Information Technology Management Letter for the Office of Financial Management and Office of Chief Information Officer Components of the FY 2014 Department of Homeland Security Financial Statement Audit

We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at DHS’ Office of Financial Management and Office of Chief Information Officer. KPMG, LLP continued to identify deficiencies related to access controls and vulnerability management controls of DHS’ core financial system. Inadequate protection of DHS information systems and data from those without a need to know or a need for access puts DHS’ sensitive electronic and physical data at risk of loss, theft, or misuse.