Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Fiscal Year
OIG-15-66-D The South Carolina Department of Transportation (Department) expects to claim about $165.2 million in Public Assistance grant funds for debris removal activities associated with a February 2014 severe winter storm. We conducted this audit early in the Public Assistance process to identify areas where the Department may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The Department generally has established policies, procedures, and business practices to adequately account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines. The Department has accounting systems in place to account for disaster costs on a project-by-project basis and has adequate support for costs it plans to claim under the grant award. Further, the contracts the Department awarded to accomplish work under the grant met Federal and FEMA procurement requirements.

>South Carolina Department of Transportation Has Adequate Policies, Procedures, and Business Practices to Effectively Manage Its FEMA Public Assistance Grant Funding 		2015
OIG-15-33 We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Management Act, we reviewed the Department’s security program including its policies, procedures, and system security controls for enterprise-wide intelligence systems. In doing so, we assessed the Department’s continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones for correcting information security weaknesses, contingency planning, and security capital planning .

>Fiscal Year 2014 Evaluation of DHS' Compliance with Federal Information Security Management Act Requirements for Intelligence Systems 		2015
OIG-15-02-D The Hospital received an award of $110 million from the Indiana Department of Homeland Security, a FEMA grantee, for damages caused by severe storms and flooding that occurred May 30, through June 27, 2008. Our objective of the audit was to determine whether the Hospital accounted for and expended FEMA grant funds according to federal regulations and FEMA guidelines. Columbus Regional Hospital, Columbus Indiana, (Hospital) generally accounted for FEMA projects on a project-by-project basis as Federal regulations and FEMA guidelines require. However, the Hospital’s claim included ineligible costs.

>FEMA Should Recover $3 Million of Ineligible Costs And $4.3 Million of Unneeded Funds from the Columbus Regional Hospital 		2015
OIG-15-149-D Riverside General Hospital (Riverside) received a $32.4 million award from the Texas Division of Emergency Management (Texas), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Ike in September 2008. At FEMA’s request, we audited $32.4 million, or 100 percent of the grant award. Riverside’s misuse of Federal funds did not end in 2012 with the indictment and departure of its Chief Executive Officer and others on charges of bilking Medicare out of $158 million. Following the indictments, Riverside’s remaining management continued to misuse and mismanage Federal funds—this time, FEMA funds. By 2013, Texas had advanced $17.6 million of the $32.4 million FEMA grant to Riverside. Riverside alleged that it spent $13.2 million of the $17.6 million received for disaster expenses. However, Riverside completely disregarded Federal grant requirements, and Texas did not adequately monitor Riverside’s grant activities. In fact, Riverside spent $7.9 million to fund its hospital operations and other unverifiable items. Further, Riverside awarded $12.2 million in disaster-related contracts without competition and did not always account for or support the grant funds. Therefore, we question the entire $32.4 million grant award, including $17.6 million in advanced funds and $14.8 million in unused funds.

>FEMA Should Recover $32.4 Million in Grant Funds Awarded to Riverside General Hospital, Houston, Texas 		2015
OIG-15-132-D The City of Duluth, Minnesota, (City) received a Public Assistance grant award of $13.34 million from Minnesota’s Department of Public Safety, Division of Homeland Security and Emergency Management (Minnesota), a FEMA grantee, for damages resulting from severe storms and flooding in June 2012. The City did not follow Federal procurement standards in awarding $3.08 million for 12 contracts—$1.54 million for 8 non-exigent contracts and $1.54 million for 4 exigent contracts. Although the City competitively awarded all but 3 of the 12 contracts we reviewed, it did not take required steps to provide opportunities to disadvantaged firms to bid on federally funded work, as Congress intended. Therefore, we question the $1.54 million the City claimed for eight contracts for non-exigent work. We generally do not question costs for work when lives and property are at risk. Therefore, of the $1.54 million the City claimed for exigent work, we question only $8,566 in markups on the cost because one of the City’s contractors billed on a prohibited cost-plus-percentage-of-cost basis.

>FEMA Should Recover $1.78 Million of Public Assistance Grant Funds Awarded to the City of Duluth, Minnesota 		2015
OIG-15-100-D We prepared this report to assist recipients of FEMA disaster assistance grants. We have updated this guide to include information on FEMA’s alternative procedures under the Sandy Recovery Improvement Act. We also added information about Title 2 CFR Part 200: Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards.

>Audit Tips for Managing Disaster-Related Project Costs 		2015
OIG-15-67-D As of February 2014, the Port Authority requested an estimated $213 million in Public Assistance funding for 2012 Hurricane Sandy damages. We conducted this audit early in the Public Assistance process to identify areas where the Port Authority may need additional technical assistance or monitoring to ensure compliance with Federal grant requirements. At the time of the grant award, the Port Authority of New York and New Jersey (Port Authority) did not have adequate accounting and procurement policies and procedures in place to ensure compliance with Federal Emergency Management Agency (FEMA) grant requirements. However, in late 2013, the Port Authority made changes to its accounting and procurement policies and procedures for FEMA-funded work. These changes should provide FEMA reasonable assurance that the Port Authority has the capability to account for and expend FEMA grant funds according to Federal requirements.

>The Port Authority of New York and New Jersey's Recently Updated Policies, Procedures, and Business Practices Should Be Adequate to Effectively Manage FEMA Public Assistance Grant Funds 		2015
OIG-15-34-D Larimer County, Colorado (County) received a $22.5 million grant for damages from a September 2013 disaster. We conducted this audit early in the grant process to identify areas where the County may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The policies, procedures, and business practices of the County are not adequate to account for and expend Federal Emergency Management Agency (FEMA) grant funds according to all Federal requirements. As a result, the County is at risk of losing some or all of its FEMA-approved funding, which totaled $22.5 million as of June 2014.

>Larimer County, Colorado, Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements 		2015
OIG-15-03-D The County received over $24 million in Public Assistance awards for three federally declared flooding events. Our objective was to determine whether the County accounted for and expended FEMA grant funds according to Federal regulations and FEMA guidelines. The County has procedures in place to account for disaster-related costs on a project-by-project basis. The County however, has completed very little of the work FEMA approved for the three federally declared disasters. At the time of our field work, the County did not have sufficient records available for us to determine whether the County is fully capable of managing the three Federal grants.

>The State of North Dakota Needs to Assist Ramsey County in Completing $24 Million of FEMA Public Assistance Projects for Three Federally Declared Disasters that Occurred in 2009–2011 		2015
OIG-15-150 The Transportation Security Administration (TSA) conducts or oversees passenger checkpoint screening at 450 federalized airports. Passenger checkpoint screening is a process by which passengers are inspected to deter, detect, and prevent explosives, incendiaries, weapons, or other security threats from entering sterile areas of an airport or getting onboard an aircraft. As threats to transportation security evolved, TSA needed a screening technology to detect nonmetallic threats. TSA developed Advanced Imaging Technology (AIT) to screen passengers for both metallic and nonmetallic threats concealed under clothing—without physical contact. In 2013, TSA equipped all AIT with Automated Target Recognition software, which displays a box around anomalies on a generic outline of a body. Our objective was to determine the effectiveness of TSA’s AIT, Automated Target Recognition software, and checkpoint screener performance in identifying and resolving anomalies and potential security threats at airport checkpoints. The compilation of the number of tests conducted, names of the test airports, and quantitative and qualitative results of our testing is classified or designated as Sensitive Security Information. We made one recommendation that when implemented should strengthen the effectiveness of identifying and resolving security threats at airport checkpoints.

>Covert Testing of TSA's Passenger Screening Technologies and Processes at Airport Security Checkpoints 		2015
OIG-15-133-D The Knoxville Utilities Board received a Public Assistance award of $5.2 million from the Tennessee Emergency Management Agency, a FEMA grantee, for damages resulting from severe storms and tornadoes in June 2011. We audited projects totaling $4.3 million. For the projects we reviewed, the Utility properly accounting for and expended FEMA funds according to Federal requirements.

>The Knoxville Utilities Board Effectively Managed FEMA Public Assistance Grant Funds Awarded for Damages from Tornadoes and Severe Storms in June 2011 		2015
OIG-15-101-D FEMA awarded the Chippewa Cree Tribe of the Rocky Boy’s Indian Reservation in Montana (Tribe) a $31.6 million grant for damages from a June-July 2010 flood disaster. The Tribe mismanaged this grant, which resulted in a domino effect of negative consequences. First, the Tribe awarded a $3.7 million sole-source contract to a Tribal-owned corporation, the Chippewa Cree Construction Corporation (Corporation). The lack of full and open competition set the stage for fraud, waste, and abuse. Then, the Tribe neglected to identify the material deficiencies in the Corporation’s fiscal controls and accounting procedures. The Corporation’s Chief Executive Officer took advantage of these weaknesses; and a Federal court has since convicted him of Federal corruption charges for embezzling the Tribe’s insurance proceeds and FEMA grant funds, and sentenced him to prison in August 2014. Finally, the Tribe could not provide documentation sufficient to support the $3.9 million it claimed for Project 117.

>The Chippewa Cree Tribe of the Rocky Boy's Indian Reservation in Montana Mismanaged $3.9 Million in FEMA Disaster Grant Funds 		2015
OIG-15-68 KPMG LLP reviewed the United States Coast Guard’s (U.S. Coast Guard) internal control over financial reporting. The management letter contains six observations related to internal control and other operational matters for management’s considerations. KPMG LLP noted deficiencies and the need for improvements in certain U.S. Coast Guard processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies.

>United States Coast Guards' Management Letter for DHS' FY 2014 Financial Statements Audit 		2015
OIG-15-35-D The Imperial Irrigation District (District) received a $10.5 million award of Federal Emergency Management Agency (FEMA) Public Assistance grant funds for damages resulting from an April 2010 earthquake. We audited $7.8 million, or 74 percent of the total award. The District did not always account for and expend FEMA grant funds according to Federal requirements. The District awarded contracts totaling $3.6 million without taking the required affirmative steps to ensure the use of small and minority firms, women’s business enterprises, and labor surplus area firms when possible. As a result, FEMA has no assurance that these types of firms had opportunities to bid on Federal work as Congress intended. The District’s claim also included $45,408 of ineligible contract costs and $1,473 of unsupported equipment costs. In addition, FEMA should deobligate $2.5 million and put those funds to better use because the District completed disaster work and no longer needs those funds.

>FEMA Should Recover $6.2 Million of Ineligible and Unused Grant Funds Awarded to the Imperial Irrigation District, California 		2015
OIG-15-04-IQO The Office of Integrity and Quality Oversight, Investigations Quality Assurance Division conducted an oversight review of the Federal Law Enforcement Training Center, Office of Professional Responsibility from June 2014 to August 2014. The review covered OPR activity from October 1, 2011, (FY 2012) to June 1, 2014 (FY 2014). We found that the Office of Professional Responsibility generally complied with applicable directives, policies, guidelines, and investigative standards. We observed commendable practices with the thoroughness of investigations, the quality of reports, and the productive relationships maintained with operational entities within the Federal Law Enforcement Training Center. We found particular issues with the agency’s underreporting of complaints to the Office of Inspector General, the absence of annual Law Enforcement Availability Pay documentation and certifications, and weaknesses in safeguarding evidence. We made 21 recommendations to the Office of Professional Responsibility Division Chief who agreed with them in whole or in part. There are no open recommendations in this report.

>Oversight Review of the Department of Homeland Security Federal Law Enforcement Training Center Office of Professional Responsibility 		2015
OIG-15-151-D The Borough received a $7 million grant award from the New Jersey Office of Emergency Management (New Jersey), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from Hurricane Sandy, which occurred in October 2012. We conducted this audit early in the grant process to identify areas where the Borough may need assistance in managing Federal funds. The Borough of Spring Lake, New Jersey, (Borough) accounted for disaster costs on a project-by-project basis and met applicable Federal regulations in processing disaster related procurement transactions. However, the Borough completed one large project below the estimated project cost, and about $2.0 million remains obligated for that project. Therefore, FEMA should deobligate the $2.0 million in unneeded funds as soon as possible and put those funds to better use. In addition, the Borough could not provide adequate support for emergency and permanent restoration work totaling $798,317. The Borough also had not applied insurance proceeds totaling $431,507 against claims for eligible project costs. Therefore, the $431,507 represents ineligible duplicate benefits, because FEMA cannot fund costs that insurance covers. These findings occurred, in part, because the Borough did not effectively coordinate with New Jersey to ensure Borough compliance with FEMA grant requirements.

>FEMA Should Recover $2.0 Million in Unneeded Funds and Disallow $1.2 Million of $7 Million in Grant Funds Awarded to Spring Lake, New Jersey, for Hurricane Sandy 		2015
OIG-15-134-D The Knoxville Utilities Board received a Public Assistance award of $2.7 million from the Tennessee Emergency Management Agency, a FEMA grantee, for damages resulting from severe storms and tornadoes in April 2011. We audited projects totaling $2.5 million. For the projects we reviewed, the Utility properly accounting for and expended FEMA funds according to Federal requirements.

>The Knoxville Utilities Board Effectively Managed FEMA Public Assistance Grant Funds Awarded for Damages from Tornadoes and Severe Storms in April 2011 		2015
OIG-15-102-D FROM: John E. McCoy II

Assistant Inspector General for Audits

SUBJECT: Office of Inspector General Emergency Management Oversight Team Deployment Audits

Audit Report Numbers OIG-13-84, OIG-13-117, OIG-13-124, OIG-14-50-D, OIG-14-111-D, OIG-15-92-D, OIG-15-102-D, OIG-15-105-D, OIG-16-53-D, OIG-16-85-D, OIG-16-106-D, OIG-17-37-D

After completing an internal review of our audits related to multiple Emergency Management Oversight Team (EMOT) projects, we have decided to permanently remove the subject reports from our public website.

Our internal review found the subject reports may not have adequately answered objectives and, in some cases, may have lacked sufficient and appropriate evidence to support conclusions. Answering objectives with sufficient and appropriate evidence is required under Government Auditing Standards or Quality Standards for Inspection and Evaluation. In an abundance of caution, we believe it best to recall the reports and not re-issue them.

Going forward, our EMOTs will deploy during the response phase of a disaster to identify and alert the Federal Emergency Management Agency (FEMA) and its stakeholders of potential issues or risks if they do not follow FEMA and other Federal requirements. The EMOT’s reviews will not be conducted under Government Auditing Standards. The teams will continue to observe and identify potential risk areas that will be addressed by future traditional audits, if necessary.

A complete list of the projects removed from our website is attached. You should not place any reliance on these reports.

Please contact me at (202) 254-4100 if you have any questions.

>FEMA's Initial Response to the 2014 Mudslide near Oso, Washington 		2015
OIG-15-69 We contracted with the independent public accounting firm KPMG LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG LLP assessed certain non-technical areas related to the protection of sensitive information technology and financial information and assets at United State Secret Service (USSS). KPMG LLP performed after-hours physical security walkthroughs and social engineering tests and identified instances where USSS personnel did not adequately comply with requirements for safeguarding sensitive material or assets from unauthorized access or disclosure. The inadequate protection of DHS information systems and data from those without a need to know or a need for access puts USSS’ sensitive electronic and physical data at adverse risk of loss, theft, or misuse.

>Information Technology Management Letter for the United States Secret Service Component of the FY 2014 Department of Homeland Security Financial Statement Audit 		2015
OIG-15-37-D Gwinnett County, Georgia (County) received an award of $6.3 million from the Georgia Emergency Management Agency (Georgia), a Federal Emergency Management Agency (FEMA) grantee, for damages resulting from a September 2009 flood. We audited projects totaling $4.6 million to determine whether the County accounted for and expended FEMA funds according to Federal requirements. For the projects we reviewed, the County generally accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. The County’s claim did include $87,208 of ineligible costs that insurance covered; however, this occurred because of a minor FEMA funding error. In addition, Georgia overpaid the County a total of $871,129 under several projects. Although these overpayments to the County do not affect the amount of obligated Federal funds, the County should return the excess funds to Georgia to be put to better use.

>Gwinnett County, Georgia, Generally Accounted for and Expended FEMA Public Assistance Grant Funds According to Federal Requirements 		2015
OIG-15-36 Evaluation of Alleged AUO Misuse at U.S. Customs and Border Protection, Office of Internal Affairs (OSC File No. DI-14-0666) 2015
OIG-15-05 The Coast Guard has undertaken a project to modernize information technology onboard certain ships and aircraft. This technology is referred to collectively as Command, Control, Communication, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) systems. The C4ISR project is a major information technology investment with an acquisition life cycle cost of $1.5 billion through fiscal year 2026. The Coast Guard has implemented information technology systems that effectively support the mission needs of some ships and aircraft. Specifically, the systems have met overall performance requirements and have improved operational capabilities, including increased situational awareness, better communication within the Coast Guard and with its partners, and enhanced sensor capabilities. The Coast Guard, however, has not carried out some planned system enhancements that were necessary to support mission needs of certain aircraft and legacy ships. These enhancements were not carried out because of significant budget reductions. Revised plans do not fully address how the Coast Guard will meet the critical technology needs of these aircraft and legacy ships. As a result, these ships and aircraft continue to rely on obsolete technology which impacts mission performance and makes operations and maintenance more difficult and costly.

>U.S. Coast Guard Command, Control, Communication, Computers, Intelligence, Surveillance, and Reconnaissance Modernization 		2015
OIG-15-152-D At the time of our audit, Mount Carmel Baptist Church (Mount Carmel) did not have adequate policies, procedures, and business practices to account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines. Although the disaster occurred in 2013, Mount Carmel had not begun work to repair any of its damaged facilities and, therefore, had not incurred any costs for disaster-related work. In addition, Mount Carmel may lack the financial stability to meet the required 25 percent non-Federal cost share for the grant award. Finally, a Mount Carmel affiliate did not always comply with Federal grant requirements for a past Federal grant it received from another Federal agency. Therefore, FEMA should place special award conditions as needed on Mount Carmel though additional requirements.

>Mount Carmel Baptist Church in Hattiesburg, Mississippi Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements 		2015
OIG-15-135-D On August 24, 2014, a magnitude 6.0 earthquake struck northern California. FEMA expects eligible damages in Napa County, California (County), from the earthquake and aftershocks to exceed $6 million. We conducted this audit early in the grant process to identify areas where the County may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The County has adequate policies, procedures, and business practices to account for Public Assistance grant funds according to Federal regulations and Federal Emergency Management Agency (FEMA) guidelines. The County can account for disaster costs on a project-by-project basis and is able to adequately support repair costs. Additionally, the County’s insurance procedures and practices are adequate to ensure that the County can properly manage anticipated insurance proceeds. The County also has adequate procurement policies and procedures that are consistent with Federal procurement standards. However, the County did not follow Federal procurement standards or its own contracting requirements when it awarded, without competition, a non-emergency grant management contract for $973,778. Therefore, we question $973,778 as ineligible contract costs.

>Napa County, California, Needs Additional Technical Assistance and Monitoring to Ensure Compliance with Federal Regulations 		2015
OIG-15-103-D The City of Rocky Mount, North Carolina (City), received a Public Assistance award of $5.4 million from the North Carolina Division of Emergency Management, a FEMA grantee, for damages resulting from Hurricane Irene in August 2011. We audited the projects totaling $5.3 million to determine whether the City accounted for and expended FEMA funds according to Federal requirements. For the projects we reviewed, the City properly accounted for and expended FEMA funds according to Federal requirements.

>The City of Rocky Mount, North Carolina, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Hurricane Irene Damages 		2015
OIG-15-70 KPMG LLP reviewed the Office of Financial Management’s (OFM) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s considerations.

>Office of Financial Management's Management Letter for DHS' FY 2014 Financial Statements Audit 		2015
OIG-15-38 We conducted an audit of S&T’s award and management of its contract with NVS Technologies, Inc. Although S&T properly awarded the contract, we identified deficiencies with S&T’s management of the contract. Specifically, program managers did not document contract oversight because S&T does not have adequate policies and procedures governing contract management. As a result, S&T may have wasted $23 million in incurred costs plus additional cost associated with contract termination. If program performance is not adequately documented, S&T may also have difficulty making well-informed decisions on all its contracts.

>Science and Technology Directorate Needs to Improve Its Contract Management Procedures 		2015
OIG-15-06-D Between 1994 and 2013, FEMA operated seven Long Term Recovery Offices. FEMA obligated and spent more than $4 billion in administrative costs and more than $1 billion in salaries for these offices. Our audit objective was to determine whether FEMA’s policies, procedures, and performance measures for establishing, operating, and closing Long Term Recovery Offices meet Federal statutes and are consistently applied. FEMA does not track costs or data associated with performance measures for Long Term Recovery Offices. Without tracking costs or data, FEMA cannot determine whether these offices are cost effective. FEMA establishes, operates, and closes Long Term Recovery Offices without standardized policies, procedures, and performance measures. Without these controls in place, FEMA is at risk for mismanagement of Federal disaster funds and cannot ensure consistency in establishing and managing these offices. Correcting these deficiencies will provide FEMA the information and guidance it needs to determine whether Long Term Recovery Offices are cost effective. In addition, FEMA can better ensure consistency in establishing and managing these offices.

>FEMA Needs To Track Performance Data and Develop Policies, Procedures, and Performance Measures for Long Term Recovery Offices 		2015
OIG-15-94 (Revised) Our objective was to determine whether the Department of Homeland Security (DHS) complied with the Improper Payments Elimination and Recovery Act of 2010 (IPERA). We also evaluated the accuracy and completeness of DHS’ improper payment reporting and DHS’ performance in reducing and recapturing improper payments. Although DHS met all the reporting requirements of IPERA, it did not meet its annual reduction targets established for each high-risk program as required by OMB. As such, we concluded that DHS did not fully comply with IPERA.

>Department of Homeland Security's FY 2014 Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised) 		2015
OIG-15-136-D St. Tammany Parish (Parish) received awards totaling $15.3 million from the Louisiana Governor’s Office of Homeland Security and Emergency Preparedness (Louisiana), a Federal Emergency Management Agency (FEMA) grantee, for the Hazard Mitigation Grant Program resulting from four federally declared disasters. The Parish’s hazard mitigation projects generally met FEMA’s eligibility requirements; and the Parish’s project management generally complied with applicable regulations and guidelines. However, the Parish did not always account for and expend grant funds according to Federal regulations and FEMA guidelines. We audited 11 projects totaling $14.98 million, or 98 percent of the total $15.3 million award. However, at the time of our audit, the Parish had completed only 4 of the 11 projects and had claimed project costs of $6.9 million for the 11 projects in our audit scope. We found $609,271 in ineligible project costs and $320,108 in unsupported project costs for total questioned costs of $929,379. These findings occurred, in part, because Louisiana has not properly managed its grants. Most significantly, Louisiana had not developed and implemented a comprehensive strategy to close all Hazard Mitigation Grant Program projects.

>FEMA Should Recover $929,379 of Hazard Mitigation Funds Awarded to St. Tammany Parish, Louisiana 		2015
OIG-15-104-D We audited FEMA Public Assistance grant funds awarded to the Port of Tillamook Bay, Oregon (Port), for damages resulting from severe storms, flooding, landslides, and mudslides that occurred in December 2007. The Port properly accounted for FEMA funds, but did not always expend the funds according to Federal regulations and FEMA guidelines.

>FEMA Should Recover $337,135 of Ineligible or Unused Grant Funds Awarded to the Port of Tillamook Bay, Oregon 		2015
OIG-15-71 KPMG LLP reviewed the United States Immigration and Customs Enforcement’s (ICE) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations.

>United States Immigration and Customs Enforcement's Management Letter for DHS' FY 2014 Financial Statements Audit 		2015
OIG-15-39 CBP did not effectively target and examine rail shipments entering the United States from Mexico and Canada. Specifically, U.S. Customs and Border Protection Officers (CBPO) did not always target shipments using the mandatory Automated Targeting System (ATS) targeting criteria. CBPOs also did not always use the required radiation detection equipment to examine high-risk shipments. Finally, CBPOs did not always record the results of their rail cargo examinations in the Cargo Enforcement Reporting and Tracking System (CERTS). CBPOs were unaware of the correct targeting criteria or inadvertently used inappropriate criteria. In addition, one port did not have the required radiation detection equipment for its rail team, and CBPOs at two other ports used Personal Radiation Detectors to examine shipments. Rail CBPOs also received insufficient training on the use of ATS and CERTS. Finally, Supervisory CBPOs did not provide sufficient oversight to ensure CBPOs followed CBP policy. As a result, CBP may have failed to target or properly examine rail shipments that were at an increased risk to contain contraband or dangerous materials. In addition, CBP has no assurance that decisions to release these high-risk shipments into U.S. commerce were appropriate.

>U.S. Customs and Border Protection Did Not Effectively Target and Examine Rail Shipments From Canada and Mexico 		2015
OIG-15-07 The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure concerning U.S. Customs and Border Protection’s Ysleta Border Patrol Station (Ysleta Station) in El Paso, Texas. The whistleblower alleged that supervisors and border patrol agents at the Ysleta Station claim administratively uncontrollable overtime (AUO), but fail to perform duties that qualify for AUO. The whistleblower also alleged that supervisors at the Ysleta Station authorize AUO to compensate injured agents who are assigned administrative duties and are not working overtime hours. OSC referred this allegation to DHS Acting Secretary Rand Beers. The Department subsequently requested our assistance with this allegation and several other AUO-related allegations from other DHS components. We assembled a taskforce of auditors, program analysts, investigators, and attorneys to review these allegations. Federal regulations allow agencies to pay AUO annually to employees in positions that require substantial amounts of irregular or occasional overtime work and in which the hours of duty cannot be controlled administratively. Ysleta Station did not have sufficient AUO documentation to allow us to specifically identify a violation of law, rule, or regulation. However, most activities that second-line supervisory border patrol agents performed during AUO hours and some activities that first-line supervisory agents and nonsupervisory agents performed appear to have been administratively controllable. We did not find evidence to substantiate that Ysleta Station agents who sustained work-related injuries were paid AUO improperly.

>Evaluation of Alleged AUO Misuse at U.S. Border Patrol, Ysleta Station 		2015
OIG-15-137 U.S. Customs and Border Protection (CBP) developed the Analytical Framework for Intelligence (AFI)—an index of relevant data in existing systems—to augment Department of Homeland Security’s (DHS) ability to gather and develop information about persons, events, and cargo of interest. We performed this audit to determine the status of AFI implementation and whether effective controls have been applied to protect the sensitive information processed and stored by the system. CBP has made significant progress in implementing AFI. CBP fully deployed AFI on schedule and within budget, and has taken measures to secure the sensitive information the system processes and stores from unauthorized access. In addition, CBP developed a privacy impact assessment to ensure that privacy considerations for operating AFI were addressed throughout system deployment. Since deployment, system users have provided positive feedback to the component about AFI’s functionality and usefulness. Despite these positive steps, we identified deficiencies that the component must address to further secure the system.

>Enhancements to Technical Controls Can Improve the Security of CBP's Analytical Framework for Intelligence 		2015
OIG-15-105-D FROM: John E. McCoy II

Assistant Inspector General for Audits

SUBJECT: Office of Inspector General Emergency Management Oversight Team Deployment Audits

Audit Report Numbers OIG-13-84, OIG-13-117, OIG-13-124, OIG-14-50-D, OIG-14-111-D, OIG-15-92-D, OIG-15-102-D, OIG-15-105-D, OIG-16-53-D, OIG-16-85-D, OIG-16-106-D, OIG-17-37-D

After completing an internal review of our audits related to multiple Emergency Management Oversight Team (EMOT) projects, we have decided to permanently remove the subject reports from our public website.

Our internal review found the subject reports may not have adequately answered objectives and, in some cases, may have lacked sufficient and appropriate evidence to support conclusions. Answering objectives with sufficient and appropriate evidence is required under Government Auditing Standards or Quality Standards for Inspection and Evaluation. In an abundance of caution, we believe it best to recall the reports and not re-issue them.

Going forward, our EMOTs will deploy during the response phase of a disaster to identify and alert the Federal Emergency Management Agency (FEMA) and its stakeholders of potential issues or risks if they do not follow FEMA and other Federal requirements. The EMOT’s reviews will not be conducted under Government Auditing Standards. The teams will continue to observe and identify potential risk areas that will be addressed by future traditional audits, if necessary.

A complete list of the projects removed from our website is attached. You should not place any reliance on these reports.

Please contact me at (202) 254-4100 if you have any questions.

>FEMA's Initial Response to Severe Storms and Flooding in Michigan 		2015
OIG-15-72 KPMG LLP reviewed the U.S. Citizenship and Immigration Services (USCIS) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations.

>U.S. Citizenship and Immigration Services' Management Letter for DHS' FY 2014 Financial Statements Audit 		2015
OIG-15-40-D We reviewed $1,726,151 of costs the County claimed for one large project (Project 3095). This amount was $945,640 more than the $780,511 that FEMA initially authorized and obligated for the project. The County improperly claimed $945,640 more than the $780,511 that FEMA Region IX initially authorized to construct a wall to stabilize a damaged section of road. The County incurred the additional costs because, rather than adhere to the scope of work that FEMA authorized, it built a superior wall to lessen the susceptibility of damage that anticipated wildfires might cause in that location. FEMA Headquarters ultimately approved this funding and awarded the County both the initial $780,511 and an additional$945,640 for the already-completed project. However, FEMA Headquarters did not provide a reasonable justification for its decision and did not perform a benefit/cost analysis as required to fund mitigation measures. As a result, FEMA and taxpayers had no assurance that the mitigations work was cost effective, as Federal regulations and FEMA guidelines require.

>FEMA Needs to Ensure the Cost Effectiveness of $945,640 that Los Angeles County, California Spent for Hazard Mitigation Under the Public Assistance Program 		2015
OIG-15-08 Although Ohio took steps in recent years to improve its management of funds awarded under the HSGP, the Federal Emergency Management Agency (FEMA) cannot be assured that Ohio effectively managed grant funds from fiscal years (FY) 2010 through 2012. Specifically, Ohio needs to improve its performance measures, the accounting for grant funds, the timeliness of releasing funds to subgrantees, and its monitoring of subgrantees, including their procurement and property management practices. Although we identified many of these same challenges in two previous audits of Ohio’s management of HSGP funding, FEMA has not changed its oversight practices to target Ohio’s areas of repeated deficiencies. Ohio continues to disregard some Federal regulations and grant guidance. Consequently, the State may be limited in its ability to prevent, prepare for, protect against, and respond to natural disasters, acts of terrorism, and other manmade disasters.

>Ohio’s Management of Homeland Security Grant Program Awards for Fiscal Years 2010 Through 2012 (Revised) 		2015
OIG-15-138 The Department of Homeland Security (DHS) manages a diverse warehouse portfolio. According to the Government Accountability Office, managing the Federal government’s real property — which includes warehouses — is a high-risk area. DHS’ components own and lease warehouses for a variety of reasons, such as storing disaster relief supplies, computer equipment, seized assets, and excess property. Our audit objective was to determine the effectiveness of DHS’ process of assessing and managing its warehousing needs. Although DHS has taken steps to assess its warehouses, it cannot effectively manage its warehouse needs because some of the components misclassify many of their warehouses. We found buildings that should not have been on the Department’s warehouse inventory. Conversely, we found buildings that should have been classified as warehouses, but were not. Because the warehouse inventories are inaccurate, DHS cannot manage warehouses or demonstrate compliance with requirements to limit the size of real property inventories and reduce costs. Even though most warehouses we visited were well organized and appeared to support the components’ missions, we identified three warehouses that CBP could potentially consolidate or close and put $1 million per year to better use.

>Accurate Reporting and Oversight Needed to Help Manage DHS' Warehouse Portfolio 		2015
OIG-15-106-D Dixie Electric received a $9.2 million award in FEMA grant funds for 2012 Hurricane Isaac damages to its facilities located in Greenwell Springs, Louisiana. Our audit objective was to determine whether Dixie Electric accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. Dixie Electric Membership Corporation (Dixie Electric) generally accounted for and expended Federal Emergency Management Agency (FEMA) Public Assistance grant funds according to Federal requirements. Dixie Electric used its own employees, mutual aid agreements with other electric cooperatives, and contractors to restore power to its customers by September 4, 2012, only 6 days after the disaster. Although Dixie Electric did not always comply with Federal procurement standards in awarding 10 contracts for disaster work totaling $4.4 million, we question only $21,740 for non-compliance because contractors performed most of the work under exigent circumstances to restore power.

>Dixie Electric Membership Corporation, Greenwell Springs, Louisiana, Generally Accounted For and Expended FEMA Grants Funds Properly 		2015
OIG-15-73 KPMG LLP reviewed the National Protection and Programs Directorate’s (NPPD) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations. KPMG LLP reviewed the Science and Technology Directorate’s (S&T) internal control over financial reporting. The management letter contains four observations related to internal control and other operational matters for management’s considerations.

>Science and Technology Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit ( 		2015
OIG-15-41 The United States Coast Guard (USCG) operates the Biometrics at Sea System (BASS) to collect biometric data from interdicted aliens. The biometrics are sent to the Department of Homeland Security’s (DHS) Automated Biometric Identification System (IDENT) to identify potential persons of interest, including suspected terrorists. We audited BASS interface with IDENT, security roles and responsibilities, and change control management. We determined that USCG did not have a routine reconciliation process to ensure that all biometrics that it captured on the 23 cutters are maintained in IDENT. Not ensuring reconciliation between the total biometrics USCG submitted and the number stored in IDENT may impede future identification of suspected terrorists, aggravated felons, or other individuals of interest. USCG also allowed application programmers with unrestricted system access to share passwords. The control weakness may result in individuals making unauthorized changes to the system without detection. Further, we determined that the authorization for the transition from the 2-fingerprint to 10-fingerprint application system was not properly documented and security documentation had not been updated. Without a proper authorization process, USCG could not provide assurance that senior executives approved the change prior to implementation.

>The Security Posture of the United States Coast Guard's Biometrics At Sea System Needs Improvements 		2015
OIG-15-09 We have identified major challenges that affect both the Department as a whole, as well as individual components. DHS must continually seek to integrate management operations under an authoritative governing structure capable of effectively overseeing and managing programs that cross component lines. DHS’ mission to protect the Nation from domestic and international threats and respond to natural and manmade disasters is further challenged by the unpredictable nature of these hazards. DHS must overcome the challenges inherent with uniting the Department under the Secretary’s Unity of Effort Initiative, as well as those over which it has little control. This year, we are reporting the Department’s major challenges in the following areas: (1) DHS Operations Integration, (2) Acquisition Management, (3) Financial Management, (4) IT Management and Privacy Issues, (5) Transportation Security, (6) Border Security and Immigration Enforcement. (7) Grants Management, (8) Employee Accountability and Integrity, (9) Infrastructure Protection, Cybersecurity, and Insider Threat

>Major Management and Performance Challenges Facing the Department of Homeland Security 		2015
OIG-15-139-D Los Alamos County, New Mexico, (County) received a $5.1 million award from the New Mexico Department of Homeland Security and Emergency Management Agency, a FEMA grantee, for damages resulting from severe storms and flooding in September 2013. Our audit objective was to determine whether the County accounted for and expended FEMA funds according to Federal regulations and FEMA guidelines. The County generally accounted for and expended Federal Emergency Management Agency (FEMA) Public Assistance grant funds according to Federal requirements. However, the County did not always comply with Federal procurement standards in awarding its three largest contracts for disaster work totaling $1.9 million. Specifically, the County did not take all required affirmative steps to assure the use of small, minority, women-owned, and labor-surplus area firms when possible. However, although the County did not take the specific steps that Federal procurement standards require, it did award all three contracts to these types of disadvantaged firms. In addition, the County’s contractors performed adequately and billed for their work appropriately. Therefore, we did not question costs because the County’s noncompliance with Federal requirements did not negatively impact the Federal government. County officials said that they were not aware of this requirement, but would update their policies and procedures to include this Federal procurement standard for future disasters.

>Los Alamos County, New Mexico, Generally Accounted For and Expended FEMA Grant Funds Properly 		2015
OIG-15-107 As a result, we identified more than $67 million in questioned costs related to operational overtime, management and administration, and training that were not spent according to grant guidance or were not adequately supported.

>New York's Management of Homeland Security Grant Program Awards for Fiscal Years 2010-12 		2015
OIG-15-74 KPMG LLP reviewed the National Protection and Programs Directorate’s (NPPD) internal control over financial reporting. The management letter contains five observations related to internal control and other operational matters for management’s considerations.

>National Protection and Programs Directorate's Management Letter for DHS' FY 2014 Financial Statements Audit 		2015
OIG-15-42 We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security (DHS) for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at U.S. Immigration and Customs Enforcement (ICE). KPMG, LLP determined that ICE had made improvements in designing and consistently implementing controls related to segregation of duties on financial system components and in addressing identified vulnerabilities. However, KPMG, LLP continued to identify general information technology controls deficiencies related to access controls and configuration management of ICE’s core financial system. Such control deficiencies limited ICE’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data.

>Information Technology Management Letter for the Immigration Customs Enforcement Component of the FY 2014 Department of Homeland Security Financial Statement Audit 		2015
OIG-16-122-D The severe winter storms, straight-line winds, flooding,landslides, and mudslides during December 6–23, 2015, caused severe damageto the City of Portland, Oregon (City). City officials estimate that disaster-related costs may exceed $11 million. We conducted this audit early in the PublicAssistance process to identify areas where the Citymay need additional technical assistance or monitoring to ensure compliance with Federal regulations and FEMA guidelines.

>Portland, Oregon, Has Adequate Policies, Procedures, and Business Practices to Manage Its FEMA Grant Funding 		2016
OIG-16-90 KPMG LLP, under contract with the DHS Office of Inspector General, audited the U.S. Customs and Border Protection’s consolidated financial statements for fiscal year (FY) 2015. The resulting management letter contains 16 observations related to internal controls and other operational matters for management’s consideration. KPMG LLP noted internal control deficiencies and the need for improvement in several processes including control over settlement assets; the trade compliance measurement review process; review of Federal Employee Compensation Act Claims; controls in the seized and forfeited property inventory process; and reviews over the Performance and Accountability Report. These deficiencies did not meet the criteria to be reported in the Independent Auditors' Report on U.S. Customs and Border Protection’s FY 2015 Consolidated Financial Statements, dated March 21, 2016.These observations are intended to improve internal control or result in other operating efficiencies.

>Management Letter for the U.S. Customs and Border Protection's FY 2015 Consolidated Financial Statements Audit 		2016

*NDAA, Pub. L. 117-263, section 5274 Response Received. View responses

Return to top of page