Department of Homeland Security
OFFICE OF INSPECTOR GENERAL
SEMIANNUAL
REPORT TO
THE CONGRESS
pril 1, 2008 - September 30, 2008
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Statistical Highlights of OIG Activities
April 1, 2008 - September 30, 2008
DOLLAR IMPACT
Questioned Costs
$27,996,475
Funds Put to Better Use
$4,967,201
Management Agreement That Funds Be:
Recovered
$0
Deobligated
$4,967,201
Funds Recovered
$1,920,998
Fines and Restitutions
$12,173,264
Administrative Cost Savings and Investigative Recoveries
$11,838,453
ACTIVITIES
Management Reports Issued
65
Financial Assistance Grant Audit Reports
16
Single Audit Reports Processed
12
Investigative Reports Issued
481
Investigations Initiated
440
Investigations Closed
620
Open Investigations
1,815
Investigations Referred for Prosecution
166
Investigations Accepted for Prosecution
136
Investigations Declined for Prosecution
18
Arrests
179
Indictments
194
Convictions
143
Personnel Actions
14
Complaints Received (other than Hotline)
6,163
Hotline Complaints Received
3,378
Complaints Referred (to programs or other agencies)
5,501
Complaints Closed
7,243
Office of Inspector General
U.S. Department of Homeland Security
Washington, DC 20528
Homeland
Security
October 31, 2008
The Honorable Michael Chertoff
Secretary
U.S. Department of Homeland Security
Washington, DC 20528
Dear Mr. Secretary:
I am pleased to present our semiannual report, which summarizes the activities and accomplishments
of the Department of Homeland Security (DHS) Office of Inspector General for the 6 -month period
ended September 30, 2008.
During this reporting period, our office published 65 management reports, 16 financial assistance
grant reports, and 12 reports on DHS programs that were issued by other organizations. DHS
management concurred with 95 % of recommendations contained in our management reports. As
a result of these efforts, $28 million of questioned costs were identified, of which $8.3 million was
determined to be unsupported. We recovered $1.9 million as a result of disallowed costs identified
from current and previous reports. In addition, management agreed to deobligate $4.9 million in
disaster grant assistance resulting in funds put to better use.
In the investigative area, we issued 481 investigative reports, initiated 440 investigations, and closed
620 investigations. Our investigations resulted in 179 arrests, 194 indictments, 143 convictions, and 14
personnel actions. Additionally, investigative recoveries, fines, restitutions, and cost savings totaled
$24 million.
In closing, I would like to thank the hardworking and dedicated professionals on my staff. As a result
of their efforts and the efforts of DHS staff, together we were able to successfully meet the tremendous
challenges that faced our office and DHS during the past 6 months.
I would like to take this opportunity to thank you for the interest and support that you have provided to
our office. We look forward to working closely with you, your leadership team, and Congress during
the upcoming presidential transition. Throughout this process, we will remain focused on the goal of
promoting economy, efficiency, and effectiveness in DHS programs and operations, as well as helping
the department accomplish its critical mission in the very challenging months ahead.
Sincerely,
Richard L. Skinner
Inspector General
Photo by USDA Creative Services Center photographer: Bob Nichols, Cover Pentagon Memorial
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Table of Contents
STATISTICAL HIGHLIGHTS INSIDE COVER
INSPECTOR GENERAL'S MESSAGE 1
WORKING RELATIONSHIP PRINCIPLES FOR AGENCIES
AND OFFICES OF INSPECTOR GENERAL 4
EXECUTIVE SUMMARY 5
DEPARTMENT OF HOMELAND SECURITY PROFILE 6
OFFICE OF INSPECTOR GENERAL PROFILE 7
SUMMARY OF SIGNIFICANT OFFICE OF INSPECTOR GENERAL ACTIVITY 10
Directorate for Management 11
Directorate for Science and Technology 14
Federal Emergency Management Agency 14
Federal Law Enforcement Training Center 24
Office for Civil Rights and Civil Liberties 25
Office of Intelligence and Analysis 25
Transportation Security Administration 25
United States Citizenship and Immigration Services 29
United States Coast Guard 29
United States Customs and Border Protection 32
United States Immigration and Customs Enforcement 36
Multiple Components 39
OTHER OFFICE OF INSPECTOR GENERAL ACTIVITIES 42
LEGISLATIVE AND REGULATORY REVIEWS 44
CONGRESSIONAL TESTIMONY AND BRIEFINGS 46
APPENDICES 48
Appendix 1 Audit Reports with Questioned Costs 49
Appendix 1b Audit Reports with Funds Put to Better Use 50
Appendix 2 Compliance - Resolution of Reports and Recommendations 51
Appendix 3 Management Reports Issued 52
Appendix 4 Financial Assistance Audit Reports Issued 61
Appendix 5 Schedule of Amounts Due and Recovered 63
Appendix 6 Contract Audit Reports 64
Appendix 7 Acronyms 65
Appendix 8 OIG Headquarters and Field Office Contacts and Locations 66
Appendix 9 Index to Reporting Requirements 69
3
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Working Relationship Principles For Agencies
and Offices of Inspector General
The Inspector General Act establishes for most
agencies an Office of Inspector General (OIG)
and sets out its mission, responsibilities, and
authority. The Inspector General is under the general
supervision of the agency head. The unique nature of
the Inspector General function can present a number
of challenges for establishing and maintaining effective
working relationships. The following working relation-
ship principles provide some guidance for agencies and
OIGs.
To work most effectively together, the agency and its
OIG need to clearly define what the two consider to be
a productive relationship and then consciously manage
toward that goal in an atmosphere of mutual respect.
By providing objective information to promote
government management, decision making, and
accountability, the OIG contributes to the agency's
success. The OIG is an agent of positive change,
focusing on eliminating waste, fraud, and abuse, and
on identifying problems and recommendations for
corrective actions by agency leadership. The OIG
provides the agency and Congress with objective
assessments of opportunities to be more successful.
The OIG, although not under the direct supervision of
senior agency management, must keep them and the
Congress fully and currently informed of significant
OIG activities. Given the complexity of management
and policy issues, the OIG and the agency may
sometimes disagree on the extent of a problem
and the need for and scope of corrective action.
However, such disagreements should not cause the
relationship between the OIG and the agency to
become unproductive.
To work together most effectively, the OIG and
the agency should strive to:
Foster open communications at all levels.
The agency will promptly respond to the OIG
requests for information to facilitate OIG activities
and acknowledge challenges that the OIG can help
address. Surprises are to be avoided. With very limited
exceptions, primarily related to investigations, the
OIG should keep the agency advised of its work and
its findings on a timely basis, and strive to provide
information helpful to the agency at the earliest
possible stage.
Interact with professionalism and mutual
respect. Each party should always act in good faith
and presume the same from the other. Both parties
share, as a common goal, the successful accomplish-
ment of the agency's mission.
Recognize and respect the mission and
priorities of the agency and the OIG. The
agency should recognize the OIGs independent role
in carrying out its mission within the agency, while
recognizing the responsibility of the OIG to report
both to Congress and to the agency head. The OIG
should work to carry out its functions with a minimum
of disruption to the primary work of the agency. The
agency should allow the OIG timely access to agency
records and other materials.
Be thorough, objective, and fair. The OIG must
perform its work thoroughly, objectively, and with
consideration to the agency's point of view. When
responding, the agency will objectively consider
differing opinions and means of improving operations.
Both sides will recognize successes in addressing
management challenges.
Be engaged. The OIG and agency management will
work cooperatively in identifying the most important
areas for OIG work, as well as the best means of
addressing the results of that work, while maintaining
the OIGs statutory independence of operation. In
addition, agencies need to recognize that the OIG
also will need to carry out work that is self-initiated,
congressionally requested, or mandated by law.
Be knowledgeable. The OIG will continually strive
to keep abreast of agency programs and operations,
and agency management will be kept informed of OIG
activities and concerns being raised in the course of
OIG work. Agencies will help ensure that the OIG is
kept up to date on current matters and events.
Provide feedback. The agency and the OIG should
implement mechanisms, both formal and informal, to
ensure prompt and regular feedback.
4
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Executive Summary
This Semiannual Report to the Congress is
issued pursuant to the provisions of Section
5 of the Inspector General Act of 1978, as
amended, and covers the period from April 1, 2008
to September 30, 2008. The report is organized to
reflect our organization and that of the Department of
Homeland Security.
During this reporting period, we completed significant
audit, inspection, and investigative work to promote
the economy, efficiency, effectiveness, and integrity of
the department's programs and operations. Specifi-
cally, we issued 65 management reports (Appendix 3),
16 financial assistance grant reports (Appendix 4), and
481 investigative reports. We also processed 12 single
audit reports issued by other organizations according
to the Single Audit Act of 1984, as amended (Appendix
4). Our reports provide the department Secretary and
Congress with an objective assessment of the issues,
and at the same time provide specific recommenda-
tions to correct deficiencies and improve the economy,
efficiency, and effectiveness of the respective program.
During this reporting period, our audits resulted in
questioned costs of $27,996,475, of which $8,272,263
was not supported by documentation. We also
recovered $1,920,998 as a result of disallowed costs
identified from current and prior audits. In addition,
management agreed to deobligate $4,967,201 in
disaster grant assistance, resulting in funds put to
better use. In the investigative area, we issued 481
reports, initiated 440 investigations, and closed
620 investigations. Our investigations resulted in
179 arrests, 194 indictments, 143 convictions, and
14 personnel actions. Additionally, investigative
recoveries, fines, restitutions, and cost savings totaled
$24,011,717.
We have a dual reporting responsibility to Congress
as well as to the department Secretary. During the
reporting period, we continued our active engagement
with Congress through extensive meetings, briefings,
and dialogues. Members of Congress, their staff, and
the department's authorizing and appropriations
committees and subcommittees met on a range of
issues relating to our work and that of the department.
We also testified before Congress on five occasions
during this reporting period. Testimony prepared for
these hearings may be accessed through our Web site
at www.dhs.gov/oig.
5
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Department of Homeland Security Profile
n November 25, 2002, President Bush
signed the Homeland Security Act of 2002
(P.L. 107-296, as amended), officially
establishing the Department of Homeland Security
(DHS) with the primary mission of protecting the
American homeland. DHS became operational on
January 24, 2003. Formulation of DHS took a major
step forward on March 1, 2003, when, according to
the President's reorganization plan, 22 agencies and
approximately 181,000 employees were transferred to
the new department.
DHS' first priority is to protect the United States
against further terrorist attacks. Component agencies
analyze threats and intelligence, guard U.S. borders
and airports, protect America's critical infrastructure,
and coordinate U.S. preparedness for and response to
national emergencies.
DHS is reorganized into the
following directorates:
Management
National Protection and Programs
■ Science and Technology
Other critical components of DHS include:
■ Domestic Nuclear Detection Office
Federal Emergency Management Agency
Federal Law Enforcement Training Center
Office of Civil Rights and Civil Liberties
Office of General Counsel
Office of Health Affairs
■ Office of Inspector General
Office of Intelligence and Analysis
■ Office of Operations Coordination
Office of Policy
Transportation Security Administration
United States Citizenship and Immigration
Services
■ United States Coast Guard
United States Customs and Border Protection
United States Immigration and Customs
Enforcement
United States Secret Service
6
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Office of Inspector General Profile
The Homeland Security Act of 2002 provided
for the establishment of an Office of Inspector
General (OIG) in DHS by amendment to
the Inspector General Act of 1978 (5 USC App. 3, as
amended). By this action, Congress and the Adminis-
tration ensured independent and objective audits,
inspections, and investigations of the operations of the
department.
The Inspector General is appointed by the President,
subject to confirmation by the Senate, and reports
directly to the Secretary of DHS and to Congress. The
Inspector General Act ensures the Inspector General's
independence. This independence enhances our
ability to prevent and detect fraud, waste, and abuse,
as well as to provide objective and credible reports to
the Secretary and Congress regarding the economy,
efficiency, and effectiveness of DHS' programs and
operations.
We were authorized 551 full-time employees during
the reporting period. We consist of an Executive Office
and eight functional components based in Washington,
DC. We also have field offices throughout the country.
Chart 1 illustrates the DHS OIG management team.
Chart 1 : DHS OIG Organization Chart
Inspector General
Congressional and
Media Affairs
Executive Assistant
to the IG
Counsel to the IG
Deputy IG
Emergency
Management
Oversight
Assistant IG
Administration
Assistant IG
Audits
Assistant IG
Inspections
Assistant IG
Investigations
Assistant IG
Information Technology
Audits
7
Semiannual Report to the Congress
April 1, 2008-September30, 2008
The OIG consists of the following components:
The Executive Office consists of the Inspector
General, the Deputy Inspector General, an executive
assistant, and support staff. It provides executive
leadership to the OIG.
The Office of Congressional and Media Affairs
serves as primary liaison to members of Congress
and their staffs, the White House, the media, and
other federal agencies and government entities
involved in securing the Nation. The office's staff
responds to inquiries from Congress, the White
House, and the media; notifies Congress about OIG
initiatives, policies, and programs; and informs other
government entities about OIG measures that affect
their operations and activities. It also provides advice
to the Inspector General and supports OIG staff as
they address congressional, White House, and media
inquiries.
The Office of Counsel to the Inspector General
provides legal advice to the Inspector General
and other management officials; supports audits,
inspections, and investigations by ensuring that
applicable laws and regulations are followed; serves
as the OIGs designated ethics office; manages OIG
responsibilities under the Freedom of Information Act
and Privacy Act; furnishes attorney services for the
issuance and enforcement of OIG subpoenas; and
provides legal advice on OIG operations.
The Office of Audits conducts and coordinates
audits and program evaluations of the management
and financial operations of DHS. Auditors examine
the methods employed by agencies, bureaus, grantees,
and contractors in carrying out essential programs or
activities. Audits evaluate whether established goals
and objectives are achieved and resources are used
economically and efficiently; whether intended and
realized results are consistent with laws, regulations,
and good business practices; and determine whether
financial accountability is achieved and the financial
statements are not materially misstated.
The Office of Emergency Management Oversight
provides an aggressive and ongoing audit effort
designed to ensure that disaster relief funds are
being spent appropriately, while identifying fraud,
waste, and abuse as early as possible. The office is
an independent and objective means of keeping
Congress, the Secretary of DHS, the Administrator
of the Federal Emergency Management Agency
(FEMA), and other federal disaster relief agencies
fully informed on problems and deficiencies relating
to disaster operations and assistance programs, and
progress regarding corrective actions. This office's
focus is weighted heavily toward prevention, including
reviewing internal controls and monitoring and
advising DHS and FEMA officials on contracts,
grants, and purchase transactions before they are
approved. This approach allows the office to stay
current on all disaster relief operations and provide
on-the-spot advice on internal controls and precedent-
setting decisions.
8
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
The Office oflnipecTions provides the Inspector
General with a means to analyze programs quickly
and to evaluate operational efficiency and vulnerability.
This work includes special reviews of sensitive issues
that arise suddenly and congressional requests for
studies that require immediate attention. Inspectors
may examine any area of the department. This office
is also the lead OIG office for reporting on DHS
intelligence, international affairs, civil rights and civil
liberties, and science and technology. Inspections
reports use a variety of study methods and evaluation
techniques to develop recommendations for DHS, and
the reports are released to DHS, Congress, and the
public.
The Office of Information Technology Audits
conducts audits and evaluations of DHS' informa-
tion management, cyber infrastructure, and systems
integration activities. The office reviews the cost
effectiveness of acquisitions, implementation, and
management of major information systems and
telecommunications networks across DHS. In
addition, it evaluates the systems and related architec-
tures of DHS to ensure that they are effective,
efficient, and implemented according to applicable
policies, standards, and procedures. The office
also assesses DHS' information security program
as mandated by the Federal Information Security
Management Act (FISM A), and provides technical
forensics assistance to support our fraud prevention
and detection program.
The Office of Investigations conducts investigations
into allegations of criminal, civil, and administrative
misconduct involving DHS employees, contractors,
grantees, and programs. These investigations can
result in criminal prosecutions, fines, civil monetary
penalties, administrative sanctions, and personnel
actions. The office also provides oversight and
monitors the investigative activity of DHS' various
internal affairs offices. The office includes investiga-
tive staff working on Gulf Coast hurricane recovery
operations.
The Office of Administration provides critical
administrative support functions, including
strategic planning; development and implementa-
tion of administrative directives; information and
office automation systems; budget formulation and
execution; correspondence; printing and distribu-
tion of OIG reports; and oversight of the personnel,
procurement, travel, and accounting services provided
to the OIG on a reimbursable basis by the Bureau
of Public Debt. The office also prepares our annual
performance plans and semiannual reports to
Congress.
9
SUMMARY OF SIGNIFICANT OIG ACTIVITY
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
DIRECTORATE FOR
MANAGEMENT
MANAGEMENT REPORTS
Information Technology Management Letter for
the FY 2007 DHS Financial Statement Audit
(Redacted)
We contracted with the independent public accounting
firm KPMG LLP to perform a review of DHS'
Information Technology (IT) general controls in
support of the FY 2007 DHS financial statement
engagement. The overall objective of this review was
to evaluate the effectiveness of IT general controls of
DHS' financial processing environment and related IT
infrastructure as necessary to support the engagement.
KPMG LLP also performed technical security testing
for key network and system devices, as well as testing
key financial application controls. KPMG LLP noted
that DHS addressed many prior years of IT control
weaknesses, but that IT general control weaknesses
still existed during FY 2007. The most significant
weaknesses from a financial statement audit perspec-
tive related to entity-wide security, access controls,
and service continuity. Collectively, the IT control
weaknesses limit DHS' ability to ensure the confidenti-
ality, integrity, and availability of their critical financial
and operational data. These weaknesses also negatively
impact DHS' internal controls over its financial
reporting and operation, and KPMG LLP considers
them to collectively represent a material weakness
under standards established by the American Institute
of Certified Public Accountants (AICPA). We made
recommendations in the area of access controls.
(OIG-08-77, June 2008, IT- A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIGr_08-77_June08.pdf
Review of Department of Homeland Security
Component Plans of Action and Milestones for
Financial System Security
We contracted with the independent public accounting
firm KPMG LLP to assist the OIG in assessing the
status of the IT Plans of Action and Milestones
(POA&Ms) implemented by DHS that relates to
the financial systems security material weakness.
DHS' Independent Auditor's Report, included
in the FY 2006 Performance and Accountability
Report, reported 10 material weaknesses associated
with internal controls. One of the 10 material
weaknesses concerns financial system security. To
address the issues related to the financial system
security material weakness, the DHS Office of
Chief Information Officer (OCIO) and components
tracked IT weaknesses and corrective actions in
POA&Ms. KPMG LLP evaluated the POA&M
process and status of IT POA&Ms through review
of the IT POA&Ms and discussion with the in-scope
components, DHS OCIO and DHS Office of Chief
Financial Officer (OCFO) personnel. As part of this
review, KPMG LLP provided the in-scope DHS
components, the OCIO, and the OCFO with informa-
tion on the best practices and weaknesses of the
current POA&M process employed by the agency, as
well as recommendations for enhancing the existing
process.
(OIG-08-63, June 2008, IT- A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-63_Jun08.pdf
Letter Report: Review of Department of
Homeland Security's Financial Systems Consoli-
dation Project
The Resource Management Transformation Office
(RMTO) has developed a strategy to consolidate key
component financial systems on either the Systems
Applications and Products (SAP) or Oracle Financial
platforms. Generally, the RMTO's evaluation provided
adequate support for its decision to use the Oracle
and SAP system platforms. However, the RMTO
has not conducted a complete analysis of possible
service providers outside of DHS. Additionally, during
the FY 2007 financial statement audit, the external
auditors outlined problems with the change control
process in the Oracle platform. These change control
problems could cause unsupported adjustments
not only to financial data from the United States
Coast Guard (USCG) and Transportation Security
Administration (TSA), but also to the data of other
DHS components that will be migrated to the new
financial system. Our recommendations were for
RMTO to conduct a full evaluation of financial service
providers available in the federal government (including
the Office of Management and Budget's (OMB)
shared service providers) to determine if any of these
systems can meet DHS' financial management needs
11
Semiannual Report to the Congress
April 1, 2008-September30, 2008
more efficiently, identify all scripts being used at the
USCG and TSA and analyze them to determine their
effect on financial transactions and DHS' financial
statements, and correct the scripts before migrating any
DHS components to the new DHS financial system.
(OIG-08-47, May 2008, IT-A)
http://www.dhs.gov/xoig/ rpts/ mgmt/
editorial_0334.shtm
Department of Homeland Security Must Address
Internet Protocol Version 6 Challenges
We evaluated DHS' transition to Internet Protocol
Version 6 (IPv6). OMB requires federal agencies to
demonstrate, by June 2008, their capability to pass
IPv6 traffic and support IPv6 addresses from the (1)
Internet to their local area network, (2) their local
area network to the Internet, and (3) their local area
network to other local area networks. Although DHS
has begun the early stages of implementing OMB's
IPv6 transition requirements, it is unlikely that the
department will be positioned to take advantage of the
enhanced capabilities of IPv6 as IPv6-capable products
and services become available. Our recommendations
included a comprehensive IPv6 inventory of applica-
tions and devices; a finalized transition strategy with
a detailed timeline for the transition; a determination
of the transition mechanism to be used by DHS and
related testing activities; development of transition
guidance for components; and planning coordination
between the DHS IPv6 program office and the U.S.
Customs and Border Protection (CBP).
(OIG-08-61, May 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-61_May08.pdf
Management Letter for the FY 2007 Department
of Homeland Security Financial Statement Audit
We contracted with KPMG LLP to conduct DHS'
financial statement audit. KPMG LLP was unable to
express an opinion on the department's balance sheet
and statement of custodial activity for the year ended
September 30, 2007. The disclaimer of opinion was
primarily attributable to financial reporting problems
at four components and at the department level.
KPMG LLP also looked at DHS' internal control over
financial reporting and noted certain matters involving
internal control and other operational matters,
which resulted in a total of 49 financial management
comments for 11 components and 6 comments
related to the consolidated financial statements. The
comments are in addition to the significant deficien-
cies presented in the Independent Auditor's Report on
DHS' FY 2007 Financial Statement.
(OIG-08-36, April 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-36_Apr08.pdf
Independent Auditor's Report on Office of
Financial Management's FY 2008 Mission
Action Plans
We contracted with KPMG LLP to evaluate
and report on the status of the detailed Mission
Action Plans (MAPs) prepared by DHS' Office of
Financial Management (OFM) to correct internal
control deficiencies over financial reporting. DHS
management identified the following two signifi-
cant control deficiencies on the FY 2007 Secretary's
Assurance Statement, which were also reported as
material weaknesses in the FY 2007 Independent
Auditor's Report: (1) parent/child reporting at the
Office of Health Affairs (OH A), and (2) reconciliation
of intragovernmental balances and transactions.
KPMG LLP noted that the MAP prepared by
OFM was written to broadly cover all findings
identified and reported in the FY 2007 Independent
Auditor's Report, and did not provide specific details
on individual control weaknesses. The root causes
identified were not linked to specific control deficien-
cies or management financial statement assertions and
did not fully describe the issues. Also, the MAP does
not identify the unique issues affecting both parent/
child accounting and reporting and intragovernmental
balances.
KPMG LLP recommended that OFM (1) identify the
underlying causes of the material weakness, especially
those causes that contributed to the qualifications
in DHS' 2007 financial statements, and (2) develop
procedures for OHA that support the valuation and
presentation of assets, liabilities, and net position of
the funds maintained by other federal agencies that are
12
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
outside DHS control. KPMG LLP also recommended
that OFM implement procedures that will be
performed to resolve material differences in trading
partner balances in a timely manner.
(OIG-08-76, July 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-76_Jul08.pdf
Progress Made in Strengthening Department
of Homeland Security Information Technology
Management, but Challenges Remain
Creating a unified IT infrastructure for effective
integration and agency wide management of IT assets
and programs remains a challenge for the DHS Chief
Information Officer (CIO). In 2004, we reported that
the DHS CIO was not well positioned with sufficient
authority or staffing to manage department-wide
IT assets and programs. In 2008, we conducted a
followup audit to examine DHS' efforts to improve
its IT management structure and operations. The
objectives of this audit were to identify the current
DHS CIO management structure and changes made
to roles, responsibilities, and guidance for department-
wide IT management; to determine whether current
IT management practices and operations effectively
ensure strategic management of IT investments; and
to assess progress on prior recommendations. DHS
has taken steps over the past year to strengthen the
CIO's role for centralized IT management. Specifi-
cally, the DHS CIO attained greater authority and
responsibility for leading component CIOs toward
a unified IT direction. In addition, the DHS CIO
gained oversight of IT acquisitions by establishing
new policies and improving IT investment governance
functions. However, continued CIO staffing shortages
and inconsistent component-level IT budget practices
impede progress. Additionally, DHS' IT management
capabilities at the component level, such as IT strategic
planning, have not been fully implemented. As a result,
the DHS CIO remains hindered in his ability to fully
integrate department-wide IT management practices
to ensure that IT investments fulfill mission and
infrastructure consolidation goals. We recommended
that the DHS CIO update the CIO office's staffing
plan, ensure that components submit comprehensive
budgets, and develop and maintain IT strategic plans
and enterprise architectures in alignment with DHS'
mission.
(OIG-08-91, September 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-91_Sep08.pdf
Evaluation of Department of Homeland Security's
Information Security Program for FY 2008
DHS continues to improve and strengthen its
information security program. During the past year,
the department implemented a performance plan
to improve on four key areas: POA&M weaknesses
remediation, quality of certification and accreditation
(C&A), annual testing and validation, and security
program oversight. The performance plan tracks
key elements that are indicative of a strong security
program. In addition, the department strengthened its
oversight at the components and conducted compliance
reviews in the areas of C&A and configuration
management. Although these efforts resulted in some
improvements, components are still not executing all
of the department's policies, procedures, and practices.
For example, key system documents and informa-
tion are missing from C&A packages, POA&Ms are
not being created for all known information security
weaknesses and are not being mitigated in a timely
manner, and DHS baseline security configurations are
not being implemented for all systems.
Our recommendations included the department's
need to improve its management oversight of the
components' implementation of department policies
and procedures to ensure that all information security
weaknesses are tracked and remediated, and to enhance
the quality of system C&A. Additional information
security program areas that need improvement include
configuration management, incident detection and
analysis, specialized training, and privacy.
(OIG-08-94, September 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-94_Sep08.pdf
13
Semiannual Report to the Congress
April 1, 2008-September30, 2008
DIRECTORATE FOR SCIENCE
AND TECHNOLOGY
MANAGEMENT REPORTS
The Science and Technology Directorate's
Processes for Selecting and Managing Research
and Development Programs
Under new leadership, in 2006 the Science and
Technology (S&T) directorate improved its processes
for selecting and managing research and development
(R&D) programs by reorganizing and by documenting
repeatable processes. The realignment centralized
programmatic and fiscal oversight and also improved
communications. These changes will help to reduce
inadvertently redundant projects and leverage the work
of other agencies and organizations. The processes that
S&T developed for selecting R&D projects incorpo-
rate the needs of the department to a greater extent
than in the past. However, some improvements should
be made. Most significantly, the process for selecting
innovation projects in 2007 was not documented,
which could raise ethical concerns in the future. We
recommended that S&T examine whether the process
for selecting its transition projects incorporates the
needs of state, local, and tribal first responders. Also,
S&T should establish a process with objective criteria
for selecting basic research projects. Finally, S&T
should transfer responsibility for selecting some of
its innovation projects to the director of the portfolio
for Innovation/Homeland Security Advanced
Research Projects Agency and charge the director with
establishing processes and criteria for selecting those
projects.
(OIG-08-85, August 2008, ISP)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-85_Aug08.pdf
FEDERAL EMERGENCY
MANAGEMENT AGENCY
MANAGEMENT REPORTS
Logistics Systems Need To Be Strengthened at the
Federal Emergency Management Agency
FEM A is responsible for developing federal response
capability to deliver assistance in a natural or
manmade disaster or act of terrorism. In addition,
the Post-Katrina Emergency Management Act of 2006
required FEMA to integrate IT systems and develop
a logistics system to track the procurement and
delivery of goods during disasters. We concluded that
FEMA's existing IT systems do not support logistics
activities effectively. Specifically, the systems do not
provide complete asset visibility, comprehensive asset
management, or integrated logistics information.
FEMA has taken a number of positive steps to improve
its logistics capabilities by gathering independent
evaluations to assess its existing systems, identify
IT systems requirements, and select the appropriate
technologies to meet logistics needs. We recommended
that the Administrator of FEMA direct the Logistics
Management Directorate to finalize its logistics
strategic and operational plans to guide logistics
activities; develop standard business processes and
procedures for logistics activities; evaluate current
technologies; and develop a strategy for acquiring
information technology systems to support the
logistics mission.
(OIG-08-60, May 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-60_May08.pdf
Independent Auditor's Report on the Federal
Emergency Management Agency's FY 2008
Mission Action Plans
FEMA developed four MAPs to be included in the
2008 Internal Controls Over Financial Reporting
Playbook. The MAPs are intended to address
control deficiencies identified in Entity Level
Controls, Actuarial and Other Liabilities, Budgetary
Accounting, and Capital Assets and Supplies. KPMG
LLP performed an audit to evaluate and report on the
status of the four MAPs prepared by FEMA to correct
the internal control deficiencies mentioned above.
KPMG LLP noted areas where the MAPs could be
improved. Specifically, it was noted that the root cause
analysis is often defined generally and in some cases
does not describe the underlying issue. The milestone
steps are not clearly linked to root causes or financial
statement assertions, and the MAPs do not contain
the depth of analysis required by the department's
MAP guide. KPMG LLP also noted that critical
dependencies are not clearly identified within each
MAP and affected milestones and that the MAPs do
not reflect FEMAs dependence on the department
for various policies and procedures and management
support for organizational change needed to remediate
14
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
its entity level control deficiency. The MAPs do not
include detailed procedures to assess the functionality
of current IT systems used in the affected processes.
The milestones do not separately address the need for
financial statement true-up actions to reconcile the
backlog of old mission assignments, or to establish a
beginning inventory of capital assets. In addition, as
written, the FEMA MAPs lack a complete plan for
MAP result verification and validation and are not
clearly linked to department's current OMB Circular
A-123 initiatives.
(OIG-08-75, July 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-75JuI08.pdf
Hurricane Katrina Temporary Housing
Technical Assistance Contracts
Williams, Adley & Company LLP, under a contract
with DHS OIG, reviewed FEMAs management
and oversight of four large, national contractors with
whom FEMA had Individual Assistance-Technical
Assistance contracts to provide temporary housing
solutions for those affected by Hurricanes Katrina
and Rita along the Gulf Coast. Williams, Adley
determined that FEMA could improve the operation
and control of its Individual Assistance— Technical
Assistance contracts (in which relevant tasks include
construction of temporary sites for trailers and mobile
homes on parking lots and farmland) by having a
sufficient number of permanent trained staff who (1)
conduct adequate acquisition planning, (2) obtain
independent cost/price analyses before contract
award, and (3) perform required contract monitoring,
including the inspection and acceptance of goods and
services. In addition, FEMA needs a tracking system
that will provide an accurate, complete inventory of
agency assets. We made multiple recommendations
in the areas of cost/price reasonableness, inspection
and acceptance of goods and services, and inventory
control.
(OIG-08-88, August 2008, EMO)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-88_Aug08.pdf
Costs Incurred for Rejected
Temporary Housing Sites
Williams, Adley & Company LLP, under a contract
with DHS OIG, reviewed the costs incurred by FEMA
as a result of development at locations that initially
were identified as possible sites for temporary housing
in the Gulf Coast area after Hurricane Katrina but
ultimately were rejected for various reasons. FEMA
should have required stricter compliance with clear
processes that imposed a sequence of tasks to be
undertaken by the contractors for each potential site.
These processes were intended to minimize the costs to
FEMA if a site proved to be unusable. At least one of
the contractors also fell short in its obligation to act in
the best interest of the government. As a result, more
than $5.6 million in excessive costs were incurred.
Pre-Deployment
Meetings
Preliminary Site Assessment
& Feasibility Analysis (potential sites)
perlormed by Contractor strike teams
Step 5
Contractor prepares
Group Site Design
Step 2
Contractor Develops
Work Plan
Step 4
Conlractor Inspects Sites
Approved by FEMA to
Determine Feasibility
Step 6
Group Site Design
Approved by FEMA &
Contractor Begins Construction
FEMA's Site Development Process
Our recommendations included the need to develop
and implement a quality assurance program for
contracting staff that would ensure contractors'
compliance with the terms and conditions of FEMA
contracts.
(OIG-08-86, August 2008, EMO)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-86_Aug08.pdf
Interagency Agreement with U.S. Department of
Housing and Urban Development for the Disaster
Housing Assistance Program
FEMA entered into an interagency agreement with the
U.S. Department of Housing and Urban Development
(HUD) to administer the Disaster Housing Assistance
Program (DHAP). DHAP provides temporary
housing assistance through March 1, 2009, by means of
a monthly rent subsidy to eligible families displaced by
Hurricanes Katrina and Rita. HUD acts as a servicing
agent to provide temporary long-term housing rental
assistance and case management to identified individ-
uals and households displaced by Hurricanes Katrina
and Rita. HUD's Public Housing Authorities (PHAs)
perform pretransitional activities and case management
services.
This review focused on HUD-proposed modifica-
tions to the operating requirements for DHAP. Our
15
Semiannual Report to the Congress
April 1, 2008-September30, 2008
objective was to determine if elements of the proposed
modifications to compensation for program services
could result in duplicate or improper payments. FEMA
paid HUD for administrative service fees not incurred
and paid some fees twice.
We recommended that FEMA require HUD's PHAs
to (1) provide a cost estimate for administrative service
fees related to the rent subsidy payments made by the
PHAs, (2) reimburse FEMA for the administrative
service fees related to the rent subsidy payments that
were not made by HUD's PHAs in November 2007,
and (3) reimburse FEMA for the duplicate adminis-
trative service fees on the rent subsidy payments that
were paid or will be paid to the Houston PHA and the
PHAs that did not render service in December 2007
and subsequent months.
(OIG-08-55, May 2008, EMO)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-55_May08.pdf
Hurricane Katrina Multitier Contracts
The government hired prime contractors, rather than
small businesses, to help repair the massive damage
caused by Hurricanes Katrina and Rita. These prime
contractors engaged smaller businesses, creating layers
of subcontractors between the prime contractors and
those actually performing the work. We reviewed the
extent to which multitier subcontracting increased
costs, limited opportunities for local businesses, and
resulted in layers of subcontractors being paid profits
and overhead while adding little value to the work
performed. Multitier subcontracting alone did not
increase costs, and national prime contractors hired
significant numbers of local businesses. Because
subcontractor invoices do not contain specific informa-
tion on lower tier subcontractors, it was not clear if
subcontractors profited without adding value to the
contracts.
FEMA trailer and house with "Operation Blue Roof" Tarp
The Post-Katrina Emergency Management Reform Act
of 2006 (PL. 109-295, Title VI) requires the Secretary
of DHS to promulgate regulations that require, at
a minimum, that contractors not use subcontrac-
tors for more than 65% of the cost of a contract or
any individual task, excluding profit and overhead.
We believe that this requirement is overly restrictive
and recommended that FEMA work with Congress
and the Office of Federal Procurement Policy to
promulgate less restrictive regulations over multitier
subcontracting. We recommended that FEMA work
with DHS officials, the Office of Federal Procurement
Policy, and Congress to promulgate less restrictive
regulations over multitier contracting.
(OIG-08-81, July 2008, (EMO)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-81JuI08.pdf
The Federal Emergency Management Agency's
Sheltering and Transitional Housing Activities
After Hurricane Katrina
FEMA received widespread criticism for its inability
to effectively provide transitional housing assistance,
particularly in moving evacuees from emergency
shelters to more permanent forms of temporary
16
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
housing. We conducted a review of FEMA's activities
under its disaster housing program for providing
assistance to victims of hurricanes Katrina, Rita, and
Wilma.
FEMA did not have plans in place that clearly defined
roles, responsibilities, and processes to address housing
needs. FEMA was unable to effectively coordinate
housing needs among state and local governments;
provide effective contract management, oversight,
and monitoring; and ensure that manufacturers'
warranties were enforced when contractors repaired
and maintained housing units.
We recommended that FEMA develop plans and
define roles and responsibilities in planning for housing
needs; develop procedures to ensure that contracts
are managed and monitored effectively; take steps to
improve communication and coordination with state
and local governments; develop criteria for temporary
housing sites; and develop policies and procedures
to ensure that manufactured housing is properly
inspected and maintained and that repair warranties
are enforced. Finally, we proposed several alternatives
for Congress to consider when addressing housing
solutions in future catastrophic disasters.
(OIG-08-93, September 2008, EMO)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-93_Sep08.pdf
The Federal Emergency Management Agency's
Crisis Counseling Assistance and Training
Program: State of Florida's Project H.O.P.E.
Our review of FEMAs Crisis Counseling Assistance
and Training Program and the grants awarded to
the State of Florida's Project H.O.P.E. following
hurricanes Katrina and Wilma determined that the
Crisis Counseling Assistance and Training Program
could be strengthened by (1) better coordination of
outreach and publicity activities among FEMA, other
responding agencies, and the state implementing the
grant; (2) improved information sharing among FEMA
and state agencies to locate disaster survivors in need
of counseling; (3) improved managerial oversight and
project monitoring; (4) improved methodologies to
measure project effectiveness; and (5) better planning
for consistent project design implementation. Our
recommendations included establishing standard
practices to ensure coordinated efforts in publicizing
services available to disaster survivors (including
available community and governmental services) among
the state and local project offices, FEMA's Voluntary
Agency Liaisons, Community Relations, and Public
Affairs; better collaboration among all government
agencies attempting to identify and establish contact
with those in need of crisis counseling; and developing
and implementing consistent results-oriented measure-
ments to determine the effectiveness of projects funded
by FEMA.
(OIG-08-96, September 2008, EMO)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-96_Sep08.pdf
Hurricane Katrina: Wind Versus Flood Issues
We did not find evidence that Write-Your-Own
(WYO) insurance companies acted improperly
in adjusting claims, or that a perceived conflict of
interest influenced their determination of insurance
settlements for wind and flood claims from Louisiana,
Mississippi, and Alabama. However, there were
numerous instances of duplication of benefits. Overall,
we concluded that the National Flood Insurance
Program (NFIP) would benefit from including wind
damage information in its adjustment process.
FEMA should (1) require WYO insurance companies
to document and make available to the NFIP the
rationale and methodology for calculating flood
and wind damage when there is evidence that both
contributed to the damage, (2) expand the scope of
the reinspection process and the operational reviews
to ensure that wind damage was not paid under the
flood policy, and (3) provide clear and concise guidance
for adjusting total loss claims after catastrophic events
when structures are completely destroyed by wind and
water.
17
Semiannual Report to the Congress
April 1, 2008-September30, 2008
We also recommend that Congress examine FEMA's
authority to obtain homeowners insurance informa-
tion, provide more resources for NFIP to improve its
oversight of WYO insurance companies, and work
with insurance regulators on the issue of anticoncur-
rent clauses in flood policies.
(OIG-08-97, September 2008, EMO)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-97_Sep08.pdf
Information Technology Management Letter for
the FEMA Component of the FY 2007 DHS
Financial Statement Audit (Redacted)
We contracted with the independent public accounting
firm KPMG LLP to audit the FEMA consolidated
balance sheet and related statements as of September
30, 2007 and 2006. As part of this review, KPMG
LLP noted certain matters involving IT internal
control and other operational matters and have
documented their comments and recommendations
in the IT Management Letter. The overall objective
of our audit was to evaluate the effectiveness of IT
general controls of FEMAs financial processing
environment and related IT infrastructure. KPMG
LLP noted that FEMA addressed many prior years
of IT control weaknesses but that IT general control
weaknesses still existed during FY 2007. The most
significant weaknesses from a financial statement audit
perspective related to access controls, change control,
entity-wide security, system software, and service
continuity. Collectively, the IT control weaknesses
limit FEMAs ability to ensure the confidentiality,
integrity, and availability of critical financial and
operational data. These weaknesses also negatively
impact FEMAs internal controls over its financial
reporting and operation, and KPMG LLP considers
them to collectively represent a material weakness
under standards established by the AICPA.
(OIG-08-68, June 2008, IT- A)
http:// www.dhs.gov/ xoig/assets/ mgmtrpts/
OIGr_08-68_Jun08.pdf
DISASTER ASSISTANCE GRANTS
The Robert T. Stafford Disaster Relief and Emergency
Assistance Act (P.L. 93-288), as amended, governs
disasters declared by the President of the United
States. Title 44 of the Code of Federal Regulations
provides further guidance and requirements for
administering disaster assistance grants awarded by
FEMA. We review grants to ensure that grantees or
subgrantees account for and expend FEMA funds
according to federal regulations and FEMA guidelines.
We issued 16 financial assistance grant reports with
questioned costs totaling $22.3 million of which $6.2
million was unsupported. Our grant reports included
Hurricane Katrina Disaster Costs for Hancock County
Port and Harbor Commission (DA-08-09) and Lafayette
Parish Sheltering and Emergency Protective Measures
(DD-08-02). A list of these reports, including
questioned costs and unsupported costs, is provided in
Appendix 4.
Hurricane Katrina Disaster Costs for Hancock
County Port and Harbor Commission
The Hancock County Port and Harbor Commission
received an award of $19.9 million from the Mississippi
Emergency Management Agency (MEMA), a
FEMA grantee, for emergency protective measures,
debris removal, and other disaster-related activities.
We reviewed $10.2 million of costs incurred under
five large projects. Our review determined that the
Commission properly accounted for project expendi-
18
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
tures on a project-by-project basis as required by federal
regulations. However, we identified $5.0 million of
questioned costs resulting from insurance proceeds
that had not been deducted from eligible project costs
and excessive contract costs. Prior to issuance of our
report, FEMA deobligated $5 million of the costs
questioned in our review. We recommended that
the Acting Director of the Mississippi Transitional
Recovery Office, in coordination with MEMA, (1)
inform the Commission that actual insurance proceeds
must be reported to MEMA so that eligible project
costs can be adjusted, (2) instruct the Commission
to comply with all federal procurement regulations
and FEMA guidelines when awarding contracts for
FEMA-funded activities, and (3) disallow the $52,416
of excessive contract costs.
(DA-08-09, August 2008, EMO)
http://www.dhs.gov/xoig/assets/auditrpts/OIG_
DA-08-09_Aug08.pdf
Lafayette Parish Sheltering and Emergency
Protective Measures
Lafayette Parish, Louisiana, was awarded $8 million
in expedited funds for sheltering and emergency
protective measures related to Hurricane Katrina at
the Lafayette Cajundome and for emergency protective
measures provided. Lafayette Parish fed and housed
thousands of evacuees, as well as government officials
and volunteers, in the Cajundome facilities from
August 28 through October 29, 2005. Our review
determined that Lafayette Parish accounted for and
expended $4.55 million of the funds according to
federal regulations and FEMA guidelines. However,
FEMA denied $2.3 million in usage fees as ineligible,
and this amount is included in $3.45 million of
unspent funds that should be returned to FEMA. We
also confirmed that FEMA needed to revise a project
worksheet to amend the scope of work to include
post-sheltering activities, as these are eligible expenses.
We recommended that the Director of the FEMA
Louisiana Transitional Recovery Office (1) recover
the $3,448,987 of expedited funds that exceed eligible
costs, and (2) amend the scope of work to include
post-sheltering recovery activities.
(DD-08-02, September 2008, EMO)
http://www.dhs.gov/xoig/assets/auditrpts/OIG_
DD-08-02_Sep08.pdf
FIRE MANAGEMENT
ASSISTANCE GRANTS
Summary of Eight Fire Management Assistance
Grant Audits in Six Western States
We reviewed $27.2 million of $54.2 million in eight
Fire Management Assistance Grant (FMAG) awards
to six western states. State agencies responsible for
administering the awards generally did so effectively
and efficiently but did not always comply with
federal regulations and FEMA guidelines, especially
regulations regarding records retention and support
for costs claimed. We questioned more than $5.3
million in costs claimed but not properly supported
with source documentation, $966,146 in costs not
eligible for reimbursement under the FMAG program,
and $515,430 in duplicate assistance provided to a
subgrantee. The 32 recommendations in these reports
recommended (1) disallowance of unsupported,
ineligible, and duplicate costs; (2) compliance with
records retention and supporting documentation
requirements for costs claimed; (3) training on grant
application policies and procedures; (4) compliance
with financial reporting regulations; and (5) updates
and revisions to the states' FMAG related policies,
procedures, and accounting practices. (DS-08-05
through DS 08-12, September 2008, EMO)
http://www.dhs.gov/xoig/assets/auditrpts/OIG_
DS-08-05_Sep08.pdf
http://www.dhs.gov/xoig/assets/auditrpts/OIG_
DS-08-06_Sep08.pdf
http://www.dhs.gov/xoig/assets/auditrpts/OIG_
DS-08-07_Sep08.pdf
http://www.dhs.gov/xoig/assets/auditrpts/OIG_
DS-08-08_Sep08.pdf
http://www.dhs.gov/xoig/assets/auditrpts/OIG_
DS-08-09_Sep08.pdf
http://www.dhs.gov/xoig/assets/auditrpts/OIG_
DS-08-10_Sep08.pdf
http://www.dhs.gov/xoig/assets/auditrpts/OIG_
DS-08-ll_Sep08.pdf
http://www.dhs.gov/xoig/assets/auditrpts/OIG_
DS-08-12_Sep08.pdf
19
Semiannual Report to the Congress
April 1, 2008-September30, 2008
STATE HOMELAND SECURITY GRANTS
The State of Washington's Management of State
Homeland Security Grants Awarded During FY
2004-06
The State of Washington received $121.6 million in
State Homeland Security Grants awarded by FEMA
during FY 2004-06. We contracted with Cotton &
Company LLP, under a contract with DHS OIG,
conducted an audit of the State of Washington's
Management of State Homeland Security Grants
to determine whether the State of Washington (1)
effectively and efficiently implemented State Homeland
Security Grant programs, (2) achieved program goals,
and (3) spent funds in accordance with grant require-
ments.
Overall, the state administrative agency effectively and
efficiently implemented the State Homeland Security
Grant programs. The state used reasonable methodolo-
gies to assess threats, vulnerabilities, capabilities, and
prioritize needs, and allocated funding accordingly.
The state complied with requirements for managing
and reporting cash, obligating funds to local jurisdic-
tions, and expending funds within performance
periods. For expenditures tested, grant funds were
expended according to grant requirements and in
alignment with the state homeland security strategy.
However, the state and its subgrantees did not have
adequate controls over personal property purchased
with grant funds. Our recommendations called for
FEMA to require the State of Washington to develop
guidance and ensure implementation of federal
regulations governing controls over personal property.
(OIG-08-98, September 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-98_Sep08.pdf
The State of Arizona's Management of State
Homeland Security Grants Awarded During FYs
2004-06
The State of Arizona received $103.1 million in
Homeland Security Grants awarded by FEMA during
FY 2004-06. We contracted with Williams, Adley &
Company LLP to conduct an audit of the DHS State
Homeland Security Grants to determine whether
the State of Arizona (1) effectively and efficiently
implemented the State Homeland Security Grants
programs, (2) achieved the goals of the programs, and
(3) spent funds in accordance with grant requirements.
Overall, the State of Arizona efficiently and effectively
administered the program requirements, distributed
grant funds, and ensured that all available funds were
used. However, the state withheld portions of local
units' funding without proper documentation and did
not perform adequate programmatic monitoring of
subgrantees. Our recommendations called for FEMA
to require the State of Arizona to implement control
procedures for approval and documentation of funds
withheld for centralized procurements, and implement
a full-scope subgrantee monitoring program.
(OIG-08-99, September 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-99_Sep08.pdf
The State of Utah's Management of State
Homeland Security Grants Awarded During FYs
2004-06
The State of Utah received $55.6 million in Homeland
Security Grants awarded by FEMA during FY
2004-06. We contracted with Williams, Adley
& Company LLP to conduct an audit of the State
Homeland Security Grants to determine whether
the State of Utah (1) effectively and efficiently
implemented the State Homeland Security Grants
programs, (2) achieved the goals of the programs, and
(3) spent funds in accordance with grant requirements.
Overall, the State of Utah efficiently and effectively
administered program requirements, distributed grant
funds, and ensured that all available funds were used.
However, it did not ensure that grant funds were
allocated within 60 days as required, and that Financial
Status Reports for FY 2004-06 grants were submitted
on time. Our recommendations called for FEMA
to require the State of Utah to review its allocation
process to meet the 60 day requirement, and revise the
Financial Status Reports preparation process to ensure
timely submissions.
(OIG-08-83, August 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-83_Aug08.pdf
20
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
ASSISTANCE TO FIREFIGHTERS GRANT
Assistance to Firefighters Grant Program-
FY2003
We contracted with Foxx & Company to conduct
a performance audit of the FY 2003 Assistance to
Firefighters Grant Program. During FY 2003, the
most recent year at the time of the audit for which
grant awards were fully implemented, a total of
8,745 grants worth $705,242,829 were competitively
awarded. The audit included approximately $7,164,087
awarded to 30 grant recipients, 10 located in each of
the states of California, Illinois, and New York. The
audit was conducted to determine if (1) the grantee
properly accounted for the awarded federal funds
and acquired property assets, and (2) the claimed
program costs were eligible, reasonable, and adequately
supported.
Of the 30 grant recipients reviewed, 21 expended grant
funds in accordance with the grant agreement and
provided appropriate documentation to support the
incurred costs. Of the remaining nine recipients, six
did not comply with grant requirements, resulting in
ineligible expenditures, and five had unsupported costs.
Recommendations were made to FEMA to resolve
the ineligible expenditures and unsupported costs,
and ensure that grant recipients establish accounting
systems, comply with records retention policies, and
follow federal regulations for soliciting bids.
(OIG-08-84, August 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-84_Aug08.pdf
INVESTIGATIONS
Benefit Recipient Sentenced for Federal
Emergency Management Agency Fraud
We conducted an investigation of a disaster benefit
recipient for filing fraudulent disaster claims with
FEMA. She claimed to have losses in connection with
Hurricanes Katrina and Rita. Between September
2005 and January 2006, she filed seven applications
with FEMA for relief money for property damage to
residences in Louisiana. She submitted the applications
over the Internet in the names of other people, and in
fact, none of the applicants had sustained any property
damage as a result of the hurricanes. She was sentenced
in U.S. District Court to 5 years probation and was
ordered to pay $14,744 in restitution.
Benefit Recipient Indicted for Federal Emergency
Management Agency Fraud
Our investigation revealed that a person falsified
multiple Social Security numbers to obtain approxi-
mately $8,000 in fraudulent Individual Assistance
claims after Hurricane Katrina. Evidence also
indicated that she defrauded FEMA of approximately
$8,500 in previous disasters. She was indicted in the
Southern District of Texas for false claims and mail
fraud, was subsequently convicted, and is awaiting
sentencing.
City Ordered to Pay a Civil Judgment to Federal
Emergency Management Agency for Excessive
Claim
We conducted an investigation into an allegation that a
Colorado city filed a false excessive claim with FEMA
for emergency snow removal. Investigation verified that
the contractor had falsified its billing records at the
request of the town administrator, enabling the city to
file an overstated emergency snow removal claim with
FEMA. Our investigation determined that the claim
amount was outside the scope of the FEMA provisions.
A civil judgment was entered and the city agreed to
reimburse FEMA for $64,500.
Federal Emergency Management Agency Fraud
Ring Busted
We investigated a person who fraudulently filed 77
disaster assistance applications on behalf of 73 people,
resulting in wrongful payments of $92,958. She
and several conspirators recruited members of the
community, who knowingly provided their names and
Social Security numbers for her fraudulent filings.
The recruiters then accompanied the people to cash
their $2,000 assistance checks. Each person received
between $300 and $600, with the remaining money
split between the recruiter and the principal subject.
The Assistant U.S. Attorney decided to prosecute 10
of 73 claimants based on their level of involvement in
the conspiracy, their previous criminal histories, and
whether they were receiving HUD Section 8 housing
assistance.
21
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Eight of the defendants have been sentenced, with
the principal subject receiving the largest sentence: 33
months incarceration, 3 years probation, and an order
to pay $92,958 in restitution. Additionally, her Lincoln
Navigator was ordered seized and forfeited. Others
have received lesser terms of confinement, home
detention, probation, and restitution. Two subjects are
awaiting sentencing. The investigation was a result of a
joint investigation with the HUD OIG.
California Resident Guilty of Filing False
Katrina Claim
We conducted an investigation into the allegation
that a fraudulent FEMA claim was filed by a person
reporting to be a resident of Louisiana at the time
Hurricane Katrina struck the Gulf Coast. The person
was in fact a California resident, who pled guilty to
false claims, was placed on 2 years probation, and was
ordered to pay $20,714 in restitution.
Office of Inspector General Assists Homicide
Investigations
The U.S. Attorney's Office, Southern District of
Texas, contacted our office to request assistance in
a homicide investigation. Police detectives sought to
determine if a Louisiana native who was a suspect in
the murder of his two minor children had fraudulently
applied for FEMA funds. At the time of the request,
police had only substantiated misdemeanor charges for
which the suspect could have posted bond. The suspect
had indeed fraudulently received FEMA funds and our
agents gathered sufficient evidence to charge him. The
suspect later confessed to the murders.
Office of Inspector General Response to Midwest
Flooding
We initiated a response to suspected FEMA fraud
related to the recent Midwest flooding. Our agents
visited FEMA Joint Field Offices recently established
in Madison, WI; Indianapolis, IN; and Urbandale,
IA. Our agents gave briefings and met with officials
and various FEMA program staffs. Our agents also
developed points of contact with other affected federal,
state, and local police agencies and the relevant U.S.
Attorneys' offices.
Federal Emergency Management Agency Fraud
Suspect Pleads Guilty
We conducted an investigation of a person who was
listed as an applicant in a FEMA disaster assistance
application and claimed to be displaced by Hurricane
Katrina. FEMA found him to be eligible and provided
him with $2,000 in disaster assistance. We interviewed
the person who stated that he fraudulently conspired
to defraud FEMA and endorsed a U.S. government
check even though he knew that he was not eligible for
assistance. The person was sentenced to 36 months
probation and $2,000 restitution as a result of his
guilty plea on one count each of false claims and felony
theft regarding FEMA fraud.
Fraud Suspects Plead Guilty to False Federal
Emergency Management Agency Claims
We conducted an investigation of two people who
applied by telephone three times for FEMA disaster
assistance regarding Hurricane Katrina and Rita. The
Social Security numbers used by the subjects during
their FEMA claims did not belong to either of them.
We arrested them after they were indicted for making
the false applications to FEMA. One subject was
sentenced to time served, 3 years probation, a $200
special assessment fine, and $2,000 in restitution. The
second subject was sentenced to time served, 5 years
probation, a $200 special assessment fine, and $2,000
in restitution.
Federal Emergency Management Agency Fraud
Suspect Pleads Guilty to Felony Theft
We conducted an investigation where a person made
a FEMA disaster assistance application and claimed
to be displaced by Hurricane Rita. FEMA found
the applicant eligible and gave her $2,000 in disaster
assistance. Subsequently, we interviewed the subject,
who stated that she fraudulently conspired to defraud
FEMA and endorsed a U.S. government check
even though she knew that she was not eligible for
assistance. She was later arrested and pled guilty to one
count of felony theft, and was sentenced to 18 months
probation and ordered to pay $2,000 in restitution to
FEMA.
22
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Federal Emergency Management Agency Fraud
Suspect Pleads Guilty to Felony Theft
We conducted an investigation of a FEMA disaster
assistance applicant who claimed to be displaced
by Hurricane Katrina. FEMA found the applicant
eligible and gave her $2,000 in disaster assistance.
Subsequently, we interviewed the applicant, who stated
that she fraudulently conspired to defraud FEMA and
endorsed a U.S. government check even though she
knew that she was not eligible for assistance. We later
arrested the applicant for false claims and felony theft
regarding the fraudulent disaster assistance applica-
tion. The subject pled guilty to one count of felony
theft and was subsequently sentenced to 36 months
probation and ordered to pay $2,000 in restitution to
FEMA.
Former County Official Convicted of Fraud
We conducted an investigation of alleged FEMA
fraud involving a former county official. The former
official created a fraudulent FEMA letter that he sent
to property developers. The developers responded to
the letter with money that they thought was payment
to FEMA for a letter providing land map revisions,
and the money was deposited in the subject's personal
account. The former official was convicted in the
Arizona Superior Court of eight felony counts related
to FEMA fraud and was subsequently sentenced to 8
years of state imprisonment. The subject is also facing
another trial for fraudulent activity in connection with
his application for a mortgage broker license.
Two Convicted of Federal Emergency
Management Agency Debris Removal Fraud
An early season snowstorm in October 2006 severely
impacted Erie County, NY, causing large-scale damage
to trees. Erie County contracted with a debris removal
company to trim and remove debris from county
parks. We received allegations that the contractor was
providing coffee, donuts, lunch, and other nonmone-
tary gratuities to monitors in order to manipulate
them into falsifying invoices for work done on trees
that did not meet FEMA guidelines for trimming.
One monitor did falsify invoices at the contractor's
request. Both the contractor and the monitor pleaded
guilty to state charges and were sentenced to probation
and community service. As a result of this investiga-
tion, $62,800 in payments to the contractor, which
would have been submitted to FEMA, was withheld.
Since the fraud was averted, FEMA was not billed for
this activity.
Alabama Resident Sentenced to Six Years for
Federal Emergency Management Agency Fraud
Our investigation resulted in a subject being indicted
on four counts related to theft of disaster funds
received as a result of fraudulent claims filed in the
aftermath of Hurricane Katrina. The subject received
$8,716 in federal funds. The subject was involved in
other criminal activity and was also being investigated
by other federal agencies. The subject entered a guilty
plea to the disaster fraud and was sentenced to a total
of 140 months imprisonment (80 months for the
FEMA fraud) and 60 months on supervised release.
The court also ordered the subject to pay restitution of
$8,716 and an assessment of $400.
Four Alabama Residents Charged With Federal
Emergency Management Agency Hurricane
Katrina Fraud
Our investigation resulted in four subjects being
indicted for filing false Disaster Assistance claims with
FEMA after Hurricane Katrina. Three of the subjects
were family members and the fourth was a close
associate. One of the subjects was incarcerated at the
time Hurricane Katrina occurred. The other subjects
provided FEMA with false documentation regarding
damage to their homes as well as fraudulent rental
agreements and receipts in order to obtain funding for
emergency rental assistance. Total dollar loss to FEMA
was $27,833. Three of the four subjects have entered
guilty pleas. One subject has been sentenced to 3 years
in federal prison and 5 years supervised probation on
release from prison, and ordered to pay restitution. The
others are awaiting sentencing and have indicated that
they want to provide information about others who
defrauded FEMA.
23
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Alabama Resident Sentenced to Two Years for
Stealing Dead Brother's Identity to File False
Federal Emergency Management Agency Claim
Our investigation resulted in one person being indicted
for theft of funds, aggravated identity theft, and
false statements related to a false FEMA claim after
Hurricane Katrina. The subject filed the false claim
in the name of his brother, who had died in 1993. The
subject received FEMA individual assistance, hotel
assistance, and a FEMA travel trailer, for a total of
more than $33,000. The subject entered a guilty plea
to the charges and was subsequently sentenced to 24
months imprisonment and 12 months supervised
release, was ordered to pay restitution in the amount of
$33,179, and was given a $100 special assessment.
Federal Emergency Management Agency Fraud
Suspect Pleads Guilty to Felony Theft
We investigated four people who allegedly submitted
false FEMA claims. As part of the recent hurricane
relief effort, FEMA initiated and funded the Disaster
Unemployment Insurance Assistance (DUA), which
provided unemployment insurance (UI) funds in
addition to regular UI benefits for people who became
unemployed because of the hurricanes. It was alleged
that the four people submitted false claims for DUA
benefits. They were subsequently convicted of wire
fraud, mail fraud, conspiracy, and identity theft. The
main conspirator was sentenced to 54 months confine-
ment followed by 3 years supervised release, and was
ordered to pay restitution of $150,223. The remaining
three were sentenced to lesser amounts of incarceration
and restitution.
Federal Emergency Management Agency Fraud
Suspect Pleads Guilty to Felony Theft
We investigated a complaint received from the local
police department alleging that a person was a renter at
an address in Bogalusa, LA, after Hurricane Katrina.
During the course of the investigation, it was proved
that she fraudulently applied for and received FEMA
funds by using the Bogalusa address and forging a
rental receipt indicating that she was living at the
address before the hurricane. She was sentenced to
60 months confinement followed by a 36-month
supervised release in the Middle District of Louisiana
as a result of a guilty plea to filing false FEMA claims.
FEDERAL LAW
ENFORCEMENT TRAINING
CENTER
MANAGEMENT REPORTS
Independent Auditor's Report on Federal
Law Enforcement Training Center's FY 2007
Consolidated Financial Statements
KPMG LLP, under a contract with DHS OIG, issued
an Independent Auditor's Report on FY 2007 Consoli-
dated Financial Statements for the Federal Law
Enforcement Training Center (FLETC). KPMG LLP
expressed an unqualified opinion on FLETC's consoli-
dated financial statements for FY 2007. The FY 2007
auditor's report discusses four significant deficiencies,
one of which is considered a material weakness, as
well as one instance of noncompliance with laws and
regulations. The following conditions were identified:
Management Review of Upward and Downward
Adjustments, Environmental Clean-up Costs,
Accounts Payable, and Financial Systems Security.
The Management Review of Upward and Downward
Adjustments is also a material weakness. FLETC's
management concurred with all the findings.
(OIG-08-53, May 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-53_May08.pdf
Information Technology Management Letter for
the FY 2007 Federal Law Enforcement Training
Center Financial Statement Audit (Redacted)
KPMG LLP performed an audit of the DHS FLETC's
Consolidated Balance Sheet and related statements
as of September 30, 2007 and 2006. The overall
objective of the audit was to evaluate the effectiveness
of IT general controls of FLETC's financial processing
environment and related IT infrastructure as necessary
to support the engagement. As part of this audit,
KPMG LLP reviewed internal controls over financial
reporting, and determined that its operation was a
significant deficiency under standards established
by the AICPA. KPMG LLP found deficiencies
in the design and operation of FLETC's internal
controls, which could adversely affect the agency's
financial statements. Additionally, KPMG LLP noted
deficiencies over entity-wide security planning, access
24
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
controls, application development and change control,
system software, and service continuity; the auditors
documented their comments and recommendations in
the IT Management Letter. KPMG LLP determined
that FLETC has made progress on its weaknesses,
but many of the prior year Notifications of Findings
and Recommendations could not be closed completely
because of impending systems implementation or
policies and procedures that are in draft form, and thus
were reissued.
(OIG-08-70, June 2008, IT- A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-70Jun08.pdf
OFFICE FOR CIVIL RIGHTS
AND CIVIL LIBERTIES
We received 92 civil rights and civil liberties complaints
from April 1 through September 30, 2008. Of those,
we opened four investigations, referred 88 investiga-
tions to the Office for Civil Rights & Civil Liberties
(CR&CL), and there are no complaints currently under
review for disposition. During the reporting period, we
did not make any arrests, there were no indictments or
convictions, and two of the four investigations noted
above are still open.
OFFICE OF INTELLIGENCE
AND ANALYSIS
MANAGEMENT REPORTS
Letter Report: National Applications Office
Privacy Stewardship (Unclassified Summary)
We reviewed the DHS National Applications Office
(NAO) privacy stewardship to determine whether
NAOs plans and activities instill and promote a
privacy culture and are in compliance with privacy
regulations. Privacy stewardship includes establishing
privacy requirements prior to program initiation,
privacy risk assessment and mitigation, and privacy
integration in the program operation.
Generally, NAO is making good progress in developing
an effective privacy program for its operations. Specifi-
cally, NAO involved the DHS Privacy Office early in
program planning and development of key organiza-
tional documents. Also, NAO acknowledges privacy
requirements and states a commitment to privacy in
its charter. We identified several elements that serve
as a framework for NAOs privacy stewardship, such
as ongoing privacy oversight by departmental privacy
and civil liberties officers, public notice of system of
records, training of NAO personnel, and approved
risk assessments. However, a revised Privacy Impact
Assessment and a Civil Liberties Impact Assessment
reflecting changes in the charter are still necessary
before NAO can become operational.
We recommended that the Under Secretary for Intelli-
gence & Analysis direct the Director of NAO to obtain
the DHS Privacy Office's approval of an updated
program Privacy Impact Assessment reflecting a signed
charter and standard operating procedures, as well
as DHS CR&CL approval of NAO's Civil Liberties
Impact Assessment.
(OIG-08-35, April 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIGr_08-35_Apr08.pdf
TRANSPORTATION
SECURITY ADMINISTRATION
MANAGEMENT REPORTS
Transportation Security Administration's
National Deployment Force
TSAs National Deployment Force deploys transpor-
tation security officers to support airport screening
operations during emergencies, seasonal demands, or
other circumstances requiring more staffing resources
than are regularly available. TSA implemented this
program without developing a process to determine
the criteria and priority for deployment decisions or
ensuring the appropriateness of resource allocations.
From the establishment of a deployment program in
November 2003 until January 2007, TSA did not have
financial systems to track and document program-
related costs, adequate documentation to support
deployment decisionmaking, or internal controls and
standard operating procedures over key deployment
functions. In addition, TSA was overly reliant on the
deployment force to fill chronic staffing shortages at
specific airports in lieu of more cost-effective strategies
to handle screening demands. We recommended that
TSA establish systems to collect, track, and report
deployment costs; develop decisionmaking procedures
25
Semiannual Report to the Congress
April 1, 2008-September30, 2008
for deployment requests and document results;
and develop and disseminate standard operating
procedures for key program functions to increase
program efficiency and effectiveness.
(OIG-08-49, April 2008, ISP)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-49_Apr08.pdf
TSA's Administration and Coordination of Mass
Transit Security Programs
Since 2004, TSA has initiated several programs
to boost mass transit security. Our review focused
on TSAs management of its four major assistance
programs and how well these programs meet the needs
of the Nation's five largest mass transit rail systems.
TSA is improving mass transit security but faces
important challenges to improve transit rail security,
meet the needs of mass transit authorities, and comply
with recent legislation that expanded TSAs statutory
authority and responsibility. TSA still needs to
clarify its transit rail mission and develop additional
regulations and memorandums of understanding with
local transit authorities. TSA needs to improve interof-
fice communication and coordination, and needs to
better understand and address system-specific security
requirements. We made seven recommendations to
improve management and coordination of mass transit
rail security programs.
(OIG-08-66, June 2008, ISP)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-66Jun08.pdf
A Review of TSA's Management of Aviation
Security Activities at Jackson-Evers International
and Other Selected Airports
The Chairman of the House Committee on Homeland
Security requested that we review TSAs management
of aviation security activities at Jackson-Evers Interna-
tional and other selected airports, including whether
(1) existing processes, which authorize certain people
to fly while armed, need strengthening; (2) transporta-
tion security officers reported the discovery of firearms
and other dangerous prohibited items as required by
TSA policy and directives; (3) transportation security
officers received advance notice of any internal TSA
covert testing; and (4) TSA compromised any covert
testing conducted by another federal government
entity.
TSA has made progress toward improving its internal
covert testing, but additional work is necessary. In
addition, TSA can take steps to improve security
activities within commercial aviation by eliminating the
vulnerabilities associated with the current flying armed
processes, strengthening covert testing procedures, and
improving processes for reporting security incidents.
We made 12 recommendations to improve TSAs
management of aviation security. In response to our
report, TSA proposed plans and actions that, once
implemented, will reduce a number of the deficiencies
we identified. TSA concurred with nine recommenda-
tions, concurred in part with two recommendations,
and did not concur with one recommendation, which
we have since modified.
(OIG-08-90, September 2008, ISP)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-90_Sep08.pdf
Independent Auditor's Report on the
Transportation Security Administration's FY
2007 Balance Sheet
KPMG LLP, under a contract with DHS OIG,
issued a qualified opinion on the TSA's balance sheet
for the year ended September 30, 2007. TSA was
unable to provide sufficient audit evidence to support
the accuracy, completeness, and existence of accrued
unfunded leave, certain other intragovernmental
liabilities, intragovernmental accounts payable, and
certain accounts payable as presented in TSA's consoli-
dated balance sheet at September 30, 2007. KPMG
LLP's report also discusses five material weaknesses,
two other significant deficiencies in internal control,
and instances of noncompliance with four laws and
regulations as follows:
Significant deficiencies that are considered to be
material weaknesses:
A. Financial Systems Security
B. Undelivered Orders and Accounts Payable
C. Property and Equipment
D. Financial Reporting
E. Accrued Leave
F. Accounts Receivable
G. Human Resources Documentation
Noncompliance of laws and regulations:
H. Federal Financial Management Improvement
Act of 1996
26
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
I. Federal Managers Financial Integrity Act of
1982
J. Debt Collection Improvement Act of 1996
K. Payroll-related laws
(OIG-08-57, May 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-57_May08.pdf
Transportation Security Administration's Efforts
To Proactively Address Employee Concerns
TSA reports that a stable, mature, and experienced
workforce is the most effective tool it has to meet its
mission. Despite the value placed on the workforce,
employees have expressed their concerns about
how the TSA operates by historically filing formal
complaints at rates higher than other federal agencies
of comparable size. Low employee morale continues
to be an issue at some airports, contributing to TSAs
17% voluntary attrition rate.
TSA has taken proactive steps by establishing the
Office of the Ombudsman, the Integrated Conflict
Management System, and the National Advisory
Council to help identify and address its employees'
workplace concerns. We evaluated the effectiveness
of these initiatives and concluded that TSA could
improve its initiatives by establishing more effective
internal systems, processes, and controls. Specifi-
cally, TSA has not provided sufficient tools and
guidance regarding the structures, authorities, and
oversight responsibilities of each initiative, and has
faced challenges in communicating the details of each
to its workforce. More than half of the employees we
interviewed described the agency's efforts to educate
them on the various initiatives available to address
their workplace concerns as "inadequate." Our report
contains six recommendations to the TSA to provide
employees with sufficient tools, including clear
guidance and better communication, on the structures,
authorities, and oversight responsibilities of the
initiatives we reviewed.
(OIG-08-62, May 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-62_May08.pdf
Transportation Security Administration's Single
Source (Noncompetitive) Procurements
We conducted an audit to determine whether TSA
properly justified less than full and open competition
for single source procurements. Contracts awarded
in FY 2006 were exempted from the requirements
of the Federal Acquisition Regulation. However, the
Consolidation Appropriation Act of 2008 repealed TSAs
exemption, effective June 2008.
TSA complied with some of the policies and
procedures for awarding single source procurements,
but not others. All of the contract files contained
the written rationale, but most of the files lacked the
required market analysis, proper concurrences and
approvals, and statements of planned actions to remove
barriers to future competition. The noncompliances
prevent TSA from readily substantiating that its
single source procurements in 2006 were appropriately
awarded. We recommended measures that, when
implemented, will increase the likelihood that TSAs
single source procurements comply with applicable
policies and procedures, are fully justified, and are
appropriate.
(OIG-08-67, June 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-67_Jun08.pdf
Independent Auditor's Report on the
Transportation Security Administration's FY
2008 Mission Action Plans
KPMG LLP, under a contract with DHS OIG,
performed an audit to evaluate and report on the
status of the four detailed M APs prepared by TSA to
correct the internal control deficiencies over financial
reporting. The MAPs are intended to address control
deficiencies identified in financial reporting, capital
assets and supplies, actuarial and other liabilities, and
budgetary accounting.
KPMG LLP noted that the MAP milestones are not
clearly linked to root causes. Critical interdependen-
cies, such as those between milestones, accounting
processes, or with third parties, are not identified
within each MAP and affected milestones (e.g., USCG
IT systems).
KPMG LLP recommended that TSA management
continue to perform a comprehensive and thorough
root cause analysis, improve MAPs by clearly linking
each deficiency or root cause identified by management
to milestones, and identify critical interdependences
and include milestones recognizing these dependencies.
(OIG-08-74, July 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-74_JuIy08.pdf
27
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Transportation Security Administration's
Controls Over Badges, Uniforms, and
Identification Cards
In early 2007, the media widely reported that
thousands of TSA uniforms and badges were missing
from various airport locations throughout the
United States. Security experts and some members
of Congress expressed concern that these missing
items could allow an unauthorized person access to
secured areas of an airport. We determined that TSA
does not have adequate controls in place to manage
and account for airport security identification display
area badges, TSA uniforms, and TSA identification
cards. Unauthorized access to those items increases an
airport's level of risk to a wide variety of terrorist and
criminal acts.
TSA did not ensure that airport badge offices were
notified when TSA employees separated from the
agency, or that airport security identification display
area badges were retrieved and returned to the badge
offices. TSA did not record and track issuance of
TSA uniforms, collect uniforms upon an employee's
separation, and safeguard and account for reserve
stock. TSA did not maintain accurate records on
TSA identification cards or ensure that identification
cards were returned and destroyed upon an employee's
separation from TSA. Our report contained three
recommendations to the TSA Assistant Secretary
to strengthen the controls over TSA's management
of airport security identification display area badges,
uniforms, and identification cards.
(OIG-08-92, September 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIGr_08-92_Sep08.pdf
Information Technology Management Letter
for the FY 2007 Transportation Security
Administration Balance Sheet Audit (Redacted)
We contracted with the independent public accounting
firm KPMG LLP to audit the TSA consolidated
balance sheet and related statements as of September
30, 2007 and 2006. As part of this review, KPMG
LLP noted certain matters involving IT internal
control and other operational matters and have
documented their comments and recommendations
in the IT Management Letter. The overall objective of
our audit was to evaluate the effectiveness of IT general
controls of TSA's financial processing environment
and related IT infrastructure. KPMG LLP noted
that TSA addressed many prior years of IT control
weaknesses, but that IT general control weaknesses
still existed during FY 2007. The most significant
weaknesses from a financial statement audit perspec-
tive related to access controls and application change
control. Collectively, the IT control weaknesses limit
TSA's ability to ensure the confidentiality, integrity,
and availability of critical financial and operational
data. These weaknesses also negatively impact
TSA's internal controls over its financial reporting
and operation, and KPMG LLP considers them
to collectively represent a material weakness under
standards established by the AICPA.
(OIG-08-72, June 2008, ITA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIGr_08-72Jun08.pdf
INVESTIGATIONS
Transportation Security Administration Officer
Convicted of Selling Security Seals
We arrested a TSA officer after an investigation
determined that he sold TSA "cleared baggage" stickers
to an undercover agent with the knowledge that the
stickers would be used to smuggle a shipment of
cocaine through an international airport. After arrest,
the TSA officer provided a full written confession
and later pleaded guilty to theft of U.S. government
property.
Screener Pleads Guilty and Is Sentenced for
Stealing Passengers' Personal Property
We conducted an investigation into the allegation
that a TSA security officer was stealing passengers'
personal property items, including laptop computers
and jewelry. The TSA security officer pleaded guilty to
a state charge of theft second degree, was sentenced to
5 years probation, and was ordered to make restitution.
Safety Concerns Raised by Federal Flight Desk
Officer's Locking Pistol Holster
We conducted an investigation that the design of
TSA-issued locking holsters used by the Federal Flight
Deck Officer (FFDO) program increases the likelihood
of an accidental discharge of a weapon in an aircraft
cockpit. We examined the holster and observed that
28
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
its design renders the weapon vulnerable to accidental
discharges if improperly handled. In a darkened
cockpit, under the stress of meeting the operational
needs of the aircraft, a pilot could inadvertently
discharge the weapon by failing to ensure it is properly
seated in the holster, securing the trigger lock, and then
pushing the weapon inward to secure the holster snap.
Furthermore, our investigation observed that it was
possible to accidentally discharge the weapon while
inserting the hasp into the holster of an incorrectly
seated weapon. Using a scale, we determined that only
6—7 pounds of lateral pressure on the padlock was
sufficient to induce a discharge.
if"
Measuring foot pounds of lateral force required to induce a
weapon discharge.
We recommended that given the distracting environ-
ment and potential low light of an aircraft cockpit, the
FFDOs' weapon locking system should be simple and
forgiving and that TSA should discontinue the use
of the locking holster and consider other methods for
FFDO to secure their weapons.
UNITED STATES CITIZENSHIP
AND IMMIGRATION
SERVICES
INVESTIGATIONS
Civilian Pleaded Guilty to Visa Fraud and
Aiding and Abetting (Update 10/1/07-3/31/08
SAR)
We conducted a joint investigation with the United
States Immigration and Customs Enforcement (ICE)
Office of Investigations that resulted in the conviction
of a civilian who had falsely claimed that he was
conspiring with three corrupt U.S. Citizenship and
Immigration Services (USCIS) employees to obtain
immigration documents. The subject was charging
$7,000 to file false immigration documents with
USCIS on behalf of illegal aliens. No relationship was
found between the subject and any USCIS employees
during the investigation. The civilian pleaded guilty
and was sentenced in U.S. District Court to 60 months
for conspiracy to defraud the United States, presenta-
tion of false immigration documents, aiding and
abetting, and distribution of a controlled substance.
Aiding Victims of Human Trafficking
We received an allegation that a USCIS employee was
keeping a foreign national in involuntary servitude
at his residence. The investigation disclosed that
the employee brought the foreign national to the
United States, fraudulently granted her immigra-
tion status, and then withheld her immigration
documents to induce her to perform the duties of an
unpaid servant in his home for several years. A search
warrant was executed at the employee's residence,
resulting in significant evidence of the offense. The
USCIS employee was later admitted to a hospital
following an apparent drug overdose and remains in a
permanent vegetative state. Criminal charges have been
declined in consideration of his medical condition.
We are assisting the foreign national to transition to
self-sufficiency.
UNITED STATES
COAST GUARD
MANAGEMENT REPORTS
Enhanced Configuration Controls and
Management Policies Can Improve U.S. Coast
Guard Network Security (Redacted)
The USCG has implemented adequate security
controls and policies for protecting its network
infrastructure. Our audit focused on USCG security
policies and procedures and network protection
devices — such as firewalls, intrusion detection systems,
and encryption devices — that have been deployed
to protect the Coast Guard Data Network Plus
29
Semiannual Report to the Congress
April 1, 2008-September30, 2008
(CGDN+) infrastructure. The overall security posture
of the CGDN+ infrastructure is good. The USCG
has implemented effective controls for protecting its
network infrastructure; however, USCG management
needs to take additional steps to ensure that the
security of its network is not compromised by existing
vulnerabilities. The USCG should enhance its configu-
ration controls in compliance with DHS' information
technology security policies and practices. Addition-
ally, USCG should develop guidelines and procedures
to address the security and configuration management
of its network infrastructure.
(OIG-08-82, August 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-82_Aug08.pdf
Allision of the M/V COSCO BUSAN with the
San Francisco -Oakland Bay Bridge
We reviewed the USCG response to the November
7, 2007, allision of the Motor Vessel (M/V) COSCO
BUSAN with the San Francisco-Oakland Bay Bridge.
On November 7, 2007, with visibility restricted owing
to heavy fog, the M/V COSCO BUSAN underway
from Oakland, CA, allided with the San Francisco Bay
Bridge. This allision created a large gash in the port
side of the vessel, which caused an estimated 53,653
gallons of fuel oil to spill into San Francisco Bay.
M/V COSCO BUSAN at anchor.
Source: San Francisco Chronicle
Due to the concerns about the subsequent USCG
response and investigation, Speaker Nancy Pelosi
and Chairman Elijah Cummings requested a review
of the mishap. The USCGs actions before and for
the first 24 hours after the allision were generally
consistent with the policies and procedures in place
for the San Francisco Sector at the time of the mishap.
However, guidelines for vessel movement during
periods of restricted visibility need to be expanded and
clarified. Additionally, deficiencies in the post-mishap
investigation resulted in a lost opportunity to collect
and preserve all evidence relevant to the mishap. For
example, communication and navigation equipment
was not secured and tested, and M/V COSCO
BUSAN and USCG watchstanders were not properly
and timely tested for drug and alcohol use.
Muir Beach cleanup
Source: USCG
Response to an oil spill is a multifaceted and multilay-
ered effort that requires stakeholders to respond both
autonomously and cooperatively. Much of the credit
for the success of the response goes to the USCG, the
State of California Oil Spill Prevention and Response
Division, and the responsible party.
(OIG-08-38, April 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-38_Apr08.pdf
Independent Review of the U.S. Coast Guard's
Reporting of FY 2007 Drug Control Obligations
KPMG LLP, under contract with DHS OIG, was
unable to issue an Independent Accountant's Report
on the FY 2007 Drug Control Obligations for the
USCG. USCGs management prepared the Table of
Drug Control Obligations and related disclosures to
comply with the requirements of the Office of National
Drug Control Policy (ONDCP) Circular, Drug Control
Accounting, dated May 1, 2007. However, because
USCG could not provide assurance over the financial
data in the detailed accounting submissions, KPMG
30
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
LLP could not provide the level of assurance required
of the review.
(OIG-08-42, April 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-42_Apr08.pdf
Independent Review of the U.S. Coast Guard's
Reporting of FY 2007 Drug Control Performance
Summary
KPMG LLP, under contract with DHS OIG, issued
an Independent Accountant's Report on the FY 2007
Drug Control Performance Summary for the USCG.
USCG's management prepared the Performance
Summary Report and management's assertions
to comply with the requirements of the ONDCP
Circular Drug Control Accounting, dated May 1, 2007.
KPMG LLP did not find any reason to believe that
the Performance Summary Report for the year ended
September 30, 2007, was not presented, in all material
respects, in conformity with the ONDCP's Circular,
or that management's assertions were not fairly stated,
in all material respects, based on the criteria set
forth in the circular. KPMG LLP did not issue any
recommendations as a result of this review.
(OIG-08-43, April 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-43_Apr08.pdf
U.S. Coast Guard's Management of the Marine
Casualty Investigations Program
The House Committee on Transportation and
Infrastructure and the Senate Committee on
Commerce, Science, and Transportation requested
that we audit the extent to which marine casualty
investigations and reports result in information and
recommendations that prevent or minimize the
effect of similar casualties. Although the USCG's
marine casualty investigations program has resulted
in numerous safety alerts and recommendations
designed to prevent similar casualties, the program is
hindered by unqualified personnel conducting marine
casualty investigations, investigations conducted at
inappropriate levels, and ineffective management
of a substantial backlog of investigations needing
review and closure. Because of these management
shortfalls, the USCG may not be able to determine
the causes of accidents and may miss opportunities
to issue safety alerts or recommendations that could
prevent or minimize similar casualties. To improve the
management and accountability of the marine casualty
investigations program, we made eight recommenda-
tions that included the development and implemen-
tation of a plan to increase the number of qualified
marine casualty investigators, including hiring civilians,
and the implementation of quality control procedures
to ensure that marine casualty investigations are
conducted at the recommended levels.
(OIG-08-51, May 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-51_May08.pdf
Independent Auditor's Report on U.S. Coast
Guard's FY 2008 Mission Action Plans
KPMG LLP, under a contract with DHS OIG,
performed an audit to evaluate and report on the status
of the three detailed MAPs prepared by the USCG to
correct the internal control deficiencies over financial
reporting identified in Financial Management and
Entity Level Controls, Fund Balance with Treasury,
and Financial Reporting.
KPMG LLP noted that the root causes identified
were only generally defined, and critical interdepen-
dencies were not identified and did not clearly link
or cross-reference to audit findings and the material
weakness conditions identified in the Independent
Auditor's Report. The MAPs lacked specificity
and milestones were not linked directly to the
financial statement assertions affected by the control
weaknesses. Some key milestones in the MAPs
contained steps that were not measurable or designed
with incremental objectives.
(OIG-08-73, July 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-73Jul08.pdf
Information Technology Management Letter for
the U.S. Coast Guard Component of the FY 2007
Department of Homeland Security Financial
Statement Audit (Redacted)
We contracted the independent public accounting firm
KPMG LLP to audit the USCG Consolidated Balance
Sheet and related statements as of September 30, 2007
and 2006. As part of this review, KPMG LLP noted
certain matters involving IT internal control and other
operational and have documented their comments
31
Semiannual Report to the Congress
April 1, 2008-September30, 2008
and recommendations in the IT Management Letter.
The overall objective of our audit was to evaluate
the effectiveness of IT general controls of USCG's
financial processing environment and related IT
infrastructure. KPMG LLP noted that USCG
addressed many prior years of IT control weaknesses,
but that IT general control weaknesses still existed
during FY 2007. The most significant weaknesses
from a financial statement audit perspective related to
access controls, system software, entity-wide security,
segregation of duties, service continuity and application
change control. Collectively, the IT control weaknesses
limit USCG's ability to ensure the confidentiality,
integrity, and availability of critical financial and
operational data. These weaknesses also negatively
impact USCG's internal controls over its financial
reporting and operation, and KPMG LLP considers
them to collectively represent a material weakness
under standards established by the AICPA.
(OIG-08-69, June 2008, ITA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIGr_08-69_Jun08.pdf
UNITED STATES CUSTOMS
AND BORDER PROTECTION
MANAGEMENT REPORTS
A Review of U.S. Customs and Border
Protection's Procurement of Untrained Canines
From April 2006 through June 2007, CBP procured
322 untrained canines at an average price of $4,535 per
canine. The costs incurred for the untrained canines
were reasonable and were comparable to the costs
incurred for untrained canines procured by organiza-
tions such as the United States Secret Service and the
Department of Defense. Regarding the cost effective-
ness of the program, while only 4% of the Office of
Border Patrol's 13,905 agents were canine handlers,
they were credited with 60% of narcotic apprehensions
and 40% of all other apprehensions in FY 2007.
The solicitation and award of this contract were
conducted according to applicable federal regulations.
Also, U.S. Department of Agriculture officials
said that the vendors were not required to possess a
federally issued license to engage in the sale of animals.
Through August 14, 2007, 26 (8%) of the procured
canines did not complete the training. CBP donated six
of these canines to private homes, which was inconsis-
tent with federal regulations. We recommended
that CBP adjust the delivery timeframes for vendors,
properly transfer or sell unfit canines, and implement
a unified system that accurately accounts for the
performance of canine teams.
(OIG-08-46, April 2008, ISP)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-46_Apr08.pdf
Additional Controls Can Enhance the Security of
the Automated Commercial Environment System
(Redacted)
We evaluated the Automated Commercial Environ-
ment (ACE) system to determine whether CBP
had implemented adequate and effective security
controls to ensure the efficient collection, processing,
and analysis of commercial import and export data.
CBP has implemented effective measures to reduce
the potential risks of unauthorized access to the
ACE system. However, more effort is needed to
improve the ACE security posture. We made four
recommendations to improve the areas of management,
operational, and technical controls. For example, we
identified weaknesses in security acceptance testing
during the system development process, user account
management, patch management, and the inconsistent
implementation of DHS Windows and Unix Baseline
Configurations.
(OIG-08-64, June 2008, ITA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIGr_08-64_Jun08.pdf
Technical Security Evaluation of U.S. Customs
and Border Protection Activities at the Chet
Holifield Federal Building (Redacted)
We evaluated CBP activities at the Chet Holifield
Federal Building located in Laguna Niguel, CA.
Specifically, we addressed how CBP has implemented
computer security operational, technical, and
managerial controls for its IT assets at this site.
We performed onsite inspections, interviewed
departmental staff, and conducted technical tests of
internal controls, e.g., scans for wireless networks.
Some of the Chet Holifield Federal Building
operational controls did not always conform to DHS
policies, including environmental, business continuity,
32
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
and physical security controls. For example, CBP could
better protect its IT assets from damage by ensuring
that the server room is not used for general storage. We
briefed the DHS Chief Information Security Officer
and CBP on the results of our evaluation. We also
made eight recommendations to improve IT security
at this site. CBP concurred with our recommendations
and is addressing the findings.
(OIG-08-37, April 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-37_Apr08.pdf
Lessons Learned from the August 11, 2007,
Network Outage at Los Angeles International
Airport (Redacted)
We evaluated CBP's actions to address the network
outage at Los Angeles International Airport (LAX) on
August 11, 2007. We also evaluated the actions that
CBP took to prevent a recurrence of a similar outage.
We performed onsite inspections at the airport,
interviewed department staff conducted technical tests
of workstations that may have been involved in the
outage, and briefed CBP officials on the results of our
evaluation. We recommended that CBP (1) establish
and test procedures to use network operations center
and onsite field support staff more effectively during a
network outage, (2) provide network diagnostic tools
for onsite support staff, (3) configure routers to provide
required security logs; and (4) determine if steps taken
at LAX should also be taken at other CBP locations.
CBP officials concurred with our recommendations
and have taken actions to ensure that a similar outage
does not recur at this airport.
(OIG-08-58, May 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIGr_08-58_May08.pdf
Independent Review of the U.S. Customs and
Border Protection's Reporting of FY 2007 Drug
Control Obligations
KPMG LLP, under a contract with DHS OIG,
issued an Independent Accountant's Report on the
FY 2007 Drug Control Obligations for CBP. CBP
management prepared the Table of Drug Control
Obligations Report and related disclosures to comply
with the requirements of the ONDCP Circular, Drug
Control Accounting, dated May 1, 2007. KPMG LLP
did not find any reason to believe that the Table of
Drug Control Obligations Report for the year ended
September 30, 2007, was not presented in all material
respects, in conformity with the ONDCP Circular,
or that related disclosures were not fairly stated, in all
material respects, based on the same criteria. KPMG
LLP did not note any recommendations as a result of
this review.
(OIG-08-39, April 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-39_Apr08.pdf
Independent Review of the U.S. Customs and
Border Protection's Reporting of FY 2007 Drug
Control Performance Summary
KPMG LLP, under a contract with DHS OIG,
issued an Independent Accountant's Report on the
FY 2007 Drug Control Performance Summary for
CBP. CBP management prepared the Performance
Summary Report to comply with the requirements of
the ONDCP Circular, Drug Control Accounting, dated
May 1, 2007. KPMG LLP did not find any reason to
believe that the Performance Summary Report for the
year ended September 30, 2007, was not presented
in all material respects, in conformity with ONDCP
Circular. The Independent Accountant's Report is
limited to the Performance Summary and did not
cover management's assertions.
(OIG-08-40, April 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-40_Apr08.pdf
Independent Review of the U.S. Customs and
Border Protection's Management Assertions on
the 2007 Drug Control Performance Summary
KPMG LLP, under a contract with DHS OIG,
issued an Independent Accountant's Report on the
FY 2007 Drug Control Performance Summary for
CBP. Management of CBP prepared the Performance
Summary Report and management's assertions
to comply with the requirements of the ONDCP
Circular, Drug Control Accounting, dated May 1, 2007.
CBP's management reported that they could not
assert that the "methodology to establish performance
targets is reasonable and applied," as required by the
ONDCP Circular. As a result, KPMG LLP was
unable to complete their review of management's
33
Semiannual Report to the Congress
April 1, 2008-September30, 2008
assertions on the Performance Summary Report, and
the Independent Accountant's Report is limited to the
Performance Summary only.
(OIG-08-41, April 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-41_Apr08.pdf
Targeting Cargo Containers 2008: Review of
U.S. Customs and Border Protection's Cargo
Enforcement Reporting and Tracking Systems
Each year, we conduct a review of DHS' Automated
Targeting System (ATS). In 2008, we reviewed CBP's
Cargo Enforcement Reporting and Tracking System,
a component of ATS. We identified the need for
improvements in planning, updating, developing, and
implementing the system. Specifically, CBP has to
update the project plan to include the scope of work;
a detailed implementation schedule for system design,
developing, and testing; and cost estimates past
phase 1. In addition, CBP bypassed key life cycle
reviews designed to ensure that end users have
a properly working system and have received
management's approval to continue the project. CBP
has expanded its international efforts to secure the
cargo supply chain. For example, it continues to
expand its efforts with the Customs-Trade Partnership
Against Terrorism program and continues its efforts
to improve ATS for cargo. We continue to review
revenue management and analysis functions, and the
effectiveness of trade operations security programs and
strategies.
(OIG-08-65, June 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-65_Jun08.pdf
U.S. Customs and Border Protection's
Management of 2005 Gulf Coast Hurricanes
Mission Assignment Funding
Regis & Associates, PC, under contract with DHS
OIG, reviewed the CBP's management processes and
internal controls for implementing FEMA-issued
mission assignments related to the 2005 Gulf Coast
hurricanes. CBP's management of mission assignments
could be enhanced by (1) improving preparedness
for future responses, (2) improving disaster response
procurement and contract monitoring processes,
(3) implementing accountable property policies and
procedures at disaster field command locations, (4)
providing FEMA with complete documentation to
support reimbursable expenditures, and (5) improving
the mission assignment reimbursement billing
processes. Cumulatively, we questioned approximately
$5 million of the $17.7 million in costs that CBP billed
FEMA. This included $2.3 million for the cost of
property reimbursed by FEMA but not returned, $2
million for unsupported expenditures, and $600,000
for expenditures that did not comply with the scope or
duration of mission assignment terms. Our recommen-
dations included implementing controls to record
budget object codes correctly, enhanced training
for accountable property officers, and developing
procedures for reimbursement billings and specifying
the supporting documentation required.
(OIG-08-80, July 2008, EMO)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-80_JuI08.pdf
Information Technology Management Letter
for the FY 2007 U.S. Customs and Border
Protection Financial Statement Audit (Redacted)
We contracted with the independent public accounting
firm KPMG LLP to audit the CBP consolidated
balance sheet and related statements as of September
30, 2007 and 2006. As part of this review, KPMG
LLP noted certain matters involving IT internal
control and other operational matters and have
documented their comments and recommendations
in the IT Management Letter. The overall objective of
our audit was to evaluate the effectiveness of IT general
controls of CBP's financial processing environment and
related IT infrastructure. KPMG LLP noted that CBP
addressed many prior years of IT control weaknesses
but that general control weaknesses still existed during
FY 2007. The most significant weaknesses from a
financial statement audit perspective related to access
controls and service continuity. Collectively, the IT
control weaknesses limit CBP's ability to ensure the
confidentiality, integrity, and availability of critical
financial and operational data. These weaknesses also
negatively impact CBP's internal controls over its
financial reporting and operation, and KPMG LLP
considers them to collectively represent a material
weakness under standards established by the AICPA.
(OIG-08-50, May 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIGr_08-50_May08.pdf
34
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
INVESTIGATIONS
Border Patrol Agent Sentenced for Distributing
Marijuana from Government Vehicle
We conducted an investigation of a Border Patrol
Agent (BPA) who was distributing marijuana from
his government vehicle while on duty. The BPA was
charged with unlawful manufacture and distribu-
tion of a controlled substance, pleaded guilty, and was
sentenced to 6 months in prison and 4 months house
arrest.
Customs and Border Protection Officer Sentenced
for Conspiracy to Smuggle Narcotics (Update
10/1/07-3/31/08 SAR)
We conducted an investigation of a Customs and
Border Protection Officer (CBPO) suspected of
accepting bribes to allow illegal narcotics to be
smuggled into the United States. We arrested the
CBPO, who pleaded guilty to conspiracy to import
a controlled substance, marijuana, exceeding 1,000
kilograms. The CBPO was sentenced to 240 months
incarceration and 5 years supervised release and fined
$2,000. He agreed to forfeit more than $5 million in
U.S. currency, a vehicle, and assorted jewelry that were
deemed to be fruit of the crime.
Customs and Border Protection Officer Convicted
of Alien Smuggling
We conducted an investigation of a CBPO who
assisted an undocumented alien to enter the United
States through his inspection lane at a border crossing
in Texas. The CBPO was arrested and pleaded guilty
to aiding and abetting and alien smuggling. The CBPO
was sentenced to 36 months of incarceration and 3
years of supervised release, and was ordered to pay a
$5,000 fine.
Customs and Border Protection Officer Arrested
for Selling Travel Permits
We investigated an allegation that a CBPO in Texas
was selling Form 1-94, Arrival/Departure Records
("Travel Permits") to a document vendor, who in turn
sold them to ineligible aliens. As a result of information
obtained in our investigation, we enlisted the coopera-
tion of a co-conspirator who was able to purchase
1-94 documents from the CBPO. The CBPO was
arrested pursuant to a criminal complaint and was later
convicted on charges of bribery of a public official. Our
investigation has disclosed that the CBPO fraudulently
issued more than 75 other travel permits, all of which
we have been able to cancel or recover.
Border Patrol Agent Arrested and Pled Guilty to
Smuggling Illegal Aliens and Money Laundering
Charges
We arrested a BPA, two Mexican residents, and one
Legal Permanent Resident alien after our investigation
determined that from January 2005 to May 2008 they
had conspired to smuggle more than 100 illegal aliens
into the United States from Mexico. We substantiated
that the BPA accepted bribes to facilitate the transport
of undocumented aliens through the interior Border
Patrol checkpoints in New Mexico. The BPA pleaded
guilty to alien smuggling and money laundering
charges. As part of his plea agreement, the BPA
agreed to forfeit a house he owned in Texas, which the
organization used as a safe house, and to pay approxi-
mately $500,000 — the amount of proceeds derived
from his criminal activity.
Vehicle Rollover Death Investigation
We conducted an investigation of an accident that
resulted in the death of undocumented aliens who were
traveling in a vehicle that was being pursued by BPAs.
The driver of the vehicle failed to yield and ran over
control tire deflation devices used by the BPAs, causing
him to crash into an oncoming vehicle, which resulted
in multiple deaths and injuries. The investigation
cleared the BPAs from liability. The driver involved in
the pursuit was found guilty of vehicular homicide and
sentenced to 30 years to life and ordered to pay restitu-
tion of $402,000.
Customs and Border Protection Officer Sentenced
on Bribery and Alien Smuggling Charges
We conducted an investigation into an allegation that
a CBPO was receiving bribes to smuggle illegal aliens
through his security checkpoint at an airport port of
entry. The CBPO was convicted by a jury of one count
of bribery, one count of conspiracy to bring aliens into
the United States for financial gain, and five counts of
alien smuggling for financial gain. Our investigation
resulted in the officer being sentenced in the Southern
District of Florida to 6 1/2 years imprisonment and a
$12,500 fine.
35
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Border Patrol Agent Sentenced to 70 Years on
Bribery and Drug Conspiracy Charges
(Update 10/1/07-3/31/08 SAR)
We conducted an investigation into an allegation that
a BPA was involved in narcotics smuggling. As a result
of our investigation, the BPA was charged with two
counts of bribery of a public official and one count of
conspiracy to possess and distribute cocaine in excess
of 500 grams. The BPA was sentenced in U.S. Federal
Court to 70 years in prison after entering a guilty plea.
Prior to imposing the sentence, the judge stated, "By
any other name, this is treason." The BPA had fled
to Mexico to avoid sentencing, but was located and
formally extradited to the United States. In addition to
the prison sentence, the BPA was ordered to serve 15
years of supervised release and pay a fine of $30,000.
Border Patrol Agent Trainee Indicted for
Impersonating a Border Patrol Agent and False
Arrest
We conducted an investigation of a BPA trainee
who was suspected of impersonating a law enforce-
ment officer. As a result of our findings, the BPA was
indicted by a federal grand jury in New Mexico and
charged with two counts of false impersonation as
an officer of the United States and one count of false
arrest by impersonator. Subject was terminated as
a BPA trainee after being expelled from the Border
Patrol academy.
Border Patrol Agent Convicted for Lying About
Hiding Drugs
We investigated a BPA who pleaded guilty to making
false statements or entries, following our investiga-
tion into allegations that he was a drug smuggler. The
investigation included an undercover operation in
which the BPA failed to report a cocaine seizure and
then hid the drugs for later sale. The BPA was indicted
and resigned in May 2008. He subsequently pleaded
guilty to making false statements and faces a maximum
of 5 years in prison and a fine of up to $250,000.
U.S. Customs and Border Protection Officer
Sentenced for Lying During OIG Investigation
We investigated a CBPO who was allegedly using
a government communications system to track his
girlfriend. The subject initially lied to investiga-
tors, but eventually admitted using The Enforce-
ment Communications System more than 100 times
to monitor the passage of his girlfriend through a
US.-Mexico border crossing. The CBPO resigned
and pleaded guilty to lying to investigators. He was
sentenced to 3 years probation and fined $100.
U.S. Customs and Border Protection Officer
Sentenced for Allowing the Importation of
Marijuana in Exchange for Currency and Sexual
Favors
We conducted an investigation into an allegation that
a CBPO assigned to a major northwest border port
of entry was involved with smuggling marijuana. The
investigation revealed that the CBPO accepted cash
and sexual favors in return for allowing the introduc-
tion of contraband into the United States, and
aided and abetted in the importation of 100 or more
kilograms of marijuana. The CBPO was indicted for
importation of a controlled substance and bribery. The
CBPO was convicted of bribery; was sentenced to 32
months confinement and 2 years supervised release;
and paid a $100 special assessment.
UNITED STATES
IMMIGRATION AND
CUSTOMS ENFORCEMENT
MANAGEMENT REPORTS
ICE Policies Related to Detainee Deaths and the
Oversight of Immigration Detention Facilities
Between January 1, 2005, and May 31, 2007, 33
immigration detainees died. We evaluated how ICE
and its detention partners dealt with two cases where
immigration detainees died in custody. In addition, we
examined policies related to detainee deaths, medical
standards, and other issues.
Although there are compliance problems related to
certain medical standards at various facilities, ICE
adhered to important portions of the detainee death
standard in the two cases that were the focus of this
review. According to information received from clinical
experts and our analysis, the two detainees' serious
preexisting medical conditions led to their deaths.
Although ICE's detention standards are comparable
to those of other organizations, such as the American
Correctional Association, we made 11 recommenda-
36
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
tions to improve the standards, strengthen ICE's
oversight of facilities, and enhance clinical operations
and detainee safety.
(OIG-08-52, June 2008, ISP)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-52_Jun08.pdf
U.S. Immigration and Customs Enforcement Visa
Security Program
Assigning experienced ICE special agents to Visa
Security Units to review visa applications, initiate
investigations, and provide advice and training to
consular officers brings valuable law enforcement
resources to overseas posts. Incorporating regular law
enforcement screening and vetting of visa applicants
into the visa process adds a layer of security to the
Department of State consular visa adjudication process.
ICE is improving its management of the program.
For example, program officials developed a risk-based
framework to prioritize program expansion and site
selection. In addition, they developed automated tools
to facilitate some program activities and limit manual
data entry performed by agents. Program managers
also constantly update the program's training course to
keep up with changing trends and address participant
suggestions.
However, some program areas could be improved.
We recommended that program managers enhance
recording, monitoring, verifying, analyzing, and
reporting of visa security activities in the current
tracking system while developing a new tracking
system. In addition, we recommended that program
managers provide training and guidance to field
personnel on new procedures and document the
program's training course curriculum. ICE agreed
with our findings and concurred with our
recommendations.
(OIG-08-79, July 2008, ISP)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-79Jul08.pdf
Technical Security Evaluation of U.S.
Immigration and Customs Enforcement Activities
at the Cbet Holifield Federal Building (Redacted)
We evaluated ICE activities at the Chet Holifield
Federal Building located in Laguna Niguel, CA.
Specifically, we addressed how ICE has implemented
computer security operational, technical, and
managerial controls for its IT assets at this site, and
we recommended improvements to these controls. For
example, management controls could be improved by
implementing procedures to identify and disconnect
unused telecommunications lines. Specifically, ICE
could save $17,412 annually by disconnecting a
nonoperational telecommunications line. We also
identified 33 other active telecommunications lines
whose ownership is unknown. Disconnecting these
lines may result in a monthly cost savings of $160,220,
or $1.9 million per year.
Range of Potential Monthly Saving for 33 Unused Lines
$300,000 ■
O) CO
o .£
Q. CO
$250,000
$200,000
$150,000
$100,000
$50,000
$0
$284,724 —
$268,983»"^ - "^
$240,867 ^
$160,220^
$1 07,01
$98,340
$73,722,^
$47,883^»*'^
wr
$1,451 $2,234 $2
980 $3,243 $4,855 37,299 *M51 »626
ICE CBP CIS ICE Average ICE CIS CBP
Monthly Charges per Single Line
Range of potential monthly savings for 33 unused lines
We briefed the DHS Chief Information Security
Officer and ICE on the results of our evaluation. We
made 10 recommendations to improve IT security at
this site. ICE concurred with our recommendations
and is addressing the findings.
(OIG-08-59, May 2008, ITA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIGr_08-59_May08.pdf
Independent Review of the U.S. Immigration and
Customs Enforcement's Reporting of FY 2007
Drug Control Obligations
KPMG LLP, under contract with DHS OIG, issued
an Independent Accountant's Report on the FY 2007
Drug Control Obligations for ICE. ICE's management
prepared the Table of Drug Control Obligations and
related disclosures to comply with the requirements of
the ONDCP Circular, Drug Control Accounting, dated
May 1, 2007. KPMG LLP did not find any reason to
believe that the Table of Drug Control Obligations
and related disclosures for the year ended September
37
Semiannual Report to the Congress
April 1, 2008-September30, 2008
30, 2007, was not presented in all material respects, in
conformity with the Circular, or that management's
assertions were not fairly stated, in all material
respects, based on the same criteria. KPMG LLP
did not note any recommendations as a result of this
review.
(OIG-08-44, April 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-44_Apr08.pdf
Independent Review of the U.S. Immigration and
Customs Enforcement's Reporting of FY 2007
Drug Control Performance Summary
KPMG LLP, under contract with DHS OIG, issued
an Independent Accountant's Report on the FY 2007
Drug Control Performance Summary for ICE. ICE's
Management prepared the Performance Summary
and management's assertions to comply with the
requirements of the ONDCP Circular, Drug Control
Accounting, dated May 1, 2007. KPMG LLP did
not find any reason to believe that the Performance
Summary for the year ended September 30, 2007, were
not presented in all material respects, in conformity
with the Circular, or that management's assertions
were not fairly stated, in all material respects, based
on the criteria set forth in the Circular. KPMG LLP
did not note any recommendations as a result of this
review.
(OIG-08-45, April 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-45_Apr08.pdf
Review of U.S. Immigration and Customs
Enforcement Detainee Telephone Services
Contract
The Assistant Secretary, ICE, requested an audit of
the detainee telephone services contract to determine
(1) services that ICE contracted for compared with
services the contractor provided; (2) technical issues,
including call routing, excess fees, call volume,
connectivity rates, and telephone maintenance; and
(3) the sale, use, and rates of debit calling cards. We
could not determine the full extent of the contrac-
tor's compliance with the terms and conditions of its
contract with ICE because data elements required
for a thorough analysis were not maintained. The
contract did not provide for penalties for inadequate
connectivity, excessive fees, or other improprieties.
We summarized observations from our preliminary
work and made three recommendations that will
strengthen the detainee telephone services contract
and management controls. Also, we began a followup
audit to determine whether ICE information and
communications management controls provide
reasonable assurance that detainee telephone services
are consistent with applicable standards and control
provisions.
(OIG-08-54, May 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-54_May08.pdf
INVESTIGATIONS
U.S. Immigration and Customs Enforcement
Acting Field Director Pleads Guilty to Bribery
Along With Private Immigration Attorney,
Who Also Pleads Guilty to Marriage Fraud and
Aiding and Abetting (Update 10/01/07-3/31/08
SAR)
We opened an investigation on an Acting Field Office
Director for ICE after receiving an allegation that he
was accepting bribes and gratuities in exchange for
arranging the release of ICE detainees. As a result
of our investigation, we determined that a private
immigration attorney was conspiring with the ICE
employee to aid, abet, and counsel the commission
of fraudulent marriages with illegal immigrants. The
ICE employee pleaded guilty to bribery of a public
official, conspiracy and misprision of felony. The private
attorney in separate proceedings pleaded guilty to
marriage fraud and aiding and abetting.
U.S. Immigration and Customs Enforcement
Immigration Enforcement Agent Pleaded Guilty
to Providing False Statements
We opened an investigation after receiving an
allegation that an ICE Immigration Enforcement
Agent (IEA) had received money for releasing illegal
aliens from ICE custody. A warrant was issued and
the subject was arrested, after which he assisted us
by providing information that contributed to the
indictment of one of his coworkers. As a result of
this investigation, the IEA resigned his position with
ICE and, as part of his plea agreement, he agreed to
never seek another law enforcement position. The
IEA pleaded guilty in the U.S. District Court to one
38
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
count of false statements in official writings and was
sentenced to 2 years probation.
U.S. Immigration and Customs Enforcement
Immigration Enforcement Agent Sentenced on
Sex Assault of Detainee
We conducted an investigation into an allegation that
a ICE IEA sexually assaulted a female detainee. The
agent drove the female detainee to his residence where
he sexually assaulted her before driving her to an intake
facility. The agent was arrested following indictment on
charges of aggravated sexual abuse, sexual abuse, sexual
abuse of a ward, and possession of a firearm in further-
ance of a crime of violence. As a result of our investiga-
tion, the agent was convicted, sentenced to 87 months
incarceration and 5 years probation, and must register
as a sex offender following release.
U.S. Immigration and Customs Enforcement
Agent Guilty of Child Pornography
We conducted an investigation that disclosed that a
ICE agent purchased and stored more than 100 child
pornography images on his personal computer. The
ICE agent entered a guilty plea and was sentenced
to 21 months of incarceration and 36 months of
supervised release, fined $5,000, and given a special
assessment of $100. The court also required the
defendant to register as a sex offender and not to
associate with anyone under 18 years of age.
Contracting Officer and Two Owners of a Federal
Protective Service Contract Guard Company
Pleaded Guilty to Bribery Charges and Are
Sentenced
We conducted a joint investigation with other federal
law enforcement agencies of a Federal Protective
Service guard force contract administered by a
General Services Administration (GSA) Contracting
Officer who was suspected of accepting bribes from
the owner of a contract guard company. As a result of
our investigation, one of the guard company owners
pleaded guilty to bribery, tax evasion, and interstate
transportation of child pornography. He was sentenced
to 48 months of confinement and 3 years of supervised
release, ordered to pay $400,000 in restitution,
and was given a $300 special assessment. A second
owner was charged with a scheme to conceal material
information and tax evasion, pleaded guilty, and was
sentenced to 33 months of confinement and 3 years of
supervised release; and paid a $200 special assessment,
a fine of $10,000, and $290,360 in restitution. The
GSA Contracting Officer was charged with bribery
and tax evasion, pleaded guilty, and was sentenced
to 60 months of confinement, 3 years of supervised
release, $38,000 in restitution to the Internal Revenue
Service, and $138,000 in forfeiture to the Department
of Justice.
MULTIPLE COMPONENTS
MANAGEMENT REPORTS
Management of Department of Homeland
Security International Activities and Interests
DHS has nearly 2,000 staff abroad based in 79
countries and a range of international activities that are
managed out of domestic offices. At headquarters, the
Office of International Affairs is the only office with
a department-wide international focus covering all
mission areas. The office has several key mandates, but
for several years it was not able to address its responsi-
bilities effectively because of staffing limitations. The
office significantly increased its staff size, and it has
begun to assume responsibilities including the develop-
ment of regional engagement plans for different parts
of the world. However, the office should also develop
an international strategic plan and prepare guidance on
training and technical assistance abroad. The office will
require more support from component international
affairs units and some authority over them to execute
its responsibilities fully.
DHS international efforts also require management
attention in the field. In some locations, the
department designated component staff to represent
the department on a part-time basis; in others, it
assigned full-time department attaches. Neither of
these approaches has been completely successful, and
we recommended actions to address their respective
shortcomings. The department also must improve its
systems for preparing, supporting, and redeploying
international staff.
(OIG-08-71, June 2008, ISP)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-71June08.pdf
39
Semiannual Report to the Congress
April 1, 2008-September30, 2008
DHS Compliance with the Prohibition on
Prepackaged News
We reviewed how DHS headquarters and a selection
of its components provide information to the public
and, specifically, whether their activities include
producing and distributing prepackaged news stories.
The department does not produce prepackaged news
stories for broadcast or distribution within the United
States. Although there is currently no written policy
or guidance within DHS, CBP, ICE, FEMA, TSA,
or the U.S. Coast Guard regarding prepackaged news
stories, the department committed to issuing written
guidance on this policy following our review.
(OIG-08-89, September 2008, ISP)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-89_Sep08.pdf
Effectiveness of the Federal Trucking Industry
Security Grant Program
As required by the Implementing Recommenda-
tions of the 9/11 Commission Act of 2007 (Public
Law 110-53), we initiated the second of two reviews
of the trucking industry security grant program. The
program funds Highway Watch a , which was managed
by the American Trucking Associations. In this report,
we evaluated the performance, efficiency, and effective-
ness of the program and evaluated the need for the
program. Although the American Trucking Associa-
tions reached enrollment targets of more than 800,000
members, security incident reporting has remained
steady at less than 200 calls a month. Furthermore, to
acquire the assistance of state trucking associations,
the American Trucking Associations incurred costs
that were not well documented. Therefore, we cannot
say definitively whether the benefits achieved so far
have been worth the costs. We made five recommenda-
tions to improve the efficiency and effectiveness of the
program, with which FEMA and TSA concurred. We
made one recommendation to FEMA to validate the
accuracy and eligibility of the expenditures reported by
the grantee, with which it concurred.
(OIG-08-100, September 2008, ISP)
http://www.dhs.gov/ xoig/ r pts/ mgmt/
editorial_0334.shtm
Challenges Remain in Executing Department of
Homeland Security's Information Technology
Program for Its Intelligence Systems (Unclassified
Summary)
We evaluated the security program and practices
for DHS' Top Secret/Sensitive Compartmented
Information information systems according to the
annual FISMA requirements. We focused on the
security program management, implementation, and
system administration of the department's intelligence
activities. Much progress has been made in establishing
an enterprise-wide IT security program that supports
the department's intelligence operations and assets.
The Office of Intelligence and Analysis is taking an
active role in the management and governance of the
security for intelligence systems across the department.
However, operational and procedural issues remain
regarding the effectiveness of the implementation of
the department's intelligence security program and
system controls. Furthermore, DHS has not yet fully
addressed the issues and recommendations we reported
in FY 2006. Our FY 2007 recommendations included
the need to issue formal guidance for the department's
intelligence activities; establish an information systems
security education, training, and awareness program
for intelligence personnel; and address the system
control issues identified during our review.
(OIG-08-48, April 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-48_ApriI08.pdf
Evaluation of DHS' Security Program and
Practices for Intelligence Systems for FY 2008
We evaluated the security program and practices
for DHS' Top Secret/Sensitive Compartmented
Information information systems according to the
annual FISMA requirements. We focused on the
security program management, implementation, and
system administration of the department's intelligence
activities. The department continues to strengthen its
security program for its intelligence systems. This is the
department's first year reporting on USCG's FISMA
compliance. Overall, the department has documented
information security procedures and implemented
controls, providing an effective level of security for
40
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
its intelligence systems. Operational issues remain
regarding the effectiveness of the implementation of the
department's intelligence security program and system
controls. Our report to the Director of National
Intelligence did not contain any recommendations.
(OIG-08-87, August 2008, IT-A)
http://www.dhs.gov/xoig/rpts/mgmt/
editorial_0334.shtm
Acquisition Workforce Training and
Qualifications
We conducted an audit to determine the adequacy of
internal controls to ensure compliance with applicable
training and qualifications requirements for DHS'
acquisition workforce. DHS, USCG, TSA, and
CBP do not have complete, reliable information and
related supporting documentation about their acquisi-
tion personnel and their assignments. Without such
information, the DHS has no assurance that qualified
staffs are managing its acquisition. We made three
recommendations to improve the department's ability
to manage its acquisition workforce.
(OIG-08-56, May 2008, OA)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-56_May08.pdf
Review of Department of Homeland Security
Controls for Portable Storage Devices
We evaluated the use of portable storage devices at
DHS. Our objective was to determine whether DHS
has addressed the emerging security threat from the
proliferation of portable storage devices. We also
followed up DHS' response to OMB Memorandum
06-16 (M 06-16), Protection of Sensitive Agency Informa-
tion, The policies developed by the department have
not been implemented by the components. Specifi-
cally, components do not have a centralized process
to procure and distribute portable storage devices
to ensure that only authorized devices that meet the
technical requirements can connect to their systems.
In addition, most components have not identified and
do not maintain an inventory of authorized devices.
Further, the devices sampled were not properly marked
to protect their stored information. Finally, DHS has
not implemented all M 06-16 controls, despite the fact
that it has been 2 years since OMB's milestone elapsed.
—
I'M] Urivi »0i 131
Miic ifteJ JuapLUvc ForlrfikMuvH
Portable Storage Devices
Our recommendations included identifying and
establishing an inventory of authorized devices;
implementing controls to ensure that only authorized
devices can connect to DHS systems; and performing
discovery scans, at least annually, to identify unauthor-
ized devices. Finally, DHS should devote additional
resources to implement OMB-M-06-16 controls
expeditiously.
(OIG-08-95, September 2008, IT-A)
http://www.dhs.gov/xoig/assets/mgmtrpts/
OIG_08-95_Sep08.pdf
41
OTHER OFFICE OF INSPECTOR
GENERAL ACTIVITIES
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
OVERSIGHT OF
NONDEPARTMENTAL
AUDITS
We processed 12 single audit reports issued by other
independent public accountant organizations. The
audits were conducted according to the Single Audit
Act of 1996, as amended by P.L. 104-136. We continue
to monitor the actions taken to implement the
recommendations in the reports.
SUMMARY OF SIGNIFICANT
REPORTS UNRESOLVED
OVER 6 MONTHS
Timely resolution of outstanding audit recommenda-
tions continues to be a priority for both our office and
the department. Defense Contract Audit Agency
(DCAA) audits are now processed by DHS' Chief
Procurement Officer's office. During this period,
we transferred 13 DCAA audits having unresolved
statuses for over 6 months to that office.
As of this report date, we are responsible for
monitoring 63 reports that contain recommendations
that have been unresolved for more than 6 months.
Management decisions have not been made for signifi-
cant reports, as follows:
16 FEMA-related financial assistance
disaster audits
20 Program management reports
27 Single audit reports
63 Total
43
LEGISLATIVE AND REGULATORY REVIEWS
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Section 4(a) of the Inspector General Act of
1978 requires the Inspector General to
review existing and proposed legislation and
regulations relating to DHS programs and operations
and to make recommendations concerning their
potential impact. Our comments and recommenda-
tions focus on the impact of the proposed legisla-
tion and regulations on economy and efficiency in
administering DHS programs and operations or on
the prevention and detection of fraud and abuse in
DHS programs and operations. We also participate
on the President's Council on Integrity and Efficiency,
which provides a mechanism to comment on existing
and proposed legislation and regulations that have
government-wide impact.
During this reporting period, we reviewed 69 legisla-
tive and regulatory proposals, draft DHS policy
directives, and other items. Two of these items are
highlighted below.
Proposed Amendments to the In3J)ed:or General
A£t of 1978 — We reviewed OMB's letter expressing
concerns about S. 2324, Inspector General Reform Act
of 2008, Because we supported S. 2324, we disagreed
with OMB's letter in most respects. In addition, we
reviewed enrolled bill H.R. 928, also entitled Inspector
General Reform Act of 2008, and recommended that
the President sign the bill.
Collection of Foreign Visitors' Biometric
Data Upon Exit From U.S. Air and Sea
Ports of Departure, United States Visitor and
Immigrant Status Indicator Technology Program
("US'VISIT") — We commented on a draft final rule
that proposed establishing an exit program at all U.S.
air and sea ports of departure whereby foreign visitors
would provide finger scans and other biometric data
to commercial air and vessel carriers before departing
the United States. DHS would receive the collected
biometric data and match the alien traveler's entry
and exit records to determine if the individual actually
departed the United States.
We expressed several concerns about the final rule's
provisions. First, we noted that exit and entry records
may not match or that entry records may not be
located. As a result, we questioned the operational
impact on CBP and ICE's ability to apprehend and
detain aliens until such discrepancies are resolved. We
questioned if pilot testing of biometric data collection
processes considered the additional time needed before
carriers could allow foreign travelers to board. We also
raised concerns about security vulnerabilities because
the rule did not apply to charters and other small air
and vessel carriers for hire. Finally, we noted that the
rule appeared to be an unfunded government mandate,
with air carriers assuming the associated implementa-
tion and operational costs. Therefore, we questioned
if a financial impact analysis had been performed to
assess air carriers' ability to assume these costs given
that most are already in financial crisis.
45
CONGRESSIONAL TESTIMONY
AND BRIEFINGS
\11
6-
46
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Our Inspector General and senior managers
testified five times before congressional
committees and briefed various congres-
sional committees during this period. Testimony
prepared for these hearings may be accessed through
our Web site at www.dhs.gov/oig.
We testified on the following issues:
■ April 3, 2008: Senate Committee on Homeland
Security and Governmental Affairs regarding
FEMAs preparedness to address the next
catastrophic disaster. (OIG-08-34 issued March
2008)
April 10, 2008: House Committee on Transporta-
tion and Infrastructure Subcommittee on Coast
Guard and Maritime Transportation regarding the
COSCO BUSAN and Marine Casualty Investiga-
tion Program. (OIG-08-38 issued April 2008)
May 20, 2008: House Committee on Transporta-
tion and Infrastructure Subcommittee on Coast
Guard and Maritime Transportation regarding the
Coast Guard and National Transportation Safety
Board Casualty Investigation Program. (OIG-08-
51 issued May 2008)
June 5, 2008: House Committee on Foreign Affairs
Subcommittee on International Organizations,
Human Rights and Oversight joint hearing with
House Committee on the Judiciary Subcommit-
tee on the Constitution, Civil Rights and Civil
Liberties regarding OIG-08-18, The Removal of
a Canadian Citizen to Syria. (OIG-08-18 issued
March 2008)
September 17, 2008: House Committee on Home-
land Security Subcommittee on Management,
Investigations, and Oversight regarding Waste,
Abuse, and Mismanagement of DHS Contracts.
(OIG-06-18 issued December 2005, OIG-06-23
issued February 2006, OIG-08-56 issued May
2008, OIG-08-10 issued October 2007, and OIG-
08-88 issued August 2008)
We briefed congressional members and their staff at
a steady pace throughout the reporting period. Our
office conducted 18 briefings for congressional staff
on results of our work, including a review of TSAs
management of aviation security activities, a review of
the World Trade Center Captive Insurance Company,
and a review of the TSAs efforts to proactively address
employee concerns. Meetings to discuss other congres-
sional concerns included TSA penetration testing,
issues with Stafford Act amendments, and discussion
of DHS management challenges.
We sought and received thoughtful input from
the department and our congressional oversight
committees on our FY 2009 Annual Performance Plan
to ensure that our stakeholders had an opportunity to
participate in the development of the plan . We will
continue to meet with congressional members and staff
to discuss the final 2009 plan in the fall of 2008. Our
Annual Performance Plan is the OIGs "roadmap" for
audits and inspections that we plan to conduct each
year to evaluate DHS programs and operations.
47
APPENDICES
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 1
Audit Reports With Questioned Costs
Report Category
Number
Questioned
Costs
Unsupported
Costs
A. Reports pending management decision at the start of the
reporting period
180
$505,720,253
iplol,/ f5,Uoo
B. Reports issued/processed during the reporting period with
questioned costs
20
$27,996,475
$8,272,263
Total Reports (A+B)
200
$533,716,728
$140,047,301
C. Reports for which a management decision was made during the
reporting period
21
$112,263,908
$70,342,553
(1) Disallowed costs
15
$97,060,147
$69,898,911
(2) Accepted costs
6
$15,203,761
$443,642
D. Reports put into appeal status during period
$0
$0
E. Reports pending a management decision at the end
of the reporting period
179
$421,452,820
$69,704,748
F. Reports for which no management decision was made within 6
months of issuance
159
$393,456,345
$61,432,485
Notes and Explanations:
Management Decision -Occurs when DHS
management informs us of its intended action in
response to a recommendation, and we determine that
the proposed action is acceptable.
Accepted Costs - Previously questioned costs
accepted in a management decision as an allowable cost
to a government program. Before acceptance, we must
agree with the basis for the management decision. In
Category C, lines (1) and (2) do not always equal the
total on line C because resolution may result in values
different from the original recommendations.
Questioned Costs - Auditors commonly question
costs arising from an alleged violation of a provision
of a law, regulation, grant, cooperative agreement, or
contract. A "questioned" cost is a finding in which
the cost, at the time of the audit, is not supported
by adequate documentation or is unreasonable or
unallowable. A funding agency is responsible for
making management decisions on questioned costs,
including an evaluation of the findings and recommen-
dations in an audit report. A management decision
against the auditee would transform a questioned cost
into a disallowed cost.
Unsupported Costs - Costs that are not sup-
ported by adequate documentation.
49
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Appendix 1b
Audit Reports With Funds Put to Better Use
Report Category
Number
Amount
A. Reports pending management decision at the start of the reporting period
7
$65,508,708
B. Reports issued during the reporting period
1
$4,967,201
Total Reports (A+B)
8
$70,475,909
C. Reports for which a management decision was made during the reporting
period.
8
$70,475,909
$65,508,708 1
$0
$4,967,201 2
(1) Value of recommendations of DCAA reports transferred to
management
7
(2) Value of recommendations not agreed to by management
(3) Value of deobligations agreed to by management
1
D. Reports put into the appeal status during the reporting period
$0
E. Reports pending a management decision at the end of the reporting
period.
$0
F. Reports for which no management decision was made within 6 months of
issuance
$0
Notes and Explanations:
In category C, lines (1) and (2) do not always equal the
total on line C, because resolution may result in values
greater than the original recommendations.
Funds Put to Better Use - Audits can identify
ways to improve the efficiency, effectiveness, and
economy of programs, resulting in costs savings over
the life of the program. Unlike questioned costs, the
auditor recommends methods for making the most
efficient use of federal dollars, such as reducing outlays,
deobligating funds, or avoiding unnecessary expendi-
tures.
1 This represents the value of recommendations for Defense Contract Agency Audits that we transferred to the department's Chief
Procurement Officer.
2 As a result of costs that we questioned, FEMA deobligated $4.9 million in funding during our review of Hurricane Katrina Disaster Costs
for Hancock County Port and Harbor Commission, under FEMA Disaster Number 1604-DR-MS, audit report #DA-08-09.
50
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 2
Compliance - Resolution of Reports and Recommendations
MANAGEMENT DECISION IS PENDING
3/31/08:
Reports open over 6 months
191
Recommendations open over 6 months
604
9/30/08:
Reports open over 6 months
179
Recommendations open over 6 months
582
CURRENT INVENTORY
Open reports at the beginning of the period
422
Reports issued this period
93 3
Reports closed this period
74
Open reports at the end of the period
441
ACTIVE RECOMMENDATIONS
Open recommendations at the beginning of the period
1,894
Recommendations issued this period
715
Recommendations closed this period
464
Open recommendations at the end of the period
2,145
We are no longer processing Defense Contract Audit Agency audits effective April 1, 2008. This effort has been transferred to the
Department's Chief Procurement Officer.
51
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Appendix 3
Management Reports Issued
Report Number
Date Issued
Report Title
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
1. OIG-08-35
4/08
Letter Report: DHS National
Applications Office Privacy
Stewardship (Redacted)
$0
$0
$0
2. OIG-08-36
4/08
Management Letter for the FY
2007 DHS Financial Statement
Audit
$0
$0
$0
3. OIG-08-37
4/08
Technical Security Evaluation
of U.S. Customs and Border
Protection Activities at the
Chet Holifield Federal Building
(Redacted)
$0
$0
$0
4. OIG-08-38
4/08
Allision of the M/V COSCO
BUSAN with the San Francisco-
Oakland Bay Bridge
$0
$0
$0
5. OIG-08-39
4/08
Independent Review of the
U.S. Customs and Border
Protection's Reporting of FY
2007 Drug Control Obligations
$0
$0
$0
6. OIG-08-40
4/08
Independent Review of the
U.S. Customs and Border
Protection's Reporting
of FY 2007 Drug Control
Performance Summary
$0
$0
$0
7. OIG-08-41
4/08
Independent Review of the
U.S. Customs and Border
Protection's Management
Assertions on the 2007 Drug
Control Performance Summary
$0
$0
$0
8. OIG-08-42
4/08
Independent Review of the U.S.
Coast Guard's Reporting of FY
2007 Drug Control Obligations
$0
$0
$0
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 3
Management Reports Issued (continued)
Report Number
Date Issued
Report Title
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
9. OIG-08-43
4/08
Independent Review of the
U.S. Coast Guards' Reporting
of FY 2007 Drug Control
Performance Summary
$0
$0
$0
10. OIG-08-44
4/08
Independent Review of the
U.S. Immigration and Customs
Enforcement's Reporting of FY
2007 Drug Control Obligations
$0
$0
$0
11.OIG-08-45
4/08
Independent Review of the
U.S. Immigration and Customs
Enforcement's Reporting
of FY 2007 Drug Control
Performance Summary
$0
$0
$0
12. OIG-08-46
4/08
u.o. ousioms ano t>oroer
Protection's Procurement of
Untrained Canines
$0
$0
$0
13. OIG-08-47
5/08
Letter Report: Review of
DHS' Financial Systems
Consolidation Project
$0
$0
$0
14. OIG-08-48
4/08
Challenges Remain in
Executing the Department
of Homeland Security's
Information Technology
Program for Its Intelligence
Systems - Unclassified
Summary
$0
$0
$0
15. OIG-08-49
4/08
The Transportation Security
Administration's National
Deployment Force
$0
$0
$0
53
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Appendix 3
Management Reports Issued (continued)
Report Number
Date Issued
Report Title
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
16. OIG-08-50
5/08
iiiiur iiidLicji i i uorii luiogy
Management Letter for the FY
2007 Customs Border and
Protection Financial Statement
Audit (Redacted)
$0
$0
$0
17. OIG-08-51
5/08
United States Coast Guard's
Management of the Marine
Casualty Investigations
Program
$0
$0
$0
18. OIG-08-52
6/08
ICE Policies Related to
Detainee Deaths and the
Oversight of Immigration
Detention Facilities
$0
$0
$0
19. OIG-08-53
5/08
Independent Auditor's
Report on FLETC's FY 2007
Consolidated Financial
Statements
$0
$0
$0
20. OIG-08-54
5/08
Immigration and Customs
Enforcement Detainee
Telephone Services Contract
$0
$0
$0
21.OIG-08-55
5/08
Interagency Agreement with
U.S. Department of Housing
and Urban Development for the
Disaster Housing Assistance
Program
$0
$0
$0
22. OIG-08-56
5/08
Acquisition Workforce Training
and Qualifications
$0
$0
$0
23. OIG-08-57
5/08
Independent Auditor's Report
on TSA's FY 2007 Balance
Sheet
$0
$0
$0
54
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 3
Management Reports Issued (continued)
Report Number
Date Issued
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
24. OIG-08-58
5/08
Lessons Learned from the
August n, zuu/, i\ietworK
Outaqe at Los Angeles
International Airport (Redacted)
$0
$0
$0
25. OIG-08-59
5/08
Technical Security Evaluation of
U.S. Immigration and Customs
Enforcement Activities at the
Chet Holifield Federal Building
(Redacted)
$0
$0
$0
26 OIG-08-60
m V/IVi^ \J\J \J\J
5/08
Logistics Information Systems
Need to be Strengthened
at the Federal Emergency
Management Agency
$0
$0
$0
27. OIG-08-61
5/08
DHS Must Address Internet
Protocol Version 6 Challenges
$0
$0
$0
28. OIG-08-62
5/08
Transportation Security
Administration's Efforts to
Proactively Address Employee
Concerns
$0
$0
$0
29. OIG-08-63
6/08
Uno OOI 1 ipUl 1UML rial lo Ul
Action and Milestones for
Financial System Security
$0
$0
$0
30. OIG-08-64
6/08
Additional Controls Can
Enhance the Security of
the Automated Commercial
Environment System
(Redacted)
$0
$0
$0
31.OIG-08-65
6/08
Targeting of Cargo Containers
2008: Review of CBP's Cargo
Enforcement Reporting and
Tracking System
$0
$0
$0
55
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Appendix 3
Management Reports Issued (continued)
Report Number
Date Issued
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
32. OIG-08-66
6/08
TSA's Administration and
Coordination of Mass Transit
Security Program
$0
$0
$0
66. Ulo-Uo-o7
b/Oo
Transportation Security
Administration Single Source
(Noncompetitive) Procurements
IpU
$0
CfcU
34. OIG-08-68
6/08
Information Technology
Management Letter for the
FEMA Component of the FY
2007 DHS Financial Statement
Auaii (neaacieu)
$0
$0
$0
35. OIG-08-69
6/08
Information Technology
Management Letter for the
unixea oiaies ooasi ouaru
Component of the FY 2007
DHS Financial Statement Audit
(Redacted)
$0
$0
$0
36. OIG-08-70
6/08
Information Technology
ivianagemeni LeTieriorine ri
2007 Federal Law Enforcement
Training Center Financial
Statement Audit (Redacted)
$0
$0
$0
37. OIG-08-71
6/08
Management of Department of
Homeland Security International
Activities and Interests
$0
$0
$0
38. OIG-08-72
6/08
Information Technology
Management Letter for the FY
2007 Transportation Security
Administration Balance Sheet
Audit (Redacted)
$0
$0
$0
39. OIG-08-73
7/08
Independent Auditor's Report
on U.S. Coast Guard's FY 2008
Mission Action Plans
$0
$0
$0
56
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 3
Management Reports Issued (continued)
Report Number
Date Issued
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
40. OIG-08-74
7/08
Independent Auditor's Report
on TSA's FY 2008 Mission
Action Plans
$0
$0
$0
41.OIG-08-75
7/08
Independent Auditor's Report
on FEMA's FY 2008 Mission
Action Plans
$0
$0
$0
42. OIG-08-76
7/08
Independent Auditor's Report
on OFM's FY 2008 Mission
Action Plans
$0
$0
$0
4"? OIG-08-77
Information Technology
Management Letter for the FY
2007 DHS Financial Statement
(Redacted)
"fin
44. OIG-08-79 4
7/08
U.S. Immigration and Customs
Enforcement Visa Security
Program
$0
$0
$0
45. OIG-08-80
7/08
U.S. Customs and Border
Protection's Management of
2005 Gulf Coast Hurricanes
Mission Assignment Funding
$4,952,052
$2,040,092
$0
46. OIG-08-81
7/08
Hurricane Katrina Multitier
Contracts
$625,225
$0
$0
47. OIG-08-82
8/08
Enhanced Configuration
Controls and Management
Policies Can Improve USCG
Network Security (Redacted)
$0
$0
$0
4 Report number OIG-08-78 was not used.
57
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Appendix 3
Management Reports Issued (continued)
Report Number
Date Issued
Report Title
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
48. OIG-08-83
8/08
The State of Utah's
Management of State
Homeland Security Grants
Awarded During Fiscal Years
2004 through 2006
$0
$0
$0
49. OIG-08-84
8/08
Assistance to Firefighters Grant
Program - Fiscal Year 2003
$94,793
$15,863
$0
50. OIG-08-85
8/08
The Science and Technology
Directorate's Processes for
Selecting and Managing
Research and Development
Programs
$0
$0
$0
51. OIG-08-86
8/08
Costs Incurred for Rejected
Temporary Housing Sites
$0
$0
$0
52. OIG-08-87
08/08
Evaluation of DHS' Security
Program and Practices For
Its Intelligence Systems for
Fiscal Year 2008 (Unclassified
Summary)
$0
$0
$0
53. OIG-08-88
8/08
Hurricane Katrina Temporary
Housing Technical Assistance
Contracts
$0
$0
$0
54. OIG-08-89
9/08
Letter Report: DHS
Compliance with Prepackaged
News Prohibition
$0
$0
$0
55. OIG-08-90
9/08
TSA's Management of Aviation
Security Activities at Jackson-
Evers International and Other
Selected Airports (Unclassified
Summary)
$0
$0
$0
58
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 3
Management Reports Issued (continued)
Report Number
Date Issued
Report Title
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
56. OIG-08-91
9/08
Progress Made in
Strengthening DHS Information
Technology Management, But
Challenges Remain
$0
$0
$0
57 OIG-08-92
9/08
Transportation Security
Administration's Controls over
SIDA Badges, Uniforms, and
Identification Cards (Redacted)
$0
$0
$0
58. OIG-08-93
9/08
FEMAs Sheltering and
Transitional Housing Activities
After Hurricane Katrina
$0
$0
$0
59. OIG-08-94
9/08
Evaluation of DHS' Information
Security Program for Fiscal Year
2008
$0
$0
$0
60. OIG-08-95
9/08
Review of DHS Security
Controls for Portable Storage
Devices
$0
$0
$0
61.OIG-08-96
9/08
FEMAs Crisis Counseling
Assistance and Training
Program: State of Florida's
Project H.O.P.E.
$0
$0
$0
62. OIG-08-97
9/08
Hurricane Katrina: Wind Versus
Flood Issues
$0
$0
$0
63. OIG-08-98
9/08
The State of Washington's
Management of State
Homeland Security Grants
Awarded During Fiscal Years
2004 through 2006
$0
$0
$0
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Appendix 3
Management Reports Issued (continued)
Report Number
Date Issued
Report Title
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
64. OIG-08-99
9/08
The State of Arizona's
Management of State
Homeland Security Grants
Awarded During Fiscal Years
2004 through 2006
$0
$0
$0
65. OIG-08-100
9/08
Effectiveness of the Federal
Trucking Industry Security
Grant Program
$0
$0
$0
Total, Appendix 3
$5,672,070
$2,055,955
$0
60
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 4
Financial Assistance Audit Reports Issued
Report
Number
Date Issued
Auditee
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
1. DA-08-06
6/08
Review of Coast Electrical Power
Association
$1,250,705
$0
$0
2. DA-08-07
—7 /no
7/08
Hurricane Georges Activities for
Puerto Rico Aqueduct and Sewer
Authority
$1,629,730
$0
$0
3. DA-08-08
7/08
Audit of Hurricane Katrina Activities for
City of Waveland, Mississippi
$1,020,156
$0
$0
4. DA-08-09
8/08
Hurricane Katrina Disaster Costs for
Hancock County Port and Harbor
Commission
$5,019,617
$0
$4,967,201
5. DA-08-10
8/08
Hurricane Katrina Activities for
Hancock County Medical Center
$2,163,694
$0
$0
6. DA-08-11
9/08
Hurricane Katrina Activities for Singing
River Electric Power Association
$223,454
$0
$0
7. DD-08-02
9/08
Lafayette Parish Sheltering and
Emergency Protective Measures
$3,448,987
$0
$0
8. DS-08-04
7/08
San Bernardino County, California
$1,485,435
$1,335,075
$0
9. DS-08-05
9/08
State of Oregon's Administration of the
Fire Management Assistance Grant
Program for the Bland Mountain #2
Fire
$453,977
$0
$0
10. DS-08-06
9/08
State of Arizona's Administration of the
Fire Management Assistance Grant
Program for the Aspen Fire
$20,124
$20,124
$0
11. DS-08-07
9/08
State of Montana's Administration
of the Fire Management Assistance
Grant Program for the Hobble Fire
$5,189
$5,189
$0
61
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Appendix 4
Financial Assistance Audit Reports Issued (continued)
Report
Number
Date Issued
Auditee
Questioned
Costs
Unsupported
Costs
Funds Put to
Better Use
12. DS-08-08
9/08
State of California's Administration
of the Fire Management Assistance
Grant for the Canyon Fire
$409,208
$22,635
$0
13. DS-08-09
9/08
State of Washington's Administration
of the Fire Management Assistance
Grant Program for the Middle Fork Fire
$379,491
$379,491
$0
14. DS-08-10
9/08
State of New Mexico's Administration
of the Fire Management Assistance
Grant Program for the Atrisco Fire
$815,795
$815,795
$0
15. DS-08-11
9/08
State of California's Administration
of the Fire Management Assistance
Grant Program for the Pine Fire
$3,021,538
$2,660,694
$0
16. DS-08-12
9/08
State of Montana's Administration
of the Fire Management Assistance
Grant Program for the Missoula/
Mineral Fire Zone
$974,680
$974,680
$0
Subtotal, Disaster Grant Assistance
Audits
$22,321,780
$6,213,683
$4,967,201
17. OIG-S-23-08
9/08
State of Pennsylvania 05
$2,625
$2,625
$0
Subtotal, Single Audits
$2,625
$2,625
$0
Total, Appendix 4
$22,324,405
$6,216,308
$4,967,201
Notes and Explanations:
Appendix 4 includes 1 of the 12 single audit reports
processed during this reporting period. This is the
only single audit report that disclosed questioned costs.
DA Disaster Audit, Atlanta Office
DD Disaster Audit, Dallas Office
DS Disaster Audit, Oakland Office
OIG-S Single audit report, Headquarters
Report Number Acronyms:
62
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 5
Schedule of Amounts Due and Recovered
Report Number
Date Issued
Auditee
Amount Due
Recovered Costs
1. DD-01-04
10/03
Minnkota Power Cooperative
$473,248
$3,870
2. DD-02-04
10/03
City of Hoisington, KS
$7,208
$4,592
11 /nfi
St. Bernard Parish Debris
Removal
<ft90Q 11^
t. UU KJ 1 IU
OR/D7
VJU/ KJ 1
St. Tammany Parish Debris
Removal
$99
$99 ^04
*p c- tL , O \J
5. DD-08-06
06/06
University of North Dakota
$2,705,241
$1,129,851
6. DD-09-04
06/04
Michigan State Police
$58,423
$58,423
7. DD-18-04
09/04
Montcalm County Drain
Commission, Stanton, Ml
$835,644
$76,733
8. OIG-07-26
02/07
City of Richmond
$12,169,567
$0
9. OIG-08-81
07/08
Hurricane Katrina Multitier
Contracts
$625,225
$625,225
Total, Appendix 5
$17,105,975
$1,920,998
Report Number Acronyms:
DD Disaster Audit, Dallas Office
OIG-S Management Audit, Headquarters
63
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Appendix 6
Contract Audit Reports
Report Category
Questioned
Unsupported
Disallowed
We processed no contract audit reports meeting the
criteria of the National Defense Authorization Act
for FY 2008 during the reporting period
April 1 -September 30, 2008. 5
N/A
N/A
N/A
5 The National Defense Authorization Act for FY 2008 requires that we list all contract audit reports issued during the reporting
period containing significant audit findings; briefly describe the significant audit findings in the report; and specify the amounts of
costs identified in the report as unsupported, questioned, or disallowed- This Act defines significant audit findings as unsupported,
questioned, or disallowed costs in excess of $10,000,000, or other findings that the Inspector General determines to be significant. It
defines contracts as a contract, an order placed under a task or delivery order contract, or a subcontract.
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 7
Acronyms
Acronym
Definition
ACE
Automated Commercial Environment
AICPA
American Institute of Certified Public
Accountants
ATS
Automated Tracking System
BPA
Border Patrol Agent
C&A
certification and accreditation
CBP
Customs and Border Protection
CBPO
Customs and Border Protection Officer
CGDN+
Coast Guard Data Network Plus
CIO
Chief Information Officer
CR&CL
Office for Civil Rights and Civil Liberties
DCAA
Defense Contract Audit Agency
DHAP
Disaster Housing Assistance Program
DHS
Department of Homeland Security
DUA
Disaster Unemployment Insurance
Assistance
EMO
Office of Emergency Management
Oversight
FEMA
Federal Emergency Management
Agency
FFDO
Federal Flight Deck Officer (program)
FISMA
Federal Information Security
Management Act
FLETC
Federal Law Enforcement Training
Center
FMAG
Fire Management Assistance Grant
FY
fiscal year
HUD
Department of Housing and Urban
Development
ICE
United States Immigration and
Customs Enforcement
IEA
Immigration Enforcement Agent
IPv6
Internet Protocol version 6
ISP
Office of Inspections
Acronym
Definition
IT
Information technology
IT-A
Office of Information Technology-
Audits
LAX
Los Angeles International Airport
MAP
Mission Action Plan
MEMA
Mississippi Emergency Management
Agency
M/V
Motor Vessel
NAO
National Applications Office
NFIP
National Flood Insurance Program
OA
Office of Audits
OCFO
Office of the Chief Financial Officer
OCIO
Office of the Chief Information Officer
OFM
Office of Financial Management
OHA
Office of Health Affairs
OIG
Office of Inspector General
OMB
Office of Management and Budget
ONDCP
Office of National Drug Control Policy
PHA
Public Housing Authority
Df\ A St M
Plan of Action and Milestones
R&D
Research and Development
RMTO
Resource Management Transformation
Office
S&T
Science and Technology (directorate)
SAP
System Applications and Products
SAR
Semiannual Report
TSA
Transportation Security Administration
Ul
unemployment insurance
USCG
United States Coast Guard
USCIS
United States Citizenship and
Immigration Services
WYO
Write-Your-Own (insurance companies)
65
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Appendix 8
OIG Headquarters/Field Office
Contacts and Locations
Department of Homeland Security
Attn: Office of Inspector General
245 Murray Drive, SW, Bldg410
Washington, D.C. 20528
Telephone Number (202) 254-4100
Fax Number (202) 254-4285
Web Site Address http://www.dhs.gov/xoig/
OIG Headquarters Senior Management Team
Richard L. Skinner
Inspector General
James L. Taylor
Deputy Inspector General
Matt Jadacki
Deputy Inspector General/Office of Emergency Management Oversight
Richard N. Reback
Counsel to the Inspector General
Anne L. Richards
Assistant Inspector General/Audits
Robert M. Frost
Assistant Inspector General/Investigations
Carlton 1. Mann
Assistant Inspector General/Inspections
Frank Deffer
Assistant Inspector General/Information Technology Audits
Edward F. Cincinnati
Assistant Inspector General/Administration
Marta Metelko
(Acting) Congressional Liaison and Media Affairs
Denise S. Johnson
Executive Assistant to the Inspector General
66
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 8
OIG Headquarters/Field Office
Contacts and Locations (continued)
Locations of Audit Field Offices
Boston, MA
Boston, MA 02222
(617) 565-8700/ Fax (617) 565-8996
Chicago, IL
Chicago, IL 60603
(312) 886-6300 / Fax (312) 886-6308
Denver, CO
Lakewood, CO 80225
(303) 236-2877/ Fax (303) 236-2880
Houston, TX
Houston, TX 77057
(713) 706-4611 / Fax (713) 706-4625
Miami, FL
Miramar, FL 33027
(954) 538-7842 / Fax (954) 602-1033
Philadelphia, PA
Marlton, NJ 08053-1521
(856) 596-3810 / Fax (856) 810-3412
Locations of IT Audits Field Office
Seattle, WA
Kirkland, WA 98033
(425)250-1363
Locations of Investigative
Field Offices
Arlington, VA
Arlington, VA 22209
(703) 235-0848 / Fax: (703) 235-0854
Atlanta, GA
Atlanta, GA 30341
(404) 832-6730 / Fax: (404) 832-6646
Boston, MA
Boston, MA 02222
(617) 565-8705/ Fax: (617) 565-8995
Buffalo, NY
Buffalo, NY 14202
(716) 551-4231 / Fax: (716) 551-4238
Chicago, IL
Chicago, IL 60603
(312) 886-2800 / Fax: (312) 886-2804
Dallas, TX
Denton, TX 76208
(940) 891-8930/ Fax: (940) 891-8959
Del Rio, TX
Del Rio, TX 78840
(830) 703-7492 / Fax: (830) 703-2065
Detroit, Ml
Dearborn, Ml 48126
(313) 226-2163/ Fax: (313) 226-6405
El Centro, CA
Imperial, CA 92251
(760) 335-3900 / Fax: (760) 335-3726
El Paso, TX
El Paso, TX 79925
(915) 629-1800/ Fax: (915) 594-1330
Los Angeles, CA
El Segundo, CA 90245
(010)665-7320/ Fax: (310)665-7309
Houston, TX
Houston, TX 77057
(713) 706-4600 / Fax: (713) 706-4622
Laredo, TX
Laredo, TX 78045
(956) 794-2917/ Fax: (956) 717-0395
67
Semiannual Report to the Congress
April 1, 2008-September30, 2008
Appendix 8
OIG Headquarters/Field Office
Contacts and Locations (continued)
McAllen, TX
McAllen, TX 78501
(956) 664-8010/ Fax: (956) 618-8151
Miami, FL
Miramar, FL 33027
(954) 538-7555 / Fax: (954) 602-1033
New York City, NY
Jersey City, NJ 07310
(201 ) 356-1 800 / Fax: (201 ) 356-4038
Oakland, CA
Oakland, CA 94612
(510) 637-4311 / Fax: (510) 637-4327
Orlando, FL
Lake Mary, FL 32746
(407) 804-6399 / Fax: (407) 804-8730
Philadelphia, PA
Marlton, NJ 08053
(856) 596-3800/ Fax: (856) 810-3410
San Diego, CA
San Diego, CA 92101
(619) 235-2501 / Fax: (619) 687-3144
San Juan, PR
San Juan, PR 00918
(787) 294-2500 / Fax: (787) 771-3620
Seattle, WA
Kirkland, WA 98033
(425) 250-1360 / Fax: (425) 576-0898
St. Thomas, VI
(340) 777-1792 / Fax: (340) 777-1803
Tucson, AZ
Tucson, AZ 85741
(520) 229-6420 / Fax: (520) 742-7192
Yuma, AZ
Yuma, AZ 85365
(928) 314-9640 / Fax: (928) 314-9679
Locations of Emergency
Management Oversight Office
Field Offices
Atlanta, GA
Atlanta, GA 30309
(404) 832-6700/ Fax: (404) 832-6645
Biloxi, MS
Biloxi, MS 39531
(228) 385-1713/ Fax: (228) 385-1714
Dallas, TX
Denton, TX 76208
(940) 891-8900/ Fax: (940) 891-8948
New Orleans, LA
New Orleans, LA 70114
(504) 762-2147/ Fax: (504) 739-3902
Oakland, CA
Oakland, CA 94612
(510) 637-4311 / Fax: (510) 637-1484
San Juan, PR
San Juan, PR 00918
(787) 294-2500/ Fax: (787) 771-3620
68
April 1, 2008-September 30, 2008
Semiannual Report to the Congress
Appendix 9
Index to Reporting Requirements
The specific reporting requirements described in the Inspector General Act of 1978, as amended, are listed below
with a reference to the SAR pages on which they are addressed.
Requirement
Pages
Review of Legislation and Regulations
44
Significant Problems, Abuses, and Deficiencies
10-41
Recommendations with Significant Problems
10-41
Prior Recommendations Not Yet Implemented
42, 51
Matters Referred to Prosecutive Authorities
inside front cover
Summary of Instances Where Information Was Refused
N/A
List of Audit Reports
52-62
Summary of Significant Audits
10-41
Reports with Questioned Costs
49
Reports Recommending That Funds Be Put To Better Use
50
Summary of Reports in Which No Management Decision Was Made
49-50
Revised Management Decisions
N/A
Management Decision Disagreements
N/A
OIG Hotline
To report alleged fraud, waste, abuse, or mismanagement, or any other kind of criminal or noncriminal
misconduct relative to department programs or operations:
■ Call our Hotline at 1 800 323 8603;
■ Fax the complaint directly to us at (202) 254 4292;
■ Email us at DHSOIGHOTLINE@dhs.gov; or
■ Write to us at:
DHS Office of Inspector General/MAIL STOP 2600,
Attention: Office of Investigations - Hotline, 245 Murray Drive SW,
Building 410, Washington, DC 20528.
The OIG seeks to protect the identity of each writer and caller.
Live Music Archive
Librivox Free Audio
Metropolitan Museum
Cleveland Museum of Art
Internet Arcade
Console Living Room
Books to Borrow
Open Library
TV News
Understanding 9/11