Official website of the Department of Homeland Security
Directorate for Management
The Department of Homeland Security did not comply with the Improper Payments Elimination and Recovery Act of 2010 (IPERA) because the Department did not meet two of the six requirements. Specifically, the Department omitted the percent of recaptured amounts from the Other Information section in its Agency Financial Report and did not meet its annual reduction target established for one of eight programs deemed susceptible to significant improper payments.The Department also did not comply with Executive Order 13520, Reducing Improper Payments, because DHS did not make available to the public its Quarterly High-Dollar Overpayment report for the second quarter of fiscal year 2018.
DHS expanded the Insider Threat Program from monitoring user activity on its classified networks to monitoring cleared and non-cleared employees’ activity on unclassified networks. We initiated a project to determine Insider Threat Program progress in monitoring, detecting, and responding to malicious insider threats on unclassified DHS systems and networks. Before continuing its planned expansion of the Insider Threat Program, DHS needs to address several deficiencies that may hinder program effectiveness and efficiency. Although the expanded program was approved in January 2017, the Office of the Chief Security Officer has yet to revise, obtain approval for, and reissue required documentation.
This report presents the results of KPMG LLP’s (KPMG) work conducted to address the performance audit objectives relative to the Audit of Department of Homeland Security’s Fiscal Year 2017 Conference Spending. KPMG performed the work during the period of September 18, 2017 to August 30, 2018, and our scope period for testing was October 1, 2016 through September 30, 2017. KPMG LLP (KPMG) found that DHS management has policies and procedures over conference spending and reporting, improvements are needed. KMPG made seven recommendations to improve conference spending reporting.
For Information Contact
Public Affairs 202-981-6000
For Immediate Release
The U.S. Department of Homeland Security (DHS) Office of Inspector General (OIG) is issuing this fraud alert to warn citizens of recent reports that publicly available law enforcement telephone numbers, including those of DHS OIG Field Offices, are being used in a two-part spoofing scam targeting individuals throughout the country.
Part 1: The perpetrator befriends a victim using a mobile app that has a built-in chat feature, such as Facebook Messenger or Words with Friends. Alternatively, the perpetrator feigns romantic interest and pursues the victim through online dating services or chat rooms. After gaining the victim’s trust through the online relationship, the perpetrator describes a minor hardship and persuades the victim to send them a small amount of money.
Part 2: The next day, the victim receives a phone call from a fraudster claiming to be an employee of DHS or another law enforcement organization. The fraudsters will spoof the caller ID of a legitimate law enforcement phone number. The fraudster tells the victim that the funds they provided the day before went to a criminal organization or terrorist group, such the Islamic State in Iraq and Syria (ISIS) or Al-Qaeda, and threatens them with arrest and imprisonment. They then direct the victim to contact a “lawyer” who can help them resolve the matter. The victim contacts the “lawyer” via email or phone and is instructed to pay them $1,000 or more via check, wire transfer, or other methods as a “retainer.”
DHS OIG takes this matter very seriously. While we investigate the situation, we remind the public that law enforcement and other U.S. Government numbers may be subject to spoofing. Individuals receiving phone calls from these numbers should not provide any personal information. Legitimate law enforcement callers will never ask you to pay fines over the phone or request money from you. If there is a question about the validity of a call, we encourage the public to call the relevant field office number of the government agency and ask to be put in touch with the individual who called you.
Anyone who believes they may have been a victim of this scam is urged to call the DHS OIG Hotline (1-800-323-8603) or file a complaint online via the DHS OIG website www.oig.dhs.gov. By asking the perpetrators for a phone number or email address you can use to contact them to facilitate payment, you may be able to obtain valuable information that could assist DHS OIG investigate the scam.
You may also contact the Federal Trade Commission to file a complaint and/or report identity theft.
We determined that DHS' information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective this year as the Department achieved “Level 4 – Managed and Measurable” in three of five cybersecurity functions, based on current reporting instructions for intelligence systems. However, we identified deficiencies in DHS’ overall patch management process and the Cybersecurity and Infrastructure Security Agency’s weakness remediation and security awareness training activities.
We made one recommendation to the Office of Intelligence and Analysis and two recommendations to the Cybersecurity and Infrastructure Security Agency to address the deficiencies identified. DHS concurred with all three recommendations.
Within U.S. Customs and Border Protection (CBP), Border Patrol agents are responsible for patrolling our international land borders and coastal waters surrounding Florida and Puerto Rico. We conducted this audit to determine to what extent Border Patrol agents meet workload requirements related to investigative and law enforcement activities. Border Patrol needs to manage its workforce more efficiently, effectively, and economically. CBP and Border Patrol must expedite the development and implementation of a workforce staffing model for Border Patrol as required by Congress. Without a complete workforce staffing model, Border Patrol senior managers are unable to definitively determine the operational needs for, or best placement of, the 5,000 additional agents DHS was directed to hire per the January 2017 Executive Order.
The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2018.
KPMG issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2018. The report identifies the following six significant deficiencies in internal control, the first two of which are considered material weaknesses, and four instances where DHS did not comply with laws and regulations.
