and procedures to ensure consistency and accountability for implementing the requirements on time; or (3) plan or develop an effective system to maintain relevant supporting documentation for the Acts’ requirements to help ensure information accuracy, continuity, and record retrieval capability. Further, TSA had difficulty completing some mandates that required lengthy regulatory processes or coordination with and reliance on external Government and industry stakeholders.  Because TSA has not implemented all requirements, it may be missing opportunities to address vulnerabilities and strengthen the security of the Nation’s transportation systems.  TSA provided a corrective action plan but did not concur with the recommendation.

>TSA Has Not Implemented All Requirements of the 9/11 Act and the TSA Modernization Act
2021
OIG-21-66 DHS did not fully comply with the public law.  TSA and the Coast Guard prepared, and DHS submitted, a CAP to Congress in June 2020.  Although the CAP identified corrective actions for one area, it did not address four issues we consider significant.  We recommended that DHS, in consultation with TSA and Coast Guard, re-evaluate the assessment to determine if further corrective actions are needed or justify excluding significant issues from the CAP.  DHS did not concur with the recommendation, but we consider DHS’ actions partially responsive to the recommendation. We consider the recommendation open and unresolved.

>DHS Did Not Fully Comply with Requirements in the Transportation Security Card Program Assessment
2021
OIG-21-65 Summary: Rescue 21 Alaska, Coast Guard’s maritime search and rescue communication system, has experienced outages resulting from antiquated equipment in Coast Guard’s District 17.  Challenges and funding shortages during system acquisition caused Coast Guard to limit the purchase of new equipment for Rescue 21 Alaska, requiring District 17 to maintain existing equipment for longer than initially planned.  Alaska’s winter weather conditions and remote access to communication site locations cause lengthy repair times, further exacerbating the outage impacts.  The outages have prevented Coast Guard, at times, from effectively receiving and responding to distress calls from mariners.  Coast Guard has made some upgrades to the Rescue 21 Alaska system to enhance distress communication availability and reliability.  Although Coast Guard plans for further upgrades, outages persist.  When notifying the public about the outages, Coast Guard primarily relies on a “Local Notice to Mariners” posted on their public website.  However, this limits who can receive the notices, as not all mariners go to the internet to determine outage locations.  Alaska mariners shared other effective methods Coast Guard could use to improve its notifications to the public when there are known VHF distress communications outages.  Adequately upgrading the communications equipment and ensuring robust attempts are made to notify the public when outages occur is essential for Coast Guard to achieve its search and rescue mission in Alaska.  We made two recommendations to ensure the Coast Guard is prioritizing Rescue 21 Alaska upgrades and appropriately notifying the public of outages. Coast Guard concurred with both recommendations.

>Coast Guard Should Prioritize Upgrades to Rescue 21 Alaska and Expand Its Public Notifications during Outages
2021
OIG-21-64 FEMA did not have reliable data to inform allocation decisions and ensure accurate adjudication of resource requests, it did not have a process to allocate the limited supply of PPE, and FEMA’s strategic documents did not clearly outline roles and responsibilities to lead the Federal response.  We made three recommendations that FEMA improve the reliability of WebEOC, formally document the policies and procedures for allocating critical lifesaving supplies and equipment, and that FEMA work with the Secretary of Health and Human Services to clarify the agencies’ pandemic response roles and responsibilities under Stafford Act declarations.  FEMA concurred with all three recommendations which remain open and resolved.

>Lessons Learned from FEMA's Initial Response to COVID-19
2021
OIG-21-62 CBP officials had legitimate reasons for placing lookouts on American journalists, attorneys, and others suspected of organizing or being associated with the migrant caravan.  However, many CBP officials were unaware of CBP’s policy related to placing lookouts and, therefore, may have inadvertently placed lookouts on these Americans, which did not fully comport with the policy.  Additionally, CBP officials did not remove lookouts promptly once they were no longer necessary and, as a result, subjected some of these U.S. citizens to repeated and unnecessary secondary inspections.  During the same time period, a CBP official requested that Mexico deny entry to caravan associates, including 14 Americans.  Unlike CBP’s legitimate reasons for placing lookouts on these U.S. citizens, CBP had no genuine basis for requesting Mexico to deny entry to these individuals.  On several other occasions throughout Operation Secure Line, other CBP officials also improperly shared the names and sensitive information of U.S. citizens with Mexico.  We made six recommendations that will improve CBP’s controls on placing and removing lookouts and sharing Americans’ sensitive information with foreign countries.  CBP concurred with all six recommendations.

>CBP Targeted Americans Associated with the 2018-2019 Migrant Caravan
2021
OIG-21-61 During our unannounced inspection of Otay Mesa in San Diego, California, we identified violations of ICE detention standards that compromised the health, safety, and rights of detainees.  Otay Mesa complied with standards for classification and generally provided sufficient medical care to detainees.  In addressing COVID-19, Otay Mesa did not consistently enforce precautions including use of facial coverings and social distancing.   Overall, we found that Otay Mesa did not meet standards for grievances, segregation, or staff-detainee communications.  Specifically, Otay Mesa did not respond timely to detainee grievances and did not forward staff misconduct grievances to ICE as required.  In addition, Otay Mesa was not consistently providing required services for detainees in segregation including access to recreation, legal calls, laundry, linen exchange, mail, legal materials, commissary, and law library.  Further, ICE did not consistently respond to detainee requests timely and did not specify times for visits with detainees.  Finally, we determined the declining detainee population at Otay Mesa caused ICE to pay more than $22 million for unused bed space under a guaranteed minimum contract.  We made seven recommendations to ICE’s Executive Associate Director of Enforcement and Removal Operations to ensure the San Diego ERO Field Office overseeing Otay Mesa addresses identified issues and ensures facility compliance with relevant detention standards.  ICE concurred with six recommendations and non-concurred with one recommendation.

>Violations of ICE Detention Standards at Otay Mesa Detention Center
2021
OIG-21-60 U.S. Customs and Border Protection (CBP) does not conduct COVID-19 testing for migrants who enter CBP custody and is not required to do so.  Instead, CBP relies on local public health systems to test symptomatic individuals.  According to CBP officials, as a frontline law enforcement agency, it does not have the necessary resources to conduct such testing.  For migrants that are transferred or released from CBP custody into the United States, CBP coordinates with DHS, U.S. Immigration and Customs Enforcement, U.S. Department of Health and Human Services, and other Federal, state, and local partners for COVID-19 testing of migrants.  In addition, although DHS generally follows guidance from the Centers for Disease Control and Prevention for COVID-19 preventative measures, the DHS’ multi-layered COVID-19 testing framework does not require CBP to conduct COVID-19 testing at CBP facilities.  Further, DHS’ Chief Medical Officer does not have the authority to direct or enforce COVID-19 testing procedures.  We recommended DHS reassess its COVID-19 response framework to identify areas for improvement to mitigate the spread of COVID-19 while balancing its primary mission of securing the border.  Additionally, we recommended DHS ensure the components continue to coordinate with the DHS Chief Medical Officer and provide available resources needed to operate safely and effectively during the COVID-19 pandemic and any future public health crisis.  We made two recommendations to improve DHS’ response to COVID-19 at the southwest border.  DHS concurred with both recommendations.

>DHS Needs to Enhance Its COVID-19 Response at the Southwest Border
2021
OIG-21-59 CISA cannot demonstrate how its oversight has improved Dams Sector security and resilience because CISA has not coordinated or tracked its Dams Sector activities, updated overarching national critical infrastructure or Dams Sector plans, and collected and evaluated performance information on Dams Sector activities.  Furthermore, we found that CISA does not consistently provide information to FEMA to help ensure its assistance addresses the most pressing needs of the Dams Sector.  CISA and FEMA also do not coordinate their flood mapping information.  Finally, CISA does not effectively use the Homeland Security Information Network Critical Infrastructure Dams Portal to provide external Dams Sector Stakeholders with critical information.  We recommended that CISA update the Dams Sector-Specific Plan, its internal organization structures, and establish performance metrics to determine its impact on the Dams Sector.  We also recommended it coordinate with FEMA on its grants and flood mapping systems.  Finally, we recommended CISA implement a strategy to use the HSIN-CI Dams portal to its fullest potential.  We made five recommendations to update CISA’s Sector-Specific Plan, internal organization structures, and coordination with FEMA that, when implemented, will improve dam security and resilience.  CISA concurred with all five recommendations.

>CISA Can Improve Efforts to Ensure Dam Security and Resilience
2021
OIG-21-58 ICE has taken various actions to prevent the pandemic’s spread among detainees and staff at their detention facilities. At the nine facilities we remotely inspected, these measures included maintaining adequate supplies of PPE such as face masks, enhanced cleaning, and proper screening for new detainees and staff. However, we found other areas in which detention facilities struggled to properly manage the health and safety of detainees. For example, we observed instances where staff and detainees did not consistently wear face masks or socially distance. In addition, we noted that some facilities did not consistently manage medical sick calls and did not regularly communicate with detainees regarding their COVID-19 test results. Although we found that ICE was able to decrease the detainee population to help mitigate the spread of COVID-19, information on detainee transfers was limited. We also found that testing of both detainees and staff was insufficient, and that ICE headquarters did not generally provide effective oversight of their detention facilities during the pandemic. Overall, ICE must resolve these issues to ensure it can meet the challenges of not only the COVID-19 pandemic, but future pandemics as well. We made six recommendations to improve ICE’s management of COVID-19 in its detention facilities. ICE concurred with all six recommendations.

>ICE’s Management of COVID-19 in Its Detention Facilities Provides Lessons Learned for Future Pandemic Responses
2021
OIG-21-57  Although ICE had controls in place that required Capgemini Government Solutions, LLC to provide qualified labor, ICE did not properly construct or monitor the contract.  This occurred because ICE awarded a firm-fixed-price contract but required a labor-hour performance measurement to monitor and track work hours, which was not appropriate for this type of contract.  The contractor also did not provide the number of staff ICE required for specific labor categories.  As a result, ICE cannot ensure it received all services, and it overpaid $769,869 in labor costs.  Finally, ICE did not ensure the contractor met statement of work requirements for staff skill sets, education, and work experience, nor did it ensure all contractor staff worked at the designated place of performance

>ICE's Oversight of the Capgemini Contract Needs Improvement
2021
OIG-21-55 Since our FY 2020 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices.  We determined that DHS' information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective this year as the Department achieved “Level 4 – Managed and Measurable” in three of five cybersecurity functions, based on current reporting instructions for intelligence systems.  However, we identified deficiencies in DHS’ protect and recover functions.  We made three recommendations to I&A to address the deficiencies identified, and I&A concurred with all three recommendations.

>Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems for Fiscal Year 2020 - Secret
2021
OIG-21-56 We identified deficiencies in E-Verify’s processes for confirming identity during employment verification.  E-Verify’s photo matching process is not fully automated, but rather, relies on employers to confirm individuals’ identities by manually reviewing photos.  We attribute these deficiencies to USCIS not developing or evaluating the plans and internal controls needed to improve its processes and detect, track, and investigate system errors.  Until USCIS addresses E-Verify’s deficiencies, it cannot ensure the system provides accurate employment eligibility results.  We made 10 recommendations to improve E-Verify’s accuracy, internal controls, and workload capabilities.  USCIS concurred with all 10 recommendations.

>USCIS Needs to Improve Its Electronic Employment Eligibility Verification Process
2021
OIG-21-54 FEMA did not use its SFM initiative to ensure that Public Assistance (PA) funds were obligated in accordance with Federal, Department, and component requirements.  Specifically, FEMA obligated PA funds for 83 projects from fiscal years 2017 through 2019 that we reviewed, even though the subrecipients did not need the funding until after 180 days, which made them eligible for incremental obligation under SFM.  This occurred because FEMA did not provide adequate oversight to its Regions.  FEMA relied on the Regions’ decisions to determine whether subrecipients’ projects were eligible for SFM funding, without ensuring there was sufficient supporting documentation to validate the determinations.  This increases the risk of projects being over obligated.  As a result, FEMA is not meeting the intent of SFM, which is to better manage resources in the Disaster Relief Fund to fulfill present and future disaster funding requirements.  We made two recommendations that, when implemented, should improve FEMA’s management and oversight of the Disaster Relief Fund.  FEMA concurred with the recommendations. 

>FEMA Prematurely Obligated $478 Million in Public Assistance Funds from FY 2017 through FY 2019
2021
OIG-21-53 CBP did not effectively manage its aviation fleet acquisitions to meet operational mission needs.  Specifically, AMO acquired and deployed 16 multi-role enforcement aircraft (MEA) that did not contain the necessary air and land interdiction capabilities to perform its mission.  In addition, CBP AMO initiated the MEA and medium lift helicopter program without well-defined operational requirements and key performance parameters — critical items in the acquisition planning process.  This occurred because CBP did not provide oversight and guidance to ensure acquisition personnel followed key steps required by the DHS Acquisition Lifecycle Framework.  As a result, AMO expended approximately $330 million procuring multi-role enforcement aircraft that, at the time of acceptance, did not effectively respond to emergent air threats along the northern or southern borders, and experienced schedule delays deploying the medium lift helicopter.  Without effective oversight and guidance, AMO risks aviation acquisitions taking longer to deliver, at a greater cost, and without the needed capabilities.  We made four recommendations aimed at improving CBP’s acquisition management of aviation fleet to meet operational needs.  CBP concurred with three of the four recommendations. 

>U.S. Customs and Border Protection's Acquisition Management of Aviation Fleet Needs Improvement to Meet Operational Needs
2021
OIG-21-52 TSA partially complied with the Act by establishing operational processes for routine activities within its Explosives Detection Canine Team (EDCT)  program for surface transportation.  Specifically, TSA has a national training program for canines and handlers, uses canine assets to meet urgent security needs, and monitors and tracks canine assets.  However, TSA did not comply with the Act’s requirements to evaluate the entire EDCT program for alignment with its risk-based security strategy or develop a unified deployment strategy for its EDCTs for surface transportation.  We recommended that TSA coordinate with its law enforcement agency partners to conduct an evaluation of the EDCT program and develop an agency-wide deployment strategy for surface transportation consistent with TSA's Surface Transportation Risk-Based Security Strategy.  TSA concurred with both recommendations.   

>TSA Did Not Assess Its Explosives Detection Canine Team Program for Surface Transportation Security
2021
OIG-21-51 In FY 2018, S&T did not always adhere to DHS and internal purchase card policies and procedures.  Of 421 purchase card transactions selected for review, we identified 394 transactions that did not have required supporting documentation, separation of key transaction duties, approvals and other required signatures, or compliance with other risk-based procedures.  According to S&T officials, these issues were due to shortfalls in program oversight and training, as well as outdated policy.  We identified $63,213 in questionable costs associated with purchase card transactions.  We made four recommendations to improve S&T’s adherence to DHS policies and procedures for its Bankcard Program.  S&T concurred with the four recommendations. 

>FY 2018 Audit of Science and Technology Bankcard Program Indicates Risks
2021
OIG-21-50 FEMA did not ensure Louisiana adequately managed and provided oversight of PA grants to make certain they complied with Federal regulations.  Specifically, Louisiana had a backlog of 600 incomplete projects beyond their approved completion dates.  We attributed this to the State not conducting regular site visits to assess subrecipients’ ongoing projects, identify and resolve issues as they arose, or ensure prompt project completion.  In addition, FEMA had a backlog of 2,150 completed grant projects it had not closed out due to inadequate oversight of its Region 6 staff to ensure they promptly carried out this responsibility.  As of the fourth quarter of 2018, the combined backlog of 2,750 grant projects represented nearly $6.6 billion in obligated funds.  By May 2020, FEMA had reduced the backlog, but the significant number of remaining projects could lead to delays reimbursing applicants as well as deobligating funds that could be put to better use.  We made three recommendations to FEMA to strengthen its oversight of project completion and closeout processes to ensure they are timely and compliant.  FEMA concurred with one recommendation and did not concur with two.  However, FEMA’s responses resulted in all three recommendations being considered open and unresolved.

>Inadequate FEMA Oversight Delayed Completion and Closeout of Louisiana's Public Assistance Projects
2021
OIG-21-48 CBP needs better oversight and policy to adequately safeguard migrants experiencing medical emergencies or illnesses along the southwest border.  According to CBP’s policies, once an individual is in custody, CBP agents and officers are required to conduct health interviews, and “regular and frequent” “welfare checks” to identify individuals who may be experiencing serious medical conditions.  However, CBP could not always demonstrate staff conducted required medical screenings or consistent welfare checks for all 98 individuals whose medical cases we reviewed.  This occurred because CBP did not provide sufficient oversight and clear policies and procedures, or ensure officers and agents were adequately trained to implement medical support policies.  As a result, CBP may not identify individuals experiencing medical emergencies or provide appropriate care in a timely manner.  CBP concurred with all three of our recommendations, which when implemented, should improve medical attention and procedures for migrants at the southwest border. 

>CBP Needs to Strengthen Its Oversight and Policy to Better Care for Migrants Needing Medical Attention
2021
OIG-21-49 We found Border Patrol provided adequate medical assistance to the mother and her newborn, and complied with applicable policies. However, we found that Border Patrol’s data about pregnant detainees is limited and the agency lacks the necessary processes and guidance to reliably track childbirths that occur in custody. In addition, our review of a sample of childbirths in custody showed Border Patrol did not always take prompt action to expedite the release of U.S. citizen newborns, resulting in some being held in stations for multiple days and nights. Although some of these instances may have been unavoidable, Border Patrol needs reliable practices to expedite releases because holding U.S. citizen newborns at Border Patrol stations poses health, safety, and legal concerns. Lastly, we found that Border Patrol agents do not have guidelines on interpreting for Spanish-speaking detainees at hospitals. As a result, an agent assigned to hospital watch for the detainee provided interpretation that may not have comported with CBP’s language access guidance. We made four recommendations to improve CBP’s processes for tracking detainee childbirths, its practices for expediting release of U.S. citizen newborns, and its guidance to agents on providing interpretation for detainees. CBP concurred with all four recommendations

>Review of the February 16, 2020 Childbirth at the Chula Vista Border Patrol Station
2021
OIG-21-47 CBP did not always protect MPC apps from cybersecurity threats.  This occurred because app version updates were not always scanned for vulnerabilities and CBP did not always identify vulnerabilities detected in scans.  CBP also did not complete seven required security and privacy compliance reviews of MPC apps because it did not establish a schedule for the reviews or track and centrally store review documentation.  In addition, CBP did not obtain the information needed for the reviews, had competing priorities, and did not ensure app developers created a process for a required internal audit.  Finally, CBP did not implement Department server configuration requirements for its MPC servers.  We made eight recommendations that, when implemented, should improve the security of CBP’s MPC program.  CBP concurred with all eight recommendations.

>CBP Has Placed Travelers' PII at Risk of Exploitation
2021
OIG-21-45 DHS issued notices to appear (NTA), to MPP participants that were mostly accurate and in accordance with laws and regulations.  However, some NTAs were completed inaccurately.  Specifically, of our sample of 106 NTAs from February 2019 through April 2020, U.S. Customs and Border Protection (CBP) served 20 that did not meet legal sufficiency standards or contained inaccurate information.  However, CBP agents and officers documented proactively issuing 105 of 106 NTAs in our sample in person before returning migrants to Mexico.  If CBP serves a legally insufficient NTA, U.S. Immigration and Customs Enforcement cannot prosecute its removal case if a migrant fails to appear for the initial hearing.  Serving NTAs by mail to migrants in Mexico could result in migrants missing their hearings or the Government’s cases being dismissed or challenged.  We recommended that CBP’s Executive Director of the Office of Field Operations’ Admissibility and Passenger Programs and the Deputy Chief of Border Patrol’s Law Enforcement Operations Directorate develop procedures for quality control and supervisory review of NTAs for MPP enrollees to better ensure that officers and agents fill out the NTAs accurately and completely.  We made one recommendation to improve the accuracy and completeness of NTAs issued to MPP participants.  CBP non-concurred with the recommendation due to it being overcome by events when the program was terminated by the Secretary of Homeland Security on June 1, 2021.  We administratively closed the recommendation.

>CBP Generally Provided Accurate Notices to Appear to Migrant Protection Protocols Enrollees, but Could Improve Procedures to Reduce Future Errors
2021
OIG-21-46 During our unannounced inspection of Adams in Natchez, Mississippi, we identified violations of ICE detention standards that threatened the health, safety, and rights of detainees.  Although Adams generally provided sufficient medical care, we identified one case in which the medical unit examined a sick detainee but did not send the detainee to the hospital for urgent medical treatment, and the detainee died.  We also found the medical unit did not document outcomes of detainee sick calls or ensure proper review and follow-up of detainee test results.  In addressing COVID-19, Adams took some measures to prevent the spread of COVID-19, but detainees did not consistently follow some guidelines, including use of facial coverings and social distancing, which may have contributed to repeated COVID-19 transmissions.  Adams did not meet standards for classification, grievances, segregation, or staff-detainee communications.  Specifically, we discovered a low custody detainee comingled with higher custody detainees, and found the facility did not always identify detainees with special vulnerabilities or those requiring translation services.  Adams also did not respond timely to detainee grievances and was not consistently providing required care for detainees in segregation including access to recreation, legal calls, laundry, linen exchange, mail, legal materials, commissary, law library, and to ICE forms and drop-boxes for detainees to make requests.  In addition, ICE did not consistently respond to detainee requests timely.  Finally, we determined the declining detainee population at Adams resulted in ICE paying more than $17 million for unused bed space under a guaranteed minimum contract.  We made seven recommendations to ICE’s Executive Associate Director of Enforcement and Removal Operations (ERO) to ensure the New Orleans ERO Field Office overseeing Adams addresses identified issues and ensures facility compliance with relevant detention standards.  ICE concurred with all seven recommendations.

>Violations of ICE Detention Standards at Adams County Correctional Center
2021
OIG-21-43 FEMA has not prioritized compliance with the DMA 2000.  According to FEMA officials, the agency has instead focused on immediate needs of disaster operations and other high- profile initiatives necessary to carry out its mission.  As such, FEMA has not published regulations and related policies as required by the Robert T. Stafford Disaster Relief and Emergency Assistance Act (Stafford Act) to reduce repetitive damages to facilities, including the Nation’s roads and bridges.  We made four recommendations to FEMA, including that FEMA should prioritize the DMA 2000 by addressing the unresolved implementation issues and publishing a regulation as required. 

>FEMA Has Not Prioritized Compliance with the Disaster Mitigation Act of 2000, Hindering Its Ability to Reduce Repetitive Damages to Roads and Bridges
2021
OIG-21-44 Specifically, in reviewing 16 contract files, we found files that did not have relevant Federal tax information, were missing information on the contractor’s past performance evaluations, and contained incomplete and inconsistent documentation.  We attribute these deficiencies to FEMA not providing guidance on procedures for implementing Federal regulations to contracting personnel, and the Department of Homeland Security removing guidance from its acquisition manual that is used by component personnel.  As a result of inadequate guidance, FEMA personnel awarded contracts without making fully informed determinations as to whether prospective contractors could meet contract demands.  If contractors cannot meet demands, FEMA may have to cancel contracts it has awarded, which has happened in the past and continues.  In fact, between March and May 2020, FEMA awarded and canceled at least 22 contracts, valued at $184 million, for crucial supplies in response to the national COVID-19 pandemic.  By awarding contracts without ensuring prospective contractors can meet contract demands, FEMA will continue wasting taxpayer dollars and future critical disaster and pandemic assistance will continue to be delayed.  We made one recommendation that, when implemented, should help strengthen FEMA’s responsibility determination process.  The Department concurred with our recommendation. 

>FEMA Must Strengthen Its Responsibility Determination Process
2021
OIG-21-42 FEMA’s Intergovernmental Service Agreement (IGSA) with the Texas General Land Office (TxGLO) was appropriate to ensure direct housing assistance program compliance with applicable laws and regulations.  However, FEMA initiated the IGSA without first developing the processes and controls TxGLO needed to administer the program.  As a result, FEMA and the State had to develop and finalize implementation guidelines after signing the IGSA, delaying TxGLO’s disaster response.  In addition, FEMA disaster personnel had to prepare the necessary guidance, toolkits, and training resources while simultaneously responding to Hurricane Harvey.  Also, FEMA used workarounds and TxGLO set up a separate system, creating additional operational challenges and inefficiencies.  We made three recommendations to improve future state administered direct housing assistance efforts.  FEMA concurred with all three recommendations. 

>FEMA Initiated the Hurricane Harvey Direct Housing Assistance Agreement without Necessary Processes and Controls
2021
OIG-21-41 We determined that FEMA followed applicable laws, regulations, and guidance in its efforts to provide funding for reconstruction of the Vieques’ Community Health Center.  FEMA’s assessment of the funding needs for the project is complete and $39,569,695 (Federal share) was obligated on January 21, 2020 for a full facility replacement.  We did not make any recommendations but announced an audit to assess FEMA’s Public Assistance Program Alternative Procedures process for all permanent work projects.

>FEMA's Efforts to Provide Funds to Reconstruct the Vieques Community Health Center
2021
OIG-21-40 U.S. Immigration and Customs Enforcement (ICE) did not adequately identify and track human trafficking crimes.  Specifically, ICE Homeland Security Investigations (HSI) did not accurately track dissemination and receipt of human trafficking tips, did not consistently take follow-up actions on tips, and did not maintain accurate data on human trafficking. These issues occurred because HSI did not have a cohesive approach for carrying out its responsibilities to combat human trafficking. We made one recommendation to improve ICE’s coordination and human trafficking efforts to assist victims. ICE concurred with our recommendation.

>ICE Faces Challenges in Its Efforts to Assist Human Trafficking Victims
2021
OIG-21-39 We determined that the Transportation Security Administration (TSA) did not manage the Recruitment and Hiring (R&H) contract in a fiscally responsible manner.  Specifically, TSA did not properly plan contract requirements prior to awarding the contract and did not develop accurate cost estimates for all contract modifications.  We recommended TSA establish a cross-functional requirements working group for planning and awarding the R&H re-compete efforts as well as other Personnel Futures Program contract requirements.  The working group should develop a holistic and forward-thinking acquisition strategy, as well as implement a comprehensive process for reviewing and determining requirements.  We also recommended TSA ensure Human Capital improves contract management activities including, but not limited to, requirements planning and realistic cost estimate development by obtaining additional expert resources or leveraging existing expertise.  We made two recommendations to improve TSA’s contract management.  TSA concurred with both recommendations.

>TSA Needs to Improve Its Oversight for Human Capital Contracts
2021
OIG-21-38 We determined DHS had not yet strengthened its cybersecurity posture by implementing a Continuous Diagnostics and Mitigation (CDM) Program.  DHS spent more than $180 million between 2013 and 2020 to design and deploy a department-wide continuous monitoring solution but faced setbacks.  DHS initially planned to deploy its internal CDM solution by 2017 using a “One DHS” approach that restricted components to a standard set of common tools.  We attributed DHS’ limited progress to an unsuccessful initial implementation strategy, significant changes to its deployment approach, and continuing issues with component data collection and integration.  As of March 2020, DHS had developed a key element of the program, its internal CDM dashboard.  However, the dashboard contained less than half of the required asset management data.  As a result, the Department cannot leverage intended benefits of the dashboard to manage, prioritize, and respond to cyber risks in real time.  Finally, we identified vulnerabilities on CDM servers and databases.  This occurred because DHS did not clearly define patch management responsibilities and had not yet implemented required configuration settings.  Consequently, databases and servers could be vulnerable to cybersecurity attack, and the integrity, confidentiality, and availability of the data could be at risk.  We made three recommendations for DHS to update its program plan, address vulnerabilities, and define patch management responsibilities

>DHS Has Made Limited Progress Implementing the Continuous Diagnostics and Mitigation Program
2021