We determined that most of the deficiencies identified by the independent public accounting firm KPMG resulted from a lack of properly documented, fully designed, adequately detailed, and consistently implemented financial system controls to comply with requirements of DHS Sensitive Systems Policy Directive 4300 A, Information Technology Security Program, and National Institute of Standards and Technology guidance.  The deficiencies collectively limited DHS’ ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommended that the Acting Chief Information Officer and Chief Financial Officer, in coordination with DHS components, make improvements to DHS’ financial management systems and associated information technology security program.