DHS could not provide any performance measures and provided only limited data to demonstrate the full extent or effectiveness of its efforts to enforce wildlife trafficking laws.  In addition, CBP personnel inconsistently recorded data on wildlife encounters, and ICE Homeland Security Investigations (HSI) special agents did not always completely or accurately record actions and data related to wildlife trafficking.  CBP personnel also did not always demonstrate that they involved ICE HSI special agents when suspecting wildlife trafficking crimes.  Finally, DHS did not establish performance goals to measure the results of its efforts to combat wildlife trafficking.  We attributed these issues to DHS, CBP, and ICE not providing adequate oversight, including clear and comprehensive policies and procedures, of wildlife trafficking efforts.  As a result, DHS may be missing opportunities to curtail the spread of zoonotic viruses and disrupt transnational criminal organizations that use the same networks for other illicit trafficking, such as narcotics, humans, and weapons.  We made one recommendation to improve the Department’s efforts to combat wildlife trafficking.  The Department concurred with the recommendation and provided a plan to improve its efforts.

In May 2020, the Deputy Under Secretary for Management formally documented the Department’s risk acceptance to allow the Coast Guard to meet FISMA requirements according to Department of Defense, rather than DHS’ reporting requirements.  The Deputy Under Secretary for Management’s decision adversely affected our ability to evaluate the Department’s enterprise-wide information program under this year’s OIG reporting metrics.  Nonetheless, when evaluating the overall effectiveness of DHS’ information security program for FY 2020 FISMA, our rating does not include the Coast Guard.  DHS’ information security program earned a maturity rating of “Managed and Measurable” (Level 4) in three of five functions.  DHS can further improve the effectiveness of its information security program by ensuring components execute all its policies and procedures.  We made four recommendations in our report, with one to the DHS Chief Information Officer, one to the S&T Chief Information Officer, one to the Secret Service Chief Information Officer, and one to the FEMA Chief Information Officer.  The Department concurred with all four recommendations.

TSA acquired CT systems that did not address all needed capabilities.  These issues occurred because the Department of Homeland Security did not provide adequate oversight of TSA’s acquisition of CT systems.  DHS is responsible for overseeing all major acquisitions to ensure they are properly planned and executed and meet documented key performance thresholds.  However, DHS allowed TSA to use an acquisition approach not recognized by DHS’ acquisition guidance.  In addition, DHS allowed TSA to deploy the CT system even though it did not meet all TSA key performance parameters.  DHS also did not validate TSA’s detection upgrade before TSA incorporated it into the CT system.  As a result, TSA risks spending over $700 million in future appropriated funding to purchase CT systems that may never fully meet operational mission needs.  We made three recommendations to improve DHS’ oversight of TSA’s CT systems acquisition.  DHS concurred with all three recommendations.  

DHS did not fully comply with the public law.  TSA and the Coast Guard prepared, and DHS submitted, a CAP to Congress in June 2020.  Although the CAP identified corrective actions for one area, it did not address four issues we consider significant.  We recommended that DHS, in consultation with TSA and Coast Guard, re-evaluate the assessment to determine if further corrective actions are needed or justify excluding significant issues from the CAP.  DHS did not concur with the recommendation, but we consider DHS’ actions partially responsive to the recommendation. We consider the recommendation open and unresolved.

U.S. Customs and Border Protection (CBP) does not conduct COVID-19 testing for migrants who enter CBP custody and is not required to do so.  Instead, CBP relies on local public health systems to test symptomatic individuals.  According to CBP officials, as a frontline law enforcement agency, it does not have the necessary resources to conduct such testing.  For migrants that are transferred or released from CBP custody into the United States, CBP coordinates with DHS, U.S. Immigration and Customs Enforcement, U.S. Department of Health and Human Services, and other Federal, state, and local partners for COVID-19 testing of migrants.  In addition, although DHS generally follows guidance from the Centers for Disease Control and Prevention for COVID-19 preventative measures, the DHS’ multi-layered COVID-19 testing framework does not require CBP to conduct COVID-19 testing at CBP facilities.  Further, DHS’ Chief Medical Officer does not have the authority to direct or enforce COVID-19 testing procedures.  We recommended DHS reassess its COVID-19 response framework to identify areas for improvement to mitigate the spread of COVID-19 while balancing its primary mission of securing the border.  Additionally, we recommended DHS ensure the components continue to coordinate with the DHS Chief Medical Officer and provide available resources needed to operate safely and effectively during the COVID-19 pandemic and any future public health crisis.  We made two recommendations to improve DHS’ response to COVID-19 at the southwest border.  DHS concurred with both recommendations.

We determined DHS did not comply with Payment Integrity Information Act of 2019 (PIIA)  in fiscal year 2020 because it did not achieve and report an improper payment rate of less than 10 percent for 2 of 12 programs reported in its FY 2020 Agency Financial Report.  DHS complied with Executive Order 13520 by properly compiling and making available to the public its FY 2020 Quarterly High-Dollar Overpayment reports.  We made two recommendations to DHS to follow Office of Management and Budget requirements and ensure the Federal Emergency Management Agency continues its remediation process to reduce improper payments.  DHS concurred with both recommendations. 

DHS generally met deadlines for responding to simple Freedom of Information Act (FOIA) requests, it did not do so for most complex requests.  A significant increase in requests received, coupled with resource constraints, limited DHS’ ability to meet production timelines under FOIA, creating a litigation risk for the Department.  Additionally, DHS has not always fully documented its search efforts, making it difficult for the Department to defend the reasonableness of the searches undertaken.  With respect to responding to congressional requests, we determined DHS has established a timeliness goal of 15 business days or less; however, on average, it took DHS nearly twice as long to provide substantive responses to Congress, with some requests going unanswered for up to 450 business days.  Further, DHS redacted personal information in its responses to congressional committee chairs even when disclosure of the information was statutorily permissible.  This was a descriptive report and contained no recommendations.  In its response, DHS acknowledged FOIA backlogs remain a problem, despite increasing requests processed.  DHS stated its process responding to congressional requests varies greatly and that its redactions are appropriate.

DHS’ capability to counter illicit Unmanned Aircraft Systems (UAS) activity remains limited.  The Office of Strategy, Policy, and Plans did not execute a uniform department-wide approach, which prevented components authorized to conduct counter-UAS operations from expanding their capabilities.  This occurred because the Office of Policy did not obtain funding as directed by the Secretary to expand DHS’ counter-UAS capability.  We made four recommendations to improve the Department’s management and implementation of counter-UAS activities.  The Office of Strategy, Policy, and Plans concurred with all four of our recommendations.      

DHS complied with the Improper Payments Elimination and Recovery Act (IPERA) in fiscal year 2019 by meeting all six of the IPERA requirements.  DHS also complied with Executive Order 13520, Reducing Improper Payments.  Additionally, we reviewed DHS’ processes and procedures for estimating its annual improper payment rates.  Based on our review, we determined DHS did not provide adequate oversight of the components’ improper payment testing and reporting.  We made one recommendation to DHS’ Risk Management and Assurance Division to properly follow the requirements in the DHS Improper Payment Reduction Guidebook. 

DHS does not have a unified approach for procuring and using handheld chemical identification devices despite the widespread use of these devices across multiple components.  We recommended DHS establish a process to coordinate joint needs across components and maximize savings from strategic sourcing opportunities.  We made two recommendations that should help improve unity of effort in procuring and using handheld chemical identification devices.  DHS concurred with recommendation 1 but did not concur with recommendation 2.