Audits, Inspections, and Evaluations

Report Number	Title	Issue Date Sort ascending	Fiscal Year
OIG-15-50-D	The Palm Beach County School District, Florida (District) received a $15.0 million grant award from the Florida Division of Emergency Management (Florida), a Federal Emergency Management Agency (FEMA) grantee for Hurricane Jeanne damages in September 2004. The District did not fully comply with Federal procurement requirements for contract work valued at $7.7 million. Florida, as the grantee, was responsible for ensuring that the District was aware of and followed all Federal requirements. Normally, we would question such improper costs; however, we are not in this case because FEMA said the costs were reasonable and allowed the costs at project closeout using the agency’s authority granted under 44 CFR 13.6(c). We also identified $145,145 of ineligible costs consisting of $98,645 of unreasonable contract costs and $46,500 in duplicate benefits. >Florida and Palm Beach County School District Did Not Properly Administer $9.2 Million of FEMA Grant Funds Awarded for Hurricane Wilma Damages	03/19/2015	2015
OIG-15-48-D	The East Jefferson General Hospital, Metairie, Louisiana (Hospital) received a $14.3 million award from the Louisiana Governor’s Office of Homeland Security and Emergency Preparedness (Louisiana), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Katrina in August 2005. Our audit objective was to determine whether the Hospital accounted for and spent FEMA funds according to Federal requirements. The Hospital did not comply with Federal procurement standards in awarding $9.5 million for 17 contracts. Ten of the 17 contracts were prohibited cost-plus-a-percentage-of-cost contracts for exigent work. We did not question the majority of contract costsbecause contractors performed most of the work under exigent circumstances. We did, however, question $395,032 ofmarkups on costs because Federal regulations strictly forbid the cost-plus-a-percentage-of-cost method of contracting because it provides a disincentive for contractors to control costs. Because of our audit, the Hospital was preparing a Disaster Policy Guide to assist them in complying with Federal regulations for any future disasters. >FEMA Should Recover $395,032 of Improper Contracting Costs from $14.3 Million Grant Funds Awarded to East Jefferson General Hospital, Metairie, Louisiana	03/18/2015	2015
OIG-15-49-D	The Palm Beach County School District, Florida (District) received a Public Assistance award of $6.4 million from the Florida Division of Emergency Management, a Federal Emergency Management Agency (FEMA) grantee, for Hurricane Frances damages in September 2004. Our audit objective was to determine whether the District accounted for and expended FEMA funds according to Federal requirements. For the projects we reviewed, the District generally accounted for and expended FEMA Public Assistance grant funds according to Federal requirements. >Palm Beach County School District, Florida, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Hurricane Frances Damages	03/18/2015	2015
OIG-15-47	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at the United States Coast Guard (USCG). KPMG, LLP determined that USCG took corrective action over designing and consistently implementing certain account management and configuration management controls. However, KPMG, LLP continued to identify general information technology control deficiencies related to security management, logical access, configuration management, segregation of duties, and contingency planning for USCG’s core financial and feeder systems. Such control deficiencies limited USCG’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the United States Coast Guard Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/17/2015	2015
OIG-15-45	The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure alleging a sufficiently notorious convicted felon was improperly cleared for TSA PreCheck screening, creating a significant aviation security breach. The disclosure identified this event as a possible error in the TSA Secure Flight program since the traveler’s boarding pass contained a TSA PreCheck indicator and encrypted barcode. On October 16, 2014, OSC referred this allegation to the Secretary of Department of Homeland Security (DHS). The Department subsequently requested our assistance with this allegation. We determined that TSA did not grant the traveler TSA PreCheck screening through the TSA PreCheck Application Program or managed inclusion (MI). TSA granted the traveler TSA PreCheck screening through risk assessment rules in the Secure Flight program. >Allegation of Granting Expedited Screening through TSA PreCheck Improperly (Redacted)	03/16/2015	2015
OIG-15-44	The Office of Inspector General contracted with the independent accounting firm KPMG LLP to conduct an integrated audit of DHS’ fiscal year 2014 consolidated financial statements and internal control over financial reporting. The Management Letter contains 101 observations related to internal controls and other operational matters for management’s considerations. KPMG LLP noted deficiencies and needed improvements in certain processes. These deficiencies did not meet the criteria to be reported in the Independent Auditor’s Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, of November 14, 2014, included in DHS FY 2014 Agency Financial Report. Internal control deficiencies that meet the criteria were reported, as required, in the independent auditor’s report. >Management Letter for the FY 2014 DHS Financial Statements and Internal Control over Financial Reporting Audit	03/13/2015	2015
OIG-15-43	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at U.S. Citizenship and Immigration Services. KPMG, LLP determined that USCIS had made improvements in designing and consistently implementing controls related to reviewing audit logs and enforcing account security requirements. However, KPMG, LLP continued to identify access control deficiencies related to USCIS’s core financial system. Additionally, many key financial and feeder systems have not been substantially updated since being inherited from legacy agencies several years ago. Such control deficiencies have limited USCIS’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the U.S. Citizenship and Immigration Services Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/12/2015	2015
OIG-15-42	We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at U.S. Immigration and Customs Enforcement (ICE). KPMG, LLP determined that ICE had made improvements in designing and consistently implementing controls related to segregation of duties on financial system components and in addressing identified vulnerabilities. However, KPMG, LLP continued to identify general information technology controls deficiencies related to access controls and configuration management of ICE’s core financial system. Such control deficiencies limited ICE’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data. >Information Technology Management Letter for the Immigration Customs Enforcement Component of the FY 2014 Department of Homeland Security Financial Statement Audit	03/12/2015	2015
OIG-15-40-D	We reviewed $1,726,151 of costs the County claimed for one large project (Project 3095). This amount was $945,640 more than the $780,511 that FEMA initially authorized and obligated for the project. The County improperly claimed $945,640 more than the $780,511 that FEMA Region IX initially authorized to construct a wall to stabilize a damaged section of road. The County incurred the additional costs because, rather than adhere to the scope of work that FEMA authorized, it built a superior wall to lessen the susceptibility of damage that anticipated wildfires might cause in that location. FEMA Headquarters ultimately approved this funding and awarded the County both the initial $780,511 and an additional$945,640 for the already-completed project. However, FEMA Headquarters did not provide a reasonable justification for its decision and did not perform a benefit/cost analysis as required to fund mitigation measures. As a result, FEMA and taxpayers had no assurance that the mitigations work was cost effective, as Federal regulations and FEMA guidelines require. >FEMA Needs to Ensure the Cost Effectiveness of $945,640 that Los Angeles County, California Spent for Hazard Mitigation Under the Public Assistance Program	03/03/2015	2015
OIG-15-41	The United States Coast Guard (USCG) operates the Biometrics at Sea System (BASS) to collect biometric data from interdicted aliens. The biometrics are sent to the Department of Homeland Security’s (DHS) Automated Biometric Identification System (IDENT) to identify potential persons of interest, including suspected terrorists. We audited BASS interface with IDENT, security roles and responsibilities, and change control management. We determined that USCG did not have a routine reconciliation process to ensure that all biometrics that it captured on the 23 cutters are maintained in IDENT. Not ensuring reconciliation between the total biometrics USCG submitted and the number stored in IDENT may impede future identification of suspected terrorists, aggravated felons, or other individuals of interest. USCG also allowed application programmers with unrestricted system access to share passwords. The control weakness may result in individuals making unauthorized changes to the system without detection. Further, we determined that the authorization for the transition from the 2-fingerprint to 10-fingerprint application system was not properly documented and security documentation had not been updated. Without a proper authorization process, USCG could not provide assurance that senior executives approved the change prior to implementation. >The Security Posture of the United States Coast Guard's Biometrics At Sea System Needs Improvements	03/03/2015	2015
OIG-15-39	CBP did not effectively target and examine rail shipments entering the United States from Mexico and Canada. Specifically, U.S. Customs and Border Protection Officers (CBPO) did not always target shipments using the mandatory Automated Targeting System (ATS) targeting criteria. CBPOs also did not always use the required radiation detection equipment to examine high-risk shipments. Finally, CBPOs did not always record the results of their rail cargo examinations in the Cargo Enforcement Reporting and Tracking System (CERTS). CBPOs were unaware of the correct targeting criteria or inadvertently used inappropriate criteria. In addition, one port did not have the required radiation detection equipment for its rail team, and CBPOs at two other ports used Personal Radiation Detectors to examine shipments. Rail CBPOs also received insufficient training on the use of ATS and CERTS. Finally, Supervisory CBPOs did not provide sufficient oversight to ensure CBPOs followed CBP policy. As a result, CBP may have failed to target or properly examine rail shipments that were at an increased risk to contain contraband or dangerous materials. In addition, CBP has no assurance that decisions to release these high-risk shipments into U.S. commerce were appropriate. >U.S. Customs and Border Protection Did Not Effectively Target and Examine Rail Shipments From Canada and Mexico	03/02/2015	2015
OIG-15-38	We conducted an audit of S&T’s award and management of its contract with NVS Technologies, Inc. Although S&T properly awarded the contract, we identified deficiencies with S&T’s management of the contract. Specifically, program managers did not document contract oversight because S&T does not have adequate policies and procedures governing contract management. As a result, S&T may have wasted $23 million in incurred costs plus additional cost associated with contract termination. If program performance is not adequately documented, S&T may also have difficulty making well-informed decisions on all its contracts. >Science and Technology Directorate Needs to Improve Its Contract Management Procedures	02/27/2015	2015
OIG-15-37-D	Gwinnett County, Georgia (County) received an award of $6.3 million from the Georgia Emergency Management Agency (Georgia), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from a September 2009 flood. We audited projects totaling $4.6 million to determine whether the County accounted for and expended FEMA funds according to Federal requirements. For the projects we reviewed, the County generally accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. The County’s claim did include $87,208 of ineligible costs that insurance covered; however, this occurred because of a minor FEMA funding error. In addition, Georgia overpaid the County a total of $871,129 under several projects. Although these overpayments to the County do not affect the amount of obligated Federal funds, the County should return the excess funds to Georgia to be put to better use. >Gwinnett County, Georgia, Generally Accounted for and Expended FEMA Public Assistance Grant Funds According to Federal Requirements	02/20/2015	2015
OIG-15-35-D	The Imperial Irrigation District (District) received a $10.5 million award of Federal Emergency Management Agency (FEMA) Public Assistance grant funds for damages resulting from an April 2010 earthquake. We audited $7.8 million, or 74 percent of the total award. The District did not always account for and expend FEMA grant funds according to Federal requirements. The District awarded contracts totaling $3.6 million without taking the required affirmative steps to ensure the use of small and minority firms, women’s business enterprises, and labor surplus area firms when possible. As a result, FEMA has no assurance that these types of firms had opportunities to bid on Federal work as Congress intended. The District’s claim also included $45,408 of ineligible contract costs and $1,473 of unsupported equipment costs. In addition, FEMA should deobligate $2.5 million and put those funds to better use because the District completed disaster work and no longer needs those funds. >FEMA Should Recover $6.2 Million of Ineligible and Unused Grant Funds Awarded to the Imperial Irrigation District, California	02/13/2015	2015
OIG-15-34-D	Larimer County, Colorado (County) received a $22.5 million grant for damages from a September 2013 disaster. We conducted this audit early in the grant process to identify areas where the County may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The policies, procedures, and business practices of the County are not adequate to account for and expend Federal Emergency Management Agency (FEMA) grant funds according to all Federal requirements. As a result, the County is at risk of losing some or all of its FEMA-approved funding, which totaled $22.5 million as of June 2014. >Larimer County, Colorado, Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements	02/13/2015	2015
OIG-15-33	We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Management Act, we reviewed the Department’s security program including its policies, procedures, and system security controls for enterprise-wide intelligence systems. In doing so, we assessed the Department’s continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones for correcting information security weaknesses, contingency planning, and security capital planning . >Fiscal Year 2014 Evaluation of DHS' Compliance with Federal Information Security Management Act Requirements for Intelligence Systems	02/13/2015	2015
OIG-15-36	Evaluation of Alleged AUO Misuse at U.S. Customs and Border Protection, Office of Internal Affairs (OSC File No. DI-14-0666)	02/12/2015	2015
OIG-15-32	After an alteration of the BNSF Railway bridge (Burlington bridge) in Burlington, Iowa, was completed in 2012, the United States Coast Guard (Coast Guard) requested that we audit the sharing of costs, known as the final apportionment of cost, to determine its accuracy. Coast Guard could not provide proper documentation to support the final apportionment of cost for the Burlington bridge alteration, of which $74 million was allocated to the Coast Guard and $8 million to BNSF Railway (BNSF). Specifically, the Coast Guard did not properly document its review of the construction contractors who bid on the new bridge. In addition, the financial documentation for changes to originally planned work did not always support the cost of the work. The Coast Guard also did not have a process to evaluate and verify BNSF’s reported salvage value or expected savings in maintenance and repair costs. Based on our review of available documentation, we were unable to confirm either the Coast Guard’s or BNSF’s share of the final cost to alter the Burlington bridge. As a result, the Coast Guard cannot be certain it was appropriate to pay $74 million as the Federal share of the final cost of the bridge alteration. >United States Coast Guard's Alteration of the Burlington Bridge Project	02/11/2015	2015
OIG-15-21	The United States Secret Service’s acquisition management program office, established in 2011, has adequate oversight and management of its acquisition process, complies with DHS acquisition guidance, and has implemented some best practices. However, the Secret Service does not have its own guidance for acquisitions valued at less than $300 million and, at the time of our audit, the component did not have a designated Component Acquisition Executive. >The United States Secret Service Has Adequate Oversight and Management of its Acquisitions (Revised)	02/10/2015	2015
OIG-15-31	The U.S. Coast Guard’s Travel to Obtain Health Care program is intended to ensure U.S. Coast Guard (Coast Guard) members and their dependents have access to proper medical care while stationed in locations where access to specialty care may not be readily available. From October 2010 through June 2014, the Coast Guard spent almost $4.5 million on this program. We received allegations that unnecessary travel had been approved. As a result, we conducted this audit to determine if the program has sufficient controls to ensure travel is necessary. The program did not have sufficient controls to ensure that travel for medical purposes was necessary. The Coast Guard did not establish, distribute, or ensure implementation of clear policies and procedures for reviewing, approving, and maintaining program requests. Local offices were not provided criteria or training on how to evaluate the requests, did not document that travel was necessary, and did not adequately justify that the location for medical care was appropriate. Ninety-four percent of the records tested were missing essential information, such as physicians’ referrals and cost estimates. Without this information, approving officials may not have been able to evaluate whether the travel was necessary and cost effective. As a result, the Coast Guard may have approved requests for inappropriate health care travel, incurring unnecessary costs and lost productivity. >The U.S. Coast Guard Travel to Obtain Health Care Program Needs Improved Policies and Better Oversight	02/09/2015	2015
OIG-15-22	ICE’s Intensive Supervision Appearance Program offers alternatives to detention. We reviewed whether: (1) the rate at which individuals in the Intensive Supervision Appearance Program have absconded or committed criminal acts has been reduced since 2009; (2) ICE can improve the effectiveness of its alternatives to detention program, either by revising or expanding its Intensive Supervision Appearance Program contract, or through other cost-effective means; and (3) ICE’s Risk Classification Assessment is effective. According to U.S. Immigration and Customs Enforcement (ICE), the Intensive Supervision Appearance Program is effective because, using its performance metrics, few program participants abscond. However, ICE has changed how it uses the program and no longer supervises some participants throughout their immigration proceedings. As a result, ICE cannot definitively determine whether the Intensive Supervision Appearance Program has reduced the rate at which aliens, who were once in the program but who are no longer participating, have absconded or been arrested for criminal acts. ICE should adjust its performance metrics to reflect changes in its criteria for program participation. >U.S. Immigration and Customs Enforcement's Alternatives to Detention (Revised)	02/04/2015	2015
OIG-15-30-D	The City of Loveland, Colorado (City) received a $21.1 million grant for damages from a September 2013 disaster. We conducted this audit early in the grant process to identify areas where the City may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The City generally has established policies, procedures, and business practices to adequately account for and expend FEMA Public Assistance Program grant funds according to Federal regulations and FEMA guidelines. However, we identified areas related to accounting, procurement, and insurance in which the City needs to improve its procedures to ensure compliance with Federal requirements for the $21.1 million Federal disaster award. >The City of Loveland, Colorado, Could Benefit from Additional Assistance in Managing its FEMA Public Assistance Grant Funding	01/29/2015	2015
OIG-15-29	In October 2011, the Transportation Security Administration (TSA) introduced the TSA PreCheck initiative in response to congressional authorization to implement trusted passenger programs. TSA identifies low-risk passengers to receive expedited screening through TSA PreCheck lanes at airport security checkpoints. After initial implementation, Congress directed TSA to (1) certify by the end of December 2013 that 25 percent of air passengers are eligible for expedited screening without lowering security standards and (2) outline a strategy to increase the number of air passengers eligible for expedited screening to 50 percent by the end of December 2014. Our objectives were to determine: (1) what processes and procedures exist to ensure proper vetting of applicants; (2) how TSA assesses member continued eligibility; and (3) how TSA tests its processes for effectiveness and timeliness. As a concept, TSA PreCheck is a positive step towards risk-based security screening; however, TSA needs to modify TSA PreCheck vetting and screening processes. We also determined that TSACheckcommunication and coordination need improvement. We are making recommendations to assist TSA in correcting deficiencies to meet its expedited screening goals. >Security Enhancements Needed to the TSA PreCheck™ Initiative	01/28/2015	2015
OIG-15-27	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Coast Guard’s (Coast Guard) fiscal year 2014 Drug Control Performance Summary Report. Coast Guard management prepared the Performance Summary Report and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Performance Summary Report for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Coast Guard's FY 2014 Drug Control Performance Summary Report	01/26/2015	2015
OIG-15-25	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Customs and Border Protection’s (CBP) Detailed Accounting Submission. CBP management prepared the Table of fiscal year 2014 Drug Control Obligations (Table) and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Some of the assumptions CBP used for computing obligations by decision units are based on surveys completed in prior years. While CBP management represented that the assumptions used continue to be valid for purposes of computing obligations presented in the Table, KPMG was unable to perform review procedures supporting that representation. Based on its review, except for matters noted above, nothing came to KPMG LLP’s attention that caused it to believe that the Detailed Accounting Submission for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Customs and Border Protection's FY 2014 Detailed Accounting Submission	01/26/2015	2015
OIG-15-26	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Customs and Border Protection’s (CBP) fiscal year (FY) 2014 Drug Control Performance Summary Report. CBP management prepared the Performance Summary Report and related disclosures to comply with the requirements of ONDCP circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Performance Summary Report for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Customs and Border Protection's FY 2014 Drug Control Performance Summary Report	01/23/2015	2015
OIG-15-24	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Immigration and Customs Enforcement’s (ICE) Detailed Accounting Submission. ICE management prepared the Table of FY 2014 Drug Control Obligations and related disclosures to comply with the requirements of the Office of National Drug Control Policy’s ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Detailed Accounting Submission for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Immigration and Customs Enforcement's FY 2014 Detailed Accounting Submission	01/23/2015	2015
OIG-15-23	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Immigration and Customs Enforcement’s (ICE) fiscal year (FY) 2014 Drug Control Performance Summary Report. ICE management prepared the Performance Summary Report and related disclosures to comply with the requirements of ONDCP’s circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Performance Summary Report for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Immigration and Customs Enforcement's FY 2014 Drug Control Performance Summary Report	01/23/2015	2015
OIG-15-28	KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Coast Guard’s (Coast Guard) Detailed Accounting Submission. Coast Guard’s management prepared the Table of FY 2014 Drug Control Obligations and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary (Circular), dated January 18, 2013. Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Detailed Accounting Submission for the year ended September 30, 2014, is not presented, in all material respects, in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review. >Review of U.S. Coast Guard's FY 2014 Detailed Accounting Submission	01/23/2015	2015
OIG-15-08	Although Ohio took steps in recent years to improve its management of funds awarded under the HSGP, the Federal Emergency Management Agency (FEMA) cannot be assured that Ohio effectively managed grant funds from fiscal years (FY) 2010 through 2012. Specifically, Ohio needs to improve its performance measures, the accounting for grant funds, the timeliness of releasing funds to subgrantees, and its monitoring of subgrantees, including their procurement and property management practices. Although we identified many of these same challenges in two previous audits of Ohio’s management of HSGP funding, FEMA has not changed its oversight practices to target Ohio’s areas of repeated deficiencies. Ohio continues to disregard some Federal regulations and grant guidance. Consequently, the State may be limited in its ability to prevent, prepare for, protect against, and respond to natural disasters, acts of terrorism, and other manmade disasters. >Ohio’s Management of Homeland Security Grant Program Awards for Fiscal Years 2010 Through 2012 (Revised)	01/09/2015	2015
OIG-15-20	We conducted this evaluation in response to a whistleblower disclosure concerning employees in the U.S. Border Patrol’s (USBP) El Centro Sector Headquarters in El Centro, California. The whistleblower alleged that Border Patrol agents detailed to the El Centro Sector Headquarters as CrossFit instructors claim administratively uncontrollable overtime (AUO), but fail to perform duties that qualify for AUO. Border Patrol agents also serve as CrossFit instructors in seven other Border Patrol sector headquarters. Federal regulations allow agencies to pay AUO annually to employees in positions that require substantial amounts of irregular or occasional overtime work and in which the hours of duty cannot be controlled administratively. Employees must remain on duty not merely because it is desirable, but because of compelling reasons inherently related to continuance of their duties, and of such a nature that failure to carry on would constitute negligence. CrossFit is a fitness program that employs endurance and fast-switch strength movements as a form of physical conditioning. Eight USBP sectors include CrossFit classes in their physical fitness programs. Six of the eight sectors paid AUO to Border Patrol agents engaged as CrossFit instructors. AUO paid to Border Patrol agents for CrossFit instruction and related activities, such as gym maintenance and class preparation, was inconsistent with Federal AUO regulations. The hours of duty for CrossFit instruction and related activities could have been controlled administratively. In addition, CrossFit duties were not so compelling that failure to complete those duties would have constituted negligence. USBP discontinued AUO payments for CrossFit instruction and related activities in January 2014. >Evaluation of Alleged AUO Misuse by U.S. Border Patrol Agents Engaged as CrossFit Instructors	01/08/2015	2015
OIG-15-18	As part of our Technical Security Evaluation Program, we evaluated technical and information security policies and procedures of Department of Homeland Security components at the John F. Kennedy International Airport. Four Department components – the Transportation Security Administration, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, and U. S. Secret Service – operate information technology systems that support homeland security operations at this major airport. Our evaluation focused on how these components have implemented operational, technical, and management controls for computer security at the airport and nearby locations. We performed onsite inspections of the areas where these assets were located, interviewed departmental staff, and conducted technical tests of computer security controls. We also reviewed applicable policies, procedures, and other relevant documentation. The Department’s sensitive system security policies, the information technology security controls implemented at several sites had deficiencies that, if exploited, could have resulted in the loss of confidentiality, inte grity, and availability of the components’ information technology systems. >Audit of Security Controls for DHS Information Systems at John F. Kennedy International Airport (Redacted) (Revised)	01/07/2015	2015
OIG-15-17	We conducted this audit to determine the effectiveness and cost of the Unmanned Aircraft System program, in which U.S. Customs and Border Protection ( CBP) has invested significant funds. Although CBP’s Unmanned Aircraft System program contributes to border security, after 8 years, CBP cannot prove that the program is effective because it has not developed performance measures. The program has also not achieved the expected results. Specifically, the unmanned aircraft are not meeting flight hour goals, and we found little or no evidence CBP has met its program expectations. We estimate it costs $12,255 per flight hour to operate the program; CBP’s calculation of $2,468 per flight hour does not include all operating costs. By not recognizing all operating costs, CBP cannot accurately assess the program’s cost effectiveness or make informed decisions about program expansion. In addition, Congress and the public may be unaware of all the resources committed to the program. As a result, CBP has invested significant funds in a program that has not achieved the expected results, and it cannot demonstrate how much the program has improved border security. The $443 million CBP plans to spend on program expansion could be put to better use by investing in alternatives. >U.S. Customs and Border Protection's Unmanned Aircraft System Program Does Not Achieve Intended Results or Recognize All Costs of Operations	12/24/2014	2015
OIG-15-19-D	We received two Office of Inspector General (OIG) Hotline complaints about insurance reviews of Florida disaster assistance applicants. In addition, three OIG audits of Florida grant recipients raised similar concerns. The quality of FEMA’s insurance reviews in Florida was not adequate to maximize insurance available under applicants’ policies and to ensure that duplication of benefits did not occur. FEMA’s Florida Recovery Office knew about these deficiencies in its insurance review process but did not correct them. As a result, FEMA may have funded up to $177 million that insurance should have covered. >FEMA Insurance Reviews of Applicants Receiving Public Assistance Grant Funds for 2004 and 2005 Florida Hurricanes Were Not Adequate	12/18/2014	2015
OIG-15-13	In most instances, the CBP Miami Field Office complied with CBP policies and procedures. We found only minor deficiencies in CBP Miami Field Office operations for cargo targeting and seized asset management. For passenger screening, Miami International Airport leveraged an existing system to track passengers who have records for violations of laws or other significant events. Other Miami Field Office ports of entry could benefit from this “one-stop system” that would allow them to document, monitor, and report on targeting passengers in real time. The field office could improve the consistency of its recordkeeping for changes to the biometric watchlist. Also, the CBP Miami Field Office needs to improve its compliance with safeguards for using high security bolt seals during cargo screening. Lastly, the CBP Miami Field Office needs to update its policy and procedures for agriculture inspections so they align with current U.S. Department of Agriculture procedures. >Inspection of U.S. Customs and Border Protection Miami Field Office Ports of Entry	12/18/2014	2015
OIG-15-16	We reviewed Department of Homeland Security’s (DHS) information security program in accordance with the Federal Information Security Management Act of 2002 (FISMA). Our objective was to determine whether DHS’ information security program is adequate, effective, and in compliance with FISMA requirements. DHS has taken steps to improve its information security program. For example, DHS expanded the ongoing authorization program to improve the security of its information systems through a revised risk management approach. Additionally, DHS developed and implemented the Fiscal Year 2014 Information Security Performance Plan, which defines the performance requirements, priorities, and overall goals for the Department. DHS has also taken actions to address the President’s cybersecurity priorities, which include the implementation of trusted internet connections, continuous monitoring of the Department’s information systems, and strong authentication. While these efforts have resulted in some improvements, Components are not consistently following DHS’ policies and procedures to update the system inventory and plan of action and milestones in the Department’s enterprise management systems. Further, Components continue to operate systems without the proper authority. >Evaluation of DHS' Information Security Program for Fiscal Year 2014	12/12/2014	2015
OIG-15-15-D	The Gulf Coast Mental Health Center (Center) received an award of $2.1 million from the Mississippi Emergency Management Agency, a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Katrina, which occurred in August 2005. Our audit objective was to determine whether the Center accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. The Center generally accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. However, we identified $61,200 of duplicate benefits for costs recoverable from another source. This amount represented about 4 percent of the $1.4 million we reviewed for five projects. >Gulf Coast Mental Health Center, Mississippi, Generally Accounted for and Expended FEMA Public Assistance Grant Funds According to Federal Requirements	12/09/2014	2015
OIG-15-11	The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure concerning employees at U.S. Customs and Border Protection’s (CBP) National Targeting Center–Cargo, in Herndon, Virginia and the National Targeting Center– Passenger, in Reston, Virginia. The whistleblower alleged that employees in both locations regularly claim administratively uncontrollable overtime (AUO), but fail to perform duties that qualify for AUO. OSC referred this allegation to DHS Acting Secretary Rand Beers. The Department subsequently requested our assistance with this allegation and several other AUO-related allegations from other DHS components. We assembled a taskforce of auditors, program analysts, investigators, and attorneys to review these allegations. Federal regulations allow agencies to pay AUO annually to employees in positions that require substantial amounts of irregular or occasional overtime work and in which the hours of duty cannot be controlled administratively. The National Targeting Center did not have sufficient AUO documentation to allow us to specifically identify a violation of law, rule, or regulation. However, most of the tasks employees performed during AUO hours appear to have been administratively controllable. >Evaluation of Alleged AUO Misuse at U.S. Customs and Border Protection's National Targeting Center	12/02/2014	2014
OIG-15-14	This report responds to the annual reporting requirement and summarizes 18 audits completed in fiscal year 2014. The audits included about $447 million in State Homeland Security Program and Urban Areas Security Initiative grants awarded by the Federal Emergency Management Agency (FEMA) to 13 states, 4 territories, and the District of Columbia during 3-year periods between fiscal years 2009 and 2012. During fiscal year 2014, we issued reports for Alabama, Alaska, American Samoa, Delaware, District of Columbia, Guam, Hawaii, Idaho, Iowa, Maine, New Hampshire, North Dakota, Northern Mariana Islands, Oregon, Puerto Rico, South Dakota, Vermont, and Wyoming. In most instances, the states and urban areas administered grant programs efficiently and effectively and in compliance with grant guidance and regulations. We also identified one innovative practice that other jurisdictions could consider using. We identified two major areas for improvement: strategic planning and oversight of grant activities. We also identified about $14.5 million in questioned costs. >Annual Report to Congress on States’ and Urban Areas’ Management of Homeland Security Grant Programs Fiscal Year 2014	12/01/2014	2015
OIG-15-12-D	The District received a Public Assistance grant award of $4.9 million for damages resulting from Hurricane Katrina, which occurred in August 2005. Our audit objective was to determine whether the District accounted for and expended FEMA grant funds according to Federal regulations and FEMA guidelines. For the projects we reviewed, the Gulfport School District, Mississippi, (District) properly accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. >Gulfport School District, Mississippi, Properly Accounted for and Expended FEMA Public Assistance Grant Funds Awarded for Hurricane Katrina Damages	11/18/2014	2015
OIG-15-09	We have identified major challenges that affect both the Department as a whole, as well as individual components. DHS must continually seek to integrate management operations under an authoritative governing structure capable of effectively overseeing and managing programs that cross component lines. DHS’ mission to protect the Nation from domestic and international threats and respond to natural and manmade disasters is further challenged by the unpredictable nature of these hazards. DHS must overcome the challenges inherent with uniting the Department under the Secretary’s Unity of Effort Initiative, as well as those over which it has little control. This year, we are reporting the Department’s major challenges in the following areas: (1) DHS Operations Integration, (2) Acquisition Management, (3) Financial Management, (4) IT Management and Privacy Issues, (5) Transportation Security, (6) Border Security and Immigration Enforcement. (7) Grants Management, (8) Employee Accountability and Integrity, (9) Infrastructure Protection, Cybersecurity, and Insider Threat >Major Management and Performance Challenges Facing the Department of Homeland Security	11/14/2014	2015
OIG-15-10	The independent public accounting firm, KPMG LLP, has issued an unmodified (clean) opinion on the Department of Homeland Security's (DHS) consolidated financial statements. In the independent auditors’ opinion, the financial statements present fairly, in all material respects, the financial position of DHS as of September 30, 2014. >Independent Auditors' Report on DHS' FY 2014 Financial Statements and Internal Control over Financial Reporting	11/14/2014	2015
OIG-15-07	The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure concerning U.S. Customs and Border Protection’s Ysleta Border Patrol Station (Ysleta Station) in El Paso, Texas. The whistleblower alleged that supervisors and border patrol agents at the Ysleta Station claim administratively uncontrollable overtime (AUO), but fail to perform duties that qualify for AUO. The whistleblower also alleged that supervisors at the Ysleta Station authorize AUO to compensate injured agents who are assigned administrative duties and are not working overtime hours. OSC referred this allegation to DHS Acting Secretary Rand Beers. The Department subsequently requested our assistance with this allegation and several other AUO-related allegations from other DHS components. We assembled a taskforce of auditors, program analysts, investigators, and attorneys to review these allegations. Federal regulations allow agencies to pay AUO annually to employees in positions that require substantial amounts of irregular or occasional overtime work and in which the hours of duty cannot be controlled administratively. Ysleta Station did not have sufficient AUO documentation to allow us to specifically identify a violation of law, rule, or regulation. However, most activities that second-line supervisory border patrol agents performed during AUO hours and some activities that first-line supervisory agents and nonsupervisory agents performed appear to have been administratively controllable. We did not find evidence to substantiate that Ysleta Station agents who sustained work-related injuries were paid AUO improperly. >Evaluation of Alleged AUO Misuse at U.S. Border Patrol, Ysleta Station	11/04/2014	2015
OIG-15-06-D	Between 1994 and 2013, FEMA operated seven Long Term Recovery Offices. FEMA obligated and spent more than $4 billion in administrative costs and more than $1 billion in salaries for these offices. Our audit objective was to determine whether FEMA’s policies, procedures, and performance measures for establishing, operating, and closing Long Term Recovery Offices meet Federal statutes and are consistently applied. FEMA does not track costs or data associated with performance measures for Long Term Recovery Offices. Without tracking costs or data, FEMA cannot determine whether these offices are cost effective. FEMA establishes, operates, and closes Long Term Recovery Offices without standardized policies, procedures, and performance measures. Without these controls in place, FEMA is at risk for mismanagement of Federal disaster funds and cannot ensure consistency in establishing and managing these offices. Correcting these deficiencies will provide FEMA the information and guidance it needs to determine whether Long Term Recovery Offices are cost effective. In addition, FEMA can better ensure consistency in establishing and managing these offices. >FEMA Needs To Track Performance Data and Develop Policies, Procedures, and Performance Measures for Long Term Recovery Offices	10/30/2014	2015
OIG-15-05	The Coast Guard has undertaken a project to modernize information technology onboard certain ships and aircraft. This technology is referred to collectively as Command, Control, Communication, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) systems. The C4ISR project is a major information technology investment with an acquisition life cycle cost of $1.5 billion through fiscal year 2026. The Coast Guard has implemented information technology systems that effectively support the mission needs of some ships and aircraft. Specifically, the systems have met overall performance requirements and have improved operational capabilities, including increased situational awareness, better communication within the Coast Guard and with its partners, and enhanced sensor capabilities. The Coast Guard, however, has not carried out some planned system enhancements that were necessary to support mission needs of certain aircraft and legacy ships. These enhancements were not carried out because of significant budget reductions. Revised plans do not fully address how the Coast Guard will meet the critical technology needs of these aircraft and legacy ships. As a result, these ships and aircraft continue to rely on obsolete technology which impacts mission performance and makes operations and maintenance more difficult and costly. >U.S. Coast Guard Command, Control, Communication, Computers, Intelligence, Surveillance, and Reconnaissance Modernization	10/28/2014	2015
OIG-15-04-IQO	The Office of Integrity and Quality Oversight, Investigations Quality Assurance Division conducted an oversight review of the Federal Law Enforcement Training Center, Office of Professional Responsibility from June 2014 to August 2014. The review covered OPR activity from October 1, 2011, (FY 2012) to June 1, 2014 (FY 2014). We found that the Office of Professional Responsibility generally complied with applicable directives, policies, guidelines, and investigative standards. We observed commendable practices with the thoroughness of investigations, the quality of reports, and the productive relationships maintained with operational entities within the Federal Law Enforcement Training Center. We found particular issues with the agency’s underreporting of complaints to the Office of Inspector General, the absence of annual Law Enforcement Availability Pay documentation and certifications, and weaknesses in safeguarding evidence. We made 21 recommendations to the Office of Professional Responsibility Division Chief who agreed with them in whole or in part. There are no open recommendations in this report. >Oversight Review of the Department of Homeland Security Federal Law Enforcement Training Center Office of Professional Responsibility	10/20/2014	2015
OIG-15-03-D	The County received over $24 million in Public Assistance awards for three federally declared flooding events. Our objective was to determine whether the County accounted for and expended FEMA grant funds according to Federal regulations and FEMA guidelines. The County has procedures in place to account for disaster-related costs on a project-by-project basis. The County however, has completed very little of the work FEMA approved for the three federally declared disasters. At the time of our field work, the County did not have sufficient records available for us to determine whether the County is fully capable of managing the three Federal grants. >The State of North Dakota Needs to Assist Ramsey County in Completing $24 Million of FEMA Public Assistance Projects for Three Federally Declared Disasters that Occurred in 2009–2011	10/15/2014	2015
OIG-15-01-D	The Administrators of the Tulane Educational Fund(Tulane) received a Federal Emergency Management Agency (FEMA) Public Assistance award of $291.9 Million for damages caused by Hurricane Katrina in August 2005. The objective our audit was to determine whether Tulane accounted for and expended the FEMA grant funds correctly. Tulane’s contractor could not support or justify $13.0 million of the $36.1 million (gross) that we audited. These findings occurred because (1) the contractor could not show that it actually incurred the costs that it billed Tulane; (2) Tulane did not ensure that its contractor’s billings were valid, eligible, and supported; and (3) Louisiana, as the grantee, did not effectively execute its responsibilities to ensure compliance with Federal regulations and FEMA guidelines. >FEMA Should Recover $13 Million of Grant Funds Awarded to The Administrators of the Tulane Educational Fund, New Orleans, Louisiana	10/08/2014	2015
OIG-15-02-D	The Hospital received an award of $110 million from the Indiana Department of Homeland Security, a FEMA grantee, for damages caused by severe storms and flooding that occurred May 30, through June 27, 2008. Our objective of the audit was to determine whether the Hospital accounted for and expended FEMA grant funds according to federal regulations and FEMA guidelines. Columbus Regional Hospital, Columbus Indiana, (Hospital) generally accounted for FEMA projects on a project-by-project basis as Federal regulations and FEMA guidelines require. However, the Hospital’s claim included ineligible costs. >FEMA Should Recover $3 Million of Ineligible Costs And $4.3 Million of Unneeded Funds from the Columbus Regional Hospital	10/08/2014	2015
OIG-14-151	We audited the Federal Emergency Management Agency’s (FEMA) Logistics Supply Chain Management System program. According to FEMA, the Logistics Supply Chain Management System replaced its earlier logistics operations systems to automate and track distribution better and deliver emergency supplies more dependably. FEMA also intended for the system to help track supplies provided by partners in other Federal agencies; nongovernmental organizations; state, local, and tribal governments; and the private sector. Our audit objective was to determine whether FEMA’s Logistics Supply Chain Management System is able to support Federal logistics operations effectively in the event of a catastrophic disaster. After spending about $247 million over 9 years, FEMA cannot be certain that its supply chain management system will be effective during a catastrophic disaster. FEMA estimated that the life cycle cost of the system would be about $556 million—$231 million more than the original life cycle cost estimate. According to FEMA, the Logistics Supply Chain Management System became fully operational in January 2013, which was about 19 months behind schedule. However, the system could not perform as originally planned. Specifically, it cannot interface with the logistics management systems of FEMA’s partners, nor does FEMA have real time visibility over all supplies shipped by its partners. As of March 2014, the Logistics Supply Chain Management System still had not achieved full operational capability. We attribute these deficiencies to inadequate program management and oversight by the Department of Homeland Security (DHS) and FEMA. As a result, FEMA may not be able to efficiently and effectively aid survivors of catastrophic disaster. >FEMA’s Logistics Supply Chain Management System May Not Be Effective During a Catastrophic Disaster	09/22/2014	2014

Return to top of page