Management

ICE has taken various actions to prevent the pandemic’s spread among detainees and staff at their detention facilities. At the nine facilities we remotely inspected, these measures included maintaining adequate supplies of PPE such as face masks, enhanced cleaning, and proper screening for new detainees and staff. However, we found other areas in which detention facilities struggled to properly manage the health and safety of detainees. For example, we observed instances where staff and detainees did not consistently wear face masks or socially distance. In addition, we noted that some facilities did not consistently manage medical sick calls and did not regularly communicate with detainees regarding their COVID-19 test results. Although we found that ICE was able to decrease the detainee population to help mitigate the spread of COVID-19, information on detainee transfers was limited. We also found that testing of both detainees and staff was insufficient, and that ICE headquarters did not generally provide effective oversight of their detention facilities during the pandemic. Overall, ICE must resolve these issues to ensure it can meet the challenges of not only the COVID-19 pandemic, but future pandemics as well. We made six recommendations to improve ICE’s management of COVID-19 in its detention facilities. ICE concurred with all six recommendations.

We determined that FEMA did not ensure procurements and costs for debris removal operations in Monroe County, Florida, met Federal requirements and FEMA guidelines.  Specifically, FEMA did not adequately review local entities’ procurements for debris removal projects and reimbursed local entities for questionable costs.  These deficiencies were due to weaknesses in FEMA training and its quality assurance process.  As a result, FEMA approved reimbursement to local entities for nearly $25.6 million (more than $23 million in Federal share) for debris removal projects, including contracts that may not have met Federal procurement requirements, and more than $2 million in questionable costs.  Without improvements to FEMA’s training and project review processes, FEMA risks continuing to expose millions of dollars in disaster relief funds to fraud, waste, and abuse.  We made three recommendations with which FEMA officials concurred.  Based on the information FEMA provided, we consider the three recommendations resolved and open.

DHS has not effectively managed and coordinated Department resources for its Joint Task Forces (JTFs).  Specifically, DHS has not maintained oversight authority through changes in leadership, implemented and updated policies and procedures, identified optimal JTF staffing levels and resources, and established a process to capture total allocated costs associated with JTFs.  In addition, DHS has not fully complied with public law requirements to report to Congress on JTFs’ cost and impact, establish outcome-based performance metrics, and establish and maintain a joint duty training program.  We recommended the DHS Secretary designate a department-level office to manage and oversee JTFs and address public law requirements.  We made seven recommendations to improve DHS’ management and oversight of its JTFs and ensure compliance with legislative requirements.  DHS provided a management response, but declined to comment, since the Acting Secretary is currently reviewing the status and future of the JTFs

DHS has not fulfilled most of the 13 responsibilities of the Geospatial Data Act.  To comply with one responsibility, DHS has a Geospatial Information Officer and a dedicated Geospatial Management Office whose duties include overseeing the Act’s implementation and to coordinate with other agencies.  However, DHS has only partially met, or not met, the remaining 12 responsibilities in the Act.  DHS’ lack of progress in complying with the responsibilities outlined in the Act can be attributed to multiple external and internal factors.  External factors include the need for additional guidance from the Federal Geographic Data Committee and the Office of Management and Budget to properly interpret and implement certain responsibilities.  Internal factors include competing priorities that diverted resources away from fulfilling the Act’s 13 responsibilities.  We made three recommendations that focus on increasing the resources necessary to comply with DHS’ 13 responsibilities under the Act.  The Department concurred with all three recommendations.

DHS components used inconsistent processes for administrative forfeitures under the Civil Asset Forfeiture Reform Act of 2000 (CAFRA).  Specifically, we found inconsistencies among DHS components regarding the forms used to notify property owners and the process for responding to claims.  Further, CBP inappropriately used waivers to extend deadlines for responding to claims.  We recommended DHS implement a department-wide structure to oversee component forfeiture activities across DHS by designating an office at headquarters for this role.  Additionally, DHS should develop Department-wide policies and procedures, as well as review component policies, to ensure forfeiture processes and practices are consistent.  We made two recommendations to improve oversight across DHS and provide consistent processes for handling administrative forfeitures.  DHS concurred with recommendation two, which we consider resolved and open, but did not concur with recommendation one, which is unresolved and open.

The Federal Emergency Management Agency did not properly award or oversee its contract with Corporate Lodging Consultants (CLC) to administer disaster survivors’ hotel stays.  These deficiencies occurred because FEMA officials did not ensure staff responsible for the Transitional Sheltering Assistance (TSA) contract award and oversight had the guidance and training they needed to be effective.  As a result, FEMA released personally identifiable information for about 2.3 million disaster survivors, increasing the survivors’ risk to identity theft.  We made six recommendations that when implemented should strengthen FEMA contracting and compliance with Federal Acquisition Regulations and DHS requirements.  FEMA concurred with all six of our recommendations.

DHS generally met deadlines for responding to simple Freedom of Information Act (FOIA) requests, it did not do so for most complex requests.  A significant increase in requests received, coupled with resource constraints, limited DHS’ ability to meet production timelines under FOIA, creating a litigation risk for the Department.  Additionally, DHS has not always fully documented its search efforts, making it difficult for the Department to defend the reasonableness of the searches undertaken.  With respect to responding to congressional requests, we determined DHS has established a timeliness goal of 15 business days or less; however, on average, it took DHS nearly twice as long to provide substantive responses to Congress, with some requests going unanswered for up to 450 business days.  Further, DHS redacted personal information in its responses to congressional committee chairs even when disclosure of the information was statutorily permissible.  This was a descriptive report and contained no recommendations.  In its response, DHS acknowledged FOIA backlogs remain a problem, despite increasing requests processed.  DHS stated its process responding to congressional requests varies greatly and that its redactions are appropriate.

U.S. Immigrations and Customs Enforcement (ICE) does not follow its written policy when conducting disciplinary reviews of Senior Executive Employees (SES) employees, which risks creating an appearance that SES employees receive more favorable treatment than non-SES employees.  We reviewed the disciplinary proceedings of the former SES official to evaluate whether ICE’s deviation from the written policy, or any other evidence, in that case indicated that the official received favorable treatment, as alleged.  We did not find evidence of actual favoritism or inappropriate influence in the official’s disciplinary or security clearance review processes.  We recommended that ICE finalize and issue its draft policy documenting the process for disciplining SES members.  We made one recommendation that will enhance transparency in ICE’s disciplinary program.  ICE concurred with our recommendation and took action to resolve and close it.

DHS’ capability to counter illicit Unmanned Aircraft Systems (UAS) activity remains limited.  The Office of Strategy, Policy, and Plans did not execute a uniform department-wide approach, which prevented components authorized to conduct counter-UAS operations from expanding their capabilities.  This occurred because the Office of Policy did not obtain funding as directed by the Secretary to expand DHS’ counter-UAS capability.  We made four recommendations to improve the Department’s management and implementation of counter-UAS activities.  The Office of Strategy, Policy, and Plans concurred with all four of our recommendations.      

We identified 16 allegations of race-based harassment involving cadets between 2013 and 2018 that the Coast Guard Academy (the Academy) was aware of and had sufficient information to investigate and address through internal hate and harassment procedures.  The OIG identified issues in how the Academy addressed 11 of them.  First, in six incidents, the Academy did not thoroughly investigate the allegations, and/or did not discipline cadets when investigations documented violations of cadet regulations or Coast Guard policy.  In two of these instances, cadets committed similar misconduct again.  The Academy also did not fully include civil rights staff as required in six instances (including two of the instances noted previously).  Therefore, civil rights staff could not properly track these incidents to proactively identify trends and offer the Academy assistance.  In addition, in one incident involving a potential hate allegation, the Academy did not follow the Coast Guard process for hate incidents.  Finally, our review determined that race-based harassment is underreported at the Academy for various reasons, including concerns about negative consequences for reporting allegations.  Underreporting is especially concerning because our questionnaire results and interviews indicate harassing behaviors continue at the Academy.  We made five recommendations that will enhance the Academy’s ability to address harassment and hate allegations, including ensuring the Academy consistently investigates allegations, requiring the reasons for disciplinary decisions be documented after race- or ethnicity-based harassment investigations, informing civil rights staff of all misconduct that could reasonably relate to race or ethnicity; and improving training related to preventing and addressing race-based or ethnicity-based harassment or hate incidents.  The Coast Guard concurred with all recommendations

Based on our recent and prior audits, inspections, special reviews, and investigations, we consider the most serious management and performance challenges currently facing DHS to be: (1) Managing Programs and Operations Effectively and Efficiently during times of Changes in Leadership, Vacancies, Hiring Difficulties; (2) Coordinating Efforts to Address the Sharp Increase in Migrants Seeking to Enter the United States through our Southern Border; (3) Ensuring Cybersecurity in an Age When Confidentiality, Integrity, and the Availability of Information Technology Are Essential to Mission Operations; (4) Ensuring Proper Financial Planning, Payments, and Internal Controls; and (5) Improving FEMA’s Disaster Response and Recovery Efforts.  Addressing and overcoming these challenges requires firm leadership; targeted resources; and a commitment to mastering management fundamentals, data collection and dissemination, cost-benefit/risk analysis, and performance measurement. 

DHS expanded the Insider Threat Program from monitoring user activity on its classified networks to monitoring cleared and non-cleared employees’ activity on unclassified networks. We initiated a project to determine Insider Threat Program progress in monitoring, detecting, and responding to malicious insider threats on unclassified DHS systems and networks. Before continuing its planned expansion of the Insider Threat Program, DHS needs to address several deficiencies that may hinder program effectiveness and efficiency. Although the expanded program was approved in January 2017, the Office of the Chief Security Officer has yet to revise, obtain approval for, and reissue required documentation.

The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2018.

KPMG issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2018. The report identifies the following six significant deficiencies in internal control, the first two of which are considered material weaknesses, and four instances where DHS did not comply with laws and regulations.

Annual report, Major Management and Performance Challenges Facing the Department of Homeland Security. Pursuant to the Reports Consolidation Act of 2000, the Office of Inspector General is required to issue a statement that summarizes what the Inspector General considers to be the most serious management and performance challenges facing the agency and briefly assess the agency’s progress in addressing those challenges. We acknowledge past and ongoing efforts by Department’s senior leadership to address the challenges identified in this report. At the same time, our aim in this report is two-fold ― to identify areas that need continuing focus and improvement and to point out instances in which senior leadership’s goals and objectives are not executed throughout the Department. We highlight persistent management and performance challenges that hamper the Department’s efforts to accomplish the homeland security mission efficiently and effectively.

DHS did not complete an assessment of the security value of the Transportation Worker Identification Credential (TWIC) program as required by law.  This occurred because DHS experienced challenges identifying an office responsible for the effort.  As a result, Coast Guard does not have a full understanding of the extent to which the TWIC program addresses security risks in the maritime environment.  This will continue to impact the Coast Guard’s ability to properly develop and enforce regulations governing the TWIC program. For example, Coast Guard did not clearly define the applicability of facilities that have certain dangerous cargo in bulk when developing a final rule to implement the use of TWIC readers at high-risk maritime facilities.  Without oversight and policy improvements in the TWIC program, high-risk facilities may continue to operate without enhanced security measures, putting these facilities at an increased security risk. In addition, Coast Guard needs to improve its oversight of the TWIC program to reduce the risk of transportation security incidents.  Due to technical problems and lack of awareness of procedures, Coast Guard did not make full use of the TWIC card’s biometric features as intended by Congress to ensure only eligible individuals have unescorted access to secure areas of regulated facilities.  During inspections at regulated facilities from FYs 2016 through 2017, Coast Guard only used electronic readers to verify, on average, about one in every 15 TWIC cards against TSA’s canceled card list.  This occurred because the majority of the TWIC readers in the field have reached the end of their service life.  Furthermore, the Coast Guard’s guidance governing oversight of the TWIC program is fragmented, which led to confusion and inconsistent inspection procedures.  This resulted in fewer regulatory confiscations of TWIC cards.  The Department concurred with our four recommendations, and described the corrective actions it is taking and plans to take.

Since FY 2014, DHS improved conference spending reporting and implemented policies and procedures to ensure proper oversight and accurate and timely reporting. However, we found instances where DHS did not comply with annual conference reporting requirements. The Department failed to report two conferences costing more than $100,000 each. The Department also did not always report all hosted conferences costing more than $20,000 to OIG within 15 days of the conclusion of each conference. In addition, the Department did not always properly record actual costs accurately and within 45 days of the conclusion of each conference. Although DHS did not always comply with reporting requirements, in most cases, its FY 2016 conference expenses appeared appropriate, reasonable, and necessary.

Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. Since our FY 2016 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices. In addition, the United States Coast Guard is in the process of migrating its intelligence users to a system that is jointly managed by the Defense Intelligence Agency and the National Geospatial Agency.

The Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) requires the Office of Inspector General to conduct an annual risk assessment and periodic audits on agency charge card programs. We conducted this audit to determine whether the Department of Homeland Security implemented internal controls to prevent illegal, improper, and erroneous purchases and payments. During fiscal year 2016, DHS reported spending approximately $1.2 billion in purchase, travel, and fleet card transactions. Although the Department has established internal controls for its charge card programs, the components we reviewed did not always follow DHS’ procedures. Our testing results of purchase, travel, and fleet card transactions revealed internal control weaknesses. Specifically, we found major internal control weaknesses that persisted at the United States Coast Guard and some control weaknesses within CBP’s Fleet Card Program.

KPMG LLP (KPMG), under contract with DHS OIG, conducted an integrated audit of DHS’ FY 2016consolidated financial statements and internal control over financial reporting. KPMG expressed an unmodified (clean) opinion on the Department’s FY 2016 financial statements. However, KPMG identified six significant deficiencies in internal control; three of which are considered material weaknesses. Consequently, KPMG issued an adverse opinion on DHS’ internal control over financial reporting. KPMG also reported instances in which DHS did not comply with four laws and regulations. The Department concurred with all of the recommendations in the report.

This report summarizes what we consider the most serious management and performance challenges to both the Department as a whole, as well as individual components challenges.  We remain concerned about the systemic nature of these challenges, some of which span multiple Administrations and changes in Department leadership.  We also assess the Department’s progress in addressing those challenges.  This year, we are reporting the Department’s major challenges in the following areas: Unity of Effort, Employee Morale and Engagement, Acquisition Management, Grants Management, Cybersecurity, Management Fundamentals.  We did not make any new recommendations in this report.