Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Sort ascending Fiscal Year
OIG-15-100-D We prepared this report to assist recipients of FEMA disaster assistance grants. We have updated this guide to include information on FEMA’s alternative procedures under the Sandy Recovery Improvement Act. We also added information about Title 2 CFR Part 200: Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards.

>Audit Tips for Managing Disaster-Related Project Costs
2015
OIG-15-99-D Boulder County, Colorado (County) received a $95 million grant for damages from a September 2013 disaster and anticipates repair costs will exceed $100 million. We conducted this audit early in the grant process to identify areas where the County may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The County has adequate policies, procedures, and business practices to account for and expend Public Assistance grant funds according to Federal regulations and FEMA guidelines. The County accounted for disaster costs on a project-by­project basis and adequately supported repair costs. Additionally, the County has adequate procurement policies and procedures to ensure compliance with Federal procurement requirements. Further, the County’s insurance procedures and practices are adequate to ensure that anticipated insurance proceeds are deducted from eligible projects.

>Boulder County, Colorado, Has Adequate Policies and Procedures to Manage Its Grant, but FEMA Should Deobligate about $2.5 Million in Unneeded Funds
2015
OIG-15-98 TSA’s multi-layered process to vet aviation workers for potential links to terrorism was generally effective. In addition to initially vetting every application for new credentials, TSA recurrently vetted aviation workers with access to secured areas of commercial airports every time the Consolidated Terrorist Watchlist was updated. However, our testing showed that TSA did not identify 73 individuals with terrorism-related category codes because TSA is not authorized to receive all terrorism-related information under current interagency watchlisting policy.

>TSA Can Improve Aviation Worker Vetting (Redacted)
2015
OIG-15-78-VR We conducted a verification review to assess the U.S. Coast Guard's progress on the recommendations from our August 2012 report, U.S. Coast Guard's Acquisition of the Sentinel Class-Fast Response Cutter, (OIG-12-68). We periodically conduct verification reviews to evaluate progress on selected audit recommendations, including whether corrective actions achieved the intended result. The Coast Guard’s plans to reduce risks during the OPC acquisition show progress toward achieving the intended results of our recommendations. However, it is too early in the OPC acquisition to determine whether the Coast Guard has fully implemented its plans. According to Coast Guard officials, they took steps to mitigate risks early in the OPC acquisition as a result of our audit report recommendations. In January 2013, the Coast Guard revised its Major Systems Acquisition Manual to establish a design maturity level prior to Critical Design Review and to support low-rate initial production decisions with an operational assessment. We determined that the Coast Guard has established a design maturity level for the OPC and plans to conduct two low-rate initial production phases, each supported by operational assessments.

>Verification Review of U.S. Coast Guard's Acquisition of the Sentinel Class – Fast Response Cutter (OIG-12-68)
2015
OIG-15-97-VR DHS continues to lack reliable interoperable communications for emergencies, as well as daily operations and planned events. The inability to communicate effectively during an emergency presents serious risks to the health and safety of the public. To better fulfill its mission and unify its efforts, DHS must prioritize interoperable communications and expedite the implementation of the recommended corrective actions in our DHS’ Oversight of Interoperable Communications report.

>Corrective Actions Still Needed to Achieve Interoperable Communications
2015
OIG-15-93 We contracted with the independent public accounting firm KPMG LLP (KPMG) to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG evaluated selected general information technology controls, and information technology (IT) entity-level controls, and business process application controls at DHS’ components. KPMG noted that the DHS Components made progress in the remediation of certain IT deficiencies we reported in FY 2013, approximately 35 percent of the prior year IT deficiencies.

>Information Technology Management Letter for the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-96-D The City of Atlanta, Georgia, (City) received a $13.5 million award from the Georgia Emergency Management Agency, a FEMA grantee, for damages resulting from severe storms and flooding in September 2009. For the projects we reviewed, the City properly accounted for and expended FEMA funds according to Federal guidelines.

>The City of Atlanta, Georgia, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Severe Storms and Flooding in September 2009
2015
OIG-15-95 Streamline is an initiative to criminally prosecute individuals who illegally enter the United States through defined geographic regions along the Southwest border. Although U.S. Customs and Border Protection’s (CBP) Border Patrol measures Streamline’s effect on re-entry of illegal aliens, its metrics do not reflect an alien’s crossing history, re-entry, or re-apprehension over multiple years. As a result, Border Patrol is not fully and accurately measuring Streamline’s effect on deterring aliens from entering and re­entering the country illegally. Additionally, because Border Patrol does not distinguish Streamline costs from the costs of its other border enforcement consequences, Border Patrol is not able to differentiate Streamline-associated costs. Finally, according to ICE ERO, Streamline has increased the workload at some of its Southwest border field offices. However, ERO cannot be certain which aliens it removes as a result of Streamline and which removals result from other enforcement actions.

>Streamline: Measuring Its Effect on Illegal Border Crossing
2015
OIG-15-92-D FROM: John E. McCoy II

Assistant Inspector General for Audits

SUBJECT: Office of Inspector General Emergency Management Oversight Team Deployment Audits

Audit Report Numbers OIG-13-84, OIG-13-117, OIG-13-124, OIG-14-50-D, OIG-14-111-D, OIG-15-92-D, OIG-15-102-D, OIG-15-105-D, OIG-16-53-D, OIG-16-85-D, OIG-16-106-D, OIG-17-37-D

After completing an internal review of our audits related to multiple Emergency Management Oversight Team (EMOT) projects, we have decided to permanently remove the subject reports from our public website.

Our internal review found the subject reports may not have adequately answered objectives and, in some cases, may have lacked sufficient and appropriate evidence to support conclusions. Answering objectives with sufficient and appropriate evidence is required under Government Auditing Standards or Quality Standards for Inspection and Evaluation. In an abundance of caution, we believe it best to recall the reports and not re-issue them.

Going forward, our EMOTs will deploy during the response phase of a disaster to identify and alert the Federal Emergency Management Agency (FEMA) and its stakeholders of potential issues or risks if they do not follow FEMA and other Federal requirements. The EMOT’s reviews will not be conducted under Government Auditing Standards. The teams will continue to observe and identify potential risk areas that will be addressed by future traditional audits, if necessary.

A complete list of the projects removed from our website is attached. You should not place any reliance on these reports.

Please contact me at (202) 254-4100 if you have any questions.

>FEMA Provided an Effective Response to the Napa, California, Earthquake
2015
OIG-15-91 The Automated Commercial Environment (ACE) is the commercial trade system designed to automate border processing to enhance border security and foster our Nation's economic security. CBP spent approximately $3.2 billion on the development of the ACE program from fiscal year 2001 through July 2013, when it was restructured to a rapid deployment strategy called Agile. Currently, in large part due to the implementation of Agile, CBP is on track to meet its milestones for the deployment of ACE. However, CBP has not ensured the internal control environment has kept pace with the rapid deployment of the ACE program. Specifically, CBP has not conducted risk assessments to identify potential gaps in data reliability, and has not fully developed and implemented performance measures for the program.

>CBP is on Track to Meet ACE Milestones, but It Needs to Enhance Internal Controls
2015
OIG-15-88 We audited security controls for Department of Homeland Security information technology systems at San Francisco International Airport. Five Department components—U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, Management Directorate, Transportation Security Administration, and U.S. Coast Guard—operate information technology systems that support homeland security operations at this airport. Our audit focused on how these components have implemented computer security controls for their systems at the airport and nearby locations. We performed onsite inspections of the areas where information technology systems and equipment were located, interviewed departmental staff, and conducted technical tests of computer security controls. The information technology security controls implemented at these sites had deficiencies that, if exploited, could result in the loss of confidentiality, integrity, and availability of the components’ systems.

>Audit of Security Controls for DHS Information Technology Systems at San Francisco International Airport
2015
OIG-15-89-D This report focuses solely on the FEMA's application of the Cost Estimating Format for the Port of Tillamook Bay, Oregon's (Port) most significant project, an alternate project totaling $44.6 mllion. FEMA officials did not use the Cost Estimating Format correctly in estimating damages to the Port’s railroad. Specifically, FEMA did not follow applicable laws, regulations, and guidelines because it used improper assumptions in calculating estimated project costs using the Cost Estimating Format. As a result, FEMA overstated the Port’s construction (base) and non-construction costs, which resulted in FEMA overfunding Alternate Project 936 by $8,021,884.

>FEMA Misapplied the Cost Estimating Format Resulting in an $8 Million Overfund to the Port of Tillamook Bay, Oregon
2015
OIG-15-90-D The Borough of Seaside Heights, New Jersey (Borough) received a $16.9 million grant award from the New Jersey Emergency Management Agency (New Jersey), a FEMA grantee, for Hurricane Sandy damages in October 2012. Although the Borough accounted for FEMA funds on a project-byproject basis, we identified $2,038,893 of unneeded project funding that FEMA should deobligate and put to better use. In addition, the Borough did not comply with Federal procurement standards in awarding contracts for disaster work and claimed $712,657 of questionable costs. The Borough also did not comply with the Single Audit Act, which requires non-Federal entities that expend $500,000 or more in a year in Federal awards to obtain a single or program-specific audit for that year.

>FEMA Should Recover $2.75 Million of $16.9 Million in Public Assistance Grant Funds Awarded to the Borough of Seaside Heights, New Jersey
2015
OIG-15-87 The USCG has made progress in developing a culture of privacy. Separately, the USCG Privacy Office and Health Insurance Portability and Accountability Act (HIPAA) Office are working to meet requirements of pertinent legislation, regulations, directives, and guidance. These offices ensure their staff annually receive mandatory privacy training, which helps embed shared attitudes, values, goals, and practices for complying with requirements to properly handle sensitive personally identifiable information and protected health information (privacy data). Also, USCG has completed required privacy and security documentation for managing its information technology systems containing privacy data. However, USCG faces challenges in protecting privacy data effectively because it lacks a strong organizational approach to resolving privacy issues.

>United States Coast Guard Safeguards For Protected Health Information Need Improvement
2015
OIG-15-60 We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of U.S. Customs and Border Protection (CBP) and the Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls, entity level controls, and business process application controls. KPMG LLP determined that CBP took corrective action by designing and consistently implementing certain account management controls.

>Information Technology Management Letter For the FY 2014 U.S. Customs and Border Protection Financial Statement Audit
2015
OIG-15-86 We reviewed TSA’s airport screening equipment maintenance program to determine whether TSA is properly managing its screening equipment maintenance contracts and related maintenance activities. TSA’s four maintenance contracts, which cover both preventive and corrective maintenance, are valued at about $1.2 billion. According to TSA, in fiscal year 2014, it spent about $251 million on maintenance for its screening equipment. TSA is not properly managing the maintenance of its airport screening equipment. Specifically, TSA has not issued adequate policies and procedures to airports for carrying out equipment maintenance-related responsibilities. Because TSA does not adequately oversee equipment maintenance, it cannot be assured that routine preventive maintenance is performed or that equipment is repaired and ready for operational use.

>The Transportation Security Administration Does Not Properly Manage Its Airport Screening Equipment Maintenance Program
2015
OIG-15-85 DHS uses prosecutorial discretion in deciding to what extent it will enforce immigration laws, including whether to place aliens in or take them out of the removal process. However, the Department does not collect and analyze data on the use of prosecutorial discretion to fully assess its current immigration enforcement activities and to develop future policy. Although the Office of Policy is responsible for developing department-wide policies and programs, DHS has not required this office to gather or use data to assess the effect of prosecutorial discretion on immigration enforcement activities. The Department also does not have a mechanism to continuously monitor its use of prosecutorial discretion and improve future policy. As a result, DHS may not be using its significant investment in immigration enforcement as efficiently as possible. The Department may also be missing opportunities to strengthen its ability to remove aliens who pose a threat to national security and public safety.

>DHS Missing Data Needed to Strengthen its Immigration Enforcement Efforts
2015
OIG-15-82 KPMG LLP reviewed the Office of Intelligence and Analysis (I&A) and the Office of Operations Coordination’s (OPS) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s considerations.

>Office of Intelligence and Analysis and Office of Operations Coordination's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-83 KPMG LLP reviewed the Federal Law Enforcement Training Centers’ (FLETC) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations.

>Federal Law Enforcement Training Centers' Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-81 KPMG LLP reviewed CBP’s internal control over financial reporting. The management letter contains 20 observations related to internal control and other operational matters for management’s consideration.

>Management Letter for the U.S. Customs and Border Protection's FY 2014 Consolidated Financial Statements Audit (
2015
OIG-15-84 KPMG LLP reviewed the Domestic Nuclear Detection Office’s (DNDO) internal control over financial reporting. The management letter contains one observation related to internal control and other operational matters for management’s considerations. KPMG LLP noted a deficiency and the need for improvement in certain DNDO processes. This deficiency did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. This observation is intended to improve internal control or result in other operating efficiencies.

>Domestic Nuclear Detection Office's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-80 DHS does not require components to track justifications for making travel reservations offline, that is, by contacting an agent by telephone. Therefore, it is difficult to identify whether offline travel fees are excessive. Making reservations by telephone costs $23 to $27 more per transaction than making a reservation online through the web-based system. The Department is also not effectively managing components’ use of the online system. As a result, the Department may be missing opportunities to reduce offline travel reservation fees and identify cost savings. Finally, although the Senate Appropriations Committee expected DHS to reduce its offline reservation costs in fiscal year 2014, data from DHS showed that, overall, offline costs increased.

>DHS Should Do More to Reduce Travel Reservation Costs
2015
OIG-15-79 We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls and business process application controls at the Federal Law Enforcement Training Center (FLETC), the Office of Intelligence & Analysis (I&A), and the Office of Operations Coordination and Planning (OPS). FLETC provides financial system hosting and support to I&A and OPS. KPMG LLP determined that FLETC, I&A, and OPS had made improvements in designing and consistently implementing controls related to reviewing audit logs and enforcing account security requirements.

>Information Technology Management Letter for the Federal Law Enforcement Training Center Component of the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-72 KPMG LLP reviewed the U.S. Citizenship and Immigration Services (USCIS) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations.

>U.S. Citizenship and Immigration Services' Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-76 The independent public accounting firm, KPMG LLP, has issued an unmodified (clean) opinion on CBP’s fiscal year 2014 consolidated financial statements. In the independent auditors’ opinion, the financial statements present fairly, in all material respects, the financial position of CBP as of September 30, 2014.

>Independent Auditors' Report on U.S. Customs and Border Protection's FY 2014 Financial Statements
2015
OIG-15-77 KPMG LLP reviewed the Federal Emergency Management Agency (FEMA) internal control over financial reporting. The management letter contains 15 observations related to internal control and other operational matters for management’s considerations.

>Federal Emergency Management Agency's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-75 KPMG LLP reviewed the Management Directorate’s (MGMT) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s consideration.

>Management Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-73 KPMG LLP reviewed the National Protection and Programs Directorate’s (NPPD) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations. KPMG LLP reviewed the Science and Technology Directorate’s (S&T) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s considerations.

>Science and Technology Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit (
2015
OIG-15-74 KPMG LLP reviewed the National Protection and Programs Directorate’s (NPPD) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations.

>National Protection and Programs Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-61 In October 2014, we visited former President George H.W. Bush's Houston residence in response to a complaint alleging alarms were inoperable. During our visit, we identified issues with the alarm system at the residence. The system had been inoperable for at least 13 months. During this time, the Secret Service protective detail created a roving post to secure the residence and no security breach occurred. We found problems with identifying, reporting, and tracking alarm system malfunctions, and with repairing and replacing alarm systems. Because these issues may be affecting other residences, we are bringing them to the Secret Service’s attention.

>Management Advisory-Alarm System Maintenance at Residences Protected by the U.S. Secret Service (Redacted)
2015
OIG-15-70 KPMG LLP reviewed the Office of Financial Management’s (OFM) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s considerations.

>Office of Financial Management's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-71 KPMG LLP reviewed the United States Immigration and Customs Enforcement’s (ICE) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations.

>United States Immigration and Customs Enforcement's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-68 KPMG LLP reviewed the United States Coast Guard’s (U.S. Coast Guard) internal control over financial reporting. The management letter contains six observations related to internal control and other operational matters for management’s considerations. KPMG LLP noted deficiencies and the need for improvements in certain U.S. Coast Guard processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies.

>United States Coast Guards' Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-69 We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG LLP assessed certain non-technical areas related to the protection of sensitive information technology and financial information and assets at United State Secret Service (USSS). KPMG LLP performed after-hours physical security walkthroughs and social engineering tests and identified instances where USSS personnel did not adequately comply with requirements for safeguarding sensitive material or assets from unauthorized access or disclosure. The inadequate protection of DHS information systems and data from those without a need to know or a need for access puts USSS’ sensitive electronic and physical data at adverse risk of loss, theft, or misuse.

>Information Technology Management Letter for the United States Secret Service Component of the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-62 We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at DHS’ Office of Financial Management and Office of Chief Information Officer. KPMG, LLP continued to identify deficiencies related to access controls and vulnerability management controls of DHS’ core financial system. Inadequate protection of DHS information systems and data from those without a need to know or a need for access puts DHS’ sensitive electronic and physical data at risk of loss, theft, or misuse.

>Information Technology Management Letter for the Office of Financial Management and Office of Chief Information Officer Components of the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-63 We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls and business process application controls at the Other DHS Management components. KPMG LLP performed after-hours physical security walkthroughs and social engineering and identified instances where DHS personnel did not adequately comply with requirements for safeguarding sensitive material or assets from unauthorized access or disclosure. Inadequate protection of DHS information systems and data from those without a need to know or a need for access puts DHS’ sensitive electronic and physical data at risk of loss, theft, or misuse.

>Information Technology Management Letter for the Other DHS Management Components of the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-66-D The South Carolina Department of Transportation (Department) expects to claim about $165.2 million in Public Assistance grant funds for debris removal activities associated with a February 2014 severe winter storm. We conducted this audit early in the Public Assistance process to identify areas where the Department may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The Department generally has established policies, procedures, and business practices to adequately account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines. The Department has accounting systems in place to account for disaster costs on a project-by-project basis and has adequate support for costs it plans to claim under the grant award. Further, the contracts the Department awarded to accomplish work under the grant met Federal and FEMA procurement requirements.

>South Carolina Department of Transportation Has Adequate Policies, Procedures, and Business Practices to Effectively Manage Its FEMA Public Assistance Grant Funding
2015
OIG-15-67-D As of February 2014, the Port Authority requested an estimated $213 million in Public Assistance funding for 2012 Hurricane Sandy damages. We conducted this audit early in the Public Assistance process to identify areas where the Port Authority may need additional technical assistance or monitoring to ensure compliance with Federal grant requirements. At the time of the grant award, the Port Authority of New York and New Jersey (Port Authority) did not have adequate accounting and procurement policies and procedures in place to ensure compliance with Federal Emergency Management Agency (FEMA) grant requirements. However, in late 2013, the Port Authority made changes to its accounting and procurement policies and procedures for FEMA-funded work. These changes should provide FEMA reasonable assurance that the Port Authority has the capability to account for and expend FEMA grant funds according to Federal requirements.

>The Port Authority of New York and New Jersey's Recently Updated Policies, Procedures, and Business Practices Should Be Adequate to Effectively Manage FEMA Public Assistance Grant Funds
2015
OIG-15-64 U .S. Customs and Border Protection's (CBP) Houston Seaport is the fifth largest port for arriving containers and the largest petrochemical complex in the Nation. CBP is responsible for identifying high-risk cargo shipments arriving at the port that pose a possible threat to national security. We conducted this review to determine whether the Houston Seaport complied with CBP's National Maritime Targeting Policy (NMTP) and Cargo Enforcement Reporting and Tracking System (CERTS) Port Guidance. The Houston Seaport generally complied with the NMTP and CERTS Port Guidance. However, CBP could improve its documentation of waivers and exceptions to mandatory examinations of high-risk cargo. In addition, CBP could improve access controls for authorizing Port Director waivers within CERTS.

>CBP's Houston Seaport Generally Complied with Cargo Examination Requirements but Could Improve Its Documentation of Waivers and Exceptions (Redacted)
2015
OIG-15-65-D Holy Cross received an $89 million FEMA grant award for 2005 Hurricane Katrina damages to its campus in the Ninth Ward of New Orleans. By 2011, the school had completed work on 12 of its 16 projects. However, at the time of our audit, Louisiana had not submitted a final claim for the 12 projects and FEMA had closed only 1 large project. Holy Cross did not follow Federal procurement standards in awarding 21 contracts totaling $82.4 million. As a result, FEMA has no assurance that costs were reasonable. This is especially true for projects that FEMA funds at 100 percent of the costs. Further, the lack of open and free competition increased the risk of fraud, waste, and abuse and decreased opportunities for small businesses, minority-owned firms, and women’s business enterprises to compete for federally funded work. For the most part, we do not question costs that Holy Cross incurred to reopen school in January 2006, or to operate temporary facilities in the Ninth Ward. However, in 2007, Holy Cross decided to relocate from the Ninth Ward to the Gentilly neighborhood of New Orleans. Holy Cross set up a temporary campus in Gentilly in 2007 and began work on permanent facilities there in 2008. By 2007, exigent circumstances no longer existed, so Holy Cross should have procured competitive bids according to Federal regulations for the work in Gentilly.

>FEMA Should Disallow $82.4 Million of Improper Contracting Costs Awarded to Holy Cross School, New Orleans, Louisiana
2015
OIG-15-59 On January 17, 2014, Congress enacted Public Law 113-76, Consolidated Appropriations Act, 2014. According to Section 520 (a), the Secretary of Department of Homeland Security (DHS) shall submit a report not later than October 15, 2014, to the Office of Inspector General, listing all grants and contracts awarded by any means other than full and open competition during fiscal year (FY) 2014. As required, we reviewed the report and assessed departmental compliance with applicable laws, regulations, and departmental procedures. In FY 2014, DHS awarded 399 noncompetitive contracts worth about $306 million. This represents a continuing decrease of more than $3 billion obligated through noncompetitive contracts over a 6-year period. We reconciled the entire FY 2014 contract listing against the Federal Procurement Data System and found that the data between the two lists were 99.8 percent identical. Also in FY 2014, DHS awarded 66 noncompetitive grants worth about $126 million. Although three noncompetitive grants worth approximately $3.2 million did not meet accuracy, timeliness, or completeness standards, approximately 95.5 percent did meet the requirements as set forth in the Federal Funding Accountability and Transparency Act of 2006.

>DHS Contracts and Grants Awarded through Other than Full and Open Competition, FY 2014
2015
OIG-15-57 U.S. Immigration and Customs Enforcement Air Operations (ICE Air) is responsible for moving and removing detainees in ICE custody by providing air transportation services to Enforcement and Removal Operations’ (ERO) 24 field offices. We reviewed this program to determine whether ICE Air was ensuring the most effective use of its resources. Although ICE Air met its mission by transporting 930,435 detainees over a 3-1/2-year period, it could have used its resources more effectively. In fact, ICE Air may have missed opportunities to improve the program’s overall effectiveness even though it has identified some ways to reduce costs associated with detainee transportation. Furthermore, ICE Air does not capture complete and accurate data essential to support operational decisions. This occurred because ERO did not provide the planning, management, and reporting tools needed to operate effectively, and it does not have a mechanism in place to obtain feedback on how well its processes are performing. ERO management has not developed a data management plan, assessed staffing and training needs, or implemented formal policies and procedures. It also has not conducted a comprehensive analysis of current operations for making informed business decisions that will safeguard the program’s resources. As a result, ICE Air operated charter flights with empty seats and could have realized cost savings of up to $41.1 million upon determining optimum flight capacity. This estimate is based on the average of charter costs incurred during the scope period for the missions analyzed. Although the estimated potential cost savings will not be claimed as funds put to better use, it is an indicator of ICE Air’s potential for future cost savings.

>ICE Air Transportation of Detainees Could Be More Effective
2015
OIG-15-58 KPMG LLP reviewed the United States Secret Service’s (U.S. Secret Service) internal control over financial reporting. The management letter contains seven observations related to internal control and other operational matters for management’s considerations. KPMG LLP noted deficiencies and the need for improvements in certain U.S. Secret Service processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies.

>United States Secret Service's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-56 KPMG LLP reviewed the Transportation Security Administration’s (TSA) internal control over financial reporting. The management letter contains 15 observations related to internal control and other operational matters for management’s considerations. KPMG LLP noted deficiencies and the need for improvements in certain TSA processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies.

>Transportation Security Administration's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-55 USCG has taken some steps to address the risk of insider threats to its information systems and data. For example, USCG established an Insider Threat Working Group designed to implement a holistic program focused on the insider risk. In addition, USCG implemented a process to verify that system administrators have the appropriate level of access to information technology systems and networks to perform their assigned duties. Further, USCG established the Cyber Security Operations Center to monitor and respond to potential insider threat risks or incidents against USCG information systems and networks. However, additional steps are needed to further address the risk posed by trusted insiders at USCG

>United States Coast Guard Has Taken Steps to Address Insider Threats, but Challenges Remain
2015
OIG-15-54 We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls, information technology entity level controls, and business process application controls at the Federal Emergency Management Agency (FEMA). KPMG LLP determined that FEMA had taken corrective action to design and consistently implement certain account management and configuration management controls. However, KPMG LLP continued to identify general information technology control deficiencies related to security management, logical access, configuration management, segregation of duties, and contingency planning for FEMA’s core financial and feeder systems. Such control deficiencies limited FEMA’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data.

>Information Technology Management Letter for the Federal Emergency Management Agency Component of the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-52 KPMG LLP reviewed National Flood Insurance Program’s internal control over financial reporting. The resulting management letter contains four observations related to internal controls and other operational matters for management’s consideration. KPMG LLP noted deficiencies and the need for improvements in certain National Flood Insurance Program (NFIP) processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year (FY) 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies.

>National Flood Insurance Program's Management Letter for DHS' FY 2014 Financial Statements Audit (Redacted)
2015
OIG-15-53 The U.S. Customs and Border Protection’s (CBP) Non-Intrusive Inspection (NII) program is vital to securing the Nation’s borders while facilitating efficient flow of legitimate trade and travel. CBP uses NII equipment to screen cargo and conveyances at our Nation’s land, sea, and air ports of entry. In fiscal year 2014, CBP awarded six contracts and one interagency agreement valued at approximately $90.4 million to perform preventive and corrective maintenance of NII equipment. We performed this audit to determine whether maintenance is being performed on CBP’s screening equipment in accordance with contractual requirements and manufacturers’ specifications. CBP monitored NII operations using methods such as conducting daily meetings to discuss NII availability and reviewing field office submissions of utilization reports. However, CBP has not ensured that contractors perform preventive and corrective maintenance on its screening equipment in accordance with contractual requirements and manufacturers’ specifications. This deficiency occurred because CBP has not verified that maintenance is performed in accordance with manufacturers’ specifications, evaluated contractors’ performance, and assessed the reliability of maintenance data. Without a process to validate maintenance data and to evaluate and assess that NII equipment is being repaired and maintained in accordance with manufacturers’ specifications, CBP’s NII equipment may not be repaired and maintained to retain full functionality and maximum useful life.

>CBP's Oversight of Its Non-Intrusive Inspection Equipment Maintenance Contracts Needs Improvement
2015
OIG-15-46 We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at the Transportation Security Administration (TSA). KPMG, LLP determined that TSA took corrective action to design and consistently implement certain technical security account controls. However, KPMG, LLP continued to identify general information technology control deficiencies related to logical access to TSA’s core financial and feeder systems. Such control deficiencies limited TSA’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data.

>Information Technology Management Letter for the Transportation Security Administration Component of the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-50-D The Palm Beach County School District, Florida (District) received a $15.0 million grant award from the Florida Division of Emergency Management (Florida), a Federal Emergency Management Agency (FEMA) grantee for Hurricane Jeanne damages in September 2004. The District did not fully comply with Federal procurement requirements for contract work valued at $7.7 million. Florida, as the grantee, was responsible for ensuring that the District was aware of and followed all Federal requirements. Normally, we would question such improper costs; however, we are not in this case because FEMA said the costs were reasonable and allowed the costs at project closeout using the agency’s authority granted under 44 CFR 13.6(c). We also identified $145,145 of ineligible costs consisting of $98,645 of unreasonable contract costs and $46,500 in duplicate benefits.

>Florida and Palm Beach County School District Did Not Properly Administer $9.2 Million of FEMA Grant Funds Awarded for Hurricane Wilma Damages
2015