Management

DHS components used inconsistent processes for administrative forfeitures under the Civil Asset Forfeiture Reform Act of 2000 (CAFRA).  Specifically, we found inconsistencies among DHS components regarding the forms used to notify property owners and the process for responding to claims.  Further, CBP inappropriately used waivers to extend deadlines for responding to claims.  We recommended DHS implement a department-wide structure to oversee component forfeiture activities across DHS by designating an office at headquarters for this role.  Additionally, DHS should develop Department-wide policies and procedures, as well as review component policies, to ensure forfeiture processes and practices are consistent.  We made two recommendations to improve oversight across DHS and provide consistent processes for handling administrative forfeitures.  DHS concurred with recommendation two, which we consider resolved and open, but did not concur with recommendation one, which is unresolved and open.

The Federal Emergency Management Agency did not properly award or oversee its contract with Corporate Lodging Consultants (CLC) to administer disaster survivors’ hotel stays.  These deficiencies occurred because FEMA officials did not ensure staff responsible for the Transitional Sheltering Assistance (TSA) contract award and oversight had the guidance and training they needed to be effective.  As a result, FEMA released personally identifiable information for about 2.3 million disaster survivors, increasing the survivors’ risk to identity theft.  We made six recommendations that when implemented should strengthen FEMA contracting and compliance with Federal Acquisition Regulations and DHS requirements.  FEMA concurred with all six of our recommendations.

DHS generally met deadlines for responding to simple Freedom of Information Act (FOIA) requests, it did not do so for most complex requests.  A significant increase in requests received, coupled with resource constraints, limited DHS’ ability to meet production timelines under FOIA, creating a litigation risk for the Department.  Additionally, DHS has not always fully documented its search efforts, making it difficult for the Department to defend the reasonableness of the searches undertaken.  With respect to responding to congressional requests, we determined DHS has established a timeliness goal of 15 business days or less; however, on average, it took DHS nearly twice as long to provide substantive responses to Congress, with some requests going unanswered for up to 450 business days.  Further, DHS redacted personal information in its responses to congressional committee chairs even when disclosure of the information was statutorily permissible.  This was a descriptive report and contained no recommendations.  In its response, DHS acknowledged FOIA backlogs remain a problem, despite increasing requests processed.  DHS stated its process responding to congressional requests varies greatly and that its redactions are appropriate.

U.S. Immigrations and Customs Enforcement (ICE) does not follow its written policy when conducting disciplinary reviews of Senior Executive Employees (SES) employees, which risks creating an appearance that SES employees receive more favorable treatment than non-SES employees.  We reviewed the disciplinary proceedings of the former SES official to evaluate whether ICE’s deviation from the written policy, or any other evidence, in that case indicated that the official received favorable treatment, as alleged.  We did not find evidence of actual favoritism or inappropriate influence in the official’s disciplinary or security clearance review processes.  We recommended that ICE finalize and issue its draft policy documenting the process for disciplining SES members.  We made one recommendation that will enhance transparency in ICE’s disciplinary program.  ICE concurred with our recommendation and took action to resolve and close it.

DHS’ capability to counter illicit Unmanned Aircraft Systems (UAS) activity remains limited.  The Office of Strategy, Policy, and Plans did not execute a uniform department-wide approach, which prevented components authorized to conduct counter-UAS operations from expanding their capabilities.  This occurred because the Office of Policy did not obtain funding as directed by the Secretary to expand DHS’ counter-UAS capability.  We made four recommendations to improve the Department’s management and implementation of counter-UAS activities.  The Office of Strategy, Policy, and Plans concurred with all four of our recommendations.      

We identified 16 allegations of race-based harassment involving cadets between 2013 and 2018 that the Coast Guard Academy (the Academy) was aware of and had sufficient information to investigate and address through internal hate and harassment procedures.  The OIG identified issues in how the Academy addressed 11 of them.  First, in six incidents, the Academy did not thoroughly investigate the allegations, and/or did not discipline cadets when investigations documented violations of cadet regulations or Coast Guard policy.  In two of these instances, cadets committed similar misconduct again.  The Academy also did not fully include civil rights staff as required in six instances (including two of the instances noted previously).  Therefore, civil rights staff could not properly track these incidents to proactively identify trends and offer the Academy assistance.  In addition, in one incident involving a potential hate allegation, the Academy did not follow the Coast Guard process for hate incidents.  Finally, our review determined that race-based harassment is underreported at the Academy for various reasons, including concerns about negative consequences for reporting allegations.  Underreporting is especially concerning because our questionnaire results and interviews indicate harassing behaviors continue at the Academy.  We made five recommendations that will enhance the Academy’s ability to address harassment and hate allegations, including ensuring the Academy consistently investigates allegations, requiring the reasons for disciplinary decisions be documented after race- or ethnicity-based harassment investigations, informing civil rights staff of all misconduct that could reasonably relate to race or ethnicity; and improving training related to preventing and addressing race-based or ethnicity-based harassment or hate incidents.  The Coast Guard concurred with all recommendations

Based on our recent and prior audits, inspections, special reviews, and investigations, we consider the most serious management and performance challenges currently facing DHS to be: (1) Managing Programs and Operations Effectively and Efficiently during times of Changes in Leadership, Vacancies, Hiring Difficulties; (2) Coordinating Efforts to Address the Sharp Increase in Migrants Seeking to Enter the United States through our Southern Border; (3) Ensuring Cybersecurity in an Age When Confidentiality, Integrity, and the Availability of Information Technology Are Essential to Mission Operations; (4) Ensuring Proper Financial Planning, Payments, and Internal Controls; and (5) Improving FEMA’s Disaster Response and Recovery Efforts.  Addressing and overcoming these challenges requires firm leadership; targeted resources; and a commitment to mastering management fundamentals, data collection and dissemination, cost-benefit/risk analysis, and performance measurement. 

DHS expanded the Insider Threat Program from monitoring user activity on its classified networks to monitoring cleared and non-cleared employees’ activity on unclassified networks. We initiated a project to determine Insider Threat Program progress in monitoring, detecting, and responding to malicious insider threats on unclassified DHS systems and networks. Before continuing its planned expansion of the Insider Threat Program, DHS needs to address several deficiencies that may hinder program effectiveness and efficiency. Although the expanded program was approved in January 2017, the Office of the Chief Security Officer has yet to revise, obtain approval for, and reissue required documentation.

The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2018.

KPMG issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2018. The report identifies the following six significant deficiencies in internal control, the first two of which are considered material weaknesses, and four instances where DHS did not comply with laws and regulations.

Annual report, Major Management and Performance Challenges Facing the Department of Homeland Security. Pursuant to the Reports Consolidation Act of 2000, the Office of Inspector General is required to issue a statement that summarizes what the Inspector General considers to be the most serious management and performance challenges facing the agency and briefly assess the agency’s progress in addressing those challenges. We acknowledge past and ongoing efforts by Department’s senior leadership to address the challenges identified in this report. At the same time, our aim in this report is two-fold ― to identify areas that need continuing focus and improvement and to point out instances in which senior leadership’s goals and objectives are not executed throughout the Department. We highlight persistent management and performance challenges that hamper the Department’s efforts to accomplish the homeland security mission efficiently and effectively.