Skip to main content

Full text of "April 1, 2008 - September 30, 2008"

See other formats


Department of Homeland Security 

OFFICE OF INSPECTOR GENERAL 




SEMIANNUAL 
REPORT TO 
THE CONGRESS 

pril 1, 2008 - September 30, 2008 




Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Statistical Highlights of OIG Activities 

April 1, 2008 - September 30, 2008 



DOLLAR IMPACT 


Questioned Costs 


$27,996,475 


Funds Put to Better Use 


$4,967,201 


Management Agreement That Funds Be: 


Recovered 


$0 


Deobligated 


$4,967,201 


Funds Recovered 


$1,920,998 


Fines and Restitutions 


$12,173,264 


Administrative Cost Savings and Investigative Recoveries 


$11,838,453 




ACTIVITIES 


Management Reports Issued 


65 


Financial Assistance Grant Audit Reports 


16 


Single Audit Reports Processed 


12 




Investigative Reports Issued 


481 


Investigations Initiated 


440 


Investigations Closed 


620 


Open Investigations 


1,815 


Investigations Referred for Prosecution 


166 


Investigations Accepted for Prosecution 


136 


Investigations Declined for Prosecution 


18 




Arrests 


179 


Indictments 


194 


Convictions 


143 


Personnel Actions 


14 




Complaints Received (other than Hotline) 


6,163 


Hotline Complaints Received 


3,378 


Complaints Referred (to programs or other agencies) 


5,501 


Complaints Closed 


7,243 





Office of Inspector General 



U.S. Department of Homeland Security 

Washington, DC 20528 




Homeland 
Security 



October 31, 2008 



The Honorable Michael Chertoff 
Secretary 

U.S. Department of Homeland Security 
Washington, DC 20528 

Dear Mr. Secretary: 

I am pleased to present our semiannual report, which summarizes the activities and accomplishments 
of the Department of Homeland Security (DHS) Office of Inspector General for the 6 -month period 
ended September 30, 2008. 

During this reporting period, our office published 65 management reports, 16 financial assistance 
grant reports, and 12 reports on DHS programs that were issued by other organizations. DHS 
management concurred with 95 % of recommendations contained in our management reports. As 
a result of these efforts, $28 million of questioned costs were identified, of which $8.3 million was 
determined to be unsupported. We recovered $1.9 million as a result of disallowed costs identified 
from current and previous reports. In addition, management agreed to deobligate $4.9 million in 
disaster grant assistance resulting in funds put to better use. 

In the investigative area, we issued 481 investigative reports, initiated 440 investigations, and closed 
620 investigations. Our investigations resulted in 179 arrests, 194 indictments, 143 convictions, and 14 
personnel actions. Additionally, investigative recoveries, fines, restitutions, and cost savings totaled 
$24 million. 

In closing, I would like to thank the hardworking and dedicated professionals on my staff. As a result 
of their efforts and the efforts of DHS staff, together we were able to successfully meet the tremendous 
challenges that faced our office and DHS during the past 6 months. 

I would like to take this opportunity to thank you for the interest and support that you have provided to 
our office. We look forward to working closely with you, your leadership team, and Congress during 
the upcoming presidential transition. Throughout this process, we will remain focused on the goal of 
promoting economy, efficiency, and effectiveness in DHS programs and operations, as well as helping 
the department accomplish its critical mission in the very challenging months ahead. 



Sincerely, 




Richard L. Skinner 
Inspector General 





Photo by USDA Creative Services Center photographer: Bob Nichols, Cover Pentagon Memorial 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Table of Contents 



STATISTICAL HIGHLIGHTS INSIDE COVER 

INSPECTOR GENERAL'S MESSAGE 1 

WORKING RELATIONSHIP PRINCIPLES FOR AGENCIES 

AND OFFICES OF INSPECTOR GENERAL 4 

EXECUTIVE SUMMARY 5 

DEPARTMENT OF HOMELAND SECURITY PROFILE 6 

OFFICE OF INSPECTOR GENERAL PROFILE 7 

SUMMARY OF SIGNIFICANT OFFICE OF INSPECTOR GENERAL ACTIVITY 10 

Directorate for Management 11 

Directorate for Science and Technology 14 

Federal Emergency Management Agency 14 

Federal Law Enforcement Training Center 24 

Office for Civil Rights and Civil Liberties 25 

Office of Intelligence and Analysis 25 

Transportation Security Administration 25 

United States Citizenship and Immigration Services 29 

United States Coast Guard 29 

United States Customs and Border Protection 32 

United States Immigration and Customs Enforcement 36 

Multiple Components 39 

OTHER OFFICE OF INSPECTOR GENERAL ACTIVITIES 42 

LEGISLATIVE AND REGULATORY REVIEWS 44 

CONGRESSIONAL TESTIMONY AND BRIEFINGS 46 

APPENDICES 48 

Appendix 1 Audit Reports with Questioned Costs 49 

Appendix 1b Audit Reports with Funds Put to Better Use 50 

Appendix 2 Compliance - Resolution of Reports and Recommendations 51 

Appendix 3 Management Reports Issued 52 

Appendix 4 Financial Assistance Audit Reports Issued 61 

Appendix 5 Schedule of Amounts Due and Recovered 63 

Appendix 6 Contract Audit Reports 64 

Appendix 7 Acronyms 65 

Appendix 8 OIG Headquarters and Field Office Contacts and Locations 66 

Appendix 9 Index to Reporting Requirements 69 



3 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Working Relationship Principles For Agencies 
and Offices of Inspector General 



The Inspector General Act establishes for most 
agencies an Office of Inspector General (OIG) 
and sets out its mission, responsibilities, and 
authority. The Inspector General is under the general 
supervision of the agency head. The unique nature of 
the Inspector General function can present a number 
of challenges for establishing and maintaining effective 
working relationships. The following working relation- 
ship principles provide some guidance for agencies and 
OIGs. 

To work most effectively together, the agency and its 
OIG need to clearly define what the two consider to be 
a productive relationship and then consciously manage 
toward that goal in an atmosphere of mutual respect. 

By providing objective information to promote 
government management, decision making, and 
accountability, the OIG contributes to the agency's 
success. The OIG is an agent of positive change, 
focusing on eliminating waste, fraud, and abuse, and 
on identifying problems and recommendations for 
corrective actions by agency leadership. The OIG 
provides the agency and Congress with objective 
assessments of opportunities to be more successful. 
The OIG, although not under the direct supervision of 
senior agency management, must keep them and the 
Congress fully and currently informed of significant 
OIG activities. Given the complexity of management 
and policy issues, the OIG and the agency may 
sometimes disagree on the extent of a problem 
and the need for and scope of corrective action. 
However, such disagreements should not cause the 
relationship between the OIG and the agency to 
become unproductive. 

To work together most effectively, the OIG and 
the agency should strive to: 

Foster open communications at all levels. 

The agency will promptly respond to the OIG 
requests for information to facilitate OIG activities 
and acknowledge challenges that the OIG can help 
address. Surprises are to be avoided. With very limited 
exceptions, primarily related to investigations, the 
OIG should keep the agency advised of its work and 
its findings on a timely basis, and strive to provide 



information helpful to the agency at the earliest 
possible stage. 

Interact with professionalism and mutual 
respect. Each party should always act in good faith 
and presume the same from the other. Both parties 
share, as a common goal, the successful accomplish- 
ment of the agency's mission. 

Recognize and respect the mission and 
priorities of the agency and the OIG. The 

agency should recognize the OIGs independent role 
in carrying out its mission within the agency, while 
recognizing the responsibility of the OIG to report 
both to Congress and to the agency head. The OIG 
should work to carry out its functions with a minimum 
of disruption to the primary work of the agency. The 
agency should allow the OIG timely access to agency 
records and other materials. 

Be thorough, objective, and fair. The OIG must 

perform its work thoroughly, objectively, and with 
consideration to the agency's point of view. When 
responding, the agency will objectively consider 
differing opinions and means of improving operations. 
Both sides will recognize successes in addressing 
management challenges. 

Be engaged. The OIG and agency management will 
work cooperatively in identifying the most important 
areas for OIG work, as well as the best means of 
addressing the results of that work, while maintaining 
the OIGs statutory independence of operation. In 
addition, agencies need to recognize that the OIG 
also will need to carry out work that is self-initiated, 
congressionally requested, or mandated by law. 

Be knowledgeable. The OIG will continually strive 
to keep abreast of agency programs and operations, 
and agency management will be kept informed of OIG 
activities and concerns being raised in the course of 
OIG work. Agencies will help ensure that the OIG is 
kept up to date on current matters and events. 

Provide feedback. The agency and the OIG should 
implement mechanisms, both formal and informal, to 
ensure prompt and regular feedback. 



4 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Executive Summary 



This Semiannual Report to the Congress is 
issued pursuant to the provisions of Section 
5 of the Inspector General Act of 1978, as 
amended, and covers the period from April 1, 2008 
to September 30, 2008. The report is organized to 
reflect our organization and that of the Department of 
Homeland Security. 

During this reporting period, we completed significant 
audit, inspection, and investigative work to promote 
the economy, efficiency, effectiveness, and integrity of 
the department's programs and operations. Specifi- 
cally, we issued 65 management reports (Appendix 3), 
16 financial assistance grant reports (Appendix 4), and 
481 investigative reports. We also processed 12 single 
audit reports issued by other organizations according 
to the Single Audit Act of 1984, as amended (Appendix 
4). Our reports provide the department Secretary and 
Congress with an objective assessment of the issues, 
and at the same time provide specific recommenda- 
tions to correct deficiencies and improve the economy, 
efficiency, and effectiveness of the respective program. 

During this reporting period, our audits resulted in 
questioned costs of $27,996,475, of which $8,272,263 
was not supported by documentation. We also 



recovered $1,920,998 as a result of disallowed costs 
identified from current and prior audits. In addition, 
management agreed to deobligate $4,967,201 in 
disaster grant assistance, resulting in funds put to 
better use. In the investigative area, we issued 481 
reports, initiated 440 investigations, and closed 
620 investigations. Our investigations resulted in 
179 arrests, 194 indictments, 143 convictions, and 
14 personnel actions. Additionally, investigative 
recoveries, fines, restitutions, and cost savings totaled 
$24,011,717. 

We have a dual reporting responsibility to Congress 
as well as to the department Secretary. During the 
reporting period, we continued our active engagement 
with Congress through extensive meetings, briefings, 
and dialogues. Members of Congress, their staff, and 
the department's authorizing and appropriations 
committees and subcommittees met on a range of 
issues relating to our work and that of the department. 
We also testified before Congress on five occasions 
during this reporting period. Testimony prepared for 
these hearings may be accessed through our Web site 
at www.dhs.gov/oig. 



5 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Department of Homeland Security Profile 




n November 25, 2002, President Bush 
signed the Homeland Security Act of 2002 
(P.L. 107-296, as amended), officially 



establishing the Department of Homeland Security 
(DHS) with the primary mission of protecting the 
American homeland. DHS became operational on 
January 24, 2003. Formulation of DHS took a major 
step forward on March 1, 2003, when, according to 
the President's reorganization plan, 22 agencies and 
approximately 181,000 employees were transferred to 
the new department. 

DHS' first priority is to protect the United States 
against further terrorist attacks. Component agencies 
analyze threats and intelligence, guard U.S. borders 
and airports, protect America's critical infrastructure, 
and coordinate U.S. preparedness for and response to 
national emergencies. 

DHS is reorganized into the 
following directorates: 

Management 

National Protection and Programs 
■ Science and Technology 



Other critical components of DHS include: 

■ Domestic Nuclear Detection Office 
Federal Emergency Management Agency 
Federal Law Enforcement Training Center 
Office of Civil Rights and Civil Liberties 
Office of General Counsel 

Office of Health Affairs 

■ Office of Inspector General 
Office of Intelligence and Analysis 

■ Office of Operations Coordination 
Office of Policy 

Transportation Security Administration 
United States Citizenship and Immigration 
Services 

■ United States Coast Guard 

United States Customs and Border Protection 
United States Immigration and Customs 
Enforcement 

United States Secret Service 



6 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Office of Inspector General Profile 



The Homeland Security Act of 2002 provided 
for the establishment of an Office of Inspector 
General (OIG) in DHS by amendment to 
the Inspector General Act of 1978 (5 USC App. 3, as 
amended). By this action, Congress and the Adminis- 
tration ensured independent and objective audits, 
inspections, and investigations of the operations of the 
department. 

The Inspector General is appointed by the President, 
subject to confirmation by the Senate, and reports 
directly to the Secretary of DHS and to Congress. The 
Inspector General Act ensures the Inspector General's 



independence. This independence enhances our 
ability to prevent and detect fraud, waste, and abuse, 
as well as to provide objective and credible reports to 
the Secretary and Congress regarding the economy, 
efficiency, and effectiveness of DHS' programs and 
operations. 

We were authorized 551 full-time employees during 
the reporting period. We consist of an Executive Office 
and eight functional components based in Washington, 
DC. We also have field offices throughout the country. 
Chart 1 illustrates the DHS OIG management team. 



Chart 1 : DHS OIG Organization Chart 



Inspector General 




Congressional and 
Media Affairs 



Executive Assistant 
to the IG 



Counsel to the IG 



Deputy IG 
Emergency 
Management 
Oversight 



Assistant IG 
Administration 



Assistant IG 
Audits 



Assistant IG 
Inspections 



Assistant IG 
Investigations 



Assistant IG 
Information Technology 
Audits 



7 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 




The OIG consists of the following components: 

The Executive Office consists of the Inspector 
General, the Deputy Inspector General, an executive 
assistant, and support staff. It provides executive 
leadership to the OIG. 

The Office of Congressional and Media Affairs 

serves as primary liaison to members of Congress 
and their staffs, the White House, the media, and 
other federal agencies and government entities 
involved in securing the Nation. The office's staff 
responds to inquiries from Congress, the White 
House, and the media; notifies Congress about OIG 
initiatives, policies, and programs; and informs other 
government entities about OIG measures that affect 
their operations and activities. It also provides advice 
to the Inspector General and supports OIG staff as 
they address congressional, White House, and media 
inquiries. 

The Office of Counsel to the Inspector General 

provides legal advice to the Inspector General 
and other management officials; supports audits, 
inspections, and investigations by ensuring that 
applicable laws and regulations are followed; serves 
as the OIGs designated ethics office; manages OIG 
responsibilities under the Freedom of Information Act 
and Privacy Act; furnishes attorney services for the 
issuance and enforcement of OIG subpoenas; and 
provides legal advice on OIG operations. 



The Office of Audits conducts and coordinates 
audits and program evaluations of the management 
and financial operations of DHS. Auditors examine 
the methods employed by agencies, bureaus, grantees, 
and contractors in carrying out essential programs or 
activities. Audits evaluate whether established goals 
and objectives are achieved and resources are used 
economically and efficiently; whether intended and 
realized results are consistent with laws, regulations, 
and good business practices; and determine whether 
financial accountability is achieved and the financial 
statements are not materially misstated. 

The Office of Emergency Management Oversight 

provides an aggressive and ongoing audit effort 
designed to ensure that disaster relief funds are 
being spent appropriately, while identifying fraud, 
waste, and abuse as early as possible. The office is 
an independent and objective means of keeping 
Congress, the Secretary of DHS, the Administrator 
of the Federal Emergency Management Agency 
(FEMA), and other federal disaster relief agencies 
fully informed on problems and deficiencies relating 
to disaster operations and assistance programs, and 
progress regarding corrective actions. This office's 
focus is weighted heavily toward prevention, including 
reviewing internal controls and monitoring and 
advising DHS and FEMA officials on contracts, 
grants, and purchase transactions before they are 
approved. This approach allows the office to stay 
current on all disaster relief operations and provide 
on-the-spot advice on internal controls and precedent- 
setting decisions. 



8 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



The Office oflnipecTions provides the Inspector 
General with a means to analyze programs quickly 
and to evaluate operational efficiency and vulnerability. 
This work includes special reviews of sensitive issues 
that arise suddenly and congressional requests for 
studies that require immediate attention. Inspectors 
may examine any area of the department. This office 
is also the lead OIG office for reporting on DHS 
intelligence, international affairs, civil rights and civil 
liberties, and science and technology. Inspections 
reports use a variety of study methods and evaluation 
techniques to develop recommendations for DHS, and 
the reports are released to DHS, Congress, and the 
public. 

The Office of Information Technology Audits 

conducts audits and evaluations of DHS' informa- 
tion management, cyber infrastructure, and systems 
integration activities. The office reviews the cost 
effectiveness of acquisitions, implementation, and 
management of major information systems and 
telecommunications networks across DHS. In 
addition, it evaluates the systems and related architec- 
tures of DHS to ensure that they are effective, 
efficient, and implemented according to applicable 
policies, standards, and procedures. The office 
also assesses DHS' information security program 
as mandated by the Federal Information Security 
Management Act (FISM A), and provides technical 
forensics assistance to support our fraud prevention 
and detection program. 



The Office of Investigations conducts investigations 
into allegations of criminal, civil, and administrative 
misconduct involving DHS employees, contractors, 
grantees, and programs. These investigations can 
result in criminal prosecutions, fines, civil monetary 
penalties, administrative sanctions, and personnel 
actions. The office also provides oversight and 
monitors the investigative activity of DHS' various 
internal affairs offices. The office includes investiga- 
tive staff working on Gulf Coast hurricane recovery 
operations. 

The Office of Administration provides critical 
administrative support functions, including 
strategic planning; development and implementa- 
tion of administrative directives; information and 
office automation systems; budget formulation and 
execution; correspondence; printing and distribu- 
tion of OIG reports; and oversight of the personnel, 
procurement, travel, and accounting services provided 
to the OIG on a reimbursable basis by the Bureau 
of Public Debt. The office also prepares our annual 
performance plans and semiannual reports to 
Congress. 



9 



SUMMARY OF SIGNIFICANT OIG ACTIVITY 




April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



DIRECTORATE FOR 
MANAGEMENT 

MANAGEMENT REPORTS 

Information Technology Management Letter for 
the FY 2007 DHS Financial Statement Audit 
(Redacted) 

We contracted with the independent public accounting 
firm KPMG LLP to perform a review of DHS' 
Information Technology (IT) general controls in 
support of the FY 2007 DHS financial statement 
engagement. The overall objective of this review was 
to evaluate the effectiveness of IT general controls of 
DHS' financial processing environment and related IT 
infrastructure as necessary to support the engagement. 
KPMG LLP also performed technical security testing 
for key network and system devices, as well as testing 
key financial application controls. KPMG LLP noted 
that DHS addressed many prior years of IT control 
weaknesses, but that IT general control weaknesses 
still existed during FY 2007. The most significant 
weaknesses from a financial statement audit perspec- 
tive related to entity-wide security, access controls, 
and service continuity. Collectively, the IT control 
weaknesses limit DHS' ability to ensure the confidenti- 
ality, integrity, and availability of their critical financial 
and operational data. These weaknesses also negatively 
impact DHS' internal controls over its financial 
reporting and operation, and KPMG LLP considers 
them to collectively represent a material weakness 
under standards established by the American Institute 
of Certified Public Accountants (AICPA). We made 
recommendations in the area of access controls. 
(OIG-08-77, June 2008, IT- A) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIGr_08-77_June08.pdf 

Review of Department of Homeland Security 
Component Plans of Action and Milestones for 
Financial System Security 

We contracted with the independent public accounting 
firm KPMG LLP to assist the OIG in assessing the 
status of the IT Plans of Action and Milestones 
(POA&Ms) implemented by DHS that relates to 
the financial systems security material weakness. 
DHS' Independent Auditor's Report, included 
in the FY 2006 Performance and Accountability 



Report, reported 10 material weaknesses associated 
with internal controls. One of the 10 material 
weaknesses concerns financial system security. To 
address the issues related to the financial system 
security material weakness, the DHS Office of 
Chief Information Officer (OCIO) and components 
tracked IT weaknesses and corrective actions in 
POA&Ms. KPMG LLP evaluated the POA&M 
process and status of IT POA&Ms through review 
of the IT POA&Ms and discussion with the in-scope 
components, DHS OCIO and DHS Office of Chief 
Financial Officer (OCFO) personnel. As part of this 
review, KPMG LLP provided the in-scope DHS 
components, the OCIO, and the OCFO with informa- 
tion on the best practices and weaknesses of the 
current POA&M process employed by the agency, as 
well as recommendations for enhancing the existing 
process. 

(OIG-08-63, June 2008, IT- A) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-63_Jun08.pdf 

Letter Report: Review of Department of 
Homeland Security's Financial Systems Consoli- 
dation Project 

The Resource Management Transformation Office 
(RMTO) has developed a strategy to consolidate key 
component financial systems on either the Systems 
Applications and Products (SAP) or Oracle Financial 
platforms. Generally, the RMTO's evaluation provided 
adequate support for its decision to use the Oracle 
and SAP system platforms. However, the RMTO 
has not conducted a complete analysis of possible 
service providers outside of DHS. Additionally, during 
the FY 2007 financial statement audit, the external 
auditors outlined problems with the change control 
process in the Oracle platform. These change control 
problems could cause unsupported adjustments 
not only to financial data from the United States 
Coast Guard (USCG) and Transportation Security 
Administration (TSA), but also to the data of other 
DHS components that will be migrated to the new 
financial system. Our recommendations were for 
RMTO to conduct a full evaluation of financial service 
providers available in the federal government (including 
the Office of Management and Budget's (OMB) 
shared service providers) to determine if any of these 
systems can meet DHS' financial management needs 



11 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



more efficiently, identify all scripts being used at the 
USCG and TSA and analyze them to determine their 
effect on financial transactions and DHS' financial 
statements, and correct the scripts before migrating any 
DHS components to the new DHS financial system. 
(OIG-08-47, May 2008, IT-A) 
http://www.dhs.gov/xoig/ rpts/ mgmt/ 
editorial_0334.shtm 

Department of Homeland Security Must Address 
Internet Protocol Version 6 Challenges 

We evaluated DHS' transition to Internet Protocol 
Version 6 (IPv6). OMB requires federal agencies to 
demonstrate, by June 2008, their capability to pass 
IPv6 traffic and support IPv6 addresses from the (1) 
Internet to their local area network, (2) their local 
area network to the Internet, and (3) their local area 
network to other local area networks. Although DHS 
has begun the early stages of implementing OMB's 
IPv6 transition requirements, it is unlikely that the 
department will be positioned to take advantage of the 
enhanced capabilities of IPv6 as IPv6-capable products 
and services become available. Our recommendations 
included a comprehensive IPv6 inventory of applica- 
tions and devices; a finalized transition strategy with 
a detailed timeline for the transition; a determination 
of the transition mechanism to be used by DHS and 
related testing activities; development of transition 
guidance for components; and planning coordination 
between the DHS IPv6 program office and the U.S. 
Customs and Border Protection (CBP). 
(OIG-08-61, May 2008, IT-A) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-61_May08.pdf 

Management Letter for the FY 2007 Department 
of Homeland Security Financial Statement Audit 

We contracted with KPMG LLP to conduct DHS' 
financial statement audit. KPMG LLP was unable to 
express an opinion on the department's balance sheet 
and statement of custodial activity for the year ended 
September 30, 2007. The disclaimer of opinion was 
primarily attributable to financial reporting problems 
at four components and at the department level. 
KPMG LLP also looked at DHS' internal control over 
financial reporting and noted certain matters involving 



internal control and other operational matters, 
which resulted in a total of 49 financial management 
comments for 11 components and 6 comments 
related to the consolidated financial statements. The 
comments are in addition to the significant deficien- 
cies presented in the Independent Auditor's Report on 
DHS' FY 2007 Financial Statement. 
(OIG-08-36, April 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-36_Apr08.pdf 

Independent Auditor's Report on Office of 
Financial Management's FY 2008 Mission 
Action Plans 

We contracted with KPMG LLP to evaluate 
and report on the status of the detailed Mission 
Action Plans (MAPs) prepared by DHS' Office of 
Financial Management (OFM) to correct internal 
control deficiencies over financial reporting. DHS 
management identified the following two signifi- 
cant control deficiencies on the FY 2007 Secretary's 
Assurance Statement, which were also reported as 
material weaknesses in the FY 2007 Independent 
Auditor's Report: (1) parent/child reporting at the 
Office of Health Affairs (OH A), and (2) reconciliation 
of intragovernmental balances and transactions. 

KPMG LLP noted that the MAP prepared by 
OFM was written to broadly cover all findings 
identified and reported in the FY 2007 Independent 
Auditor's Report, and did not provide specific details 
on individual control weaknesses. The root causes 
identified were not linked to specific control deficien- 
cies or management financial statement assertions and 
did not fully describe the issues. Also, the MAP does 
not identify the unique issues affecting both parent/ 
child accounting and reporting and intragovernmental 
balances. 

KPMG LLP recommended that OFM (1) identify the 
underlying causes of the material weakness, especially 
those causes that contributed to the qualifications 
in DHS' 2007 financial statements, and (2) develop 
procedures for OHA that support the valuation and 
presentation of assets, liabilities, and net position of 
the funds maintained by other federal agencies that are 



12 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



outside DHS control. KPMG LLP also recommended 
that OFM implement procedures that will be 
performed to resolve material differences in trading 
partner balances in a timely manner. 
(OIG-08-76, July 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-76_Jul08.pdf 

Progress Made in Strengthening Department 
of Homeland Security Information Technology 
Management, but Challenges Remain 

Creating a unified IT infrastructure for effective 
integration and agency wide management of IT assets 
and programs remains a challenge for the DHS Chief 
Information Officer (CIO). In 2004, we reported that 
the DHS CIO was not well positioned with sufficient 
authority or staffing to manage department-wide 
IT assets and programs. In 2008, we conducted a 
followup audit to examine DHS' efforts to improve 
its IT management structure and operations. The 
objectives of this audit were to identify the current 
DHS CIO management structure and changes made 
to roles, responsibilities, and guidance for department- 
wide IT management; to determine whether current 
IT management practices and operations effectively 
ensure strategic management of IT investments; and 
to assess progress on prior recommendations. DHS 
has taken steps over the past year to strengthen the 
CIO's role for centralized IT management. Specifi- 
cally, the DHS CIO attained greater authority and 
responsibility for leading component CIOs toward 
a unified IT direction. In addition, the DHS CIO 
gained oversight of IT acquisitions by establishing 
new policies and improving IT investment governance 
functions. However, continued CIO staffing shortages 
and inconsistent component-level IT budget practices 
impede progress. Additionally, DHS' IT management 
capabilities at the component level, such as IT strategic 
planning, have not been fully implemented. As a result, 
the DHS CIO remains hindered in his ability to fully 
integrate department-wide IT management practices 
to ensure that IT investments fulfill mission and 
infrastructure consolidation goals. We recommended 



that the DHS CIO update the CIO office's staffing 
plan, ensure that components submit comprehensive 
budgets, and develop and maintain IT strategic plans 
and enterprise architectures in alignment with DHS' 
mission. 

(OIG-08-91, September 2008, IT-A) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-91_Sep08.pdf 

Evaluation of Department of Homeland Security's 
Information Security Program for FY 2008 

DHS continues to improve and strengthen its 
information security program. During the past year, 
the department implemented a performance plan 
to improve on four key areas: POA&M weaknesses 
remediation, quality of certification and accreditation 
(C&A), annual testing and validation, and security 
program oversight. The performance plan tracks 
key elements that are indicative of a strong security 
program. In addition, the department strengthened its 
oversight at the components and conducted compliance 
reviews in the areas of C&A and configuration 
management. Although these efforts resulted in some 
improvements, components are still not executing all 
of the department's policies, procedures, and practices. 
For example, key system documents and informa- 
tion are missing from C&A packages, POA&Ms are 
not being created for all known information security 
weaknesses and are not being mitigated in a timely 
manner, and DHS baseline security configurations are 
not being implemented for all systems. 

Our recommendations included the department's 
need to improve its management oversight of the 
components' implementation of department policies 
and procedures to ensure that all information security 
weaknesses are tracked and remediated, and to enhance 
the quality of system C&A. Additional information 
security program areas that need improvement include 
configuration management, incident detection and 
analysis, specialized training, and privacy. 
(OIG-08-94, September 2008, IT-A) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-94_Sep08.pdf 



13 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



DIRECTORATE FOR SCIENCE 
AND TECHNOLOGY 

MANAGEMENT REPORTS 

The Science and Technology Directorate's 
Processes for Selecting and Managing Research 
and Development Programs 

Under new leadership, in 2006 the Science and 
Technology (S&T) directorate improved its processes 
for selecting and managing research and development 
(R&D) programs by reorganizing and by documenting 
repeatable processes. The realignment centralized 
programmatic and fiscal oversight and also improved 
communications. These changes will help to reduce 
inadvertently redundant projects and leverage the work 
of other agencies and organizations. The processes that 
S&T developed for selecting R&D projects incorpo- 
rate the needs of the department to a greater extent 
than in the past. However, some improvements should 
be made. Most significantly, the process for selecting 
innovation projects in 2007 was not documented, 
which could raise ethical concerns in the future. We 
recommended that S&T examine whether the process 
for selecting its transition projects incorporates the 
needs of state, local, and tribal first responders. Also, 
S&T should establish a process with objective criteria 
for selecting basic research projects. Finally, S&T 
should transfer responsibility for selecting some of 
its innovation projects to the director of the portfolio 
for Innovation/Homeland Security Advanced 
Research Projects Agency and charge the director with 
establishing processes and criteria for selecting those 
projects. 

(OIG-08-85, August 2008, ISP) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-85_Aug08.pdf 

FEDERAL EMERGENCY 
MANAGEMENT AGENCY 

MANAGEMENT REPORTS 

Logistics Systems Need To Be Strengthened at the 
Federal Emergency Management Agency 

FEM A is responsible for developing federal response 
capability to deliver assistance in a natural or 
manmade disaster or act of terrorism. In addition, 
the Post-Katrina Emergency Management Act of 2006 



required FEMA to integrate IT systems and develop 
a logistics system to track the procurement and 
delivery of goods during disasters. We concluded that 
FEMA's existing IT systems do not support logistics 
activities effectively. Specifically, the systems do not 
provide complete asset visibility, comprehensive asset 
management, or integrated logistics information. 
FEMA has taken a number of positive steps to improve 
its logistics capabilities by gathering independent 
evaluations to assess its existing systems, identify 
IT systems requirements, and select the appropriate 
technologies to meet logistics needs. We recommended 
that the Administrator of FEMA direct the Logistics 
Management Directorate to finalize its logistics 
strategic and operational plans to guide logistics 
activities; develop standard business processes and 
procedures for logistics activities; evaluate current 
technologies; and develop a strategy for acquiring 
information technology systems to support the 
logistics mission. 
(OIG-08-60, May 2008, IT-A) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-60_May08.pdf 

Independent Auditor's Report on the Federal 
Emergency Management Agency's FY 2008 
Mission Action Plans 

FEMA developed four MAPs to be included in the 
2008 Internal Controls Over Financial Reporting 
Playbook. The MAPs are intended to address 
control deficiencies identified in Entity Level 
Controls, Actuarial and Other Liabilities, Budgetary 
Accounting, and Capital Assets and Supplies. KPMG 
LLP performed an audit to evaluate and report on the 
status of the four MAPs prepared by FEMA to correct 
the internal control deficiencies mentioned above. 

KPMG LLP noted areas where the MAPs could be 
improved. Specifically, it was noted that the root cause 
analysis is often defined generally and in some cases 
does not describe the underlying issue. The milestone 
steps are not clearly linked to root causes or financial 
statement assertions, and the MAPs do not contain 
the depth of analysis required by the department's 
MAP guide. KPMG LLP also noted that critical 
dependencies are not clearly identified within each 
MAP and affected milestones and that the MAPs do 
not reflect FEMAs dependence on the department 
for various policies and procedures and management 
support for organizational change needed to remediate 



14 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



its entity level control deficiency. The MAPs do not 
include detailed procedures to assess the functionality 
of current IT systems used in the affected processes. 
The milestones do not separately address the need for 
financial statement true-up actions to reconcile the 
backlog of old mission assignments, or to establish a 
beginning inventory of capital assets. In addition, as 
written, the FEMA MAPs lack a complete plan for 
MAP result verification and validation and are not 
clearly linked to department's current OMB Circular 
A-123 initiatives. 
(OIG-08-75, July 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-75JuI08.pdf 

Hurricane Katrina Temporary Housing 
Technical Assistance Contracts 

Williams, Adley & Company LLP, under a contract 
with DHS OIG, reviewed FEMAs management 
and oversight of four large, national contractors with 
whom FEMA had Individual Assistance-Technical 
Assistance contracts to provide temporary housing 
solutions for those affected by Hurricanes Katrina 
and Rita along the Gulf Coast. Williams, Adley 
determined that FEMA could improve the operation 
and control of its Individual Assistance— Technical 
Assistance contracts (in which relevant tasks include 
construction of temporary sites for trailers and mobile 
homes on parking lots and farmland) by having a 
sufficient number of permanent trained staff who (1) 
conduct adequate acquisition planning, (2) obtain 
independent cost/price analyses before contract 
award, and (3) perform required contract monitoring, 
including the inspection and acceptance of goods and 
services. In addition, FEMA needs a tracking system 
that will provide an accurate, complete inventory of 
agency assets. We made multiple recommendations 
in the areas of cost/price reasonableness, inspection 
and acceptance of goods and services, and inventory 
control. 

(OIG-08-88, August 2008, EMO) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-88_Aug08.pdf 

Costs Incurred for Rejected 
Temporary Housing Sites 

Williams, Adley & Company LLP, under a contract 
with DHS OIG, reviewed the costs incurred by FEMA 
as a result of development at locations that initially 



were identified as possible sites for temporary housing 
in the Gulf Coast area after Hurricane Katrina but 
ultimately were rejected for various reasons. FEMA 
should have required stricter compliance with clear 
processes that imposed a sequence of tasks to be 
undertaken by the contractors for each potential site. 
These processes were intended to minimize the costs to 
FEMA if a site proved to be unusable. At least one of 
the contractors also fell short in its obligation to act in 
the best interest of the government. As a result, more 
than $5.6 million in excessive costs were incurred. 



Pre-Deployment 
Meetings 



Preliminary Site Assessment 
& Feasibility Analysis (potential sites) 
perlormed by Contractor strike teams 



Step 5 

Contractor prepares 
Group Site Design 



Step 2 

Contractor Develops 
Work Plan 



Step 4 

Conlractor Inspects Sites 
Approved by FEMA to 
Determine Feasibility 



Step 6 

Group Site Design 
Approved by FEMA & 
Contractor Begins Construction 



FEMA's Site Development Process 



Our recommendations included the need to develop 
and implement a quality assurance program for 
contracting staff that would ensure contractors' 
compliance with the terms and conditions of FEMA 
contracts. 

(OIG-08-86, August 2008, EMO) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-86_Aug08.pdf 

Interagency Agreement with U.S. Department of 
Housing and Urban Development for the Disaster 
Housing Assistance Program 

FEMA entered into an interagency agreement with the 
U.S. Department of Housing and Urban Development 
(HUD) to administer the Disaster Housing Assistance 
Program (DHAP). DHAP provides temporary 
housing assistance through March 1, 2009, by means of 
a monthly rent subsidy to eligible families displaced by 
Hurricanes Katrina and Rita. HUD acts as a servicing 
agent to provide temporary long-term housing rental 
assistance and case management to identified individ- 
uals and households displaced by Hurricanes Katrina 
and Rita. HUD's Public Housing Authorities (PHAs) 
perform pretransitional activities and case management 
services. 

This review focused on HUD-proposed modifica- 
tions to the operating requirements for DHAP. Our 



15 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



objective was to determine if elements of the proposed 
modifications to compensation for program services 
could result in duplicate or improper payments. FEMA 
paid HUD for administrative service fees not incurred 
and paid some fees twice. 

We recommended that FEMA require HUD's PHAs 
to (1) provide a cost estimate for administrative service 
fees related to the rent subsidy payments made by the 
PHAs, (2) reimburse FEMA for the administrative 
service fees related to the rent subsidy payments that 
were not made by HUD's PHAs in November 2007, 
and (3) reimburse FEMA for the duplicate adminis- 
trative service fees on the rent subsidy payments that 
were paid or will be paid to the Houston PHA and the 
PHAs that did not render service in December 2007 
and subsequent months. 
(OIG-08-55, May 2008, EMO) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-55_May08.pdf 

Hurricane Katrina Multitier Contracts 

The government hired prime contractors, rather than 
small businesses, to help repair the massive damage 
caused by Hurricanes Katrina and Rita. These prime 
contractors engaged smaller businesses, creating layers 
of subcontractors between the prime contractors and 
those actually performing the work. We reviewed the 
extent to which multitier subcontracting increased 
costs, limited opportunities for local businesses, and 
resulted in layers of subcontractors being paid profits 
and overhead while adding little value to the work 
performed. Multitier subcontracting alone did not 
increase costs, and national prime contractors hired 
significant numbers of local businesses. Because 
subcontractor invoices do not contain specific informa- 
tion on lower tier subcontractors, it was not clear if 
subcontractors profited without adding value to the 
contracts. 




FEMA trailer and house with "Operation Blue Roof" Tarp 



The Post-Katrina Emergency Management Reform Act 
of 2006 (PL. 109-295, Title VI) requires the Secretary 
of DHS to promulgate regulations that require, at 
a minimum, that contractors not use subcontrac- 
tors for more than 65% of the cost of a contract or 
any individual task, excluding profit and overhead. 
We believe that this requirement is overly restrictive 
and recommended that FEMA work with Congress 
and the Office of Federal Procurement Policy to 
promulgate less restrictive regulations over multitier 
subcontracting. We recommended that FEMA work 
with DHS officials, the Office of Federal Procurement 
Policy, and Congress to promulgate less restrictive 
regulations over multitier contracting. 
(OIG-08-81, July 2008, (EMO) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-81JuI08.pdf 

The Federal Emergency Management Agency's 
Sheltering and Transitional Housing Activities 
After Hurricane Katrina 

FEMA received widespread criticism for its inability 
to effectively provide transitional housing assistance, 
particularly in moving evacuees from emergency 
shelters to more permanent forms of temporary 



16 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



housing. We conducted a review of FEMA's activities 
under its disaster housing program for providing 
assistance to victims of hurricanes Katrina, Rita, and 
Wilma. 

FEMA did not have plans in place that clearly defined 
roles, responsibilities, and processes to address housing 
needs. FEMA was unable to effectively coordinate 
housing needs among state and local governments; 
provide effective contract management, oversight, 
and monitoring; and ensure that manufacturers' 
warranties were enforced when contractors repaired 
and maintained housing units. 

We recommended that FEMA develop plans and 
define roles and responsibilities in planning for housing 
needs; develop procedures to ensure that contracts 
are managed and monitored effectively; take steps to 
improve communication and coordination with state 
and local governments; develop criteria for temporary 
housing sites; and develop policies and procedures 
to ensure that manufactured housing is properly 
inspected and maintained and that repair warranties 
are enforced. Finally, we proposed several alternatives 
for Congress to consider when addressing housing 
solutions in future catastrophic disasters. 
(OIG-08-93, September 2008, EMO) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-93_Sep08.pdf 

The Federal Emergency Management Agency's 
Crisis Counseling Assistance and Training 
Program: State of Florida's Project H.O.P.E. 

Our review of FEMAs Crisis Counseling Assistance 
and Training Program and the grants awarded to 
the State of Florida's Project H.O.P.E. following 
hurricanes Katrina and Wilma determined that the 
Crisis Counseling Assistance and Training Program 
could be strengthened by (1) better coordination of 
outreach and publicity activities among FEMA, other 
responding agencies, and the state implementing the 
grant; (2) improved information sharing among FEMA 
and state agencies to locate disaster survivors in need 



of counseling; (3) improved managerial oversight and 
project monitoring; (4) improved methodologies to 
measure project effectiveness; and (5) better planning 
for consistent project design implementation. Our 
recommendations included establishing standard 
practices to ensure coordinated efforts in publicizing 
services available to disaster survivors (including 
available community and governmental services) among 
the state and local project offices, FEMA's Voluntary 
Agency Liaisons, Community Relations, and Public 
Affairs; better collaboration among all government 
agencies attempting to identify and establish contact 
with those in need of crisis counseling; and developing 
and implementing consistent results-oriented measure- 
ments to determine the effectiveness of projects funded 
by FEMA. 

(OIG-08-96, September 2008, EMO) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-96_Sep08.pdf 

Hurricane Katrina: Wind Versus Flood Issues 

We did not find evidence that Write-Your-Own 
(WYO) insurance companies acted improperly 
in adjusting claims, or that a perceived conflict of 
interest influenced their determination of insurance 
settlements for wind and flood claims from Louisiana, 
Mississippi, and Alabama. However, there were 
numerous instances of duplication of benefits. Overall, 
we concluded that the National Flood Insurance 
Program (NFIP) would benefit from including wind 
damage information in its adjustment process. 

FEMA should (1) require WYO insurance companies 
to document and make available to the NFIP the 
rationale and methodology for calculating flood 
and wind damage when there is evidence that both 
contributed to the damage, (2) expand the scope of 
the reinspection process and the operational reviews 
to ensure that wind damage was not paid under the 
flood policy, and (3) provide clear and concise guidance 
for adjusting total loss claims after catastrophic events 
when structures are completely destroyed by wind and 
water. 



17 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 




We also recommend that Congress examine FEMA's 
authority to obtain homeowners insurance informa- 
tion, provide more resources for NFIP to improve its 
oversight of WYO insurance companies, and work 
with insurance regulators on the issue of anticoncur- 
rent clauses in flood policies. 
(OIG-08-97, September 2008, EMO) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-97_Sep08.pdf 

Information Technology Management Letter for 
the FEMA Component of the FY 2007 DHS 
Financial Statement Audit (Redacted) 

We contracted with the independent public accounting 
firm KPMG LLP to audit the FEMA consolidated 
balance sheet and related statements as of September 
30, 2007 and 2006. As part of this review, KPMG 
LLP noted certain matters involving IT internal 
control and other operational matters and have 
documented their comments and recommendations 
in the IT Management Letter. The overall objective 
of our audit was to evaluate the effectiveness of IT 
general controls of FEMAs financial processing 
environment and related IT infrastructure. KPMG 
LLP noted that FEMA addressed many prior years 
of IT control weaknesses but that IT general control 
weaknesses still existed during FY 2007. The most 
significant weaknesses from a financial statement audit 



perspective related to access controls, change control, 
entity-wide security, system software, and service 
continuity. Collectively, the IT control weaknesses 
limit FEMAs ability to ensure the confidentiality, 
integrity, and availability of critical financial and 
operational data. These weaknesses also negatively 
impact FEMAs internal controls over its financial 
reporting and operation, and KPMG LLP considers 
them to collectively represent a material weakness 
under standards established by the AICPA. 
(OIG-08-68, June 2008, IT- A) 
http:// www.dhs.gov/ xoig/assets/ mgmtrpts/ 
OIGr_08-68_Jun08.pdf 

DISASTER ASSISTANCE GRANTS 

The Robert T. Stafford Disaster Relief and Emergency 
Assistance Act (P.L. 93-288), as amended, governs 
disasters declared by the President of the United 
States. Title 44 of the Code of Federal Regulations 
provides further guidance and requirements for 
administering disaster assistance grants awarded by 
FEMA. We review grants to ensure that grantees or 
subgrantees account for and expend FEMA funds 
according to federal regulations and FEMA guidelines. 

We issued 16 financial assistance grant reports with 
questioned costs totaling $22.3 million of which $6.2 
million was unsupported. Our grant reports included 
Hurricane Katrina Disaster Costs for Hancock County 
Port and Harbor Commission (DA-08-09) and Lafayette 
Parish Sheltering and Emergency Protective Measures 
(DD-08-02). A list of these reports, including 
questioned costs and unsupported costs, is provided in 
Appendix 4. 

Hurricane Katrina Disaster Costs for Hancock 
County Port and Harbor Commission 

The Hancock County Port and Harbor Commission 
received an award of $19.9 million from the Mississippi 
Emergency Management Agency (MEMA), a 
FEMA grantee, for emergency protective measures, 
debris removal, and other disaster-related activities. 
We reviewed $10.2 million of costs incurred under 
five large projects. Our review determined that the 
Commission properly accounted for project expendi- 



18 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



tures on a project-by-project basis as required by federal 
regulations. However, we identified $5.0 million of 
questioned costs resulting from insurance proceeds 
that had not been deducted from eligible project costs 
and excessive contract costs. Prior to issuance of our 
report, FEMA deobligated $5 million of the costs 
questioned in our review. We recommended that 
the Acting Director of the Mississippi Transitional 
Recovery Office, in coordination with MEMA, (1) 
inform the Commission that actual insurance proceeds 
must be reported to MEMA so that eligible project 
costs can be adjusted, (2) instruct the Commission 
to comply with all federal procurement regulations 
and FEMA guidelines when awarding contracts for 
FEMA-funded activities, and (3) disallow the $52,416 
of excessive contract costs. 
(DA-08-09, August 2008, EMO) 
http://www.dhs.gov/xoig/assets/auditrpts/OIG_ 
DA-08-09_Aug08.pdf 

Lafayette Parish Sheltering and Emergency 
Protective Measures 

Lafayette Parish, Louisiana, was awarded $8 million 
in expedited funds for sheltering and emergency 
protective measures related to Hurricane Katrina at 
the Lafayette Cajundome and for emergency protective 
measures provided. Lafayette Parish fed and housed 
thousands of evacuees, as well as government officials 
and volunteers, in the Cajundome facilities from 
August 28 through October 29, 2005. Our review 
determined that Lafayette Parish accounted for and 
expended $4.55 million of the funds according to 
federal regulations and FEMA guidelines. However, 
FEMA denied $2.3 million in usage fees as ineligible, 
and this amount is included in $3.45 million of 
unspent funds that should be returned to FEMA. We 
also confirmed that FEMA needed to revise a project 
worksheet to amend the scope of work to include 
post-sheltering activities, as these are eligible expenses. 
We recommended that the Director of the FEMA 
Louisiana Transitional Recovery Office (1) recover 
the $3,448,987 of expedited funds that exceed eligible 
costs, and (2) amend the scope of work to include 
post-sheltering recovery activities. 
(DD-08-02, September 2008, EMO) 
http://www.dhs.gov/xoig/assets/auditrpts/OIG_ 
DD-08-02_Sep08.pdf 



FIRE MANAGEMENT 
ASSISTANCE GRANTS 

Summary of Eight Fire Management Assistance 
Grant Audits in Six Western States 

We reviewed $27.2 million of $54.2 million in eight 
Fire Management Assistance Grant (FMAG) awards 
to six western states. State agencies responsible for 
administering the awards generally did so effectively 
and efficiently but did not always comply with 
federal regulations and FEMA guidelines, especially 
regulations regarding records retention and support 
for costs claimed. We questioned more than $5.3 
million in costs claimed but not properly supported 
with source documentation, $966,146 in costs not 
eligible for reimbursement under the FMAG program, 
and $515,430 in duplicate assistance provided to a 
subgrantee. The 32 recommendations in these reports 
recommended (1) disallowance of unsupported, 
ineligible, and duplicate costs; (2) compliance with 
records retention and supporting documentation 
requirements for costs claimed; (3) training on grant 
application policies and procedures; (4) compliance 
with financial reporting regulations; and (5) updates 
and revisions to the states' FMAG related policies, 
procedures, and accounting practices. (DS-08-05 
through DS 08-12, September 2008, EMO) 

http://www.dhs.gov/xoig/assets/auditrpts/OIG_ 
DS-08-05_Sep08.pdf 

http://www.dhs.gov/xoig/assets/auditrpts/OIG_ 
DS-08-06_Sep08.pdf 

http://www.dhs.gov/xoig/assets/auditrpts/OIG_ 
DS-08-07_Sep08.pdf 

http://www.dhs.gov/xoig/assets/auditrpts/OIG_ 
DS-08-08_Sep08.pdf 

http://www.dhs.gov/xoig/assets/auditrpts/OIG_ 
DS-08-09_Sep08.pdf 

http://www.dhs.gov/xoig/assets/auditrpts/OIG_ 
DS-08-10_Sep08.pdf 

http://www.dhs.gov/xoig/assets/auditrpts/OIG_ 
DS-08-ll_Sep08.pdf 

http://www.dhs.gov/xoig/assets/auditrpts/OIG_ 
DS-08-12_Sep08.pdf 



19 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



STATE HOMELAND SECURITY GRANTS 

The State of Washington's Management of State 
Homeland Security Grants Awarded During FY 
2004-06 

The State of Washington received $121.6 million in 
State Homeland Security Grants awarded by FEMA 
during FY 2004-06. We contracted with Cotton & 
Company LLP, under a contract with DHS OIG, 
conducted an audit of the State of Washington's 
Management of State Homeland Security Grants 
to determine whether the State of Washington (1) 
effectively and efficiently implemented State Homeland 
Security Grant programs, (2) achieved program goals, 
and (3) spent funds in accordance with grant require- 
ments. 

Overall, the state administrative agency effectively and 
efficiently implemented the State Homeland Security 
Grant programs. The state used reasonable methodolo- 
gies to assess threats, vulnerabilities, capabilities, and 
prioritize needs, and allocated funding accordingly. 
The state complied with requirements for managing 
and reporting cash, obligating funds to local jurisdic- 
tions, and expending funds within performance 
periods. For expenditures tested, grant funds were 
expended according to grant requirements and in 
alignment with the state homeland security strategy. 
However, the state and its subgrantees did not have 
adequate controls over personal property purchased 
with grant funds. Our recommendations called for 
FEMA to require the State of Washington to develop 
guidance and ensure implementation of federal 
regulations governing controls over personal property. 
(OIG-08-98, September 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-98_Sep08.pdf 

The State of Arizona's Management of State 
Homeland Security Grants Awarded During FYs 
2004-06 

The State of Arizona received $103.1 million in 
Homeland Security Grants awarded by FEMA during 
FY 2004-06. We contracted with Williams, Adley & 
Company LLP to conduct an audit of the DHS State 
Homeland Security Grants to determine whether 
the State of Arizona (1) effectively and efficiently 
implemented the State Homeland Security Grants 



programs, (2) achieved the goals of the programs, and 
(3) spent funds in accordance with grant requirements. 

Overall, the State of Arizona efficiently and effectively 
administered the program requirements, distributed 
grant funds, and ensured that all available funds were 
used. However, the state withheld portions of local 
units' funding without proper documentation and did 
not perform adequate programmatic monitoring of 
subgrantees. Our recommendations called for FEMA 
to require the State of Arizona to implement control 
procedures for approval and documentation of funds 
withheld for centralized procurements, and implement 
a full-scope subgrantee monitoring program. 
(OIG-08-99, September 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-99_Sep08.pdf 

The State of Utah's Management of State 
Homeland Security Grants Awarded During FYs 
2004-06 

The State of Utah received $55.6 million in Homeland 
Security Grants awarded by FEMA during FY 
2004-06. We contracted with Williams, Adley 
& Company LLP to conduct an audit of the State 
Homeland Security Grants to determine whether 
the State of Utah (1) effectively and efficiently 
implemented the State Homeland Security Grants 
programs, (2) achieved the goals of the programs, and 
(3) spent funds in accordance with grant requirements. 

Overall, the State of Utah efficiently and effectively 
administered program requirements, distributed grant 
funds, and ensured that all available funds were used. 
However, it did not ensure that grant funds were 
allocated within 60 days as required, and that Financial 
Status Reports for FY 2004-06 grants were submitted 
on time. Our recommendations called for FEMA 
to require the State of Utah to review its allocation 
process to meet the 60 day requirement, and revise the 
Financial Status Reports preparation process to ensure 
timely submissions. 
(OIG-08-83, August 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-83_Aug08.pdf 



20 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



ASSISTANCE TO FIREFIGHTERS GRANT 

Assistance to Firefighters Grant Program- 
FY2003 

We contracted with Foxx & Company to conduct 
a performance audit of the FY 2003 Assistance to 
Firefighters Grant Program. During FY 2003, the 
most recent year at the time of the audit for which 
grant awards were fully implemented, a total of 
8,745 grants worth $705,242,829 were competitively 
awarded. The audit included approximately $7,164,087 
awarded to 30 grant recipients, 10 located in each of 
the states of California, Illinois, and New York. The 
audit was conducted to determine if (1) the grantee 
properly accounted for the awarded federal funds 
and acquired property assets, and (2) the claimed 
program costs were eligible, reasonable, and adequately 
supported. 

Of the 30 grant recipients reviewed, 21 expended grant 
funds in accordance with the grant agreement and 
provided appropriate documentation to support the 
incurred costs. Of the remaining nine recipients, six 
did not comply with grant requirements, resulting in 
ineligible expenditures, and five had unsupported costs. 
Recommendations were made to FEMA to resolve 
the ineligible expenditures and unsupported costs, 
and ensure that grant recipients establish accounting 
systems, comply with records retention policies, and 
follow federal regulations for soliciting bids. 
(OIG-08-84, August 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-84_Aug08.pdf 

INVESTIGATIONS 

Benefit Recipient Sentenced for Federal 
Emergency Management Agency Fraud 

We conducted an investigation of a disaster benefit 
recipient for filing fraudulent disaster claims with 
FEMA. She claimed to have losses in connection with 
Hurricanes Katrina and Rita. Between September 
2005 and January 2006, she filed seven applications 
with FEMA for relief money for property damage to 
residences in Louisiana. She submitted the applications 
over the Internet in the names of other people, and in 
fact, none of the applicants had sustained any property 



damage as a result of the hurricanes. She was sentenced 
in U.S. District Court to 5 years probation and was 
ordered to pay $14,744 in restitution. 

Benefit Recipient Indicted for Federal Emergency 
Management Agency Fraud 

Our investigation revealed that a person falsified 
multiple Social Security numbers to obtain approxi- 
mately $8,000 in fraudulent Individual Assistance 
claims after Hurricane Katrina. Evidence also 
indicated that she defrauded FEMA of approximately 
$8,500 in previous disasters. She was indicted in the 
Southern District of Texas for false claims and mail 
fraud, was subsequently convicted, and is awaiting 
sentencing. 

City Ordered to Pay a Civil Judgment to Federal 
Emergency Management Agency for Excessive 
Claim 

We conducted an investigation into an allegation that a 
Colorado city filed a false excessive claim with FEMA 
for emergency snow removal. Investigation verified that 
the contractor had falsified its billing records at the 
request of the town administrator, enabling the city to 
file an overstated emergency snow removal claim with 
FEMA. Our investigation determined that the claim 
amount was outside the scope of the FEMA provisions. 
A civil judgment was entered and the city agreed to 
reimburse FEMA for $64,500. 

Federal Emergency Management Agency Fraud 
Ring Busted 

We investigated a person who fraudulently filed 77 
disaster assistance applications on behalf of 73 people, 
resulting in wrongful payments of $92,958. She 
and several conspirators recruited members of the 
community, who knowingly provided their names and 
Social Security numbers for her fraudulent filings. 
The recruiters then accompanied the people to cash 
their $2,000 assistance checks. Each person received 
between $300 and $600, with the remaining money 
split between the recruiter and the principal subject. 
The Assistant U.S. Attorney decided to prosecute 10 
of 73 claimants based on their level of involvement in 
the conspiracy, their previous criminal histories, and 
whether they were receiving HUD Section 8 housing 
assistance. 



21 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Eight of the defendants have been sentenced, with 
the principal subject receiving the largest sentence: 33 
months incarceration, 3 years probation, and an order 
to pay $92,958 in restitution. Additionally, her Lincoln 
Navigator was ordered seized and forfeited. Others 
have received lesser terms of confinement, home 
detention, probation, and restitution. Two subjects are 
awaiting sentencing. The investigation was a result of a 
joint investigation with the HUD OIG. 

California Resident Guilty of Filing False 
Katrina Claim 

We conducted an investigation into the allegation 
that a fraudulent FEMA claim was filed by a person 
reporting to be a resident of Louisiana at the time 
Hurricane Katrina struck the Gulf Coast. The person 
was in fact a California resident, who pled guilty to 
false claims, was placed on 2 years probation, and was 
ordered to pay $20,714 in restitution. 

Office of Inspector General Assists Homicide 
Investigations 

The U.S. Attorney's Office, Southern District of 
Texas, contacted our office to request assistance in 
a homicide investigation. Police detectives sought to 
determine if a Louisiana native who was a suspect in 
the murder of his two minor children had fraudulently 
applied for FEMA funds. At the time of the request, 
police had only substantiated misdemeanor charges for 
which the suspect could have posted bond. The suspect 
had indeed fraudulently received FEMA funds and our 
agents gathered sufficient evidence to charge him. The 
suspect later confessed to the murders. 

Office of Inspector General Response to Midwest 
Flooding 

We initiated a response to suspected FEMA fraud 
related to the recent Midwest flooding. Our agents 
visited FEMA Joint Field Offices recently established 
in Madison, WI; Indianapolis, IN; and Urbandale, 
IA. Our agents gave briefings and met with officials 
and various FEMA program staffs. Our agents also 
developed points of contact with other affected federal, 
state, and local police agencies and the relevant U.S. 
Attorneys' offices. 



Federal Emergency Management Agency Fraud 
Suspect Pleads Guilty 

We conducted an investigation of a person who was 
listed as an applicant in a FEMA disaster assistance 
application and claimed to be displaced by Hurricane 
Katrina. FEMA found him to be eligible and provided 
him with $2,000 in disaster assistance. We interviewed 
the person who stated that he fraudulently conspired 
to defraud FEMA and endorsed a U.S. government 
check even though he knew that he was not eligible for 
assistance. The person was sentenced to 36 months 
probation and $2,000 restitution as a result of his 
guilty plea on one count each of false claims and felony 
theft regarding FEMA fraud. 

Fraud Suspects Plead Guilty to False Federal 
Emergency Management Agency Claims 

We conducted an investigation of two people who 
applied by telephone three times for FEMA disaster 
assistance regarding Hurricane Katrina and Rita. The 
Social Security numbers used by the subjects during 
their FEMA claims did not belong to either of them. 
We arrested them after they were indicted for making 
the false applications to FEMA. One subject was 
sentenced to time served, 3 years probation, a $200 
special assessment fine, and $2,000 in restitution. The 
second subject was sentenced to time served, 5 years 
probation, a $200 special assessment fine, and $2,000 
in restitution. 

Federal Emergency Management Agency Fraud 
Suspect Pleads Guilty to Felony Theft 

We conducted an investigation where a person made 
a FEMA disaster assistance application and claimed 
to be displaced by Hurricane Rita. FEMA found 
the applicant eligible and gave her $2,000 in disaster 
assistance. Subsequently, we interviewed the subject, 
who stated that she fraudulently conspired to defraud 
FEMA and endorsed a U.S. government check 
even though she knew that she was not eligible for 
assistance. She was later arrested and pled guilty to one 
count of felony theft, and was sentenced to 18 months 
probation and ordered to pay $2,000 in restitution to 
FEMA. 



22 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Federal Emergency Management Agency Fraud 
Suspect Pleads Guilty to Felony Theft 

We conducted an investigation of a FEMA disaster 
assistance applicant who claimed to be displaced 
by Hurricane Katrina. FEMA found the applicant 
eligible and gave her $2,000 in disaster assistance. 
Subsequently, we interviewed the applicant, who stated 
that she fraudulently conspired to defraud FEMA and 
endorsed a U.S. government check even though she 
knew that she was not eligible for assistance. We later 
arrested the applicant for false claims and felony theft 
regarding the fraudulent disaster assistance applica- 
tion. The subject pled guilty to one count of felony 
theft and was subsequently sentenced to 36 months 
probation and ordered to pay $2,000 in restitution to 
FEMA. 

Former County Official Convicted of Fraud 

We conducted an investigation of alleged FEMA 
fraud involving a former county official. The former 
official created a fraudulent FEMA letter that he sent 
to property developers. The developers responded to 
the letter with money that they thought was payment 
to FEMA for a letter providing land map revisions, 
and the money was deposited in the subject's personal 
account. The former official was convicted in the 
Arizona Superior Court of eight felony counts related 
to FEMA fraud and was subsequently sentenced to 8 
years of state imprisonment. The subject is also facing 
another trial for fraudulent activity in connection with 
his application for a mortgage broker license. 

Two Convicted of Federal Emergency 
Management Agency Debris Removal Fraud 

An early season snowstorm in October 2006 severely 
impacted Erie County, NY, causing large-scale damage 
to trees. Erie County contracted with a debris removal 
company to trim and remove debris from county 
parks. We received allegations that the contractor was 
providing coffee, donuts, lunch, and other nonmone- 
tary gratuities to monitors in order to manipulate 
them into falsifying invoices for work done on trees 
that did not meet FEMA guidelines for trimming. 
One monitor did falsify invoices at the contractor's 



request. Both the contractor and the monitor pleaded 
guilty to state charges and were sentenced to probation 
and community service. As a result of this investiga- 
tion, $62,800 in payments to the contractor, which 
would have been submitted to FEMA, was withheld. 
Since the fraud was averted, FEMA was not billed for 
this activity. 

Alabama Resident Sentenced to Six Years for 
Federal Emergency Management Agency Fraud 

Our investigation resulted in a subject being indicted 
on four counts related to theft of disaster funds 
received as a result of fraudulent claims filed in the 
aftermath of Hurricane Katrina. The subject received 
$8,716 in federal funds. The subject was involved in 
other criminal activity and was also being investigated 
by other federal agencies. The subject entered a guilty 
plea to the disaster fraud and was sentenced to a total 
of 140 months imprisonment (80 months for the 
FEMA fraud) and 60 months on supervised release. 
The court also ordered the subject to pay restitution of 
$8,716 and an assessment of $400. 

Four Alabama Residents Charged With Federal 
Emergency Management Agency Hurricane 
Katrina Fraud 

Our investigation resulted in four subjects being 
indicted for filing false Disaster Assistance claims with 
FEMA after Hurricane Katrina. Three of the subjects 
were family members and the fourth was a close 
associate. One of the subjects was incarcerated at the 
time Hurricane Katrina occurred. The other subjects 
provided FEMA with false documentation regarding 
damage to their homes as well as fraudulent rental 
agreements and receipts in order to obtain funding for 
emergency rental assistance. Total dollar loss to FEMA 
was $27,833. Three of the four subjects have entered 
guilty pleas. One subject has been sentenced to 3 years 
in federal prison and 5 years supervised probation on 
release from prison, and ordered to pay restitution. The 
others are awaiting sentencing and have indicated that 
they want to provide information about others who 
defrauded FEMA. 



23 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Alabama Resident Sentenced to Two Years for 
Stealing Dead Brother's Identity to File False 
Federal Emergency Management Agency Claim 

Our investigation resulted in one person being indicted 
for theft of funds, aggravated identity theft, and 
false statements related to a false FEMA claim after 
Hurricane Katrina. The subject filed the false claim 
in the name of his brother, who had died in 1993. The 
subject received FEMA individual assistance, hotel 
assistance, and a FEMA travel trailer, for a total of 
more than $33,000. The subject entered a guilty plea 
to the charges and was subsequently sentenced to 24 
months imprisonment and 12 months supervised 
release, was ordered to pay restitution in the amount of 
$33,179, and was given a $100 special assessment. 

Federal Emergency Management Agency Fraud 
Suspect Pleads Guilty to Felony Theft 

We investigated four people who allegedly submitted 
false FEMA claims. As part of the recent hurricane 
relief effort, FEMA initiated and funded the Disaster 
Unemployment Insurance Assistance (DUA), which 
provided unemployment insurance (UI) funds in 
addition to regular UI benefits for people who became 
unemployed because of the hurricanes. It was alleged 
that the four people submitted false claims for DUA 
benefits. They were subsequently convicted of wire 
fraud, mail fraud, conspiracy, and identity theft. The 
main conspirator was sentenced to 54 months confine- 
ment followed by 3 years supervised release, and was 
ordered to pay restitution of $150,223. The remaining 
three were sentenced to lesser amounts of incarceration 
and restitution. 

Federal Emergency Management Agency Fraud 
Suspect Pleads Guilty to Felony Theft 

We investigated a complaint received from the local 
police department alleging that a person was a renter at 
an address in Bogalusa, LA, after Hurricane Katrina. 
During the course of the investigation, it was proved 
that she fraudulently applied for and received FEMA 
funds by using the Bogalusa address and forging a 
rental receipt indicating that she was living at the 
address before the hurricane. She was sentenced to 
60 months confinement followed by a 36-month 
supervised release in the Middle District of Louisiana 
as a result of a guilty plea to filing false FEMA claims. 



FEDERAL LAW 
ENFORCEMENT TRAINING 
CENTER 

MANAGEMENT REPORTS 

Independent Auditor's Report on Federal 
Law Enforcement Training Center's FY 2007 
Consolidated Financial Statements 

KPMG LLP, under a contract with DHS OIG, issued 
an Independent Auditor's Report on FY 2007 Consoli- 
dated Financial Statements for the Federal Law 
Enforcement Training Center (FLETC). KPMG LLP 
expressed an unqualified opinion on FLETC's consoli- 
dated financial statements for FY 2007. The FY 2007 
auditor's report discusses four significant deficiencies, 
one of which is considered a material weakness, as 
well as one instance of noncompliance with laws and 
regulations. The following conditions were identified: 
Management Review of Upward and Downward 
Adjustments, Environmental Clean-up Costs, 
Accounts Payable, and Financial Systems Security. 
The Management Review of Upward and Downward 
Adjustments is also a material weakness. FLETC's 
management concurred with all the findings. 
(OIG-08-53, May 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-53_May08.pdf 

Information Technology Management Letter for 
the FY 2007 Federal Law Enforcement Training 
Center Financial Statement Audit (Redacted) 

KPMG LLP performed an audit of the DHS FLETC's 
Consolidated Balance Sheet and related statements 
as of September 30, 2007 and 2006. The overall 
objective of the audit was to evaluate the effectiveness 
of IT general controls of FLETC's financial processing 
environment and related IT infrastructure as necessary 
to support the engagement. As part of this audit, 
KPMG LLP reviewed internal controls over financial 
reporting, and determined that its operation was a 
significant deficiency under standards established 
by the AICPA. KPMG LLP found deficiencies 
in the design and operation of FLETC's internal 
controls, which could adversely affect the agency's 
financial statements. Additionally, KPMG LLP noted 
deficiencies over entity-wide security planning, access 



24 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



controls, application development and change control, 
system software, and service continuity; the auditors 
documented their comments and recommendations in 
the IT Management Letter. KPMG LLP determined 
that FLETC has made progress on its weaknesses, 
but many of the prior year Notifications of Findings 
and Recommendations could not be closed completely 
because of impending systems implementation or 
policies and procedures that are in draft form, and thus 
were reissued. 

(OIG-08-70, June 2008, IT- A) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-70Jun08.pdf 

OFFICE FOR CIVIL RIGHTS 
AND CIVIL LIBERTIES 

We received 92 civil rights and civil liberties complaints 
from April 1 through September 30, 2008. Of those, 
we opened four investigations, referred 88 investiga- 
tions to the Office for Civil Rights & Civil Liberties 
(CR&CL), and there are no complaints currently under 
review for disposition. During the reporting period, we 
did not make any arrests, there were no indictments or 
convictions, and two of the four investigations noted 
above are still open. 

OFFICE OF INTELLIGENCE 
AND ANALYSIS 

MANAGEMENT REPORTS 

Letter Report: National Applications Office 
Privacy Stewardship (Unclassified Summary) 

We reviewed the DHS National Applications Office 
(NAO) privacy stewardship to determine whether 
NAOs plans and activities instill and promote a 
privacy culture and are in compliance with privacy 
regulations. Privacy stewardship includes establishing 
privacy requirements prior to program initiation, 
privacy risk assessment and mitigation, and privacy 
integration in the program operation. 

Generally, NAO is making good progress in developing 
an effective privacy program for its operations. Specifi- 
cally, NAO involved the DHS Privacy Office early in 
program planning and development of key organiza- 
tional documents. Also, NAO acknowledges privacy 
requirements and states a commitment to privacy in 



its charter. We identified several elements that serve 
as a framework for NAOs privacy stewardship, such 
as ongoing privacy oversight by departmental privacy 
and civil liberties officers, public notice of system of 
records, training of NAO personnel, and approved 
risk assessments. However, a revised Privacy Impact 
Assessment and a Civil Liberties Impact Assessment 
reflecting changes in the charter are still necessary 
before NAO can become operational. 

We recommended that the Under Secretary for Intelli- 
gence & Analysis direct the Director of NAO to obtain 
the DHS Privacy Office's approval of an updated 
program Privacy Impact Assessment reflecting a signed 
charter and standard operating procedures, as well 
as DHS CR&CL approval of NAO's Civil Liberties 
Impact Assessment. 
(OIG-08-35, April 2008, IT-A) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIGr_08-35_Apr08.pdf 

TRANSPORTATION 
SECURITY ADMINISTRATION 

MANAGEMENT REPORTS 

Transportation Security Administration's 
National Deployment Force 

TSAs National Deployment Force deploys transpor- 
tation security officers to support airport screening 
operations during emergencies, seasonal demands, or 
other circumstances requiring more staffing resources 
than are regularly available. TSA implemented this 
program without developing a process to determine 
the criteria and priority for deployment decisions or 
ensuring the appropriateness of resource allocations. 
From the establishment of a deployment program in 
November 2003 until January 2007, TSA did not have 
financial systems to track and document program- 
related costs, adequate documentation to support 
deployment decisionmaking, or internal controls and 
standard operating procedures over key deployment 
functions. In addition, TSA was overly reliant on the 
deployment force to fill chronic staffing shortages at 
specific airports in lieu of more cost-effective strategies 
to handle screening demands. We recommended that 
TSA establish systems to collect, track, and report 
deployment costs; develop decisionmaking procedures 



25 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



for deployment requests and document results; 
and develop and disseminate standard operating 
procedures for key program functions to increase 
program efficiency and effectiveness. 
(OIG-08-49, April 2008, ISP) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-49_Apr08.pdf 

TSA's Administration and Coordination of Mass 
Transit Security Programs 

Since 2004, TSA has initiated several programs 
to boost mass transit security. Our review focused 
on TSAs management of its four major assistance 
programs and how well these programs meet the needs 
of the Nation's five largest mass transit rail systems. 
TSA is improving mass transit security but faces 
important challenges to improve transit rail security, 
meet the needs of mass transit authorities, and comply 
with recent legislation that expanded TSAs statutory 
authority and responsibility. TSA still needs to 
clarify its transit rail mission and develop additional 
regulations and memorandums of understanding with 
local transit authorities. TSA needs to improve interof- 
fice communication and coordination, and needs to 
better understand and address system-specific security 
requirements. We made seven recommendations to 
improve management and coordination of mass transit 
rail security programs. 
(OIG-08-66, June 2008, ISP) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-66Jun08.pdf 

A Review of TSA's Management of Aviation 
Security Activities at Jackson-Evers International 
and Other Selected Airports 

The Chairman of the House Committee on Homeland 
Security requested that we review TSAs management 
of aviation security activities at Jackson-Evers Interna- 
tional and other selected airports, including whether 
(1) existing processes, which authorize certain people 
to fly while armed, need strengthening; (2) transporta- 
tion security officers reported the discovery of firearms 
and other dangerous prohibited items as required by 
TSA policy and directives; (3) transportation security 
officers received advance notice of any internal TSA 
covert testing; and (4) TSA compromised any covert 
testing conducted by another federal government 
entity. 



TSA has made progress toward improving its internal 
covert testing, but additional work is necessary. In 
addition, TSA can take steps to improve security 
activities within commercial aviation by eliminating the 
vulnerabilities associated with the current flying armed 
processes, strengthening covert testing procedures, and 
improving processes for reporting security incidents. 
We made 12 recommendations to improve TSAs 
management of aviation security. In response to our 
report, TSA proposed plans and actions that, once 
implemented, will reduce a number of the deficiencies 
we identified. TSA concurred with nine recommenda- 
tions, concurred in part with two recommendations, 
and did not concur with one recommendation, which 
we have since modified. 
(OIG-08-90, September 2008, ISP) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-90_Sep08.pdf 

Independent Auditor's Report on the 
Transportation Security Administration's FY 
2007 Balance Sheet 

KPMG LLP, under a contract with DHS OIG, 
issued a qualified opinion on the TSA's balance sheet 
for the year ended September 30, 2007. TSA was 
unable to provide sufficient audit evidence to support 
the accuracy, completeness, and existence of accrued 
unfunded leave, certain other intragovernmental 
liabilities, intragovernmental accounts payable, and 
certain accounts payable as presented in TSA's consoli- 
dated balance sheet at September 30, 2007. KPMG 
LLP's report also discusses five material weaknesses, 
two other significant deficiencies in internal control, 
and instances of noncompliance with four laws and 
regulations as follows: 

Significant deficiencies that are considered to be 
material weaknesses: 

A. Financial Systems Security 

B. Undelivered Orders and Accounts Payable 

C. Property and Equipment 

D. Financial Reporting 

E. Accrued Leave 

F. Accounts Receivable 

G. Human Resources Documentation 

Noncompliance of laws and regulations: 

H. Federal Financial Management Improvement 
Act of 1996 



26 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



I. Federal Managers Financial Integrity Act of 
1982 

J. Debt Collection Improvement Act of 1996 

K. Payroll-related laws 
(OIG-08-57, May 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-57_May08.pdf 

Transportation Security Administration's Efforts 
To Proactively Address Employee Concerns 

TSA reports that a stable, mature, and experienced 
workforce is the most effective tool it has to meet its 
mission. Despite the value placed on the workforce, 
employees have expressed their concerns about 
how the TSA operates by historically filing formal 
complaints at rates higher than other federal agencies 
of comparable size. Low employee morale continues 
to be an issue at some airports, contributing to TSAs 
17% voluntary attrition rate. 

TSA has taken proactive steps by establishing the 
Office of the Ombudsman, the Integrated Conflict 
Management System, and the National Advisory 
Council to help identify and address its employees' 
workplace concerns. We evaluated the effectiveness 
of these initiatives and concluded that TSA could 
improve its initiatives by establishing more effective 
internal systems, processes, and controls. Specifi- 
cally, TSA has not provided sufficient tools and 
guidance regarding the structures, authorities, and 
oversight responsibilities of each initiative, and has 
faced challenges in communicating the details of each 
to its workforce. More than half of the employees we 
interviewed described the agency's efforts to educate 
them on the various initiatives available to address 
their workplace concerns as "inadequate." Our report 
contains six recommendations to the TSA to provide 
employees with sufficient tools, including clear 
guidance and better communication, on the structures, 
authorities, and oversight responsibilities of the 
initiatives we reviewed. 
(OIG-08-62, May 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-62_May08.pdf 

Transportation Security Administration's Single 
Source (Noncompetitive) Procurements 

We conducted an audit to determine whether TSA 
properly justified less than full and open competition 
for single source procurements. Contracts awarded 



in FY 2006 were exempted from the requirements 
of the Federal Acquisition Regulation. However, the 
Consolidation Appropriation Act of 2008 repealed TSAs 
exemption, effective June 2008. 

TSA complied with some of the policies and 
procedures for awarding single source procurements, 
but not others. All of the contract files contained 
the written rationale, but most of the files lacked the 
required market analysis, proper concurrences and 
approvals, and statements of planned actions to remove 
barriers to future competition. The noncompliances 
prevent TSA from readily substantiating that its 
single source procurements in 2006 were appropriately 
awarded. We recommended measures that, when 
implemented, will increase the likelihood that TSAs 
single source procurements comply with applicable 
policies and procedures, are fully justified, and are 
appropriate. 

(OIG-08-67, June 2008, OA) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-67_Jun08.pdf 

Independent Auditor's Report on the 
Transportation Security Administration's FY 
2008 Mission Action Plans 

KPMG LLP, under a contract with DHS OIG, 
performed an audit to evaluate and report on the 
status of the four detailed M APs prepared by TSA to 
correct the internal control deficiencies over financial 
reporting. The MAPs are intended to address control 
deficiencies identified in financial reporting, capital 
assets and supplies, actuarial and other liabilities, and 
budgetary accounting. 

KPMG LLP noted that the MAP milestones are not 
clearly linked to root causes. Critical interdependen- 
cies, such as those between milestones, accounting 
processes, or with third parties, are not identified 
within each MAP and affected milestones (e.g., USCG 
IT systems). 

KPMG LLP recommended that TSA management 
continue to perform a comprehensive and thorough 
root cause analysis, improve MAPs by clearly linking 
each deficiency or root cause identified by management 
to milestones, and identify critical interdependences 
and include milestones recognizing these dependencies. 
(OIG-08-74, July 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-74_JuIy08.pdf 



27 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Transportation Security Administration's 
Controls Over Badges, Uniforms, and 
Identification Cards 

In early 2007, the media widely reported that 
thousands of TSA uniforms and badges were missing 
from various airport locations throughout the 
United States. Security experts and some members 
of Congress expressed concern that these missing 
items could allow an unauthorized person access to 
secured areas of an airport. We determined that TSA 
does not have adequate controls in place to manage 
and account for airport security identification display 
area badges, TSA uniforms, and TSA identification 
cards. Unauthorized access to those items increases an 
airport's level of risk to a wide variety of terrorist and 
criminal acts. 

TSA did not ensure that airport badge offices were 
notified when TSA employees separated from the 
agency, or that airport security identification display 
area badges were retrieved and returned to the badge 
offices. TSA did not record and track issuance of 
TSA uniforms, collect uniforms upon an employee's 
separation, and safeguard and account for reserve 
stock. TSA did not maintain accurate records on 
TSA identification cards or ensure that identification 
cards were returned and destroyed upon an employee's 
separation from TSA. Our report contained three 
recommendations to the TSA Assistant Secretary 
to strengthen the controls over TSA's management 
of airport security identification display area badges, 
uniforms, and identification cards. 
(OIG-08-92, September 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIGr_08-92_Sep08.pdf 

Information Technology Management Letter 
for the FY 2007 Transportation Security 
Administration Balance Sheet Audit (Redacted) 

We contracted with the independent public accounting 
firm KPMG LLP to audit the TSA consolidated 
balance sheet and related statements as of September 
30, 2007 and 2006. As part of this review, KPMG 
LLP noted certain matters involving IT internal 
control and other operational matters and have 
documented their comments and recommendations 
in the IT Management Letter. The overall objective of 
our audit was to evaluate the effectiveness of IT general 



controls of TSA's financial processing environment 
and related IT infrastructure. KPMG LLP noted 
that TSA addressed many prior years of IT control 
weaknesses, but that IT general control weaknesses 
still existed during FY 2007. The most significant 
weaknesses from a financial statement audit perspec- 
tive related to access controls and application change 
control. Collectively, the IT control weaknesses limit 
TSA's ability to ensure the confidentiality, integrity, 
and availability of critical financial and operational 
data. These weaknesses also negatively impact 
TSA's internal controls over its financial reporting 
and operation, and KPMG LLP considers them 
to collectively represent a material weakness under 
standards established by the AICPA. 
(OIG-08-72, June 2008, ITA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIGr_08-72Jun08.pdf 

INVESTIGATIONS 

Transportation Security Administration Officer 
Convicted of Selling Security Seals 

We arrested a TSA officer after an investigation 
determined that he sold TSA "cleared baggage" stickers 
to an undercover agent with the knowledge that the 
stickers would be used to smuggle a shipment of 
cocaine through an international airport. After arrest, 
the TSA officer provided a full written confession 
and later pleaded guilty to theft of U.S. government 
property. 

Screener Pleads Guilty and Is Sentenced for 
Stealing Passengers' Personal Property 

We conducted an investigation into the allegation 
that a TSA security officer was stealing passengers' 
personal property items, including laptop computers 
and jewelry. The TSA security officer pleaded guilty to 
a state charge of theft second degree, was sentenced to 
5 years probation, and was ordered to make restitution. 

Safety Concerns Raised by Federal Flight Desk 
Officer's Locking Pistol Holster 

We conducted an investigation that the design of 
TSA-issued locking holsters used by the Federal Flight 
Deck Officer (FFDO) program increases the likelihood 
of an accidental discharge of a weapon in an aircraft 
cockpit. We examined the holster and observed that 



28 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



its design renders the weapon vulnerable to accidental 
discharges if improperly handled. In a darkened 
cockpit, under the stress of meeting the operational 
needs of the aircraft, a pilot could inadvertently 
discharge the weapon by failing to ensure it is properly 
seated in the holster, securing the trigger lock, and then 
pushing the weapon inward to secure the holster snap. 
Furthermore, our investigation observed that it was 
possible to accidentally discharge the weapon while 
inserting the hasp into the holster of an incorrectly 
seated weapon. Using a scale, we determined that only 
6—7 pounds of lateral pressure on the padlock was 
sufficient to induce a discharge. 




if" 



Measuring foot pounds of lateral force required to induce a 
weapon discharge. 



We recommended that given the distracting environ- 
ment and potential low light of an aircraft cockpit, the 
FFDOs' weapon locking system should be simple and 
forgiving and that TSA should discontinue the use 
of the locking holster and consider other methods for 
FFDO to secure their weapons. 

UNITED STATES CITIZENSHIP 
AND IMMIGRATION 
SERVICES 

INVESTIGATIONS 

Civilian Pleaded Guilty to Visa Fraud and 
Aiding and Abetting (Update 10/1/07-3/31/08 
SAR) 

We conducted a joint investigation with the United 
States Immigration and Customs Enforcement (ICE) 



Office of Investigations that resulted in the conviction 
of a civilian who had falsely claimed that he was 
conspiring with three corrupt U.S. Citizenship and 
Immigration Services (USCIS) employees to obtain 
immigration documents. The subject was charging 
$7,000 to file false immigration documents with 
USCIS on behalf of illegal aliens. No relationship was 
found between the subject and any USCIS employees 
during the investigation. The civilian pleaded guilty 
and was sentenced in U.S. District Court to 60 months 
for conspiracy to defraud the United States, presenta- 
tion of false immigration documents, aiding and 
abetting, and distribution of a controlled substance. 

Aiding Victims of Human Trafficking 

We received an allegation that a USCIS employee was 
keeping a foreign national in involuntary servitude 
at his residence. The investigation disclosed that 
the employee brought the foreign national to the 
United States, fraudulently granted her immigra- 
tion status, and then withheld her immigration 
documents to induce her to perform the duties of an 
unpaid servant in his home for several years. A search 
warrant was executed at the employee's residence, 
resulting in significant evidence of the offense. The 
USCIS employee was later admitted to a hospital 
following an apparent drug overdose and remains in a 
permanent vegetative state. Criminal charges have been 
declined in consideration of his medical condition. 
We are assisting the foreign national to transition to 
self-sufficiency. 

UNITED STATES 
COAST GUARD 

MANAGEMENT REPORTS 

Enhanced Configuration Controls and 
Management Policies Can Improve U.S. Coast 
Guard Network Security (Redacted) 

The USCG has implemented adequate security 
controls and policies for protecting its network 
infrastructure. Our audit focused on USCG security 
policies and procedures and network protection 
devices — such as firewalls, intrusion detection systems, 
and encryption devices — that have been deployed 
to protect the Coast Guard Data Network Plus 



29 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



(CGDN+) infrastructure. The overall security posture 
of the CGDN+ infrastructure is good. The USCG 
has implemented effective controls for protecting its 
network infrastructure; however, USCG management 
needs to take additional steps to ensure that the 
security of its network is not compromised by existing 
vulnerabilities. The USCG should enhance its configu- 
ration controls in compliance with DHS' information 
technology security policies and practices. Addition- 
ally, USCG should develop guidelines and procedures 
to address the security and configuration management 
of its network infrastructure. 
(OIG-08-82, August 2008, IT-A) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-82_Aug08.pdf 

Allision of the M/V COSCO BUSAN with the 
San Francisco -Oakland Bay Bridge 

We reviewed the USCG response to the November 
7, 2007, allision of the Motor Vessel (M/V) COSCO 
BUSAN with the San Francisco-Oakland Bay Bridge. 
On November 7, 2007, with visibility restricted owing 
to heavy fog, the M/V COSCO BUSAN underway 
from Oakland, CA, allided with the San Francisco Bay 
Bridge. This allision created a large gash in the port 
side of the vessel, which caused an estimated 53,653 
gallons of fuel oil to spill into San Francisco Bay. 




M/V COSCO BUSAN at anchor. 
Source: San Francisco Chronicle 



Due to the concerns about the subsequent USCG 
response and investigation, Speaker Nancy Pelosi 
and Chairman Elijah Cummings requested a review 
of the mishap. The USCGs actions before and for 
the first 24 hours after the allision were generally 
consistent with the policies and procedures in place 



for the San Francisco Sector at the time of the mishap. 
However, guidelines for vessel movement during 
periods of restricted visibility need to be expanded and 
clarified. Additionally, deficiencies in the post-mishap 
investigation resulted in a lost opportunity to collect 
and preserve all evidence relevant to the mishap. For 
example, communication and navigation equipment 
was not secured and tested, and M/V COSCO 
BUSAN and USCG watchstanders were not properly 
and timely tested for drug and alcohol use. 




Muir Beach cleanup 
Source: USCG 



Response to an oil spill is a multifaceted and multilay- 
ered effort that requires stakeholders to respond both 
autonomously and cooperatively. Much of the credit 
for the success of the response goes to the USCG, the 
State of California Oil Spill Prevention and Response 
Division, and the responsible party. 
(OIG-08-38, April 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-38_Apr08.pdf 

Independent Review of the U.S. Coast Guard's 
Reporting of FY 2007 Drug Control Obligations 

KPMG LLP, under contract with DHS OIG, was 
unable to issue an Independent Accountant's Report 
on the FY 2007 Drug Control Obligations for the 
USCG. USCGs management prepared the Table of 
Drug Control Obligations and related disclosures to 
comply with the requirements of the Office of National 
Drug Control Policy (ONDCP) Circular, Drug Control 
Accounting, dated May 1, 2007. However, because 
USCG could not provide assurance over the financial 
data in the detailed accounting submissions, KPMG 



30 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



LLP could not provide the level of assurance required 
of the review. 

(OIG-08-42, April 2008, OA) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-42_Apr08.pdf 

Independent Review of the U.S. Coast Guard's 
Reporting of FY 2007 Drug Control Performance 
Summary 

KPMG LLP, under contract with DHS OIG, issued 
an Independent Accountant's Report on the FY 2007 
Drug Control Performance Summary for the USCG. 
USCG's management prepared the Performance 
Summary Report and management's assertions 
to comply with the requirements of the ONDCP 
Circular Drug Control Accounting, dated May 1, 2007. 
KPMG LLP did not find any reason to believe that 
the Performance Summary Report for the year ended 
September 30, 2007, was not presented, in all material 
respects, in conformity with the ONDCP's Circular, 
or that management's assertions were not fairly stated, 
in all material respects, based on the criteria set 
forth in the circular. KPMG LLP did not issue any 
recommendations as a result of this review. 
(OIG-08-43, April 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-43_Apr08.pdf 

U.S. Coast Guard's Management of the Marine 
Casualty Investigations Program 

The House Committee on Transportation and 
Infrastructure and the Senate Committee on 
Commerce, Science, and Transportation requested 
that we audit the extent to which marine casualty 
investigations and reports result in information and 
recommendations that prevent or minimize the 
effect of similar casualties. Although the USCG's 
marine casualty investigations program has resulted 
in numerous safety alerts and recommendations 
designed to prevent similar casualties, the program is 
hindered by unqualified personnel conducting marine 
casualty investigations, investigations conducted at 
inappropriate levels, and ineffective management 
of a substantial backlog of investigations needing 
review and closure. Because of these management 
shortfalls, the USCG may not be able to determine 
the causes of accidents and may miss opportunities 
to issue safety alerts or recommendations that could 



prevent or minimize similar casualties. To improve the 
management and accountability of the marine casualty 
investigations program, we made eight recommenda- 
tions that included the development and implemen- 
tation of a plan to increase the number of qualified 
marine casualty investigators, including hiring civilians, 
and the implementation of quality control procedures 
to ensure that marine casualty investigations are 
conducted at the recommended levels. 
(OIG-08-51, May 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-51_May08.pdf 

Independent Auditor's Report on U.S. Coast 
Guard's FY 2008 Mission Action Plans 

KPMG LLP, under a contract with DHS OIG, 
performed an audit to evaluate and report on the status 
of the three detailed MAPs prepared by the USCG to 
correct the internal control deficiencies over financial 
reporting identified in Financial Management and 
Entity Level Controls, Fund Balance with Treasury, 
and Financial Reporting. 

KPMG LLP noted that the root causes identified 
were only generally defined, and critical interdepen- 
dencies were not identified and did not clearly link 
or cross-reference to audit findings and the material 
weakness conditions identified in the Independent 
Auditor's Report. The MAPs lacked specificity 
and milestones were not linked directly to the 
financial statement assertions affected by the control 
weaknesses. Some key milestones in the MAPs 
contained steps that were not measurable or designed 
with incremental objectives. 
(OIG-08-73, July 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-73Jul08.pdf 

Information Technology Management Letter for 
the U.S. Coast Guard Component of the FY 2007 
Department of Homeland Security Financial 
Statement Audit (Redacted) 

We contracted the independent public accounting firm 
KPMG LLP to audit the USCG Consolidated Balance 
Sheet and related statements as of September 30, 2007 
and 2006. As part of this review, KPMG LLP noted 
certain matters involving IT internal control and other 
operational and have documented their comments 



31 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



and recommendations in the IT Management Letter. 
The overall objective of our audit was to evaluate 
the effectiveness of IT general controls of USCG's 
financial processing environment and related IT 
infrastructure. KPMG LLP noted that USCG 
addressed many prior years of IT control weaknesses, 
but that IT general control weaknesses still existed 
during FY 2007. The most significant weaknesses 
from a financial statement audit perspective related to 
access controls, system software, entity-wide security, 
segregation of duties, service continuity and application 
change control. Collectively, the IT control weaknesses 
limit USCG's ability to ensure the confidentiality, 
integrity, and availability of critical financial and 
operational data. These weaknesses also negatively 
impact USCG's internal controls over its financial 
reporting and operation, and KPMG LLP considers 
them to collectively represent a material weakness 
under standards established by the AICPA. 
(OIG-08-69, June 2008, ITA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIGr_08-69_Jun08.pdf 

UNITED STATES CUSTOMS 
AND BORDER PROTECTION 

MANAGEMENT REPORTS 

A Review of U.S. Customs and Border 
Protection's Procurement of Untrained Canines 

From April 2006 through June 2007, CBP procured 
322 untrained canines at an average price of $4,535 per 
canine. The costs incurred for the untrained canines 
were reasonable and were comparable to the costs 
incurred for untrained canines procured by organiza- 
tions such as the United States Secret Service and the 
Department of Defense. Regarding the cost effective- 
ness of the program, while only 4% of the Office of 
Border Patrol's 13,905 agents were canine handlers, 
they were credited with 60% of narcotic apprehensions 
and 40% of all other apprehensions in FY 2007. 

The solicitation and award of this contract were 
conducted according to applicable federal regulations. 
Also, U.S. Department of Agriculture officials 
said that the vendors were not required to possess a 
federally issued license to engage in the sale of animals. 
Through August 14, 2007, 26 (8%) of the procured 



canines did not complete the training. CBP donated six 
of these canines to private homes, which was inconsis- 
tent with federal regulations. We recommended 
that CBP adjust the delivery timeframes for vendors, 
properly transfer or sell unfit canines, and implement 
a unified system that accurately accounts for the 
performance of canine teams. 
(OIG-08-46, April 2008, ISP) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-46_Apr08.pdf 

Additional Controls Can Enhance the Security of 
the Automated Commercial Environment System 
(Redacted) 

We evaluated the Automated Commercial Environ- 
ment (ACE) system to determine whether CBP 
had implemented adequate and effective security 
controls to ensure the efficient collection, processing, 
and analysis of commercial import and export data. 
CBP has implemented effective measures to reduce 
the potential risks of unauthorized access to the 
ACE system. However, more effort is needed to 
improve the ACE security posture. We made four 
recommendations to improve the areas of management, 
operational, and technical controls. For example, we 
identified weaknesses in security acceptance testing 
during the system development process, user account 
management, patch management, and the inconsistent 
implementation of DHS Windows and Unix Baseline 
Configurations. 
(OIG-08-64, June 2008, ITA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIGr_08-64_Jun08.pdf 

Technical Security Evaluation of U.S. Customs 
and Border Protection Activities at the Chet 
Holifield Federal Building (Redacted) 

We evaluated CBP activities at the Chet Holifield 
Federal Building located in Laguna Niguel, CA. 
Specifically, we addressed how CBP has implemented 
computer security operational, technical, and 
managerial controls for its IT assets at this site. 
We performed onsite inspections, interviewed 
departmental staff, and conducted technical tests of 
internal controls, e.g., scans for wireless networks. 
Some of the Chet Holifield Federal Building 
operational controls did not always conform to DHS 
policies, including environmental, business continuity, 



32 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



and physical security controls. For example, CBP could 
better protect its IT assets from damage by ensuring 
that the server room is not used for general storage. We 
briefed the DHS Chief Information Security Officer 
and CBP on the results of our evaluation. We also 
made eight recommendations to improve IT security 
at this site. CBP concurred with our recommendations 
and is addressing the findings. 
(OIG-08-37, April 2008, IT-A) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-37_Apr08.pdf 

Lessons Learned from the August 11, 2007, 
Network Outage at Los Angeles International 
Airport (Redacted) 

We evaluated CBP's actions to address the network 
outage at Los Angeles International Airport (LAX) on 
August 11, 2007. We also evaluated the actions that 
CBP took to prevent a recurrence of a similar outage. 
We performed onsite inspections at the airport, 
interviewed department staff conducted technical tests 
of workstations that may have been involved in the 
outage, and briefed CBP officials on the results of our 
evaluation. We recommended that CBP (1) establish 
and test procedures to use network operations center 
and onsite field support staff more effectively during a 
network outage, (2) provide network diagnostic tools 
for onsite support staff, (3) configure routers to provide 
required security logs; and (4) determine if steps taken 
at LAX should also be taken at other CBP locations. 
CBP officials concurred with our recommendations 
and have taken actions to ensure that a similar outage 
does not recur at this airport. 
(OIG-08-58, May 2008, IT-A) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIGr_08-58_May08.pdf 

Independent Review of the U.S. Customs and 
Border Protection's Reporting of FY 2007 Drug 
Control Obligations 

KPMG LLP, under a contract with DHS OIG, 
issued an Independent Accountant's Report on the 
FY 2007 Drug Control Obligations for CBP. CBP 
management prepared the Table of Drug Control 
Obligations Report and related disclosures to comply 
with the requirements of the ONDCP Circular, Drug 
Control Accounting, dated May 1, 2007. KPMG LLP 



did not find any reason to believe that the Table of 
Drug Control Obligations Report for the year ended 
September 30, 2007, was not presented in all material 
respects, in conformity with the ONDCP Circular, 
or that related disclosures were not fairly stated, in all 
material respects, based on the same criteria. KPMG 
LLP did not note any recommendations as a result of 
this review. 

(OIG-08-39, April 2008, OA) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-39_Apr08.pdf 

Independent Review of the U.S. Customs and 
Border Protection's Reporting of FY 2007 Drug 
Control Performance Summary 

KPMG LLP, under a contract with DHS OIG, 
issued an Independent Accountant's Report on the 
FY 2007 Drug Control Performance Summary for 
CBP. CBP management prepared the Performance 
Summary Report to comply with the requirements of 
the ONDCP Circular, Drug Control Accounting, dated 
May 1, 2007. KPMG LLP did not find any reason to 
believe that the Performance Summary Report for the 
year ended September 30, 2007, was not presented 
in all material respects, in conformity with ONDCP 
Circular. The Independent Accountant's Report is 
limited to the Performance Summary and did not 
cover management's assertions. 
(OIG-08-40, April 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-40_Apr08.pdf 

Independent Review of the U.S. Customs and 
Border Protection's Management Assertions on 
the 2007 Drug Control Performance Summary 

KPMG LLP, under a contract with DHS OIG, 
issued an Independent Accountant's Report on the 
FY 2007 Drug Control Performance Summary for 
CBP. Management of CBP prepared the Performance 
Summary Report and management's assertions 
to comply with the requirements of the ONDCP 
Circular, Drug Control Accounting, dated May 1, 2007. 
CBP's management reported that they could not 
assert that the "methodology to establish performance 
targets is reasonable and applied," as required by the 
ONDCP Circular. As a result, KPMG LLP was 
unable to complete their review of management's 



33 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



assertions on the Performance Summary Report, and 
the Independent Accountant's Report is limited to the 
Performance Summary only. 
(OIG-08-41, April 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-41_Apr08.pdf 

Targeting Cargo Containers 2008: Review of 
U.S. Customs and Border Protection's Cargo 
Enforcement Reporting and Tracking Systems 

Each year, we conduct a review of DHS' Automated 
Targeting System (ATS). In 2008, we reviewed CBP's 
Cargo Enforcement Reporting and Tracking System, 
a component of ATS. We identified the need for 
improvements in planning, updating, developing, and 
implementing the system. Specifically, CBP has to 
update the project plan to include the scope of work; 
a detailed implementation schedule for system design, 
developing, and testing; and cost estimates past 
phase 1. In addition, CBP bypassed key life cycle 
reviews designed to ensure that end users have 
a properly working system and have received 
management's approval to continue the project. CBP 
has expanded its international efforts to secure the 
cargo supply chain. For example, it continues to 
expand its efforts with the Customs-Trade Partnership 
Against Terrorism program and continues its efforts 
to improve ATS for cargo. We continue to review 
revenue management and analysis functions, and the 
effectiveness of trade operations security programs and 
strategies. 

(OIG-08-65, June 2008, OA) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-65_Jun08.pdf 

U.S. Customs and Border Protection's 
Management of 2005 Gulf Coast Hurricanes 
Mission Assignment Funding 

Regis & Associates, PC, under contract with DHS 
OIG, reviewed the CBP's management processes and 
internal controls for implementing FEMA-issued 
mission assignments related to the 2005 Gulf Coast 
hurricanes. CBP's management of mission assignments 
could be enhanced by (1) improving preparedness 
for future responses, (2) improving disaster response 
procurement and contract monitoring processes, 
(3) implementing accountable property policies and 
procedures at disaster field command locations, (4) 



providing FEMA with complete documentation to 
support reimbursable expenditures, and (5) improving 
the mission assignment reimbursement billing 
processes. Cumulatively, we questioned approximately 
$5 million of the $17.7 million in costs that CBP billed 
FEMA. This included $2.3 million for the cost of 
property reimbursed by FEMA but not returned, $2 
million for unsupported expenditures, and $600,000 
for expenditures that did not comply with the scope or 
duration of mission assignment terms. Our recommen- 
dations included implementing controls to record 
budget object codes correctly, enhanced training 
for accountable property officers, and developing 
procedures for reimbursement billings and specifying 
the supporting documentation required. 
(OIG-08-80, July 2008, EMO) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-80_JuI08.pdf 

Information Technology Management Letter 
for the FY 2007 U.S. Customs and Border 
Protection Financial Statement Audit (Redacted) 

We contracted with the independent public accounting 
firm KPMG LLP to audit the CBP consolidated 
balance sheet and related statements as of September 
30, 2007 and 2006. As part of this review, KPMG 
LLP noted certain matters involving IT internal 
control and other operational matters and have 
documented their comments and recommendations 
in the IT Management Letter. The overall objective of 
our audit was to evaluate the effectiveness of IT general 
controls of CBP's financial processing environment and 
related IT infrastructure. KPMG LLP noted that CBP 
addressed many prior years of IT control weaknesses 
but that general control weaknesses still existed during 
FY 2007. The most significant weaknesses from a 
financial statement audit perspective related to access 
controls and service continuity. Collectively, the IT 
control weaknesses limit CBP's ability to ensure the 
confidentiality, integrity, and availability of critical 
financial and operational data. These weaknesses also 
negatively impact CBP's internal controls over its 
financial reporting and operation, and KPMG LLP 
considers them to collectively represent a material 
weakness under standards established by the AICPA. 
(OIG-08-50, May 2008, IT-A) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIGr_08-50_May08.pdf 



34 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



INVESTIGATIONS 

Border Patrol Agent Sentenced for Distributing 
Marijuana from Government Vehicle 

We conducted an investigation of a Border Patrol 
Agent (BPA) who was distributing marijuana from 
his government vehicle while on duty. The BPA was 
charged with unlawful manufacture and distribu- 
tion of a controlled substance, pleaded guilty, and was 
sentenced to 6 months in prison and 4 months house 
arrest. 

Customs and Border Protection Officer Sentenced 
for Conspiracy to Smuggle Narcotics (Update 
10/1/07-3/31/08 SAR) 

We conducted an investigation of a Customs and 
Border Protection Officer (CBPO) suspected of 
accepting bribes to allow illegal narcotics to be 
smuggled into the United States. We arrested the 
CBPO, who pleaded guilty to conspiracy to import 
a controlled substance, marijuana, exceeding 1,000 
kilograms. The CBPO was sentenced to 240 months 
incarceration and 5 years supervised release and fined 
$2,000. He agreed to forfeit more than $5 million in 
U.S. currency, a vehicle, and assorted jewelry that were 
deemed to be fruit of the crime. 

Customs and Border Protection Officer Convicted 
of Alien Smuggling 

We conducted an investigation of a CBPO who 
assisted an undocumented alien to enter the United 
States through his inspection lane at a border crossing 
in Texas. The CBPO was arrested and pleaded guilty 
to aiding and abetting and alien smuggling. The CBPO 
was sentenced to 36 months of incarceration and 3 
years of supervised release, and was ordered to pay a 
$5,000 fine. 

Customs and Border Protection Officer Arrested 
for Selling Travel Permits 

We investigated an allegation that a CBPO in Texas 
was selling Form 1-94, Arrival/Departure Records 
("Travel Permits") to a document vendor, who in turn 
sold them to ineligible aliens. As a result of information 
obtained in our investigation, we enlisted the coopera- 
tion of a co-conspirator who was able to purchase 
1-94 documents from the CBPO. The CBPO was 
arrested pursuant to a criminal complaint and was later 



convicted on charges of bribery of a public official. Our 
investigation has disclosed that the CBPO fraudulently 
issued more than 75 other travel permits, all of which 
we have been able to cancel or recover. 

Border Patrol Agent Arrested and Pled Guilty to 
Smuggling Illegal Aliens and Money Laundering 
Charges 

We arrested a BPA, two Mexican residents, and one 
Legal Permanent Resident alien after our investigation 
determined that from January 2005 to May 2008 they 
had conspired to smuggle more than 100 illegal aliens 
into the United States from Mexico. We substantiated 
that the BPA accepted bribes to facilitate the transport 
of undocumented aliens through the interior Border 
Patrol checkpoints in New Mexico. The BPA pleaded 
guilty to alien smuggling and money laundering 
charges. As part of his plea agreement, the BPA 
agreed to forfeit a house he owned in Texas, which the 
organization used as a safe house, and to pay approxi- 
mately $500,000 — the amount of proceeds derived 
from his criminal activity. 

Vehicle Rollover Death Investigation 

We conducted an investigation of an accident that 
resulted in the death of undocumented aliens who were 
traveling in a vehicle that was being pursued by BPAs. 
The driver of the vehicle failed to yield and ran over 
control tire deflation devices used by the BPAs, causing 
him to crash into an oncoming vehicle, which resulted 
in multiple deaths and injuries. The investigation 
cleared the BPAs from liability. The driver involved in 
the pursuit was found guilty of vehicular homicide and 
sentenced to 30 years to life and ordered to pay restitu- 
tion of $402,000. 

Customs and Border Protection Officer Sentenced 
on Bribery and Alien Smuggling Charges 

We conducted an investigation into an allegation that 
a CBPO was receiving bribes to smuggle illegal aliens 
through his security checkpoint at an airport port of 
entry. The CBPO was convicted by a jury of one count 
of bribery, one count of conspiracy to bring aliens into 
the United States for financial gain, and five counts of 
alien smuggling for financial gain. Our investigation 
resulted in the officer being sentenced in the Southern 
District of Florida to 6 1/2 years imprisonment and a 
$12,500 fine. 



35 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Border Patrol Agent Sentenced to 70 Years on 
Bribery and Drug Conspiracy Charges 
(Update 10/1/07-3/31/08 SAR) 

We conducted an investigation into an allegation that 
a BPA was involved in narcotics smuggling. As a result 
of our investigation, the BPA was charged with two 
counts of bribery of a public official and one count of 
conspiracy to possess and distribute cocaine in excess 
of 500 grams. The BPA was sentenced in U.S. Federal 
Court to 70 years in prison after entering a guilty plea. 
Prior to imposing the sentence, the judge stated, "By 
any other name, this is treason." The BPA had fled 
to Mexico to avoid sentencing, but was located and 
formally extradited to the United States. In addition to 
the prison sentence, the BPA was ordered to serve 15 
years of supervised release and pay a fine of $30,000. 

Border Patrol Agent Trainee Indicted for 
Impersonating a Border Patrol Agent and False 
Arrest 

We conducted an investigation of a BPA trainee 
who was suspected of impersonating a law enforce- 
ment officer. As a result of our findings, the BPA was 
indicted by a federal grand jury in New Mexico and 
charged with two counts of false impersonation as 
an officer of the United States and one count of false 
arrest by impersonator. Subject was terminated as 
a BPA trainee after being expelled from the Border 
Patrol academy. 

Border Patrol Agent Convicted for Lying About 
Hiding Drugs 

We investigated a BPA who pleaded guilty to making 
false statements or entries, following our investiga- 
tion into allegations that he was a drug smuggler. The 
investigation included an undercover operation in 
which the BPA failed to report a cocaine seizure and 
then hid the drugs for later sale. The BPA was indicted 
and resigned in May 2008. He subsequently pleaded 
guilty to making false statements and faces a maximum 
of 5 years in prison and a fine of up to $250,000. 

U.S. Customs and Border Protection Officer 
Sentenced for Lying During OIG Investigation 

We investigated a CBPO who was allegedly using 
a government communications system to track his 
girlfriend. The subject initially lied to investiga- 
tors, but eventually admitted using The Enforce- 



ment Communications System more than 100 times 
to monitor the passage of his girlfriend through a 
US.-Mexico border crossing. The CBPO resigned 
and pleaded guilty to lying to investigators. He was 
sentenced to 3 years probation and fined $100. 

U.S. Customs and Border Protection Officer 
Sentenced for Allowing the Importation of 
Marijuana in Exchange for Currency and Sexual 
Favors 

We conducted an investigation into an allegation that 
a CBPO assigned to a major northwest border port 
of entry was involved with smuggling marijuana. The 
investigation revealed that the CBPO accepted cash 
and sexual favors in return for allowing the introduc- 
tion of contraband into the United States, and 
aided and abetted in the importation of 100 or more 
kilograms of marijuana. The CBPO was indicted for 
importation of a controlled substance and bribery. The 
CBPO was convicted of bribery; was sentenced to 32 
months confinement and 2 years supervised release; 
and paid a $100 special assessment. 

UNITED STATES 
IMMIGRATION AND 
CUSTOMS ENFORCEMENT 

MANAGEMENT REPORTS 

ICE Policies Related to Detainee Deaths and the 
Oversight of Immigration Detention Facilities 

Between January 1, 2005, and May 31, 2007, 33 
immigration detainees died. We evaluated how ICE 
and its detention partners dealt with two cases where 
immigration detainees died in custody. In addition, we 
examined policies related to detainee deaths, medical 
standards, and other issues. 

Although there are compliance problems related to 
certain medical standards at various facilities, ICE 
adhered to important portions of the detainee death 
standard in the two cases that were the focus of this 
review. According to information received from clinical 
experts and our analysis, the two detainees' serious 
preexisting medical conditions led to their deaths. 
Although ICE's detention standards are comparable 
to those of other organizations, such as the American 
Correctional Association, we made 11 recommenda- 



36 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



tions to improve the standards, strengthen ICE's 
oversight of facilities, and enhance clinical operations 
and detainee safety. 
(OIG-08-52, June 2008, ISP) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-52_Jun08.pdf 

U.S. Immigration and Customs Enforcement Visa 
Security Program 

Assigning experienced ICE special agents to Visa 
Security Units to review visa applications, initiate 
investigations, and provide advice and training to 
consular officers brings valuable law enforcement 
resources to overseas posts. Incorporating regular law 
enforcement screening and vetting of visa applicants 
into the visa process adds a layer of security to the 
Department of State consular visa adjudication process. 

ICE is improving its management of the program. 
For example, program officials developed a risk-based 
framework to prioritize program expansion and site 
selection. In addition, they developed automated tools 
to facilitate some program activities and limit manual 
data entry performed by agents. Program managers 
also constantly update the program's training course to 
keep up with changing trends and address participant 
suggestions. 

However, some program areas could be improved. 
We recommended that program managers enhance 
recording, monitoring, verifying, analyzing, and 
reporting of visa security activities in the current 
tracking system while developing a new tracking 
system. In addition, we recommended that program 
managers provide training and guidance to field 
personnel on new procedures and document the 
program's training course curriculum. ICE agreed 
with our findings and concurred with our 
recommendations. 
(OIG-08-79, July 2008, ISP) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-79Jul08.pdf 

Technical Security Evaluation of U.S. 
Immigration and Customs Enforcement Activities 
at the Cbet Holifield Federal Building (Redacted) 

We evaluated ICE activities at the Chet Holifield 
Federal Building located in Laguna Niguel, CA. 
Specifically, we addressed how ICE has implemented 



computer security operational, technical, and 
managerial controls for its IT assets at this site, and 
we recommended improvements to these controls. For 
example, management controls could be improved by 
implementing procedures to identify and disconnect 
unused telecommunications lines. Specifically, ICE 
could save $17,412 annually by disconnecting a 
nonoperational telecommunications line. We also 
identified 33 other active telecommunications lines 
whose ownership is unknown. Disconnecting these 
lines may result in a monthly cost savings of $160,220, 
or $1.9 million per year. 



Range of Potential Monthly Saving for 33 Unused Lines 
$300,000 ■ 



O) CO 



o .£ 

Q. CO 



$250,000 
$200,000 
$150,000 
$100,000 
$50,000 
$0 





$284,724 — 




$268,983»"^ - "^ 


$240,867 ^ 


$160,220^ 




$1 07,01 


$98,340 


$73,722,^ 




$47,883^»*'^ 




wr 




$1,451 $2,234 $2 


980 $3,243 $4,855 37,299 *M51 »626 



ICE CBP CIS ICE Average ICE CIS CBP 
Monthly Charges per Single Line 



Range of potential monthly savings for 33 unused lines 



We briefed the DHS Chief Information Security 
Officer and ICE on the results of our evaluation. We 
made 10 recommendations to improve IT security at 
this site. ICE concurred with our recommendations 
and is addressing the findings. 
(OIG-08-59, May 2008, ITA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIGr_08-59_May08.pdf 

Independent Review of the U.S. Immigration and 
Customs Enforcement's Reporting of FY 2007 
Drug Control Obligations 

KPMG LLP, under contract with DHS OIG, issued 
an Independent Accountant's Report on the FY 2007 
Drug Control Obligations for ICE. ICE's management 
prepared the Table of Drug Control Obligations and 
related disclosures to comply with the requirements of 
the ONDCP Circular, Drug Control Accounting, dated 
May 1, 2007. KPMG LLP did not find any reason to 
believe that the Table of Drug Control Obligations 
and related disclosures for the year ended September 



37 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



30, 2007, was not presented in all material respects, in 
conformity with the Circular, or that management's 
assertions were not fairly stated, in all material 
respects, based on the same criteria. KPMG LLP 
did not note any recommendations as a result of this 
review. 

(OIG-08-44, April 2008, OA) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-44_Apr08.pdf 

Independent Review of the U.S. Immigration and 
Customs Enforcement's Reporting of FY 2007 
Drug Control Performance Summary 

KPMG LLP, under contract with DHS OIG, issued 
an Independent Accountant's Report on the FY 2007 
Drug Control Performance Summary for ICE. ICE's 
Management prepared the Performance Summary 
and management's assertions to comply with the 
requirements of the ONDCP Circular, Drug Control 
Accounting, dated May 1, 2007. KPMG LLP did 
not find any reason to believe that the Performance 
Summary for the year ended September 30, 2007, were 
not presented in all material respects, in conformity 
with the Circular, or that management's assertions 
were not fairly stated, in all material respects, based 
on the criteria set forth in the Circular. KPMG LLP 
did not note any recommendations as a result of this 
review. 

(OIG-08-45, April 2008, OA) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-45_Apr08.pdf 

Review of U.S. Immigration and Customs 
Enforcement Detainee Telephone Services 
Contract 

The Assistant Secretary, ICE, requested an audit of 
the detainee telephone services contract to determine 
(1) services that ICE contracted for compared with 
services the contractor provided; (2) technical issues, 
including call routing, excess fees, call volume, 
connectivity rates, and telephone maintenance; and 
(3) the sale, use, and rates of debit calling cards. We 
could not determine the full extent of the contrac- 
tor's compliance with the terms and conditions of its 
contract with ICE because data elements required 
for a thorough analysis were not maintained. The 
contract did not provide for penalties for inadequate 
connectivity, excessive fees, or other improprieties. 



We summarized observations from our preliminary 
work and made three recommendations that will 
strengthen the detainee telephone services contract 
and management controls. Also, we began a followup 
audit to determine whether ICE information and 
communications management controls provide 
reasonable assurance that detainee telephone services 
are consistent with applicable standards and control 
provisions. 

(OIG-08-54, May 2008, OA) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-54_May08.pdf 

INVESTIGATIONS 

U.S. Immigration and Customs Enforcement 
Acting Field Director Pleads Guilty to Bribery 
Along With Private Immigration Attorney, 
Who Also Pleads Guilty to Marriage Fraud and 
Aiding and Abetting (Update 10/01/07-3/31/08 
SAR) 

We opened an investigation on an Acting Field Office 
Director for ICE after receiving an allegation that he 
was accepting bribes and gratuities in exchange for 
arranging the release of ICE detainees. As a result 
of our investigation, we determined that a private 
immigration attorney was conspiring with the ICE 
employee to aid, abet, and counsel the commission 
of fraudulent marriages with illegal immigrants. The 
ICE employee pleaded guilty to bribery of a public 
official, conspiracy and misprision of felony. The private 
attorney in separate proceedings pleaded guilty to 
marriage fraud and aiding and abetting. 

U.S. Immigration and Customs Enforcement 
Immigration Enforcement Agent Pleaded Guilty 
to Providing False Statements 

We opened an investigation after receiving an 
allegation that an ICE Immigration Enforcement 
Agent (IEA) had received money for releasing illegal 
aliens from ICE custody. A warrant was issued and 
the subject was arrested, after which he assisted us 
by providing information that contributed to the 
indictment of one of his coworkers. As a result of 
this investigation, the IEA resigned his position with 
ICE and, as part of his plea agreement, he agreed to 
never seek another law enforcement position. The 
IEA pleaded guilty in the U.S. District Court to one 



38 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



count of false statements in official writings and was 
sentenced to 2 years probation. 

U.S. Immigration and Customs Enforcement 
Immigration Enforcement Agent Sentenced on 
Sex Assault of Detainee 

We conducted an investigation into an allegation that 
a ICE IEA sexually assaulted a female detainee. The 
agent drove the female detainee to his residence where 
he sexually assaulted her before driving her to an intake 
facility. The agent was arrested following indictment on 
charges of aggravated sexual abuse, sexual abuse, sexual 
abuse of a ward, and possession of a firearm in further- 
ance of a crime of violence. As a result of our investiga- 
tion, the agent was convicted, sentenced to 87 months 
incarceration and 5 years probation, and must register 
as a sex offender following release. 

U.S. Immigration and Customs Enforcement 
Agent Guilty of Child Pornography 

We conducted an investigation that disclosed that a 
ICE agent purchased and stored more than 100 child 
pornography images on his personal computer. The 
ICE agent entered a guilty plea and was sentenced 
to 21 months of incarceration and 36 months of 
supervised release, fined $5,000, and given a special 
assessment of $100. The court also required the 
defendant to register as a sex offender and not to 
associate with anyone under 18 years of age. 

Contracting Officer and Two Owners of a Federal 
Protective Service Contract Guard Company 
Pleaded Guilty to Bribery Charges and Are 
Sentenced 

We conducted a joint investigation with other federal 
law enforcement agencies of a Federal Protective 
Service guard force contract administered by a 
General Services Administration (GSA) Contracting 
Officer who was suspected of accepting bribes from 
the owner of a contract guard company. As a result of 
our investigation, one of the guard company owners 
pleaded guilty to bribery, tax evasion, and interstate 
transportation of child pornography. He was sentenced 
to 48 months of confinement and 3 years of supervised 
release, ordered to pay $400,000 in restitution, 
and was given a $300 special assessment. A second 
owner was charged with a scheme to conceal material 



information and tax evasion, pleaded guilty, and was 
sentenced to 33 months of confinement and 3 years of 
supervised release; and paid a $200 special assessment, 
a fine of $10,000, and $290,360 in restitution. The 
GSA Contracting Officer was charged with bribery 
and tax evasion, pleaded guilty, and was sentenced 
to 60 months of confinement, 3 years of supervised 
release, $38,000 in restitution to the Internal Revenue 
Service, and $138,000 in forfeiture to the Department 
of Justice. 

MULTIPLE COMPONENTS 

MANAGEMENT REPORTS 

Management of Department of Homeland 
Security International Activities and Interests 

DHS has nearly 2,000 staff abroad based in 79 
countries and a range of international activities that are 
managed out of domestic offices. At headquarters, the 
Office of International Affairs is the only office with 
a department-wide international focus covering all 
mission areas. The office has several key mandates, but 
for several years it was not able to address its responsi- 
bilities effectively because of staffing limitations. The 
office significantly increased its staff size, and it has 
begun to assume responsibilities including the develop- 
ment of regional engagement plans for different parts 
of the world. However, the office should also develop 
an international strategic plan and prepare guidance on 
training and technical assistance abroad. The office will 
require more support from component international 
affairs units and some authority over them to execute 
its responsibilities fully. 

DHS international efforts also require management 
attention in the field. In some locations, the 
department designated component staff to represent 
the department on a part-time basis; in others, it 
assigned full-time department attaches. Neither of 
these approaches has been completely successful, and 
we recommended actions to address their respective 
shortcomings. The department also must improve its 
systems for preparing, supporting, and redeploying 
international staff. 
(OIG-08-71, June 2008, ISP) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-71June08.pdf 



39 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



DHS Compliance with the Prohibition on 
Prepackaged News 

We reviewed how DHS headquarters and a selection 
of its components provide information to the public 
and, specifically, whether their activities include 
producing and distributing prepackaged news stories. 
The department does not produce prepackaged news 
stories for broadcast or distribution within the United 
States. Although there is currently no written policy 
or guidance within DHS, CBP, ICE, FEMA, TSA, 
or the U.S. Coast Guard regarding prepackaged news 
stories, the department committed to issuing written 
guidance on this policy following our review. 
(OIG-08-89, September 2008, ISP) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-89_Sep08.pdf 

Effectiveness of the Federal Trucking Industry 
Security Grant Program 

As required by the Implementing Recommenda- 
tions of the 9/11 Commission Act of 2007 (Public 
Law 110-53), we initiated the second of two reviews 
of the trucking industry security grant program. The 
program funds Highway Watch a , which was managed 
by the American Trucking Associations. In this report, 
we evaluated the performance, efficiency, and effective- 
ness of the program and evaluated the need for the 
program. Although the American Trucking Associa- 
tions reached enrollment targets of more than 800,000 
members, security incident reporting has remained 
steady at less than 200 calls a month. Furthermore, to 
acquire the assistance of state trucking associations, 
the American Trucking Associations incurred costs 
that were not well documented. Therefore, we cannot 
say definitively whether the benefits achieved so far 
have been worth the costs. We made five recommenda- 
tions to improve the efficiency and effectiveness of the 
program, with which FEMA and TSA concurred. We 
made one recommendation to FEMA to validate the 
accuracy and eligibility of the expenditures reported by 
the grantee, with which it concurred. 
(OIG-08-100, September 2008, ISP) 
http://www.dhs.gov/ xoig/ r pts/ mgmt/ 
editorial_0334.shtm 



Challenges Remain in Executing Department of 
Homeland Security's Information Technology 
Program for Its Intelligence Systems (Unclassified 
Summary) 

We evaluated the security program and practices 
for DHS' Top Secret/Sensitive Compartmented 
Information information systems according to the 
annual FISMA requirements. We focused on the 
security program management, implementation, and 
system administration of the department's intelligence 
activities. Much progress has been made in establishing 
an enterprise-wide IT security program that supports 
the department's intelligence operations and assets. 
The Office of Intelligence and Analysis is taking an 
active role in the management and governance of the 
security for intelligence systems across the department. 
However, operational and procedural issues remain 
regarding the effectiveness of the implementation of 
the department's intelligence security program and 
system controls. Furthermore, DHS has not yet fully 
addressed the issues and recommendations we reported 
in FY 2006. Our FY 2007 recommendations included 
the need to issue formal guidance for the department's 
intelligence activities; establish an information systems 
security education, training, and awareness program 
for intelligence personnel; and address the system 
control issues identified during our review. 
(OIG-08-48, April 2008, IT-A) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-48_ApriI08.pdf 

Evaluation of DHS' Security Program and 
Practices for Intelligence Systems for FY 2008 

We evaluated the security program and practices 
for DHS' Top Secret/Sensitive Compartmented 
Information information systems according to the 
annual FISMA requirements. We focused on the 
security program management, implementation, and 
system administration of the department's intelligence 
activities. The department continues to strengthen its 
security program for its intelligence systems. This is the 
department's first year reporting on USCG's FISMA 
compliance. Overall, the department has documented 
information security procedures and implemented 
controls, providing an effective level of security for 



40 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



its intelligence systems. Operational issues remain 
regarding the effectiveness of the implementation of the 
department's intelligence security program and system 
controls. Our report to the Director of National 
Intelligence did not contain any recommendations. 
(OIG-08-87, August 2008, IT-A) 
http://www.dhs.gov/xoig/rpts/mgmt/ 
editorial_0334.shtm 

Acquisition Workforce Training and 
Qualifications 

We conducted an audit to determine the adequacy of 
internal controls to ensure compliance with applicable 
training and qualifications requirements for DHS' 
acquisition workforce. DHS, USCG, TSA, and 
CBP do not have complete, reliable information and 
related supporting documentation about their acquisi- 
tion personnel and their assignments. Without such 
information, the DHS has no assurance that qualified 
staffs are managing its acquisition. We made three 
recommendations to improve the department's ability 
to manage its acquisition workforce. 
(OIG-08-56, May 2008, OA) 
http://www.dhs.gov/xoig/assets/mgmtrpts/ 
OIG_08-56_May08.pdf 

Review of Department of Homeland Security 
Controls for Portable Storage Devices 

We evaluated the use of portable storage devices at 
DHS. Our objective was to determine whether DHS 
has addressed the emerging security threat from the 
proliferation of portable storage devices. We also 
followed up DHS' response to OMB Memorandum 
06-16 (M 06-16), Protection of Sensitive Agency Informa- 
tion, The policies developed by the department have 
not been implemented by the components. Specifi- 



cally, components do not have a centralized process 
to procure and distribute portable storage devices 
to ensure that only authorized devices that meet the 
technical requirements can connect to their systems. 
In addition, most components have not identified and 
do not maintain an inventory of authorized devices. 
Further, the devices sampled were not properly marked 
to protect their stored information. Finally, DHS has 
not implemented all M 06-16 controls, despite the fact 
that it has been 2 years since OMB's milestone elapsed. 



— 




I'M] Urivi »0i 131 


Miic ifteJ JuapLUvc ForlrfikMuvH 


Portable Storage Devices 



Our recommendations included identifying and 
establishing an inventory of authorized devices; 
implementing controls to ensure that only authorized 
devices can connect to DHS systems; and performing 
discovery scans, at least annually, to identify unauthor- 
ized devices. Finally, DHS should devote additional 
resources to implement OMB-M-06-16 controls 
expeditiously. 

(OIG-08-95, September 2008, IT-A) 

http://www.dhs.gov/xoig/assets/mgmtrpts/ 

OIG_08-95_Sep08.pdf 



41 



OTHER OFFICE OF INSPECTOR 

GENERAL ACTIVITIES 




April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



OVERSIGHT OF 

NONDEPARTMENTAL 

AUDITS 

We processed 12 single audit reports issued by other 
independent public accountant organizations. The 
audits were conducted according to the Single Audit 
Act of 1996, as amended by P.L. 104-136. We continue 
to monitor the actions taken to implement the 
recommendations in the reports. 



SUMMARY OF SIGNIFICANT 
REPORTS UNRESOLVED 
OVER 6 MONTHS 

Timely resolution of outstanding audit recommenda- 
tions continues to be a priority for both our office and 
the department. Defense Contract Audit Agency 
(DCAA) audits are now processed by DHS' Chief 
Procurement Officer's office. During this period, 
we transferred 13 DCAA audits having unresolved 
statuses for over 6 months to that office. 

As of this report date, we are responsible for 
monitoring 63 reports that contain recommendations 
that have been unresolved for more than 6 months. 
Management decisions have not been made for signifi- 
cant reports, as follows: 

16 FEMA-related financial assistance 
disaster audits 

20 Program management reports 

27 Single audit reports 

63 Total 



43 



LEGISLATIVE AND REGULATORY REVIEWS 




April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Section 4(a) of the Inspector General Act of 
1978 requires the Inspector General to 
review existing and proposed legislation and 
regulations relating to DHS programs and operations 
and to make recommendations concerning their 
potential impact. Our comments and recommenda- 
tions focus on the impact of the proposed legisla- 
tion and regulations on economy and efficiency in 
administering DHS programs and operations or on 
the prevention and detection of fraud and abuse in 
DHS programs and operations. We also participate 
on the President's Council on Integrity and Efficiency, 
which provides a mechanism to comment on existing 
and proposed legislation and regulations that have 
government-wide impact. 

During this reporting period, we reviewed 69 legisla- 
tive and regulatory proposals, draft DHS policy 
directives, and other items. Two of these items are 
highlighted below. 

Proposed Amendments to the In3J)ed:or General 
A£t of 1978 — We reviewed OMB's letter expressing 
concerns about S. 2324, Inspector General Reform Act 
of 2008, Because we supported S. 2324, we disagreed 
with OMB's letter in most respects. In addition, we 
reviewed enrolled bill H.R. 928, also entitled Inspector 
General Reform Act of 2008, and recommended that 
the President sign the bill. 



Collection of Foreign Visitors' Biometric 
Data Upon Exit From U.S. Air and Sea 
Ports of Departure, United States Visitor and 
Immigrant Status Indicator Technology Program 
("US'VISIT") — We commented on a draft final rule 
that proposed establishing an exit program at all U.S. 
air and sea ports of departure whereby foreign visitors 
would provide finger scans and other biometric data 
to commercial air and vessel carriers before departing 
the United States. DHS would receive the collected 
biometric data and match the alien traveler's entry 
and exit records to determine if the individual actually 
departed the United States. 

We expressed several concerns about the final rule's 
provisions. First, we noted that exit and entry records 
may not match or that entry records may not be 
located. As a result, we questioned the operational 
impact on CBP and ICE's ability to apprehend and 
detain aliens until such discrepancies are resolved. We 
questioned if pilot testing of biometric data collection 
processes considered the additional time needed before 
carriers could allow foreign travelers to board. We also 
raised concerns about security vulnerabilities because 
the rule did not apply to charters and other small air 
and vessel carriers for hire. Finally, we noted that the 
rule appeared to be an unfunded government mandate, 
with air carriers assuming the associated implementa- 
tion and operational costs. Therefore, we questioned 
if a financial impact analysis had been performed to 
assess air carriers' ability to assume these costs given 
that most are already in financial crisis. 



45 



CONGRESSIONAL TESTIMONY 

AND BRIEFINGS 




\11 



6- 



46 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Our Inspector General and senior managers 
testified five times before congressional 
committees and briefed various congres- 
sional committees during this period. Testimony 
prepared for these hearings may be accessed through 
our Web site at www.dhs.gov/oig. 

We testified on the following issues: 

■ April 3, 2008: Senate Committee on Homeland 
Security and Governmental Affairs regarding 
FEMAs preparedness to address the next 
catastrophic disaster. (OIG-08-34 issued March 
2008) 

April 10, 2008: House Committee on Transporta- 
tion and Infrastructure Subcommittee on Coast 
Guard and Maritime Transportation regarding the 
COSCO BUSAN and Marine Casualty Investiga- 
tion Program. (OIG-08-38 issued April 2008) 

May 20, 2008: House Committee on Transporta- 
tion and Infrastructure Subcommittee on Coast 
Guard and Maritime Transportation regarding the 
Coast Guard and National Transportation Safety 
Board Casualty Investigation Program. (OIG-08- 
51 issued May 2008) 

June 5, 2008: House Committee on Foreign Affairs 
Subcommittee on International Organizations, 
Human Rights and Oversight joint hearing with 
House Committee on the Judiciary Subcommit- 
tee on the Constitution, Civil Rights and Civil 
Liberties regarding OIG-08-18, The Removal of 
a Canadian Citizen to Syria. (OIG-08-18 issued 
March 2008) 



September 17, 2008: House Committee on Home- 
land Security Subcommittee on Management, 
Investigations, and Oversight regarding Waste, 
Abuse, and Mismanagement of DHS Contracts. 
(OIG-06-18 issued December 2005, OIG-06-23 
issued February 2006, OIG-08-56 issued May 
2008, OIG-08-10 issued October 2007, and OIG- 
08-88 issued August 2008) 

We briefed congressional members and their staff at 
a steady pace throughout the reporting period. Our 
office conducted 18 briefings for congressional staff 
on results of our work, including a review of TSAs 
management of aviation security activities, a review of 
the World Trade Center Captive Insurance Company, 
and a review of the TSAs efforts to proactively address 
employee concerns. Meetings to discuss other congres- 
sional concerns included TSA penetration testing, 
issues with Stafford Act amendments, and discussion 
of DHS management challenges. 

We sought and received thoughtful input from 
the department and our congressional oversight 
committees on our FY 2009 Annual Performance Plan 
to ensure that our stakeholders had an opportunity to 
participate in the development of the plan . We will 
continue to meet with congressional members and staff 
to discuss the final 2009 plan in the fall of 2008. Our 
Annual Performance Plan is the OIGs "roadmap" for 
audits and inspections that we plan to conduct each 
year to evaluate DHS programs and operations. 



47 



APPENDICES 




April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 1 

Audit Reports With Questioned Costs 



Report Category 


Number 


Questioned 
Costs 


Unsupported 
Costs 


A. Reports pending management decision at the start of the 
reporting period 


180 


$505,720,253 


iplol,/ f5,Uoo 


B. Reports issued/processed during the reporting period with 
questioned costs 


20 


$27,996,475 


$8,272,263 


Total Reports (A+B) 


200 


$533,716,728 


$140,047,301 


C. Reports for which a management decision was made during the 
reporting period 


21 


$112,263,908 


$70,342,553 


(1) Disallowed costs 


15 


$97,060,147 


$69,898,911 


(2) Accepted costs 


6 


$15,203,761 


$443,642 


D. Reports put into appeal status during period 





$0 


$0 


E. Reports pending a management decision at the end 
of the reporting period 


179 


$421,452,820 


$69,704,748 


F. Reports for which no management decision was made within 6 
months of issuance 


159 


$393,456,345 


$61,432,485 



Notes and Explanations: 
Management Decision -Occurs when DHS 

management informs us of its intended action in 
response to a recommendation, and we determine that 
the proposed action is acceptable. 

Accepted Costs - Previously questioned costs 
accepted in a management decision as an allowable cost 
to a government program. Before acceptance, we must 
agree with the basis for the management decision. In 
Category C, lines (1) and (2) do not always equal the 
total on line C because resolution may result in values 
different from the original recommendations. 



Questioned Costs - Auditors commonly question 
costs arising from an alleged violation of a provision 
of a law, regulation, grant, cooperative agreement, or 
contract. A "questioned" cost is a finding in which 
the cost, at the time of the audit, is not supported 
by adequate documentation or is unreasonable or 
unallowable. A funding agency is responsible for 
making management decisions on questioned costs, 
including an evaluation of the findings and recommen- 
dations in an audit report. A management decision 
against the auditee would transform a questioned cost 
into a disallowed cost. 

Unsupported Costs - Costs that are not sup- 
ported by adequate documentation. 



49 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Appendix 1b 

Audit Reports With Funds Put to Better Use 



Report Category 


Number 


Amount 


A. Reports pending management decision at the start of the reporting period 


7 


$65,508,708 


B. Reports issued during the reporting period 


1 


$4,967,201 


Total Reports (A+B) 


8 


$70,475,909 


C. Reports for which a management decision was made during the reporting 
period. 


8 


$70,475,909 

$65,508,708 1 
$0 

$4,967,201 2 


(1) Value of recommendations of DCAA reports transferred to 
management 


7 


(2) Value of recommendations not agreed to by management 





(3) Value of deobligations agreed to by management 


1 


D. Reports put into the appeal status during the reporting period 





$0 


E. Reports pending a management decision at the end of the reporting 
period. 





$0 


F. Reports for which no management decision was made within 6 months of 
issuance 





$0 



Notes and Explanations: 

In category C, lines (1) and (2) do not always equal the 
total on line C, because resolution may result in values 
greater than the original recommendations. 



Funds Put to Better Use - Audits can identify 
ways to improve the efficiency, effectiveness, and 
economy of programs, resulting in costs savings over 
the life of the program. Unlike questioned costs, the 
auditor recommends methods for making the most 
efficient use of federal dollars, such as reducing outlays, 
deobligating funds, or avoiding unnecessary expendi- 
tures. 



1 This represents the value of recommendations for Defense Contract Agency Audits that we transferred to the department's Chief 
Procurement Officer. 

2 As a result of costs that we questioned, FEMA deobligated $4.9 million in funding during our review of Hurricane Katrina Disaster Costs 
for Hancock County Port and Harbor Commission, under FEMA Disaster Number 1604-DR-MS, audit report #DA-08-09. 



50 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 2 

Compliance - Resolution of Reports and Recommendations 



MANAGEMENT DECISION IS PENDING 








3/31/08: 




Reports open over 6 months 


191 


Recommendations open over 6 months 


604 






9/30/08: 




Reports open over 6 months 


179 


Recommendations open over 6 months 


582 






CURRENT INVENTORY 








Open reports at the beginning of the period 


422 


Reports issued this period 


93 3 


Reports closed this period 


74 


Open reports at the end of the period 


441 






ACTIVE RECOMMENDATIONS 








Open recommendations at the beginning of the period 


1,894 


Recommendations issued this period 


715 


Recommendations closed this period 


464 


Open recommendations at the end of the period 


2,145 



We are no longer processing Defense Contract Audit Agency audits effective April 1, 2008. This effort has been transferred to the 
Department's Chief Procurement Officer. 



51 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Appendix 3 

Management Reports Issued 



Report Number 


Date Issued 


Report Title 


Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


1. OIG-08-35 


4/08 


Letter Report: DHS National 
Applications Office Privacy 
Stewardship (Redacted) 


$0 


$0 


$0 














2. OIG-08-36 


4/08 


Management Letter for the FY 
2007 DHS Financial Statement 
Audit 


$0 


$0 


$0 














3. OIG-08-37 


4/08 


Technical Security Evaluation 
of U.S. Customs and Border 
Protection Activities at the 
Chet Holifield Federal Building 
(Redacted) 


$0 


$0 


$0 














4. OIG-08-38 


4/08 


Allision of the M/V COSCO 
BUSAN with the San Francisco- 
Oakland Bay Bridge 


$0 


$0 


$0 














5. OIG-08-39 


4/08 


Independent Review of the 
U.S. Customs and Border 
Protection's Reporting of FY 
2007 Drug Control Obligations 


$0 


$0 


$0 














6. OIG-08-40 


4/08 


Independent Review of the 
U.S. Customs and Border 
Protection's Reporting 
of FY 2007 Drug Control 
Performance Summary 


$0 


$0 


$0 














7. OIG-08-41 


4/08 


Independent Review of the 
U.S. Customs and Border 
Protection's Management 
Assertions on the 2007 Drug 
Control Performance Summary 


$0 


$0 


$0 














8. OIG-08-42 


4/08 


Independent Review of the U.S. 
Coast Guard's Reporting of FY 
2007 Drug Control Obligations 


$0 


$0 


$0 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 3 

Management Reports Issued (continued) 



Report Number 


Date Issued 


Report Title 


Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


9. OIG-08-43 


4/08 


Independent Review of the 
U.S. Coast Guards' Reporting 
of FY 2007 Drug Control 
Performance Summary 


$0 


$0 


$0 














10. OIG-08-44 


4/08 


Independent Review of the 
U.S. Immigration and Customs 
Enforcement's Reporting of FY 
2007 Drug Control Obligations 


$0 


$0 


$0 














11.OIG-08-45 


4/08 


Independent Review of the 
U.S. Immigration and Customs 
Enforcement's Reporting 
of FY 2007 Drug Control 
Performance Summary 


$0 


$0 


$0 














12. OIG-08-46 


4/08 


u.o. ousioms ano t>oroer 
Protection's Procurement of 
Untrained Canines 


$0 


$0 


$0 














13. OIG-08-47 


5/08 


Letter Report: Review of 
DHS' Financial Systems 
Consolidation Project 


$0 


$0 


$0 














14. OIG-08-48 


4/08 


Challenges Remain in 
Executing the Department 
of Homeland Security's 
Information Technology 
Program for Its Intelligence 
Systems - Unclassified 
Summary 


$0 


$0 


$0 














15. OIG-08-49 


4/08 


The Transportation Security 
Administration's National 
Deployment Force 


$0 


$0 


$0 



53 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Appendix 3 

Management Reports Issued (continued) 



Report Number 


Date Issued 


Report Title 


Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


16. OIG-08-50 


5/08 


iiiiur iiidLicji i i uorii luiogy 
Management Letter for the FY 
2007 Customs Border and 
Protection Financial Statement 
Audit (Redacted) 


$0 


$0 


$0 














17. OIG-08-51 


5/08 


United States Coast Guard's 
Management of the Marine 
Casualty Investigations 
Program 


$0 


$0 


$0 














18. OIG-08-52 


6/08 


ICE Policies Related to 
Detainee Deaths and the 
Oversight of Immigration 
Detention Facilities 


$0 


$0 


$0 














19. OIG-08-53 


5/08 


Independent Auditor's 
Report on FLETC's FY 2007 
Consolidated Financial 
Statements 


$0 


$0 


$0 














20. OIG-08-54 


5/08 


Immigration and Customs 
Enforcement Detainee 
Telephone Services Contract 


$0 


$0 


$0 














21.OIG-08-55 


5/08 


Interagency Agreement with 
U.S. Department of Housing 
and Urban Development for the 
Disaster Housing Assistance 
Program 


$0 


$0 


$0 














22. OIG-08-56 


5/08 


Acquisition Workforce Training 
and Qualifications 


$0 


$0 


$0 














23. OIG-08-57 


5/08 


Independent Auditor's Report 
on TSA's FY 2007 Balance 
Sheet 


$0 


$0 


$0 



54 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 3 

Management Reports Issued (continued) 



Report Number 


Date Issued 




Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


24. OIG-08-58 


5/08 


Lessons Learned from the 
August n, zuu/, i\ietworK 
Outaqe at Los Angeles 
International Airport (Redacted) 


$0 


$0 


$0 














25. OIG-08-59 


5/08 


Technical Security Evaluation of 
U.S. Immigration and Customs 
Enforcement Activities at the 
Chet Holifield Federal Building 
(Redacted) 


$0 


$0 


$0 














26 OIG-08-60 

m V/IVi^ \J\J \J\J 


5/08 


Logistics Information Systems 
Need to be Strengthened 
at the Federal Emergency 
Management Agency 


$0 


$0 


$0 














27. OIG-08-61 


5/08 


DHS Must Address Internet 
Protocol Version 6 Challenges 


$0 


$0 


$0 














28. OIG-08-62 


5/08 


Transportation Security 
Administration's Efforts to 
Proactively Address Employee 
Concerns 


$0 


$0 


$0 














29. OIG-08-63 


6/08 


Uno OOI 1 ipUl 1UML rial lo Ul 

Action and Milestones for 
Financial System Security 


$0 


$0 


$0 














30. OIG-08-64 


6/08 


Additional Controls Can 
Enhance the Security of 
the Automated Commercial 
Environment System 
(Redacted) 


$0 


$0 


$0 














31.OIG-08-65 


6/08 


Targeting of Cargo Containers 
2008: Review of CBP's Cargo 
Enforcement Reporting and 
Tracking System 


$0 


$0 


$0 



55 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Appendix 3 

Management Reports Issued (continued) 



Report Number 


Date Issued 




Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


32. OIG-08-66 


6/08 


TSA's Administration and 
Coordination of Mass Transit 
Security Program 


$0 


$0 


$0 














66. Ulo-Uo-o7 


b/Oo 


Transportation Security 
Administration Single Source 
(Noncompetitive) Procurements 


IpU 


$0 


CfcU 














34. OIG-08-68 


6/08 


Information Technology 
Management Letter for the 
FEMA Component of the FY 
2007 DHS Financial Statement 
Auaii (neaacieu) 


$0 


$0 


$0 














35. OIG-08-69 


6/08 


Information Technology 
Management Letter for the 
unixea oiaies ooasi ouaru 
Component of the FY 2007 
DHS Financial Statement Audit 
(Redacted) 


$0 


$0 


$0 














36. OIG-08-70 


6/08 


Information Technology 
ivianagemeni LeTieriorine ri 
2007 Federal Law Enforcement 
Training Center Financial 
Statement Audit (Redacted) 


$0 


$0 


$0 














37. OIG-08-71 


6/08 


Management of Department of 
Homeland Security International 
Activities and Interests 


$0 


$0 


$0 














38. OIG-08-72 


6/08 


Information Technology 
Management Letter for the FY 
2007 Transportation Security 
Administration Balance Sheet 
Audit (Redacted) 


$0 


$0 


$0 














39. OIG-08-73 


7/08 


Independent Auditor's Report 
on U.S. Coast Guard's FY 2008 
Mission Action Plans 


$0 


$0 


$0 



56 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 3 

Management Reports Issued (continued) 



Report Number 


Date Issued 




Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


40. OIG-08-74 


7/08 


Independent Auditor's Report 
on TSA's FY 2008 Mission 
Action Plans 


$0 


$0 


$0 














41.OIG-08-75 


7/08 


Independent Auditor's Report 
on FEMA's FY 2008 Mission 
Action Plans 


$0 


$0 


$0 














42. OIG-08-76 


7/08 


Independent Auditor's Report 
on OFM's FY 2008 Mission 
Action Plans 


$0 


$0 


$0 














4"? OIG-08-77 




Information Technology 
Management Letter for the FY 
2007 DHS Financial Statement 
(Redacted) 


"fin 


















44. OIG-08-79 4 


7/08 


U.S. Immigration and Customs 
Enforcement Visa Security 
Program 


$0 


$0 


$0 














45. OIG-08-80 


7/08 


U.S. Customs and Border 
Protection's Management of 
2005 Gulf Coast Hurricanes 
Mission Assignment Funding 


$4,952,052 


$2,040,092 


$0 














46. OIG-08-81 


7/08 


Hurricane Katrina Multitier 
Contracts 


$625,225 


$0 


$0 














47. OIG-08-82 


8/08 


Enhanced Configuration 
Controls and Management 
Policies Can Improve USCG 
Network Security (Redacted) 


$0 


$0 


$0 



4 Report number OIG-08-78 was not used. 



57 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Appendix 3 

Management Reports Issued (continued) 



Report Number 


Date Issued 


Report Title 


Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


48. OIG-08-83 


8/08 


The State of Utah's 
Management of State 
Homeland Security Grants 
Awarded During Fiscal Years 
2004 through 2006 


$0 


$0 


$0 














49. OIG-08-84 


8/08 


Assistance to Firefighters Grant 
Program - Fiscal Year 2003 


$94,793 


$15,863 


$0 














50. OIG-08-85 


8/08 


The Science and Technology 
Directorate's Processes for 
Selecting and Managing 
Research and Development 
Programs 


$0 


$0 


$0 














51. OIG-08-86 


8/08 


Costs Incurred for Rejected 
Temporary Housing Sites 


$0 


$0 


$0 














52. OIG-08-87 


08/08 


Evaluation of DHS' Security 
Program and Practices For 
Its Intelligence Systems for 
Fiscal Year 2008 (Unclassified 
Summary) 


$0 


$0 


$0 














53. OIG-08-88 


8/08 


Hurricane Katrina Temporary 
Housing Technical Assistance 
Contracts 


$0 


$0 


$0 














54. OIG-08-89 


9/08 


Letter Report: DHS 
Compliance with Prepackaged 
News Prohibition 


$0 


$0 


$0 














55. OIG-08-90 


9/08 


TSA's Management of Aviation 
Security Activities at Jackson- 
Evers International and Other 
Selected Airports (Unclassified 
Summary) 


$0 


$0 


$0 



58 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 3 

Management Reports Issued (continued) 



Report Number 


Date Issued 


Report Title 


Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


56. OIG-08-91 


9/08 


Progress Made in 
Strengthening DHS Information 
Technology Management, But 
Challenges Remain 


$0 


$0 


$0 














57 OIG-08-92 


9/08 


Transportation Security 
Administration's Controls over 
SIDA Badges, Uniforms, and 
Identification Cards (Redacted) 


$0 


$0 


$0 














58. OIG-08-93 


9/08 


FEMAs Sheltering and 
Transitional Housing Activities 
After Hurricane Katrina 


$0 


$0 


$0 














59. OIG-08-94 


9/08 


Evaluation of DHS' Information 
Security Program for Fiscal Year 
2008 


$0 


$0 


$0 














60. OIG-08-95 


9/08 


Review of DHS Security 
Controls for Portable Storage 
Devices 


$0 


$0 


$0 














61.OIG-08-96 


9/08 


FEMAs Crisis Counseling 
Assistance and Training 
Program: State of Florida's 
Project H.O.P.E. 


$0 


$0 


$0 














62. OIG-08-97 


9/08 


Hurricane Katrina: Wind Versus 
Flood Issues 


$0 


$0 


$0 














63. OIG-08-98 


9/08 


The State of Washington's 
Management of State 
Homeland Security Grants 
Awarded During Fiscal Years 
2004 through 2006 


$0 


$0 


$0 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Appendix 3 

Management Reports Issued (continued) 



Report Number 


Date Issued 


Report Title 


Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


64. OIG-08-99 


9/08 


The State of Arizona's 
Management of State 
Homeland Security Grants 
Awarded During Fiscal Years 
2004 through 2006 


$0 


$0 


$0 














65. OIG-08-100 


9/08 


Effectiveness of the Federal 
Trucking Industry Security 
Grant Program 


$0 


$0 


$0 


















Total, Appendix 3 


$5,672,070 


$2,055,955 


$0 



60 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 4 

Financial Assistance Audit Reports Issued 



Report 
Number 


Date Issued 


Auditee 


Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


1. DA-08-06 


6/08 


Review of Coast Electrical Power 
Association 


$1,250,705 


$0 


$0 














2. DA-08-07 


—7 /no 

7/08 


Hurricane Georges Activities for 
Puerto Rico Aqueduct and Sewer 
Authority 


$1,629,730 


$0 


$0 














3. DA-08-08 


7/08 


Audit of Hurricane Katrina Activities for 
City of Waveland, Mississippi 


$1,020,156 


$0 


$0 














4. DA-08-09 


8/08 


Hurricane Katrina Disaster Costs for 
Hancock County Port and Harbor 
Commission 


$5,019,617 


$0 


$4,967,201 














5. DA-08-10 


8/08 


Hurricane Katrina Activities for 
Hancock County Medical Center 


$2,163,694 


$0 


$0 














6. DA-08-11 


9/08 


Hurricane Katrina Activities for Singing 
River Electric Power Association 


$223,454 


$0 


$0 














7. DD-08-02 


9/08 


Lafayette Parish Sheltering and 
Emergency Protective Measures 


$3,448,987 


$0 


$0 














8. DS-08-04 


7/08 


San Bernardino County, California 


$1,485,435 


$1,335,075 


$0 














9. DS-08-05 


9/08 


State of Oregon's Administration of the 
Fire Management Assistance Grant 
Program for the Bland Mountain #2 
Fire 


$453,977 


$0 


$0 














10. DS-08-06 


9/08 


State of Arizona's Administration of the 
Fire Management Assistance Grant 
Program for the Aspen Fire 


$20,124 


$20,124 


$0 














11. DS-08-07 


9/08 


State of Montana's Administration 
of the Fire Management Assistance 
Grant Program for the Hobble Fire 


$5,189 


$5,189 


$0 



61 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Appendix 4 

Financial Assistance Audit Reports Issued (continued) 



Report 
Number 


Date Issued 


Auditee 


Questioned 
Costs 


Unsupported 
Costs 


Funds Put to 
Better Use 


12. DS-08-08 


9/08 


State of California's Administration 
of the Fire Management Assistance 
Grant for the Canyon Fire 


$409,208 


$22,635 


$0 














13. DS-08-09 


9/08 


State of Washington's Administration 
of the Fire Management Assistance 
Grant Program for the Middle Fork Fire 


$379,491 


$379,491 


$0 














14. DS-08-10 


9/08 


State of New Mexico's Administration 
of the Fire Management Assistance 
Grant Program for the Atrisco Fire 


$815,795 


$815,795 


$0 














15. DS-08-11 


9/08 


State of California's Administration 
of the Fire Management Assistance 
Grant Program for the Pine Fire 


$3,021,538 


$2,660,694 


$0 














16. DS-08-12 


9/08 


State of Montana's Administration 
of the Fire Management Assistance 
Grant Program for the Missoula/ 
Mineral Fire Zone 


$974,680 


$974,680 


$0 


















Subtotal, Disaster Grant Assistance 
Audits 


$22,321,780 


$6,213,683 


$4,967,201 














17. OIG-S-23-08 


9/08 


State of Pennsylvania 05 


$2,625 


$2,625 


$0 


















Subtotal, Single Audits 


$2,625 


$2,625 


$0 


















Total, Appendix 4 


$22,324,405 


$6,216,308 


$4,967,201 



Notes and Explanations: 

Appendix 4 includes 1 of the 12 single audit reports 
processed during this reporting period. This is the 
only single audit report that disclosed questioned costs. 



DA Disaster Audit, Atlanta Office 

DD Disaster Audit, Dallas Office 

DS Disaster Audit, Oakland Office 

OIG-S Single audit report, Headquarters 



Report Number Acronyms: 



62 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 5 

Schedule of Amounts Due and Recovered 



Report Number 


Date Issued 


Auditee 


Amount Due 


Recovered Costs 


1. DD-01-04 


10/03 


Minnkota Power Cooperative 


$473,248 


$3,870 












2. DD-02-04 


10/03 


City of Hoisington, KS 


$7,208 


$4,592 














11 /nfi 


St. Bernard Parish Debris 
Removal 


<ft90Q 11^ 














t. UU KJ 1 IU 


OR/D7 

VJU/ KJ 1 


St. Tammany Parish Debris 
Removal 


$99 


$99 ^04 

*p c- tL , O \J 












5. DD-08-06 


06/06 


University of North Dakota 


$2,705,241 


$1,129,851 












6. DD-09-04 


06/04 


Michigan State Police 


$58,423 


$58,423 












7. DD-18-04 


09/04 


Montcalm County Drain 
Commission, Stanton, Ml 


$835,644 


$76,733 












8. OIG-07-26 


02/07 


City of Richmond 


$12,169,567 


$0 












9. OIG-08-81 


07/08 


Hurricane Katrina Multitier 
Contracts 


$625,225 


$625,225 
















Total, Appendix 5 


$17,105,975 


$1,920,998 



Report Number Acronyms: 

DD Disaster Audit, Dallas Office 
OIG-S Management Audit, Headquarters 



63 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Appendix 6 

Contract Audit Reports 



Report Category 


Questioned 


Unsupported 


Disallowed 










We processed no contract audit reports meeting the 
criteria of the National Defense Authorization Act 
for FY 2008 during the reporting period 
April 1 -September 30, 2008. 5 


N/A 


N/A 


N/A 



5 The National Defense Authorization Act for FY 2008 requires that we list all contract audit reports issued during the reporting 
period containing significant audit findings; briefly describe the significant audit findings in the report; and specify the amounts of 
costs identified in the report as unsupported, questioned, or disallowed- This Act defines significant audit findings as unsupported, 
questioned, or disallowed costs in excess of $10,000,000, or other findings that the Inspector General determines to be significant. It 
defines contracts as a contract, an order placed under a task or delivery order contract, or a subcontract. 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 7 

Acronyms 



Acronym 


Definition 


ACE 


Automated Commercial Environment 


AICPA 


American Institute of Certified Public 
Accountants 


ATS 


Automated Tracking System 


BPA 


Border Patrol Agent 


C&A 


certification and accreditation 


CBP 


Customs and Border Protection 


CBPO 


Customs and Border Protection Officer 


CGDN+ 


Coast Guard Data Network Plus 


CIO 


Chief Information Officer 


CR&CL 


Office for Civil Rights and Civil Liberties 


DCAA 


Defense Contract Audit Agency 


DHAP 


Disaster Housing Assistance Program 


DHS 


Department of Homeland Security 


DUA 


Disaster Unemployment Insurance 
Assistance 


EMO 


Office of Emergency Management 
Oversight 


FEMA 


Federal Emergency Management 
Agency 


FFDO 


Federal Flight Deck Officer (program) 


FISMA 


Federal Information Security 
Management Act 


FLETC 


Federal Law Enforcement Training 
Center 


FMAG 


Fire Management Assistance Grant 


FY 


fiscal year 


HUD 


Department of Housing and Urban 
Development 


ICE 


United States Immigration and 
Customs Enforcement 


IEA 


Immigration Enforcement Agent 


IPv6 


Internet Protocol version 6 


ISP 


Office of Inspections 



Acronym 


Definition 


IT 


Information technology 


IT-A 


Office of Information Technology- 
Audits 


LAX 


Los Angeles International Airport 


MAP 


Mission Action Plan 


MEMA 


Mississippi Emergency Management 
Agency 


M/V 


Motor Vessel 


NAO 


National Applications Office 


NFIP 


National Flood Insurance Program 


OA 


Office of Audits 


OCFO 


Office of the Chief Financial Officer 


OCIO 


Office of the Chief Information Officer 


OFM 


Office of Financial Management 


OHA 


Office of Health Affairs 


OIG 


Office of Inspector General 


OMB 


Office of Management and Budget 


ONDCP 


Office of National Drug Control Policy 


PHA 


Public Housing Authority 


Df\ A St M 


Plan of Action and Milestones 


R&D 


Research and Development 


RMTO 


Resource Management Transformation 
Office 


S&T 


Science and Technology (directorate) 


SAP 


System Applications and Products 


SAR 


Semiannual Report 


TSA 


Transportation Security Administration 


Ul 


unemployment insurance 


USCG 


United States Coast Guard 


USCIS 


United States Citizenship and 
Immigration Services 


WYO 


Write-Your-Own (insurance companies) 



65 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Appendix 8 

OIG Headquarters/Field Office 
Contacts and Locations 



Department of Homeland Security 

Attn: Office of Inspector General 
245 Murray Drive, SW, Bldg410 
Washington, D.C. 20528 

Telephone Number (202) 254-4100 
Fax Number (202) 254-4285 

Web Site Address http://www.dhs.gov/xoig/ 



OIG Headquarters Senior Management Team 


Richard L. Skinner 


Inspector General 


James L. Taylor 


Deputy Inspector General 


Matt Jadacki 


Deputy Inspector General/Office of Emergency Management Oversight 


Richard N. Reback 


Counsel to the Inspector General 


Anne L. Richards 


Assistant Inspector General/Audits 


Robert M. Frost 


Assistant Inspector General/Investigations 


Carlton 1. Mann 


Assistant Inspector General/Inspections 


Frank Deffer 


Assistant Inspector General/Information Technology Audits 


Edward F. Cincinnati 


Assistant Inspector General/Administration 


Marta Metelko 


(Acting) Congressional Liaison and Media Affairs 


Denise S. Johnson 


Executive Assistant to the Inspector General 



66 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 8 

OIG Headquarters/Field Office 
Contacts and Locations (continued) 



Locations of Audit Field Offices 

Boston, MA 

Boston, MA 02222 

(617) 565-8700/ Fax (617) 565-8996 

Chicago, IL 

Chicago, IL 60603 

(312) 886-6300 / Fax (312) 886-6308 

Denver, CO 

Lakewood, CO 80225 

(303) 236-2877/ Fax (303) 236-2880 

Houston, TX 

Houston, TX 77057 

(713) 706-4611 / Fax (713) 706-4625 

Miami, FL 

Miramar, FL 33027 

(954) 538-7842 / Fax (954) 602-1033 

Philadelphia, PA 

Marlton, NJ 08053-1521 

(856) 596-3810 / Fax (856) 810-3412 

Locations of IT Audits Field Office 

Seattle, WA 

Kirkland, WA 98033 
(425)250-1363 

Locations of Investigative 
Field Offices 

Arlington, VA 

Arlington, VA 22209 

(703) 235-0848 / Fax: (703) 235-0854 

Atlanta, GA 

Atlanta, GA 30341 

(404) 832-6730 / Fax: (404) 832-6646 



Boston, MA 

Boston, MA 02222 

(617) 565-8705/ Fax: (617) 565-8995 

Buffalo, NY 

Buffalo, NY 14202 

(716) 551-4231 / Fax: (716) 551-4238 

Chicago, IL 

Chicago, IL 60603 

(312) 886-2800 / Fax: (312) 886-2804 

Dallas, TX 

Denton, TX 76208 

(940) 891-8930/ Fax: (940) 891-8959 

Del Rio, TX 

Del Rio, TX 78840 

(830) 703-7492 / Fax: (830) 703-2065 

Detroit, Ml 

Dearborn, Ml 48126 

(313) 226-2163/ Fax: (313) 226-6405 

El Centro, CA 

Imperial, CA 92251 

(760) 335-3900 / Fax: (760) 335-3726 

El Paso, TX 

El Paso, TX 79925 

(915) 629-1800/ Fax: (915) 594-1330 

Los Angeles, CA 

El Segundo, CA 90245 
(010)665-7320/ Fax: (310)665-7309 

Houston, TX 

Houston, TX 77057 

(713) 706-4600 / Fax: (713) 706-4622 

Laredo, TX 

Laredo, TX 78045 

(956) 794-2917/ Fax: (956) 717-0395 



67 



Semiannual Report to the Congress 



April 1, 2008-September30, 2008 



Appendix 8 

OIG Headquarters/Field Office 
Contacts and Locations (continued) 



McAllen, TX 

McAllen, TX 78501 

(956) 664-8010/ Fax: (956) 618-8151 

Miami, FL 

Miramar, FL 33027 

(954) 538-7555 / Fax: (954) 602-1033 

New York City, NY 

Jersey City, NJ 07310 

(201 ) 356-1 800 / Fax: (201 ) 356-4038 

Oakland, CA 

Oakland, CA 94612 

(510) 637-4311 / Fax: (510) 637-4327 

Orlando, FL 

Lake Mary, FL 32746 

(407) 804-6399 / Fax: (407) 804-8730 

Philadelphia, PA 

Marlton, NJ 08053 

(856) 596-3800/ Fax: (856) 810-3410 

San Diego, CA 

San Diego, CA 92101 

(619) 235-2501 / Fax: (619) 687-3144 

San Juan, PR 

San Juan, PR 00918 

(787) 294-2500 / Fax: (787) 771-3620 

Seattle, WA 

Kirkland, WA 98033 

(425) 250-1360 / Fax: (425) 576-0898 



St. Thomas, VI 

(340) 777-1792 / Fax: (340) 777-1803 

Tucson, AZ 

Tucson, AZ 85741 

(520) 229-6420 / Fax: (520) 742-7192 

Yuma, AZ 

Yuma, AZ 85365 

(928) 314-9640 / Fax: (928) 314-9679 

Locations of Emergency 
Management Oversight Office 
Field Offices 

Atlanta, GA 

Atlanta, GA 30309 

(404) 832-6700/ Fax: (404) 832-6645 

Biloxi, MS 

Biloxi, MS 39531 

(228) 385-1713/ Fax: (228) 385-1714 

Dallas, TX 

Denton, TX 76208 

(940) 891-8900/ Fax: (940) 891-8948 

New Orleans, LA 

New Orleans, LA 70114 

(504) 762-2147/ Fax: (504) 739-3902 

Oakland, CA 

Oakland, CA 94612 

(510) 637-4311 / Fax: (510) 637-1484 

San Juan, PR 

San Juan, PR 00918 

(787) 294-2500/ Fax: (787) 771-3620 



68 



April 1, 2008-September 30, 2008 



Semiannual Report to the Congress 



Appendix 9 

Index to Reporting Requirements 



The specific reporting requirements described in the Inspector General Act of 1978, as amended, are listed below 
with a reference to the SAR pages on which they are addressed. 



Requirement 


Pages 


Review of Legislation and Regulations 


44 


Significant Problems, Abuses, and Deficiencies 


10-41 


Recommendations with Significant Problems 


10-41 


Prior Recommendations Not Yet Implemented 


42, 51 


Matters Referred to Prosecutive Authorities 


inside front cover 


Summary of Instances Where Information Was Refused 


N/A 


List of Audit Reports 


52-62 


Summary of Significant Audits 


10-41 


Reports with Questioned Costs 


49 


Reports Recommending That Funds Be Put To Better Use 


50 


Summary of Reports in Which No Management Decision Was Made 


49-50 


Revised Management Decisions 


N/A 


Management Decision Disagreements 


N/A 




OIG Hotline 

To report alleged fraud, waste, abuse, or mismanagement, or any other kind of criminal or noncriminal 
misconduct relative to department programs or operations: 



■ Call our Hotline at 1 800 323 8603; 

■ Fax the complaint directly to us at (202) 254 4292; 

■ Email us at DHSOIGHOTLINE@dhs.gov; or 

■ Write to us at: 

DHS Office of Inspector General/MAIL STOP 2600, 

Attention: Office of Investigations - Hotline, 245 Murray Drive SW, 

Building 410, Washington, DC 20528. 

The OIG seeks to protect the identity of each writer and caller.