Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Fiscal Year
OIG-16-09-D DeKalb County, Georgia, received a $3.3 million grant award from the Georgia Department of Emergency Management, a FEMA grantee, for damages resulting from a September 2009 flood. Our audit objective was to determine whether the County accounted for and expended FEMA funds according to Federal requirements. The County did not account for FEMA funds on a project-by-project basis as Federal regulations and FEMA guidelines require. We also identified $93,620 (Federal share $70,215) of unneeded project funding that FEMA can deobligate and put to better use. Finally, the County’s claim included $411,929 (Federal share $308,947) of unsupported or ineligible costs.

>FEMA Should Recover $505,549 of $3.3 Million in Public Assistance Grant Funds Awarded to DeKalb County, Georgia, for Damages from a September 2009 Flood 		2016
OIG-16-11 Since 2001, FEMA provided first responder organizations with more than $9 billion through the AFG and Staffing for Adequate Fire and Emergency Response (SAFER) programs. According to FEMA, it began using the eGrants system in 2003 to manage the funds awarded through these programs. However, the eGrants system does not comply with Department of Homeland Security (DHS) information system security requirements. Specifically, access to the eGrants system is not controlled or limited because FEMA instructs grantees to share usernames and passwords within the grantee’s organization and with contractors who manage grants. As a result, someone other than the primary point of contact can take action or make changes in eGrants without the grantee’s knowledge. Additionally, in June 2014, DHS’s Office of Cyber Security advised FEMA it should not authorize eGrants to operate because it poses an unacceptable level of risk to the agency. FEMA’s Chief Information Officer acknowledged the high level of risk posed by system deficiencies and vulnerabilities. Despite the known system deficiencies and risks, FEMA authorized the continued use of the system.

>Security Concerns with Federal Emergency Management Agency's eGrants Grant Management System 		2016
OIG-16-10 The Federal Emergency Management Agency (FEMA) has taken steps to improve its IT management since our 2011 audit, but more remains to be done. Specifically, FEMA has developed numerous IT planning documents but has not effectively coordinated, executed, or followed through on these plans. Without effective IT planning, FEMA risks making limited progress improving IT needed to support the agency’s mission. Although FEMA has improved its IT governance through establishing an IT Governance Board, these efforts have not yet been fully effective. FEMA has struggled to implement effective agency-wide IT governance, in part because the Chief Information Officer has not had sufficient control and budget authority to effectively lead the agency’s decentralized IT environment. Without effective agency-wide IT governance, FEMA’s IT environment has evolved over time to become overly complex, difficult to secure, and costly to maintain.

>FEMA Faces Challenges in Managing Information Technology 		2016
OIG-16-12-D The City of Birmingham, Alabama, received a Public Assistance award of $13.2 million from the Alabama Emergency Management Agency, a FEMA grantee, for damages resulting from tornadoes and severe storms in April 2011. We audited projects totaling $11.3 million to determine whether the City accounted for and expended FEMA funds according to Federal requirements. For the projects we reviewed, the City generally accounted for and expended FEMA Public Assistance grant funds according to Federal requirements.

>FEMA The City of Birmingham, Alabama, Generally Managed FEMA Grant Funds for April 2011 Tornadoes and Severe Storms Properly 		2016
OIG-16-13 We conducted this audit to determine whether the Federal Emergency Management Agency (FEMA) and the Colorado Division of Homeland Security and Emergency Management (DHSEM) were sufficiently monitoring the Emergency Management Performance Grant (EMPG) program to ensure that funds were used in accordance with grant program guidelines and other applicable state and Federal laws. DHSEM needs to improve its grants management and internal controls over its financial systems. In addition, it needs to improve its maintenance of supporting documentation for all EMPG transactions, and monitoring of subgrantees. Without adequate grants management, financial controls, and retention of detailed supporting documentation for transactions and EMPG expenditures were not always recorded timely; inaccurate amounts were recorded; grants were improperly closed out; and financial reports submitted to FEMA were inaccurate.

>Oversight of the Colorado Emergency Management Performance Grant Program Needs Improvement 		2016
OIG-16-15 We reviewed the Department of Homeland Security’s (DHS) information security program for intelligence systems in accordance with the Federal Information Security Modernization Act. The objective of our review was to determine whether DHS’ information security program and practices are adequate and effective in protecting the information and the information systems that support DHS’ intelligence operations and assets. We assessed DHS programs for continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones, remote access management, contingency planning, and contractor systems.

>Fiscal Year 2015 Evaluation of DHS' Compliance with FISMA Requirements for Intelligence Systems 		2016
OIG-16-14 The Department of Homeland Security’s (DHS) Port Security Grant Program (PSGP), which is administered by the Federal Emergency Management Agency (FEMA), provides funding to port authorities, facility operators, and other eligible entities to help protect critical port infrastructure from terrorism. FEMA awarded the Lower Mississippi River Port-wide Strategic Security Council (Council) approximately $108 million in PSGP grant funds from fiscal years 2008 to 2013. We determined whether the Council managed, distributed, and spent PSGP funds in compliance with Federal laws, regulations, and guidance. About 73 percent of the nearly $108 million awarded to the Council to protect critical port infrastructure remains unspent. In addition, we identified more than $9.2 million in questioned costs. This occurred because the Council did not always follow Federal laws, regulations, or grant guidance; and FEMA failed to provide proper oversight. As a result, major Lower Mississippi River ports may be less prepared in the event of a terrorist attack.

>Lower Mississippi River Port-wide Strategic Security Council Did Not Always Properly Manage, Distribute, or Spend Port Security Grant Funds 		2016
OIG-16-16 The Secret Service responded immediately to a November 2011 incident in which shots fired from an assault rifle hit the White House and participated in the ensuing investigation. However, the Secret Service did not conduct a formal after action review or a detailed analysis of its protective operations or investigative response, so it is not clear whether protective policies were followed. After the incident, the Secret Service spent at least $17 million to improve infrastructure around the White House and increase patrols; however, without a formal after action review and detailed analysis, the Secret Service cannot be certain these changes were necessary, would have minimized the potential threat, or improved the response to the incident.

>The Secret Service Did Not Identify Best Practices and Lessons Learned from the 2011 White House Shooting Incident 		2016
OIG-16-17 We conducted this audit to determine how human traffickers used legal means to bring potential victims to the United States. We also assessed whether improvements in data quality and exchange could help Department of Homeland Security (DHS) better identify human traffickers. Our match of ICE and USCIS data from 2005 to 2014 indicated that work and fiancé visas were the primary means by which 17 of 32 known traffickers brought victims into the United States. In addition, we determined that 274 subjects of ICE human trafficking investigations successfully petitioned USCIS to bring 425 family members and fiancés into the United States. Available data could not confirm whether or not these cases actually involved human trafficking. ICE and USCIS could improve data quality to facilitate the ability to identify instances of human trafficking.

>ICE and USCIS Could Improve Data Quality and Exchange to Help Identify Potential Human Trafficking Cases 		2016
OIG-16-08 We reviewed the Department of Homeland Security’s (DHS) information security program in accordance with the Federal Information Security Modernization Act of 2014. Our objective was to determine whether DHS’ information security program is adequate, effective, and complies with FISMA requirements. DHS has taken actions to strengthen its information security program. For example, DHS developed and implemented the Fiscal Year 2015 Information Security Performance Plan to define the performance requirements, priorities, and overall goals of the Department. DHS has also taken steps to address the President’s cybersecurity priorities, such as Information Security Continuous Monitoring; Identity, Credential, and Access Management; and anti-phishing and malware defense. Nonetheless, the Department must ensure compliance with information security requirements in other areas.

>Evaluation of DHS' Information Security Program for Fiscal Year 2015 (Revised) 		2016
OIG-16-18 In 2014, West African countries experienced the largest Ebola virus disease (Ebola) outbreak to date. As part of the Department of Homeland Security’s (DHS) response to prevent the spread of Ebola in the United States, DHS instituted additional screening at U.S. ports of entry for passengers traveling from Ebola-affected countries. We conducted this audit to determine whether DHS has effectively implemented its enhanced screening measures to respond to an Ebola outbreak. Although the Department responded quickly to implement domestic Ebola screening with the Department of Health and Human Services (HHS), it did not ensure sufficient coordination, adequate training, and consistent screening of people arriving at U.S. ports of entry. Coordination between DHS, HHS, and other DHS components was not sufficient to ensure all passengers received full screening. Components did not ensure all personnel received adequate training on the screening process or the use of certain protective equipment. Component personnel also did not always follow established Ebola procedures and ensure all identified passengers completed required screening. As a result, some passengers with potential risk of Ebola exposure may have entered the United States without having their temperatures taken or otherwise cleared by health professionals, and the DHS workforce performing the response was not always appropriately protected.

>DHS' Ebola Response Needs Better Coordination, Training, and Execution 		2016
OIG-16-19 DHS does not have adequate oversight of its workforce training. DHS lacks reliable training cost information and data needed to make effective and efficient management decisions. In addition, it does not have an effective governance structure for its training oversight, including clearly defined roles, responsibilities, and delegated authorities. Finally, DHS has not adequately addressed 29 different recommendations to improve training efficiencies made since 2004 by various working groups. As a result, DHS cannot ensure the most efficient use of resources.

>DHS' Oversight of Its Workforce Training Needs Improvement 		2016
OIG-16-21-D The City of Longmont, Colorado (City), needs additional assistance from the Colorado Division of Homeland Security and Emergency Management (Colorado) and the Federal Emergency Management Agency (FEMA) to provide reasonable assurance that it properly manages its $55.1 million FEMA grant. We identified weaknesses in the City’s policies, procedures, and business practices for procurement, insurance, and accounting that place the City in jeopardy of losing its Federal funding. The City received a $55.1 million Public Assistance award for damages from a September 2013 flood. We conducted this audit early in the grant process to identify areas where the City may need additional technical assistance or monitoring to ensure compliance with Federal requirements.

>Longmont and Colorado Officials Should Continue to Improve Management of $55.1 Million FEMA Grant 		2016
OIG-16-22-D Except for minor problems with equipment costs, the City has adequate policies, procedures, and business practices in place to account for and expend FEMA Public Assistance Program grant funds according to Federal regulations and FEMA guidelines. During the audit, we identified $138,959 of ineligible equipment costs and $62,177 of unsupported equipment costs.

>The City of Austin, Texas, Has Adequate Policies and Procedures to Comply with FEMA Public Assistance Grant Requirements 		2016
OIG-16-23-D We audited $4 million of the $6 million of Federal Emergency Management Agency (FEMA) Public Assistance grant funds awarded to the City of San Diego, California (City), for damages resulting from heavy rainfall and flooding that occurred on December 17, 2010, through January 4, 2011. The City generally accounted for FEMA funds adequately, but did not always expend the funds according to Federal regulations and FEMA guidelines.

>FEMA Should Disallow $1.2 Million of $6.0 Million in Public Assistance Program Grant Funds Awarded to the City of San Diego, California 		2016
OIG-16-20 Secret Service has a dual mission of protection and criminal investigations. To support its protective mission, officers carry radios, which are their first line of communication for events such as fence jumpers, suspicious packages, or protests. These radio systems are critical for day-to-day protective operations. Secret Service needs to upgrade the radio systems used around the White House complex, the Vice President’s Residence, and Foreign Diplomatic Embassies. If Secret Service continues to use these outdated radio communications systems, it may negatively impact their protective operations.

>U.S. Secret Service Needs to Upgrade Its Radio Systems (Redacted) 		2016
OIG-16-24-D The City of Tuscaloosa, Alabama (City) received a $40.4 million grant, of which insurance covered all but $10.1 million. The Public Assistance grant was for damages from severe storms, tornadoes, straight-line winds, and flooding that occurred in April and May 2011. We audited $4.2 million of the $10.1 million net amount awarded. The City did not always account for and expend Federal Emergency Management Agency (FEMA) funds according to Federal regulations and FEMA guidelines. These issues occurred primarily because the grantee (Alabama) did not ensure that the City understood and complied with Federal procurement requirements and the process for applying actual insurance proceeds to reduce eligible costs.

>FEMA Should Recover $1.2 Million of $10.1 Million in Grant Funds Awarded to Tuscaloosa, Alabama, for a 2011 Disaster 		2016
OIG-16-27 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Customs and Border Protection’s (CBP) Detailed Accounting Submission. CBP’s management prepared the Table of FY 2015 Drug Control Obligations and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). CBP management was unable to provide supporting documentation for the underlying assumptions used to calculate the total obligations reported in the Table for all Drug Resources by Budget Decision Unit and Function assumptions. As a result, KPMG was unable to complete their review procedures over those assumptions. Except as noted above, nothing came to KPMG’s attention that caused them to believe that the FY 2015 Detailed Accounting Submission is not presented in conformity with the criteria set forth in the Circular.

>Review of U.S. Customs and Border Protection's Fiscal Year 2015 Detailed Accounting Submission 		2016
OIG-16-29 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Coast Guard’s (Coast Guard) Detailed Accounting Submission. Coast Guard’s management prepared the Table of FY 2015 Drug Control Obligations and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Coast Guard’s FY 2015 Detailed Accounting Submission is not presented in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Coast Guard's Fiscal Year 2015 Detailed Accounting Submission 		2016
OIG-16-26 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Customs and Border Protection’s (CBP) fiscal year 2015 Drug Control Performance Summary Report. CBP’s management prepared the Performance Summary Report and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that CBP’s FY 2015 Performance Summary Report is not presented in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Customs and Border Protection's Fiscal Year 2015 Drug Control Performance Summary Report 		2016
OIG-16-31 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on U.S. Immigration and Customs Enforcement’s (ICE) Detailed Accounting Submission. ICE’s management prepared the Table of FY 2015 Drug Control Obligations and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that ICE’s FY 2015 Detailed Accounting Submission is not presented in conformity with the criteria in ONDCP’s Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Immigration and Customs Enforcement's Fiscal Year 2015 Detailed Accounting Submission 		2016
OIG-16-28 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Coast Guard’s (Coast Guard) fiscal year 2015 Drug Control Performance Summary Report. Coast Guard management prepared the Performance Summary Report and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that the Coast Guard’s FY 2015 Performance Summary Report is not presented in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Coast Guard's Fiscal Year 2015 Drug Control Performance Summary Report 		2016
OIG-16-25 In June 2015, we received a hotline complaint that “due to repair cost,” CBP’s contractor in the Border Patrol’s Tucson sector was transporting some detainees in non-air-conditioned vehicles. The complainant also alleged the contractor did not maintain some vehicles adequately and would hide “defective” vehicles from inspection. In August 2015, we conducted unannounced spot inspections of CBP’s contractor’s vehicles in the Tucson sector. The contractor did not hide vehicles from inspection. Through our inspections, we determined the contractor’s vehicles could reach reasonable temperatures or were operating at reasonable temperatures; we also determined that CBP and its contractor had addressed previously known problems with inadequate vehicle air conditioning. Finally, we reviewed the contractor’s maintenance program and determined the contractor has adequate policies, procedures, and processes to maintain detainee transport vehicles, and the Border Patrol’s Tucson sector has sufficient oversight of the contractor’s program.

>Response to Allegations that a U.S. Customs and Border Protection Contractor Transport Detainees in Non-Air-Conditioned Vehicles (Redacted) 		2016
OIG-16-30 KPMG LLP, under contract with the Department of Homeland Security OIG, issued an Independent Accountants’ Report on the U.S. Immigration and Enforcement’s (ICE) fiscal year 2015 Drug Control Performance Summary Report. ICE management prepared the Performance Summary Report and related disclosures to comply with the requirements of the ONDCP Circular, Accounting of Drug Control Funding and Performance Summary, dated January 18, 2013 (Circular). Based on its review, nothing came to KPMG LLP’s attention that caused it to believe that ICE’s FY 2015 Performance Summary Report is not presented in conformity with the criteria in the ONDCP Circular. KPMG LLP did not make any recommendations as a result of its review.

>Review of U.S. Immigration and Customs Enforcement's Fiscal Year 2015 Drug Control Performance Summary Report 		2016
OIG-16-32 The Transportation Security Administration (TSA) awarded a human capital services contract valued at $1.2 billion. We conducted this audit to determine the extent to which TSA is effectively monitoring and enforcing the terms and conditions of the contract. Although TSA ensures the contractor meets the terms and conditions of the human capital services contract, its oversight could be more effective. Specifically, TSA has limited options for holding the contractor accountable for performance deficiencies. There were instances in which TSA did not hold the contractor monetarily accountable for personally identifiable information violations. TSA also did not hold the contractor monetarily liable for noncompliance with statement of work requirements relating to veterans’ preference.

>TSA's Human Capital Services Contract Terms and Oversight Need Strengthening 		2016
OIG-16-34 The mission of CBP’s Special Operations Group (SOG) is to train, organize, equip, resource, and deploy tactical and emergency response personnel worldwide to protect America. Based in El Paso, Texas, SOG plans, coordinates, and executes national, regional, and international level operations. We reviewed the SOG program to determine its cost and effectiveness. We determined that CBP does not have formal performance measures for its SOG program and does not track SOG’s total program cost. The incomplete records of SOG and other components of CBP that support SOG limited the determination of the SOG program’s total cost. SOG program efficiency and effectiveness cannot be accurately determined without total program costs or formal performance measures. As a result, CBP may be missing opportunities to improve effectiveness and identify potential cost savings in the SOG program.

>CBP's Special Operations Group Program Cost and Effectiveness are Unknown 		2016
OIG-16-33-D The City of Boulder, Colorado, received a FEMA grant award of $19 million for damages resulting from severe storms, flooding, landslides, and mudslides that occurred during September 2013. We conducted this audit early in the grant process to identify areas where the City may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The City’s policies, procedures, and business practices are adequate to account for and expend Public Assistance grant funds according to Federal regulations and FEMA guidelines. The City accounted for and properly supported disaster-related costs on a project-by-project basis. Additionally, the City has adequate procurement policies and procedures in place that are consistent with applicable Federal procurement standards. Moreover, the City’s insurance procedures and practices are adequate to ensure that the City can properly manage anticipated insurance proceeds. Therefore, the City can provide FEMA and Colorado (FEMA’s grantee) reasonable assurance that it has the capacity to comply with Federal grant requirements for this disaster.

>Boulder, Colorado, Has Adequate Policies, Procedures, and Business Practices to Manage Its FEMA Grant Funding 		2016
OIG-16-35-D The Town of Jamestown, Colorado, (Town) received a $10.4 million Federal Emergency Management Agency (FEMA) grant award for damages resulting from severe storms, flooding, landslides, and mudslides that occurred in September 2013. We conducted this audit early in the grant process to identify areas where the Town may need additional technical assistance or monitoring to ensure compliance with Federal requirements. Most of the Town’s policies, procedures, and business practices are adequate to account for and expend Public Assistance grant funds according to Federal regulations and FEMA guidelines. The Town accounted for disaster-related costs on a project-by-project basis. The Town also has adequate procurement policies and procedures in place that are consistent with Federal procurement standards. Further, the Town’s insurance procedures and practices are adequate to ensure that the Town can properly manage anticipated insurance proceeds. Although the Town had adequate policies, procedures, and business practices, at the time of our audit, the Town lacked the personnel with the necessary financial expertise to perform financial management activities according to Federal standards.

>Jamestown, Colorado, Needs Additional Assistance and Monitoring to Ensure Proper Management of Its $10.4 Million FEMA Grant 		2016
OIG-16-36-D The University of Wisconsin-Superior received an $8.6 million FEMA grant from Wisconsin Emergency Management, and FEMA grantee, for damages resulting from severe storms and flooding in June 2012. Our audit objective was to determine whether the University accounted for and expended FEMA funds according to Federal requirements. The University effectively accounted for and expended FEMA Public Assistance grant funds according to Federal regulations and FEMA guidelines.

>The University of Wisconsin-Superior Effectively Managed FEMA Grant Funds Awarded for Severe Storms and Flooding in June 2012 		2016
OIG-16-37 To sustain border security, U.S. Customs and Border Protection (CBP) has established permanent facilities in forward or remote locations, called Forward Operating Bases. We determined whether Forward Operating Bases provide adequate living conditions, security, and safety for employees. Of the seven Forward Operating Bases we inspected along the southwest border, six have adequate living conditions. One Forward Operating Base has security issues, safety and health concerns, and inadequate living conditions. At the other six Forward Operating Bases, we identified security issues, such as inoperable security cameras, as well as an ongoing challenge to provide safe drinking water. In addition, we determined that CBP is not performing all required Forward Operating Base inspections or adequately documenting maintenance and repairs. Without regular inspections and timely maintenance and repairs, CBP cannot ensure it will continue to provide adequate security, safety, and living conditions for its personnel working at these remote facilities.

>Conditions at CBP's Forward Operating Bases along the Southwest Border (Redacted) 		2016
OIG-16-38-D Oakwood Healthcare System, Inc. (Hospital), in Dearborn, Michigan, received a gross award of $15.2 million from the Michigan State Police Emergency Management and Homeland Security Division (Michigan), and FEMA grantee, for damages resulting from severe storms and flooding in August 2014. The Hospital did not always account for and expend FEMA grant funds according to Federal regulations and FEMA guidelines. Although the Hospital competitively awarded contracts for most non-exigent work, it did not always take the required affirmative steps to ensure the use of small and minority firms, women’s business enterprises, and labor surplus area firms when possible; and did not include all required contract provisions in its contracts. However, we did not question the costs because insurance proceeds covered essentially all the repair costs except for the insurance deductible. We also found that the Hospital did not initially account for labor costs properly. However, after we identified the improperly supported costs, Hospital employees corrected the records to reflect actual costs the Hospital incurred.

>Oakwood Healthcare System, Dearborn, Michigan, Needed Additional Assistance in Managing its FEMA Public Assistance Grant Funding 		2016
OIG-16-40-D Colorado Springs Utilities, Colorado (Utilities), received a $937,367 Public Assistance grant for damages from storms occurring May through June 2015. We conducted this audit early in the grant process to identify areas where the Utilities may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The Utilities has established policies, procedures, and business practices to account for and expend Federal Emergency Management Agency (FEMA) Public Assistance grant funds according to Federal regulations and FEMA guidelines. Therefore, if the Utilities follow those policies, procedures, and business practices, FEMA has reasonable assurance that the Utilities will properly manage its FEMA grant.

>Colorado Springs Utilities, Colorado, Has Adequate Policies, Procedures, and Business Practices to Effectively Manage Its FEMA Public Assistance Grant Funding 		2016
OIG-16-39 In fiscal year 2014, DHS spent a total of $12.5 billion using interagency agreements. Past Office of Inspector General audit reports found that a component used Intra/Interagency Reimbursable Work Agreements (RWA) to bypass key internal controls rather than properly implement Interagency Acquisitions. We conducted a department-wide audit to determine whether DHS’s use of RWAs is in compliance with statutory, regulatory, departmental, and component requirements. Components are not issuing RWAs in compliance with the Department’s policy. Specifically, 100 percent of the 43 RWAs we tested—totaling approximately $88 million—had not been reviewed by a Certified Acquisition Official (CAO). In January 2015, DHS issued a policy requiring components to have a CAO review RWAs to ensure they are being issued properly prior to obligating funds. The CAO plays a critical role in ensuring high-risk transactions receive proper oversight. However, 70 percent of the RWAs we tested did not include enough information for a CAO to make an informed decision. DHS did not ensure components updated their policies and procedures to reflect the new requirements. Without a CAO review, components may continue to improperly issue RWAs, circumventing acquisition controls.

>DHS Needs to Improve Implementation of OCFO Policy Over Reimbursable Work Agreements 		2016
OIG-16-41 In 2011, the former FEMA Chief Security Officer hired two employees with criminal convictions in their backgrounds. Our analysis of employee records from 2011 to 2014 in the Office of the Chief Security Officer’s Fraud and Internal Investigations Division disclosed two more employees with criminal conduct in their backgrounds. FEMA’s Office of the Chief Security Officer no longer employs these four individuals. FEMA premium pay records from 2011 to 2014 for employees in the Fraud and Internal Investigations Division showed that division management allowed employees to violate FEMA’s premium pay policy for compensatory time in 2014; premium pay requests from the same period did not reveal any overtime violations. As a result of hiring employees with criminal backgrounds or conduct, the Office of the Chief Security Officer spent $349,944 unnecessarily. Finally, from 2013 to 2014, the Office of the Chief Security Officer misused the Disaster Relief Fund by allowing employees to perform non-disaster­related activities, which violates the Stafford Act and may also be a potential Antideficiency Act violation.

>Response to Allegations of Mismanagement in FEMA's Office of the Chief Security Office 		2016
OIG-14-64 (Revised) Our audit objective was to determine whether the Department of Homeland Security (DHS) complied with the Act in fiscal year 2013. In addition, we also evaluated the accuracy and completeness of DHS’ improper payment reporting and its efforts to reduce and recover improper payments for fiscal year 2013. Although DHS met all the reporting requirements of the Act, it did not meet its annual reduction targets established for each program deemed susceptible to improper payments. As such, we concluded that DHS did not fully comply with IPERA. We reviewed the accuracy and completeness of DHS’ improper payment reporting and DHS’ efforts to reduce and recover improper payments.

>Department of Homeland Security’s FY 2013 Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised) 		2014
OIG-13-47 In fiscal year 2010, the Federal Government’s total improper payment amount was at a high of $121 billion. In that same year, Congress passed the Improper Payments Elimination and Recovery Act of 2010.(IPERA or the Act) in an effort to reduce improper payments. Our audit objective was to determine whether DHS complied with the Act. Although DHS met all the reporting requirements of the Act, it did not meet its annual reduction targets established for each high‐risk program as required by the Office of Management and Budget. As such, we concluded that DHS did not fully comply with IPERA.

>Department of Homeland Security’s FY 2012 Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised) 		2013
OIG-16-42-D At the time of our audit, the Federal Emergency Management Agency (FEMA) estimated that the City of Colorado Springs, Colorado, (City) had sustained approximately $3.6 million in damages from storms in 2015. We conducted this audit early in the grant process to identify areas where the City may need additional technical assistance or monitoring to ensure compliance with Federal requirements. The City has established policies, procedures, and business practices to account for and expend FEMA Public Assistance grant funds according to Federal regulations and FEMA guidelines. Therefore, if the City follows those policies, procedures, and business practices, FEMA has reasonable assurance that the City will properly manage its FEMA grant.

>Colorado Springs, Colorado, Has Adequate Policies, Procedures, and Business Practices to Effectively Manage Its FEMA Public Assistance Grant Funding 		2016
OIG-15-94 (Revised) Our objective was to determine whether the Department of Homeland Security (DHS) complied with the Improper Payments Elimination and Recovery Act of 2010 (IPERA). We also evaluated the accuracy and completeness of DHS’ improper payment reporting and DHS’ performance in reducing and recapturing improper payments. Although DHS met all the reporting requirements of IPERA, it did not meet its annual reduction targets established for each high-risk program as required by OMB. As such, we concluded that DHS did not fully comply with IPERA.

>Department of Homeland Security's FY 2014 Compliance with the Improper Payments Elimination and Recovery Act of 2010 (Revised) 		2015
OIG-16-43-D The Authority received an $8.04 million Public Assistance grant award from the Puerto Rico Emergency Management Agency (Puerto Rico), a FEMA grantee, for damages resulting from Hurricane Irene in August 2011. Our audit objective was to determine whether the Authority accounted for and expended FEMA funds according to Federal requirements. The Puerto Rico Electric Power Authority, Puerto Rico, (Authority) generally accounted for and expended Public Assistance grant funds according to Federal regulations and Federal Emergency Management Agency (FEMA) guidelines. However, the Authority did not comply with the Single Audit Act, which requires non-Federal entities that expend $500,000 or more in a year in Federal awards to obtain a single or program-specific audit for that year. Although the Authority did not take steps to ensure that it met the Single Audit Act requirements, Puerto Rico, as grantee, is responsible for ensuring that its subgrantee (the Authority) is aware of and complies with grant requirements. As a result of this deficiency, FEMA and Puerto Rico did not have an opportunity to review the Single Audit report that would have made them aware of any potential issues with the Authority’s administration of the FEMA grant.

>The Puerto Rico Electric Power Authority Effectively Managed FEMA Public Assistance Grant Funds Awarded for Hurricane Irene in August 2011 		2016
OIG-16-44 We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2015. KPMG, LLP evaluated selected general IT controls and business process application controls at the United States Coast Guard (Coast Guard). KPMG, LLP determined that Coast Guard took corrective actions to address one prior-year IT control deficiency. Specifically, Coast Guard made improvements over implementing certain account management and audit log controls. KPMG, LLP continued to identify general IT controls deficiencies related to access controls, segregation of duties, and configuration management of Coast Guard’s core financial and feeder systems. In many cases, new control deficiencies reflected weaknesses over controls and systems that were new to the scope of the FY15 audit Such deficiencies limited Coast Guard’s ability to ensure that critical financial and operational data were maintained in such a manner to ensure confidentiality, integrity, and availability.

>Information Technology Management Letter for the United States Coast Guard Component of the FY 2015 Department of Homeland Security Financial Statement Audit 		2016
OIG-16-47 FEMA does not provide adequate oversight of the WYO program under the National Flood Insurance Program (NFIP). Specifically, FEMA is not using the results from its Financial Control Plan reviews to make program improvements; is not performing adequate oversight of the Special Allocated Loss Adjustment Expense reimbursement process; and does not have adequate internal controls to provide proper oversight of the appeals process. These conditions exist because FEMA does not have adequate guidance, resources, or internal controls. As a result of this inadequate oversight, FEMA is unable to ensure that WYO companies are properly implementing the NFIP and is unable to identify systemic problems in the program. Furthermore, without adequate internal controls in place, FEMA’s NFIP funds may be at risk for fraud, waste, abuse, or mismanagement.

>FEMA Does Not Provide Adequate Oversight of Its National Flood Insurance Write Your Own Program 		2016
OIG-16-46 KPMG, LLP evaluated selected general IT controls and business process application controls at the Federal Emergency Management Agency (FEMA). KPMG, LLP determined that FEMA took corrective actions to address certain prior-year IT control deficiencies. For example, FEMA made improvements by designing and consistently implementing certain account management and configuration management controls. However, KPMG, LLP continued to identify general IT control deficiencies related to security management, access controls, segregation of duties, configuration management, and contingency planning for FEMA’s core financial and feeder systems. Collectively, these deficiencies limited FEMA’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.

>Information Technology Management Letter for the Federal Emergency Management Agency Component of the FY 2015 Department of Homeland Security Financial Statement Audit 		2016
OIG-16-45 KPMG LLP evaluated selected general IT controls, IT entity-level controls, and business process application controls at DHS components. KPMG determined that the DHS components had made progress in remediating certain IT deficiencies we reported in FY 2014. Approximately 48 percent of the prior year IT deficiencies identified were repeated. The majority of the deficiencies identified by KPMG resulted from a lack of properly documented, fully designed and implemented, adequately detailed, and consistently implemented financial system controls to comply with requirements of DHS Sensitive Systems Policy Directive 4300A, Information Technology Security Program, and National Institute of Standards and Technology guidance. The deficiencies collectively limited DHS’ ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. The deficiencies at Customs and Border Protection, the United States Coast Guard, the Federal Emergency Management Agency, and U.S. Immigration and Customs Enforcement adversely impacted the internal controls over DHS’ financial reporting and its operation, and collectively represent a material weakness reported in the FY 2015 DHS Agency Financial Report.

>Information Technology Management Letter for the FY 2015 Department of Homeland Security Financial Statement Audit 		2016
OIG-16-48 Since 2005, USCIS has worked to transform its paper-based processes into an integrated and automated immigration benefits processing environment. As we previously reported, past automation attempts have been hampered by ineffective planning, multiple changes in direction, and inconsistent stakeholder involvement. Current USCIS efforts to automate immigration benefits processing also could be improved. Although USCIS deployed the Electronic Immigration System (ELIS) in May 2012, to date only two of approximately 90 types of immigration benefits and services are available for online customer filing. The current ELIS approach also has not ensured stakeholder involvement, performance metrics, system testing, or user support needed for ELIS to be effective. As it struggles to address these issues, USCIS now estimates that it will take three more years—over four years longer than estimated—and an additional $1 billion to automate all benefit types as expected. Until USCIS fully implements ELIS with all the needed improvements, the agency will remain unable to achieve its workload processing, customer service, and national security goals.

>USCIS Automation of Immigration Benefits Processing Remains Ineffective 		2016
OIG-16-49 FEMA’s Homeland Security Grant Program (HSGP) provides funds to state, territorial, local, and tribal governments to enhance their ability to prepare for, prevent, protect, respond to, and recover from terrorist attacks, major disasters, and other emergencies. FEMA has not adequately analyzed recurring Office of Inspector General recommendations to implement permanent changes to improve its oversight of HSGP. This occurred because FEMA has not clearly communicated internal roles and responsibilities, and does not have policies and procedures for conducting substantive trend analysis of audit recommendations. Without sufficiently analyzing audit findings and recommendations, FEMA may not be able to develop proactive solutions to recurring and systemic problems, resulting in missed opportunities to improve the management and oversight of its HSGP.

>Analysis of Recurring Audit Recommendations Could Improve FEMA's Oversight of HSGP 		2016
OIG-16-53-D FROM: John E. McCoy II

Assistant Inspector General for Audits

SUBJECT: Office of Inspector General Emergency Management Oversight Team Deployment Audits

Audit Report Numbers OIG-13-84, OIG-13-117, OIG-13-124, OIG-14-50-D, OIG-14-111-D, OIG-15-92-D, OIG-15-102-D, OIG-15-105-D, OIG-16-53-D, OIG-16-85-D, OIG-16-106-D, OIG-17-37-D

After completing an internal review of our audits related to multiple Emergency Management Oversight Team (EMOT) projects, we have decided to permanently remove the subject reports from our public website.

Our internal review found the subject reports may not have adequately answered objectives and, in some cases, may have lacked sufficient and appropriate evidence to support conclusions. Answering objectives with sufficient and appropriate evidence is required under Government Auditing Standards or Quality Standards for Inspection and Evaluation. In an abundance of caution, we believe it best to recall the reports and not re-issue them.

Going forward, our EMOTs will deploy during the response phase of a disaster to identify and alert the Federal Emergency Management Agency (FEMA) and its stakeholders of potential issues or risks if they do not follow FEMA and other Federal requirements. The EMOT’s reviews will not be conducted under Government Auditing Standards. The teams will continue to observe and identify potential risk areas that will be addressed by future traditional audits, if necessary.

A complete list of the projects removed from our website is attached. You should not place any reliance on these reports.

Please contact me at (202) 254-4100 if you have any questions.

>FEMA's Initial Response to the Severe Storms and Flooding in South Carolina 		2016
OIG-16-52-D The Pueblo of Jemez, New Mexico (Pueblo), received a Public Assistance grant award of $1.6 million from the New Mexico Department of Homeland Security and Emergency Management (New Mexico), a Federal Emergency Management Agency (FEMA) grantee, for damages from severe storms, flooding, and mudslides that occurred in September 2013. The Pueblo accounted for disaster costs on a project-by-project basis. However, the Pueblo did not follow Federal procurement standards in awarding five contracts totaling $312,117. As a result, full and open competition did not occur and FEMA has no assurance that small and minority businesses and women’s business enterprises had sufficient opportunities to bid on federally funded work. In some instances, FEMA also has no assurance that costs were reasonable.

>FEMA Should Recover $312,117 of $1.6 Million Grant Funds Awarded to the Pueblo of Jemez, New Mexico 		2016
OIG-16-54 In the independent auditors’ opinion, the financial statements present fairly, in all material respects, CBP’s financial position as of September 30, 2015. The report identifies four significant deficiencies in internal control, two of which are considered material weaknesses. The material weaknesses are in drawback of duties, taxes, and fees and information technology. The two other significant deficiencies were in internal control in the entry process and entity-level controls.

>Independent Auditors' Report on U.S. Customs and Border Protection's FY 2015 Consolidated Financial Statements 		2016
OIG-16-50 KPMG, LLP evaluated selected general IT controls and business process application controls at the Transportation Security Administration (TSA). KPMG, LLP determined that TSA made improvements over consistently implementing certain technical account security controls and audit log reviews. However, KPMG continued to identify general IT control deficiencies (GITCs) related to access controls for TSA’s core financial and feeder systems. New control deficiencies reflected weaknesses over controls for systems that were new to the scope of testing GITCs for the FY 2015 audit. The conditions supporting our findings collectively limited TSA’s ability to ensure that critical financial and operational data were maintained in such a manner to ensure confidentiality, integrity, and availability.

>Information Technology Management Letter for the Transportation Security Administration Component of the FY 2015 Department of Homeland Security Financial Statement Audit 		2016
OIG-16-56 We contracted with the independent public accounting firm KPMG, LLP to perform the audit the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2015. KPMG evaluated select general information technology controls (GITCs), entity level controls, and business process application controls at the Federal Law Enforcement Training Center (FLETC). KPMG determined that FLETC took corrective action to address certain prior IT control deficiencies. For example, FLETC made improvements by designing and consistently implementing controls related to the separation and termination of contractors. However, KPMG continued to identify GITC deficiencies related to access controls and configuration management for FLETC’s core financial systems. The conditions supporting our findings collectively limited FLETC’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.

>Information Technology Management Letter for the Federal Law Enforcement Center Component of the FY 2015 Department of Homeland Security Financial Statement Audit 		2016

*NDAA, Pub. L. 117-263, section 5274 Response Received. View responses

Return to top of page