NPPD

National Protection and Programs Directorate (NPPD) Chief of Staff requested a review to determine whether Federal Protective Service (FPS) inspectors’ positions were classified correctly for purposes of earning overtime under the Fair Labor Standards Act. Although properly classified as non-exempt, inspectors’ excessive use of overtime does raise significant concerns. Specifically, 11 of the 19 inspectors reviewed frequently worked multiple 17- to 21-hour shifts with no days off in between. This kind of extensive overtime allowed seven inspectors to earn more than the most senior executives in the Federal Government, with three earning more than the Vice President of the United States. Furthermore, FPS’ increasing use of overtime contributed to a projected budget shortfall for fiscal year 2018, potentially putting the FPS mission at risk. The inspectors were able to accumulate the extensive overtime because of poor internal controls, such as management not monitoring the use of overtime.

The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2018.

KPMG issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2018. The report identifies the following six significant deficiencies in internal control, the first two of which are considered material weaknesses, and four instances where DHS did not comply with laws and regulations.

The Department faces challenges to effectively sharing cyber threat information across Federal and private sector entities. Without acquiring a cross-domain information processing solution and automated tools, DHS cannot analyze and share threat information timely. Further, without enhanced outreach, DHS cannot increase participation and improve coordination of information sharing across Federal and private organizations.

 

KPMG, under contract with DHS OIG, audited the National Protection and Programs Directorate’s financial statements and internal control over financial reporting.  The resulting management letter discusses 14 observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies in several processes including revenue accrual, personnel actions, journal entry reviews, performance reviews, contract expense approvals, time keeping, and intra-governmental payment and collection expense approvals.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

Most of the deficiencies identified by the independent accounting firm KPMG, LLP were related to access controls and configuration management for NPPD’s core financial and feeder systems. The deficiencies collectively limited NPPD’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. We recommend that NPPD, in coordination with the Department of Homeland Security’s Chief Information Officer and Acting Chief Financial Officer, make improvements to NPPD’s financial management systems and associated information technology security program