Audits, Inspections, and Evaluations

Report Number Sort ascending	Title	Issue Date	Fiscal Year
OIG-18-29	This is a Department of Homeland Security Office of the Inspector General (OIG) special report on Federal Emergency Management Agency (FEMA) and FEMA recipient and sub recipient disaster-related procurements. FEMA is currently responding to some of the most catastrophic disasters in U.S. history — Hurricanes Harvey, Irma, Maria, and the October 2017, California wildfires. Because of the massive scale of damage and the large number and high-dollar contracts that will likely be awarded, there is a significant risk that billions of taxpayer dollars may be exposed to waste, fraud, and abuse. >Lessons Learned from Prior Reports on Disaster-related Procurement and Contracting	12/05/2017	2018
OIG-18-28	Osceola Electric Cooperative, Inc. (Osceola) received a $10 million Federal Emergency Management Agency (FEMA) grant award for damages caused by a severe winter storm in April 2013. Although the disaster occurred 4 years ago, Osceola has not completed all FEMA projects. We conducted this audit early in the grant process to identify areas in which Osceola may need additional technical assistance or monitoring to ensure compliance. Osceola generally accounted for and expended $10 million FEMA Public Assistance Funds according to Federal regulations and FEMA guidelines. >Osceola Electric Cooperative, Iowa, Generally Managed FEMA Grant Funds According to Federal Requirements	12/05/2017	2018
OIG-18-27	The Transportation Security Administration (TSA) intended to expand TSA PreCheck to 25 million air travelers at a rate of more than 5 million enrollments per year. We evaluated whether the current TSA PreCheck Application Program adjudication process will allow TSA to meet its enrollment goals. TSA did not allocate additional resources or staff to the TSA Adjudication Center, which had multiple vacancies and was tasked with manually processing about 26 percent of TSA PreCheck Application Program applications. To make matters worse, in June 2016, TSA PreCheck applications surged, leaving the Adjudication Center overwhelmed with applications to process. As the application queue grew, TSA brought on detailees from other Federal agencies to assist with adjudications part time, but they did not have a significant impact. Further, the Adjudication Center relies on a manual caseload assignment and reporting process, which is inefficient for the volume of TSA PreCheck applications needing adjudication. >TSA's Adjudication Resources are Inadequate to Meet TSA PreCheck Enrollment Goals	12/05/2017	2018
OIG-18-26	Severe winter storms, flooding, and mudslides during January and February 2017 caused significant damage to Solano County, California (County). County officials estimate damages at $1.6 million. Based on our limited testing, the County appears to have in place policies, procedures, and business practices to generally account for and expend FEMA Public Assistance grant funds according to Federal regulations and FEMA guidelines. The County should be able to account for disaster-related costs on a project-by-project basis and adequately support these costs. >Solano County, California, Has Policies, Procedures, and Business Practices to Manage Its FEMA Grant Funding	12/05/2017	2018
OIG-18-25	The Omaha Tribe’s serious financial management weaknesses combined with inadequate and missing documentation resulted in unreliable financial records. As a result, we have little confidence that the transactions recorded in the accounting system actually occurred or that the tribe completed its FEMA-authorized projects. Therefore, we question $13.9 million as unsupported. Due to the unreliable financial information, we calculated the amount unsupported as the entire $16.9 million FEMA provided for both grants, less $2.8 million in unused Federal funding that FEMA should put to better use; $165,000 in unclaimed insurance coverage; and approximately $74,749 that we were able to verify as supported and eligible. >The Omaha Tribe of Nebraska and Iowa Mismanaged $14 Million in FEMA Disaster Grants	11/30/2017	2018
OIG-18-24	DHS reported using its Other Transaction Authority to work with non-traditional contractors, DHS did not always follow statutory requirements when entering, modifying, and overseeing its agreements. Inadequate internal policies contributed to DHS falling short of meeting all statutory requirements for using OTAs. In addition, DHS acquisition policy staff reported that competing priorities prevented timely reporting to Congress. As a result, DHS may have taken on more risks and costs than necessary and impeded Congress’ ability to oversee DHS’ use of OTAs. >Department of Homeland Security's Use of Other Transaction Authority	11/30/2017	2018
OIG-18-23	USCIS deployed this capability in April 2016 to improve processing of approximately 84,000 naturalization applications received each month. However, as before, the ELIS capabilities deployed did not include critical functionality necessary for end-to-end Form N-400 processing. ELIS repeatedly experienced outages and did not always perform as intended. Also, USCIS did not ensure field personnel were adequately trained to use the new system capabilities prior to deployment. Given its focus on meeting established system release dates, USCIS did not fully address our prior report recommendations to improve user support, stakeholder engagement, performance measurement, and testing to ensure ELIS met user needs and improved operations. >USCIS Has Been Unsuccessful in Automating Naturalization Benefits Delivery	11/30/2017	2018
OIG-18-22	Representative Raúl M. Grijalva requested that we review U.S. Immigration and Customs Enforcement’s (ICE) decision to award GEO Care, LLC a contract to establish a Family Case Management Program (FCMP). We sought to determine whether ICE awarded the FCMP contract in accordance with laws, regulations, and guidance. We also conducted a limited review of post-award contract modifications. FCMP is an alternative to detention that uses case managers to ensure participants comply with their release conditions, such as attending court hearings, while allowing them to remain in their community as they move through immigration proceedings. We determined that ICE properly awarded FCMP contracts. >U.S. Immigration and Customs Enforcement's Award of the Family Case Management Program Contract	11/30/2017	2018
OIG-18-21	FEMA is currently responding to Hurricane Harvey in Texas, one of the largest disasters in U.S. history, with current damage estimates reported to exceed $100 billion. Due to the massive scale of damage, FEMA and Texas, as a FEMA grantee, will face many challenges in the recovery phase of the disaster. As FEMA moves into the recovery phase for Hurricane Harvey, it will begin to obligate hundreds of millions, if not billions, of dollars from the Disaster Relief Fund for administrative costs and for Public Assistance and Hazard Mitigation grants to eligible state, tribal, and local governments and certain nonprofit organizations. Texas, as FEMA’s grantee, will be responsible for oversight and monitoring of the disaster grants to Texas subrecipients. >Special Report: Lessons Learned from Prior DHS-OIG Reports Related to FEMA's Response to Texas Disasters and Texas' Management of FEMA Grant Funds	11/30/2017	2018
OIG-18-20	We evaluated the Office of Health Affairs’ (OHA) privacy safeguards for protecting the personally identifiable information (PII) it collects and maintains. OHA has not implemented an effective organizational framework for safeguarding PII in accordance with Federal requirements. OHA appointed a Privacy Officer, but this official lacks adequate authority and resources to carry out the various required privacy management responsibilities. This official also has not received OHA senior leadership support to issue the policies and procedures needed for effective organization-wide privacy management. Further, there was no central tracking to ensure that all employees completed annual privacy training and to accurately report this information to the Department and Congress as required. >Office of Health Affairs Has Not Implemented An Effective Privacy Management Program	11/30/2017	2018
OIG-18-19	Review of CBP Information Technology System Outage of January 2, 2017 (Redacted)	11/21/2017	2018
OIG-18-18	CBP issued the summons to Twitter regarding the @ALT_USCIS account for the purpose of identifying the owner of the account. CBP took the position that it needed this information in order to “insure compliance with the laws of the United States administered by the [Service]” - investigate possible criminal violations by CBP officials, including murder, theft, and corruption. >Management Alert - CBP's Use of Examination and Summons Authority Under 19 U.S.C. § 1509	11/16/2017	2018
OIG-18-17	The Hospital must improve its policies, procedures, and business practices to account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines. Specifically, it did not properly document and adequately account for project costs; comply with its overtime policy; and comply with Federal requirements for insurance. Additionally, there were major differences in the damage estimates FEMA and the Hospital calculated. >Napa State Hospital, California, Should Improve the Management of Its $6.7 Million FEMA Grant	11/16/2017	2018
OIG-18-16	Independent Auditors' Report on DHS' FY 2017 Financial Statements and Internal Control over Financial Reporting	11/15/2017	20187
OIG-18-15	Coast Guard IT Investments Risk Failure Without Required Oversight	11/14/2017	2018
OIG-18-14	Management Alert - Concerns with Potential Duplicate or Ineligible FEMA Public Assistance Funding for Facilities Damaged by Back-to-Back Disasters	11/14/2017	2018
OIG-18-13	FEMA and CBP Oversight of Operation Stonegarden Program Needs Improvement	11/09/2017	2018
OIG-18-12	We prepared this special report to address challenges FEMA, Texas, Florida, U.S. territories in the Caribbean, and California may face managing insurance under the Public Assistance program in the wake of Hurricanes Harvey, Irma, and Maria, and the October 2017 California wildfires. This report describes lessons learned from findings and recommendations contained in our DHS OIG grant audit reports issued from fiscal years 2013–2017. During fiscal years 2013–2017, we issued 37 Disaster Assistance grant audit reports that disclosed challenges with FEMA’s Public Assistance insurance process. The major recurring challenges we identified included (1) Duplicate benefits in which subrecipients claimed FEMA reimbursement for costs that were covered by insurance; (2) Insufficient insurance in which subrecipients did not obtain and maintain sufficient insurance coverage required as a condition for receiving Federal disaster assistance; and (3) Misapplied or misallocated insurance proceeds in which subrecipients received insurance proceeds, and misapplied or did not allocate those proceeds to FEMA projects. >Special Report: Lessons Learned from Previous Audit Reports on Insurance under the Public Assistance Program	11/07/2017	2018
OIG-18-11	Department leadership must commit itself to ensuring DHS operates more as a single entity. rather than a collection of components. The lack of progress in reinforcing a unity of effort translates to a missed opportunity for greater effectiveness. Second, Department leadership must establish and enforce a strong internal control environment typical of a more mature organization. The current environment of relatively weak internal controls affects all aspects of the Department’s mission, from border protection to immigration enforcement and from protection against terrorist attacks and natural disasters to cybersecurity. We have seen little evidence of proactive effort by leadership to view the organization holistically, to forcefully communicate the need for cooperation among components, and to establish programs or policies that ensure unity, even though such effort is a necessary precondition to unified action. >Major Management and Performance Challenges Facing the Department of Homeland Security	11/03/2017	2018
OIG-18-10	The Department faces challenges to effectively sharing cyber threat information across Federal and private sector entities. Without acquiring a cross-domain information processing solution and automated tools, DHS cannot analyze and share threat information timely. Further, without enhanced outreach, DHS cannot increase participation and improve coordination of information sharing across Federal and private organizations. >Biennial Report on DHS’ Implementation of the Cybersecurity Act of 2015	11/01/2017	2018
OIG-18-09	The County does not have legal responsibility for the disaster-related repairs on township roadway projects. Therefore, the County is not eligible to receive $6,151,893 in Federal funding identified as township projects because it is not legally responsible for the repairs to the damaged facilities (roadways). >Management Alert - FEMA Should Recover $6.2 Million in Public Assistance Funds for Disaster Repairs That Are Not the Legal Responsibility of Richland County, North Dakota	10/30/2017	2018
OIG-18-08	CalRecycle also has sufficient policies, procedures, and business practices in place to account for disaster costs on a project-by-project basis in accordance with most Federal regulations and FEMA guidelines. CalRecycle did not follow these policies, procedures, and practices when accounting for and expending $198.9 million in project costs. Therefore, we questioned these costs unless CalRecycle can correct the deficiencies we identify. CalRecycle did not adequately document costs, account for costs on a residential lot-by-lot basis, effectively monitor contractors to ensure they performed to contract terms and conditions, or clearly separate costs for eligible and ineligible work. >FEMA and California Need to Assist CalRecycle, a California State Agency, to Improve Its Accounting of $230 Million in Disaster Costs	10/30/2017	2018
OIG-18-07	Report: O:\Special Projects\508 Reports\FY18\MGMT Press release: O:\Special Projects\508 Reports\FY17\PR Testimony: O:\Special Projects\508 Reports\FY17\TM PTS or final report folder 508 compliant- need default tools Action Wizard tab >DHS Needs a More Unified Approach	10/30/2017	2018
OIG-18-07	ICE, CBP, and USCIS continue to experience challenges with emerging immigration enforcement and administration activities. Although DHS has established unity of effort initiatives to break silos and centralize decision making related to immigration, problems remain. We identified challenges related to mission allocation and expenditure comparisons, the affirmative asylum application process, and the Department’s struggle to understand immigration outcomes and decisions. DHS will continue to allow vulnerabilities that may affect national security and public safety to persist. >DHS Needs a More Unified Approach to Immigration Enforcement and Administration	10/30/2017	2018
OIG-18-06	FEMA did not manage disaster relief grants and funds adequately and did not hold grant recipients accountable for properly managing disaster relief funds. We continue to identify persistent problems such as improper contract costs, and ineligible and unsupported expenditures as examples of this continued failure. Over the 7-year period, FYs 2009 to 2015, we found $1.64 billion, or 15 percent, in questioned costs out of the $10.9 billion that we audited, which we recommended FEMA disallow as ineligible and unsupported costs. In FY 2016, we found $155.6 million2, or 23 percent, in questioned costs out of the $686 million that we audited, confirming that FEMA is not making progress managing disaster relief funds adequately. We continue to identify persistent problems throughout FEMA’s grant process, we are concerned that billions of tax payer dollars remain at risk. >Summary and Key Findings of Fiscal Year 2016 FEMA Disaster Grant and Program Audits	10/27/2017	2018
OIG-18-05	DHS personnel do not always safeguard sensitive assets that, if lost, would result in critical mission impact or loss of life. Between fiscal years 2014 and 2016, the Department of Homeland Security personnel lost a total of 2,142 highly sensitive assets — 228 firearms; 1,889 badges; and 25 secure immigration stamps. Although this represents a slight improvement from our last audit, more than half of the lost items we reviewed (65 of 115) revealed that component personnel did not follow policy or used poor judgment when safeguarding these assets. In these cases, components did not always hold personnel accountable nor did they receive remedial training for failing to safeguard these sensitive assets. >DHS' Controls Over Firearms and Other Sensitive Assets	10/25/2017	2018
OIG-18-04	We identified limitations with FAMS contributions to aviation security. Details related to FAMS operations and flight coverage presented in the report are classified or designated as Sensitive Security Information. We are making five recommendations that when implemented, should improve FAMS >FAMS’ Contribution to Aviation Transportation Security is Questionable (Unclassified Summary)	10/24/2017	2018
OIG-18-03	USCIS site visits provide minimal assurance that H-1B participants are compliant and not engaged in fraudulent activity. These visits assess whether petitioners and beneficiaries comply with applicable immigration laws and regulations. USCIS can approve more than 330,000 H-1B petitions each year, which could include extensions and amendments. As of April 2017, USCIS reported more than 680,000 approved and valid H-1B petitions. However, during FYs 2014–16, USCIS conducted an average of 7,200 ASVVP site visits annually. For the limited number of visits conducted, USCIS does not always ensure the IOs are thorough and comprehensive in their approach. Further limiting the site visits’ effectiveness, USCIS does not ensure the agency always takes proper and timely action when IOs identify potential fraud or noncompliance. USCIS also uses targeted site visits to respond to indicators of fraud; however, the agency does not completely track the costs and analyze the results of these visits. >USCIS Needs a Better Approach to Verify H-1B Visa Participants	10/20/2017	2018
OIG-18-02	In 2013 and 2014, we conducted an audit of the District of Columbia’s (DC) management of the Homeland Security Grant Program (HSGP) for grants awarded from fiscal years 2010 through 2012. In September 22, 2014, we issued an audit report entitled, District of Columbia’s Management of Homeland Security Grant Program Awards for Fiscal Years 2010 Through 2012 (OIG-14-147), which included 11 recommendations to improve the overall effectiveness of DC’s management of the Homeland Security Emergency Management Agency’s (HSEMA) State Homeland Security Program (SHSP) and Urban Area Security Initiative (UASI) funds. We determined that DC HSEMA met the intent of our prior recommendations and demonstrated improvements in its SHSP and UASI subrecipient monitoring and oversight. We also confirmed DC HSEMA submitted required THIRA reports to FEMA. Overall, FEMA and DC HSEMA’s implementation of our prior recommendations achieved the intended results of strengthening grant program management, performance, and oversight >Verification Review of District of Columbia's Management of Homeland Security Grant Program Awards for Fiscal Years 2010 Through 2012	10/10/2017	2018
OIG-18-01	Mississippi Emergency Management Agency (MEMA) followed applicable Federal grant requirements. It is FEMA’s responsibility to hold Mississippi accountable for proper grant administration. MEMA did not provide proper oversight of a $29.9 million Hazard Mitigation grant, or follow Federal Regulations and FEMA guidelines when accounting for grant funds. As a result, FEMA has no assurance that MEMA properly accounted for and expended Federal funds. >Hazard Mitigation Grant Funds Awarded to MEMA for the Mississippi Coastal Retrofit Program	10/10/2017	2018
OIG-17-99-MA	We found that CBP administered polygraph examinations to unsuitable applicants who provided disqualifying information during the pre-test interview. This occurred because CBP’s process is not sufficient to prevent unsuitable applicants from continuing the polygraph examination. We made two recommendations to CBP to improve its screening by establishing an in-person pre-security interview process, requiring examiners to use the on-call adjudication process, and discontinue testing of unsuitable applicants. CBP concurred with both recommendations and agreed that conducting the in-person pre-security interview prior to the polygraph examination is a best practice. CBP has implemented one of the recommendations and has initiated a pilot program for a new polygraph format. >Management Alert - CBP Spends Millions Conducting Polygraph Examinations on Unsuitable Applicants (OIG-17-99-MA)	08/04/2017	2017
OIG-17-98-SR	This is a DHS OIG special report regarding DHS’ efforts to hire an additional 15,000 law enforcement officers. This is the first in a series of reports. This report describes lessons learned from prior DHS OIG, Government Accountability Office, and DHS departmental reports on challenges relating to hiring and other important areas of human capital management. We made no recommendations in this report. >Special Report: Challenges Facing DHS in Its Attempt to Hire 15,000 Border Patrol Agents and Immigration Officers	07/27/2017	2017
OIG-17-97-D	We determined that FEMA did not have sufficient evidence to support its decision that Hurricanes Katrina and Rita directly caused damages to the roads and water distribution system. The demonstration of direct cause is necessary for work to be considered eligible for Federal disaster assistance funding, as required by the Stafford Act and FEMA’s own policies. As a result, FEMA should not have awarded the initial $785 million, or the additional $1.25 billion to complete the repairs. We recommended that FEMA disallow $2.04 billion in questioned costs —the initial award of $785 million, plus the additional $1.25 billion award. We made two recommendations and FEMA non-concurred with both of our recommendations. >FEMA Should Disallow $2.04 Billion Approved for New Orleans Infrastructure Repairs	07/24/2017	2017
OIG-17-96	KPMG, under contract with DHS OIG, audited the Management Directorate’s financial statements and internal control over financial reporting. The resulting management letter discusses five observations related to internal control for management’s consideration. These issues were related to journal entry review; financial system reconciliations; ineffective obligation analysis; contract expense approval, improper invoice posting; and intra-governmental payment and collection expense approval. These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report. >Management Directorate's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit	07/07/2017	2017
OIG-17-95-D	We determined that The Hospital accounted for FEMA funds on a project-by-project basis as Federal regulations and FEMA guidelines require. However, as of February 2017, the Hospital had not arranged for an audit of its Federal award, which it must complete and submit to the Federal Audit Clearinghouse by June 30, 2017. We recommended that the Regional Administrator, FEMA Region IV, direct the South Carolina Emergency Division to actively monitor the Hospital’s compliance with the annual audit requirements. If the Hospital does not meets it audit requirement by the June 30, 2017, due date, FEMA should direct South Carolina to impose appropriate additional award conditions to ensure the integrity of the FEMA award. >Williamsburg Regional Hospital, South Carolina, Generally Accounted for and Expended FEMA Grant Funds Awarded for Emergency Work Properly	07/06/2017	2017
OIG-17-94	We determined that the Department failed to report 6 conferences in FY 2014 and 14 conferences in FY 2015 that were greater than $100,000 in its Annual Report to the Office of Inspector General and on the public website, as required by Federal regulations. The total dollar value of these unreported conferences was $862,881 and $2,822,561 for FYs 2014 and 2015, respectively. In addition, the Department did not always report actual conference costs timely or accurately. We made five recommendations that would improve conference reporting and recordkeeping and ensure the accuracy and timeliness of conference submissions. DHS concurred with all five of our recommendations and has implemented corrective actions, resulting in the resolution and closure of all the recommendations. >Audit of Department of Homeland Security's Fiscal Years 2014 and 2015 Conference Spending	07/10/2017	2017
OIG-17-93-D	We determined the Borough of Lavallette did not always account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines. Therefore, FEMA should disallow $3.9 million of $13.2 million in grant funds awarded to the Borough. We made six recommendations to the Regional Administrator, FEMA Region II, to disallow duplicate costs, ineligible labor, contract and excessive equipment costs, unsupported equipment costs, unapplied credits, unneeded funds to put to better use and improve the State’s grant management activities. >FEMA Should Recover $3.9 Million of $13.2 in Grant Funds Awarded to the Borough of Lavallette, New Jersey	07/05/2017	2017
OIG-17-92	KPMG, under contract with DHS OIG, audited the National Protection and Programs Directorate’s financial statements and internal control over financial reporting. The resulting management letter discusses 14 observations related to internal control for management’s consideration. The auditors identified internal control deficiencies in several processes including revenue accrual, personnel actions, journal entry reviews, performance reviews, contract expense approvals, time keeping, and intra-governmental payment and collection expense approvals. These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report. >National Protection and Programs Directorate's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit	07/03/2017	2017
OIG-17-91	We determined that DHS’ Performance and Learning Management System (PALMS) does not address the Department’s critical need for an integrated department-wide system. As of October 2016, PALMS has not met DHS operational requirements for effective administration of employee learning and performance management activities. In addition, the PALMS program office did not effectively implement the acquisition methodology selected for PALMS and did not monitor contractor performance. Finally, between August 2013 and November 2016, the Department spent more than $5.7 million for unused and partially used subscriptions; incurred more than $11 million to extend contracts of existing learning management systems; and more than $813,000 for increased program management costs. The Department also did not identify $72,902 in financial credits stemming from the contractor not meeting performance requirements. The Government Accountability Office (GAO) also reported in its February 2016 report, GAO-16-253, that the Department experienced programmatic and technical challenges that led to years-long schedule delays. We made seven recommendations to address the challenges with the PALMS acquisition and to improve future acquisitions. The Department concurred with all seven of our recommendations. >PALMS Does Not Address Department Needs	06/30/2017	2017
OIG-17-90	KPMG, under contract with DHS OIG, audited Customs and Border Protection’s (CBP) fiscal year (FY) 2016 consolidated financial statements. The resulting management letter discusses 12 observations related to internal control for management’s consideration. The auditors identified internal control deficiencies in a number of processes, including deobligation of undelivered orders, review of Federal Employee Compensation Act claims, and the seized and forfeited property inventory. These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on U.S. Customs and Border Protection’s FY 2016 Consolidated Financial Statements, dated January 18, 2017, included in CBP’s FY 2016 Performance and Accountability Report. >Management Letter for U.S Customs and Border Protection's Fiscal Year 2016 Consolidated Financial Statements Audit	06/30/2017	2017
OIG-17-89	KPMG, under contract with DHS OIG, audited the United States Coast Guard’s financial statements and internal control over financial reporting. The resulting management letter discusses 12 observations related to internal control for management’s consideration. The auditors identified internal control deficiencies in several processes including financial disclosure reports; accounts receivable; civilian and military payroll; financial reporting process; and accounts payable accrual. These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report. >United States Coast Guard's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit	06/30/2017	2017
OIG-17-88	Most of the deficiencies identified by the independent public accounting firm KPMG LLP were related to access controls and configuration management of the Management Directorate’s core financial systems. The deficiencies collectively limited the Management Directorate’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. We recommend that the Management Directorate make improvements to DHS’ financial management systems and associated information technology security program. >Information Technology Management Letter for the Management Directorate Component of the FY 2016 Department of Homeland Security Financial Statement Audit	06/30/2017	2017
OIG-17-87	KPMG LLP, under contract with DHS OIG, audited the United States Secret Service’s financial statements and internal control over financial. The resulting management letter discusses four observations related to internal control for management’s consideration. The auditors identified internal control deficiencies in several processes including financial reporting; time and attendance approval; invoice entry and disbursements; and confidential financial disclosure reporting. These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report. >United States Secret Service's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit	06/29/2017	2017
OIG-17-86	KPMG LLP, under contract with DHS OIG, audited the Office of Financial Management’s financial statements and internal control over financial reporting. The resulting management letter discusses four observations related to internal control for management’s consideration. The auditors identified internal control deficiencies and the need for improvement in several processes including financial disclosure reviews; designation of intra-governmental transactions as non-acquisition; reconciliation of unfilled customer order and undelivered order balances; and inadequate review of closing package notes. These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2015 Agency Financial Report. >Office of Financial Management's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit	06/29/2017	2017
OIG-17-85	Most of the deficiencies identified by the independent public accounting firm KPMG LLP were related to access controls and configuration management of Office of Financial Management (OFM) and Office of the Chief Information Officer (OCIO) core financial and feeder systems. The deficiencies collectively limited OFM’s and OCIO’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. We recommend that OFM and OCIO make improvements to DHS’ financial management systems and associated information technology security program. >Information Technology Management Letter for the Office of Financial Management and Office of the Chief Information Officer Components of the FY 2016 Department of Homeland Security Financial Statement Audit	06/28/2017	2017
OIG-17-84	KPMG LLP, under contract with DHS OIG, audited USCIS’ financial statements and internal control over financial reporting. The resulting management letter discusses four observations related to internal control for management’s consideration. The auditors identified internal control deficiencies in several processes including monitoring and recording employee completion of the annual ethics and integrity training; review and approval of H1-B and L fraud fee journal entries; recording of property, plant, and equipment; and inaccurate and unsupported data in some systems. These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report. >United States Citizenship and Immigration Services' Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit	06/27/2017	2017
OIG-17-83-D	Fort Bend County, Texas (County), needs additional technical assistance to account for FEMA Public Assistance grant funds according to Federal regulations and FEMA guidelines. Specifically, the County needs to revise its accounting policies and procedures to ensure it can fully support the disaster work it intends to complete with its own labor force. In addition, although the County’s procurement policies and procedures generally comply with Federal procurement standards, they did not include all required contract provisions in either of their disaster contracts. Because of our audit, the County revised its policies and procedures to include implementing a plan that specifically addressed Federal requirements for documenting and accounting for disaster-related costs and compliance with Federal procurement standards. >Fort Bend County, Texas, Needs Additional Assistance and Monitoring to Ensure Proper Management of Its FEMA Grant	06/28/2017	2017
OIG-17-82	KPMG LLP, under contract with DHS OIG, audited the S&T financial statements and internal control over financial reporting. The resulting management letter discusses three observations related to internal control for management’s consideration. The auditors identified internal control deficiencies in several processes including journal entry review processes; procurement and financial management system reconciliations; and intra-governmental payment and collection expense review and approval. These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report. >Science and Technology Directorate's' Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit	06/26/2017	2017
OIG-17-81	The Science and Technology Directorate (S&T) main financial application is owned and operated by U.S. Immigration and Customs Enforcement (ICE). As a service provider, ICE provides support to S&T. KPMG identified general information technology control deficiencies at ICE that could potentially impact S&T’s financial data, and as such, issued a finding. The deficiencies collectively limited S&T’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. We recommended that S&T, in coordination with the Department of Homeland Security’s CIO and ACFO, make improvements to S&T’s financial management systems and associated information technology security program. >Information Technology Management Letter for the Science and Technology Directorate Component of the FY 2016 Department of Homeland Security Financial Statement Audit	06/26/2017	2017
OIG-17-80-D	Cancellation of OIG Audit – FEMA’s Initial Response to the 2016 Catastrophic Flooding in Louisiana	12/04/2017	2017

Return to top of page