MGMT

DHS developed a strategy to apply 29 lessons learned from prior system updates to the current Financial Systems Modernization (FSM) TRIO program. Since DHS’ actions provides a positive outlook on the future progress of the FSM TRIO project we made no recommendations for improvement.  The report’s limited objective and scope does not provide a complete assessment DHS’ efforts to incorporate lessons learned into their recently reinvigorated FSM efforts. 

From fiscal years 2015 through 2018, in the midst of a growing opioid epidemic, U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement, Transportation Security Administration, and U.S. Secret Service appropriately disciplined employees whose drug test results indicated illegal opioid use, based on their employee standards of conduct and tables of offenses and penalties.  Additionally, during the same time period, components have either implemented or are taking steps to evaluate whether employees using prescription opioids can effectively conduct their duties.  For example, components have established policies prohibiting the use of prescription opioids that may impact an employee’s ability to work, in addition to requiring employees to report such prescription opioid use.  They have also implemented or are in the process of implementing measures to evaluate the fitness for duty of employees using prescription opioids.  These policies establish consistent standards components can use to ensure they are allowing employees to use legally-prescribed opioids, while also ensuring their workforce is capable of effectively performing their duties.  We made two recommendations to improve components’ oversight of illegal and prescription opioid use by employees.  CBP and Secret Service concurred with the recommendations, which are both resolved and open.

KPMG LLP (KPMG), under contract with DHS OIG, conducted an integrated audit of DHS’ FY 2019 consolidated financial statements and internal control over financial reporting.  KPMG issued an unmodified (clean) opinion over the Department’s financial statements, reporting that they present fairly, in all material respects, DHS’ financial position as of September 30, 2019.  However, KPMG identified material weaknesses in internal control in two areas and other significant deficiencies in three areas.  Consequently, KPMG issued an adverse opinion on DHS’ internal control over financial reporting.  KPMG also reported two instances of noncompliance with laws and regulations.  DHS concurred with all of the recommendations.

DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.

We determined that despite requirements of the Homeland Security Act of 2002, as amended, the Science and Technology Directorate (S&T) did not effectively coordinate and integrate department-wide research and development (R&D) activities.  In August 2015, S&T established Integrated Product Teams (IPTs) as the central mechanism to identify, track, and coordinate department-wide priority R&D efforts.  However, S&T did not follow its IPT process as intended.  Specifically, not all components submitted all information on capability gaps to the IPTs; S&T did not effectively gather, track, and manage data on the Department’s R&D gaps and activities; and S&T did not adequately monitor the IPT process to ensure it was effective.  As a result, S&T may not be able to provide the Secretary of Homeland Security and Congress with an accurate profile of the Department’s R&D activities or justify funding needs for a wide range of missions, including securing the border, detecting nuclear devices, and screening airline passengers.  We made three recommendations to improve S&T’s coordination of R&D activities across DHS.  S&T concurred with our recommendations.