Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Sort ascending Fiscal Year
OIG-15-94 (Revised) Our objective was to determine whether the Department of Homeland Security (DHS) complied with the Improper Payments Elimination and Recovery Act of 2010 (IPERA). We also evaluated the accuracy and completeness of DHS’ improper payment reporting and DHS’ performance in reducing and recapturing improper payments. Although DHS met all the reporting requirements of IPERA, it did not meet its annual reduction targets established for each high-risk program as required by OMB. As such, we concluded that DHS did not fully comply with IPERA.

>Department of Homeland Security's FY 2014 Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised)
2015
OIG-16-42-D At the time of our audit, the Federal Emergency Management Agency (FEMA) estimated that the City of Colorado Springs, Colorado, (City) had sustained approximately $3.6 million in damages from storms in 2015. We conducted this audit early in the grant process to identify areas where the City may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The City has established policies, procedures, and business practices to account for and expend FEMA Public Assistance grant funds according to Federal regulations and FEMA guidelines. Therefore, if the City follows those policies, procedures, and business practices, FEMA has reasonable assurance that the City will properly manage its FEMA grant.

>Colorado Springs, Colorado, Has Adequate Policies, Procedures, and Business Practices to Effectively Manage Its FEMA Public Assistance Grant Funding
2016
OIG-16-41 In 2011, the former FEMA Chief Security Officer hired two employees with criminal convictions in their backgrounds. Our analysis of employee records from 2011 to 2014 in the Office of the Chief Security Officer’s Fraud and Internal Investigations Division disclosed two more employees with criminal conduct in their backgrounds. FEMA’s Office of the Chief Security Officer no longer employs these four individuals. FEMA premium pay records from 2011 to 2014 for employees in the Fraud and Internal Investigations Division showed that division management allowed employees to violate FEMA’s premium pay policy for compensatory time in 2014; premium pay requests from the same period did not reveal any overtime violations. As a result of hiring employees with criminal backgrounds or conduct, the Office of the Chief Security Officer spent $349,944 unnecessarily. Finally, from 2013 to 2014, the Office of the Chief Security Officer misused the Disaster Relief Fund by allowing employees to perform non-disaster­related activities, which violates the Stafford Act and may also be a potential Antideficiency Act violation.

>Response to Allegations of Mismanagement in FEMA's Office of the Chief Security Office
2016
OIG-14-64 (Revised) Our audit objective was to determine whether the Department of Homeland Security (DHS) complied with the Act in fiscal year 2013. In addition, we also evaluated the accuracy and completeness of DHS’ improper payment reporting and its efforts to reduce and recover improper payments for fiscal year 2013. Although DHS met all the reporting requirements of the Act, it did not meet its annual reduction targets established for each program deemed susceptible to improper payments. As such, we concluded that DHS did not fully comply with IPERA. We reviewed the accuracy and completeness of DHS’ improper payment reporting and DHS’ efforts to reduce and recover improper payments.

>Department of Homeland Security’s FY 2013 Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised)
2014
OIG-13-47 In fiscal year 2010, the Federal Government’s total improper payment amount was at a high of $121 billion. In that same year, Congress passed the Improper Payments Elimination and Recovery Act of 2010.(IPERA or the Act) in an effort to reduce improper payments. Our audit objective was to determine whether DHS complied with the Act. Although DHS met all the reporting requirements of the Act, it did not meet its annual reduction targets established for each high‐risk program as required by the Office of Management and Budget. As such, we concluded that DHS did not fully comply with IPERA.

>Department of Homeland Security’s FY 2012 Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised)
2013
OIG-16-39 In fiscal year 2014, DHS spent a total of $12.5 billion using interagency agreements. Past Office of Inspector General audit reports found that a component used Intra/Interagency Reimbursable Work Agreements (RWA) to bypass key internal controls rather than properly implement Interagency Acquisitions. We conducted a department-wide audit to determine whether DHS’s use of RWAs is in compliance with statutory, regulatory, departmental, and component requirements. Components are not issuing RWAs in compliance with the Department’s policy. Specifically, 100 percent of the 43 RWAs we tested—totaling approximately $88 million—had not been reviewed by a Certified Acquisition Official (CAO). In January 2015, DHS issued a policy requiring components to have a CAO review RWAs to ensure they are being issued properly prior to obligating funds. The CAO plays a critical role in ensuring high-risk transactions receive proper oversight. However, 70 percent of the RWAs we tested did not include enough information for a CAO to make an informed decision. DHS did not ensure components updated their policies and procedures to reflect the new requirements. Without a CAO review, components may continue to improperly issue RWAs, circumventing acquisition controls.

>DHS Needs to Improve Implementation of OCFO Policy Over Reimbursable Work Agreements
2016
OIG-16-40-D Colorado Springs Utilities, Colorado (Utilities), received a $937,367 Public Assistance grant for damages from storms occurring May through June 2015. We conducted this audit early in the grant process to identify areas where the Utilities may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The Utilities has established policies, procedures, and business practices to account for and expend Federal Emergency Management Agency (FEMA) Public Assistance grant funds according to Federal regulations and FEMA guidelines. Therefore, if the Utilities follow those policies, procedures, and business practices, FEMA has reasonable assurance that the Utilities will properly manage its FEMA grant.

>Colorado Springs Utilities, Colorado, Has Adequate Policies, Procedures, and Business Practices to Effectively Manage Its FEMA Public Assistance Grant Funding
2016
OIG-16-38-D Oakwood Healthcare System, Inc. (Hospital), in Dearborn, Michigan, received a gross award of $15.2 million from the Michigan State Police Emergency Management and Homeland Security Division (Michigan), and FEMA grantee, for damages resulting from severe storms and flooding in August 2014. The Hospital did not always account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines. Although the Hospital competitively awarded contracts for most non-exigent work, it did not always take the required affirmative steps to ensure the use of small and minority firms, women’s business enterprises, and labor surplus area firms when possible; and did not include all required contract provisions in its contracts. However, we did not question the costs because insurance proceeds covered essentially all the repair costs except for the insurance deductible. We also found that the Hospital did not initially account for labor costs properly. However, after we identified the improperly supported costs, Hospital employees corrected the records to reflect actual costs the Hospital incurred.

>Oakwood Healthcare System, Dearborn, Michigan, Needed Additional Assistance in Managing its FEMA Public Assistance Grant Funding
2016
OIG-16-37 To sustain border security, U.S. Customs and Border Protection (CBP) has established permanent facilities in forward or remote locations, called Forward Operating Bases. We determined whether Forward Operating Bases provide adequate living conditions, security, and safety for employees. Of the seven Forward Operating Bases we inspected along the southwest border, six have adequate living conditions. One Forward Operating Base has security issues, safety and health concerns, and inadequate living conditions. At the other six Forward Operating Bases, we identified security issues, such as inoperable security cameras, as well as an ongoing challenge to provide safe drinking water. In addition, we determined that CBP is not performing all required Forward Operating Base inspections or adequately documenting maintenance and repairs. Without regular inspections and timely maintenance and repairs, CBP cannot ensure it will continue to provide adequate security, safety, and living conditions for its personnel working at these remote facilities.

>Conditions at CBP's Forward Operating Bases along the Southwest Border (Redacted)
2016
OIG-16-36-D The University of Wisconsin-Superior received an $8.6 million FEMA grant from Wisconsin Emergency Management, and FEMA grantee, for damages resulting from severe storms and flooding in June 2012. Our audit objective was to determine whether the University accounted for and expended FEMA funds according to Federal requirements. The University effectively accounted for and expended FEMA Public Assistance grant funds according to Federal regulations and FEMA guidelines.

>The University of Wisconsin-Superior Effectively Managed FEMA Grant Funds Awarded for Severe Storms and Flooding in June 2012
2016
OIG-16-35-D The Town of Jamestown, Colorado, (Town) received a $10.4 million Federal Emergency Management Agency (FEMA) grant award for damages resulting from severe storms, flooding, landslides, and mudslides that occurred in September 2013. We conducted this audit early in the grant process to identify areas where the Town may need additional technical assistance or monitoring to ensure compliance with Federal requirements. Most of the Town’s policies, procedures, and business practices are adequate to account for and expend Public Assistance grant funds according to Federal regulations and FEMA guidelines. The Town accounted for disaster-related costs on a project-by-project basis. The Town also has adequate procurement policies and procedures in place that are consistent with Federal procurement standards. Further, the Town’s insurance procedures and practices are adequate to ensure that the Town can properly manage anticipated insurance proceeds. Although the Town had adequate policies, procedures, and business practices, at the time of our audit, the Town lacked the personnel with the necessary financial expertise to perform financial management activities according to Federal standards.

>Jamestown, Colorado, Needs Additional Assistance and Monitoring to Ensure Proper Management of Its $10.4 Million FEMA Grant
2016
OIG-16-32 The Transportation Security Administration (TSA) awarded a human capital services contract valued at $1.2 billion. We conducted this audit to determine the extent to which TSA is effectively monitoring and enforcing the terms and conditions of the contract. Although TSA ensures the contractor meets the terms and conditions of the human capital services contract, its oversight could be more effective. Specifically, TSA has limited options for holding the contractor accountable for performance deficiencies. There were instances in which TSA did not hold the contractor monetarily accountable for personally identifiable information violations. TSA also did not hold the contractor monetarily liable for noncompliance with statement of work requirements relating to veterans’ preference.

>TSA's Human Capital Services Contract Terms and Oversight Need Strengthening
2016
OIG-16-33-D The City of Boulder, Colorado, received a FEMA grant award of $19 million for damages resulting from severe storms, flooding, landslides, and mudslides that occurred during September 2013. We conducted this audit early in the grant process to identify areas where the City may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The City’s policies, procedures, and business practices are adequate to account for and expend Public Assistance grant funds according to Federal regulations and FEMA guidelines. The City accounted for and properly supported disaster-related costs on a project-by-project basis. Additionally, the City has adequate procurement policies and procedures in place that are consistent with applicable Federal procurement standards. Moreover, the City’s insurance procedures and practices are adequate to ensure that the City can properly manage anticipated insurance proceeds. Therefore, the City can provide FEMA and Colorado (FEMA’s grantee) reasonable assurance that it has the capacity to comply with Federal grant requirements for this disaster.

>Boulder, Colorado, Has Adequate Policies, Procedures, and Business Practices to Manage Its FEMA Grant Funding
2016
OIG-16-34 The mission of CBP’s Special Operations Group (SOG) is to train, organize, equip, resource, and deploy tactical and emergency response personnel worldwide to protect America. Based in El Paso, Texas, SOG plans, coordinates, and executes national, regional, and international level operations. We reviewed the SOG program to determine its cost and effectiveness. We determined that CBP does not have formal performance measures for its SOG program and does not track SOG’s total program cost. The incomplete records of SOG and other components of CBP that support SOG limited the determination of the SOG program’s total cost. SOG program efficiency and effectiveness cannot be accurately determined without total program costs or formal performance measures. As a result, CBP may be missing opportunities to improve effectiveness and identify potential cost savings in the SOG program.

>CBP's Special Operations Group Program Cost and Effectiveness are Unknown
2016
OIG-16-25 In June 2015, we received a hotline complaint that “due to repair cost,” CBP’s contractor in the Border Patrol’s Tucson sector was transporting some detainees in non-air-conditioned vehicles. The complainant also alleged the contractor did not maintain some vehicles adequately and would hide “defective” vehicles from inspection. In August 2015, we conducted unannounced spot inspections of CBP’s contractor’s vehicles in the Tucson sector. The contractor did not hide vehicles from inspection. Through our inspections, we determined the contractor’s vehicles could reach reasonable temperatures or were operating at reasonable temperatures; we also determined that CBP and its contractor had addressed previously known problems with inadequate vehicle air conditioning. Finally, we reviewed the contractor’s maintenance program and determined the contractor has adequate policies, procedures, and processes to maintain detainee transport vehicles, and the Border Patrol’s Tucson sector has sufficient oversight of the contractor’s program.

>Response to Allegations that a U.S. Customs and Border Protection Contractor Transport Detainees in Non-Air-Conditioned Vehicles (Redacted)
2016
OIG-16-26 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Customs and Border Protection’s (CBP) fiscal year 2015 Drug Control Performance Summary Report. CBP’s management prepared the Performance Summary Report and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that CBP’s FY 2015 Performance Summary Report is not presented in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Customs and Border Protection's Fiscal Year 2015 Drug Control Performance Summary Report
2016
OIG-16-28 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Coast Guard’s (Coast Guard) fiscal year 2015 Drug Control Performance Summary Report. Coast Guard management prepared the Performance Summary Report and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Coast Guard’s FY 2015 Performance Summary Report is not presented in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Coast Guard's Fiscal Year 2015 Drug Control Performance Summary Report
2016
OIG-16-31 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Immigration and Customs Enforcement’s (ICE) Detailed Accounting Submission. ICE’s management prepared the Table of FY 2015 Drug Control Obligations and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that ICE’s FY 2015 Detailed Accounting Submission is not presented in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Immigration and Customs Enforcement's Fiscal Year 2015 Detailed Accounting Submission
2016
OIG-16-29 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Coast Guard’s (Coast Guard) Detailed Accounting Submission. Coast Guard’s management prepared the Table of FY 2015 Drug Control Obligations and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Coast Guard’s FY 2015 Detailed Accounting Submission is not presented in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Coast Guard's Fiscal Year 2015 Detailed Accounting Submission
2016
OIG-16-27 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Customs and Border Protection’s (CBP) Detailed Accounting Submission. CBP’s management prepared the Table of FY 2015 Drug Control Obligations and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). CBP management was unable to provide supporting documentation for the underlying assumptions used to calculate the total obligations reported in the Table for all Drug Resources by Budget Decision Unit and Function assumptions. As a result, KPMG was unable to complete their review procedures over those assumptions. Except as noted above, nothing came to KPMG’s attention that caused them to believe that the FY 2015 Detailed Accounting Submission is not presented in conformity with the criteria set forth in the Circular.

>Review of U.S. Customs and Border Protection's Fiscal Year 2015 Detailed Accounting Submission
2016
OIG-16-30 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Immigration and Enforcement’s (ICE) fiscal year 2015 Drug Control Performance Summary Report. ICE management prepared the Performance Summary Report and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that ICE’s FY 2015 Performance Summary Report is not presented in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Immigration and Customs Enforcement's Fiscal Year 2015 Drug Control Performance Summary Report
2016
OIG-16-24-D The City of Tuscaloosa, Alabama (City) received a $40.4 million grant, of which insurance covered all but $10.1 million. The Public Assistance grant was for damages from severe storms, tornadoes, straight-line winds, and flooding that occurred in April and May 2011. We audited $4.2 million of the $10.1 million net amount awarded. The City did not always account for and expend Federal Emergency Management Agency (FEMA) funds according to Federal regulations and FEMA guidelines. These issues occurred primarily because the grantee (Alabama) did not ensure that the City understood and complied with Federal procurement requirements and the process for applying actual insurance proceeds to reduce eligible costs.

>FEMA Should Recover $1.2 Million of $10.1 Million in Grant Funds Awarded to Tuscaloosa, Alabama, for a 2011 Disaster
2016
OIG-16-23-D We audited $4 million of the $6 million of Federal Emergency Management Agency (FEMA) Public Assistance grant funds awarded to the City of San Diego, California (City), for damages resulting from heavy rainfall and flooding that occurred on December 17, 2010, through January 4, 2011. The City generally accounted for FEMA funds adequately, but did not always expend the funds according to Federal regulations and FEMA guidelines.

>FEMA Should Disallow $1.2 Million of $6.0 Million in Public Assistance Program Grant Funds Awarded to the City of San Diego, California
2016
OIG-16-20 Secret Service has a dual mission of protection and criminal investigations. To support its protective mission, officers carry radios, which are their first line of communication for events such as fence jumpers, suspicious packages, or protests. These radio systems are critical for day-to-day protective operations. Secret Service needs to upgrade the radio systems used around the White House complex, the Vice President’s Residence, and Foreign Diplomatic Embassies. If Secret Service continues to use these outdated radio communications systems, it may negatively impact their protective operations.

>U.S. Secret Service Needs to Upgrade Its Radio Systems (Redacted)
2016
OIG-16-22-D Except for minor problems with equipment costs, the City has adequate policies, procedures, and business practices in place to account for and expend FEMA Public Assistance Program grant funds according to Federal regulations and FEMA guidelines. During the audit, we identified $138,959 of ineligible equipment costs and $62,177 of unsupported equipment costs.

>The City of Austin, Texas, Has Adequate Policies and Procedures to Comply with FEMA Public Assistance Grant Requirements
2016
OIG-16-21-D The City of Longmont, Colorado (City), needs additional assistance from the Colorado Division of Homeland Security and Emergency Management (Colorado) and the Federal Emergency Management Agency (FEMA) to provide reasonable assurance that it properly manages its $55.1 million FEMA grant. We identified weaknesses in the City’s policies, procedures, and business practices for procurement, insurance, and accounting that place the City in jeopardy of losing its Federal funding. The City received a $55.1 million Public Assistance award for damages from a September 2013 flood. We conducted this audit early in the grant process to identify areas where the City may need additional technical assistance or monitoring to ensure compliance with Federal requirements.

>Longmont and Colorado Officials Should Continue to Improve Management of $55.1 Million FEMA Grant
2016
OIG-16-19 DHS does not have adequate oversight of its workforce training. DHS lacks reliable training cost information and data needed to make effective and efficient management decisions. In addition, it does not have an effective governance structure for its training oversight, including clearly defined roles, responsibilities, and delegated authorities. Finally, DHS has not adequately addressed 29 different recommendations to improve training efficiencies made since 2004 by various working groups. As a result, DHS cannot ensure the most efficient use of resources.

>DHS' Oversight of Its Workforce Training Needs Improvement
2016
OIG-16-18 In 2014, West African countries experienced the largest Ebola virus disease (Ebola) outbreak to date. As part of the Department of Homeland Security’s (DHS) response to prevent the spread of Ebola in the United States, DHS instituted additional screening at U.S. ports of entry for passengers traveling from Ebola-affected countries. We conducted this audit to determine whether DHS has effectively implemented its enhanced screening measures to respond to an Ebola outbreak. Although the Department responded quickly to implement domestic Ebola screening with the Department of Health and Human Services (HHS), it did not ensure sufficient coordination, adequate training, and consistent screening of people arriving at U.S. ports of entry. Coordination between DHS, HHS, and other DHS components was not sufficient to ensure all passengers received full screening. Components did not ensure all personnel received adequate training on the screening process or the use of certain protective equipment. Component personnel also did not always follow established Ebola procedures and ensure all identified passengers completed required screening. As a result, some passengers with potential risk of Ebola exposure may have entered the United States without having their temperatures taken or otherwise cleared by health professionals, and the DHS workforce performing the response was not always appropriately protected.

>DHS' Ebola Response Needs Better Coordination, Training, and Execution
2016
OIG-16-08 We reviewed the Department of Homeland Security’s (DHS) information security program in accordance with the Federal Information Security Modernization Act of 2014. Our objective was to determine whether DHS’ information security program is adequate, effective, and complies with FISMA requirements. DHS has taken actions to strengthen its information security program. For example, DHS developed and implemented the Fiscal Year 2015 Information Security Performance Plan to define the performance requirements, priorities, and overall goals of the Department. DHS has also taken steps to address the President’s cybersecurity priorities, such as Information Security Continuous Monitoring; Identity, Credential, and Access Management; and anti-phishing and malware defense. Nonetheless, the Department must ensure compliance with information security requirements in other areas.

>Evaluation of DHS' Information Security Program for Fiscal Year 2015 (Revised)
2016
OIG-16-17 We conducted this audit to determine how human traffickers used legal means to bring potential victims to the United States. We also assessed whether improvements in data quality and exchange could help Department of Homeland Security (DHS) better identify human traffickers. Our match of ICE and USCIS data from 2005 to 2014 indicated that work and fiancé visas were the primary means by which 17 of 32 known traffickers brought victims into the United States. In addition, we determined that 274 subjects of ICE human trafficking investigations successfully petitioned USCIS to bring 425 family members and fiancés into the United States. Available data could not confirm whether or not these cases actually involved human trafficking. ICE and USCIS could improve data quality to facilitate the ability to identify instances of human trafficking.

>ICE and USCIS Could Improve Data Quality and Exchange to Help Identify Potential Human Trafficking Cases
2016
OIG-16-16 The Secret Service responded immediately to a November 2011 incident in which shots fired from an assault rifle hit the White House and participated in the ensuing investigation. However, the Secret Service did not conduct a formal after action review or a detailed analysis of its protective operations or investigative response, so it is not clear whether protective policies were followed. After the incident, the Secret Service spent at least $17 million to improve infrastructure around the White House and increase patrols; however, without a formal after action review and detailed analysis, the Secret Service cannot be certain these changes were necessary, would have minimized the potential threat, or improved the response to the incident.

>The Secret Service Did Not Identify Best Practices and Lessons Learned from the 2011 White House Shooting Incident
2016
OIG-16-14 The Department of Homeland Security’s (DHS) Port Security Grant Program (PSGP), which is administered by the Federal Emergency Management Agency (FEMA), provides funding to port authorities, facility operators, and other eligible entities to help protect critical port infrastructure from terrorism. FEMA awarded the Lower Mississippi River Port-wide Strategic Security Council (Council) approximately $108 million in PSGP grant funds from fiscal years 2008 to 2013. We determined whether the Council managed, distributed, and spent PSGP funds in compliance with Federal laws, regulations, and guidance. About 73 percent of the nearly $108 million awarded to the Council to protect critical port infrastructure remains unspent. In addition, we identified more than $9.2 million in questioned costs. This occurred because the Council did not always follow Federal laws, regulations, or grant guidance; and FEMA failed to provide proper oversight. As a result, major Lower Mississippi River ports may be less prepared in the event of a terrorist attack.

>Lower Mississippi River Port-wide Strategic Security Council Did Not Always Properly Manage, Distribute, or Spend Port Security Grant Funds
2016
OIG-16-15 We reviewed the Department of Homeland Security’s (DHS) information security program for intelligence systems in accordance with the Federal Information Security Modernization Act. The objective of our review was to determine whether DHS’ information security program and practices are adequate and effective in protecting the information and the information systems that support DHS’ intelligence operations and assets. We assessed DHS programs for continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones, remote access management, contingency planning, and contractor systems.

>Fiscal Year 2015 Evaluation of DHS' Compliance with FISMA Requirements for Intelligence Systems
2016
OIG-16-13 We conducted this audit to determine whether the Federal Emergency Management Agency (FEMA) and the Colorado Division of Homeland Security and Emergency Management (DHSEM) were sufficiently monitoring the Emergency Management Performance Grant (EMPG) program to ensure that funds were used in accordance with grant program guidelines and other applicable state and Federal laws. DHSEM needs to improve its grants management and internal controls over its financial systems. In addition, it needs to improve its maintenance of supporting documentation for all EMPG transactions, and monitoring of subgrantees. Without adequate grants management, financial controls, and retention of detailed supporting documentation for transactions and EMPG expenditures were not always recorded timely; inaccurate amounts were recorded; grants were improperly closed out; and financial reports submitted to FEMA were inaccurate.

>Oversight of the Colorado Emergency Management Performance Grant Program Needs Improvement
2016
OIG-16-12-D The City of Birmingham, Alabama, received a Public Assistance award of $13.2 million from the Alabama Emergency Management Agency, a FEMA grantee, for damages resulting from tornadoes and severe storms in April 2011. We audited projects totaling $11.3 million to determine whether the City accounted for and expended FEMA funds according to Federal requirements. For the projects we reviewed, the City generally accounted for and expended FEMA Public Assistance grant funds according to Federal requirements.

>FEMA The City of Birmingham, Alabama, Generally Managed FEMA Grant Funds for April 2011 Tornadoes and Severe Storms Properly
2016
OIG-16-10 The Federal Emergency Management Agency (FEMA) has taken steps to improve its IT management since our 2011 audit, but more remains to be done. Specifically, FEMA has developed numerous IT planning documents but has not effectively coordinated, executed, or followed through on these plans. Without effective IT planning, FEMA risks making limited progress improving IT needed to support the agency’s mission. Although FEMA has improved its IT governance through establishing an IT Governance Board, these efforts have not yet been fully effective. FEMA has struggled to implement effective agency-wide IT governance, in part because the Chief Information Officer has not had sufficient control and budget authority to effectively lead the agency’s decentralized IT environment. Without effective agency-wide IT governance, FEMA’s IT environment has evolved over time to become overly complex, difficult to secure, and costly to maintain.

>FEMA Faces Challenges in Managing Information Technology
2016
OIG-16-11 Since 2001, FEMA provided first responder organizations with more than $9 billion through the AFG and Staffing for Adequate Fire and Emergency Response (SAFER) programs. According to FEMA, it began using the eGrants system in 2003 to manage the funds awarded through these programs. However, the eGrants system does not comply with Department of Homeland Security (DHS) information system security requirements. Specifically, access to the eGrants system is not controlled or limited because FEMA instructs grantees to share usernames and passwords within the grantee’s organization and with contractors who manage grants. As a result, someone other than the primary point of contact can take action or make changes in eGrants without the grantee’s knowledge. Additionally, in June 2014, DHS’s Office of Cyber Security advised FEMA it should not authorize eGrants to operate because it poses an unacceptable level of risk to the agency. FEMA’s Chief Information Officer acknowledged the high level of risk posed by system deficiencies and vulnerabilities. Despite the known system deficiencies and risks, FEMA authorized the continued use of the system.

>Security Concerns with Federal Emergency Management Agency's eGrants Grant Management System
2016
OIG-16-09-D DeKalb County, Georgia, received a $3.3 million grant award from the Georgia Department of Emergency Management, a FEMA grantee, for damages resulting from a September 2009 flood. Our audit objective was to determine whether the County accounted for and expended FEMA funds according to Federal requirements. The County did not account for FEMA funds on a project-by-project basis as Federal regulations and FEMA guidelines require. We also identified $93,620 (Federal share $70,215) of unneeded project funding that FEMA can deobligate and put to better use. Finally, the County’s claim included $411,929 (Federal share $308,947) of unsupported or ineligible costs.

>FEMA Should Recover $505,549 of $3.3 Million in Public Assistance Grant Funds Awarded to DeKalb County, Georgia, for Damages from a September 2009 Flood
2016
OIG-16-06 The independent public accounting firm KPMG LLP has issued an unmodified (clean) opinion on DHS' consolidated financial statements. In the independent auditors’ opinion, the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2015. KPMG LLP issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2015. The report identifies seven significant deficiencies in internal control; three of which are considered material weaknesses. The material weaknesses are in financial reporting; information technology controls and financial system functionality; and property, plant, and equipment. The report also identifies instances of noncompliance with four laws and regulations.

>Independent Auditors' Report on DHS' FY 2015 Financial Statements and Internal Control over Financial Reporting
2016
OIG-16-07 DHS’ mission to protect the Nation entails a wide array of responsibilities. These range from facilitating the flow of commerce and travelers, countering terrorism, and securing and managing the border to enforcing and administering immigration laws and preparing for and responding to natural disasters. This report identifies major challenges that affect the Department as a whole, as well as its individual components, who work together to achieve this multi-faceted mission. We identified nine areas of most persistent concern for the Department: (1) DHS Management and Operations Integration; (2) Acquisition Management; (3) Financial Management; (4) Information Management and Technology; (5) Transportation Security; (6) Border Security and Immigration Enforcement; (7) Disaster Preparedness and Response; (8) Infrastructure Protection and Cybersecurity; (9) Employee Accountability and Integrity.

>Major Management and Performance Challenges Facing the Department of Homeland Security
2016
OIG-16-05-D FEMA requested our assistance in determining whether its preliminary proposal to provide permanent or semi-permanent housing construction to the Oglala Sioux Tribe of the Pine Ridge Indian Reservation is consistent with Federal statutes and regulations and FEMA guidelines. FEMA has begun disaster recovery efforts in response to a disaster declaration for severe storms, straight-line winds, and flooding that occurred in May 2015. In limited circumstances, section 408 of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (Stafford Act) grants the Federal Emergency Management Agency (FEMA) the authority to provide individuals or households affected by a disaster permanent or semi­permanent housing. However, to ensure the integrity of the Individual Assistance program, FEMA should adequately document the facts and circumstances that justify this decision. FEMA should also ensure that its proposed actions are the most cost-effective solution to the Oglala Sioux Tribe’s unique housing problems as compared to other alternatives.

>FEMA's Plan to Provide Permanent or Semi-Permanent Housing to the Oglala Sioux Tribe of the Pine Ridge Indian Reservation in South Dakota
2016
OIG-16-04-D FEMA has no assurance that mission-assigned fuel deliveries for New York went only to FEMA-designated recipients. We reviewed the $6.37 million FEMA paid the Defense Logistics Agency for 1.7 million gallons of fuel. However, of this amount, we found incomplete and questionable supporting documentation for $4.56 million in fuel deliveries. Therefore, we could not verify the eligibility of the recipients that received this fuel. In addition, the Defense Logistics Agency delivered $1.81 million of fuel to recipients outside the mission assignment’s scope of work. As a result, FEMA cannot be sure that any of the fuel went to approved power restoration or emergency public transportation work in New York, as FEMA intended.

>FEMA Has No Assurance that Only Designated Recipients Received $6.37 Million in Fuel
2016
OIG-16-03-D FEMA’s Program Guide for the Alternative Procedures pilot program and letters of undertaking provide acceptable guidance in most areas to ensure compliance with Federal rules and regulations. However, our review of seven large dollar value projects valued at $3.9 billion identified weaknesses in five areas of guidance: (1) estimating project costs; (2) responding to Office of Inspector General (OIG) audits; (3) managing cash responsibly; (4) applying insurance proceeds; and (5) obtaining insurance for future losses. These weaknesses put Federal funds at greater risk of fraud, waste, and abuse. Correcting these weaknesses will better ensure that participants in the pilot program will follow Federal requirements when spending Federal funds. Further, to protect the Federal taxpayer from inflated estimates, FEMA’s oversight should include additional steps to assess the accuracy of subgrantee fixed-cost estimates that exceed certain thresholds. In addition, FEMA needs to make other changes to comply with the Stafford Act and protect the integrity of the program.

>Clearer Guidance Would Improve FEMA's Oversight of the Public Assistance Alternative Procedures Pilot Program
2016
OIG-16-02 FPS is not managing its fleet effectively. FPS did not properly justify that its current fleet is necessary to carry out its operational mission. Specifically, FPS did not justify the need for: more vehicles than officers; administrative vehicles; larger sport utility vehicles; home-to-work miles in one region; and discretionary equipment added to vehicles. Additionally, FPS overpaid for law enforcement equipment packages, did not have standard operating procedures for fleet management, a sound vehicle allocation methodology, or accurate fleet data to make effective management decisions. The Department of Homeland Security (DHS) and the National Protection and Programs Directorate (NPPD) fleet managers did not provide sufficient oversight to ensure FPS complied with all Federal and departmental guidance. As a result, FPS cannot ensure it is operating the most cost-efficient fleet and potentially missed opportunities to save more than $2.5 million in fiscal year 2014.

>The FPS Vehicle Fleet Is Not Managed Effectively (
2016
OIG-16-01-D FEMA spent more than $1.4 billion under the Individuals and Households Program on more than 182,900 applicants with losses related to Hurricane Sandy, as of April 2015. We reviewed FEMA’s process for verifying applicants’ insurance policies at the time of registration for this program. Before authorizing Individuals and Households Program payments, FEMA does not verify the accuracy of applicants’ “no insurance coverage” self-certifications. This condition exists because a reliable and comprehensive database does not exist for FEMA to verify the status of applicants’ insurance coverage. Consequently, FEMA relies on self-certification and legal statements on the application to ensure accuracy of applicants’ “no insurance coverage” information. FEMA is thereby exposing Federal disaster assistance funds to possible duplicate, improper, or fraudulent payments. We determined that FEMA paid approximately $250 million in homeowners’ assistance to more than 29,000 Hurricane Sandy applicants who may have had private insurance.

>FEMA Faces Challenges in Verifying Applicants' Insurance Policies for the Individuals and Households Program
2016
OIG-15-151-D The Borough received a $7 million grant award from the New Jersey Office of Emergency Management (New Jersey), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Sandy, which occurred in October 2012. We conducted this audit early in the grant process to identify areas where the Borough may need assistance in managing Federal funds. The Borough of Spring Lake, New Jersey, (Borough) accounted for disaster costs on a project-by-project basis and met applicable Federal regulations in processing disaster related procurement transactions. However, the Borough completed one large project below the estimated project cost, and about $2.0 million remains obligated for that project. Therefore, FEMA should deobligate the $2.0 million in unneeded funds as soon as possible and put those funds to better use. In addition, the Borough could not provide adequate support for emergency and permanent restoration work totaling $798,317. The Borough also had not applied insurance proceeds totaling $431,507 against claims for eligible project costs. Therefore, the $431,507 represents ineligible duplicate benefits, because FEMA cannot fund costs that insurance covers. These findings occurred, in part, because the Borough did not effectively coordinate with New Jersey to ensure Borough compliance with FEMA grant requirements.

>FEMA Should Recover $2.0 Million in Unneeded Funds and Disallow $1.2 Million of $7 Million in Grant Funds Awarded to Spring Lake, New Jersey, for Hurricane Sandy
2015
OIG-15-152-D At the time of our audit, Mount Carmel Baptist Church (Mount Carmel) did not have adequate policies, procedures, and business practices to account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines. Although the disaster occurred in 2013, Mount Carmel had not begun work to repair any of its damaged facilities and, therefore, had not incurred any costs for disaster-related work. In addition, Mount Carmel may lack the financial stability to meet the required 25 percent non-Federal cost share for the grant award. Finally, a Mount Carmel affiliate did not always comply with Federal grant requirements for a past Federal grant it received from another Federal agency. Therefore, FEMA should place special award conditions as needed on Mount Carmel though additional requirements.

>Mount Carmel Baptist Church in Hattiesburg, Mississippi Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements
2015
OIG-15-150 The Transportation Security Administration (TSA) conducts or oversees passenger checkpoint screening at 450 federalized airports. Passenger checkpoint screening is a process by which passengers are inspected to deter, detect, and prevent explosives, incendiaries, weapons, or other security threats from entering sterile areas of an airport or getting onboard an aircraft. As threats to transportation security evolved, TSA needed a screening technology to detect nonmetallic threats. TSA developed Advanced Imaging Technology (AIT) to screen passengers for both metallic and nonmetallic threats concealed under clothing—without physical contact. In 2013, TSA equipped all AIT with Automated Target Recognition software, which displays a box around anomalies on a generic outline of a body. Our objective was to determine the effectiveness of TSA’s AIT, Automated Target Recognition software, and checkpoint screener performance in identifying and resolving anomalies and potential security threats at airport checkpoints. The compilation of the number of tests conducted, names of the test airports, and quantitative and qualitative results of our testing is classified or designated as Sensitive Security Information. We made one recommendation that when implemented should strengthen the effectiveness of identifying and resolving security threats at airport checkpoints.

>Covert Testing of TSA's Passenger Screening Technologies and Processes at Airport Security Checkpoints
2015
OIG-15-149-D Riverside General Hospital (Riverside) received a $32.4 million award from the Texas Division of Emergency Management (Texas), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Ike in September 2008. At FEMA’s request, we audited $32.4 million, or 100 percent of the grant award. Riverside’s misuse of Federal funds did not end in 2012 with the indictment and departure of its Chief Executive Officer and others on charges of bilking Medicare out of $158 million. Following the indictments, Riverside’s remaining management continued to misuse and mismanage Federal funds—this time, FEMA funds. By 2013, Texas had advanced $17.6 million of the $32.4 million FEMA grant to Riverside. Riverside alleged that it spent $13.2 million of the $17.6 million received for disaster expenses. However, Riverside completely disregarded Federal grant requirements, and Texas did not adequately monitor Riverside’s grant activities. In fact, Riverside spent $7.9 million to fund its hospital operations and other unverifiable items. Further, Riverside awarded $12.2 million in disaster-related contracts without competition and did not always account for or support the grant funds. Therefore, we question the entire $32.4 million grant award, including $17.6 million in advanced funds and $14.8 million in unused funds.

>FEMA Should Recover $32.4 Million in Grant Funds Awarded to Riverside General Hospital, Houston, Texas
2015
OIG-15-148-D The City received a $248.3 million grant for 2005 Hurricane Katrina damages. In this third audit of the grant, we reviewed $142.1 million FEMA approved for 43 permanent repair projects. At the time of our audit, the City had not completed work on all projects and, therefore, had not submitted a final claim for all project expenditures. For most of the projects in our audit scope, the City of Gulfport, Mississippi, (City) accounted for and expended Federal Emergency Management Agency (FEMA) funds according to Federal regulations and FEMA guidelines. However, the City did not comply with Federal procurement requirements when awarding two contracts for project management services valued at $10.4 million, of which $4.2 million was unreasonable. City officials were not aware that Federal procurement regulations prohibited the use of a qualifications-based contracting method for program management services. However, the grantee (Mississippi) is responsible for ensuring that its subgrantee (the City) is aware of and complies with Federal requirements, as well as for providing technical assistance and monitoring grant activities.

>FEMA Should Recover $4.2 Million of $142.1 Million in Grant Funds Awarded to the City of Gulfport, Mississippi, for Hurricane Katrina Damages
2015