Information Technology Management Letter for the Federal Law Enforcement Center Component of the FY 2015 Department of Homeland Security Financial Statement Audit

We contracted with the independent public accounting firm KPMG, LLP to perform the audit the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2015. KPMG evaluated select general information technology controls (GITCs), entity level controls, and business process application controls at the Federal Law Enforcement Training Center (FLETC). KPMG determined that FLETC took corrective action to address certain prior IT control deficiencies. For example, FLETC made improvements by designing and consistently implementing controls related to the separation and termination of contractors. However, KPMG continued to identify GITC deficiencies related to access controls and configuration management for FLETC’s core financial systems. The conditions supporting our findings collectively limited FLETC’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.