DHS

Annual report, Major Management and Performance Challenges Facing the Department of Homeland Security. Pursuant to the Reports Consolidation Act of 2000, the Office of Inspector General is required to issue a statement that summarizes what the Inspector General considers to be the most serious management and performance challenges facing the agency and briefly assess the agency’s progress in addressing those challenges. We acknowledge past and ongoing efforts by Department’s senior leadership to address the challenges identified in this report. At the same time, our aim in this report is two-fold ― to identify areas that need continuing focus and improvement and to point out instances in which senior leadership’s goals and objectives are not executed throughout the Department. We highlight persistent management and performance challenges that hamper the Department’s efforts to accomplish the homeland security mission efficiently and effectively.

Since FY 2014, DHS improved conference spending reporting and implemented policies and procedures to ensure proper oversight and accurate and timely reporting. However, we found instances where DHS did not comply with annual conference reporting requirements. The Department failed to report two conferences costing more than $100,000 each. The Department also did not always report all hosted conferences costing more than $20,000 to OIG within 15 days of the conclusion of each conference. In addition, the Department did not always properly record actual costs accurately and within 45 days of the conclusion of each conference. Although DHS did not always comply with reporting requirements, in most cases, its FY 2016 conference expenses appeared appropriate, reasonable, and necessary.

Between January 2016 and April 2017, DHS OIG received dozens of allegations regarding a variety of issues at the FLETC facility in Glynco, Georgia. Following extensive investigation, DHS OIG determined that many of the allegations could not be substantiated. However, with respect to certain other allegations, DHS OIG’s findings indicate that some of FLETC’s senior managers, including former Director Connie Patrick, failed to exercise the judgment, stewardship, and leadership expected of DHS senior officials. This report focuses on two specific allegations that exemplify the broader issues uncovered by DHS OIG’s investigation. Many of the allegations DHS OIG received regarding FLETC related to the official travel of the former FLETC Director, Connie Patrick. Patrick served as the Director of FLETC from 2002 until her retirement in June 2017. During this time, she frequently traveled domestically and internationally on FLETC-related business. DHS OIG conducted an extensive review of Patrick’s travel for the period January 15, 2014 through June 23, 2016 to identify any instances of impropriety. In addition to multiple complaints about Patrick’s alleged noncompliance with federal, DHS, and FLETC travel rules and regulations, DHS OIG received complaints alleging that Patrick pressured FLETC managers to hire her husband, John Patrick (JP), for a term position within the FLETC Law Enforcement Leadership Institute (LELI). DHS OIG’s investigation determined that JP was hired to a term position with LELI on January 3, 2010 and completed the term on September 11, 2011 — all during Patrick’s tenure as Director of FLETC

Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. Since our FY 2016 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices. In addition, the United States Coast Guard is in the process of migrating its intelligence users to a system that is jointly managed by the Defense Intelligence Agency and the National Geospatial Agency.

We reviewed DHS’ information security program in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). Our objective was to determine whether DHS’ information security program and practices were adequate and effective in protecting the information and information systems that supported DHS’ operations and assets in fiscal year 2017.

Department of Homeland Security (DHS) Under Secretary for Intelligence and Analysis (USIA) David J. Glawe used a personal email account to send an invitation to his ceremonial swearing-in event to staff members of the United States Senate Committee on Homeland Security and Governmental Affairs. Because the invitation came from a non-DHS email account and resembled a phishing email, Senator Claire McCaskill asked the DHS Office of Inspector General to review the circumstances surrounding the invitation

Following news reports that U.S. Customs and Border Protection (CBP) personnel implementing Executive Order#13769 (EO) “Protecting the Nation from Foreign Terrorist Entry into the United States”(January 27, 2017) potentially violated the civil rights of individual travelers, we received a congressional request to investigate DHS’s implementation of the EO. In response, we investigated how DHS and CBP, the DHS entity primarily responsible for implementation of the EO, responded to challenges presented by the EO, including the consequence of court orders and CBP’s compliance with them. In our investigation, we found that CBP was caught by surprise when the President issued the EO on January 27, 2017. DHS had little opportunity to prepare for and respond to basic questions about which categories of travelers were affected by the EO. We found that the bulk of travelers affected by the EO who arrived in the United States, particularly LPRs, received national interest waivers. In addition, we observed that the lack of a public or congressional relations strategy significantly hampered CBP and harmed its public image.

The DATA Act required the OIG to review a statistically valid sample of DHS’ fiscal year 2017, 2nd quarter spending data posted on USASpending.gov and to submit to Congress a report assessing the data’s completeness, timeliness, quality, and accuracy; and DHS’ implementation and use of Government-wide financial data standards. The Digital Accountability and Transparency Act of 2014 (DATA Act) required DHS to submit, by May 2017, complete, accurate, and timely spending data to the Department of the Treasury (Treasury) for publication on USASpending.gov beginning with the 2nd quarter of FY 2017. DHS successfully certified and submitted its FY 2017/Q2 spending data for posting on USASpending.gov in April 2017. Although DHS met the DATA Act’s mandated submission deadline, we identified issues concerning the completeness and accuracy of its first data submission that hinders the quality and usefulness of the information.
 

Department leadership must commit itself to ensuring DHS operates more as a single entity. rather than a collection of components. The lack of progress in reinforcing a unity of effort translates to a missed opportunity for greater effectiveness. Second, Department leadership must establish and enforce a strong internal control environment typical of a more mature organization. The current environment of relatively weak internal controls affects all aspects of the Department’s mission, from border protection to immigration enforcement and from protection against terrorist attacks and natural disasters to cybersecurity. We have seen little evidence of proactive effort by leadership to view the organization holistically, to forcefully communicate the need for cooperation among components, and to establish programs or policies that ensure unity, even though such effort is a necessary precondition to unified action.
 

We determined that due to changes DHS made to the process, political appointees do not influence Freedom of Information Act (FOIA) processors to delay or withhold the release of FOIA information.  Unlike the former process, the new process does not provide opportunities for political appointees in headquarters to inappropriately interfere with releases of significant FOIA information, and we did not identify any instances in which headquarters officials used the process to engage in those activities.  However, because DHS has not issued final guidance for the process, it is vulnerable to misuse in the future.  We recommended that the Chief FOIA Officer/Chief Privacy Officer issue final guidance on the 1-Day Awareness Notification Process.  The guidance should state 1) the purpose of the process is to inform senior officials of the imminent release of information that may raise public interest and 2) FOIA staff determine whether information should be released or withheld under FOIA’s exceptions and exemptions.