The DHS Chief Information Officer (CIO) and most component CIOs had conducted strategic planning efforts to help prioritize legacy Information Technology (IT) systems and infrastructure to better accomplish mission goals. However, due to a lack of standard guidance and funding, not all components have complied with or fully embraced Department-wide IT modernization initiatives to adopt cloud-based computing, and to consolidate data centers. Meanwhile, DHS continues to rely on deficient and outdated IT systems to perform mission-critical operations. Additionally, DHS has not yet leveraged the Modernizing Government Technology Act mandate to accelerate ongoing IT modernization efforts, as DHS and its components questioned whether the benefits of the Act outweighed the additional effort needed to use the resources provided under the Act. Until DHS addresses these issues, it will continue to face significant challenges to accomplish mission operations efficiently and effectively. We made three recommendations for the DHS OCIO to develop guidance for implementing cloud technology and migrating legacy IT systems to the cloud, coordinate with components to develop and finalize a data center migration approach, and establish a process to assign risk ratings for major legacy IT investments. The Department concurred with all three recommendations.
Consistent with CDC guidance, most Office of Inspector General employees are currently serving the American people remotely. We are determined to keep interruptions to our operations to a minimum, and we appreciate your patience during this time.
Information and guidance about COVID-19 is available at coronavirus.gov.
- Executive SummaryReport NumberOIG-20-61Issue DateDocument FileDHS AgencyKeywordsFiscal Year2020
- Executive Summary
Based on our recent and prior audits, inspections, special reviews, and investigations, we consider the most serious management and performance challenges currently facing DHS to be: (1) Managing Programs and Operations Effectively and Efficiently during times of Changes in Leadership, Vacancies, Hiring Difficulties; (2) Coordinating Efforts to Address the Sharp Increase in Migrants Seeking to Enter the United States through our Southern Border; (3) Ensuring Cybersecurity in an Age When Confidentiality, Integrity, and the Availability of Information Technology Are Essential to Mission Operations; (4) Ensuring Proper Financial Planning, Payments, and Internal Controls; and (5) Improving FEMA’s Disaster Response and Recovery Efforts. Addressing and overcoming these challenges requires firm leadership; targeted resources; and a commitment to mastering management fundamentals, data collection and dissemination, cost-benefit/risk analysis, and performance measurement.Report NumberOIG-20-02Issue DateDocument FileKeywordsFiscal Year2020
- Executive Summary
DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.Report NumberOIG-19-60Issue DateDocument FileKeywordsFiscal Year2019
Independent Auditors' Report on DHS' FY 2018 Financial Statements and Internal Control over Financial ReportingExecutive Summary
The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2018.
KPMG issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2018. The report identifies the following six significant deficiencies in internal control, the first two of which are considered material weaknesses, and four instances where DHS did not comply with laws and regulations.Report NumberOIG-19-04Issue DateDocument FileOversight AreaKeywordsFiscal Year2019
- Executive Summary
We conducted a verification review to determine the adequacy, effectiveness, and timeliness of USCIS' corrective actions to address the seven report recommendations in Better Safeguards Are Needed in USCIS Green Card Issuance, OIG-17-11, November 16, 2016. At the time of our audit fieldwork in spring 2016, USCIS’ efforts to address the errors were inadequate. USCIS conducted a number of efforts to recover the inappropriately issued cards; however, these efforts also were not fully successful. At the time of our audit fieldwork in spring 2016, USCIS’ efforts to address the errors were inadequate. USCIS conducted a number of efforts to recover the inappropriately issued cards; however, these efforts also were not fully successful.Report NumberOIG-18-61Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2018
Fiscal Year 2017 Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence SystemsExecutive Summary
Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. Since our FY 2016 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices. In addition, the United States Coast Guard is in the process of migrating its intelligence users to a system that is jointly managed by the Defense Intelligence Agency and the National Geospatial Agency.Report NumberOIG-18-59Issue DateDocument FileFiscal Year2018
USCIS Has Unclear Website Information and Unrealistic Time Goals for Adjudicating Green Card ApplicationsExecutive Summary
"U.S. Citizenship and Immigration Services (USCIS) adjudicates applications for immigration benefits, including applications for permanent resident cards, also known as green cards. In response to congressional concerns, we examined green card application processing times, as well as why processing times vary among USCIS field offices. USCIS regularly posts information on its website about the time it takes field offices to adjudicate green card applications (processing time). Yet, the information is unclear and not helpful to USCIS’ customers because it does not reflect the actual amount of time it takes field offices, on average, to complete green card applications.Report NumberOIG-18-58Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2018
- Executive Summary
We reviewed DHS’ information security program in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). Our objective was to determine whether DHS’ information security program and practices were adequate and effective in protecting the information and information systems that supported DHS’ operations and assets in fiscal year 2017.Report NumberOIG-18-56Issue DateDocument FileFiscal Year2018
Management Alert - Inadequate FEMA Progress in Addressing Open Recommendations from our 2015 Report, "FEMA Faces Challenges in Managing Information Technology" (OIG-16-10)Executive Summary
In November 2015, we reported that the Federal Emergency Management Agency’s (FEMA) information technology (IT) management approach did not adequately address technology planning, governance, and system support challenges to effectively support its mission. We issued five recommendations to the FEMA Chief Information Officer (CIO) aimed at improving the agency’s management of IT.1 Specifically, we recommended the CIO finalize key planning documents related to IT modernization; execute against those planning documents; fully implement an IT governance board; improve integration and functionality of existing systems; and implement agency-wide acquisition, development, and operation and maintenance standards.Report NumberOIG-18-54Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2018
Information Technology Management Letter for the Office of Financial Management and Office of the Chief Information Officer Components of the FY 2016 Department of Homeland Security Financial Statement AuditExecutive Summary
Most of the deficiencies identified by the independent public accounting firm KPMG LLP were related to access controls and configuration management of Office of Financial Management (OFM) and Office of the Chief Information Officer (OCIO) core financial and feeder systems. The deficiencies collectively limited OFM’s and OCIO’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. We recommend that OFM and OCIO make improvements to DHS’ financial management systems and associated information technology security program.Report NumberOIG-17-85Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2017