MGMT

The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2018.

KPMG issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2018. The report identifies the following six significant deficiencies in internal control, the first two of which are considered material weaknesses, and four instances where DHS did not comply with laws and regulations.

Annual report, Major Management and Performance Challenges Facing the Department of Homeland Security. Pursuant to the Reports Consolidation Act of 2000, the Office of Inspector General is required to issue a statement that summarizes what the Inspector General considers to be the most serious management and performance challenges facing the agency and briefly assess the agency’s progress in addressing those challenges. We acknowledge past and ongoing efforts by Department’s senior leadership to address the challenges identified in this report. At the same time, our aim in this report is two-fold ― to identify areas that need continuing focus and improvement and to point out instances in which senior leadership’s goals and objectives are not executed throughout the Department. We highlight persistent management and performance challenges that hamper the Department’s efforts to accomplish the homeland security mission efficiently and effectively.

DHS did not complete an assessment of the security value of the Transportation Worker Identification Credential (TWIC) program as required by law.  This occurred because DHS experienced challenges identifying an office responsible for the effort.  As a result, Coast Guard does not have a full understanding of the extent to which the TWIC program addresses security risks in the maritime environment.  This will continue to impact the Coast Guard’s ability to properly develop and enforce regulations governing the TWIC program. For example, Coast Guard did not clearly define the applicability of facilities that have certain dangerous cargo in bulk when developing a final rule to implement the use of TWIC readers at high-risk maritime facilities.  Without oversight and policy improvements in the TWIC program, high-risk facilities may continue to operate without enhanced security measures, putting these facilities at an increased security risk. In addition, Coast Guard needs to improve its oversight of the TWIC program to reduce the risk of transportation security incidents.  Due to technical problems and lack of awareness of procedures, Coast Guard did not make full use of the TWIC card’s biometric features as intended by Congress to ensure only eligible individuals have unescorted access to secure areas of regulated facilities.  During inspections at regulated facilities from FYs 2016 through 2017, Coast Guard only used electronic readers to verify, on average, about one in every 15 TWIC cards against TSA’s canceled card list.  This occurred because the majority of the TWIC readers in the field have reached the end of their service life.  Furthermore, the Coast Guard’s guidance governing oversight of the TWIC program is fragmented, which led to confusion and inconsistent inspection procedures.  This resulted in fewer regulatory confiscations of TWIC cards.  The Department concurred with our four recommendations, and described the corrective actions it is taking and plans to take.

Department of Homeland Security shall submit a report not later than October 15, 2017, to the DHS Office of Inspector General listing all grants and contracts awarded by other than full and open competition (OTFOC) during fiscal years 2016 and 2017. We contracted with Williams, Adley & Company-DC, LLC to review the OTFOC report and assess DHS compliance with applicable laws, regulations, and departmental procedures.  Williams Adley concluded that DHS complied with applicable statutes, regulations, and policies governing grants and contracts awarded by OTFOC in FY 2017. During that year, DHS awarded 62 noncompetitive grants worth about $140 million and 121 noncompetitive contracts worth about $118 million through OTFOC. The independent auditors determined that DHS’ Report on OTFOC for FY 2017 as well as the information related to these grants and contracts in the Federal Procurement Data System – Next Generation and USASpending.gov were accurate. The auditors also found that DHS followed written policies and procedures and the requirements of the Federal Funding Accountability and Transparency Act of 2006 when awarding grants and contracts

noncompetitively.

DHS support components do not have sufficient processes and procedures to address misconduct. Support Components provide resources, analysis, equipment, research, policy development, and other specific assistance to operational components. These deficiencies exist because no single office or entity

is responsible for managing and overseeing misconduct issues across support components. According to Government Accountability Office (GAO) guidance, it is important for agencies to establish organizational structure, assign responsibility, and delegate authority, so they can achieve their objectives. Support components need to improve their processes and procedures for addressing misconduct. Specifically, support components do not maintain comprehensive data about misconduct  allegations; refer misconduct allegations consistently to OIG; provide guidance for supervisors and investigators on handling misconduct; and manage misconduct allegations effectively.

Not all forms DHS and its components use to create NDAs include the required WPEA statement. Further, although many of the settlement agreement templates and settlement agreements in the sample we reviewed included provisions that might restrict or prevent disclosure of information, nearly three-fourths of these documents did not contain the WPEA statement. Omitting the statement in NDAs and personnel settlement agreements could lead to confusion about what information may be disclosed to permissible recipients, which could deter reporting of fraud, waste, or abuse and impede DHS Office of Inspector General (OIG) activities.

DHS did not comply with IPERA because it did not meet one of the six IPERA requirements. Specifically, DHS did not meet its annual reduction targets for 2 of 14 programs. Additionally, we determined that DHS did not provide adequate oversight of the component’s improper testing and reporting.

Since FY 2014, DHS improved conference spending reporting and implemented policies and procedures to ensure proper oversight and accurate and timely reporting. However, we found instances where DHS did not comply with annual conference reporting requirements. The Department failed to report two conferences costing more than $100,000 each. The Department also did not always report all hosted conferences costing more than $20,000 to OIG within 15 days of the conclusion of each conference. In addition, the Department did not always properly record actual costs accurately and within 45 days of the conclusion of each conference. Although DHS did not always comply with reporting requirements, in most cases, its FY 2016 conference expenses appeared appropriate, reasonable, and necessary.