Audits, Inspections, and Evaluations

Report Number	Title Sort descending	Issue Date	Fiscal Year
OIG-18-56	We reviewed DHS’ information security program in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). Our objective was to determine whether DHS’ information security program and practices were adequate and effective in protecting the information and information systems that supported DHS’ operations and assets in fiscal year 2017. >Evaluation of DHS' Information Security Program for Fiscal Year 2017	03/01/2018	2018
OIG-19-60	DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process. >Evaluation of DHS' Information Security Program for Fiscal Year 2018	09/19/2019	2019
OIG-20-77	Evaluation of DHS' Information Security Program for Fiscal Year 2019	09/30/2020	2020
OIG-21-72	In May 2020, the Deputy Under Secretary for Management formally documented the Department’s risk acceptance to allow the Coast Guard to meet FISMA requirements according to Department of Defense, rather than DHS’ reporting requirements. The Deputy Under Secretary for Management’s decision adversely affected our ability to evaluate the Department’s enterprise-wide information program under this year’s OIG reporting metrics. Nonetheless, when evaluating the overall effectiveness of DHS’ information security program for FY 2020 FISMA, our rating does not include the Coast Guard. DHS’ information security program earned a maturity rating of “Managed and Measurable” (Level 4) in three of five functions. DHS can further improve the effectiveness of its information security program by ensuring components execute all its policies and procedures. We made four recommendations in our report, with one to the DHS Chief Information Officer, one to the S&T Chief Information Officer, one to the Secret Service Chief Information Officer, and one to the FEMA Chief Information Officer. The Department concurred with all four recommendations. >Evaluation of DHS' Information Security Program for Fiscal Year 2020	09/29/2021	2021
OIG-22-55	Evaluation of DHS' Information Security Program for Fiscal Year 2021	08/01/2022	2022
OIG-10-112	>Evaluation of DHS' Security Program and Practices for Its Intelligence Systems for Fiscal Year 2010 (CONFIDENTIAL)	08/25/2010	2010
OIG-06-13	Evaluation of DHS' Security Program and Practices For Its Intelligence Systems, Unclassified Summary	12/01/2005	2006
OIG-07-75	Evaluation of DHS's Security Program and Practices For Its Intelligence Systems For Fiscal Year 2007 (Unclassified Summary)	09/01/2007	2007
OIG-11-113	>Evaluation of DHS’ Information Security Program for Fiscal Year 2011	09/27/2011	2011
OIG-13-04	We conducted an independent evaluation of the Department of Homeland Security (DHS) information security program and practices to comply with the requirements of the Federal Information Security Management Act. In evaluating DHS’ progress in implementing its agency-wide information security program, we specifically assessed the Department’s plans of action and milestones, security authorization processes, and continuous monitoring programs. We performed fieldwork at both the program and component levels. >Evaluation of DHS’ Information Security Program for Fiscal Year 2012	10/24/2012	2013
OIG-14-09	We conducted an independent evaluation of the Department of Homeland Security (DHS) information security program and practices to comply with the requirements of the Federal Information Security Management Act. In evaluating DHS’ progress in implementing its agency-wide information security program, we specifically assessed the Department’s plans of action and milestones, security authorization processes, and continuous monitoring programs >Evaluation of DHS’ Information Security Program for Fiscal Year 2013	11/21/2013	2014
OIG-08-87	Evaluation of DHS’ Security Program and Practices for its Intelligence Systems for Fiscal Year 2008 Unclassified Summary	08/01/2008	2008
OIG-17-68	KPMG LLP, under contract with DHS OIG, audited Federal Law Enforcement Training Centers’ financial statements and internal control over financial reporting. The resulting management letter discusses three observations related to internal control for management’s consideration. The auditors identified internal control deficiencies across multiple processes including financial system reconciliation; review and approval of intra-governmental payment and collection expenses; and improper allocation of gross costs on the Statement of Net Cost and footnote. These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report, dated November 13, 2016, included in the DHS FY 2016 Agency Financial Report. >Federal Law Enforcement Training Centers' Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit	06/13/2017	2017
OIG-16-74	The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. For >Federal Law Enforcement Training Centers' Management Letter for DHS' FY 2015 Financial Statements Audit	04/27/2016	2016
OIG-07-05	Federal Protective Service Needs To Improve its Oversight of the Contract Guard Program,	10/30/2006	2007
OIG-12-91	>FEMA’s Efforts To Recoup Improper Payments in Accordance with the Disaster Assistance Recoupment Fairness Act of 2011 (2)	06/22/2012	2012
OIG-12-23	>Fire Station Construction Grants Funded by the American Recovery and Reinvestment Act of 2009	01/03/2012	2012
OIG-14-29	Under the Charge Card Act and OMB Memorandum M‐13‐21, Implementation of the Government Charge Card Abuse Prevention Act of 2012, our office is required to conduct periodic risk assessments of agency purchase cards (including convenience checks), combined integrated card programs, and travel card programs to analyze the risks of illegal, improper, or erroneous purchases and payments. Inspectors General (IGs) will use these risk assessments to determine the necessary scope, frequency, and number of IG audits or reviews of these programs. Also, we are required to report to the Director of OMB 120 days after the end of each fiscal year on the Department’s progress in implementing audit recommendations, and beginning with fiscal year (FY) 2013, the submission is due by January 31, 2014. This report satisfies the reporting requirement for FY 2013. >Fiscal Year 2013 Risk Assessment of DHS Charge Card Abuse Prevention Program	01/29/2014	2014
OIG-15-117	The Government Charge Card Abuse Prevention Act of 2012 requires the Office of Inspector General to conduct an annual risk assessment on agency charge card programs. We conducted this audit to determine whether the Department of Homeland Security (DHS) implemented sufficient internal controls to prevent illegal, improper, or erroneous purchases and payments. DHS conducts a large volume of business using government charge cards each fiscal year. In fiscal years 2012 through 2014, DHS had more than $400 million per year in purchase and travel card transactions. DHS did not ensure components established documented procedures to comply with DHS requirements on charge card use. In addition, DHS components did not have sufficient oversight plans to prevent improper use of charge cards. As a result, there remains a moderate level of risk that DHS’ internal controls will not prevent illegal, improper, or erroneous purchases. >Fiscal Year 2014 Assessment of DHS Charge Card Program Indicates Moderate Risk Remains	07/31/2015	2015
OIG-16-15	We reviewed the Department of Homeland Security’s (DHS) information security program for intelligence systems in accordance with the Federal Information Security Modernization Act. The objective of our review was to determine whether DHS’ information security program and practices are adequate and effective in protecting the information and the information systems that support DHS’ intelligence operations and assets. We assessed DHS programs for continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones, remote access management, contingency planning, and contractor systems. >Fiscal Year 2015 Evaluation of DHS' Compliance with FISMA Requirements for Intelligence Systems	12/14/2015	2016
OIG-16-129	The Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) requires the Office of Inspector General to conduct an annual risk assessment on agency charge card programs. We conducted this risk assessment to determine whether the Department of Homeland Security implemented sufficient internal controls to prevent illegal, improper, and erroneous purchases and payments. >Fiscal Year 2015 Risk Assessment of the DHS Bank Card Program Indicates Moderate Risk	09/02/2016	2016
OIG-18-57	The Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) requires the Office of Inspector General to conduct an annual risk assessment and periodic audits on agency charge card programs. We conducted this audit to determine whether the Department of Homeland Security implemented internal controls to prevent illegal, improper, and erroneous purchases and payments. During fiscal year 2016, DHS reported spending approximately $1.2 billion in purchase, travel, and fleet card transactions. Although the Department has established internal controls for its charge card programs, the components we reviewed did not always follow DHS’ procedures. Our testing results of purchase, travel, and fleet card transactions revealed internal control weaknesses. Specifically, we found major internal control weaknesses that persisted at the United States Coast Guard and some control weaknesses within CBP’s Fleet Card Program. >Fiscal Year 2016 Audit of the DHS Bankcard Program Indicates Moderate Risk Remains	03/06/2018	2018
OIG-18-59	Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. Since our FY 2016 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices. In addition, the United States Coast Guard is in the process of migrating its intelligence users to a system that is jointly managed by the Defense Intelligence Agency and the National Geospatial Agency. >Fiscal Year 2017 Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems	04/10/2018	2018
OIG-21-73	FLETC implemented robust protocols to respond to and mitigate COVID-19 at its Glynco training facility. Before reopening in June 2020, FLETC developed a formal plan to resume in-person training. Through this plan, along with other policies and procedures, FLETC established protocols in accordance with Centers for Disease Control and Prevention guidance and medical expertise. DHS students and component officials we spoke with confirmed that these protocols were in place and told us that, overall, they were effective. However, they also raised concerns related to students socializing inappropriately, and not following some requirements such as mask-wearing. In instances such as these, FLETC was largely reliant on students’ home agencies to take action to reinforce compliance among their students with safety protocols, or to take disciplinary action, if necessary. As a result of its measures, FLETC’s rate of positive COVID-19 tests was lower than that of its surrounding county. We also found, however, that FLETC did not always follow its own protocols for housing assignments related to COVID-19. For example, some students who were not positive for COVID-19 or were not quarantined for exposure to COVID-19 were still housed in the isolation dormitory. Some of the students we spoke with who were incorrectly assigned to the isolation dormitory told us that they did not feel safe. We made one recommendation to the FLETC Director to improve COVID-19 student-housing protocols. FLETC concurred with the recommendation. >FLETC's Actions to Respond to and Manage COVID-19 at its Glynco Training Center	09/30/2021	2021
OIG-06-29	FPS Related Funds Transferred From GSA to DHS, March 2006	03/01/2006	2006
OIG-09-72	>FY 08 Performance Audit Auditability Assessment of DHS' Budgetary Accounts	05/27/2009	2009
OIG-07-20	FY 2006 Audit of DHS' Internal Control Over Financial Reporting,	11/15/2006	2007
OIG-08-13	FY 2007 Audit of DHS' Internal Control Over Financial Reporting	11/15/2007	2008
OIG-09-10	FY 2008 Audit of DHS' Internal Control Over Financial Reporting	11/14/2008	2009
OIG-21-51	In FY 2018, S&T did not always adhere to DHS and internal purchase card policies and procedures. Of 421 purchase card transactions selected for review, we identified 394 transactions that did not have required supporting documentation, separation of key transaction duties, approvals and other required signatures, or compliance with other risk-based procedures. According to S&T officials, these issues were due to shortfalls in program oversight and training, as well as outdated policy. We identified $63,213 in questionable costs associated with purchase card transactions. We made four recommendations to improve S&T’s adherence to DHS policies and procedures for its Bankcard Program. S&T concurred with the four recommendations. >FY 2018 Audit of Science and Technology Bankcard Program Indicates Risks	07/27/2021	2021
OIG-06-38	Homeland Security Information Network Could Support Information Sharing More Effectively	06/01/2006	2006
OIG-13-98	The Homeland Security Information Network is a secure, unclassified Internet portal that enables information sharing and collaboration across the homeland security enterprise. In 2006 and 2008, we reported on challenges that the Department of Homeland Security (DHS) faced to define the system’s role, meet user requirements, provide user support, and increase system use. We conducted a followup audit of this system to determine the progress made and the system’s effectiveness in supporting information sharing among select stakeholders. >Homeland Security Information Network Improvements and Challenges	06/13/2013	2013
OIG-07-15	Implementation Challenges Remain in Securing DHS Components' Intelligence Systems, Unclassified Summary,	12/01/2006	2007
OIG-06-63	Improved Administration Can Enhance Science and Technology Classified Laptop Computer Security, , Unclassified Summary	09/01/2006	2006
OIG-06-05	Improved Security Required for DHS Networks (Redacted)	11/01/2005	2006
OIG-04-30	Improvements Needed to DHS' Information Technology Management Structure, July 2004	07/01/2004	2004
OIG-17-101	We determined that DHS had only approved implementation plans for 4 of 23 strategic objectives of the Enterprise Data Strategy, and planned to finalize the remaining plans in late FY 2017. While we found that DHS had taken some effective actions to coordinate component investments in data sharing and management, component officials identified other ways that DHS could improve by coordinating Enterprise-wide tools and data integration efforts. We recommended that DHS take actions to finalize implementation plans for the remaining 19 strategic objectives by the end of FY 2017, and work with components to identify and provide the training for Enterprise-wide data analysis and management tools. We made two recommendations and Intelligence and Analysis and the Office of the Chief Information Officer concurred with both of our recommendations. >Improvements Needed to Promote DHS Progress toward Accomplishing Enterprise-wide Data Goals	08/14/2017	2017
OIG-19-50	Inadequate Oversight of Low Value DHS Contracts	07/02/2019	2019
OIG-04-27	Inadequate Security Controls Increase Risks to DHS Wireless Networks, June 29, 2004	06/01/2004	2004
OIG-09-09	Independent Auditor's Report on DHS FY 2008 Financial Statements	11/15/2008	2009
OIG-08-12	Independent Auditor's Report on DHS' FY 2007 Financial Statement	11/15/2007	2008
OIG-08-17	Independent Auditor's Report on DHS' FY 2007 Special-Purpose Financial Statements	11/30/2007	2008
OIG-10-18	Independent Auditor's Report on DHS' FY 2009 Special-Purpose Financial Statements	11/16/2009	2010
OIG-09-67	>Independent Auditor's Report on Review of Department of Homeland Security Implementation of OMB Circular No. A-123	05/18/2009	2009
OIG-04-10	Independent Auditors' Report on DHS' Financial Statements, February 13, 2004	01/30/2004	2004
OIG-05-05	Independent Auditors' Report on DHS' FY 2004 Financial Statements	12/01/2004	2005
OIG-06-09	Independent Auditors' Report on DHS' FY 2005 Statements	11/01/2005	2006
OIG-07-10	Independent Auditors' Report on DHS' FY 2006 Financial Statements,	11/15/2006	2007
OIG-10-11	Independent Auditors' Report on DHS' FY 2009 Financial Statements and Internal Control Over Financial Reporting	11/13/2009	2010
OIG-11-09	Independent Auditors' Report on DHS' FY 2010 Financial Statements and Internal Control over Financial Reporting	11/12/2010	2011

Return to top of page