Audits, Inspections, and Evaluations

Report Number	Title	Issue Date	Fiscal Year Sort descending
OIG-20-16	DHS does not have a unified approach for procuring and using handheld chemical identification devices despite the widespread use of these devices across multiple components. We recommended DHS establish a process to coordinate joint needs across components and maximize savings from strategic sourcing opportunities. We made two recommendations that should help improve unity of effort in procuring and using handheld chemical identification devices. DHS concurred with recommendation 1 but did not concur with recommendation 2. >DHS Should Seek a Unified Approach when Purchasing and Using Handheld Chemical Identification Devices	02/28/2020	2020
OIG-20-52	U.S. Customs and Border Protection has not demonstrated the acquisition capabilities needed to effectively execute the Analyze/Select Phase of the Wall Acquisition Program. Specifically, CBP did not conduct an Analysis of Alternatives to assess and select the most effective, appropriate, and affordable solutions to obtain operational control of the southern border as directed, but instead relied on prior, outdated border solutions to identify materiel alternatives for meeting its mission requirement. CBP did not use a sound, well-documented methodology to identify and prioritize investments in areas along the border that would best benefit from physical barriers. Additionally, the Department did not complete the required plan to execute the strategy to obtain and maintain control of the southern border, as required by its Comprehensive Southern Border Security Study and Strategy. Without an Analysis of Alternatives, a documented and reliable prioritization process, or a plan, the likelihood that CBP will be able to obtain and maintain complete operational control of the southern border with mission-effective, appropriate, and affordable solutions is diminished. We made three recommendations to improve CBP’s ongoing investments for obtaining operational control of the southern border. DHS concurred with recommendation 2 but did not concur with recommendations 1 and 3. >CBP Has Not Demonstrated Acquisition Capabilities Needed to Secure the Southern Border	07/14/2020	2020
OIG-20-80	DHS has not effectively managed and coordinated Department resources for its Joint Task Forces (JTFs). Specifically, DHS has not maintained oversight authority through changes in leadership, implemented and updated policies and procedures, identified optimal JTF staffing levels and resources, and established a process to capture total allocated costs associated with JTFs. In addition, DHS has not fully complied with public law requirements to report to Congress on JTFs’ cost and impact, establish outcome-based performance metrics, and establish and maintain a joint duty training program. We recommended the DHS Secretary designate a department-level office to manage and oversee JTFs and address public law requirements. We made seven recommendations to improve DHS’ management and oversight of its JTFs and ensure compliance with legislative requirements. DHS provided a management response, but declined to comment, since the Acting Secretary is currently reviewing the status and future of the JTFs >DHS Cannot Determine the Total Cost, Effectiveness, and Value of Its Joint Task Forces	09/30/2020	2020
OIG-20-17	Colorado’s Department of Public Safety, Division of Homeland Security and Emergency Management (Colorado) did not effectively oversee its subrecipient, Frasier Meadows, to ensure it was aware of and followed Federal procurement regulations and Federal Emergency Management Agency (FEMA) guidelines. In addition, FEMA should have ensured Colorado delivered assistance to Frasier Meadows consistent with the FEMA-State Agreement and the State Administrative Plan. We recommended the Regional Administrator, FEMA Region VIII, disallow $5.57 million for contracts and direct Colorado to work with Frasier Meadows officials to ensure they implement their updated Federal procurement policies and procedures in the event of a future disaster. FEMA officials agreed with both recommendations. Prior to final issuance of this report, FEMA took action to resolve and close both recommendations. No further action is required. >FEMA Should Recover $5.57 Million in Grant Funds Awarded to Frasier Meadows Manor, Inc., Boulder, Colorado	02/27/2020	2020
OIG-20-49	We determined that the city of Houston has adequate policies, procedures, and business practices that comply with Federal procurement regulations and FEMA guidelines to expend FEMA grant funds. We found Houston may have inappropriately included the $73.8 million cost of Houston First Corporation’s (Houston First) disaster damages in its damage estimate, even though it was not an eligible applicant for them. We did not examine procurement policies and procedures related to Houston First because the entity was outside the scope of our audit. During the audit, FEMA acknowledged it would reiterate in writing to the City of Houston the importance of proper oversight for all procurements executed by Houston First. This report contains no recommendations. >Houston, Texas Has Adequate Policies, Procedures, and Business Practices to Manage Its FEMA Grant	07/14/2020	2020
OIG-20-79	U.S. Customs and Border Protection (CBP) cannot ensure its Entry Reconciliation Program reporting is accurate or complies with requirements. Specifically, CBP did not always validate importers’ self-reported final values of imports when it assessed duties and fees because it did not require importers to substantiate self-reported merchandise values with source documentation. In addition, CBP did not always follow its policies when conducting reviews of reconciliation entries because its Standard Operating Procedures had been implemented differently across all ports of entry. Finally, CBP missed opportunities to collect additional revenue when it did not assess monetary liquidated damages for importers that filed reconciliation entries late or not at all. This occurred because CBP’s controls were insufficient to ensure the ports properly assess liquidated damages for importers who file reconciliations late or not at all. CBP’s actions compromised the integrity of the Entry Reconciliation Program and, as such, may have put approximately $751 million of revenue, in the form of reconciliation refunds, at risk. We made four recommendations to improve the overall effectiveness of the program. CBP concurred with three of our four recommendations. >CBP's Entry Reconciliation Program Puts Revenue at Risk	09/30/2020	2020
OIG-20-15	The Federal Emergency Management Agency (FEMA) did not balance its Manufactured Housing Unit (MHU) program costs with disaster-related housing needs. In response to Hurricane Harvey in Texas, FEMA overestimated the number of MHUs it needed by nearly 2,600, which amounted to purchase, transportation, and storage costs of at least $152 million. The agency also overestimated the number of tank and pump systems (TPS) it needed to operate the fire sprinklers, by nearly 2,400, which amounted to purchase and transportation costs of approximately $29 million. Following Hurricane Harvey, FEMA focused on providing prompt assistance and did not emphasize financial accountability and recordkeeping. Had FEMA better managed and overseen the MHU program, it could have put an estimated $182 million to better use to assist survivors from Hurricane Harvey or other disasters. We made four recommendations that will help FEMA better manage its MHU program. FEMA concurred with the recommendations. >FEMA Purchased More Manufactured Housing Units Than It Needed in Texas After Hurricane Harvey	02/26/2020	2020
OIG-20-46	We contracted this audit with Cotton & Company LLP, which found FEMA did not ensure Collier County, Florida (the County) established and implemented policies, procedures, and practices to account for and expend Public Assistance (PA) program grant funds awarded in disaster areas in accordance with Federal regulations and FEMA guidance. Specifically, the County could not provide documentation to support $4,602 in force account costs claimed. Additionally, the subrecipient monitoring process needs improvement. The State has not evaluated the risk of subrecipients’ noncompliance with Federal requirements, obtained subrecipient audit reports, or developed plans for monitoring subrecipients. We made four recommendations that, when implemented, should improve Collier County, Florida’s management of FEMA PA funds. FEMA concurred with our four recommendations. >Early Warning Audit of FEMA Public Assistance Grants to Collier County, Florida	07/10/2020	2020
OIG-20-77	Evaluation of DHS' Information Security Program for Fiscal Year 2019	09/30/2020	2020
OIG-20-11	Weld County, Colorado did not always follow Federal procurement standards in awarding contracts for disaster work. As a result of our review, we identified and discussed with FEMA various areas where it should review and adjust for cost reasonableness the funding amounts that a project and program management contractor charged related to Weld County. FEMA agreed to review the costs for reasonableness, unless if FEMA disallowed all of the costs for procurement violations. We subsequently reviewed FEMA’s cost analysis documentation for Weld County project closeouts related to this disaster. We found that FEMA appropriately reduced final project amounts due to improper procurements and cost reasonableness concerns, including unreasonable contractor hourly rates. Consequently, made no recommendations. >Review of Weld County, Colorado FEMA Grant Award Disaster No. 4145-DR-CO, Applicant No. 123-99123-00	02/21/2020	2020
OIG-20-45	We found violations of U.S. Immigration and Customs Enforcement (ICE) detention standards undermining the protection of detainees’ rights and the provision of a safe and healthy environment. Although the conditions varied among the facilities and not every problem was present at each, our observations, interviews with detainees and staff, and review of documents revealed several common issues. At three facilities, we found segregation practices infringing on detainee rights. Detainees at all four facilities had difficulties resolving issues through the grievance and communication systems, including allegations of verbal abuse by staff. Two facilities had issues with classifying detainees according to their risk levels, which could affect safety. Lastly, we identified living conditions at three facilities that violate ICE standards. We recommended the Acting Director of ICE ensure the Enforcement and Removal Operations field offices overseeing the detention facilities covered in the report address identified issues and ensure facility compliance with relevant detention standards. We made one recommendation that will help ICE ensure compliance with detention standards. ICE concurred with the recommendation. >Capping Report: Observations of Unannounced Inspections of ICE Facilities in 2019	07/01/2020	2020
OIG-20-74	The Cybersecurity and Infrastructure Security Agency (CISA) increased the number of Automated Indicator Sharing (AIS) participants as well as the volume of cyber threat indicators it has shared since the program’s inception in 2016. However, CISA made limited progress in improving the overall quality of information it shares with AIS participants to effectively reduce cyber threats and protect against attacks. The lack of progress can be attributed to the limited number of AIS participants sharing cyber indicators with CISA, delays in receiving cyber threat intelligence standards, and insufficient staff. To be more effective, CISA should hire the staff it needs to provide outreach, guidance, and training. We made four recommendations to CISA to enhance the program’s overall effectiveness and cyber threat information sharing. CISA concurred with all four recommendations. >DHS Made Limited Progress to Improve Information Sharing under the Cybersecurity Act in Calendar Years 2017 and 2018	09/25/2020	2020
OIG-20-14-VR	We determined that the Colorado Department of Public Safety, Division of Homeland Security and Emergency Management’s technical assistance and monitoring of the City of Evans’ (City) procurement and project-related activities are effective and that FEMA’s corrective actions met the intent of our recommendation 2. We also determined that the City awarded contracts according to Federal regulations and FEMA guidelines. If Colorado’s technical assistance and monitoring continue, FEMA should have reasonable assurance the City will spend the remaining $7.17 million in grant funds for eligible disaster work according to Federal regulations. >Verification Review of the City of Evans, Colorado - OIG Audit Report (OIG-16-78-D)	02/24/2020	2020
OIG-20-43	DHS’ capability to counter illicit Unmanned Aircraft Systems (UAS) activity remains limited. The Office of Strategy, Policy, and Plans did not execute a uniform department-wide approach, which prevented components authorized to conduct counter-UAS operations from expanding their capabilities. This occurred because the Office of Policy did not obtain funding as directed by the Secretary to expand DHS’ counter-UAS capability. We made four recommendations to improve the Department’s management and implementation of counter-UAS activities. The Office of Strategy, Policy, and Plans concurred with all four of our recommendations. >DHS Has Limited Capabilities to Counter Illicit Unmanned Aircraft Systems	06/29/2020	2020
OIG-20-78	U.S. Customs and Border Protection (CBP) quickly deployed funding for consumables and medical services to address the needs of migrants in its custody along the southwest border, but did not adequately plan to ensure it used fiscal year 2019 funds effectively. Specifically, U.S. Border Patrol’s process did not adequately ensure taxpayer funds were used to purchase items required to meet migrants’ basic needs as Congress intended. Additionally, CBP relied on a single contracting officer’s representative, rather than onsite personnel, to oversee its medical contract because it did not include onsite monitoring when expanding the contract across multiple sectors. We made four recommendations to CBP to improve its consumables reimbursement process and medical contract oversight. CBP concurred with all four recommendations. >CBP Did Not Adequately Oversee FY 2019 Appropriated Humanitarian Funding	09/28/2020	2020
OIG-20-13	Through its Criminal Alien Program (CAP), U.S. Immigration and Customs Enforcement (ICE) can successfully identify aliens charged with or convicted of crimes. However, because ICE relies on cooperation from other law enforcement agencies, it sometimes faces challenges apprehending aliens in uncooperative jurisdictions. ICE’s inability to detain aliens identified through CAP contributes to increased risk those aliens will commit more crimes. Furthermore, having to arrest “at-large” aliens may put officer, detainee, and public safety at risk and strains ICE’s staffing resources. We made four recommendations to ICE focused on improving CAP. ICE concurred with all four recommendations and initiated corrective actions to address the findings. >U.S. Immigration and Customs Enforcement’s Criminal Alien Program Faces Challenges	02/18/2020	2020
OIG-20-41	The Federal Emergency Management Agency (FEMA) Missouri, and Joplin Schools did not properly manage and oversee this disaster award. Specifically, FEMA and Missouri did not provide proper grant management and oversight of Joplin’s subgrant activities. Joplin Schools disregarded Missouri’s authority as the grantee and did not always comply with Federal requirements and FEMA policies as required. This occurred because Joplin Schools heavily relied on the advice of its grant management contractor. As a result of the grant management and oversight issues, Joplin Schools did not follow Federal procurement standards when it awarded $187.3 million in non-exigent disaster-related contracts, including $609,676 in ineligible contractor direct administrative costs. We provided five recommendations to help improve FEMA and Missouri’s grant oversight and management process. We also included four recommendations for FEMA to disallow or not fund $187.3 million in ineligible contract costs. FEMA determined approximately $56 million, the net obligated amount, was eligible for reimbursement. FEMA concurred with all nine recommendations and completed actions to close recommendations 1 to 4 and 8. Recommendations 5 to 7 are resolved and open with a target completion date of June 1, 2020. Recommendation 9 is considered unresolved and open >Inadequate Management and Oversight Jeopardized $187.3 Million in FEMA Grant Funds Expended by Joplin Schools, Missouri	06/19/2020	2020
OIG-20-76	The Federal Emergency Management Agency (FEMA) mismanaged the distribution of commodities in response to Hurricanes Irma and Maria in Puerto Rico. FEMA lost visibility of about 38 percent of its commodity shipments to Puerto Rico, worth an estimated $257 million. Commodities successfully delivered to Puerto Rico took an average of 69 days to reach their final destinations. Inadequate FEMA contractor oversight contributed to the lost visibility and delayed commodity shipments. FEMA did not use its Global Positioning System transponders to track commodity shipments, allowed the contractor to break inventory seals, and did not ensure documented proof of commodity deliveries. Given lost visibility and delayed shipments, FEMA cannot ensure it provided commodities to Puerto Rico disaster victims as needed to sustain life and alleviate suffering as part of its response and recovery mission. In addition, FEMA’s mismanagement of transportation contracts included multiple contracting violations and policy contraventions that ultimately led to contract overruns of about $179 million and at least $50 million of questioned costs. We made five recommendations that, if implemented, should improve FEMA’s management and oversight of its disaster response activities. FEMA concurred with four of the five recommendations. Recommendations 1 through 4 are considered open and resolved. Recommendation 5 is considered resolved and closed >FEMA Mismanaged the Commodity Distribution Process in Response to Hurricanes Irma and Maria	09/25/2020	2020
OIG-20-12	Aransas County’s procurement policies and procedures are not adequate to meet minimum Federal procurement regulations or address key procurement elements despite guidance and contacts with the Texas Department of Public Safety, Texas Division of Emergency Management (Texas). We recommended the Regional Administrator, FEMA Region VI, require Texas to continue providing additional technical assistance and monitoring to the County, and provide to DHS OIG documentation supporting FEMA’s actions to that end. FEMA officials agreed with both recommendations. Prior to final issuance of this report, FEMA took action to resolve and close both recommendations. No further action is required. >Aransas County, Texas, Needs Continued Assistance and Monitoring to Ensure Proper Management of Its FEMA Grant	02/18/2020	2020
OIG-20-42	We surveyed U.S. Immigration and Customs Enforcement (ICE) detention facilities from April 8-20, 2020 regarding their experiences and challenges managing COVID-19 among detainees in their custody and among their staff. The facilities that responded to our survey described various actions they have taken to prevent and mitigate the pandemic’s spread among detainees. These actions include increased cleaning and disinfecting of common areas, and isolating new detainees, when possible, as a precautionary measure. However, facilities reported concerns with their inability to practice social distancing among detainees, and to isolate or quarantine individuals who may be infected with COVID-19. Regarding staffing, facilities reported decreases in current staff availability due to COVID-19, but have contingency plans in place to ensure continued operations. The facilities also expressed concerns with the availability of staff, as well as protective equipment for staff, if there were an outbreak of COVID-19 in the facility. Overall, almost all facilities stated they were prepared to address COVID-19, but expressed concerns if the pandemic continued to spread. At the time of our survey, 23 facilities reported having detainees who had tested positive for COVID-19; this number had risen to 48 facilities as of May 11, 2020. >Early Experiences with COVID-19 at ICE Detention Facilities	06/18/2020	2020
OIG-20-73	DHS has not fulfilled most of the 13 responsibilities of the Geospatial Data Act. To comply with one responsibility, DHS has a Geospatial Information Officer and a dedicated Geospatial Management Office whose duties include overseeing the Act’s implementation and to coordinate with other agencies. However, DHS has only partially met, or not met, the remaining 12 responsibilities in the Act. DHS’ lack of progress in complying with the responsibilities outlined in the Act can be attributed to multiple external and internal factors. External factors include the need for additional guidance from the Federal Geographic Data Committee and the Office of Management and Budget to properly interpret and implement certain responsibilities. Internal factors include competing priorities that diverted resources away from fulfilling the Act’s 13 responsibilities. We made three recommendations that focus on increasing the resources necessary to comply with DHS’ 13 responsibilities under the Act. The Department concurred with all three recommendations. >DHS Faces Challenges in Meeting the Responsibilities of the Geospatial Data Act of 2018	09/24/2020	2020
OIG-20-10	As required under the Grants Oversight and New Efficiency (GONE) Act of 2016, Public Law 114-117, we conducted a risk assessment of FEMA’s grant closeout process to determine whether a full audit is warranted in the future. We identified risks in three overarching areas: Unreliable Systems of Record, Lack of Integration in Grant Closeout Policies and Guidance, and Delays in Grant Closeout and Deobligation of Funds. As a result, we may conduct a full audit of FEMA’s grant closeout process at a future date. DHS and FEMA concurred with our risk assessment results. We made no recommendations to FEMA. >Risk Assessment of FEMA's Grant Closeout Process	02/04/2020	2020
OIG-20-39	KPMG found FEMA did not always ensure that the Virgin Islands Emergency Management Agency (VITEMA), and Virgin Islands Water and Power Authority (VIWAPA) established and implemented policies, procedures, and practices to account for and expend PA disaster grant funds in accordance with Federal regulations and FEMA guidance. Specifically: 1) VITEMA did not have policies and procedures to ensure the timely submission of management costs for reimbursement; 2) VIWAPA did not fully ensure contract costs were reasonable and allowable; and 3) Neither VITEMA nor VIWAPA had fully implemented FEMA’s Grants Manager and Grants Portal system. This occurred because FEMA did not consistently provide adequate oversight. Because of these deficiencies, there is increased risk the PA program may be mismanaged and funds may be used for unallowable activities. We made three recommendations that, when implemented, should improve FEMA’s, VITEMA’s, and VIWAPA’s management of FEMA PA funds. FEMA concurred with all three recommendations. >Capacity Audit of FEMA Grant Funds Awarded to the USVI Water and Power Authority	06/16/2020	2020
OIG-20-72	Oversight Review of the Office of the Chief Security Officer, Internal Security Division	09/21/2020	2020
OIG-20-08	We verified that Refugio County, Texas awarded contracts that complied with Federal procurement regulations and FEMA guidelines. We determined that the County initially did not have written procurement policies to comply with all Federal procurement regulations. Instead, for purchases and contracting, County officials said they followed Texas Local Government Code, Chapter 262. In response to our audit, the County adopted written procurement procedures to comply with Federal requirements. The report contains no recommendations. FEMA did not submit a formal response to our draft report, but informally replied that it did not identify any issues requiring further action by FEMA. >Refugio County, Texas, Has Implemented Adequate Procurement Policies, Procedures, and Business Practices to Manage Its FEMA Grant	12/16/2019	2020
OIG-20-40	Two years since enactment, DHS and its components have mostly complied with SAVE Act requirements. The SAVE Act requires the Office of the Chief Readiness Support Officer (OCRSO), as delegated by DHS, to collect and review components’ vehicle use data, including their analyses of the data and plans for achieving the right types and sizes of vehicles to meet mission needs. Most components developed their plans as required. However, only two of the 12 components we reviewed fully met requirements to analyze and document vehicle use and cost data to help them achieve the right type and size of fleet vehicles to meet their missions. This occurred because DHS did not require components to include data analyses in their OCRSO-reviewed submissions, as mandated by the SAVE Act. Had ORSCO thoroughly evaluated component submissions, it would have identified that components did not fully comply with SAVE Act requirements. DHS concurred with all four recommendations that, when implemented, should improve the Department’s oversight over its vehicle fleets. >DHS Has Made Progress in Meeting SAVE Act Requirements But Challenges Remain for Fleet Management	06/15/2020	2020
OIG-20-71	U.S. Customs and Border Protection (CBP) did not adequately safeguard sensitive data on an unencrypted device used during its facial recognition technology pilot (known as the Vehicle Face System). A subcontractor working on this effort, Perceptics, LLC, transferred copies of CBP’s biometric data, such as traveler images, to its own company network. The subcontractor obtained access to this data without CBP’s authorization or knowledge, and compromised approximately 184,000 traveler images from CBP’s facial recognition pilot. Later in 2019, the Department of Homeland Security experienced a major privacy incident, as the subcontractor’s network was subjected to a malicious cyber attack. While CBP and DHS took immediate action to mitigate the data breach, we attribute this incident to the subcontractor violating numerous DHS security and privacy protocols for safeguarding sensitive data. Consequently, this incident may damage the public’s trust in the Government’s ability to safeguard biometric data, and may result in travelers’ reluctance to permit DHS to capture and use their biometrics at U.S. ports of entry. We made three recommendations to aid CBP in addressing the vulnerabilities that caused the 2019 data breach, and to better mitigate future incidents through greater oversight of third-party partners. CBP concurred with all three recommendations. >Review of CBP's Major Cybersecurity Incident During a 2019 Biometric Pilot	09/21/2020	2020
OIG-20-09	DHS developed a strategy to apply 29 lessons learned from prior system updates to the current Financial Systems Modernization (FSM) TRIO program. Since DHS’ actions provides a positive outlook on the future progress of the FSM TRIO project we made no recommendations for improvement. The report’s limited objective and scope does not provide a complete assessment DHS’ efforts to incorporate lessons learned into their recently reinvigorated FSM efforts. >DHS Confirmed It Has Applied Lessons Learned in the Latest Financial System Modernization Effort	01/02/2020	2020
	Department of Homeland Security Section - Top Challenges Facing Federal Agencies: COVID-19 Emergency Relief and Response Efforts	06/17/2020	2020
OIG-20-63	As of October 2016, the Recovery School District in Louisiana (RSD) had received a $1.5 billion Public Assistance grant from Louisiana, a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Katrina. We examined $1.3 billion for a consolidated project as part of the total amount awarded. In some instances, RSD accounted for and expended portions of the $1.3 billion in Public Assistance grant funds we reviewed according to Federal regulations. However, FEMA improperly awarded $216.2 million to repair or replace more than 292 Orleans Parish school facilities in RSD. We made eight recommendations to FEMA to de-obligate $216.2 million of ineligible costs; follow Federal regulations and FEMA guidelines; and re-evaluate documented proof of assessments for the 35 identified projects and reclassify them, as appropriate, to repair-eligible, and de-obligate the cost difference. FEMA concurred with recommendations 2 through 7 but did not concur with recommendations 1 and 8. We consider recommendations 2 through 7 resolved and open; recommendations 1 and 8 are unresolved and open. >FEMA Should Recover $216.2 Million Awarded to the Recovery School District in Louisiana for Hurricane Katrina	09/15/2020	2020
OIG-20-07	Between 2011 and 2018, U.S. Customs and Border Protection (CBP) processed an average of $896 million in drawback claims annually; however, a lack of internal controls could affect the validity and accuracy of the drawback claims amount. This occurred, in part, because CBP did not address internal control deficiencies over drawback claims. The Department of Homeland Security Fiscal Year 2018 Independent Auditor’s Report on Financial Statements and Internal Control over Financial Reporting identified reoccurring CBP internal control deficiencies over drawback claims. CBP has outlined plans to correct these deficiencies by implementing an updated data processing system and revising legislative procedures. Without correcting these repeated control deficiencies, CBP cannot determine drawback claims’ validity and accuracy. These corrective actions are ongoing; therefore, we could not verify during our audit whether CBP remedied the identified internal control deficiencies. Our report contains no recommendations. >Lack of Internal Controls Could Affect the Validity of CBP’s Drawback Claims	12/16/2019	2020
OIG-20-38	During 2019, there was a surge in Southwest Border crossings between ports of entry, resulting in 851,508 Border Patrol apprehensions and contributing to what senior U.S. Customs and Border Protection (CBP) officials described as an “unprecedented border security and humanitarian crisis.” Our unannounced inspections revealed that, under these challenging circumstances, CBP struggled to meet detention standards. Specifically, several Border Patrol stations we visited exceeded their maximum capacity. Although Border Patrol established temporary holding facilities to alleviate overcrowding, it struggled to limit detention to the 72 hours generally permitted, as options for transferring detainees out of CBP custody to long-term facilities were limited. Also, even after deploying medical professionals to more efficiently provide access to medical care, overcrowding made it difficult for the Border Patrol to manage contagious illnesses. Finally, in some locations, Border Patrol did not meet certain standards for detainee care, such as offering children access to telephone calls and safeguarding detainee property. In contrast to Border Patrol, which could not control apprehensions, CBP’s ports of entry could limit detainee access, and generally met applicable detention standards. Supplementing a May 2019 Management Alert recommendation, we made two additional recommendations regarding access of unaccompanied alien children to telephones and proper handling of detainee property. CBP concurred with the recommendations. >Capping Report: CBP Struggled to Provide Adequate Detention Conditions During 2019 Migrant Surge	06/12/2020	2020
OIG-20-68	The Federal Emergency Management Agency (FEMA) is not adequately managing severe repetitive loss (SRL) properties covered by the National Flood Insurance Program (NFIP). FEMA has not established an effective program to reduce or eliminate damage to SRL properties and disruption to life caused by the repeated flooding. Primarily, FEMA does not have reliable, accurate information about SRL properties. Secondly, FEMA’s Flood Mitigation Assistance (FMA) program, which aims to mitigate flood damage for NFIP policyholders, provides neither equitable nor timely relief for SRL applicants. We made three recommendations to FEMA to ensure the accuracy of the SRL list, as well as equitable and timely distribution of mitigation funding, and promoting the use of National Flood Insurance Program (NFIP) Increased Cost of Compliance coverage. FEMA concurred with all three of the recommendations >FEMA Is Not Effectively Administering a Program to Reduce or Eliminate Damage to Severe Repetitive Loss Properties	09/08/2020	2020
OIG-20-06	DHS did not have the Information Technology (IT) system functionality needed to track separated migrant families during the execution of Zero Tolerance. U.S. Customs and Border Protection (CBP) adopted various ad hoc methods to record and track family separations, but this practice introduced widespread errors. These conditions persisted because CBP did not address known IT deficiencies before the Zero Tolerance Policy was implemented in May 2018. DHS also did not provide adequate guidance to personnel responsible for executing the policy. Because of the IT deficiencies, we could not confirm the total number of families DHS separated during the Zero Tolerance period. DHS estimated Border Patrol agents separated 3,014 children from their families while the policy was in place. DHS also estimated it completed 2,155 reunifications, although this effort continued on for seven months beyond the July 2018 deadline for reunifying children with their parents. However, we conducted a review of DHS data during the Zero Tolerance period and identified 136 children with potential family relationships that were not accurately recorded by CBP. In a broader analysis of DHS data between the dates of October 1, 2017 to February 14, 2019, we identified an additional 1,233 children with potential family relationships not accurately recorded by CBP. Without a reliable accounting of all family relationships, we could not validate the total number of separations, or the completion of reunifications. Although DHS spent thousands of hours and more than $1 million in overtime costs, it did not achieve the original goal of deterring “Catch-and-Release” through the Zero Tolerance Policy. Moreover, the surge in apprehended families during this time period resulted in children being held in CBP facilities beyond the 72-hour legal limit. The Department concurred with all five report recommendations. >DHS Lacked Technology Needed to Successfully Account for Separated Migrant Families	11/27/2019	2020
OIG-20-37	The Cybersecurity and Infrastructure Security Agency (CISA) does not effectively coordinate and share best practices to enhance security across the commercial facilities sector. Specifically, CISA does not coordinate within DHS on security assessments to prevent potential overlap, does not always ensure completion of required After Action Reports to share best practices with the commercial facilities sector, and does not adequately inform all commercial facility owners and operators of available DHS resources. This occurred because CISA does not have comprehensive policies and procedures to support its role as the commercial facilities’ Sector-Specific Agency (SSA). Without such policies and procedures, CISA cannot effectively fulfill its SSA responsibilities and limits its ability to measure the Department’s progress toward accomplishing its sector-specific objectives. CISA may also be missing opportunities to help commercial facility owners and operators identify threats and mitigate risks, leaving the commercial facilities sector vulnerable to terrorist attacks and physical threats that may cause serious damage and loss of life. We made three recommendations to improve CISA’s coordination and outreach to safeguard the commercial facilities sector. CISA concurred with all three recommendations. >DHS Can Enhance Efforts to Protect Commercial Facilities from Terrorism and Physical Threats	06/11/2020	2020
OIG-20-69	We surveyed staff at Border Patrol stations and OFO ports of entry from April 22, 2020 to May 1, 2020. The 136 Border Patrol stations and 307 OFO ports of entry that responded to our survey described various actions they have taken to prevent and mitigate the pandemic’s spread among travelers, detained individuals, and staff. These actions include increased cleaning and disinfecting of common areas, and having personal protective equipment for staff, as well as supplies available to those individuals with whom they come into contact. However, facilities reported concerns with their inability to practice social distancing and the risk of exposure to COVID-19 due to the close-contact nature of their work. Regarding staffing, facilities reported decreases in current staff availability due to COVID-19, but have contingency plans in place to ensure continued operations. The facilities expressed concerns regarding staff availability, however, if there were an outbreak of COVID-19 at the facility. Overall, the majority of respondents reported that their facilities were prepared to address COVID-19. >Early Experiences with COVID-19 at Border Patrol Stations and OFO Ports of Entry	09/04/2020	2020
OIG-20-04	Except for identified questioned costs, reported DHS Purchase and Travel Card transactions for FY 2017 were appropriate and complied with relevant laws and regulations. The auditor, CohnReznick LLP, identified 17 control deficiencies within DHS Purchase and Travel Card Programs related to maintenance of purchase documentation, application of required procurement policies, price reasonableness determinations, price quotes/competitive bids, required sourcing, tax exemptions, and split purchases. The DHS Travel Card Program deficiencies related to maintenance of travel documentation, allowability of transactions per regulations, credit balance refunds, the prudent traveler standard, and improper use of a travel card. The auditor identified $43,508 in questioned costs for FY 2017 and made 12 recommendations. When implemented, these recommendations should ensure that Purchase and Travel Card transactions are appropriate and comply with relevant laws and regulations. The Office of the Chief Financial Officer concurred with six recommendations and non-concurred with six recommendations. >Audit of DHS Fiscal Year 2017 Purchase and Travel Card Programs	11/22/2019	2020
OIG-20-36	We identified 16 allegations of race-based harassment involving cadets between 2013 and 2018 that the Coast Guard Academy (the Academy) was aware of and had sufficient information to investigate and address through internal hate and harassment procedures. The OIG identified issues in how the Academy addressed 11 of them. First, in six incidents, the Academy did not thoroughly investigate the allegations, and/or did not discipline cadets when investigations documented violations of cadet regulations or Coast Guard policy. In two of these instances, cadets committed similar misconduct again. The Academy also did not fully include civil rights staff as required in six instances (including two of the instances noted previously). Therefore, civil rights staff could not properly track these incidents to proactively identify trends and offer the Academy assistance. In addition, in one incident involving a potential hate allegation, the Academy did not follow the Coast Guard process for hate incidents. Finally, our review determined that race-based harassment is underreported at the Academy for various reasons, including concerns about negative consequences for reporting allegations. Underreporting is especially concerning because our questionnaire results and interviews indicate harassing behaviors continue at the Academy. We made five recommendations that will enhance the Academy’s ability to address harassment and hate allegations, including ensuring the Academy consistently investigates allegations, requiring the reasons for disciplinary decisions be documented after race- or ethnicity-based harassment investigations, informing civil rights staff of all misconduct that could reasonably relate to race or ethnicity; and improving training related to preventing and addressing race-based or ethnicity-based harassment or hate incidents. The Coast Guard concurred with all recommendations >The U.S. Coast Guard Academy Must Take Additional Steps to Better Address Allegations of Race-Based Harassment and Prevent Such Harassment on Campus	06/03/2020	2020
OIG-20-70	Management Alert - CBP Needs to Award A Medical Services Contract Quickly to Ensure No Gap in Services	09/03/2020	2020
OIG-20-05	From fiscal years 2015 through 2018, in the midst of a growing opioid epidemic, U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement, Transportation Security Administration, and U.S. Secret Service appropriately disciplined employees whose drug test results indicated illegal opioid use, based on their employee standards of conduct and tables of offenses and penalties. Additionally, during the same time period, components have either implemented or are taking steps to evaluate whether employees using prescription opioids can effectively conduct their duties. For example, components have established policies prohibiting the use of prescription opioids that may impact an employee’s ability to work, in addition to requiring employees to report such prescription opioid use. They have also implemented or are in the process of implementing measures to evaluate the fitness for duty of employees using prescription opioids. These policies establish consistent standards components can use to ensure they are allowing employees to use legally-prescribed opioids, while also ensuring their workforce is capable of effectively performing their duties. We made two recommendations to improve components’ oversight of illegal and prescription opioid use by employees. CBP and Secret Service concurred with the recommendations, which are both resolved and open. >CBP, ICE, TSA, and Secret Service Have Taken Steps to Address Illegal and Prescription Opioid Use	11/22/2019	2020
OIG-20-35	U.S. Customs and Border Protection (CBP) Office of Field operations (OFO) personnel at ports of entry had separated 60 asylum-seeking families between May 6 and July 9, 2018, despite CBP’s claim that it had separated only 7 such families. More than half of those separations were based solely on the asylum-seeking parents’ prior non-violent immigration violations, which appeared to be inconsistent with official DHS public messaging. After a June 27, 2018 court ruling, CBP issued specific guidance, and the ports separated fewer families in the prior months. Despite the new guidance, we continue to have concerns about DHS’ ability to accurately identify and address all family separations due to data reliability issues. In late June 2018, CBP modified its system for tracking aliens at the ports of entry to capture family separation data consistently, but it could not provide a reliable number of families separated before June 2018. We made one recommendation that will help CBP’s data collection. CBP concurred with our recommendation. >CBP Separated More Asylum-Seeking Families at Ports of Entry Than Reported and For Reasons Other Than Those Outlined in Public Statements	05/29/2020	2020
OIG-20-67	During our unannounced inspections of five U.S. Customs and Border Protection (CBP) facilities in the Laredo and San Antonio areas of Texas in February 2020, three Border Patrol stations and two Office of Field Operation ports of entry we visited appeared to be operating in compliance with the Transport, Escort, Detention, and Search (TEDS) standards we evaluated. We verified accessibility to water, food, toilets, sinks, basic hygiene supplies, and bedding. We observed clean facilities and verified that temperatures and ventilation in holding rooms were appropriate. Of the five facilities we visited, only one could provide on-site showers to detainees, but during our visits, no detainees were approaching the detention time threshold where a shower would be required. Because Border Patrol leadership directed all Border Patrol stations to implement Phase 2 of the enhanced medical screening ahead of the prescribed schedule outlined in CBP Directive 2100-004, the Border Patrol stations we visited were conducting alien intake health assessments using CBP Form 2500. These Ports of Entry had implemented Phase 1, but were not yet required to conduct Phase 2 assessments at the time of our inspection. We did not make any recommendations in this report. >Five Laredo and San Antonio Area CBP Facilities Generally Complied with the National Standards on Transport, Escort, Detention, and Search	09/01/2020	2020
OIG-20-03	KPMG LLP (KPMG), under contract with DHS OIG, conducted an integrated audit of DHS’ FY 2019 consolidated financial statements and internal control over financial reporting. KPMG issued an unmodified (clean) opinion over the Department’s financial statements, reporting that they present fairly, in all material respects, DHS’ financial position as of September 30, 2019. However, KPMG identified material weaknesses in internal control in two areas and other significant deficiencies in three areas. Consequently, KPMG issued an adverse opinion on DHS’ internal control over financial reporting. KPMG also reported two instances of noncompliance with laws and regulations. DHS concurred with all of the recommendations. >Independent Auditors' Report on DHS' FY 2019 Financial Statements and Internal Control over Financial Reporting	11/18/2019	2020
OIG-20-32	FEMA is not effectively designating Surge Capacity Force (SCF) volunteers and managing the SCF program during disaster operations. In 2017, FEMA was not prepared to deploy SCF Tier 4 volunteers rapidly and efficiently because FEMA had neither a clear commitment from agencies outside DHS to participate in SCF, nor a roster of volunteers capable of rapidly deploying. FEMA did not adequately measure SCF performance because it did not have mechanisms to collect data and feedback to gauge program success. FEMA did not effectively manage the SCF financial program because it relied heavily on the financial controls of volunteers’ home agencies without guarding against breakdowns in those controls. Finally, FEMA did not close mission assignments promptly because it did not make closing them a priority in what officials described as a series of “overwhelming” catastrophes. We made four recommendations for FEMA to improve designation of SCF volunteers and management of the SCF program. FEMA concurred with three of our four recommendations. >FEMA Needs to Effectively Designate Volunteers and Manage the Surge Capacity Force	05/11/2020	2020
OIG-20-47	Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems for Fiscal Year 2019	07/15/2020	2020
OIG-20-02	Based on our recent and prior audits, inspections, special reviews, and investigations, we consider the most serious management and performance challenges currently facing DHS to be: (1) Managing Programs and Operations Effectively and Efficiently during times of Changes in Leadership, Vacancies, Hiring Difficulties; (2) Coordinating Efforts to Address the Sharp Increase in Migrants Seeking to Enter the United States through our Southern Border; (3) Ensuring Cybersecurity in an Age When Confidentiality, Integrity, and the Availability of Information Technology Are Essential to Mission Operations; (4) Ensuring Proper Financial Planning, Payments, and Internal Controls; and (5) Improving FEMA’s Disaster Response and Recovery Efforts. Addressing and overcoming these challenges requires firm leadership; targeted resources; and a commitment to mastering management fundamentals, data collection and dissemination, cost-benefit/risk analysis, and performance measurement. >Major Management and Performance Challenges Facing the DHS	11/18/2019	2020
OIG-20-34	U.S. Customs and Border Protection (CBP) identified and targeted high-risk cargo shipments, CBP did not always prevent air carriers from transporting high-risk air cargo from foreign airports into the United States. This occurred because neither CBP nor TSA developed adequate policies and procedures to ensure air carriers resolved referrals timely or appropriately. We made four recommendations to CBP and TSA to mitigate a number of vulnerabilities in the Air Cargo Advance Screening Program. CBP and TSA concurred with all four recommendations. >CBP's ACAS Program Did Not Always Prevent Air Carriers from Transporting High-Risk Cargo into the United States	05/11/2020	2020
OIG-20-64	We determined CBP’s use of tear gas on these dates, in response to physical threats, appeared to be within CBP’s use of force policy. However, U.S. Border Patrol obtained an acoustic device and used it in an “alert tone” mode on November 25, 2018, which did not conform to CBP’s Use of Force policy because Border Patrol did not get advance authorization to have a device with this capability. CBP’s Use of Force policy would have permitted use of the alert tone in a manner reasonable and necessary for self-defense or the defense of another person in threatening, emergent situations. However, the policy does not authorize the carrying of any weapon for duty use that is not authorized, included on the Authorized Equipment List, or specifically approved by the LESC director. Using the acoustic device in alert mode may increase the risk of temporary or permanent hearing loss to those exposed to the sound and thereby increase the Government’s liability. CBP’s own internal investigation of the November 25, 2018 incident regarding the acoustic device was incomplete and inaccurate and did not provide all the information CBP needed to determine whether the CBP officer and Border Patrol agents involved had complied with the use of force policy. In addition, not all Border Patrol agents had the required training and certification to carry less-lethal devices. This occurred because Border Patrol lacked internal controls to ensure agents had fulfilled these requirements. Border Patrol agents using less-lethal devices for which they are not certified could result in unintended serious injury or death, increasing the Government’s liability. We made four recommendations to CBP to ensure compliance with its Use of Force policy and improve its investigative process. CBP concurred with all four recommendations. >U.S. Customs and Border Protection Compliance with Use of Force Policy for Incidents on November 25, 2018 and January 1, 2019 - Law Enforcement Sensitive	08/24/2020	2020
OIG-20-01	At the time of our onsite work in July 2017, Box Elder County had not awarded any contracts under this grant. Therefore, we could not determine whether the County had complied with Federal procurement regulations. However, in reviewing Box Elder County’s written procurement policies and procedures we noted the County did not include procedures to ensure opportunities for small and minority businesses, women’s business enterprises, and labor surplus area firms to bid for federally funded work. In addition, Box Elder County’s procurement policies did not require federally mandated provisions be incorporated in all contracts funded by Federal grants. In response to our review, Box Elder County revised its procurement policies and procedures to include these Federal procurement requirements. Consequently, we made no recommendations. >Review of Box Elder County, Utah's Procurement Policies and Procedures for Disaster No. 4311-DR-UT, Grant No. 003-99003-00	11/08/2019	2020
OIG-20-33	The Transportation Security Administration (TSA) does not monitor the Advanced Imaging Technology (AIT) to ensure it continues to fulfill needed capabilities. Although the AIT met the requirement for system availability, TSA did not monitor the AIT’s probability of detection rate and throughput rate requirements set forth in TSA’s operational requirements document. These issues occurred because TSA has not established comprehensive guidance to monitor performance of the AIT system. Without continuous monitoring and oversight, TSA cannot ensure the AIT is meeting critical system performance requirements—a consistent weakness found in prior DHS OIG reports. We made two recommendations designed to improve TSA’s monitoring of the AIT system. TSA concurred with our recommendations. >TSA Needs to Improve Monitoring of the Deployed Advanced Imaging Technology System	05/08/2020	2020

Return to top of page