USSS

DHS components used inconsistent processes for administrative forfeitures under the Civil Asset Forfeiture Reform Act of 2000 (CAFRA).  Specifically, we found inconsistencies among DHS components regarding the forms used to notify property owners and the process for responding to claims.  Further, CBP inappropriately used waivers to extend deadlines for responding to claims.  We recommended DHS implement a department-wide structure to oversee component forfeiture activities across DHS by designating an office at headquarters for this role.  Additionally, DHS should develop Department-wide policies and procedures, as well as review component policies, to ensure forfeiture processes and practices are consistent.  We made two recommendations to improve oversight across DHS and provide consistent processes for handling administrative forfeitures.  DHS concurred with recommendation two, which we consider resolved and open, but did not concur with recommendation one, which is unresolved and open.

KPMG LLP, under contract with DHS OIG, audited the United States Secret Service’s financial statements and internal control over financial.  The resulting management letter discusses four observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies in several processes including financial reporting; time and attendance approval; invoice entry and disbursements; and confidential financial disclosure reporting.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

Most of the deficiencies identified by the independent public accounting firm KPMG, LLP were related to access controls, segregation of duties, and configuration management.  The deficiencies collectively limited USSS’ ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.  We recommend that USSS, in coordination with the Department of Homeland Security’s Chief Information Officer and Acting Chief Financial Officer, make improvements to USSS’ financial management systems and associated information.

The Protective Mission Panel (PMP) made a number of recommendations in its December 2014 classified report.  The objective of this review was to determine whether the Secret Service has taken or plans to take action to implement the PMP’s classified recommendations, which primarily relate to security gaps and vulnerabilities at the White House Complex (WHC).  The Secret Service has clearly taken these recommendations seriously.  Using funding appropriated for PMP initiatives, the Secret Service began enhancing security and refreshing technology at the WHC.  Fully implementing many of the PMP’s classified recommendations will depend on staff increases, sustained funding, and a multi-year commitment by Secret Service and Department leadership to ensure actions continue even during times of increased protective mission demands and unexpected priorities.  We made no recommendations in this report.

We determined that the U.S. Secret Service has clearly taken the Protective Mission Panel’s (PMP) recommendations seriously, which it has demonstrated by making a number of significant changes.  Specifically, it has improved communication within the workforce, better articulated its budget needs, increased hiring, and committed to more training.  However, fully implementing many of the PMP’s recommendations will require long-term financial planning, further staff increases, consistent re-evaluation of the initiated actions’ effectiveness, and a multi-year commitment by Secret Service and Department of Homeland Security leadership.  We have made five recommendations.

We determined that the U.S. Secret Service (USSS) did not have adequate protections in place on systems to which Master Central Index (MCI) information was migrated.  These problems occurred because USSS has not consistently made IT management a priority.  The USSS Chief Information Officer (CIO) lacked authority for all IT resources and was not effectively positioned to provide necessary oversight, inadequate attention was given to updating USSS IT policies, and high turnover and vacancies within the Office of the CIO meant a lack of leadership to ensure IT systems were properly managed.  In addition, USSS personnel were not adequately trained to successfully perform their duties. We made 10 recommendations to USSS and 1 recommendation to the DHS Privacy Office to reduce the risk of future unauthorized access and disclosure of sensitive information. The USSS and the DHS Privacy Officer concurred with these recommendations.