Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Fiscal Year
OIG-13-28 We have reviewed the accompanying Table of Prior Year Drug Control Obligations of the U.S. Department of Homeland Security’s (DHS) Federal Law Enforcement Training Center (FLETC) for the year ended September 30, 2012. We have also reviewed the accompanying statement that full compliance with the Office of National Drug Control Policy (ONDCP) Circular, Drug Control Accounting, dated May 1, 2007 (the Circular) would constitute an unreasonable burden (Unreasonable Burden Statement). FLETC’s management is responsible for the preparation of the Table of Prior Year Drug Control Obligations and the Unreasonable Burden Statement (collectively the Alternative Report).

>Independent Review of the Federal Law Enforcement Training Center’s Reporting of FY 2012 Drug Control Obligations 		2013
OIG-13-39 This transition allowed remote control of processes and exposed industrial control systems to cyber security risks that could be exploited over the Internet. The National Cybersecurity and Communications Integration Center, a division of the Office of Cybersecurity and Communications within the National Protection and Programs Directorate (NPPD), is the operational arm of NPPD and is responsible for providing full-time monitoring, information sharing, analysis, and incident response capabilities to protect Federal agencies’ networks and critical infrastructure and key resources, such as industrial control systems.

>DHS Can Make Improvements to Secure Industrial Control Systems 		2013
OIG-13-55 In December 2011, a limited distribution internal memorandum was leaked to news media. This document disclosed allegations of employee misconduct and inadequate performance, as well as misuse of funds and ineffective hiring within DHS’ Chemical Facility Anti-Terrorism Standards Program. In February 2012, former Chairman Lungren, of the House Committee on Homeland Security, Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, requested that we review these issues. In April 2012, Ranking Member Waxman, of the House Committee on Energy and Commerce, also requested that we review the challenges facing the program. We consolidated both requests into one review.

>Effectiveness of the Infrastructure Security Compliance Division's Management Practices to Implement the Chemical Facility Anti-Terrorism Standards Program 		2013
OIG-13-56 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>Federal Law Enforcement Training Center’s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-61 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>Office of Health Affairs’ Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-62 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012, and the related statements of net cost, changes in net position, and custodial activity, and combined statement of budgetary resources for the year then ended (referred to as the “fiscal year (FY) 2012 financial statements”). We were also engaged to audit the Department’s internal control over financial reporting of the FY 2012 financial statements. The objective of our audit engagement was to express an opinion on the fair presentation of the FY 2012 financial statements and the effectiveness of internal control over financial reporting of the FY 2012 financial statements.

>Information Technology Management Letter for the Federal Law Enforcement Training Center Component of the FY 2012 Department of Homeland Security Financial Statement Audit 		2013
OIG-13-71 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>Domestic Nuclear Detection Office’s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-67 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>National Protection and Programs Directorate’s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-70 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>The Office of Financial Management’s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-69 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established n Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>Science and Technology Directorate’s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-76 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>Office of Intelligence and Analysis’ Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-95 The National Protection and Programs Directorate (NPPD), which is primarily responsible for fulfilling DHS security missions, assumed this responsibility for the Department. Subsequent to the President’s issuance of Executive Order 13618 in July 2012, NPPD’s Office of Cybersecurity and Communications was reorganized in an effort to promote security, resiliency, and reliability of the Nation’s cyber and communications infrastructure.

>DHS Can Take Actions To Address Its Additional Cybersecurity Responsibilities 		2013
OIG-14-55 The Office of the Chief Information Officer (OCIO) is implementing two systems to enhance telework in the Department of Homeland Security (DHS). These systems are called Workplace as a Service (WPaaS) and are part of an overall effort to move to cloud-based services. In September 2011, DHS awarded within scope task order modifications to the contractors operating DHS’ Data Center 1 (DC1) and Data Center 2 (DC2) to implement WPaaS. Under the task orders, the contractors were to provide the government with complete physical environments which would provide the same functionality available on current DHS laptops and desktops. In addition, the task orders required the contractors to make the respective workplace environments accessibbe from all DHS components and organizations and from anywhere within the DHS OneNet and through appropriate technologies from any location where employees conduct work.

>DHS’ System To Enable Telework Needs a Disaster Recovery Capability 		2014
OIG-14-52 In response to expanding cybersecurity mission requirements from the Administration and Congress, in 2008, NPPD began to deploy the National Cybersecurity Protection System to protect Federal networks and prevent known or suspected cyber threats. Network Security Deployment, which is a division of the Office of Cybersecurity and Communications of NPPD, develops and deploys cybersecurity technologies through the National Cybersecurity Protection System to continuously counter emerging cyber threats and apply effective risk mitigation strategies to detect and deter these threats. Figure 1 depicts the Network Security Deployment organizational chart.

>Implementation Status of EINSTEIN 3 Accelerated 		2014
OIG-14-68 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of the DHS’ FY 2013 financial statements and internal control over financial reporting. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG isresponsible for the attached management letter dated January 15, 2014, and the conclusions expressed in it

>Federal Law Enforcement Training Center’s Management Letter for FY 2013 DHS Financial Statements Audit 		2014
OIG-14-67 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of the DHS’ FY 2013 financial statements and internal control over financial reporting. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG isresponsible for the attached management letter dated January 15, 2014, and the conclusions expressed in it

>National Protection and Programs Directorate’s Management Letter for FY 2013 DHS Financial Statements Audit 		2014
OIG-14-78 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of the DHS’ FY 2013 financial statements and internal control over financial reporting. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG is responsible for the attached management letter dated January 15, 2014, and the conclusions expressed in it.

>Office of Health Affairs' Management Letter for FY 2013 DHS Financial Statements Audit 		2014
OIG-14-84 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of Department of Homeland Security fiscal year 2013 consolidated financial statements. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG is responsible for the attached management letter dated March 11, 2014, and the conclusion expressed in it.

>Information Technology Management Letter for the FLETC Component of the FY 2013 DHS Financial Statement Audit 		2014
OIG-14-83 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of the DHS’ FY 2013 financial statements and internal control over financial reporting. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG isresponsible for the attached management letter dated January 15, 2014, and the conclusions expressed in it

>Science and Technology Directorate's Management Letter for FY 2013 DHS Financial Statements Audit 		2014
OIG-14-97 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of Department of Homeland Security fiscal year 2013 consolidated financial statements. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG is responsible for the attached management letter dated March 11, 2014, and the conclusion expressed in it.

>Information Technology Management Letter for the FY 2013 Department of Homeland Security’s Financial Statement Audit – National Protection and Programs Directorate 		2014
OIG-14-113 The DHS Office of Intelligence and Analysis routinely briefs DNDO on counterintelligence awareness, including insider threat indicators. In addition, DNDO provides security awareness training to its employees and contractors regarding security ‐related topics that could help prevent or detect the insider risk. In September 2013, the DHS Office of the Chief Security Officer began a comprehensive vulnerability assessment of DNDO assets, which includes identifying insider risks and vulnerabilities. The DHS Security Operations Center monitors DNDO information systems and networks to respond to potential insider based incidents. Finally,he DHS Special Security Programs Division handles and investigates security incidents, including those types attributed to malicious insiders.

>Domestic Nuclear Detection Office Has Taken Steps To Address Insider Threat, but Challenges Remain 		2014
OIG-14-119 The National Protection Programs Directorate (NPPD) is primarily responsible for fulfilling the DHS national, non-law enforcement cybersecurity missions. Within NPPD, the Office of Cybersecurity and Communications is responsible for the implementation of the Enhanced Cybersecurity Services program. Our overall objective was to determine the effectiveness of the Enhanced Cybersecurity Services program to disseminate cyber threat and technical information with the critical infrastructure sectors through ommercial service providers. NPPD has made progress in expanding the Enhanced cybersecurity Services program. For example, as of May 2014, 40 critical infrastructure entities participate in the program. Additionally, 22 companies have signed memorandums of agreement to join the program. Further, NPPD has established the procedures and guidance required to carry out key tasks and operational aspects of the program, including an in depth security validation and accreditation process. NPPD has also addressed the privacy risk associated with the program by developing a Privacy Impact Assessment. Finally, NPPD has engaged sector specific agencies and government furnished information providers to expand the program, and has developed program reporting and metric capabilities to monitor the program.

>Implementation Status of the Enhanced Cybersecurity Services Program 		2014
OIG-15-04-IQO The Office of Integrity and Quality Oversight, Investigations Quality Assurance Division conducted an oversight review of the Federal Law Enforcement Training Center, Office of Professional Responsibility from June 2014 to August 2014. The review covered OPR activity from October 1, 2011, (FY 2012) to June 1, 2014 (FY 2014). We found that the Office of Professional Responsibility generally complied with applicable directives, policies, guidelines, and investigative standards. We observed commendable practices with the thoroughness of investigations, the quality of reports, and the productive relationships maintained with operational entities within the Federal Law Enforcement Training Center. We found particular issues with the agency’s underreporting of complaints to the Office of Inspector General, the absence of annual Law Enforcement Availability Pay documentation and certifications, and weaknesses in safeguarding evidence. We made 21 recommendations to the Office of Professional Responsibility Division Chief who agreed with them in whole or in part. There are no open recommendations in this report.

>Oversight Review of the Department of Homeland Security Federal Law Enforcement Training Center Office of Professional Responsibility 		2015
OIG-15-33 We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Management Act, we reviewed the Department’s security program including its policies, procedures, and system security controls for enterprise-wide intelligence systems. In doing so, we assessed the Department’s continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones for correcting information security weaknesses, contingency planning, and security capital planning .

>Fiscal Year 2014 Evaluation of DHS' Compliance with Federal Information Security Management Act Requirements for Intelligence Systems 		2015
OIG-15-38 We conducted an audit of S&T’s award and management of its contract with NVS Technologies, Inc. Although S&T properly awarded the contract, we identified deficiencies with S&T’s management of the contract. Specifically, program managers did not document contract oversight because S&T does not have adequate policies and procedures governing contract management. As a result, S&T may have wasted $23 million in incurred costs plus additional cost associated with contract termination. If program performance is not adequately documented, S&T may also have difficulty making well-informed decisions on all its contracts.

>Science and Technology Directorate Needs to Improve Its Contract Management Procedures 		2015
OIG-15-74 KPMG LLP reviewed the National Protection and Programs Directorate’s (NPPD) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations.

>National Protection and Programs Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit 		2015
OIG-15-73 KPMG LLP reviewed the National Protection and Programs Directorate’s (NPPD) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations. KPMG LLP reviewed the Science and Technology Directorate’s (S&T) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s considerations.

>Science and Technology Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit ( 		2015
OIG-15-79 We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG LLP evaluated selected general information technology controls and business process application controls at the Federal Law Enforcement Training Center (FLETC), the Office of Intelligence & Analysis (I&A), and the Office of Operations Coordination and Planning (OPS). FLETC provides financial system hosting and support to I&A and OPS. KPMG LLP determined that FLETC, I&A, and OPS had made improvements in designing and consistently implementing controls related to reviewing audit logs and enforcing account security requirements.

>Information Technology Management Letter for the Federal Law Enforcement Training Center Component of the FY 2014 Department of Homeland Security Financial Statement Audit 		2015
OIG-15-83 KPMG LLP reviewed the Federal Law Enforcement Training Centers’ (FLETC) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations.

>Federal Law Enforcement Training Centers' Management Letter for DHS' FY 2014 Financial Statements Audit 		2015
OIG-15-82 KPMG LLP reviewed the Office of Intelligence and Analysis (I&A) and the Office of Operations Coordination’s (OPS) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s considerations.

>Office of Intelligence and Analysis and Office of Operations Coordination's Management Letter for DHS' FY 2014 Financial Statements Audit 		2015
OIG-15-84 KPMG LLP reviewed the Domestic Nuclear Detection Office’s (DNDO) internal control over financial reporting. The management letter contains one observation related to internal control and other operational matters for management’s considerations. KPMG LLP noted a deficiency and the need for improvement in certain DNDO processes. This deficiency did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. This observation is intended to improve internal control or result in other operating efficiencies.

>Domestic Nuclear Detection Office's Management Letter for DHS' FY 2014 Financial Statements Audit 		2015
OIG-15-108-IQO The Office of Integrity and Quality Oversight, Investigations Quality Assurance Division conducted an oversight review of the National Protection and Programs Directorate (NPPD), Internal Affairs Division (IAD) from November 2014 to February 2015. The review covered IAD activity from October 1, 2011, to September 30, 2014 (fiscal years 2012 through 2014). We conducted this review as part of the planned periodic review of the Department of Homeland Security (DHS) component internal affairs offices by the DHS Office of Inspector General (OIG) in keeping with the oversight responsibilities mandated by the Inspector General Act of 1978, as amended. Generally, we found that inquiries conducted and overseen by the Internal Affairs Division were thorough and complete. Our review, however, raised serious concerns about NPPD’s authority to conduct criminal investigations. Additionally, we found that criminal investigators assigned to IAD did not meet the minimum legal requirement of spending at least 50 percent of their time on criminal investigative activity to earn Law Enforcement Availability Pay. Lastly, we found particular issues with the written policies and the overall management of inquiries.

>Oversight Review of the National Protection and Programs Directorate, Internal Affairs Division 		2015
OIG-12-111 US-VISIT Faces Challenges in Identifying and Reporting Multiple Biographic Identities (Redacted) 2012
OIG-16-02 FPS is not managing its fleet effectively. FPS did not properly justify that its current fleet is necessary to carry out its operational mission. Specifically, FPS did not justify the need for: more vehicles than officers; administrative vehicles; larger sport utility vehicles; home-to-work miles in one region; and discretionary equipment added to vehicles. Additionally, FPS overpaid for law enforcement equipment packages, did not have standard operating procedures for fleet management, a sound vehicle allocation methodology, or accurate fleet data to make effective management decisions. The Department of Homeland Security (DHS) and the National Protection and Programs Directorate (NPPD) fleet managers did not provide sufficient oversight to ensure FPS complied with all Federal and departmental guidance. As a result, FPS cannot ensure it is operating the most cost-efficient fleet and potentially missed opportunities to save more than $2.5 million in fiscal year 2014.

>The FPS Vehicle Fleet Is Not Managed Effectively ( 		2016
OIG-16-18 In 2014, West African countries experienced the largest Ebola virus disease (Ebola) outbreak to date. As part of the Department of Homeland Security’s (DHS) response to prevent the spread of Ebola in the United States, DHS instituted additional screening at U.S. ports of entry for passengers traveling from Ebola-affected countries. We conducted this audit to determine whether DHS has effectively implemented its enhanced screening measures to respond to an Ebola outbreak. Although the Department responded quickly to implement domestic Ebola screening with the Department of Health and Human Services (HHS), it did not ensure sufficient coordination, adequate training, and consistent screening of people arriving at U.S. ports of entry. Coordination between DHS, HHS, and other DHS components was not sufficient to ensure all passengers received full screening. Components did not ensure all personnel received adequate training on the screening process or the use of certain protective equipment. Component personnel also did not always follow established Ebola procedures and ensure all identified passengers completed required screening. As a result, some passengers with potential risk of Ebola exposure may have entered the United States without having their temperatures taken or otherwise cleared by health professionals, and the DHS workforce performing the response was not always appropriately protected.

>DHS' Ebola Response Needs Better Coordination, Training, and Execution 		2016
OIG-16-56 We contracted with the independent public accounting firm KPMG, LLP to perform the audit the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2015. KPMG evaluated select general information technology controls (GITCs), entity level controls, and business process application controls at the Federal Law Enforcement Training Center (FLETC). KPMG determined that FLETC took corrective action to address certain prior IT control deficiencies. For example, FLETC made improvements by designing and consistently implementing controls related to the separation and termination of contractors. However, KPMG continued to identify GITC deficiencies related to access controls and configuration management for FLETC’s core financial systems. The conditions supporting our findings collectively limited FLETC’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.

>Information Technology Management Letter for the Federal Law Enforcement Center Component of the FY 2015 Department of Homeland Security Financial Statement Audit 		2016
OIG-16-57 KPMG LLP, under contract with the DHS Office of Inspector General, audited the Domestic Nuclear Detection Office’s (DNDO) financial statements and internal control over financial reporting for fiscal year (FY) 2015. The management letter contains one observation related to internal controls and other operational matters for management’s consideration. KPMG LLP noted an internal control deficiency and the need for improvement in the undelivered order process. The deficiency is not considered significant and was not required to be reported in the Independent Auditors’ Report on DHS’ FY 2015 Financial Statements and Internal Control over Financial Reporting, dated November 13, 2015, included in the DHS FY 2015 Agency Financial Report.

>Domestic Nuclear Detection Office's Management Letter for DHS' FY 2015 Financial Statements Audit 		2016
OIG-12-48 Department of Homeland Security's Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised) 2012
OIG-16-93 We evaluated the Office of Intelligence and Analysis’ (I&A) safeguards for the sensitive privacy and intelligence information it collects and maintains. Our objective was to determine whether I&A ensures compliance with Federal laws, regulations, and policies. I&A has made progress in developing a culture of privacy. Specifically, I&A has centralized the oversight of privacy and civil liberties and has been working to ensure that it meets the requirements of pertinent legislation, regulations, directives, and guidance. I&A conducted specialized onboarding and advanced training that address safeguards for privacy and civil liberties in its intelligence processes. In addition, I&A designed intelligence oversight reviews to ensure that its employees observe the required safeguards. However, I&A has faced challenges because it did not place priority on institutionalizing other capabilities and processes to ensure timely and complete compliance with requirements regarding privacy and intelligence information.

>Office of Intelligence and Analysis Can Improve Transparency and Privacy 		2016
OIG-17-02 We determined that overall; the Department cannot be assured that its preparedness plans can be executed effectively during a pandemic event.  As a result, the eight components we reviewed may not be fully prepared to continue mission essential functions during a pandemic event.  The Department concurred with all seven recommendations and has initiated corrective actions

>DHS Pandemic Planning Needs Better Oversight, Training, and Execution 		2017
OIG-17-49 The Inspectors General (IG) of the Intelligence Community (IC), Department of Homeland Security (DHS), and Department of Justice (DOJ) issued a joint report on the domestic sharing of counterterrorism information.  The IGs’ review was conducted in response to a request from the Senate Select Committee on Intelligence, the Senate Homeland Security and Governmental Affairs Committee, and the Senate Judiciary Committee.  The IGs found that federal, state, and local entities are committed to sharing counterterrorism information by undertaking programs and initiatives that have improved information sharing.  However, the IGs also identified several areas in which improvements could enhance the sharing of counterterrorism information.  The IGs made 23 recommendations to the components of the Office of the Director of National Intelligence (ODNI), DHS, and DOJ to help improve the sharing of counterterrorism information and, ultimately, enhance the government’s ability to prevent terrorist attacks.  The components of ODNI, DHS, and DOJ agreed with all 23 recommendations.

>Review of Domestic Sharing of Counterterrorism Information 		2017
OIG-17-58-UNSUM Since our fiscal year 2015 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of DHS’ department-wide intelligence system and implemented programs for ongoing monitoring of its security practices. In addition, I&A has relocated its intelligence system to a DHS data center to improve network resiliency and support. The United States Coast Guard (USCG) has migrated its sites that process Top Secret/Sensitive Compartmented Information to a Defense Intelligence Agency owned system. However, USCG must continue to work with the Defense Intelligence Agency to clearly define the oversight responsibilities for this external system that supports its intelligence operations. We identified deficiencies in DHS’ information security program and are making two recommendations to I&A and three recommendations to USCG. I&A concurred with its two recommendations, while USCG non-concurred with its three recommendations. We conducted this review between May and September 2016.

>(U) Annual Evaluation of DHS' INFOSEC Program (Intel Systems - DHS Intelligence and Analysis) for FY 2016 		2017
OIG-17-78 Most of the deficiencies identified by the independent accounting firm KPMG, LLP were related to access controls and configuration management for NPPD’s core financial and feeder systems. The deficiencies collectively limited NPPD’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. We recommend that NPPD, in coordination with the Department of Homeland Security’s Chief Information Officer and Acting Chief Financial Officer, make improvements to NPPD’s financial management systems and associated information technology security program

>Information Technology Management Letter for the National Protection and Programs Directorate of the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-82 KPMG LLP, under contract with DHS OIG, audited the S&T financial statements and internal control over financial reporting.  The resulting management letter discusses three observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies in several processes including journal entry review processes; procurement and financial management system reconciliations; and intra-governmental payment and collection expense review and approval.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>Science and Technology Directorate's' Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-81 The Science and Technology Directorate (S&T) main financial application is owned and operated by U.S. Immigration and Customs Enforcement (ICE).  As a service provider, ICE provides support to S&T.  KPMG identified general information technology control deficiencies at ICE that could potentially impact S&T’s financial data, and as such, issued a finding.  The deficiencies collectively limited S&T’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommended that S&T, in coordination with the Department of Homeland Security’s CIO and ACFO, make improvements to S&T’s financial management systems and associated information technology security program.

>Information Technology Management Letter for the Science and Technology Directorate Component of the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-75 Most of the deficiencies identified by the independent public accounting firm KPMG, LLP were related to access controls and configuration management of Federal Law Enforcement Training Centers (FLETC) core financial systems.  The deficiencies collectively limited FLETC’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommend that FLETC, in coordination with the Department of Homeland Security’s Chief Information Officer (CIO) and Acting Chief Financial Officer (ACFO), make improvements to FLETC’s financial management systems and associated information technology security program.

>Information Technology Management Letter for the Federal Law Enforcement Training Centers Component of the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-85 Most of the deficiencies identified by the independent public accounting firm KPMG LLP were related to access controls and configuration management of Office of Financial Management (OFM) and Office of the Chief Information Officer (OCIO) core financial and feeder systems.  The deficiencies collectively limited OFM’s and OCIO’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommend that OFM and OCIO make improvements to DHS’ financial management systems and associated information technology security program.

>Information Technology Management Letter for the Office of Financial Management and Office of the Chief Information Officer Components of the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-86 KPMG LLP, under contract with DHS OIG, audited the Office of Financial Management’s financial statements and internal control over financial reporting.  The resulting management letter discusses four observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies and the need for improvement in several processes including financial disclosure reviews; designation of intra-governmental transactions as non-acquisition; reconciliation of unfilled customer order and undelivered order balances; and inadequate review of closing package notes.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2015 Agency Financial Report.

>Office of Financial Management's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-88 Most of the deficiencies identified by the independent public accounting firm KPMG LLP were related to access controls and configuration management of the Management Directorate’s core financial systems.  The deficiencies collectively limited the Management Directorate’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommend that the Management Directorate make improvements to DHS’ financial management systems and associated information technology security program.

>Information Technology Management Letter for the Management Directorate Component of the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-91 We determined that DHS’ Performance and Learning Management System (PALMS) does not address the Department’s critical need for an integrated department-wide system.  As of October 2016, PALMS has not met DHS operational requirements for effective administration of employee learning and performance management activities.  In addition, the PALMS program office did not effectively implement the acquisition methodology selected for PALMS and did not monitor contractor performance.  Finally, between August 2013 and November 2016, the Department spent more than $5.7 million for unused and partially used subscriptions; incurred more than $11 million to extend contracts of existing learning management systems; and more than $813,000 for increased program management costs.  The Department also did not identify $72,902 in financial credits stemming from the contractor not meeting performance requirements.  The Government Accountability Office (GAO) also reported in its February 2016 report, GAO-16-253, that the Department experienced programmatic and technical challenges that led to years-long schedule delays.  We made seven recommendations to address the challenges with the PALMS acquisition and to improve future acquisitions.  The Department concurred with all seven of our recommendations.

>PALMS Does Not Address Department Needs 		2017

*NDAA, Pub. L. 117-263, section 5274 Response Received. View responses

Return to top of page