Audits, Inspections, and Evaluations

Report Number	Title	Issue Date Sort ascending	Fiscal Year
OIG-15-63	We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls and business process application controls at the Other DHS Management components. KPMG LLP performed after-hours physical security walkthroughs and social engineering and identified instances where DHS personnel did not adequately comply with requirements for safeguarding sensitive material or assets from unauthorized access or disclosure. Inadequate protection of DHS information systems and data from those without a need to know or a need for access puts DHS’ sensitive electronic and physical data at risk of loss, theft, or misuse. >Information Technology Management Letter for the Other DHS Management Components of the FY 2014 Department of Homeland Security Financial Statement Audit	04/14/2015	2015
OIG-15-65-D	Holy Cross received an $89 million FEMA grant award for 2005 Hurricane Katrina damages to its campus in the Ninth Ward of New Orleans. By 2011, the school had completed work on 12 of its 16 projects. However, at the time of our audit, Louisiana had not submitted a final claim for the 12 projects and FEMA had closed only 1 large project. Holy Cross did not follow Federal procurement standards in awarding 21 contracts totaling $82.4 million. As a result, FEMA has no assurance that costs were reasonable. This is especially true for projects that FEMA funds at 100 percent of the costs. Further, the lack of open and free competition increased the risk of fraud, waste, and abuse and decreased opportunities for small businesses, minority-owned firms, and women’s business enterprises to compete for federally funded work. For the most part, we do not question costs that Holy Cross incurred to reopen school in January 2006, or to operate temporary facilities in the Ninth Ward. However, in 2007, Holy Cross decided to relocate from the Ninth Ward to the Gentilly neighborhood of New Orleans. Holy Cross set up a temporary campus in Gentilly in 2007 and began work on permanent facilities there in 2008. By 2007, exigent circumstances no longer existed, so Holy Cross should have procured competitive bids according to Federal regulations for the work in Gentilly. >FEMA Should Disallow $82.4 Million of Improper Contracting Costs Awarded to Holy Cross School, New Orleans, Louisiana	04/14/2015	2015
OIG-15-62	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at DHS’ Office of Financial Management and Office of Chief Information Officer. KPMG, LLP continued to identify deficiencies related to access controls and vulnerability management controls of DHS’ core financial system. Inadequate protection of DHS information systems and data from those without a need to know or a need for access puts DHS’ sensitive electronic and physical data at risk of loss, theft, or misuse. >Information Technology Management Letter for the Office of Financial Management and Office of Chief Information Officer Components of the FY 2014 Department of Homeland Security Financial Statement Audit	04/14/2015	2015
OIG-15-59	On January 17, 2014, Congress enacted Public Law 113-76, Consolidated Appropriations Act, 2014. According to Section 520 (a), the Secretary of Department of Homeland Security (DHS) shall submit a report not later than October 15, 2014, to the Office of Inspector General, listing all grants and contracts awarded by any means other than full and open competition during fiscal year (FY) 2014. As required, we reviewed the report and assessed departmental compliance with applicable laws, regulations, and departmental procedures. In FY 2014, DHS awarded 399 noncompetitive contracts worth about $306 million. This represents a continuing decrease of more than $3 billion obligated through noncompetitive contracts over a 6-year period. We reconciled the entire FY 2014 contract listing against the Federal Procurement Data System and found that the data between the two lists were 99.8 percent identical. Also in FY 2014, DHS awarded 66 noncompetitive grants worth about $126 million. Although three noncompetitive grants worth approximately $3.2 million did not meet accuracy, timeliness, or completeness standards, approximately 95.5 percent did meet the requirements as set forth in the Federal Funding Accountability and Transparency Act of 2006. >DHS Contracts and Grants Awarded through Other than Full and Open Competition, FY 2014	04/10/2015	2015
OIG-15-57	U.S. Immigration and Customs Enforcement Air Operations (ICE Air) is responsible for moving and removing detainees in ICE custody by providing air transportation services to Enforcement and Removal Operations’ (ERO) 24 field offices. We reviewed this program to determine whether ICE Air was ensuring the most effective use of its resources. Although ICE Air met its mission by transporting 930,435 detainees over a 3-1/2-year period, it could have used its resources more effectively. In fact, ICE Air may have missed opportunities to improve the program’s overall effectiveness even though it has identified some ways to reduce costs associated with detainee transportation. Furthermore, ICE Air does not capture complete and accurate data essential to support operational decisions. This occurred because ERO did not provide the planning, management, and reporting tools needed to operate effectively, and it does not have a mechanism in place to obtain feedback on how well its processes are performing. ERO management has not developed a data management plan, assessed staffing and training needs, or implemented formal policies and procedures. It also has not conducted a comprehensive analysis of current operations for making informed business decisions that will safeguard the program’s resources. As a result, ICE Air operated charter flights with empty seats and could have realized cost savings of up to $41.1 million upon determining optimum flight capacity. This estimate is based on the average of charter costs incurred during the scope period for the missions analyzed. Although the estimated potential cost savings will not be claimed as funds put to better use, it is an indicator of ICE Air’s potential for future cost savings. >ICE Air Transportation of Detainees Could Be More Effective	04/09/2015	2015
OIG-15-58	KPMG LLP reviewed the United States Secret Service’s (U.S. Secret Service) internal control over financial reporting. The management letter contains seven observations related to internal control and other operational matters for management’s considerations. KPMG LLP noted deficiencies and the need for improvements in certain U.S. Secret Service processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies. >United States Secret Service's Management Letter for DHS' FY 2014 Financial Statements Audit	04/08/2015	2015
OIG-15-56	KPMG LLP reviewed the Transportation Security Administration’s (TSA) internal control over financial reporting. The management letter contains 15 observations related to internal control and other operational matters for management’s considerations. KPMG LLP noted deficiencies and the need for improvements in certain TSA processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies. >Transportation Security Administration's Management Letter for DHS' FY 2014 Financial Statements Audit	04/08/2015	2015
OIG-15-55	USCG has taken some steps to address the risk of insider threats to its information systems and data. For example, USCG established an Insider Threat Working Group designed to implement a holistic program focused on the insider risk. In addition, USCG implemented a process to verify that system administrators have the appropriate level of access to information technology systems and networks to perform their assigned duties. Further, USCG established the Cyber Security Operations Center to monitor and respond to potential insider threat risks or incidents against USCG information systems and networks. However, additional steps are needed to further address the risk posed by trusted insiders at USCG >United States Coast Guard Has Taken Steps to Address Insider Threats, but Challenges Remain	03/27/2015	2015
OIG-15-52	KPMG LLP reviewed National Flood Insurance Program’s internal control over financial reporting. The resulting management letter contains four observations related to internal controls and other operational matters for management’s consideration. KPMG LLP noted deficiencies and the need for improvements in certain National Flood Insurance Program (NFIP) processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year (FY) 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies. >National Flood Insurance Program's Management Letter for DHS' FY 2014 Financial Statements Audit (Redacted)	03/25/2015	2015
OIG-15-54	We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls, information technology entity level controls, and business process application controls at the Federal Emergency Management Agency (FEMA). KPMG LLP determined that FEMA had taken corrective action to design and consistently implement certain account management and configuration management controls. However, KPMG LLP continued to identify general information technology control deficiencies related to security management, logical access, configuration management, segregation of duties, and contingency planning for FEMA’s core financial and feeder systems. Such control deficiencies limited FEMA’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the Federal Emergency Management Agency Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/25/2015	2015
OIG-15-53	The U.S. Customs and Border Protection’s (CBP) Non-Intrusive Inspection (NII) program is vital to securing the Nation’s borders while facilitating efficient flow of legitimate trade and travel. CBP uses NII equipment to screen cargo and conveyances at our Nation’s land, sea, and air ports of entry. In fiscal year 2014, CBP awarded six contracts and one interagency agreement valued at approximately $90.4 million to perform preventive and corrective maintenance of NII equipment. We performed this audit to determine whether maintenance is being performed on CBP’s screening equipment in accordance with contractual requirements and manufacturers’ specifications. CBP monitored NII operations using methods such as conducting daily meetings to discuss NII availability and reviewing field office submissions of utilization reports. However, CBP has not ensured that contractors perform preventive and corrective maintenance on its screening equipment in accordance with contractual requirements and manufacturers’ specifications. This deficiency occurred because CBP has not verified that maintenance is performed in accordance with manufacturers’ specifications, evaluated contractors’ performance, and assessed the reliability of maintenance data. Without a process to validate maintenance data and to evaluate and assess that NII equipment is being repaired and maintained in accordance with manufacturers’ specifications, CBP’s NII equipment may not be repaired and maintained to retain full functionality and maximum useful life. >CBP's Oversight of Its Non-Intrusive Inspection Equipment Maintenance Contracts Needs Improvement	03/25/2015	2015
OIG-15-46	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at the Transportation Security Administration (TSA). KPMG, LLP determined that TSA took corrective action to design and consistently implement certain technical security account controls. However, KPMG, LLP continued to identify general information technology control deficiencies related to logical access to TSA’s core financial and feeder systems. Such control deficiencies limited TSA’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the Transportation Security Administration Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/24/2015	2015
OIG-15-51-D	The Palm Beach County School District, Florida (District) received a $34.0 million grant award from the Florida Division of Emergency Management (Florida), a Federal Emergency Management Agency (FEMA) grantee, for Hurricane Wilma damages in October 2005. The District did not comply with Federal procurement standards or record retention requirements for contracts valued at $9.2 million. Florida, as the grantee, was responsible for ensuring that the District was aware of and followed all Federal requirements. In fact, the District’s 2006 Single Audit report disclosed these problems, yet we found no evidence that either Florida or the District did anything to correct them. As a result, full and open competition did not occur, and the risk that fraud, waste, and abuse occurred is high. Normally, we would question such improper costs; however, we do not in this case because FEMA said the costs were reasonable and allowed the costs at project closeout using the agency’s authority granted under 44 Code of Federal Regulations (CFR) 13.6(c). We also determined that the District claimed $33,239 of costs that were ineligible because it did not credit its claim for rebates it received for installing energy efficient roofs provided for under the award. >Florida and the Palm Beach County School District Did Not Properly Administer $7.7 Million of FEMA Grant Funds Awarded for Hurricane Jeanne Damages	03/19/2015	2015
OIG-15-50-D	The Palm Beach County School District, Florida (District) received a $15.0 million grant award from the Florida Division of Emergency Management (Florida), a Federal Emergency Management Agency (FEMA) grantee for Hurricane Jeanne damages in September 2004. The District did not fully comply with Federal procurement requirements for contract work valued at $7.7 million. Florida, as the grantee, was responsible for ensuring that the District was aware of and followed all Federal requirements. Normally, we would question such improper costs; however, we are not in this case because FEMA said the costs were reasonable and allowed the costs at project closeout using the agency’s authority granted under 44 CFR 13.6(c). We also identified $145,145 of ineligible costs consisting of $98,645 of unreasonable contract costs and $46,500 in duplicate benefits. >Florida and Palm Beach County School District Did Not Properly Administer $9.2 Million of FEMA Grant Funds Awarded for Hurricane Wilma Damages	03/19/2015	2015
OIG-15-49-D	The Palm Beach County School District, Florida (District) received a Public Assistance award of $6.4 million from the Florida Division of Emergency Management, a Federal Emergency Management Agency (FEMA) grantee, for Hurricane Frances damages in September 2004. Our audit objective was to determine whether the District accounted for and expended FEMA funds according to Federal requirements. For the projects we reviewed, the District generally accounted for and expended FEMA Public Assistance grant funds according to Federal requirements. >Palm Beach County School District, Florida, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Hurricane Frances Damages	03/18/2015	2015
OIG-15-48-D	The East Jefferson General Hospital, Metairie, Louisiana (Hospital) received a $14.3 million award from the Louisiana Governor’s Office of Homeland Security and Emergency Preparedness (Louisiana), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Katrina in August 2005. Our audit objective was to determine whether the Hospital accounted for and spent FEMA funds according to Federal requirements. The Hospital did not comply with Federal procurement standards in awarding $9.5 million for 17 contracts. Ten of the 17 contracts were prohibited cost-plus-a-percentage-of-cost contracts for exigent work. We did not question the majority of contract costsbecause contractors performed most of the work under exigent circumstances. We did, however, question $395,032 ofmarkups on costs because Federal regulations strictly forbid the cost-plus-a-percentage-of-cost method of contracting because it provides a disincentive for contractors to control costs. Because of our audit, the Hospital was preparing a Disaster Policy Guide to assist them in complying with Federal regulations for any future disasters. >FEMA Should Recover $395,032 of Improper Contracting Costs from $14.3 Million Grant Funds Awarded to East Jefferson General Hospital, Metairie, Louisiana	03/18/2015	2015
OIG-15-47	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at the United States Coast Guard (USCG). KPMG, LLP determined that USCG took corrective action over designing and consistently implementing certain account management and configuration management controls. However, KPMG, LLP continued to identify general information technology control deficiencies related to security management, logical access, configuration management, segregation of duties, and contingency planning for USCG’s core financial and feeder systems. Such control deficiencies limited USCG’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the United States Coast Guard Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/17/2015	2015
OIG-15-45	The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure alleging a sufficiently notorious convicted felon was improperly cleared for TSA PreCheck screening, creating a significant aviation security breach. The disclosure identified this event as a possible error in the TSA Secure Flight program since the traveler’s boarding pass contained a TSA PreCheck indicator and encrypted barcode. On October 16, 2014, OSC referred this allegation to the Secretary of Department of Homeland Security (DHS). The Department subsequently requested our assistance with this allegation. We determined that TSA did not grant the traveler TSA PreCheck screening through the TSA PreCheck Application Program or managed inclusion (MI). TSA granted the traveler TSA PreCheck screening through risk assessment rules in the Secure Flight program. >Allegation of Granting Expedited Screening through TSA PreCheck Improperly (Redacted)	03/16/2015	2015
OIG-15-44	The Office of Inspector General contracted with the independent accounting firm KPMG LLP to conduct an integrated audit of DHS’ fiscal year 2014 consolidated financial statements and internal control over financial reporting. The Management Letter contains 101 observations related to internal controls and other operational matters for management’s considerations. KPMG LLP noted deficiencies and needed improvements in certain processes. These deficiencies did not meet the criteria to be reported in the Independent Auditor’s Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, of November 14, 2014, included in DHS FY 2014 Agency Financial Report. Internal control deficiencies that meet the criteria were reported, as required, in the independent auditor’s report. >Management Letter for the FY 2014 DHS Financial Statements and Internal Control over Financial Reporting Audit	03/13/2015	2015
OIG-15-43	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at U.S. Citizenship and Immigration Services. KPMG, LLP determined that USCIS had made improvements in designing and consistently implementing controls related to reviewing audit logs and enforcing account security requirements. However, KPMG, LLP continued to identify access control deficiencies related to USCIS’s core financial system. Additionally, many key financial and feeder systems have not been substantially updated since being inherited from legacy agencies several years ago. Such control deficiencies have limited USCIS’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the U.S. Citizenship and Immigration Services Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/12/2015	2015
OIG-15-42	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at U.S. Immigration and Customs Enforcement (ICE). KPMG, LLP determined that ICE had made improvements in designing and consistently implementing controls related to segregation of duties on financial system components and in addressing identified vulnerabilities. However, KPMG, LLP continued to identify general information technology controls deficiencies related to access controls and configuration management of ICE’s core financial system. Such control deficiencies limited ICE’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the Immigration Customs Enforcement Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/12/2015	2015
OIG-15-41	The United States Coast Guard (USCG) operates the Biometrics at Sea System (BASS) to collect biometric data from interdicted aliens. The biometrics are sent to the Department of Homeland Security’s (DHS) Automated Biometric Identification System (IDENT) to identify potential persons of interest, including suspected terrorists. We audited BASS interface with IDENT, security roles and responsibilities, and change control management. We determined that USCG did not have a routine reconciliation process to ensure that all biometrics that it captured on the 23 cutters are maintained in IDENT. Not ensuring reconciliation between the total biometrics USCG submitted and the number stored in IDENT may impede future identification of suspected terrorists, aggravated felons, or other individuals of interest. USCG also allowed application programmers with unrestricted system access to share passwords. The control weakness may result in individuals making unauthorized changes to the system without detection. Further, we determined that the authorization for the transition from the 2-fingerprint to 10-fingerprint application system was not properly documented and security documentation had not been updated. Without a proper authorization process, USCG could not provide assurance that senior executives approved the change prior to implementation. >The Security Posture of the United States Coast Guard's Biometrics At Sea System Needs Improvements	03/03/2015	2015
OIG-15-40-D	We reviewed $1,726,151 of costs the County claimed for one large project (Project 3095). This amount was $945,640 more than the $780,511 that FEMA initially authorized and obligated for the project. The County improperly claimed $945,640 more than the $780,511 that FEMA Region IX initially authorized to construct a wall to stabilize a damaged section of road. The County incurred the additional costs because, rather than adhere to the scope of work that FEMA authorized, it built a superior wall to lessen the susceptibility of damage that anticipated wildfires might cause in that location. FEMA Headquarters ultimately approved this funding and awarded the County both the initial $780,511 and an additional$945,640 for the already-completed project. However, FEMA Headquarters did not provide a reasonable justification for its decision and did not perform a benefit/cost analysis as required to fund mitigation measures. As a result, FEMA and taxpayers had no assurance that the mitigations work was cost effective, as Federal regulations and FEMA guidelines require. >FEMA Needs to Ensure the Cost Effectiveness of $945,640 that Los Angeles County, California Spent for Hazard Mitigation Under the Public Assistance Program	03/03/2015	2015
OIG-15-39	CBP did not effectively target and examine rail shipments entering the United States from Mexico and Canada. Specifically, U.S. Customs and Border Protection Officers (CBPO) did not always target shipments using the mandatory Automated Targeting System (ATS) targeting criteria. CBPOs also did not always use the required radiation detection equipment to examine high-risk shipments. Finally, CBPOs did not always record the results of their rail cargo examinations in the Cargo Enforcement Reporting and Tracking System (CERTS). CBPOs were unaware of the correct targeting criteria or inadvertently used inappropriate criteria. In addition, one port did not have the required radiation detection equipment for its rail team, and CBPOs at two other ports used Personal Radiation Detectors to examine shipments. Rail CBPOs also received insufficient training on the use of ATS and CERTS. Finally, Supervisory CBPOs did not provide sufficient oversight to ensure CBPOs followed CBP policy. As a result, CBP may have failed to target or properly examine rail shipments that were at an increased risk to contain contraband or dangerous materials. In addition, CBP has no assurance that decisions to release these high-risk shipments into U.S. commerce were appropriate. >U.S. Customs and Border Protection Did Not Effectively Target and Examine Rail Shipments From Canada and Mexico	03/02/2015	2015
OIG-15-38	We conducted an audit of S&T’s award and management of its contract with NVS Technologies, Inc. Although S&T properly awarded the contract, we identified deficiencies with S&T’s management of the contract. Specifically, program managers did not document contract oversight because S&T does not have adequate policies and procedures governing contract management. As a result, S&T may have wasted $23 million in incurred costs plus additional cost associated with contract termination. If program performance is not adequately documented, S&T may also have difficulty making well-informed decisions on all its contracts. >Science and Technology Directorate Needs to Improve Its Contract Management Procedures	02/27/2015	2015
OIG-15-37-D	Gwinnett County, Georgia (County) received an award of $6.3 million from the Georgia Emergency Management Agency (Georgia), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from a September 2009 flood. We audited projects totaling $4.6 million to determine whether the County accounted for and expended FEMA funds according to Federal requirements. For the projects we reviewed, the County generally accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. The County’s claim did include $87,208 of ineligible costs that insurance covered; however, this occurred because of a minor FEMA funding error. In addition, Georgia overpaid the County a total of $871,129 under several projects. Although these overpayments to the County do not affect the amount of obligated Federal funds, the County should return the excess funds to Georgia to be put to better use. >Gwinnett County, Georgia, Generally Accounted for and Expended FEMA Public Assistance Grant Funds According to Federal Requirements	02/20/2015	2015
OIG-15-34-D	Larimer County, Colorado (County) received a $22.5 million grant for damages from a September 2013 disaster. We conducted this audit early in the grant process to identify areas where the County may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The policies, procedures, and business practices of the County are not adequate to account for and expend Federal Emergency Management Agency (FEMA) grant funds according to all Federal requirements. As a result, the County is at risk of losing some or all of its FEMA-approved funding, which totaled $22.5 million as of June 2014. >Larimer County, Colorado, Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements	02/13/2015	2015
OIG-15-33	We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Management Act, we reviewed the Department’s security program including its policies, procedures, and system security controls for enterprise-wide intelligence systems. In doing so, we assessed the Department’s continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones for correcting information security weaknesses, contingency planning, and security capital planning . >Fiscal Year 2014 Evaluation of DHS' Compliance with Federal Information Security Management Act Requirements for Intelligence Systems	02/13/2015	2015
OIG-15-35-D	The Imperial Irrigation District (District) received a $10.5 million award of Federal Emergency Management Agency (FEMA) Public Assistance grant funds for damages resulting from an April 2010 earthquake. We audited $7.8 million, or 74 percent of the total award. The District did not always account for and expend FEMA grant funds according to Federal requirements. The District awarded contracts totaling $3.6 million without taking the required affirmative steps to ensure the use of small and minority firms, women’s business enterprises, and labor surplus area firms when possible. As a result, FEMA has no assurance that these types of firms had opportunities to bid on Federal work as Congress intended. The District’s claim also included $45,408 of ineligible contract costs and $1,473 of unsupported equipment costs. In addition, FEMA should deobligate $2.5 million and put those funds to better use because the District completed disaster work and no longer needs those funds. >FEMA Should Recover $6.2 Million of Ineligible and Unused Grant Funds Awarded to the Imperial Irrigation District, California	02/13/2015	2015
OIG-15-36	Evaluation of Alleged AUO Misuse at U.S. Customs and Border Protection, Office of Internal Affairs (OSC File No. DI-14-0666)	02/12/2015	2015
OIG-15-32	After an alteration of the BNSF Railway bridge (Burlington bridge) in Burlington, Iowa, was completed in 2012, the United States Coast Guard (Coast Guard) requested that we audit the sharing of costs, known as the final apportionment of cost, to determine its accuracy. Coast Guard could not provide proper documentation to support the final apportionment of cost for the Burlington bridge alteration, of which $74 million was allocated to the Coast Guard and $8 million to BNSF Railway (BNSF). Specifically, the Coast Guard did not properly document its review of the construction contractors who bid on the new bridge. In addition, the financial documentation for changes to originally planned work did not always support the cost of the work. The Coast Guard also did not have a process to evaluate and verify BNSF’s reported salvage value or expected savings in maintenance and repair costs. Based on our review of available documentation, we were unable to confirm either the Coast Guard’s or BNSF’s share of the final cost to alter the Burlington bridge. As a result, the Coast Guard cannot be certain it was appropriate to pay $74 million as the Federal share of the final cost of the bridge alteration. >United States Coast Guard's Alteration of the Burlington Bridge Project	02/11/2015	2015
OIG-15-21	The United States Secret Service’s acquisition management program office, established in 2011, has adequate oversight and management of its acquisition process, complies with DHS acquisition guidance, and has implemented some best practices. However, the Secret Service does not have its own guidance for acquisitions valued at less than $300 million and, at the time of our audit, the component did not have a designated Component Acquisition Executive. >The United States Secret Service Has Adequate Oversight and Management of its Acquisitions (Revised)	02/10/2015	2015
OIG-15-31	The U.S. Coast Guard’s Travel to Obtain Health Care program is intended to ensure U.S. Coast Guard (Coast Guard) members and their dependents have access to proper medical care while stationed in locations where access to specialty care may not be readily available. From October 2010 through June 2014, the Coast Guard spent almost $4.5 million on this program. We received allegations that unnecessary travel had been approved. As a result, we conducted this audit to determine if the program has sufficient controls to ensure travel is necessary. The program did not have sufficient controls to ensure that travel for medical purposes was necessary. The Coast Guard did not establish, distribute, or ensure implementation of clear policies and procedures for reviewing, approving, and maintaining program requests. Local offices were not provided criteria or training on how to evaluate the requests, did not document that travel was necessary, and did not adequately justify that the location for medical care was appropriate. Ninety-four percent of the records tested were missing essential information, such as physicians’ referrals and cost estimates. Without this information, approving officials may not have been able to evaluate whether the travel was necessary and cost effective. As a result, the Coast Guard may have approved requests for inappropriate health care travel, incurring unnecessary costs and lost productivity. >The U.S. Coast Guard Travel to Obtain Health Care Program Needs Improved Policies and Better Oversight	02/09/2015	2015
OIG-15-22	ICE’s Intensive Supervision Appearance Program offers alternatives to detention. We reviewed whether: (1) the rate at which individuals in the Intensive Supervision Appearance Program have absconded or committed criminal acts has been reduced since 2009; (2) ICE can improve the effectiveness of its alternatives to detention program, either by revising or expanding its Intensive Supervision Appearance Program contract, or through other cost-effective means; and (3) ICE’s Risk Classification Assessment is effective. According to U.S. Immigration and Customs Enforcement (ICE), the Intensive Supervision Appearance Program is effective because, using its performance metrics, few program participants abscond. However, ICE has changed how it uses the program and no longer supervises some participants throughout their immigration proceedings. As a result, ICE cannot definitively determine whether the Intensive Supervision Appearance Program has reduced the rate at which aliens, who were once in the program but who are no longer participating, have absconded or been arrested for criminal acts. ICE should adjust its performance metrics to reflect changes in its criteria for program participation. >U.S. Immigration and Customs Enforcement's Alternatives to Detention (Revised)	02/04/2015	2015
OIG-15-30-D	The City of Loveland, Colorado (City) received a $21.1 million grant for damages from a September 2013 disaster. We conducted this audit early in the grant process to identify areas where the City may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The City generally has established policies, procedures, and business practices to adequately account for and expend FEMA Public Assistance Program grant funds according to Federal regulations and FEMA guidelines. However, we identified areas related to accounting, procurement, and insurance in which the City needs to improve its procedures to ensure compliance with Federal requirements for the $21.1 million Federal disaster award. >The City of Loveland, Colorado, Could Benefit from Additional Assistance in Managing its FEMA Public Assistance Grant Funding	01/29/2015	2015
OIG-15-29	In October 2011, the Transportation Security Administration (TSA) introduced the TSA PreCheck initiative in response to congressional authorization to implement trusted passenger programs. TSA identifies low-risk passengers to receive expedited screening through TSA PreCheck lanes at airport security checkpoints. After initial implementation, Congress directed TSA to (1) certify by the end of December 2013 that 25 percent of air passengers are eligible for expedited screening without lowering security standards and (2) outline a strategy to increase the number of air passengers eligible for expedited screening to 50 percent by the end of December 2014. Our objectives were to determine: (1) what processes and procedures exist to ensure proper vetting of applicants; (2) how TSA assesses member continued eligibility; and (3) how TSA tests its processes for effectiveness and timeliness. As a concept, TSA PreCheck is a positive step towards risk-based security screening; however, TSA needs to modify TSA PreCheck vetting and screening processes. We also determined that TSACheckcommunication and coordination need improvement. We are making recommendations to assist TSA in correcting deficiencies to meet its expedited screening goals. >Security Enhancements Needed to the TSA PreCheck™ Initiative	01/28/2015	2015
OIG-15-25	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Customs and Border Protection’s (CBP) Detailed Accounting Submission. CBP management prepared the Table of fiscal year 2014 Drug Control Obligations (Table) and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Some of the assumptions CBP used for computing obligations by decision units are based on surveys completed in prior years. While CBP management represented that the assumptions used continue to be valid for purposes of computing obligations presented in the Table, KPMG was unable to perform review procedures supporting that representation. Based on its review, except for matters noted above, nothing came to KPMG LLP’s attention that caused it to believe that the Detailed Accounting Submission for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Customs and Border Protection's FY 2014 Detailed Accounting Submission	01/26/2015	2015
OIG-15-27	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Coast Guard’s (Coast Guard) fiscal year 2014 Drug Control Performance Summary Report. Coast Guard management prepared the Performance Summary Report and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Performance Summary Report for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Coast Guard's FY 2014 Drug Control Performance Summary Report	01/26/2015	2015
OIG-15-28	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Coast Guard’s (Coast Guard) Detailed Accounting Submission. Coast Guard’s management prepared the Table of FY 2014 Drug Control Obligations and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Detailed Accounting Submission for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Coast Guard's FY 2014 Detailed Accounting Submission	01/23/2015	2015
OIG-15-24	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Immigration and Customs Enforcement’s (ICE) Detailed Accounting Submission. ICE management prepared the Table of FY 2014 Drug Control Obligations and related disclosures to comply with the requirements of the Office of National Drug Control Policy’s ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Detailed Accounting Submission for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Immigration and Customs Enforcement's FY 2014 Detailed Accounting Submission	01/23/2015	2015
OIG-15-26	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Customs and Border Protection’s (CBP) fiscal year (FY) 2014 Drug Control Performance Summary Report. CBP management prepared the Performance Summary Report and related disclosures to comply with the requirements of ONDCP circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Performance Summary Report for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Customs and Border Protection's FY 2014 Drug Control Performance Summary Report	01/23/2015	2015
OIG-15-23	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Immigration and Customs Enforcement’s (ICE) fiscal year (FY) 2014 Drug Control Performance Summary Report. ICE management prepared the Performance Summary Report and related disclosures to comply with the requirements of ONDCP’s circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Performance Summary Report for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Immigration and Customs Enforcement's FY 2014 Drug Control Performance Summary Report	01/23/2015	2015
OIG-15-08	Although Ohio took steps in recent years to improve its management of funds awarded under the HSGP, the Federal Emergency Management Agency (FEMA) cannot be assured that Ohio effectively managed grant funds from fiscal years (FY) 2010 through 2012. Specifically, Ohio needs to improve its performance measures, the accounting for grant funds, the timeliness of releasing funds to subgrantees, and its monitoring of subgrantees, including their procurement and property management practices. Although we identified many of these same challenges in two previous audits of Ohio’s management of HSGP funding, FEMA has not changed its oversight practices to target Ohio’s areas of repeated deficiencies. Ohio continues to disregard some Federal regulations and grant guidance. Consequently, the State may be limited in its ability to prevent, prepare for, protect against, and respond to natural disasters, acts of terrorism, and other manmade disasters. >Ohio’s Management of Homeland Security Grant Program Awards for Fiscal Years 2010 Through 2012 (Revised)	01/09/2015	2015
OIG-15-20	We conducted this evaluation in response to a whistleblower disclosure concerning employees in the U.S. Border Patrol’s (USBP) El Centro Sector Headquarters in El Centro, California. The whistleblower alleged that Border Patrol agents detailed to the El Centro Sector Headquarters as CrossFit instructors claim administratively uncontrollable overtime (AUO), but fail to perform duties that qualify for AUO. Border Patrol agents also serve as CrossFit instructors in seven other Border Patrol sector headquarters. Federal regulations allow agencies to pay AUO annually to employees in positions that require substantial amounts of irregular or occasional overtime work and in which the hours of duty cannot be controlled administratively. Employees must remain on duty not merely because it is desirable, but because of compelling reasons inherently related to continuance of their duties, and of such a nature that failure to carry on would constitute negligence. CrossFit is a fitness program that employs endurance and fast-switch strength movements as a form of physical conditioning. Eight USBP sectors include CrossFit classes in their physical fitness programs. Six of the eight sectors paid AUO to Border Patrol agents engaged as CrossFit instructors. AUO paid to Border Patrol agents for CrossFit instruction and related activities, such as gym maintenance and class preparation, was inconsistent with Federal AUO regulations. The hours of duty for CrossFit instruction and related activities could have been controlled administratively. In addition, CrossFit duties were not so compelling that failure to complete those duties would have constituted negligence. USBP discontinued AUO payments for CrossFit instruction and related activities in January 2014. >Evaluation of Alleged AUO Misuse by U.S. Border Patrol Agents Engaged as CrossFit Instructors	01/08/2015	2015
OIG-15-18	As part of our Technical Security Evaluation Program, we evaluated technical and information security policies and procedures of Department of Homeland Security components at the John F. Kennedy International Airport. Four Department components – the Transportation Security Administration, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, and U. S. Secret Service – operate information technology systems that support homeland security operations at this major airport. Our evaluation focused on how these components have implemented operational, technical, and management controls for computer security at the airport and nearby locations. We performed onsite inspections of the areas where these assets were located, interviewed departmental staff, and conducted technical tests of computer security controls. We also reviewed applicable policies, procedures, and other relevant documentation. The Department’s sensitive system security policies, the information technology security controls implemented at several sites had deficiencies that, if exploited, could have resulted in the loss of confidentiality, inte grity, and availability of the components’ information technology systems. >Audit of Security Controls for DHS Information Systems at John F. Kennedy International Airport (Redacted) (Revised)	01/07/2015	2015
OIG-15-17	We conducted this audit to determine the effectiveness and cost of the Unmanned Aircraft System program, in which U.S. Customs and Border Protection ( CBP) has invested significant funds. Although CBP’s Unmanned Aircraft System program contributes to border security, after 8 years, CBP cannot prove that the program is effective because it has not developed performance measures. The program has also not achieved the expected results. Specifically, the unmanned aircraft are not meeting flight hour goals, and we found little or no evidence CBP has met its program expectations. We estimate it costs $12,255 per flight hour to operate the program; CBP’s calculation of $2,468 per flight hour does not include all operating costs. By not recognizing all operating costs, CBP cannot accurately assess the program’s cost effectiveness or make informed decisions about program expansion. In addition, Congress and the public may be unaware of all the resources committed to the program. As a result, CBP has invested significant funds in a program that has not achieved the expected results, and it cannot demonstrate how much the program has improved border security. The $443 million CBP plans to spend on program expansion could be put to better use by investing in alternatives. >U.S. Customs and Border Protection's Unmanned Aircraft System Program Does Not Achieve Intended Results or Recognize All Costs of Operations	12/24/2014	2015
OIG-15-19-D	We received two Office of Inspector General (OIG) Hotline complaints about insurance reviews of Florida disaster assistance applicants. In addition, three OIG audits of Florida grant recipients raised similar concerns. The quality of FEMA’s insurance reviews in Florida was not adequate to maximize insurance available under applicants’ policies and to ensure that duplication of benefits did not occur. FEMA’s Florida Recovery Office knew about these deficiencies in its insurance review process but did not correct them. As a result, FEMA may have funded up to $177 million that insurance should have covered. >FEMA Insurance Reviews of Applicants Receiving Public Assistance Grant Funds for 2004 and 2005 Florida Hurricanes Were Not Adequate	12/18/2014	2015
OIG-15-13	In most instances, the CBP Miami Field Office complied with CBP policies and procedures. We found only minor deficiencies in CBP Miami Field Office operations for cargo targeting and seized asset management. For passenger screening, Miami International Airport leveraged an existing system to track passengers who have records for violations of laws or other significant events. Other Miami Field Office ports of entry could benefit from this “one-stop system” that would allow them to document, monitor, and report on targeting passengers in real time. The field office could improve the consistency of its recordkeeping for changes to the biometric watchlist. Also, the CBP Miami Field Office needs to improve its compliance with safeguards for using high security bolt seals during cargo screening. Lastly, the CBP Miami Field Office needs to update its policy and procedures for agriculture inspections so they align with current U.S. Department of Agriculture procedures. >Inspection of U.S. Customs and Border Protection Miami Field Office Ports of Entry	12/18/2014	2015
OIG-15-16	We reviewed Department of Homeland Security’s (DHS) information security program in accordance with the Federal Information Security Management Act of 2002 (FISMA). Our objective was to determine whether DHS’ information security program is adequate, effective, and in compliance with FISMA requirements. DHS has taken steps to improve its information security program. For example, DHS expanded the ongoing authorization program to improve the security of its information systems through a revised risk management approach. Additionally, DHS developed and implemented the Fiscal Year 2014 Information Security Performance Plan, which defines the performance requirements, priorities, and overall goals for the Department. DHS has also taken actions to address the President’s cybersecurity priorities, which include the implementation of trusted internet connections, continuous monitoring of the Department’s information systems, and strong authentication. While these efforts have resulted in some improvements, Components are not consistently following DHS’ policies and procedures to update the system inventory and plan of action and milestones in the Department’s enterprise management systems. Further, Components continue to operate systems without the proper authority. >Evaluation of DHS' Information Security Program for Fiscal Year 2014	12/12/2014	2015
OIG-15-15-D	The Gulf Coast Mental Health Center (Center) received an award of $2.1 million from the Mississippi Emergency Management Agency, a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Katrina, which occurred in August 2005. Our audit objective was to determine whether the Center accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. The Center generally accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. However, we identified $61,200 of duplicate benefits for costs recoverable from another source. This amount represented about 4 percent of the $1.4 million we reviewed for five projects. >Gulf Coast Mental Health Center, Mississippi, Generally Accounted for and Expended FEMA Public Assistance Grant Funds According to Federal Requirements	12/09/2014	2015

Return to top of page