Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Fiscal Year
OIG-17-12 KPMG LLP (KPMG), under contract with DHS OIG, conducted an integrated audit of DHS’ FY 2016consolidated financial statements and internal control over financial reporting. KPMG expressed an unmodified (clean) opinion on the Department’s FY 2016 financial statements. However, KPMG identified six significant deficiencies in internal control; three of which are considered material weaknesses. Consequently, KPMG issued an adverse opinion on DHS’ internal control over financial reporting. KPMG also reported instances in which DHS did not comply with four laws and regulations. The Department concurred with all of the recommendations in the report.

>Independent Auditors' Report on DHS' FY 2016 Financial Statements and Internal Control over Financial Reporting 		2017
OIG-17-11 We determined that over the previous 3 years, USCIS produced at least 19,000 cards that included incorrect information or were issued in duplicate.  Most card issuance errors were due to design and functionality problems in the Electronic Immigration System (ELIS), which is being implemented to automate benefits processing.  Although USCIS conducted a number of efforts to recover the inappropriately issued cards, these efforts also were not fully successful and lacked consistency and a sense of urgency. We recommended that USCIS improve ELIS functionality and develop internal controls to avoid inappropriate Green Card issuance, standardize card recovery and tracking efforts, prevent unrecoverable card use, and enable remote identity verification and more secure card delivery methods. We made seven recommendations.

>Better Safeguards Are Needed in USCIS Green Card Issuance 		2017
OIG-17-13-D We determined that of the 55 grant audit reports we issued in fiscal year 2015, 43 reports contained 154 recommendations resulting in potential monetary benefits of $1.734 billion. This amount included $457.46 million in questioned costs that we recommended FEMA disallow as ineligible or unsupported and $1.28 billion in cost avoidance, unused obligated funding, and unused funds at risk that we recommended FEMA put to better use. The eight program audits did not relate to specific grants. In three program audits, we deployed staff to major disasters to assess FEMA’s initial response to disasters. Another program audit related to technical assistance we provided during a disaster deployment. The remaining four program audits covered other FEMA programs or operations, contained six recommendations for improving FEMA programs or operations, and identified $1.6 million in potential monetary benefits.

>Summary and Key Findings of Fiscal Year 2015 FEMA Disaster Grant and Program Audits 		2017
OIG-17-15 We determined that in most instances, Texas distributed and spent the awards in compliance with applicable laws and regulations; however, the State lacked adequate controls over more than $1 million in grant funds we reviewed.  This occurred because the Federal Emergency Management Agency and the State did not ensure adequate management and oversight of Homeland Security Grant Program funds.  We made three recommendations, which when implemented, should enhance Texas’ effectiveness in the overall use of the grant funds to improve preparedness and response capabilities.  Better management and oversight should also reduce the risk associated with the State’s management of grant funds.  FEMA concurred with all three recommendations.

>Texas Management of Homeland Security Grant Program Awards for Fiscal Years 2012-14 		2017
OIG-17-14 We determined that the Transportation Security Administration (TSA) resolved most of our recommendations from previous airport reports.  However, there are several open security control recommendations related to TSA’s Security Technology Integrated Program and one open and unresolved recommendation concerning closed-circuit TVs at John F. Kennedy International Airport.  We recommended that TSA prepare business impact analyses that comply with best practices and also establish a plan to conduct recurring reviews of the operational, technical, and management controls for securing TSA information technology systems at U.S. airports nationwide. TSA concurred with both recommendations.

>Summary Report on Audits of Security Controls for TSA Information Technology Systems at Airports (Redacted) 		2017
OIG-17-17-D We determined that the Omaha Public Power District (OPPD) generally accounted for disaster costs on a project-by-project basis and adequately supported costs it claimed.  However, OPPD overstated the fringe benefit rate it applied to its labor costs on three large projects. We recommended that FEMA disallow $67,570 in ineligible costs and instruct Nebraska to ensure that OPPD calculates and applies its fringe benefit rate according to Federal cost principles and FEMA guidelines for all future disasters.  FEMA concurred with all three of our recommendations.

>Omaha Public Power District in Nebraska Generally Accounted for and Expended FEMA Grant Funds Properly 		2017
OIG-17-16-VR We determined that the Colorado State Division of Homeland Security and Emergency Services’ additional technical assistance and continuous monitoring of Larimer County’s procurement and project-related activities are effective.  We also verified that the County can document and account for its disaster-related costs on a project-by-project basis and that its policies and procedures are adequate to account for FEMA grant funds according to Federal regulations and FEMA guidelines. Because the verification review did not identify any issues requiring further actions from FEMA, the report contains no recommendations and we consider this verification review closed.

>Verification Review of Larimer County, Colorado, OIG Audit Report (OIG-15-34-D) 		2017
OIG-17-06-D For the projects we reviewed, we identified $1,771,894 (Federal share $1,328,921) of costs that FEMA should disallow.  We recommended that Regional Administrator, FEMA Region IV, disallow $1,771,894 of ineligible costs and direct the Florida Division of Emergency Management to monitor the County’s performance for compliance with Federal grant requirements on open projects.

>FEMA Should Recover $1.8 Million of $5.5 Million in Public Assistance Grant Funds Awarded to Columbia County, Florida, for Tropical Storm Debby Damages 		2017
OIG-17-18-D We determined the Town did not always account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines.  Therefore, FEMA should disallow $2.0 million of $3.59 million in grant funds awarded to the Town.  We made four recommendations to the Regional Administrator, FEMA Region I, to disallow ineligible or unsupported costs and improve the State’s grant management activities.

>FEMA Should Disallow $2.0 Million of $3.59 Million Awarded to Stratford, Connecticut 		2017
OIG-17-19-D We determined that the Cooperative has an effective accounting system in place to ensure it accounts for disaster-related costs on a project-by-project basis and can properly support those expenditures.  As of June 2016, Cooperative officials had completed all disaster repairs using their own resources and contractors.  However, Cooperative officials said they do not intend to claim $4.1 million in contracting costs because they believe their contracting methodology did not fully comply with Federal requirements when hiring disaster contractors.  Therefore, we did not assess the Cooperative’s procurement policies and procedures, nor review its contract costs.  Because the audit did not identify any issues requiring further action from FEMA, we consider this audit closed. 

>Western Farmers Electric Cooperative, Oklahoma, Has Adequate Policies, Procedures, and Business Practices to Manage its FEMA Grant 		2017
OIG-17-20-D We determined that the Authority did not account for FEMA funds on a project-by-project basis as Federal regulations and FEMA guidelines require.  We also identified $577,959 (Federal share $433,469) of project costs that FEMA should disallow.  We recommended that the Regional Administrator, FEMA Region II disallow the $577,959 of questioned costs.

>FEMA Should Disallow $577,959 of $2.9 Million Awarded to Puerto Rico Aqueduct and Sewer Authority for Hurricane Irene Damages 		2017
OIG-17-21-D We determined that for the projects we reviewed, the City effectively accounted for and expended FEMA Public Assistance grant funds according to Federal regulations and FEMA guidelines.  City officials accounted for disaster expenditures on a project-by-project basis, procured contracts for disaster work appropriately, and maintained adequate documentation to support the costs.  We made no recommendations.

>Perth Amboy, New Jersey, Effectively Managed FEMA Grant Funds Awarded for Hurricane Sandy Damages 		2017
OIG-17-22 We determined that DHS has not done enough to minimize the risk of improper use of force by law enforcement officers.  Specifically, the Department does not:  (1) have an office responsible for managing and overseeing component use of force activities; (2) ensure the collection and validation of component data needed to assess use of force activities, minimize risks, and take corrective actions; (3) ensure use of force policies have been updated to reflect current operations and lessons learned; or (4) establish consistent requirements for less-lethal recurrent training and ensure training was completed as required.  Additionally, each component varies on their use of force activities.  Without improvements in the management and oversight of use of force activities, the Department may increase its risk of improper use of force by law enforcement officers.  DHS concurred with our two recommendations, which, if implemented, will help the Department actively oversee and assist with component use of force activities, update policies, and improve training.

>DHS Lacks Oversight of Component Use of Force (Redacted) 		2017
OIG-17-24 Despite the progress made, Components were not consistently following DHS’ policies and procedures to maintain current or complete information on remediating security weaknesses timely. Components operated 79 unclassified systems with expired authorities to operate.  Further, Components had not consolidated all internet traffic behind the Department’s trusted internet connections and continued to use unsupported operating systems that may expose DHS data to unnecessary risks.  Our review identified deficiencies related to configuration management and continuous monitoring. We made four recommendations to the Chief Information Security Officer.  The Department concurred with all four recommendations.

>Evaluation of DHS' Information Security Program for Fiscal Year 2016 		2017
OIG-17-23-VR We determined that all corrective actions have been implemented for recommendations 1, 3 and 4, which were designed to increase the effectiveness of SAVE verification.  In response to OIG recommendation 2, U.S. Citizenship and Immigration Services (USCIS) built and implemented an interface with the Department of Justice’s Immigration Review Information Exchange System in August 2016 to obtain up-to-date information on the status of deportable aliens. While the interface is operational, USCIS and the Department of Justice’s Executive Office of Immigration Review (EOIR) still need to approve an Interface Control Agreement between the two systems before we can close the recommendation.

>Verification Review of USCIS' Progress in Implementing OIG Recommendations for SAVE to Accurately Determine Immigration Status of Individuals Ordered Deported 		2017
OIG-17-26-MA We recommend that USCIS halt plans to revert to using the Electronic Immigration System (ELIS) to process immigrant naturalization applications until it successfully addresses identified system deficiencies.  We made two recommendations to this Management Alert.

>Management Alert - U.S. Citizenship and Immigration Services' Use of the Electronic Immigration System for Naturalization Benefits Processing (OIG-17-26-MA) 		2017
OIG-17-27-MA We determined that the Contract Officer and Project Officer performed their duties according to Federal statutes, program guidance, and the IDIQ contract. In addition, there does not appear to be any internal control issues related to the segregation of duties related to contract purchases and receipt of goods.  We made no recommendations and FEMA concurred with our determination.

>Management Advisory Report: Review of FEMA Region IV Strategic Source IDIQ Contract for Office Supplies (OIG-17-27-MA) 		2017
OIG-17-25-D We determined that the Authority did not comply with Federal regulations in its award and administration of three contracts totaling $31.7 million. As a result, FEMA has no assurance that these costs were reasonable or that the Authority selected the most qualified contractors. Specifically, the Authority did not: perform cost/price analyses of bid proposals to ensure fair and reasonable costs; follow its own procurement policy and Federal regulations when evaluating and selecting its contractors; include all mandatory Federal provisions in contracts to document rights and responsibilities of the parties; maintain records sufficient to detail the significant history of its procurements; maintain an adequate contract administration system that included careful review of invoices; or include a ceiling price in time-and-material contracts that contractors exceed at their own risk. Therefore, we recommended that FEMA should ineligible contract costs, review costs associated with the Authority’s other large projects and disallow any costs that are ineligible; review the process the Authority used to procure its engineering contract; and direct the California Governor’s Office of Emergency Services, to provide increased guidance to the Authority and more closely monitor its performance to ensure the Authority complies with mandatory Federal regulations and FEMA guidelines.

>The Victor Valley Wastewater Reclamation Authority in Victorville, California, Did Not Properly Manage $32 Million in FEMA Grant Funds 		2017
OIG-17-30 ICE’s management prepared the Table of FY 2016 Drug Control Obligations and related disclosures to comply with the requirements of ONDCP’s Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013.  Based on its review, nothing came to KPMG’s attention that caused it to believe that the FY 2016 Detailed Accounting Submission is not presented in conformity with the criteria in ONDCP’s Circular.  KPMG did not make any recommendations as a result of its review.

>Review of U.S. Immigration and Customs Enforcement's Fiscal Year 2016 Detailed Accounting Submission 		2017
OIG-17-32 U.S. Coast Guard management prepared the Table of FY 2016 Drug Control Obligations and related disclosures to comply with the requirements of ONDCP’s Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013.  Based on its review, nothing came to KPMG’s attention that caused it to believe that the Coast Guard’s FY 2016 Detailed Accounting Submission is not presented in conformity with the criteria in ONDCP’s Circular.  KPMG did not make any recommendations as a result of its review. 

>Review of U.S. Coast Guard's Fiscal Year 2016 Detailed Accounting Submission 		2017
OIG-17-29 CBP’s management prepared the Table of FY 2016 Drug Control Obligations and related disclosures in accordance with the requirements of ONDCP’s Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013.  CBP’s management was unable to provide supporting documentation for the underlying assumptions used to calculate Drug Resources by Budget Decision Unit and Drug Control Function in the Table of FY 2016 Drug Control Obligations.  As a result, KPMG was unable to complete its review procedures over those assumptions.  Except as noted above, nothing came to KPMG’s attention that caused it to believe that CBP’s FY 2016 Detailed Accounting Submission is not presented in conformity with the criteria in the ONDCP Circular.

>Review of U.S. Customs and Border Protection's Fiscal Year 2016 Detailed Accounting Submission 		2017
OIG-17-34-D We determined that the Columbia County Roads Department (Department) does not have written procurement policies and procedures that fully conform to Federal procurement standards; is not accounting for direct administrative costs properly; and cannot yet initiate large permanent work projects more than 9 months after the disaster.  These findings occurred because Department officials were not familiar with applicable Federal regulations and FEMA guidelines adequately.  In addition, the Oregon Office of Emergency Management (Oregon) is responsible for ensuring that its subrecipient,the Department, is aware of and complies with these requirements, as well as for providing technical assistance and monitoring grant activities.  Because of our audit, the Department is revising its policies and procedures to comply with Federal requirements.  However, the Department needs additional, ongoing assistance from Oregon and FEMA to ensure that it properly manages the $2 million FEMA grant it expects to receive.  Therefore, we recommended that FEMA disallow contract costs that do not comply with applicable Federal procurement standards, unless FEMA grants an exception to the administrative requirements as 2 CFR 200.102 allows and determines the costs are reasonable.  The OIG made three other recommendations to FEMA related to directing Oregon, as its grant recipient, to provide increased monitoring and technical assistance to the Department, to ensure the Department follows Federal regulations and FEMA guidelines and avoids misspending its $2 million grant award.

>Columbia County Roads Department, Oregon, Needs Continued State and FEMA Assistance in Managing Its FEMA Grant 		2017
OIG-17-31 ICE’s management prepared the Performance Summary Report and the related disclosures to comply with the requirements of ONDCP’s Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013.  Based on its review, nothing came to KPMG’s attention that caused it to believe that ICE’s FY 2016 Performance Summary Report is not presented in conformity with the criteria in ONDCP’s Circular.  KPMG did not make any recommendations as a result of its review. 

>Review of U.S. Immigration and Customs Enforcement's Fiscal Year 2016 Drug Control Performance Summary Report 		2017
OIG-17-33 U.S. Coast Guard management prepared the Performance Summary Report and the related disclosures in accordance with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular).  Based on its review, nothing came to KPMG’s attention that caused it to believe that the Coast Guard’s FY 2016 Performance Summary Report is not presented, in conformity with the criteria in ONDCP’s Circular.  KPMG did not make any recommendations as a result of its review.

>Review of U.S. Coast Guard's Fiscal Year 2016 Review of U.S. Coast Guard's Fiscal Year 2016 Drug Control Performance Summary Report 		2017
OIG-17-36 KPMG, LLC expressed an unmodified (clean) opinion on CBP’s FY 2016 consolidated financial statements.  However, KPMG identified five significant deficiencies in internal control, three of which KPMG considers material weaknesses in the areas of information technology controls and financial systems functionality; financial reporting; and refunds and drawbacks of duties, taxes, and fees. The two other significant deficiencies in internal control are related to entity-level controls and custodial revenue - entry process.  KPMG made 18 recommendations to improve these areas.

>Independent Auditors' Report on U.S. Customs and Border Protection's Fiscal Year 2016 Consolidated Financial Statements 		2017
OIG-17-35-D We determined the County has established policies, procedures, and business practices to properly account for and expend FEMA Public Assistance grant funds.  Therefore, if the County adheres to those policies, procedures, and business practices, FEMA has reasonable assurance that the County will properly manage the estimated $55.4 million in FEMA project funding awarded for replacement of the facility.

>Escambia County, Florida, Has Adequate Policies, Procedures, and Business Practices to Effectively Manage FEMA Grant Funds Awarded to Replace Its Central Booking and Detention Center 		2017
OIG-17-28 CBP’s management prepared the Performance Summary Report and the related disclosures in accordance with the requirements of the Office of National Drug Control Policy’s (ONDCP) Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013.  Based on its review, nothing came to KPMG’s attention that caused it to believe that CBP’s FY 2016 Performance Summary Report is not presented in conformity with the criteria in ONDCP’s Circular.  KPMG did not make any recommendations as a result of its review.

>Review of U.S. Customs and Border Protection's Fiscal Year 2016 Drug Control Performance Summary Report 		2017
OIG-17-37-D FROM: John E. McCoy II

Assistant Inspector General for Audits

SUBJECT: Office of Inspector General Emergency Management Oversight Team Deployment Audits

Audit Report Numbers OIG-13-84, OIG-13-117, OIG-13-124, OIG-14-50-D, OIG-14-111-D, OIG-15-92-D, OIG-15-102-D, OIG-15-105-D, OIG-16-53-D, OIG-16-85-D, OIG-16-106-D, OIG-17-37-D

After completing an internal review of our audits related to multiple Emergency Management Oversight Team (EMOT) projects, we have decided to permanently remove the subject reports from our public website.

Our internal review found the subject reports may not have adequately answered objectives and, in some cases, may have lacked sufficient and appropriate evidence to support conclusions. Answering objectives with sufficient and appropriate evidence is required under Government Auditing Standards or Quality Standards for Inspection and Evaluation. In an abundance of caution, we believe it best to recall the reports and not re-issue them.

Going forward, our EMOTs will deploy during the response phase of a disaster to identify and alert the Federal Emergency Management Agency (FEMA) and its stakeholders of potential issues or risks if they do not follow FEMA and other Federal requirements. The EMOT’s reviews will not be conducted under Government Auditing Standards. The teams will continue to observe and identify potential risk areas that will be addressed by future traditional audits, if necessary.

A complete list of the projects removed from our website is attached. You should not place any reliance on these reports.

Please contact me at (202) 254-4100 if you have any questions.

>FEMA's Initial Response to Severe Storms and Flooding in West Virginia DR-4273 		2017
OIG-17-38-D We determined that FEMA has not identified and recovered Federal funds that New York City spent, more than three years ago, on repairs to commercial residential properties.  These repairs included short-term measures such as temporary boilers and power generators.  FEMA recognizes that commercial landlords may have received an incidental benefit from the Federal assistance provided to New York City and used it for repairs to multifamily dwellings to ensure tenants could shelter in their homes.  However, it is the responsibility of New York State Division of Homeland Security and Emergency Services (the grantee) to ensure that the money that FEMA provides is spent in accordance with Federal laws and regulations.  Under FEMA rules, for-profit organizations are ineligible for Public Assistance grant funds.  We recommended that FEMA review and improve, as necessary, policies and procedures that protect government resources used to support disaster response and recovery activities.  We made three recommendations and FEMA concurred with all of them.

>FEMA Needs to Improve Its Oversight of the Sheltering and Temporary Essential Power Pilot Program 		2017
OIG-17-39 We determined that CBP likely did not act in direct response to the Sandia report, but it has instituted many border security programs and operations that align with the report’s recommendations. However, our review and analysis of these reports also highlighted some continuing challenges to CBP in its efforts to secure the southwest border. In particular, CBP does not measure the effectiveness of its programs and operations well; therefore, it continues to invest in programs and act without the benefit of the feedback needed to help ensure it uses resources wisely and improves border security.  CBP also faces program management challenges in planning, resource allocation, infrastructure and technology acquisition, and overall efficiency.  Finally, coordination and communication with both internal and external stakeholders could be improved.  This final report does not contain recommendations.

>CBP’s Border Security Efforts – An Analysis of Southwest Border Security Between the Ports of Entry 		2017
OIG-17-41-D We determined that for the projects we reviewed, the County effectively accounted for and expended FEMA Public Assistance grant funds according to Federal regulations and FEMA guidelines. Because the audit did not identify any issues requiring further action from FEMA Region IV, we consider this audit closed.

>Aiken County, South Carolina, Effectively Managed FEMA Grant Funds Awarded for Severe 2014 Winter Storm 		2017
OIG-17-44-D The purpose of this advisory report is to notify FEMA of an issue we observed during our ongoing audit of CalRecycle.  We determined that CalRecycle expects it will cost about $230 million to complete debris removal work, and has received invoices totaling $200 million from two contractors performing the work.  Yet, these invoices included documentation with numerous discrepancies that did not fully support the invoiced costs as Federal cost principles and procurement standards require.  Moreover, as of September 8, 2016, our audit cutoff date, CalRecycle had paid its contractors about $186.4 million of the $200 million in invoiced costs, but had not completed its review of invoices nor collected all missing support records.   FEMA and California, therefore, should continue to assist CalRecycle in assuring that all costs are valid and eligible.  We recommended that FEMA Region IX Administrator (1) direct California, as grantee, to provide CalRecycle with technical assistance it may need to ensure compliance with all applicable Federal regulations, specifically for document support and contract management, and to avoid improperly funding any of the $230 million ($173 million Federal share) in contract costs CalRecycle estimates it will claim for damages caused by this disaster; and (2) direct California, as grantee, to ensure that all CalRecycle’s cost reimbursement claims for debris removal work are supported with adequate documentation and that costs are eligible in accordance with FEMA’s debris removal guidelines.

>Management Advisory - CalRecycle, a California State Agency, Needs Assistance to Ensure that $230 Million in Disaster Costs Are Valid 		2017
OIG-17-43-MA A recent unannounced inspection of the Theo Lacy Facility, an ICE detention facility in Orange, California, raised serious concerns, some that pose health risks and others that violate ICE’s 2008 Performance-Based National Detention Standards and result in potentially unsafe conditions at the facility.  Overall, we had concerns about food handling, confinement conditions, and services.  We made three recommendations to ensure compliance with ICE detention standards and strengthen ICE’s oversight of TLF.

>Management Alert on Issues Requiring Immediate Action at the Theo Lacy Facility in Orange, California (OIG-17-43-MA) 		2017
OIG-17-42 We determined that USCIS charges employers a flat fee per H-2 petition, regardless of whether 1) the employer is petitioning for one temporary non-immigrant worker, or hundreds of workers, and 2) it takes just minutes or days and weeks for USCIS to process the petition.  USCIS also did not limit the number of workers that employers can request on one petition, thus creating disparities in the cost employers pay to bring foreign workers into the United States.  We also found that large petitions are prone to errors that can have national security implications.  According to USCIS, the flat fee is used because USCIS systems do not capture the time required to adjudicate petitions with various numbers of workers.  We made three recommendations to improve the fee structure and vetting process.

>H-2 Petition Fee Structure is Inequitable and Contributes to Processing Errors 		2017
OIG-17-46-D We determined that although the Board accounted for disaster-related costs on a project-by-project basis, it did not comply with Federal procurement standards in awarding contracts for disaster work totaling $4.8 million.  Additionally FEMA inadvertently obligated an additional $508,884 in duplicate obligations.  Also the Board could have benefited from additional technical advice from Minnesota.  We recommended that FEMA disallow as ineligible $4.8 million for contracts that did not comply with Federal procurement standards and $508,884 for duplicate obligations.  We also recommended FEMA direct Minnesota to provide technical assistance and monitoring to the Board to ensure it complies with Federal procurement regulations, which should result in $2.6 million in cost avoidance.  FEMA generally agreed with the findings and recommendations in the report.

>Minneapolis Park and Recreation Board Did Not Follow All Federal Procurement Standards for $5.1 Million in Contracts 		2017
OIG-17-47 The Protective Mission Panel (PMP) made a number of recommendations in its December 2014 classified report.  The objective of this review was to determine whether the Secret Service has taken or plans to take action to implement the PMP’s classified recommendations, which primarily relate to security gaps and vulnerabilities at the White House Complex (WHC).  The Secret Service has clearly taken these recommendations seriously.  Using funding appropriated for PMP initiatives, the Secret Service began enhancing security and refreshing technology at the WHC.  Fully implementing many of the PMP’s classified recommendations will depend on staff increases, sustained funding, and a multi-year commitment by Secret Service and Department leadership to ensure actions continue even during times of increased protective mission demands and unexpected priorities.  We made no recommendations in this report.

>The Secret Service Has Taken Action to Address the Classified Recommendations of the Protective Mission Panel 		2017
OIG-17-40 We determined that U.S. Customs and Immigration Services’ and ICE’s social media screening pilots, on which DHS plans to base future department-wide use of social media screening, lack criteria for measuring performance to ensure they meet their objectives.  Although the pilots include some objectives, it is not clear DHS is measuring and evaluating the pilots’ results to determine how well they are performing against set criteria.  Absent measurement criteria, the pilots may provide limited information for planning and implementing an effective, department-wide future social media screening program.  We recommended developing and implementing a plan to evaluate the performance of social media screening pilots that includes well-defined, clear, and measurable objectives.

>DHS' Pilots for Social Media Screening Need Increased Rigor to Ensure Scalability and Long-term Success (Redacted) 		2017
OIG-17-48-D We determined that the Iron County Forestry and Parks Department’s (Department) accounting policies, procedures, and business practices are adequate to account for grant funds according to Federal regulations and FEMA guidelines.  However, the Department needs to revise its procurement policies and procedures to comply fully with all Federal procurement standards.  If the Department makes these revisions and follows them, FEMA should have reasonable assurance that (1) small and minority businesses, women’s business enterprises, and labor surplus area firms will receive sufficient opportunities to compete for federally funded work; (2) the risk of misinterpretations and disputes relating to contracts will be minimized; and (3) contracts are awarded to individuals, companies, or recipients who do not pose a business risk to the government.  Department officials acknowledged that they had improperly procured their contracts, but said they plan to seek FEMA reimbursement for the $72,235 in disaster-related contract costs they had incurred.  We recommended that FEMA not fund $72,235 of ineligible contract costs and direct the Wisconsin Emergency Management Agency to provide additional technical assistance and monitoring to the Department to ensure it complies with applicable Federal procurement standards and to prevent the improper spending of approximately $3.2 million in estimated disaster work.  FEMA concurred with all of our findings and recommendations.

> Iron County Forestry and Parks Department, Wisconsin, Needs Assistance and Monitoring to Ensure Proper Management of Its FEMA Grant 		2017
OIG-17-49 The Inspectors General (IG) of the Intelligence Community (IC), Department of Homeland Security (DHS), and Department of Justice (DOJ) issued a joint report on the domestic sharing of counterterrorism information.  The IGs’ review was conducted in response to a request from the Senate Select Committee on Intelligence, the Senate Homeland Security and Governmental Affairs Committee, and the Senate Judiciary Committee.  The IGs found that federal, state, and local entities are committed to sharing counterterrorism information by undertaking programs and initiatives that have improved information sharing.  However, the IGs also identified several areas in which improvements could enhance the sharing of counterterrorism information.  The IGs made 23 recommendations to the components of the Office of the Director of National Intelligence (ODNI), DHS, and DOJ to help improve the sharing of counterterrorism information and, ultimately, enhance the government’s ability to prevent terrorist attacks.  The components of ODNI, DHS, and DOJ agreed with all 23 recommendations.

>Review of Domestic Sharing of Counterterrorism Information 		2017
OIG-17-51 We determined that ICE does not effectively manage the deportation of aliens under its supervision.  ICE does not collect and analyze data about employee workloads to allocate staff judiciously and determine achievable caseloads.  ICE also has not clearly and widely communicated deportation priorities to Deportation Officers; has not issued up-to-date, comprehensive, and accessible procedures; and has not provided sufficient training.  ICE’s failure to effectively balance and adequately prepare its workforce also makes it harder to address other obstacles to deportation, which may require significant time and resources.  These management deficiencies and unresolved obstacles make it difficult for ICE to deport aliens expeditiously.  ICE concurred with our five recommendations and has taken steps to improve its management of deportation operations

>ICE Deportation Operations 		2017
OIG-17-52 The resulting management letter discusses 103 observations related to internal control for management’s consideration.  These issues, which are not critical and are below the level of a significant deficiency, include:  a lack of internal controls related to undelivered orders, inaccurate financial data, and inadequate and/or untimely reviews of transactions.  Internal control weaknesses considered significant deficiencies were presented in our Independent Auditors’ Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>Management Letter for the Department of Homeland Security's Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-54 We determined that most of the deficiencies identified by the independent public accounting firm KPMG resulted from a lack of properly documented, fully designed, adequately detailed, and consistently implemented financial system controls to comply with requirements of DHS Sensitive Systems Policy Directive 4300 A, Information Technology Security Program, and National Institute of Standards and Technology guidance.  The deficiencies collectively limited DHS’ ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommended that the Acting Chief Information Officer and Chief Financial Officer, in coordination with DHS components, make improvements to DHS’ financial management systems and associated information technology security program.

>Information Technology Management Letter for the FY 2016 Department of Homeland Security Financial Statement Audit 		2017
OIG-17-56 We determined that DHS’ information technology systems did not effectively support U.S. Immigration and Customs Enforcement’s (ICE) visa tracking operations.  Specifically, ICE personnel responsible for investigating visa overstays had to piece together information from dozens of systems and databases, some of which were not integrated and did not electronically share information.  Additionally, ICE did not ensure that its field personnel received the training and guidance needed to properly use the systems currently available to conduct visa overstay tracking.  Further, DHS lacked a completed comprehensive biometric exit system at U.S. ports of departure to capture information on nonimmigrants departing the country.  As a result, DHS could not account for all visa overstays in a report to the Congress.  Manual checking across multiple systems used for visa tracking contributed to delays in investigating suspects who potentially posed public safety or homeland security risks.  We recommended the DHS Chief Information Officer continue to work with components to further eliminate duplication, improve information sharing, and properly align system access, especially for system modernization efforts, across DHS according to visa tracking mission requirements.  We made five recommendations.

>DHS Tracking of Visa Overstays is Hindered by Insufficient Technology 		2017
OIG-17-57-D We determined that the County can account for and adequately support disaster-related costs.  However, the County’s procurement policies, procedures, and business practices do not meet all Federal procurement standard requirements.  As a result, the County awarded two bridge construction contracts totaling $458,150 without full and open competition.  We recommended that FEMA not fund $458,150 of ineligible contract costs, unless FEMA grants an exception for all or part of the costs according to Federal regulations.  Because of our audit, County officials said they will not claim FEMA reimbursement for either of the two contracts.  We discussed this decision with FEMA Region VI officials who said they will be alert for these costs should the County seek reimbursement for either of the two bridge construction contracts.  Based on FEMA’s response we consider this report closed and require no further action from FEMA.

>Colorado County, Texas, Has Adequate Policies, Procedures, and Business Practices to Manage Its FEMA Grant 		2017
OIG-17-53 KPMG, LLC, under contract with DHS OIG, discussed nine observations related to internal controls for NFIP’s consideration.  These issues include internal control deficiencies and the need for improvement in calculating written premiums, reviewing paid claims, monitoring third party service providers, and recording investments, which are not critical and are below the level of a significant deficiency.  Internal control weaknesses considered significant deficiencies were presented in our Independent Auditors’ Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>National Flood Insurance Program's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit 		2017
OIG-17-58-UNSUM Since our fiscal year 2015 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of DHS’ department-wide intelligence system and implemented programs for ongoing monitoring of its security practices. In addition, I&A has relocated its intelligence system to a DHS data center to improve network resiliency and support. The United States Coast Guard (USCG) has migrated its sites that process Top Secret/Sensitive Compartmented Information to a Defense Intelligence Agency owned system. However, USCG must continue to work with the Defense Intelligence Agency to clearly define the oversight responsibilities for this external system that supports its intelligence operations. We identified deficiencies in DHS’ information security program and are making two recommendations to I&A and three recommendations to USCG. I&A concurred with its two recommendations, while USCG non-concurred with its three recommendations. We conducted this review between May and September 2016.

>(U) Annual Evaluation of DHS' INFOSEC Program (Intel Systems - DHS Intelligence and Analysis) for FY 2016 		2017
OIG-17-59 We determined that DHS did not fully comply with the Improper Payments Elimination and Recovery Act of 2010 (IPERA) because it did not publish accurate accompanying materials to the Agency Financial Report (AFR) as required by Office of Management and Budget (OMB) guidance.  The Department also did not meet its annual reduction targets established for each high-risk program.  DHS did comply with Executive Order 13520 by properly compiling and making available to the public DHS’ FY 2016 Quarterly High-Dollar Overpayment reports. Additionally, we determined DHS did not properly perform oversight of the components’ improper payment testing and reporting.  We made five recommendations that would help DHS’ Risk Management and Assurance Division (RM&A) strengthen its oversight and review procedures for IPERA risk assessments.  We also recommended that RM&A follows OMB requirements to comply with IPERA.

>Department of Homeland Security's FY 2016 Compliance with the Improper Payments Elimination and Recovery Act of 2010 and Executive Order 13520, Reducing Improper Payments 		2017
OIG-17-55 KPMG, LLP determined that CBP made improvements by designing and implementing certain account management, audit logging, and configuration management controls.  However, KPMG continued to identify financial system functionality and general information technology control deficiencies related to access controls and configuration management for CBP’s core financial, feeder, and General Support Systems environments.  The deficiencies collectively limited CBP’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommend that CBP, in coordination with the DHS Chief Information Officer and Chief Financial Officer, make improvements to CBP’s financial management systems and associated information technology security program.

>Information Technology Management Letter for the FY 2016 U.S. Customs and Border Protection Financial Statement Audit 		2017
OIG-17-62-D We determined that the District’s accounting policies, procedures, and business practices are adequate to account for FEMA grant funds and insurance proceeds according to Federal regulations and FEMA guidelines.  However, the District’s procurement policies, procedures, and business practices were not adequate to meet minimum Federal standards and address key procurement elements such as to ensure no award is made to any party debarred or suspended from Federal assistance programs.  The District took immediate corrective actions and amended its procurement procedures to be compliant with Federal procurement standards.  Non-compliance occurred because District officials were not fully aware of the required procurement standards for Federal grants.  We recommended that FEMA direct Texas to continue providing technical assistance and closely monitor the District to ensure it complies with Federal procurement standards for awarding and administering disaster-related contracts to prevent improper spending of the estimated $12,854,705 ($9,641,029 Federal share) in contract costs for remaining permanent work.  FEMA agreed with the findings and recommendation in the report.

>Texas Should Continue to Provide Deweyville Independent School District Assistance in Managing FEMA Grant Funds 		2017
OIG-17-61 Most of the deficiencies identified by the independent public accounting firm KPMG, LLP were associated with access controls, segregation of duties, and configuration management of the U.S. Coast Guard’s core financial and feeder systems.  The deficiencies collectively limited Coast Guard’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommend that the Coast Guard, in coordination with DHS’ Chief Information Officer and Acting Chief Financial Officer, make improvements to Coast Guard’s financial management systems and associated information technology security program.

>Information Technology Management Letter for the United States Coast Guard Component of the FY 2016 DHS Financial Statement Audit 		2017

*NDAA, Pub. L. 117-263, section 5274 Response Received. View responses

Return to top of page