Audits, Inspections, and Evaluations

Report Number	Title	Issue Date Sort ascending	Fiscal Year
OIG-21-14	Ineffective Implementation of Corrective Actions Diminishes DHS' Oversight of Its Pandemic Planning	12/21/2020	2021
OIG-21-13	CBP's Configuration Management Practices Did Not Effectively Prevent System Outage	12/21/2020	2021
OIG-21-12	ICE Needs to Address Prolonged Administrative Segregation and Other Violations at the Imperial Regional Detention Facility	12/18/2020	2021
OIG-21-11	TSA Needs to Improve Management of the Quiet Skies Program (REDACTED)	11/25/2020	2021
OIG-21-10	FEMA Should Disallow $12.2 Million in Disaster Case Management Program Grant Funds Awarded to New York for Hurricane Sandy	11/18/2020	2021
OIG-21-09	DHS Components Have Not Fully Complied with the Department's Guidelines for Implementing the Lautenberg Amendment	11/13/2020	2021
OIG-21-08	Independent Auditors' Report on DHS' FY 2020 Financial Statements and Internal Control over Financial Reporting	11/13/2020	2021
OIG-21-07	Major Management and Performance Challenges Facing the Department of Homeland Security	11/10/2020	2021
OIG-21-06	DHS Privacy Office Needs to Improve Oversight of Department-wide Activities, Programs, and Initiatives	11/04/2020	2021
OIG-21-04	Modernization has improved the Federal Emergency Management Agency’s (FEMA) Federal Insurance and Mitigation Administration (FIMA) ability to timely process policies and claims data, enhanced reporting capabilities, and provided more reliable address validation. Despite these improvements, the transition to PIVOT did not resolve longstanding data reliability issues, as FIMA migrated the vast majority of its historical legacy data, including errors, into the PIVOT system. FIMA also deployed PIVOT without adequate controls to prevent potentially erroneous transactions from being recorded in the system. We made three recommendations to improve the quality of data in the modernized NFIP system and educate stakeholders on data quality issues that exist in historical NFIP data. FEMA concurred with all three recommendations. >FIMA Made Progress Modernizing Its NFIP System, but Data Quality Needs Improvement	11/02/2020	2021
OIG-21-05	Management Alert - FPS Did Not Properly Designate DHS Employees Deployed to Protect Federal Properties under 40 U.S.C. § 1315(b)(1)	11/02/2020	2021
OIG-21-03	We found violations of U.S. Immigration and Customs Enforcement (ICE) detention standards undermining the protection of detainees’ rights and the provision of a safe and healthy environment. Although the Howard County Detention Center (HCDC) generally complied with ICE detention standards regarding communication, it did not meet the standards for detainee searches, food service, and record requirements for segregation and medical grievances. We determined HCDC excessively strip searched ICE detainees when leaving their housing unit to attend activities within the facility, in violation of ICE detention standards and the facility’s own search policy. In addition, HCDC failed to provide detainees with two hot meals per day, as required. For those in segregation, HCDC did not document that detainees received three meals per day and daily medical visits. Further, HCDC did not properly document the handling of detainee medical grievances. We made two recommendations to ICE’s Executive Associate Director of Enforcement and Removal Operations (ERO) to ensure the Baltimore ERO Field Office overseeing HCDC addresses identified issues and ensures facility compliance with relevant detention standards. ICE concurred with both recommendations and is implementing a corrective action plan to address the concerns we identified. >ICE Needs to Address Concerns About Detainee Care and Treatment at the Howard County Detention Center	10/28/2020	2021
OIG-21-02	In 2018, senior DHS and U.S. Customs and Border Protection (CBP) leaders issued public statements urging undocumented aliens seeking asylum to enter the United States legally at ports of entry, while also directing ports of entry to focus on other priority missions and institute practices to limit the number of undocumented aliens processed at ports of entry. CBP Office of Field Operations (OFO) personnel at 24 Southwest Border ports of entry implemented a practice known as queue management, where an officer manned a “limit line” position at or near the U.S.-Mexico border to control the number of undocumented aliens entering the port. We identified that seven of these ports stopped processing virtually all undocumented aliens, including asylum seekers, by redirecting them to other ports located miles away. This redirection contravenes CBP’s longstanding practice to process all aliens at a “Class A” port of entry or reclassify the port of entry. Additionally, CBP officers at four ports returned undocumented aliens to Mexico despite a legal requirement to process asylum claims of aliens that are physically present in the United States. We made three recommendations aimed at bringing CBP’s practices in line with Federal law and regulations and promoting efficient processing of undocumented aliens. CBP concurred with two of the recommendations and did not concur with one. CBP defended its decision to redirect undocumented aliens at seven ports citing the availability of operational capacity and resources and the need to maintain a discretionary balance between mission requirements at each port. >CBP Has Taken Steps to Limit Processing of Undocumented Aliens at Ports of Entry	10/27/2020	2021
OIG-21-01	DHS Has Secured the Nation's Election Systems, but Work Remains to Protect the Infrastructure	10/22/2020	2021
OIG-20-80	DHS has not effectively managed and coordinated Department resources for its Joint Task Forces (JTFs). Specifically, DHS has not maintained oversight authority through changes in leadership, implemented and updated policies and procedures, identified optimal JTF staffing levels and resources, and established a process to capture total allocated costs associated with JTFs. In addition, DHS has not fully complied with public law requirements to report to Congress on JTFs’ cost and impact, establish outcome-based performance metrics, and establish and maintain a joint duty training program. We recommended the DHS Secretary designate a department-level office to manage and oversee JTFs and address public law requirements. We made seven recommendations to improve DHS’ management and oversight of its JTFs and ensure compliance with legislative requirements. DHS provided a management response, but declined to comment, since the Acting Secretary is currently reviewing the status and future of the JTFs >DHS Cannot Determine the Total Cost, Effectiveness, and Value of Its Joint Task Forces	09/30/2020	2020
OIG-20-77	Evaluation of DHS' Information Security Program for Fiscal Year 2019	09/30/2020	2020
OIG-20-79	U.S. Customs and Border Protection (CBP) cannot ensure its Entry Reconciliation Program reporting is accurate or complies with requirements. Specifically, CBP did not always validate importers’ self-reported final values of imports when it assessed duties and fees because it did not require importers to substantiate self-reported merchandise values with source documentation. In addition, CBP did not always follow its policies when conducting reviews of reconciliation entries because its Standard Operating Procedures had been implemented differently across all ports of entry. Finally, CBP missed opportunities to collect additional revenue when it did not assess monetary liquidated damages for importers that filed reconciliation entries late or not at all. This occurred because CBP’s controls were insufficient to ensure the ports properly assess liquidated damages for importers who file reconciliations late or not at all. CBP’s actions compromised the integrity of the Entry Reconciliation Program and, as such, may have put approximately $751 million of revenue, in the form of reconciliation refunds, at risk. We made four recommendations to improve the overall effectiveness of the program. CBP concurred with three of our four recommendations. >CBP's Entry Reconciliation Program Puts Revenue at Risk	09/30/2020	2020
OIG-20-75	CBP Does Not Have a Comprehensive Strategy for Meeting Its LS-NII Needs	09/28/2020	2020
OIG-20-78	U.S. Customs and Border Protection (CBP) quickly deployed funding for consumables and medical services to address the needs of migrants in its custody along the southwest border, but did not adequately plan to ensure it used fiscal year 2019 funds effectively. Specifically, U.S. Border Patrol’s process did not adequately ensure taxpayer funds were used to purchase items required to meet migrants’ basic needs as Congress intended. Additionally, CBP relied on a single contracting officer’s representative, rather than onsite personnel, to oversee its medical contract because it did not include onsite monitoring when expanding the contract across multiple sectors. We made four recommendations to CBP to improve its consumables reimbursement process and medical contract oversight. CBP concurred with all four recommendations. >CBP Did Not Adequately Oversee FY 2019 Appropriated Humanitarian Funding	09/28/2020	2020
OIG-20-74	The Cybersecurity and Infrastructure Security Agency (CISA) increased the number of Automated Indicator Sharing (AIS) participants as well as the volume of cyber threat indicators it has shared since the program’s inception in 2016. However, CISA made limited progress in improving the overall quality of information it shares with AIS participants to effectively reduce cyber threats and protect against attacks. The lack of progress can be attributed to the limited number of AIS participants sharing cyber indicators with CISA, delays in receiving cyber threat intelligence standards, and insufficient staff. To be more effective, CISA should hire the staff it needs to provide outreach, guidance, and training. We made four recommendations to CISA to enhance the program’s overall effectiveness and cyber threat information sharing. CISA concurred with all four recommendations. >DHS Made Limited Progress to Improve Information Sharing under the Cybersecurity Act in Calendar Years 2017 and 2018	09/25/2020	2020
OIG-20-76	The Federal Emergency Management Agency (FEMA) mismanaged the distribution of commodities in response to Hurricanes Irma and Maria in Puerto Rico. FEMA lost visibility of about 38 percent of its commodity shipments to Puerto Rico, worth an estimated $257 million. Commodities successfully delivered to Puerto Rico took an average of 69 days to reach their final destinations. Inadequate FEMA contractor oversight contributed to the lost visibility and delayed commodity shipments. FEMA did not use its Global Positioning System transponders to track commodity shipments, allowed the contractor to break inventory seals, and did not ensure documented proof of commodity deliveries. Given lost visibility and delayed shipments, FEMA cannot ensure it provided commodities to Puerto Rico disaster victims as needed to sustain life and alleviate suffering as part of its response and recovery mission. In addition, FEMA’s mismanagement of transportation contracts included multiple contracting violations and policy contraventions that ultimately led to contract overruns of about $179 million and at least $50 million of questioned costs. We made five recommendations that, if implemented, should improve FEMA’s management and oversight of its disaster response activities. FEMA concurred with four of the five recommendations. Recommendations 1 through 4 are considered open and resolved. Recommendation 5 is considered resolved and closed >FEMA Mismanaged the Commodity Distribution Process in Response to Hurricanes Irma and Maria	09/25/2020	2020
OIG-20-73	DHS has not fulfilled most of the 13 responsibilities of the Geospatial Data Act. To comply with one responsibility, DHS has a Geospatial Information Officer and a dedicated Geospatial Management Office whose duties include overseeing the Act’s implementation and to coordinate with other agencies. However, DHS has only partially met, or not met, the remaining 12 responsibilities in the Act. DHS’ lack of progress in complying with the responsibilities outlined in the Act can be attributed to multiple external and internal factors. External factors include the need for additional guidance from the Federal Geographic Data Committee and the Office of Management and Budget to properly interpret and implement certain responsibilities. Internal factors include competing priorities that diverted resources away from fulfilling the Act’s 13 responsibilities. We made three recommendations that focus on increasing the resources necessary to comply with DHS’ 13 responsibilities under the Act. The Department concurred with all three recommendations. >DHS Faces Challenges in Meeting the Responsibilities of the Geospatial Data Act of 2018	09/24/2020	2020
OIG-20-71	U.S. Customs and Border Protection (CBP) did not adequately safeguard sensitive data on an unencrypted device used during its facial recognition technology pilot (known as the Vehicle Face System). A subcontractor working on this effort, Perceptics, LLC, transferred copies of CBP’s biometric data, such as traveler images, to its own company network. The subcontractor obtained access to this data without CBP’s authorization or knowledge, and compromised approximately 184,000 traveler images from CBP’s facial recognition pilot. Later in 2019, the Department of Homeland Security experienced a major privacy incident, as the subcontractor’s network was subjected to a malicious cyber attack. While CBP and DHS took immediate action to mitigate the data breach, we attribute this incident to the subcontractor violating numerous DHS security and privacy protocols for safeguarding sensitive data. Consequently, this incident may damage the public’s trust in the Government’s ability to safeguard biometric data, and may result in travelers’ reluctance to permit DHS to capture and use their biometrics at U.S. ports of entry. We made three recommendations to aid CBP in addressing the vulnerabilities that caused the 2019 data breach, and to better mitigate future incidents through greater oversight of third-party partners. CBP concurred with all three recommendations. >Review of CBP's Major Cybersecurity Incident During a 2019 Biometric Pilot	09/21/2020	2020
OIG-20-72	Oversight Review of the Office of the Chief Security Officer, Internal Security Division	09/21/2020	2020
OIG-20-63	As of October 2016, the Recovery School District in Louisiana (RSD) had received a $1.5 billion Public Assistance grant from Louisiana, a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Katrina. We examined $1.3 billion for a consolidated project as part of the total amount awarded. In some instances, RSD accounted for and expended portions of the $1.3 billion in Public Assistance grant funds we reviewed according to Federal regulations. However, FEMA improperly awarded $216.2 million to repair or replace more than 292 Orleans Parish school facilities in RSD. We made eight recommendations to FEMA to de-obligate $216.2 million of ineligible costs; follow Federal regulations and FEMA guidelines; and re-evaluate documented proof of assessments for the 35 identified projects and reclassify them, as appropriate, to repair-eligible, and de-obligate the cost difference. FEMA concurred with recommendations 2 through 7 but did not concur with recommendations 1 and 8. We consider recommendations 2 through 7 resolved and open; recommendations 1 and 8 are unresolved and open. >FEMA Should Recover $216.2 Million Awarded to the Recovery School District in Louisiana for Hurricane Katrina	09/15/2020	2020
OIG-20-68	The Federal Emergency Management Agency (FEMA) is not adequately managing severe repetitive loss (SRL) properties covered by the National Flood Insurance Program (NFIP). FEMA has not established an effective program to reduce or eliminate damage to SRL properties and disruption to life caused by the repeated flooding. Primarily, FEMA does not have reliable, accurate information about SRL properties. Secondly, FEMA’s Flood Mitigation Assistance (FMA) program, which aims to mitigate flood damage for NFIP policyholders, provides neither equitable nor timely relief for SRL applicants. We made three recommendations to FEMA to ensure the accuracy of the SRL list, as well as equitable and timely distribution of mitigation funding, and promoting the use of National Flood Insurance Program (NFIP) Increased Cost of Compliance coverage. FEMA concurred with all three of the recommendations >FEMA Is Not Effectively Administering a Program to Reduce or Eliminate Damage to Severe Repetitive Loss Properties	09/08/2020	2020
OIG-20-69	We surveyed staff at Border Patrol stations and OFO ports of entry from April 22, 2020 to May 1, 2020. The 136 Border Patrol stations and 307 OFO ports of entry that responded to our survey described various actions they have taken to prevent and mitigate the pandemic’s spread among travelers, detained individuals, and staff. These actions include increased cleaning and disinfecting of common areas, and having personal protective equipment for staff, as well as supplies available to those individuals with whom they come into contact. However, facilities reported concerns with their inability to practice social distancing and the risk of exposure to COVID-19 due to the close-contact nature of their work. Regarding staffing, facilities reported decreases in current staff availability due to COVID-19, but have contingency plans in place to ensure continued operations. The facilities expressed concerns regarding staff availability, however, if there were an outbreak of COVID-19 at the facility. Overall, the majority of respondents reported that their facilities were prepared to address COVID-19. >Early Experiences with COVID-19 at Border Patrol Stations and OFO Ports of Entry	09/04/2020	2020
OIG-20-70	Management Alert - CBP Needs to Award A Medical Services Contract Quickly to Ensure No Gap in Services	09/03/2020	2020
OIG-20-67	During our unannounced inspections of five U.S. Customs and Border Protection (CBP) facilities in the Laredo and San Antonio areas of Texas in February 2020, three Border Patrol stations and two Office of Field Operation ports of entry we visited appeared to be operating in compliance with the Transport, Escort, Detention, and Search (TEDS) standards we evaluated. We verified accessibility to water, food, toilets, sinks, basic hygiene supplies, and bedding. We observed clean facilities and verified that temperatures and ventilation in holding rooms were appropriate. Of the five facilities we visited, only one could provide on-site showers to detainees, but during our visits, no detainees were approaching the detention time threshold where a shower would be required. Because Border Patrol leadership directed all Border Patrol stations to implement Phase 2 of the enhanced medical screening ahead of the prescribed schedule outlined in CBP Directive 2100-004, the Border Patrol stations we visited were conducting alien intake health assessments using CBP Form 2500. These Ports of Entry had implemented Phase 1, but were not yet required to conduct Phase 2 assessments at the time of our inspection. We did not make any recommendations in this report. >Five Laredo and San Antonio Area CBP Facilities Generally Complied with the National Standards on Transport, Escort, Detention, and Search	09/01/2020	2020
OIG-20-66	DHS components used inconsistent processes for administrative forfeitures under the Civil Asset Forfeiture Reform Act of 2000 (CAFRA). Specifically, we found inconsistencies among DHS components regarding the forms used to notify property owners and the process for responding to claims. Further, CBP inappropriately used waivers to extend deadlines for responding to claims. We recommended DHS implement a department-wide structure to oversee component forfeiture activities across DHS by designating an office at headquarters for this role. Additionally, DHS should develop Department-wide policies and procedures, as well as review component policies, to ensure forfeiture processes and practices are consistent. We made two recommendations to improve oversight across DHS and provide consistent processes for handling administrative forfeitures. DHS concurred with recommendation two, which we consider resolved and open, but did not concur with recommendation one, which is unresolved and open. >DHS Inconsistently Implemented Administrative Forfeiture Authorities Under CAFRA	08/27/2020	2020
OIG-20-64	We determined CBP’s use of tear gas on these dates, in response to physical threats, appeared to be within CBP’s use of force policy. However, U.S. Border Patrol obtained an acoustic device and used it in an “alert tone” mode on November 25, 2018, which did not conform to CBP’s Use of Force policy because Border Patrol did not get advance authorization to have a device with this capability. CBP’s Use of Force policy would have permitted use of the alert tone in a manner reasonable and necessary for self-defense or the defense of another person in threatening, emergent situations. However, the policy does not authorize the carrying of any weapon for duty use that is not authorized, included on the Authorized Equipment List, or specifically approved by the LESC director. Using the acoustic device in alert mode may increase the risk of temporary or permanent hearing loss to those exposed to the sound and thereby increase the Government’s liability. CBP’s own internal investigation of the November 25, 2018 incident regarding the acoustic device was incomplete and inaccurate and did not provide all the information CBP needed to determine whether the CBP officer and Border Patrol agents involved had complied with the use of force policy. In addition, not all Border Patrol agents had the required training and certification to carry less-lethal devices. This occurred because Border Patrol lacked internal controls to ensure agents had fulfilled these requirements. Border Patrol agents using less-lethal devices for which they are not certified could result in unintended serious injury or death, increasing the Government’s liability. We made four recommendations to CBP to ensure compliance with its Use of Force policy and improve its investigative process. CBP concurred with all four recommendations. >U.S. Customs and Border Protection Compliance with Use of Force Policy for Incidents on November 25, 2018 and January 1, 2019 - Law Enforcement Sensitive	08/24/2020	2020
OIG-20-65	We determined that children brought to Port Isabel on July 15, 2018, waited extended periods, and in many cases overnight, to be reunited with their parents. U.S. Immigration and Customs Enforcement (ICE) was not prepared to promptly reunify all children who arrived at Port Isabel on the first day of attempted mass reunifications. ICE and U.S. Health and Human Services had fundamentally different understandings about the timing and pace of reunifications, and ICE personnel at Port Isabel underestimated the resources necessary to promptly out-process the parents of arriving children. As a result, some children waited in vehicles at Port Isabel, while others waited in unused detention cells, though all children were in climate-controlled environments and had continuous access to food, water, and restrooms. As the mass reunifications continued, ICE personnel responded to processing and space issues, which generally resulted in shorter wait times for children who arrived at Port Isabel closer to the court’s July 26, 2018 deadline. The report contains no recommendations. >Children Waited for Extended Periods in Vehicles to Be Reunified with Their Parents at ICE's Port Isabel Detention Center in July 2018	08/19/2020	2020
OIG-20-59	determined ICE’s Homeland Security Investigations (HSI) is effectively contributing to the Federal Bureau of Investigation’s (FBI) Joint Terrorism Task Force (JTTF) counterterrorism efforts by leveraging its authorities, experience, skills, and staffing. However, existing agreements and guidance on HSI’s participation in the JTTF and its terrorism financing investigations are outdated. Additionally, we determined existing agreements and policy impose restrictions that delay and hinder sharing and access to information in the JTTF. We recommended DHS JTTF contributors evaluate and update agreements governing JTTF participation as needed. HSI should renegotiate and update the 2003 agreement on terrorism financing, as well as update its related guidance accordingly. We also recommended DHS coordinate with Department of Justice and Department of State, as well as within the DHS, to develop agreements to allow for the more direct sharing of critical investigative information. We made five recommendations that aim to improve counterterrorism efforts and information sharing. DHS concurred with two recommendations and non-concurred with three. >HSI Effectively Contributes to the FBI’s Joint Terrorism Task Force, But Partnering Agreements Could Be Improved (REDACTED)	08/13/2020	2020
OIG-20-62	Since 2017, DHS has continued to make progress in meeting its Digital Accountability and Transparency Act of 2014 (DATA Act) reporting requirements, but challenges remain. To enable more effective tracking of Federal spending, DHS must continue to take action to accurately align its budgetary data with the President’s budget, reduce award misalignments across DATA Act files, improve the timeliness of financial assistance reporting, implement and use government-wide data standards, and address risks to data quality. Without these actions, DHS will continue to experience challenges in meeting its goal of achieving the highest possible data quality for submission to USAspending.gov. We made five recommendations to help strengthen DHS’ controls for ensuring complete, accurate, and timely spending data. The Department concurred with all five recommendations. >DHS Has Made Progress in Meeting DATA Act Requirements, But Challenges Remain	08/13/2020	2020
OIG-20-60	The Federal Emergency Management Agency’s (FEMA) Individuals and Households Program (IHP) has no assurance of applicants’ eligibility for Small Business Administration (SBA) Dependent Other Needs Assistance (ONA) payments. According to OMB Circular A-123, Appendix C, when documentation or verification is non-existent to support eligibility payment decisions it must be considered improper. FEMA did not collect sufficient income and dependent documentation or verify self-reported information to determine whether applicants below the income threshold, known as Failed Income Test (FIT), were eligible for SBA Dependent ONA payments. FEMA believed requiring documentation or verification would delay the disbursement of assistance and relied on an honor system to make eligibility and payment decisions. We determined, according to FEMA-provided data, it has paid, and we are questioning, the more than $3.3 billion in improper payments to applicants deemed as FIT for SBA Dependent ONA since 2003. Additionally, FEMA has not evaluated the program risk associated with not collecting or verifying income information. Per Federal requirements, agencies must conduct risk assessments to determine whether programs are susceptible to improper payments. Rather, FEMA assessed IHP at the overall program level and did not specifically evaluate each IHP form of assistance, such as SBA Dependent ONA. These weaknesses have allowed applicants self-certifying income and dependent information to receive less oversight, despite posing the greatest risk for improper payments. FEMA cannot assure Congress and taxpayers it is a prudent steward of Federal resources, and adequately assesses the risks of improper payments. FEMA did not concur with all three report recommendations. Therefore, these recommendations are considered unresolved and open. >FEMA Has Paid Billions in Improper Payments for SBA Dependent Other Needs Assistance since 2003	08/12/2020	2020
OIG-20-44	We identified debris removal contract performance issues and concerns. In the report, we discuss our observations regarding the use of pre-disaster debris removal contracts in Florida following Hurricane Irma. We also emphasize how FEMA can benefit from implementing effective controls to track systemic issues after a disaster and ensure FEMA follows procedures for uploading required documentation to support debris removal costs for proper grant management. The report contains no recommendations. >Pre-Disaster Debris Removal Contracts in Florida	08/11/2020	2020
OIG-20-61	The DHS Chief Information Officer (CIO) and most component CIOs had conducted strategic planning efforts to help prioritize legacy Information Technology (IT) systems and infrastructure to better accomplish mission goals. However, due to a lack of standard guidance and funding, not all components have complied with or fully embraced Department-wide IT modernization initiatives to adopt cloud-based computing, and to consolidate data centers. Meanwhile, DHS continues to rely on deficient and outdated IT systems to perform mission-critical operations. Additionally, DHS has not yet leveraged the Modernizing Government Technology Act mandate to accelerate ongoing IT modernization efforts, as DHS and its components questioned whether the benefits of the Act outweighed the additional effort needed to use the resources provided under the Act. Until DHS addresses these issues, it will continue to face significant challenges to accomplish mission operations efficiently and effectively. We made three recommendations for the DHS OCIO to develop guidance for implementing cloud technology and migrating legacy IT systems to the cloud, coordinate with components to develop and finalize a data center migration approach, and establish a process to assign risk ratings for major legacy IT investments. The Department concurred with all three recommendations. >Progress and Challenges in Modernizing DHS' IT Systems and Infrastructure	08/10/2020	2020
OIG-20-58	The Federal Emergency Management Agency did not properly award or oversee its contract with Corporate Lodging Consultants (CLC) to administer disaster survivors’ hotel stays. These deficiencies occurred because FEMA officials did not ensure staff responsible for the Transitional Sheltering Assistance (TSA) contract award and oversight had the guidance and training they needed to be effective. As a result, FEMA released personally identifiable information for about 2.3 million disaster survivors, increasing the survivors’ risk to identity theft. We made six recommendations that when implemented should strengthen FEMA contracting and compliance with Federal Acquisition Regulations and DHS requirements. FEMA concurred with all six of our recommendations. >FEMA Did Not Properly Award and Oversee the Transitional Sheltering Assistance Contract	08/05/2020	2020
OIG-20-55	U.S. Customs and Border Protection (CBP) does not comprehensively plan and conduct its covert testing, use test results to address vulnerability, or widely share lessons learned. CBP’s two covert testing groups do not use risk assessments or intelligence to plan and conduct covert tests at ports of entry and U.S. Border Patrol checkpoints, do not plan coordinated tests, and do not design system-wide tests. This occurred because CBP has not provided adequate guidance on risk- and intelligence-based test planning, directed the groups to coordinate, given them the required authority, or established performance goals and measures for covert testing. Following testing, CBP does not widely share covert test results, consistently make recommendations, or ensure corrective actions are taken. Results are not widely shared because CBP has not defined roles and responsibilities for such sharing. Covert testing groups do not make recommendations or ensure corrective actions are implemented due to insufficient authority and policies directing these actions. Finally, CBP does not effectively manage covert testing groups to ensure data reliability, completeness, and compliance with security requirements due to leadership changes and limited staff. Without comprehensive planning, incorporating lessons learned from test results, and program management accountability, CBP cannot ensure it addresses vulnerabilities, which may be exploited and threaten national security. We recommended CBP develop policies and procedures for conducting covert testing and assign roles and responsibilities for oversight of covert testing groups. We made seven recommendations that will strengthen its covert testing program. CBP concurred with all seven recommendations. >CBP Needs a Comprehensive Process for Conducting Covert Testing and Resolving Vulnerabilities - (REDACTED)	07/28/2020	2020
OIG-20-57	The Puerto Rico Electric Power Authority (PREPA) complied with Federal procurement requirements for its noncompetitive procurement of the Whitefish contract. However, the contract costs may not have complied with Federal cost principles that costs must be reasonable to be eligible for Federal awards. PREPA’s oversight of the Cobra contract did not comply with PA program guidelines. Finally, FEMA’s Public Assistance grant to PREPA for the Cobra contract did not fully comply with PA program guidelines. We made two recommendations for FEMA to provide technical assistance to Puerto Rico to ensure compliance with Federal regulations and PA program guidelines. We made two other recommendations for FEMA to develop guidance to verify its subrecipients’ oversight of time and material contracts and determine the reasonableness and eligibility of time and material contract costs. FEMA concurred with three of the recommendations and did not concur with one recommendation. >FEMA's Public Assistance Grant to PREPA and PREPA's Contracts with Whitefish and Cobra Did Not Fully Comply with Federal Laws and Program Guidelines	07/27/2020	2020
OIG-20-56	DHS generally met deadlines for responding to simple Freedom of Information Act (FOIA) requests, it did not do so for most complex requests. A significant increase in requests received, coupled with resource constraints, limited DHS’ ability to meet production timelines under FOIA, creating a litigation risk for the Department. Additionally, DHS has not always fully documented its search efforts, making it difficult for the Department to defend the reasonableness of the searches undertaken. With respect to responding to congressional requests, we determined DHS has established a timeliness goal of 15 business days or less; however, on average, it took DHS nearly twice as long to provide substantive responses to Congress, with some requests going unanswered for up to 450 business days. Further, DHS redacted personal information in its responses to congressional committee chairs even when disclosure of the information was statutorily permissible. This was a descriptive report and contained no recommendations. In its response, DHS acknowledged FOIA backlogs remain a problem, despite increasing requests processed. DHS stated its process responding to congressional requests varies greatly and that its redactions are appropriate. >DHS' Process for Responding to FOIA and Congressional Requests	07/23/2020	2020
OIG-20-50	We contracted this audit with Cotton & Company LLP, which found that FEMA did not ensure the Florida Department of Emergency Management (FDEM) monitored the Polk County School Board (PCSB) to ensure it established and implemented policies, procedures, and practices to account for and expend PA grant funding in accordance with Federal regulations and FEMA guidance. For example, PCSB was unable to support $46,168 in food spoilage costs; requested and received funding through a Florida Public Assistance grant for ineligible contract costs incurred under Project 2658 for debris removal and related costs; and charged $897 in unallowable costs associated with ineligible fringe benefits for substitute employees. We made 13 recommendations that, when implemented, should improve PCSB’s management of FEMA Public Assistance funds. FEMA concurred with our 13 recommendations. >Early Warning Audit of FEMA Public Assistance Grants to Polk County School Board, Florida	07/20/2020	2020
OIG-20-54	U.S. Immigrations and Customs Enforcement (ICE) does not follow its written policy when conducting disciplinary reviews of Senior Executive Employees (SES) employees, which risks creating an appearance that SES employees receive more favorable treatment than non-SES employees. We reviewed the disciplinary proceedings of the former SES official to evaluate whether ICE’s deviation from the written policy, or any other evidence, in that case indicated that the official received favorable treatment, as alleged. We did not find evidence of actual favoritism or inappropriate influence in the official’s disciplinary or security clearance review processes. We recommended that ICE finalize and issue its draft policy documenting the process for disciplining SES members. We made one recommendation that will enhance transparency in ICE’s disciplinary program. ICE concurred with our recommendation and took action to resolve and close it. >Special Report - ICE Should Document Its Process for Adjudicating Disciplinary Matters Involving Senior Executive Service Employees	07/20/2020	2020
OIG-20-51	We contracted this audit with Cotton & Company LLP, which found that FEMA did not ensure Monroe County, Florida (the County) established and implemented policies, procedures, and practices to ensure it accounted for and expended Public Assistance program grant funds awarded to disaster areas in accordance with Federal regulations and FEMA guidance. Specifically, the County did not allocate anticipated and actual insurance proceeds totaling $5 million to reduce FEMA’s share of disaster costs; charged $265,928 for ineligible stand-by time and other ineligible expenses; and requested $84,681 in unsupported and ineligible costs for multiple tasks including clearing emergency access and costs related to flooding. Additionally, the County overstated $34,378 in force account labor costs that were unreasonable and therefore ineligible for grant funding; overpaid a debris removal contractor, resulting in $2,403 in ineligible costs; and charged $1,080 to PW 1512 for security costs that were unsupported and are therefore ineligible for grant funding. We made 18 recommendations that that, when implemented, should improve Monroe County, Florida’s management of FEMA Public Assistance funds. FEMA concurred with our 18 recommendations. >Early Warning Audit of FEMA Public Assistance Grants in Monroe County, Florida	07/17/2020	2020
OIG-20-53	According to the Securing Our Agriculture and Food Act (SAFA), the program should provide oversight, lead policy initiatives, and coordinate with DHS components and Federal agencies. However, the Countering Weapons of Mass Destruction Office (CWMD) has not yet carried out a program to meet SAFA’s requirements. This occurred because CWMD believes it does not have clearly defined authority from the Secretary to carry out the requirements of the SAFA. In addition, since its establishment in December 2017, CWMD has not prioritized SAFA requirements but instead has focused its resources on other mission areas. As a result, CWMD has limited awareness of DHS’ ongoing efforts and cannot ensure it is adequately prepared to respond to a terrorist attack against the Nation’s food, agriculture, or veterinary systems. We made three recommendations to DHS’ CWMD to improve oversight, policy initiatives, and coordination of the Department’s efforts to protect the Nation’s food, agriculture, and veterinary systems. >DHS Is Not Coordinating the Department's Efforts to Defend the Nation's Food, Agriculture, and Veterinary Systems against Terrorism	07/16/2020	2020
OIG-20-47	Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems for Fiscal Year 2019	07/15/2020	2020
OIG-20-48	We contracted this audit with Cotton & Company LLP, which found that FEMA did not ensure Lee County, Florida (the County) established and implemented policies, procedures, and practices to ensure it accounted for and expended PA program grant funds awarded to disaster areas in accordance with Federal regulations and FEMA guidance. Specifically, the County requested FEMA funding for $994,425 in unsupported force account labor, equipment, and materials; was unable to provide supporting documentation for $16,210 in costs incurred to operate an emergency shelter; did not maintain adequate documentation to support $267,452 in costs incurred for road repair services; did not include all required provisions in its contracts to obtain disaster recovery services related to Hurricane Irma; and had not evaluated the risk of subrecipients’ noncompliance with Federal requirements, obtained subrecipient audit reports, or developed plans for monitoring subrecipients. We made nine recommendations that, when implemented, should improve Lee County, Florida’s management of FEMA Public Assistance funds. FEMA concurred with all nine recommendations. >Early Warning Audit of FEMA Public Assistance Grants to Lee County, Florida	07/15/2020	2020
OIG-20-52	U.S. Customs and Border Protection has not demonstrated the acquisition capabilities needed to effectively execute the Analyze/Select Phase of the Wall Acquisition Program. Specifically, CBP did not conduct an Analysis of Alternatives to assess and select the most effective, appropriate, and affordable solutions to obtain operational control of the southern border as directed, but instead relied on prior, outdated border solutions to identify materiel alternatives for meeting its mission requirement. CBP did not use a sound, well-documented methodology to identify and prioritize investments in areas along the border that would best benefit from physical barriers. Additionally, the Department did not complete the required plan to execute the strategy to obtain and maintain control of the southern border, as required by its Comprehensive Southern Border Security Study and Strategy. Without an Analysis of Alternatives, a documented and reliable prioritization process, or a plan, the likelihood that CBP will be able to obtain and maintain complete operational control of the southern border with mission-effective, appropriate, and affordable solutions is diminished. We made three recommendations to improve CBP’s ongoing investments for obtaining operational control of the southern border. DHS concurred with recommendation 2 but did not concur with recommendations 1 and 3. >CBP Has Not Demonstrated Acquisition Capabilities Needed to Secure the Southern Border	07/14/2020	2020
OIG-20-49	We determined that the city of Houston has adequate policies, procedures, and business practices that comply with Federal procurement regulations and FEMA guidelines to expend FEMA grant funds. We found Houston may have inappropriately included the $73.8 million cost of Houston First Corporation’s (Houston First) disaster damages in its damage estimate, even though it was not an eligible applicant for them. We did not examine procurement policies and procedures related to Houston First because the entity was outside the scope of our audit. During the audit, FEMA acknowledged it would reiterate in writing to the City of Houston the importance of proper oversight for all procurements executed by Houston First. This report contains no recommendations. >Houston, Texas Has Adequate Policies, Procedures, and Business Practices to Manage Its FEMA Grant	07/14/2020	2020
OIG-20-46	We contracted this audit with Cotton & Company LLP, which found FEMA did not ensure Collier County, Florida (the County) established and implemented policies, procedures, and practices to account for and expend Public Assistance (PA) program grant funds awarded in disaster areas in accordance with Federal regulations and FEMA guidance. Specifically, the County could not provide documentation to support $4,602 in force account costs claimed. Additionally, the subrecipient monitoring process needs improvement. The State has not evaluated the risk of subrecipients’ noncompliance with Federal requirements, obtained subrecipient audit reports, or developed plans for monitoring subrecipients. We made four recommendations that, when implemented, should improve Collier County, Florida’s management of FEMA PA funds. FEMA concurred with our four recommendations. >Early Warning Audit of FEMA Public Assistance Grants to Collier County, Florida	07/10/2020	2020

Return to top of page