DHS has not effectively managed and coordinated Department resources for its Joint Task Forces (JTFs).  Specifically, DHS has not maintained oversight authority through changes in leadership, implemented and updated policies and procedures, identified optimal JTF staffing levels and resources, and established a process to capture total allocated costs associated with JTFs.  In addition, DHS has not fully complied with public law requirements to report to Congress on JTFs’ cost and impact, establish outcome-based performance metrics, and establish and maintain a joint duty training program.  We recommended the DHS Secretary designate a department-level office to manage and oversee JTFs and address public law requirements.  We made seven recommendations to improve DHS’ management and oversight of its JTFs and ensure compliance with legislative requirements.  DHS provided a management response, but declined to comment, since the Acting Secretary is currently reviewing the status and future of the JTFs

DHS has not fulfilled most of the 13 responsibilities of the Geospatial Data Act.  To comply with one responsibility, DHS has a Geospatial Information Officer and a dedicated Geospatial Management Office whose duties include overseeing the Act’s implementation and to coordinate with other agencies.  However, DHS has only partially met, or not met, the remaining 12 responsibilities in the Act.  DHS’ lack of progress in complying with the responsibilities outlined in the Act can be attributed to multiple external and internal factors.  External factors include the need for additional guidance from the Federal Geographic Data Committee and the Office of Management and Budget to properly interpret and implement certain responsibilities.  Internal factors include competing priorities that diverted resources away from fulfilling the Act’s 13 responsibilities.  We made three recommendations that focus on increasing the resources necessary to comply with DHS’ 13 responsibilities under the Act.  The Department concurred with all three recommendations.

DHS components used inconsistent processes for administrative forfeitures under the Civil Asset Forfeiture Reform Act of 2000 (CAFRA).  Specifically, we found inconsistencies among DHS components regarding the forms used to notify property owners and the process for responding to claims.  Further, CBP inappropriately used waivers to extend deadlines for responding to claims.  We recommended DHS implement a department-wide structure to oversee component forfeiture activities across DHS by designating an office at headquarters for this role.  Additionally, DHS should develop Department-wide policies and procedures, as well as review component policies, to ensure forfeiture processes and practices are consistent.  We made two recommendations to improve oversight across DHS and provide consistent processes for handling administrative forfeitures.  DHS concurred with recommendation two, which we consider resolved and open, but did not concur with recommendation one, which is unresolved and open.

The Federal Emergency Management Agency did not properly award or oversee its contract with Corporate Lodging Consultants (CLC) to administer disaster survivors’ hotel stays.  These deficiencies occurred because FEMA officials did not ensure staff responsible for the Transitional Sheltering Assistance (TSA) contract award and oversight had the guidance and training they needed to be effective.  As a result, FEMA released personally identifiable information for about 2.3 million disaster survivors, increasing the survivors’ risk to identity theft.  We made six recommendations that when implemented should strengthen FEMA contracting and compliance with Federal Acquisition Regulations and DHS requirements.  FEMA concurred with all six of our recommendations.

DHS generally met deadlines for responding to simple Freedom of Information Act (FOIA) requests, it did not do so for most complex requests.  A significant increase in requests received, coupled with resource constraints, limited DHS’ ability to meet production timelines under FOIA, creating a litigation risk for the Department.  Additionally, DHS has not always fully documented its search efforts, making it difficult for the Department to defend the reasonableness of the searches undertaken.  With respect to responding to congressional requests, we determined DHS has established a timeliness goal of 15 business days or less; however, on average, it took DHS nearly twice as long to provide substantive responses to Congress, with some requests going unanswered for up to 450 business days.  Further, DHS redacted personal information in its responses to congressional committee chairs even when disclosure of the information was statutorily permissible.  This was a descriptive report and contained no recommendations.  In its response, DHS acknowledged FOIA backlogs remain a problem, despite increasing requests processed.  DHS stated its process responding to congressional requests varies greatly and that its redactions are appropriate.

U.S. Immigrations and Customs Enforcement (ICE) does not follow its written policy when conducting disciplinary reviews of Senior Executive Employees (SES) employees, which risks creating an appearance that SES employees receive more favorable treatment than non-SES employees.  We reviewed the disciplinary proceedings of the former SES official to evaluate whether ICE’s deviation from the written policy, or any other evidence, in that case indicated that the official received favorable treatment, as alleged.  We did not find evidence of actual favoritism or inappropriate influence in the official’s disciplinary or security clearance review processes.  We recommended that ICE finalize and issue its draft policy documenting the process for disciplining SES members.  We made one recommendation that will enhance transparency in ICE’s disciplinary program.  ICE concurred with our recommendation and took action to resolve and close it.

DHS’ capability to counter illicit Unmanned Aircraft Systems (UAS) activity remains limited.  The Office of Strategy, Policy, and Plans did not execute a uniform department-wide approach, which prevented components authorized to conduct counter-UAS operations from expanding their capabilities.  This occurred because the Office of Policy did not obtain funding as directed by the Secretary to expand DHS’ counter-UAS capability.  We made four recommendations to improve the Department’s management and implementation of counter-UAS activities.  The Office of Strategy, Policy, and Plans concurred with all four of our recommendations.      

We identified 16 allegations of race-based harassment involving cadets between 2013 and 2018 that the Coast Guard Academy (the Academy) was aware of and had sufficient information to investigate and address through internal hate and harassment procedures.  The OIG identified issues in how the Academy addressed 11 of them.  First, in six incidents, the Academy did not thoroughly investigate the allegations, and/or did not discipline cadets when investigations documented violations of cadet regulations or Coast Guard policy.  In two of these instances, cadets committed similar misconduct again.  The Academy also did not fully include civil rights staff as required in six instances (including two of the instances noted previously).  Therefore, civil rights staff could not properly track these incidents to proactively identify trends and offer the Academy assistance.  In addition, in one incident involving a potential hate allegation, the Academy did not follow the Coast Guard process for hate incidents.  Finally, our review determined that race-based harassment is underreported at the Academy for various reasons, including concerns about negative consequences for reporting allegations.  Underreporting is especially concerning because our questionnaire results and interviews indicate harassing behaviors continue at the Academy.  We made five recommendations that will enhance the Academy’s ability to address harassment and hate allegations, including ensuring the Academy consistently investigates allegations, requiring the reasons for disciplinary decisions be documented after race- or ethnicity-based harassment investigations, informing civil rights staff of all misconduct that could reasonably relate to race or ethnicity; and improving training related to preventing and addressing race-based or ethnicity-based harassment or hate incidents.  The Coast Guard concurred with all recommendations

Based on our recent and prior audits, inspections, special reviews, and investigations, we consider the most serious management and performance challenges currently facing DHS to be: (1) Managing Programs and Operations Effectively and Efficiently during times of Changes in Leadership, Vacancies, Hiring Difficulties; (2) Coordinating Efforts to Address the Sharp Increase in Migrants Seeking to Enter the United States through our Southern Border; (3) Ensuring Cybersecurity in an Age When Confidentiality, Integrity, and the Availability of Information Technology Are Essential to Mission Operations; (4) Ensuring Proper Financial Planning, Payments, and Internal Controls; and (5) Improving FEMA’s Disaster Response and Recovery Efforts.  Addressing and overcoming these challenges requires firm leadership; targeted resources; and a commitment to mastering management fundamentals, data collection and dissemination, cost-benefit/risk analysis, and performance measurement. 

DHS expanded the Insider Threat Program from monitoring user activity on its classified networks to monitoring cleared and non-cleared employees’ activity on unclassified networks. We initiated a project to determine Insider Threat Program progress in monitoring, detecting, and responding to malicious insider threats on unclassified DHS systems and networks. Before continuing its planned expansion of the Insider Threat Program, DHS needs to address several deficiencies that may hinder program effectiveness and efficiency. Although the expanded program was approved in January 2017, the Office of the Chief Security Officer has yet to revise, obtain approval for, and reissue required documentation.