Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Fiscal Year
OIG-15-33 We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Management Act, we reviewed the Department’s security program including its policies, procedures, and system security controls for enterprise-wide intelligence systems. In doing so, we assessed the Department’s continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones for correcting information security weaknesses, contingency planning, and security capital planning .

>Fiscal Year 2014 Evaluation of DHS' Compliance with Federal Information Security Management Act Requirements for Intelligence Systems 		2015
OIG-15-108-IQO The Office of Integrity and Quality Oversight, Investigations Quality Assurance Division conducted an oversight review of the National Protection and Programs Directorate (NPPD), Internal Affairs Division (IAD) from November 2014 to February 2015. The review covered IAD activity from October 1, 2011, to September 30, 2014 (fiscal years 2012 through 2014). We conducted this review as part of the planned periodic review of the Department of Homeland Security (DHS) component internal affairs offices by the DHS Office of Inspector General (OIG) in keeping with the oversight responsibilities mandated by the Inspector General Act of 1978, as amended. Generally, we found that inquiries conducted and overseen by the Internal Affairs Division were thorough and complete. Our review, however, raised serious concerns about NPPD’s authority to conduct criminal investigations. Additionally, we found that criminal investigators assigned to IAD did not meet the minimum legal requirement of spending at least 50 percent of their time on criminal investigative activity to earn Law Enforcement Availability Pay. Lastly, we found particular issues with the written policies and the overall management of inquiries.

>Oversight Review of the National Protection and Programs Directorate, Internal Affairs Division 		2015
OIG-15-04-IQO The Office of Integrity and Quality Oversight, Investigations Quality Assurance Division conducted an oversight review of the Federal Law Enforcement Training Center, Office of Professional Responsibility from June 2014 to August 2014. The review covered OPR activity from October 1, 2011, (FY 2012) to June 1, 2014 (FY 2014). We found that the Office of Professional Responsibility generally complied with applicable directives, policies, guidelines, and investigative standards. We observed commendable practices with the thoroughness of investigations, the quality of reports, and the productive relationships maintained with operational entities within the Federal Law Enforcement Training Center. We found particular issues with the agency’s underreporting of complaints to the Office of Inspector General, the absence of annual Law Enforcement Availability Pay documentation and certifications, and weaknesses in safeguarding evidence. We made 21 recommendations to the Office of Professional Responsibility Division Chief who agreed with them in whole or in part. There are no open recommendations in this report.

>Oversight Review of the Department of Homeland Security Federal Law Enforcement Training Center Office of Professional Responsibility 		2015
OIG-14-97 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of Department of Homeland Security fiscal year 2013 consolidated financial statements. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG is responsible for the attached management letter dated March 11, 2014, and the conclusion expressed in it.

>Information Technology Management Letter for the FY 2013 Department of Homeland Security’s Financial Statement Audit – National Protection and Programs Directorate 		2014
OIG-14-84 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of Department of Homeland Security fiscal year 2013 consolidated financial statements. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG is responsible for the attached management letter dated March 11, 2014, and the conclusion expressed in it.

>Information Technology Management Letter for the FLETC Component of the FY 2013 DHS Financial Statement Audit 		2014
OIG-14-83 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of the DHS’ FY 2013 financial statements and internal control over financial reporting. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG isresponsible for the attached management letter dated January 15, 2014, and the conclusions expressed in it

>Science and Technology Directorate's Management Letter for FY 2013 DHS Financial Statements Audit 		2014
OIG-14-78 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of the DHS’ FY 2013 financial statements and internal control over financial reporting. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG is responsible for the attached management letter dated January 15, 2014, and the conclusions expressed in it.

>Office of Health Affairs' Management Letter for FY 2013 DHS Financial Statements Audit 		2014
OIG-14-68 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of the DHS’ FY 2013 financial statements and internal control over financial reporting. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG isresponsible for the attached management letter dated January 15, 2014, and the conclusions expressed in it

>Federal Law Enforcement Training Center’s Management Letter for FY 2013 DHS Financial Statements Audit 		2014
OIG-14-67 We contracted with the independent public accounting firm KPMG LLP (KPMG) to conduct the audit of the DHS’ FY 2013 financial statements and internal control over financial reporting. The contract required that KPMG perform its audit according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG isresponsible for the attached management letter dated January 15, 2014, and the conclusions expressed in it

>National Protection and Programs Directorate’s Management Letter for FY 2013 DHS Financial Statements Audit 		2014
OIG-14-55 The Office of the Chief Information Officer (OCIO) is implementing two systems to enhance telework in the Department of Homeland Security (DHS). These systems are called Workplace as a Service (WPaaS) and are part of an overall effort to move to cloud-based services. In September 2011, DHS awarded within scope task order modifications to the contractors operating DHS’ Data Center 1 (DC1) and Data Center 2 (DC2) to implement WPaaS. Under the task orders, the contractors were to provide the government with complete physical environments which would provide the same functionality available on current DHS laptops and desktops. In addition, the task orders required the contractors to make the respective workplace environments accessibbe from all DHS components and organizations and from anywhere within the DHS OneNet and through appropriate technologies from any location where employees conduct work.

>DHS’ System To Enable Telework Needs a Disaster Recovery Capability 		2014
OIG-14-52 In response to expanding cybersecurity mission requirements from the Administration and Congress, in 2008, NPPD began to deploy the National Cybersecurity Protection System to protect Federal networks and prevent known or suspected cyber threats. Network Security Deployment, which is a division of the Office of Cybersecurity and Communications of NPPD, develops and deploys cybersecurity technologies through the National Cybersecurity Protection System to continuously counter emerging cyber threats and apply effective risk mitigation strategies to detect and deter these threats. Figure 1 depicts the Network Security Deployment organizational chart.

>Implementation Status of EINSTEIN 3 Accelerated 		2014
OIG-14-119 The National Protection Programs Directorate (NPPD) is primarily responsible for fulfilling the DHS national, non-law enforcement cybersecurity missions. Within NPPD, the Office of Cybersecurity and Communications is responsible for the implementation of the Enhanced Cybersecurity Services program. Our overall objective was to determine the effectiveness of the Enhanced Cybersecurity Services program to disseminate cyber threat and technical information with the critical infrastructure sectors through ommercial service providers. NPPD has made progress in expanding the Enhanced cybersecurity Services program. For example, as of May 2014, 40 critical infrastructure entities participate in the program. Additionally, 22 companies have signed memorandums of agreement to join the program. Further, NPPD has established the procedures and guidance required to carry out key tasks and operational aspects of the program, including an in depth security validation and accreditation process. NPPD has also addressed the privacy risk associated with the program by developing a Privacy Impact Assessment. Finally, NPPD has engaged sector specific agencies and government furnished information providers to expand the program, and has developed program reporting and metric capabilities to monitor the program.

>Implementation Status of the Enhanced Cybersecurity Services Program 		2014
OIG-14-113 The DHS Office of Intelligence and Analysis routinely briefs DNDO on counterintelligence awareness, including insider threat indicators. In addition, DNDO provides security awareness training to its employees and contractors regarding security ‐related topics that could help prevent or detect the insider risk. In September 2013, the DHS Office of the Chief Security Officer began a comprehensive vulnerability assessment of DNDO assets, which includes identifying insider risks and vulnerabilities. The DHS Security Operations Center monitors DNDO information systems and networks to respond to potential insider based incidents. Finally,he DHS Special Security Programs Division handles and investigates security incidents, including those types attributed to malicious insiders.

>Domestic Nuclear Detection Office Has Taken Steps To Address Insider Threat, but Challenges Remain 		2014
OIG-13-95 The National Protection and Programs Directorate (NPPD), which is primarily responsible for fulfilling DHS security missions, assumed this responsibility for the Department. Subsequent to the President’s issuance of Executive Order 13618 in July 2012, NPPD’s Office of Cybersecurity and Communications was reorganized in an effort to promote security, resiliency, and reliability of the Nation’s cyber and communications infrastructure.

>DHS Can Take Actions To Address Its Additional Cybersecurity Responsibilities 		2013
OIG-13-76 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>Office of Intelligence and Analysis’ Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-71 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>Domestic Nuclear Detection Office’s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-70 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>The Office of Financial Management’s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-69 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established n Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>Science and Technology Directorate’s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-67 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>National Protection and Programs Directorate’s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-62 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012, and the related statements of net cost, changes in net position, and custodial activity, and combined statement of budgetary resources for the year then ended (referred to as the “fiscal year (FY) 2012 financial statements”). We were also engaged to audit the Department’s internal control over financial reporting of the FY 2012 financial statements. The objective of our audit engagement was to express an opinion on the fair presentation of the FY 2012 financial statements and the effectiveness of internal control over financial reporting of the FY 2012 financial statements.

>Information Technology Management Letter for the Federal Law Enforcement Training Center Component of the FY 2012 Department of Homeland Security Financial Statement Audit 		2013
OIG-13-61 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>Office of Health Affairs’ Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-56 We have audited the balance sheet of the U.S. Department of Homeland Security (DHS or Department) as of September 30, 2012 and the related statements of net cost, changes in net position and custodial activity, and combined statement of budgetary resources for the year then ended (referred to herein as the “fiscal year (FY) 2012 financial statements”). The objective of our audit was to express an opinion on the fair presentation of these financial statements. We were also engaged to examine the Department’s internal control over financial reporting of the FY 2012 financial statements, based on the criteria established in Office of Management and Budget (OMB), Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A.

>Federal Law Enforcement Training Center’s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit 		2013
OIG-13-55 In December 2011, a limited distribution internal memorandum was leaked to news media. This document disclosed allegations of employee misconduct and inadequate performance, as well as misuse of funds and ineffective hiring within DHS’ Chemical Facility Anti-Terrorism Standards Program. In February 2012, former Chairman Lungren, of the House Committee on Homeland Security, Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, requested that we review these issues. In April 2012, Ranking Member Waxman, of the House Committee on Energy and Commerce, also requested that we review the challenges facing the program. We consolidated both requests into one review.

>Effectiveness of the Infrastructure Security Compliance Division's Management Practices to Implement the Chemical Facility Anti-Terrorism Standards Program 		2013
OIG-13-39 This transition allowed remote control of processes and exposed industrial control systems to cyber security risks that could be exploited over the Internet. The National Cybersecurity and Communications Integration Center, a division of the Office of Cybersecurity and Communications within the National Protection and Programs Directorate (NPPD), is the operational arm of NPPD and is responsible for providing full-time monitoring, information sharing, analysis, and incident response capabilities to protect Federal agencies’ networks and critical infrastructure and key resources, such as industrial control systems.

>DHS Can Make Improvements to Secure Industrial Control Systems 		2013
OIG-13-28 We have reviewed the accompanying Table of Prior Year Drug Control Obligations of the U.S. Department of Homeland Security’s (DHS) Federal Law Enforcement Training Center (FLETC) for the year ended September 30, 2012. We have also reviewed the accompanying statement that full compliance with the Office of National Drug Control Policy (ONDCP) Circular, Drug Control Accounting, dated May 1, 2007 (the Circular) would constitute an unreasonable burden (Unreasonable Burden Statement). FLETC’s management is responsible for the preparation of the Table of Prior Year Drug Control Obligations and the Unreasonable Burden Statement (collectively the Alternative Report).

>Independent Review of the Federal Law Enforcement Training Center’s Reporting of FY 2012 Drug Control Obligations 		2013
OIG-13-07 The Visa Waiver Program was established in 1986 to promote international tourism without jeopardizing U.S. security. The program allows nationals from designated countries to enter the United States and stay for up to 90 days without obtaining a visa from a U.S. embassy or consulate. Currently, there are 36 Visa Waiver Program countries. The Immigration and Nationality Act, as amended, requires the Secretary of Homeland Security, in consultation with the Secretary of State, to assess the law enforcement and security risks of Visa Waiver Program countries, and terminate a country from the Visa Waiver Program if necessary.

>The Visa Waiver Program 		2013
OIG-12-67  

>Federal Protective Service's Exercise of a Contract Option for the Risk Assessment and Management Program 		2012
OIG-12-59  

>Science and Technology Directorate's Management Letter for FY 2011 DHS Consolidated Financial Statements Audit 		2012
OIG-12-57  

>The Office of Financial Management’s Management Letter for FY 2011 DHS Consolidated Financial Statements Audit 		2012
OIG-12-55  

>FLETC's Management Letter for FY 2011 DHS Consolidated Financial Statements Audit 		2012
OIG-12-52  

>National Protection and Programs Directorate's Management Letter for FY 2011 DHS Consolidated Financial Statements Audit 		2012
OIG-12-48 Department of Homeland Security's Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised) 2012
OIG-12-39  

>Information Sharing on Foreign Nationals: Border Security (Redacted) 		2012
OIG-12-21 The Preparedness Directorate’s Anti-Deficiency Act Violations for Fiscal Year 2006 Shared Service Administrative Assessments 2012
OIG-12-115  

>Review of DHS' Information Security Program for Intelligence Systems for Fiscal Year 2012 		2012
OIG-12-111 US-VISIT Faces Challenges in Identifying and Reporting Multiple Biographic Identities (Redacted) 2012
OIG-12-107  

>Adherence to Acquisition Management Policies Will Help Reduce Risks to the Technology Integration Program (Revised) 		2012
OIG-12-100  

>Effects of a Security Lapse on FPS' Michigan Guard Services Contract (Redacted) (Revised) 		2012
OIG-12-10 DHS’ Efforts To Coordinate and Enhance Its Support and Information Sharing With Fusion Centers 2012
OIG-11-98  

>Evaluation of DHS’ Security Program and Practices for Intelligence Systems for Fiscal Year 2011 		2011
OIG-11-76  

>Information Technology Management Letter for the Federal Law Enforcement Training Center Component of the FY 2010 DHS Financial Statement Audit 		2011
OIG-11-55  

>Federal Law Enforcement Training Center's Management Letter for FY 2010 DHS Consolidated Financial Statements Audit 		2011
OIG-11-53  

>Office of Financial Management's Management Letter for FY 2010 DHS Consolidated Financial Statements Audit 		2011
OIG-11-50  

>Science and Technology Directorate's Management Letter for FY 2010 DHS Consolidated Financial Statements Audit 		2011
OIG-11-48  

>National Protection and Programs Directorate's Management Letter for FY 2010 DHS Consolidated Financial Statements Audit 		2011
OIG-11-24  

>(U) DHS Has Made Improvements on the Security Program for Its Intelligence Systems 		2011
OIG-11-13 Review of the National Bio and Agro-Defense Facility Site Selection Process 2011
OIG-11-12 Protective Security Advisor Program Efforts to Build Effective Critical Infrastructure Partnerships: Oil and Natural Gas Subsector 2011
OIG-11-117  

>Review of the Department of Homeland Security’s Capability to Share Cyber Threat Information (Redacted) 		2011
OIG-11-110  

>DHS Risk Assessment Efforts in the Dams Sector 		2011

*NDAA, Pub. L. 117-263, section 5274 Response Received. View responses

Return to top of page