Department of Homeland Security OFFICE OF INSPECTOR GENERAL SEMIANNUAL REPORT TO THE CONGRESS pril 1, 2008 - September 30, 2008 Semiannual Report to the Congress April 1, 2008-September30, 2008 Statistical Highlights of OIG Activities April 1, 2008 - September 30, 2008 DOLLAR IMPACT Questioned Costs $27,996,475 Funds Put to Better Use $4,967,201 Management Agreement That Funds Be: Recovered $0 Deobligated $4,967,201 Funds Recovered $1,920,998 Fines and Restitutions $12,173,264 Administrative Cost Savings and Investigative Recoveries $11,838,453 ACTIVITIES Management Reports Issued 65 Financial Assistance Grant Audit Reports 16 Single Audit Reports Processed 12 Investigative Reports Issued 481 Investigations Initiated 440 Investigations Closed 620 Open Investigations 1,815 Investigations Referred for Prosecution 166 Investigations Accepted for Prosecution 136 Investigations Declined for Prosecution 18 Arrests 179 Indictments 194 Convictions 143 Personnel Actions 14 Complaints Received (other than Hotline) 6,163 Hotline Complaints Received 3,378 Complaints Referred (to programs or other agencies) 5,501 Complaints Closed 7,243 Office of Inspector General U.S. Department of Homeland Security Washington, DC 20528 Homeland Security October 31, 2008 The Honorable Michael Chertoff Secretary U.S. Department of Homeland Security Washington, DC 20528 Dear Mr. Secretary: I am pleased to present our semiannual report, which summarizes the activities and accomplishments of the Department of Homeland Security (DHS) Office of Inspector General for the 6 -month period ended September 30, 2008. During this reporting period, our office published 65 management reports, 16 financial assistance grant reports, and 12 reports on DHS programs that were issued by other organizations. DHS management concurred with 95 % of recommendations contained in our management reports. As a result of these efforts, $28 million of questioned costs were identified, of which $8.3 million was determined to be unsupported. We recovered $1.9 million as a result of disallowed costs identified from current and previous reports. In addition, management agreed to deobligate $4.9 million in disaster grant assistance resulting in funds put to better use. In the investigative area, we issued 481 investigative reports, initiated 440 investigations, and closed 620 investigations. Our investigations resulted in 179 arrests, 194 indictments, 143 convictions, and 14 personnel actions. Additionally, investigative recoveries, fines, restitutions, and cost savings totaled $24 million. In closing, I would like to thank the hardworking and dedicated professionals on my staff. As a result of their efforts and the efforts of DHS staff, together we were able to successfully meet the tremendous challenges that faced our office and DHS during the past 6 months. I would like to take this opportunity to thank you for the interest and support that you have provided to our office. We look forward to working closely with you, your leadership team, and Congress during the upcoming presidential transition. Throughout this process, we will remain focused on the goal of promoting economy, efficiency, and effectiveness in DHS programs and operations, as well as helping the department accomplish its critical mission in the very challenging months ahead. Sincerely, Richard L. Skinner Inspector General Photo by USDA Creative Services Center photographer: Bob Nichols, Cover Pentagon Memorial April 1, 2008-September 30, 2008 Semiannual Report to the Congress Table of Contents STATISTICAL HIGHLIGHTS INSIDE COVER INSPECTOR GENERAL'S MESSAGE 1 WORKING RELATIONSHIP PRINCIPLES FOR AGENCIES AND OFFICES OF INSPECTOR GENERAL 4 EXECUTIVE SUMMARY 5 DEPARTMENT OF HOMELAND SECURITY PROFILE 6 OFFICE OF INSPECTOR GENERAL PROFILE 7 SUMMARY OF SIGNIFICANT OFFICE OF INSPECTOR GENERAL ACTIVITY 10 Directorate for Management 11 Directorate for Science and Technology 14 Federal Emergency Management Agency 14 Federal Law Enforcement Training Center 24 Office for Civil Rights and Civil Liberties 25 Office of Intelligence and Analysis 25 Transportation Security Administration 25 United States Citizenship and Immigration Services 29 United States Coast Guard 29 United States Customs and Border Protection 32 United States Immigration and Customs Enforcement 36 Multiple Components 39 OTHER OFFICE OF INSPECTOR GENERAL ACTIVITIES 42 LEGISLATIVE AND REGULATORY REVIEWS 44 CONGRESSIONAL TESTIMONY AND BRIEFINGS 46 APPENDICES 48 Appendix 1 Audit Reports with Questioned Costs 49 Appendix 1b Audit Reports with Funds Put to Better Use 50 Appendix 2 Compliance - Resolution of Reports and Recommendations 51 Appendix 3 Management Reports Issued 52 Appendix 4 Financial Assistance Audit Reports Issued 61 Appendix 5 Schedule of Amounts Due and Recovered 63 Appendix 6 Contract Audit Reports 64 Appendix 7 Acronyms 65 Appendix 8 OIG Headquarters and Field Office Contacts and Locations 66 Appendix 9 Index to Reporting Requirements 69 3 Semiannual Report to the Congress April 1, 2008-September30, 2008 Working Relationship Principles For Agencies and Offices of Inspector General The Inspector General Act establishes for most agencies an Office of Inspector General (OIG) and sets out its mission, responsibilities, and authority. The Inspector General is under the general supervision of the agency head. The unique nature of the Inspector General function can present a number of challenges for establishing and maintaining effective working relationships. The following working relation- ship principles provide some guidance for agencies and OIGs. To work most effectively together, the agency and its OIG need to clearly define what the two consider to be a productive relationship and then consciously manage toward that goal in an atmosphere of mutual respect. By providing objective information to promote government management, decision making, and accountability, the OIG contributes to the agency's success. The OIG is an agent of positive change, focusing on eliminating waste, fraud, and abuse, and on identifying problems and recommendations for corrective actions by agency leadership. The OIG provides the agency and Congress with objective assessments of opportunities to be more successful. The OIG, although not under the direct supervision of senior agency management, must keep them and the Congress fully and currently informed of significant OIG activities. Given the complexity of management and policy issues, the OIG and the agency may sometimes disagree on the extent of a problem and the need for and scope of corrective action. However, such disagreements should not cause the relationship between the OIG and the agency to become unproductive. To work together most effectively, the OIG and the agency should strive to: Foster open communications at all levels. The agency will promptly respond to the OIG requests for information to facilitate OIG activities and acknowledge challenges that the OIG can help address. Surprises are to be avoided. With very limited exceptions, primarily related to investigations, the OIG should keep the agency advised of its work and its findings on a timely basis, and strive to provide information helpful to the agency at the earliest possible stage. Interact with professionalism and mutual respect. Each party should always act in good faith and presume the same from the other. Both parties share, as a common goal, the successful accomplish- ment of the agency's mission. Recognize and respect the mission and priorities of the agency and the OIG. The agency should recognize the OIGs independent role in carrying out its mission within the agency, while recognizing the responsibility of the OIG to report both to Congress and to the agency head. The OIG should work to carry out its functions with a minimum of disruption to the primary work of the agency. The agency should allow the OIG timely access to agency records and other materials. Be thorough, objective, and fair. The OIG must perform its work thoroughly, objectively, and with consideration to the agency's point of view. When responding, the agency will objectively consider differing opinions and means of improving operations. Both sides will recognize successes in addressing management challenges. Be engaged. The OIG and agency management will work cooperatively in identifying the most important areas for OIG work, as well as the best means of addressing the results of that work, while maintaining the OIGs statutory independence of operation. In addition, agencies need to recognize that the OIG also will need to carry out work that is self-initiated, congressionally requested, or mandated by law. Be knowledgeable. The OIG will continually strive to keep abreast of agency programs and operations, and agency management will be kept informed of OIG activities and concerns being raised in the course of OIG work. Agencies will help ensure that the OIG is kept up to date on current matters and events. Provide feedback. The agency and the OIG should implement mechanisms, both formal and informal, to ensure prompt and regular feedback. 4 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Executive Summary This Semiannual Report to the Congress is issued pursuant to the provisions of Section 5 of the Inspector General Act of 1978, as amended, and covers the period from April 1, 2008 to September 30, 2008. The report is organized to reflect our organization and that of the Department of Homeland Security. During this reporting period, we completed significant audit, inspection, and investigative work to promote the economy, efficiency, effectiveness, and integrity of the department's programs and operations. Specifi- cally, we issued 65 management reports (Appendix 3), 16 financial assistance grant reports (Appendix 4), and 481 investigative reports. We also processed 12 single audit reports issued by other organizations according to the Single Audit Act of 1984, as amended (Appendix 4). Our reports provide the department Secretary and Congress with an objective assessment of the issues, and at the same time provide specific recommenda- tions to correct deficiencies and improve the economy, efficiency, and effectiveness of the respective program. During this reporting period, our audits resulted in questioned costs of $27,996,475, of which $8,272,263 was not supported by documentation. We also recovered $1,920,998 as a result of disallowed costs identified from current and prior audits. In addition, management agreed to deobligate $4,967,201 in disaster grant assistance, resulting in funds put to better use. In the investigative area, we issued 481 reports, initiated 440 investigations, and closed 620 investigations. Our investigations resulted in 179 arrests, 194 indictments, 143 convictions, and 14 personnel actions. Additionally, investigative recoveries, fines, restitutions, and cost savings totaled $24,011,717. We have a dual reporting responsibility to Congress as well as to the department Secretary. During the reporting period, we continued our active engagement with Congress through extensive meetings, briefings, and dialogues. Members of Congress, their staff, and the department's authorizing and appropriations committees and subcommittees met on a range of issues relating to our work and that of the department. We also testified before Congress on five occasions during this reporting period. Testimony prepared for these hearings may be accessed through our Web site at www.dhs.gov/oig. 5 Semiannual Report to the Congress April 1, 2008-September30, 2008 Department of Homeland Security Profile n November 25, 2002, President Bush signed the Homeland Security Act of 2002 (P.L. 107-296, as amended), officially establishing the Department of Homeland Security (DHS) with the primary mission of protecting the American homeland. DHS became operational on January 24, 2003. Formulation of DHS took a major step forward on March 1, 2003, when, according to the President's reorganization plan, 22 agencies and approximately 181,000 employees were transferred to the new department. DHS' first priority is to protect the United States against further terrorist attacks. Component agencies analyze threats and intelligence, guard U.S. borders and airports, protect America's critical infrastructure, and coordinate U.S. preparedness for and response to national emergencies. DHS is reorganized into the following directorates: Management National Protection and Programs ■ Science and Technology Other critical components of DHS include: ■ Domestic Nuclear Detection Office Federal Emergency Management Agency Federal Law Enforcement Training Center Office of Civil Rights and Civil Liberties Office of General Counsel Office of Health Affairs ■ Office of Inspector General Office of Intelligence and Analysis ■ Office of Operations Coordination Office of Policy Transportation Security Administration United States Citizenship and Immigration Services ■ United States Coast Guard United States Customs and Border Protection United States Immigration and Customs Enforcement United States Secret Service 6 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Office of Inspector General Profile The Homeland Security Act of 2002 provided for the establishment of an Office of Inspector General (OIG) in DHS by amendment to the Inspector General Act of 1978 (5 USC App. 3, as amended). By this action, Congress and the Adminis- tration ensured independent and objective audits, inspections, and investigations of the operations of the department. The Inspector General is appointed by the President, subject to confirmation by the Senate, and reports directly to the Secretary of DHS and to Congress. The Inspector General Act ensures the Inspector General's independence. This independence enhances our ability to prevent and detect fraud, waste, and abuse, as well as to provide objective and credible reports to the Secretary and Congress regarding the economy, efficiency, and effectiveness of DHS' programs and operations. We were authorized 551 full-time employees during the reporting period. We consist of an Executive Office and eight functional components based in Washington, DC. We also have field offices throughout the country. Chart 1 illustrates the DHS OIG management team. Chart 1 : DHS OIG Organization Chart Inspector General Congressional and Media Affairs Executive Assistant to the IG Counsel to the IG Deputy IG Emergency Management Oversight Assistant IG Administration Assistant IG Audits Assistant IG Inspections Assistant IG Investigations Assistant IG Information Technology Audits 7 Semiannual Report to the Congress April 1, 2008-September30, 2008 The OIG consists of the following components: The Executive Office consists of the Inspector General, the Deputy Inspector General, an executive assistant, and support staff. It provides executive leadership to the OIG. The Office of Congressional and Media Affairs serves as primary liaison to members of Congress and their staffs, the White House, the media, and other federal agencies and government entities involved in securing the Nation. The office's staff responds to inquiries from Congress, the White House, and the media; notifies Congress about OIG initiatives, policies, and programs; and informs other government entities about OIG measures that affect their operations and activities. It also provides advice to the Inspector General and supports OIG staff as they address congressional, White House, and media inquiries. The Office of Counsel to the Inspector General provides legal advice to the Inspector General and other management officials; supports audits, inspections, and investigations by ensuring that applicable laws and regulations are followed; serves as the OIGs designated ethics office; manages OIG responsibilities under the Freedom of Information Act and Privacy Act; furnishes attorney services for the issuance and enforcement of OIG subpoenas; and provides legal advice on OIG operations. The Office of Audits conducts and coordinates audits and program evaluations of the management and financial operations of DHS. Auditors examine the methods employed by agencies, bureaus, grantees, and contractors in carrying out essential programs or activities. Audits evaluate whether established goals and objectives are achieved and resources are used economically and efficiently; whether intended and realized results are consistent with laws, regulations, and good business practices; and determine whether financial accountability is achieved and the financial statements are not materially misstated. The Office of Emergency Management Oversight provides an aggressive and ongoing audit effort designed to ensure that disaster relief funds are being spent appropriately, while identifying fraud, waste, and abuse as early as possible. The office is an independent and objective means of keeping Congress, the Secretary of DHS, the Administrator of the Federal Emergency Management Agency (FEMA), and other federal disaster relief agencies fully informed on problems and deficiencies relating to disaster operations and assistance programs, and progress regarding corrective actions. This office's focus is weighted heavily toward prevention, including reviewing internal controls and monitoring and advising DHS and FEMA officials on contracts, grants, and purchase transactions before they are approved. This approach allows the office to stay current on all disaster relief operations and provide on-the-spot advice on internal controls and precedent- setting decisions. 8 April 1, 2008-September 30, 2008 Semiannual Report to the Congress The Office oflnipecTions provides the Inspector General with a means to analyze programs quickly and to evaluate operational efficiency and vulnerability. This work includes special reviews of sensitive issues that arise suddenly and congressional requests for studies that require immediate attention. Inspectors may examine any area of the department. This office is also the lead OIG office for reporting on DHS intelligence, international affairs, civil rights and civil liberties, and science and technology. Inspections reports use a variety of study methods and evaluation techniques to develop recommendations for DHS, and the reports are released to DHS, Congress, and the public. The Office of Information Technology Audits conducts audits and evaluations of DHS' informa- tion management, cyber infrastructure, and systems integration activities. The office reviews the cost effectiveness of acquisitions, implementation, and management of major information systems and telecommunications networks across DHS. In addition, it evaluates the systems and related architec- tures of DHS to ensure that they are effective, efficient, and implemented according to applicable policies, standards, and procedures. The office also assesses DHS' information security program as mandated by the Federal Information Security Management Act (FISM A), and provides technical forensics assistance to support our fraud prevention and detection program. The Office of Investigations conducts investigations into allegations of criminal, civil, and administrative misconduct involving DHS employees, contractors, grantees, and programs. These investigations can result in criminal prosecutions, fines, civil monetary penalties, administrative sanctions, and personnel actions. The office also provides oversight and monitors the investigative activity of DHS' various internal affairs offices. The office includes investiga- tive staff working on Gulf Coast hurricane recovery operations. The Office of Administration provides critical administrative support functions, including strategic planning; development and implementa- tion of administrative directives; information and office automation systems; budget formulation and execution; correspondence; printing and distribu- tion of OIG reports; and oversight of the personnel, procurement, travel, and accounting services provided to the OIG on a reimbursable basis by the Bureau of Public Debt. The office also prepares our annual performance plans and semiannual reports to Congress. 9 SUMMARY OF SIGNIFICANT OIG ACTIVITY April 1, 2008-September 30, 2008 Semiannual Report to the Congress DIRECTORATE FOR MANAGEMENT MANAGEMENT REPORTS Information Technology Management Letter for the FY 2007 DHS Financial Statement Audit (Redacted) We contracted with the independent public accounting firm KPMG LLP to perform a review of DHS' Information Technology (IT) general controls in support of the FY 2007 DHS financial statement engagement. The overall objective of this review was to evaluate the effectiveness of IT general controls of DHS' financial processing environment and related IT infrastructure as necessary to support the engagement. KPMG LLP also performed technical security testing for key network and system devices, as well as testing key financial application controls. KPMG LLP noted that DHS addressed many prior years of IT control weaknesses, but that IT general control weaknesses still existed during FY 2007. The most significant weaknesses from a financial statement audit perspec- tive related to entity-wide security, access controls, and service continuity. Collectively, the IT control weaknesses limit DHS' ability to ensure the confidenti- ality, integrity, and availability of their critical financial and operational data. These weaknesses also negatively impact DHS' internal controls over its financial reporting and operation, and KPMG LLP considers them to collectively represent a material weakness under standards established by the American Institute of Certified Public Accountants (AICPA). We made recommendations in the area of access controls. (OIG-08-77, June 2008, IT- A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIGr_08-77_June08.pdf Review of Department of Homeland Security Component Plans of Action and Milestones for Financial System Security We contracted with the independent public accounting firm KPMG LLP to assist the OIG in assessing the status of the IT Plans of Action and Milestones (POA&Ms) implemented by DHS that relates to the financial systems security material weakness. DHS' Independent Auditor's Report, included in the FY 2006 Performance and Accountability Report, reported 10 material weaknesses associated with internal controls. One of the 10 material weaknesses concerns financial system security. To address the issues related to the financial system security material weakness, the DHS Office of Chief Information Officer (OCIO) and components tracked IT weaknesses and corrective actions in POA&Ms. KPMG LLP evaluated the POA&M process and status of IT POA&Ms through review of the IT POA&Ms and discussion with the in-scope components, DHS OCIO and DHS Office of Chief Financial Officer (OCFO) personnel. As part of this review, KPMG LLP provided the in-scope DHS components, the OCIO, and the OCFO with informa- tion on the best practices and weaknesses of the current POA&M process employed by the agency, as well as recommendations for enhancing the existing process. (OIG-08-63, June 2008, IT- A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-63_Jun08.pdf Letter Report: Review of Department of Homeland Security's Financial Systems Consoli- dation Project The Resource Management Transformation Office (RMTO) has developed a strategy to consolidate key component financial systems on either the Systems Applications and Products (SAP) or Oracle Financial platforms. Generally, the RMTO's evaluation provided adequate support for its decision to use the Oracle and SAP system platforms. However, the RMTO has not conducted a complete analysis of possible service providers outside of DHS. Additionally, during the FY 2007 financial statement audit, the external auditors outlined problems with the change control process in the Oracle platform. These change control problems could cause unsupported adjustments not only to financial data from the United States Coast Guard (USCG) and Transportation Security Administration (TSA), but also to the data of other DHS components that will be migrated to the new financial system. Our recommendations were for RMTO to conduct a full evaluation of financial service providers available in the federal government (including the Office of Management and Budget's (OMB) shared service providers) to determine if any of these systems can meet DHS' financial management needs 11 Semiannual Report to the Congress April 1, 2008-September30, 2008 more efficiently, identify all scripts being used at the USCG and TSA and analyze them to determine their effect on financial transactions and DHS' financial statements, and correct the scripts before migrating any DHS components to the new DHS financial system. (OIG-08-47, May 2008, IT-A) http://www.dhs.gov/xoig/ rpts/ mgmt/ editorial_0334.shtm Department of Homeland Security Must Address Internet Protocol Version 6 Challenges We evaluated DHS' transition to Internet Protocol Version 6 (IPv6). OMB requires federal agencies to demonstrate, by June 2008, their capability to pass IPv6 traffic and support IPv6 addresses from the (1) Internet to their local area network, (2) their local area network to the Internet, and (3) their local area network to other local area networks. Although DHS has begun the early stages of implementing OMB's IPv6 transition requirements, it is unlikely that the department will be positioned to take advantage of the enhanced capabilities of IPv6 as IPv6-capable products and services become available. Our recommendations included a comprehensive IPv6 inventory of applica- tions and devices; a finalized transition strategy with a detailed timeline for the transition; a determination of the transition mechanism to be used by DHS and related testing activities; development of transition guidance for components; and planning coordination between the DHS IPv6 program office and the U.S. Customs and Border Protection (CBP). (OIG-08-61, May 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-61_May08.pdf Management Letter for the FY 2007 Department of Homeland Security Financial Statement Audit We contracted with KPMG LLP to conduct DHS' financial statement audit. KPMG LLP was unable to express an opinion on the department's balance sheet and statement of custodial activity for the year ended September 30, 2007. The disclaimer of opinion was primarily attributable to financial reporting problems at four components and at the department level. KPMG LLP also looked at DHS' internal control over financial reporting and noted certain matters involving internal control and other operational matters, which resulted in a total of 49 financial management comments for 11 components and 6 comments related to the consolidated financial statements. The comments are in addition to the significant deficien- cies presented in the Independent Auditor's Report on DHS' FY 2007 Financial Statement. (OIG-08-36, April 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-36_Apr08.pdf Independent Auditor's Report on Office of Financial Management's FY 2008 Mission Action Plans We contracted with KPMG LLP to evaluate and report on the status of the detailed Mission Action Plans (MAPs) prepared by DHS' Office of Financial Management (OFM) to correct internal control deficiencies over financial reporting. DHS management identified the following two signifi- cant control deficiencies on the FY 2007 Secretary's Assurance Statement, which were also reported as material weaknesses in the FY 2007 Independent Auditor's Report: (1) parent/child reporting at the Office of Health Affairs (OH A), and (2) reconciliation of intragovernmental balances and transactions. KPMG LLP noted that the MAP prepared by OFM was written to broadly cover all findings identified and reported in the FY 2007 Independent Auditor's Report, and did not provide specific details on individual control weaknesses. The root causes identified were not linked to specific control deficien- cies or management financial statement assertions and did not fully describe the issues. Also, the MAP does not identify the unique issues affecting both parent/ child accounting and reporting and intragovernmental balances. KPMG LLP recommended that OFM (1) identify the underlying causes of the material weakness, especially those causes that contributed to the qualifications in DHS' 2007 financial statements, and (2) develop procedures for OHA that support the valuation and presentation of assets, liabilities, and net position of the funds maintained by other federal agencies that are 12 April 1, 2008-September 30, 2008 Semiannual Report to the Congress outside DHS control. KPMG LLP also recommended that OFM implement procedures that will be performed to resolve material differences in trading partner balances in a timely manner. (OIG-08-76, July 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-76_Jul08.pdf Progress Made in Strengthening Department of Homeland Security Information Technology Management, but Challenges Remain Creating a unified IT infrastructure for effective integration and agency wide management of IT assets and programs remains a challenge for the DHS Chief Information Officer (CIO). In 2004, we reported that the DHS CIO was not well positioned with sufficient authority or staffing to manage department-wide IT assets and programs. In 2008, we conducted a followup audit to examine DHS' efforts to improve its IT management structure and operations. The objectives of this audit were to identify the current DHS CIO management structure and changes made to roles, responsibilities, and guidance for department- wide IT management; to determine whether current IT management practices and operations effectively ensure strategic management of IT investments; and to assess progress on prior recommendations. DHS has taken steps over the past year to strengthen the CIO's role for centralized IT management. Specifi- cally, the DHS CIO attained greater authority and responsibility for leading component CIOs toward a unified IT direction. In addition, the DHS CIO gained oversight of IT acquisitions by establishing new policies and improving IT investment governance functions. However, continued CIO staffing shortages and inconsistent component-level IT budget practices impede progress. Additionally, DHS' IT management capabilities at the component level, such as IT strategic planning, have not been fully implemented. As a result, the DHS CIO remains hindered in his ability to fully integrate department-wide IT management practices to ensure that IT investments fulfill mission and infrastructure consolidation goals. We recommended that the DHS CIO update the CIO office's staffing plan, ensure that components submit comprehensive budgets, and develop and maintain IT strategic plans and enterprise architectures in alignment with DHS' mission. (OIG-08-91, September 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-91_Sep08.pdf Evaluation of Department of Homeland Security's Information Security Program for FY 2008 DHS continues to improve and strengthen its information security program. During the past year, the department implemented a performance plan to improve on four key areas: POA&M weaknesses remediation, quality of certification and accreditation (C&A), annual testing and validation, and security program oversight. The performance plan tracks key elements that are indicative of a strong security program. In addition, the department strengthened its oversight at the components and conducted compliance reviews in the areas of C&A and configuration management. Although these efforts resulted in some improvements, components are still not executing all of the department's policies, procedures, and practices. For example, key system documents and informa- tion are missing from C&A packages, POA&Ms are not being created for all known information security weaknesses and are not being mitigated in a timely manner, and DHS baseline security configurations are not being implemented for all systems. Our recommendations included the department's need to improve its management oversight of the components' implementation of department policies and procedures to ensure that all information security weaknesses are tracked and remediated, and to enhance the quality of system C&A. Additional information security program areas that need improvement include configuration management, incident detection and analysis, specialized training, and privacy. (OIG-08-94, September 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-94_Sep08.pdf 13 Semiannual Report to the Congress April 1, 2008-September30, 2008 DIRECTORATE FOR SCIENCE AND TECHNOLOGY MANAGEMENT REPORTS The Science and Technology Directorate's Processes for Selecting and Managing Research and Development Programs Under new leadership, in 2006 the Science and Technology (S&T) directorate improved its processes for selecting and managing research and development (R&D) programs by reorganizing and by documenting repeatable processes. The realignment centralized programmatic and fiscal oversight and also improved communications. These changes will help to reduce inadvertently redundant projects and leverage the work of other agencies and organizations. The processes that S&T developed for selecting R&D projects incorpo- rate the needs of the department to a greater extent than in the past. However, some improvements should be made. Most significantly, the process for selecting innovation projects in 2007 was not documented, which could raise ethical concerns in the future. We recommended that S&T examine whether the process for selecting its transition projects incorporates the needs of state, local, and tribal first responders. Also, S&T should establish a process with objective criteria for selecting basic research projects. Finally, S&T should transfer responsibility for selecting some of its innovation projects to the director of the portfolio for Innovation/Homeland Security Advanced Research Projects Agency and charge the director with establishing processes and criteria for selecting those projects. (OIG-08-85, August 2008, ISP) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-85_Aug08.pdf FEDERAL EMERGENCY MANAGEMENT AGENCY MANAGEMENT REPORTS Logistics Systems Need To Be Strengthened at the Federal Emergency Management Agency FEM A is responsible for developing federal response capability to deliver assistance in a natural or manmade disaster or act of terrorism. In addition, the Post-Katrina Emergency Management Act of 2006 required FEMA to integrate IT systems and develop a logistics system to track the procurement and delivery of goods during disasters. We concluded that FEMA's existing IT systems do not support logistics activities effectively. Specifically, the systems do not provide complete asset visibility, comprehensive asset management, or integrated logistics information. FEMA has taken a number of positive steps to improve its logistics capabilities by gathering independent evaluations to assess its existing systems, identify IT systems requirements, and select the appropriate technologies to meet logistics needs. We recommended that the Administrator of FEMA direct the Logistics Management Directorate to finalize its logistics strategic and operational plans to guide logistics activities; develop standard business processes and procedures for logistics activities; evaluate current technologies; and develop a strategy for acquiring information technology systems to support the logistics mission. (OIG-08-60, May 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-60_May08.pdf Independent Auditor's Report on the Federal Emergency Management Agency's FY 2008 Mission Action Plans FEMA developed four MAPs to be included in the 2008 Internal Controls Over Financial Reporting Playbook. The MAPs are intended to address control deficiencies identified in Entity Level Controls, Actuarial and Other Liabilities, Budgetary Accounting, and Capital Assets and Supplies. KPMG LLP performed an audit to evaluate and report on the status of the four MAPs prepared by FEMA to correct the internal control deficiencies mentioned above. KPMG LLP noted areas where the MAPs could be improved. Specifically, it was noted that the root cause analysis is often defined generally and in some cases does not describe the underlying issue. The milestone steps are not clearly linked to root causes or financial statement assertions, and the MAPs do not contain the depth of analysis required by the department's MAP guide. KPMG LLP also noted that critical dependencies are not clearly identified within each MAP and affected milestones and that the MAPs do not reflect FEMAs dependence on the department for various policies and procedures and management support for organizational change needed to remediate 14 April 1, 2008-September 30, 2008 Semiannual Report to the Congress its entity level control deficiency. The MAPs do not include detailed procedures to assess the functionality of current IT systems used in the affected processes. The milestones do not separately address the need for financial statement true-up actions to reconcile the backlog of old mission assignments, or to establish a beginning inventory of capital assets. In addition, as written, the FEMA MAPs lack a complete plan for MAP result verification and validation and are not clearly linked to department's current OMB Circular A-123 initiatives. (OIG-08-75, July 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-75JuI08.pdf Hurricane Katrina Temporary Housing Technical Assistance Contracts Williams, Adley & Company LLP, under a contract with DHS OIG, reviewed FEMAs management and oversight of four large, national contractors with whom FEMA had Individual Assistance-Technical Assistance contracts to provide temporary housing solutions for those affected by Hurricanes Katrina and Rita along the Gulf Coast. Williams, Adley determined that FEMA could improve the operation and control of its Individual Assistance— Technical Assistance contracts (in which relevant tasks include construction of temporary sites for trailers and mobile homes on parking lots and farmland) by having a sufficient number of permanent trained staff who (1) conduct adequate acquisition planning, (2) obtain independent cost/price analyses before contract award, and (3) perform required contract monitoring, including the inspection and acceptance of goods and services. In addition, FEMA needs a tracking system that will provide an accurate, complete inventory of agency assets. We made multiple recommendations in the areas of cost/price reasonableness, inspection and acceptance of goods and services, and inventory control. (OIG-08-88, August 2008, EMO) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-88_Aug08.pdf Costs Incurred for Rejected Temporary Housing Sites Williams, Adley & Company LLP, under a contract with DHS OIG, reviewed the costs incurred by FEMA as a result of development at locations that initially were identified as possible sites for temporary housing in the Gulf Coast area after Hurricane Katrina but ultimately were rejected for various reasons. FEMA should have required stricter compliance with clear processes that imposed a sequence of tasks to be undertaken by the contractors for each potential site. These processes were intended to minimize the costs to FEMA if a site proved to be unusable. At least one of the contractors also fell short in its obligation to act in the best interest of the government. As a result, more than $5.6 million in excessive costs were incurred. Pre-Deployment Meetings Preliminary Site Assessment & Feasibility Analysis (potential sites) perlormed by Contractor strike teams Step 5 Contractor prepares Group Site Design Step 2 Contractor Develops Work Plan Step 4 Conlractor Inspects Sites Approved by FEMA to Determine Feasibility Step 6 Group Site Design Approved by FEMA & Contractor Begins Construction FEMA's Site Development Process Our recommendations included the need to develop and implement a quality assurance program for contracting staff that would ensure contractors' compliance with the terms and conditions of FEMA contracts. (OIG-08-86, August 2008, EMO) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-86_Aug08.pdf Interagency Agreement with U.S. Department of Housing and Urban Development for the Disaster Housing Assistance Program FEMA entered into an interagency agreement with the U.S. Department of Housing and Urban Development (HUD) to administer the Disaster Housing Assistance Program (DHAP). DHAP provides temporary housing assistance through March 1, 2009, by means of a monthly rent subsidy to eligible families displaced by Hurricanes Katrina and Rita. HUD acts as a servicing agent to provide temporary long-term housing rental assistance and case management to identified individ- uals and households displaced by Hurricanes Katrina and Rita. HUD's Public Housing Authorities (PHAs) perform pretransitional activities and case management services. This review focused on HUD-proposed modifica- tions to the operating requirements for DHAP. Our 15 Semiannual Report to the Congress April 1, 2008-September30, 2008 objective was to determine if elements of the proposed modifications to compensation for program services could result in duplicate or improper payments. FEMA paid HUD for administrative service fees not incurred and paid some fees twice. We recommended that FEMA require HUD's PHAs to (1) provide a cost estimate for administrative service fees related to the rent subsidy payments made by the PHAs, (2) reimburse FEMA for the administrative service fees related to the rent subsidy payments that were not made by HUD's PHAs in November 2007, and (3) reimburse FEMA for the duplicate adminis- trative service fees on the rent subsidy payments that were paid or will be paid to the Houston PHA and the PHAs that did not render service in December 2007 and subsequent months. (OIG-08-55, May 2008, EMO) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-55_May08.pdf Hurricane Katrina Multitier Contracts The government hired prime contractors, rather than small businesses, to help repair the massive damage caused by Hurricanes Katrina and Rita. These prime contractors engaged smaller businesses, creating layers of subcontractors between the prime contractors and those actually performing the work. We reviewed the extent to which multitier subcontracting increased costs, limited opportunities for local businesses, and resulted in layers of subcontractors being paid profits and overhead while adding little value to the work performed. Multitier subcontracting alone did not increase costs, and national prime contractors hired significant numbers of local businesses. Because subcontractor invoices do not contain specific informa- tion on lower tier subcontractors, it was not clear if subcontractors profited without adding value to the contracts. FEMA trailer and house with "Operation Blue Roof" Tarp The Post-Katrina Emergency Management Reform Act of 2006 (PL. 109-295, Title VI) requires the Secretary of DHS to promulgate regulations that require, at a minimum, that contractors not use subcontrac- tors for more than 65% of the cost of a contract or any individual task, excluding profit and overhead. We believe that this requirement is overly restrictive and recommended that FEMA work with Congress and the Office of Federal Procurement Policy to promulgate less restrictive regulations over multitier subcontracting. We recommended that FEMA work with DHS officials, the Office of Federal Procurement Policy, and Congress to promulgate less restrictive regulations over multitier contracting. (OIG-08-81, July 2008, (EMO) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-81JuI08.pdf The Federal Emergency Management Agency's Sheltering and Transitional Housing Activities After Hurricane Katrina FEMA received widespread criticism for its inability to effectively provide transitional housing assistance, particularly in moving evacuees from emergency shelters to more permanent forms of temporary 16 April 1, 2008-September 30, 2008 Semiannual Report to the Congress housing. We conducted a review of FEMA's activities under its disaster housing program for providing assistance to victims of hurricanes Katrina, Rita, and Wilma. FEMA did not have plans in place that clearly defined roles, responsibilities, and processes to address housing needs. FEMA was unable to effectively coordinate housing needs among state and local governments; provide effective contract management, oversight, and monitoring; and ensure that manufacturers' warranties were enforced when contractors repaired and maintained housing units. We recommended that FEMA develop plans and define roles and responsibilities in planning for housing needs; develop procedures to ensure that contracts are managed and monitored effectively; take steps to improve communication and coordination with state and local governments; develop criteria for temporary housing sites; and develop policies and procedures to ensure that manufactured housing is properly inspected and maintained and that repair warranties are enforced. Finally, we proposed several alternatives for Congress to consider when addressing housing solutions in future catastrophic disasters. (OIG-08-93, September 2008, EMO) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-93_Sep08.pdf The Federal Emergency Management Agency's Crisis Counseling Assistance and Training Program: State of Florida's Project H.O.P.E. Our review of FEMAs Crisis Counseling Assistance and Training Program and the grants awarded to the State of Florida's Project H.O.P.E. following hurricanes Katrina and Wilma determined that the Crisis Counseling Assistance and Training Program could be strengthened by (1) better coordination of outreach and publicity activities among FEMA, other responding agencies, and the state implementing the grant; (2) improved information sharing among FEMA and state agencies to locate disaster survivors in need of counseling; (3) improved managerial oversight and project monitoring; (4) improved methodologies to measure project effectiveness; and (5) better planning for consistent project design implementation. Our recommendations included establishing standard practices to ensure coordinated efforts in publicizing services available to disaster survivors (including available community and governmental services) among the state and local project offices, FEMA's Voluntary Agency Liaisons, Community Relations, and Public Affairs; better collaboration among all government agencies attempting to identify and establish contact with those in need of crisis counseling; and developing and implementing consistent results-oriented measure- ments to determine the effectiveness of projects funded by FEMA. (OIG-08-96, September 2008, EMO) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-96_Sep08.pdf Hurricane Katrina: Wind Versus Flood Issues We did not find evidence that Write-Your-Own (WYO) insurance companies acted improperly in adjusting claims, or that a perceived conflict of interest influenced their determination of insurance settlements for wind and flood claims from Louisiana, Mississippi, and Alabama. However, there were numerous instances of duplication of benefits. Overall, we concluded that the National Flood Insurance Program (NFIP) would benefit from including wind damage information in its adjustment process. FEMA should (1) require WYO insurance companies to document and make available to the NFIP the rationale and methodology for calculating flood and wind damage when there is evidence that both contributed to the damage, (2) expand the scope of the reinspection process and the operational reviews to ensure that wind damage was not paid under the flood policy, and (3) provide clear and concise guidance for adjusting total loss claims after catastrophic events when structures are completely destroyed by wind and water. 17 Semiannual Report to the Congress April 1, 2008-September30, 2008 We also recommend that Congress examine FEMA's authority to obtain homeowners insurance informa- tion, provide more resources for NFIP to improve its oversight of WYO insurance companies, and work with insurance regulators on the issue of anticoncur- rent clauses in flood policies. (OIG-08-97, September 2008, EMO) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-97_Sep08.pdf Information Technology Management Letter for the FEMA Component of the FY 2007 DHS Financial Statement Audit (Redacted) We contracted with the independent public accounting firm KPMG LLP to audit the FEMA consolidated balance sheet and related statements as of September 30, 2007 and 2006. As part of this review, KPMG LLP noted certain matters involving IT internal control and other operational matters and have documented their comments and recommendations in the IT Management Letter. The overall objective of our audit was to evaluate the effectiveness of IT general controls of FEMAs financial processing environment and related IT infrastructure. KPMG LLP noted that FEMA addressed many prior years of IT control weaknesses but that IT general control weaknesses still existed during FY 2007. The most significant weaknesses from a financial statement audit perspective related to access controls, change control, entity-wide security, system software, and service continuity. Collectively, the IT control weaknesses limit FEMAs ability to ensure the confidentiality, integrity, and availability of critical financial and operational data. These weaknesses also negatively impact FEMAs internal controls over its financial reporting and operation, and KPMG LLP considers them to collectively represent a material weakness under standards established by the AICPA. (OIG-08-68, June 2008, IT- A) http:// www.dhs.gov/ xoig/assets/ mgmtrpts/ OIGr_08-68_Jun08.pdf DISASTER ASSISTANCE GRANTS The Robert T. Stafford Disaster Relief and Emergency Assistance Act (P.L. 93-288), as amended, governs disasters declared by the President of the United States. Title 44 of the Code of Federal Regulations provides further guidance and requirements for administering disaster assistance grants awarded by FEMA. We review grants to ensure that grantees or subgrantees account for and expend FEMA funds according to federal regulations and FEMA guidelines. We issued 16 financial assistance grant reports with questioned costs totaling $22.3 million of which $6.2 million was unsupported. Our grant reports included Hurricane Katrina Disaster Costs for Hancock County Port and Harbor Commission (DA-08-09) and Lafayette Parish Sheltering and Emergency Protective Measures (DD-08-02). A list of these reports, including questioned costs and unsupported costs, is provided in Appendix 4. Hurricane Katrina Disaster Costs for Hancock County Port and Harbor Commission The Hancock County Port and Harbor Commission received an award of $19.9 million from the Mississippi Emergency Management Agency (MEMA), a FEMA grantee, for emergency protective measures, debris removal, and other disaster-related activities. We reviewed $10.2 million of costs incurred under five large projects. Our review determined that the Commission properly accounted for project expendi- 18 April 1, 2008-September 30, 2008 Semiannual Report to the Congress tures on a project-by-project basis as required by federal regulations. However, we identified $5.0 million of questioned costs resulting from insurance proceeds that had not been deducted from eligible project costs and excessive contract costs. Prior to issuance of our report, FEMA deobligated $5 million of the costs questioned in our review. We recommended that the Acting Director of the Mississippi Transitional Recovery Office, in coordination with MEMA, (1) inform the Commission that actual insurance proceeds must be reported to MEMA so that eligible project costs can be adjusted, (2) instruct the Commission to comply with all federal procurement regulations and FEMA guidelines when awarding contracts for FEMA-funded activities, and (3) disallow the $52,416 of excessive contract costs. (DA-08-09, August 2008, EMO) http://www.dhs.gov/xoig/assets/auditrpts/OIG_ DA-08-09_Aug08.pdf Lafayette Parish Sheltering and Emergency Protective Measures Lafayette Parish, Louisiana, was awarded $8 million in expedited funds for sheltering and emergency protective measures related to Hurricane Katrina at the Lafayette Cajundome and for emergency protective measures provided. Lafayette Parish fed and housed thousands of evacuees, as well as government officials and volunteers, in the Cajundome facilities from August 28 through October 29, 2005. Our review determined that Lafayette Parish accounted for and expended $4.55 million of the funds according to federal regulations and FEMA guidelines. However, FEMA denied $2.3 million in usage fees as ineligible, and this amount is included in $3.45 million of unspent funds that should be returned to FEMA. We also confirmed that FEMA needed to revise a project worksheet to amend the scope of work to include post-sheltering activities, as these are eligible expenses. We recommended that the Director of the FEMA Louisiana Transitional Recovery Office (1) recover the $3,448,987 of expedited funds that exceed eligible costs, and (2) amend the scope of work to include post-sheltering recovery activities. (DD-08-02, September 2008, EMO) http://www.dhs.gov/xoig/assets/auditrpts/OIG_ DD-08-02_Sep08.pdf FIRE MANAGEMENT ASSISTANCE GRANTS Summary of Eight Fire Management Assistance Grant Audits in Six Western States We reviewed $27.2 million of $54.2 million in eight Fire Management Assistance Grant (FMAG) awards to six western states. State agencies responsible for administering the awards generally did so effectively and efficiently but did not always comply with federal regulations and FEMA guidelines, especially regulations regarding records retention and support for costs claimed. We questioned more than $5.3 million in costs claimed but not properly supported with source documentation, $966,146 in costs not eligible for reimbursement under the FMAG program, and $515,430 in duplicate assistance provided to a subgrantee. The 32 recommendations in these reports recommended (1) disallowance of unsupported, ineligible, and duplicate costs; (2) compliance with records retention and supporting documentation requirements for costs claimed; (3) training on grant application policies and procedures; (4) compliance with financial reporting regulations; and (5) updates and revisions to the states' FMAG related policies, procedures, and accounting practices. (DS-08-05 through DS 08-12, September 2008, EMO) http://www.dhs.gov/xoig/assets/auditrpts/OIG_ DS-08-05_Sep08.pdf http://www.dhs.gov/xoig/assets/auditrpts/OIG_ DS-08-06_Sep08.pdf http://www.dhs.gov/xoig/assets/auditrpts/OIG_ DS-08-07_Sep08.pdf http://www.dhs.gov/xoig/assets/auditrpts/OIG_ DS-08-08_Sep08.pdf http://www.dhs.gov/xoig/assets/auditrpts/OIG_ DS-08-09_Sep08.pdf http://www.dhs.gov/xoig/assets/auditrpts/OIG_ DS-08-10_Sep08.pdf http://www.dhs.gov/xoig/assets/auditrpts/OIG_ DS-08-ll_Sep08.pdf http://www.dhs.gov/xoig/assets/auditrpts/OIG_ DS-08-12_Sep08.pdf 19 Semiannual Report to the Congress April 1, 2008-September30, 2008 STATE HOMELAND SECURITY GRANTS The State of Washington's Management of State Homeland Security Grants Awarded During FY 2004-06 The State of Washington received $121.6 million in State Homeland Security Grants awarded by FEMA during FY 2004-06. We contracted with Cotton & Company LLP, under a contract with DHS OIG, conducted an audit of the State of Washington's Management of State Homeland Security Grants to determine whether the State of Washington (1) effectively and efficiently implemented State Homeland Security Grant programs, (2) achieved program goals, and (3) spent funds in accordance with grant require- ments. Overall, the state administrative agency effectively and efficiently implemented the State Homeland Security Grant programs. The state used reasonable methodolo- gies to assess threats, vulnerabilities, capabilities, and prioritize needs, and allocated funding accordingly. The state complied with requirements for managing and reporting cash, obligating funds to local jurisdic- tions, and expending funds within performance periods. For expenditures tested, grant funds were expended according to grant requirements and in alignment with the state homeland security strategy. However, the state and its subgrantees did not have adequate controls over personal property purchased with grant funds. Our recommendations called for FEMA to require the State of Washington to develop guidance and ensure implementation of federal regulations governing controls over personal property. (OIG-08-98, September 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-98_Sep08.pdf The State of Arizona's Management of State Homeland Security Grants Awarded During FYs 2004-06 The State of Arizona received $103.1 million in Homeland Security Grants awarded by FEMA during FY 2004-06. We contracted with Williams, Adley & Company LLP to conduct an audit of the DHS State Homeland Security Grants to determine whether the State of Arizona (1) effectively and efficiently implemented the State Homeland Security Grants programs, (2) achieved the goals of the programs, and (3) spent funds in accordance with grant requirements. Overall, the State of Arizona efficiently and effectively administered the program requirements, distributed grant funds, and ensured that all available funds were used. However, the state withheld portions of local units' funding without proper documentation and did not perform adequate programmatic monitoring of subgrantees. Our recommendations called for FEMA to require the State of Arizona to implement control procedures for approval and documentation of funds withheld for centralized procurements, and implement a full-scope subgrantee monitoring program. (OIG-08-99, September 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-99_Sep08.pdf The State of Utah's Management of State Homeland Security Grants Awarded During FYs 2004-06 The State of Utah received $55.6 million in Homeland Security Grants awarded by FEMA during FY 2004-06. We contracted with Williams, Adley & Company LLP to conduct an audit of the State Homeland Security Grants to determine whether the State of Utah (1) effectively and efficiently implemented the State Homeland Security Grants programs, (2) achieved the goals of the programs, and (3) spent funds in accordance with grant requirements. Overall, the State of Utah efficiently and effectively administered program requirements, distributed grant funds, and ensured that all available funds were used. However, it did not ensure that grant funds were allocated within 60 days as required, and that Financial Status Reports for FY 2004-06 grants were submitted on time. Our recommendations called for FEMA to require the State of Utah to review its allocation process to meet the 60 day requirement, and revise the Financial Status Reports preparation process to ensure timely submissions. (OIG-08-83, August 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-83_Aug08.pdf 20 April 1, 2008-September 30, 2008 Semiannual Report to the Congress ASSISTANCE TO FIREFIGHTERS GRANT Assistance to Firefighters Grant Program- FY2003 We contracted with Foxx & Company to conduct a performance audit of the FY 2003 Assistance to Firefighters Grant Program. During FY 2003, the most recent year at the time of the audit for which grant awards were fully implemented, a total of 8,745 grants worth $705,242,829 were competitively awarded. The audit included approximately $7,164,087 awarded to 30 grant recipients, 10 located in each of the states of California, Illinois, and New York. The audit was conducted to determine if (1) the grantee properly accounted for the awarded federal funds and acquired property assets, and (2) the claimed program costs were eligible, reasonable, and adequately supported. Of the 30 grant recipients reviewed, 21 expended grant funds in accordance with the grant agreement and provided appropriate documentation to support the incurred costs. Of the remaining nine recipients, six did not comply with grant requirements, resulting in ineligible expenditures, and five had unsupported costs. Recommendations were made to FEMA to resolve the ineligible expenditures and unsupported costs, and ensure that grant recipients establish accounting systems, comply with records retention policies, and follow federal regulations for soliciting bids. (OIG-08-84, August 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-84_Aug08.pdf INVESTIGATIONS Benefit Recipient Sentenced for Federal Emergency Management Agency Fraud We conducted an investigation of a disaster benefit recipient for filing fraudulent disaster claims with FEMA. She claimed to have losses in connection with Hurricanes Katrina and Rita. Between September 2005 and January 2006, she filed seven applications with FEMA for relief money for property damage to residences in Louisiana. She submitted the applications over the Internet in the names of other people, and in fact, none of the applicants had sustained any property damage as a result of the hurricanes. She was sentenced in U.S. District Court to 5 years probation and was ordered to pay $14,744 in restitution. Benefit Recipient Indicted for Federal Emergency Management Agency Fraud Our investigation revealed that a person falsified multiple Social Security numbers to obtain approxi- mately $8,000 in fraudulent Individual Assistance claims after Hurricane Katrina. Evidence also indicated that she defrauded FEMA of approximately $8,500 in previous disasters. She was indicted in the Southern District of Texas for false claims and mail fraud, was subsequently convicted, and is awaiting sentencing. City Ordered to Pay a Civil Judgment to Federal Emergency Management Agency for Excessive Claim We conducted an investigation into an allegation that a Colorado city filed a false excessive claim with FEMA for emergency snow removal. Investigation verified that the contractor had falsified its billing records at the request of the town administrator, enabling the city to file an overstated emergency snow removal claim with FEMA. Our investigation determined that the claim amount was outside the scope of the FEMA provisions. A civil judgment was entered and the city agreed to reimburse FEMA for $64,500. Federal Emergency Management Agency Fraud Ring Busted We investigated a person who fraudulently filed 77 disaster assistance applications on behalf of 73 people, resulting in wrongful payments of $92,958. She and several conspirators recruited members of the community, who knowingly provided their names and Social Security numbers for her fraudulent filings. The recruiters then accompanied the people to cash their $2,000 assistance checks. Each person received between $300 and $600, with the remaining money split between the recruiter and the principal subject. The Assistant U.S. Attorney decided to prosecute 10 of 73 claimants based on their level of involvement in the conspiracy, their previous criminal histories, and whether they were receiving HUD Section 8 housing assistance. 21 Semiannual Report to the Congress April 1, 2008-September30, 2008 Eight of the defendants have been sentenced, with the principal subject receiving the largest sentence: 33 months incarceration, 3 years probation, and an order to pay $92,958 in restitution. Additionally, her Lincoln Navigator was ordered seized and forfeited. Others have received lesser terms of confinement, home detention, probation, and restitution. Two subjects are awaiting sentencing. The investigation was a result of a joint investigation with the HUD OIG. California Resident Guilty of Filing False Katrina Claim We conducted an investigation into the allegation that a fraudulent FEMA claim was filed by a person reporting to be a resident of Louisiana at the time Hurricane Katrina struck the Gulf Coast. The person was in fact a California resident, who pled guilty to false claims, was placed on 2 years probation, and was ordered to pay $20,714 in restitution. Office of Inspector General Assists Homicide Investigations The U.S. Attorney's Office, Southern District of Texas, contacted our office to request assistance in a homicide investigation. Police detectives sought to determine if a Louisiana native who was a suspect in the murder of his two minor children had fraudulently applied for FEMA funds. At the time of the request, police had only substantiated misdemeanor charges for which the suspect could have posted bond. The suspect had indeed fraudulently received FEMA funds and our agents gathered sufficient evidence to charge him. The suspect later confessed to the murders. Office of Inspector General Response to Midwest Flooding We initiated a response to suspected FEMA fraud related to the recent Midwest flooding. Our agents visited FEMA Joint Field Offices recently established in Madison, WI; Indianapolis, IN; and Urbandale, IA. Our agents gave briefings and met with officials and various FEMA program staffs. Our agents also developed points of contact with other affected federal, state, and local police agencies and the relevant U.S. Attorneys' offices. Federal Emergency Management Agency Fraud Suspect Pleads Guilty We conducted an investigation of a person who was listed as an applicant in a FEMA disaster assistance application and claimed to be displaced by Hurricane Katrina. FEMA found him to be eligible and provided him with $2,000 in disaster assistance. We interviewed the person who stated that he fraudulently conspired to defraud FEMA and endorsed a U.S. government check even though he knew that he was not eligible for assistance. The person was sentenced to 36 months probation and $2,000 restitution as a result of his guilty plea on one count each of false claims and felony theft regarding FEMA fraud. Fraud Suspects Plead Guilty to False Federal Emergency Management Agency Claims We conducted an investigation of two people who applied by telephone three times for FEMA disaster assistance regarding Hurricane Katrina and Rita. The Social Security numbers used by the subjects during their FEMA claims did not belong to either of them. We arrested them after they were indicted for making the false applications to FEMA. One subject was sentenced to time served, 3 years probation, a $200 special assessment fine, and $2,000 in restitution. The second subject was sentenced to time served, 5 years probation, a $200 special assessment fine, and $2,000 in restitution. Federal Emergency Management Agency Fraud Suspect Pleads Guilty to Felony Theft We conducted an investigation where a person made a FEMA disaster assistance application and claimed to be displaced by Hurricane Rita. FEMA found the applicant eligible and gave her $2,000 in disaster assistance. Subsequently, we interviewed the subject, who stated that she fraudulently conspired to defraud FEMA and endorsed a U.S. government check even though she knew that she was not eligible for assistance. She was later arrested and pled guilty to one count of felony theft, and was sentenced to 18 months probation and ordered to pay $2,000 in restitution to FEMA. 22 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Federal Emergency Management Agency Fraud Suspect Pleads Guilty to Felony Theft We conducted an investigation of a FEMA disaster assistance applicant who claimed to be displaced by Hurricane Katrina. FEMA found the applicant eligible and gave her $2,000 in disaster assistance. Subsequently, we interviewed the applicant, who stated that she fraudulently conspired to defraud FEMA and endorsed a U.S. government check even though she knew that she was not eligible for assistance. We later arrested the applicant for false claims and felony theft regarding the fraudulent disaster assistance applica- tion. The subject pled guilty to one count of felony theft and was subsequently sentenced to 36 months probation and ordered to pay $2,000 in restitution to FEMA. Former County Official Convicted of Fraud We conducted an investigation of alleged FEMA fraud involving a former county official. The former official created a fraudulent FEMA letter that he sent to property developers. The developers responded to the letter with money that they thought was payment to FEMA for a letter providing land map revisions, and the money was deposited in the subject's personal account. The former official was convicted in the Arizona Superior Court of eight felony counts related to FEMA fraud and was subsequently sentenced to 8 years of state imprisonment. The subject is also facing another trial for fraudulent activity in connection with his application for a mortgage broker license. Two Convicted of Federal Emergency Management Agency Debris Removal Fraud An early season snowstorm in October 2006 severely impacted Erie County, NY, causing large-scale damage to trees. Erie County contracted with a debris removal company to trim and remove debris from county parks. We received allegations that the contractor was providing coffee, donuts, lunch, and other nonmone- tary gratuities to monitors in order to manipulate them into falsifying invoices for work done on trees that did not meet FEMA guidelines for trimming. One monitor did falsify invoices at the contractor's request. Both the contractor and the monitor pleaded guilty to state charges and were sentenced to probation and community service. As a result of this investiga- tion, $62,800 in payments to the contractor, which would have been submitted to FEMA, was withheld. Since the fraud was averted, FEMA was not billed for this activity. Alabama Resident Sentenced to Six Years for Federal Emergency Management Agency Fraud Our investigation resulted in a subject being indicted on four counts related to theft of disaster funds received as a result of fraudulent claims filed in the aftermath of Hurricane Katrina. The subject received $8,716 in federal funds. The subject was involved in other criminal activity and was also being investigated by other federal agencies. The subject entered a guilty plea to the disaster fraud and was sentenced to a total of 140 months imprisonment (80 months for the FEMA fraud) and 60 months on supervised release. The court also ordered the subject to pay restitution of $8,716 and an assessment of $400. Four Alabama Residents Charged With Federal Emergency Management Agency Hurricane Katrina Fraud Our investigation resulted in four subjects being indicted for filing false Disaster Assistance claims with FEMA after Hurricane Katrina. Three of the subjects were family members and the fourth was a close associate. One of the subjects was incarcerated at the time Hurricane Katrina occurred. The other subjects provided FEMA with false documentation regarding damage to their homes as well as fraudulent rental agreements and receipts in order to obtain funding for emergency rental assistance. Total dollar loss to FEMA was $27,833. Three of the four subjects have entered guilty pleas. One subject has been sentenced to 3 years in federal prison and 5 years supervised probation on release from prison, and ordered to pay restitution. The others are awaiting sentencing and have indicated that they want to provide information about others who defrauded FEMA. 23 Semiannual Report to the Congress April 1, 2008-September30, 2008 Alabama Resident Sentenced to Two Years for Stealing Dead Brother's Identity to File False Federal Emergency Management Agency Claim Our investigation resulted in one person being indicted for theft of funds, aggravated identity theft, and false statements related to a false FEMA claim after Hurricane Katrina. The subject filed the false claim in the name of his brother, who had died in 1993. The subject received FEMA individual assistance, hotel assistance, and a FEMA travel trailer, for a total of more than $33,000. The subject entered a guilty plea to the charges and was subsequently sentenced to 24 months imprisonment and 12 months supervised release, was ordered to pay restitution in the amount of $33,179, and was given a $100 special assessment. Federal Emergency Management Agency Fraud Suspect Pleads Guilty to Felony Theft We investigated four people who allegedly submitted false FEMA claims. As part of the recent hurricane relief effort, FEMA initiated and funded the Disaster Unemployment Insurance Assistance (DUA), which provided unemployment insurance (UI) funds in addition to regular UI benefits for people who became unemployed because of the hurricanes. It was alleged that the four people submitted false claims for DUA benefits. They were subsequently convicted of wire fraud, mail fraud, conspiracy, and identity theft. The main conspirator was sentenced to 54 months confine- ment followed by 3 years supervised release, and was ordered to pay restitution of $150,223. The remaining three were sentenced to lesser amounts of incarceration and restitution. Federal Emergency Management Agency Fraud Suspect Pleads Guilty to Felony Theft We investigated a complaint received from the local police department alleging that a person was a renter at an address in Bogalusa, LA, after Hurricane Katrina. During the course of the investigation, it was proved that she fraudulently applied for and received FEMA funds by using the Bogalusa address and forging a rental receipt indicating that she was living at the address before the hurricane. She was sentenced to 60 months confinement followed by a 36-month supervised release in the Middle District of Louisiana as a result of a guilty plea to filing false FEMA claims. FEDERAL LAW ENFORCEMENT TRAINING CENTER MANAGEMENT REPORTS Independent Auditor's Report on Federal Law Enforcement Training Center's FY 2007 Consolidated Financial Statements KPMG LLP, under a contract with DHS OIG, issued an Independent Auditor's Report on FY 2007 Consoli- dated Financial Statements for the Federal Law Enforcement Training Center (FLETC). KPMG LLP expressed an unqualified opinion on FLETC's consoli- dated financial statements for FY 2007. The FY 2007 auditor's report discusses four significant deficiencies, one of which is considered a material weakness, as well as one instance of noncompliance with laws and regulations. The following conditions were identified: Management Review of Upward and Downward Adjustments, Environmental Clean-up Costs, Accounts Payable, and Financial Systems Security. The Management Review of Upward and Downward Adjustments is also a material weakness. FLETC's management concurred with all the findings. (OIG-08-53, May 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-53_May08.pdf Information Technology Management Letter for the FY 2007 Federal Law Enforcement Training Center Financial Statement Audit (Redacted) KPMG LLP performed an audit of the DHS FLETC's Consolidated Balance Sheet and related statements as of September 30, 2007 and 2006. The overall objective of the audit was to evaluate the effectiveness of IT general controls of FLETC's financial processing environment and related IT infrastructure as necessary to support the engagement. As part of this audit, KPMG LLP reviewed internal controls over financial reporting, and determined that its operation was a significant deficiency under standards established by the AICPA. KPMG LLP found deficiencies in the design and operation of FLETC's internal controls, which could adversely affect the agency's financial statements. Additionally, KPMG LLP noted deficiencies over entity-wide security planning, access 24 April 1, 2008-September 30, 2008 Semiannual Report to the Congress controls, application development and change control, system software, and service continuity; the auditors documented their comments and recommendations in the IT Management Letter. KPMG LLP determined that FLETC has made progress on its weaknesses, but many of the prior year Notifications of Findings and Recommendations could not be closed completely because of impending systems implementation or policies and procedures that are in draft form, and thus were reissued. (OIG-08-70, June 2008, IT- A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-70Jun08.pdf OFFICE FOR CIVIL RIGHTS AND CIVIL LIBERTIES We received 92 civil rights and civil liberties complaints from April 1 through September 30, 2008. Of those, we opened four investigations, referred 88 investiga- tions to the Office for Civil Rights & Civil Liberties (CR&CL), and there are no complaints currently under review for disposition. During the reporting period, we did not make any arrests, there were no indictments or convictions, and two of the four investigations noted above are still open. OFFICE OF INTELLIGENCE AND ANALYSIS MANAGEMENT REPORTS Letter Report: National Applications Office Privacy Stewardship (Unclassified Summary) We reviewed the DHS National Applications Office (NAO) privacy stewardship to determine whether NAOs plans and activities instill and promote a privacy culture and are in compliance with privacy regulations. Privacy stewardship includes establishing privacy requirements prior to program initiation, privacy risk assessment and mitigation, and privacy integration in the program operation. Generally, NAO is making good progress in developing an effective privacy program for its operations. Specifi- cally, NAO involved the DHS Privacy Office early in program planning and development of key organiza- tional documents. Also, NAO acknowledges privacy requirements and states a commitment to privacy in its charter. We identified several elements that serve as a framework for NAOs privacy stewardship, such as ongoing privacy oversight by departmental privacy and civil liberties officers, public notice of system of records, training of NAO personnel, and approved risk assessments. However, a revised Privacy Impact Assessment and a Civil Liberties Impact Assessment reflecting changes in the charter are still necessary before NAO can become operational. We recommended that the Under Secretary for Intelli- gence & Analysis direct the Director of NAO to obtain the DHS Privacy Office's approval of an updated program Privacy Impact Assessment reflecting a signed charter and standard operating procedures, as well as DHS CR&CL approval of NAO's Civil Liberties Impact Assessment. (OIG-08-35, April 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIGr_08-35_Apr08.pdf TRANSPORTATION SECURITY ADMINISTRATION MANAGEMENT REPORTS Transportation Security Administration's National Deployment Force TSAs National Deployment Force deploys transpor- tation security officers to support airport screening operations during emergencies, seasonal demands, or other circumstances requiring more staffing resources than are regularly available. TSA implemented this program without developing a process to determine the criteria and priority for deployment decisions or ensuring the appropriateness of resource allocations. From the establishment of a deployment program in November 2003 until January 2007, TSA did not have financial systems to track and document program- related costs, adequate documentation to support deployment decisionmaking, or internal controls and standard operating procedures over key deployment functions. In addition, TSA was overly reliant on the deployment force to fill chronic staffing shortages at specific airports in lieu of more cost-effective strategies to handle screening demands. We recommended that TSA establish systems to collect, track, and report deployment costs; develop decisionmaking procedures 25 Semiannual Report to the Congress April 1, 2008-September30, 2008 for deployment requests and document results; and develop and disseminate standard operating procedures for key program functions to increase program efficiency and effectiveness. (OIG-08-49, April 2008, ISP) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-49_Apr08.pdf TSA's Administration and Coordination of Mass Transit Security Programs Since 2004, TSA has initiated several programs to boost mass transit security. Our review focused on TSAs management of its four major assistance programs and how well these programs meet the needs of the Nation's five largest mass transit rail systems. TSA is improving mass transit security but faces important challenges to improve transit rail security, meet the needs of mass transit authorities, and comply with recent legislation that expanded TSAs statutory authority and responsibility. TSA still needs to clarify its transit rail mission and develop additional regulations and memorandums of understanding with local transit authorities. TSA needs to improve interof- fice communication and coordination, and needs to better understand and address system-specific security requirements. We made seven recommendations to improve management and coordination of mass transit rail security programs. (OIG-08-66, June 2008, ISP) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-66Jun08.pdf A Review of TSA's Management of Aviation Security Activities at Jackson-Evers International and Other Selected Airports The Chairman of the House Committee on Homeland Security requested that we review TSAs management of aviation security activities at Jackson-Evers Interna- tional and other selected airports, including whether (1) existing processes, which authorize certain people to fly while armed, need strengthening; (2) transporta- tion security officers reported the discovery of firearms and other dangerous prohibited items as required by TSA policy and directives; (3) transportation security officers received advance notice of any internal TSA covert testing; and (4) TSA compromised any covert testing conducted by another federal government entity. TSA has made progress toward improving its internal covert testing, but additional work is necessary. In addition, TSA can take steps to improve security activities within commercial aviation by eliminating the vulnerabilities associated with the current flying armed processes, strengthening covert testing procedures, and improving processes for reporting security incidents. We made 12 recommendations to improve TSAs management of aviation security. In response to our report, TSA proposed plans and actions that, once implemented, will reduce a number of the deficiencies we identified. TSA concurred with nine recommenda- tions, concurred in part with two recommendations, and did not concur with one recommendation, which we have since modified. (OIG-08-90, September 2008, ISP) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-90_Sep08.pdf Independent Auditor's Report on the Transportation Security Administration's FY 2007 Balance Sheet KPMG LLP, under a contract with DHS OIG, issued a qualified opinion on the TSA's balance sheet for the year ended September 30, 2007. TSA was unable to provide sufficient audit evidence to support the accuracy, completeness, and existence of accrued unfunded leave, certain other intragovernmental liabilities, intragovernmental accounts payable, and certain accounts payable as presented in TSA's consoli- dated balance sheet at September 30, 2007. KPMG LLP's report also discusses five material weaknesses, two other significant deficiencies in internal control, and instances of noncompliance with four laws and regulations as follows: Significant deficiencies that are considered to be material weaknesses: A. Financial Systems Security B. Undelivered Orders and Accounts Payable C. Property and Equipment D. Financial Reporting E. Accrued Leave F. Accounts Receivable G. Human Resources Documentation Noncompliance of laws and regulations: H. Federal Financial Management Improvement Act of 1996 26 April 1, 2008-September 30, 2008 Semiannual Report to the Congress I. Federal Managers Financial Integrity Act of 1982 J. Debt Collection Improvement Act of 1996 K. Payroll-related laws (OIG-08-57, May 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-57_May08.pdf Transportation Security Administration's Efforts To Proactively Address Employee Concerns TSA reports that a stable, mature, and experienced workforce is the most effective tool it has to meet its mission. Despite the value placed on the workforce, employees have expressed their concerns about how the TSA operates by historically filing formal complaints at rates higher than other federal agencies of comparable size. Low employee morale continues to be an issue at some airports, contributing to TSAs 17% voluntary attrition rate. TSA has taken proactive steps by establishing the Office of the Ombudsman, the Integrated Conflict Management System, and the National Advisory Council to help identify and address its employees' workplace concerns. We evaluated the effectiveness of these initiatives and concluded that TSA could improve its initiatives by establishing more effective internal systems, processes, and controls. Specifi- cally, TSA has not provided sufficient tools and guidance regarding the structures, authorities, and oversight responsibilities of each initiative, and has faced challenges in communicating the details of each to its workforce. More than half of the employees we interviewed described the agency's efforts to educate them on the various initiatives available to address their workplace concerns as "inadequate." Our report contains six recommendations to the TSA to provide employees with sufficient tools, including clear guidance and better communication, on the structures, authorities, and oversight responsibilities of the initiatives we reviewed. (OIG-08-62, May 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-62_May08.pdf Transportation Security Administration's Single Source (Noncompetitive) Procurements We conducted an audit to determine whether TSA properly justified less than full and open competition for single source procurements. Contracts awarded in FY 2006 were exempted from the requirements of the Federal Acquisition Regulation. However, the Consolidation Appropriation Act of 2008 repealed TSAs exemption, effective June 2008. TSA complied with some of the policies and procedures for awarding single source procurements, but not others. All of the contract files contained the written rationale, but most of the files lacked the required market analysis, proper concurrences and approvals, and statements of planned actions to remove barriers to future competition. The noncompliances prevent TSA from readily substantiating that its single source procurements in 2006 were appropriately awarded. We recommended measures that, when implemented, will increase the likelihood that TSAs single source procurements comply with applicable policies and procedures, are fully justified, and are appropriate. (OIG-08-67, June 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-67_Jun08.pdf Independent Auditor's Report on the Transportation Security Administration's FY 2008 Mission Action Plans KPMG LLP, under a contract with DHS OIG, performed an audit to evaluate and report on the status of the four detailed M APs prepared by TSA to correct the internal control deficiencies over financial reporting. The MAPs are intended to address control deficiencies identified in financial reporting, capital assets and supplies, actuarial and other liabilities, and budgetary accounting. KPMG LLP noted that the MAP milestones are not clearly linked to root causes. Critical interdependen- cies, such as those between milestones, accounting processes, or with third parties, are not identified within each MAP and affected milestones (e.g., USCG IT systems). KPMG LLP recommended that TSA management continue to perform a comprehensive and thorough root cause analysis, improve MAPs by clearly linking each deficiency or root cause identified by management to milestones, and identify critical interdependences and include milestones recognizing these dependencies. (OIG-08-74, July 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-74_JuIy08.pdf 27 Semiannual Report to the Congress April 1, 2008-September30, 2008 Transportation Security Administration's Controls Over Badges, Uniforms, and Identification Cards In early 2007, the media widely reported that thousands of TSA uniforms and badges were missing from various airport locations throughout the United States. Security experts and some members of Congress expressed concern that these missing items could allow an unauthorized person access to secured areas of an airport. We determined that TSA does not have adequate controls in place to manage and account for airport security identification display area badges, TSA uniforms, and TSA identification cards. Unauthorized access to those items increases an airport's level of risk to a wide variety of terrorist and criminal acts. TSA did not ensure that airport badge offices were notified when TSA employees separated from the agency, or that airport security identification display area badges were retrieved and returned to the badge offices. TSA did not record and track issuance of TSA uniforms, collect uniforms upon an employee's separation, and safeguard and account for reserve stock. TSA did not maintain accurate records on TSA identification cards or ensure that identification cards were returned and destroyed upon an employee's separation from TSA. Our report contained three recommendations to the TSA Assistant Secretary to strengthen the controls over TSA's management of airport security identification display area badges, uniforms, and identification cards. (OIG-08-92, September 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIGr_08-92_Sep08.pdf Information Technology Management Letter for the FY 2007 Transportation Security Administration Balance Sheet Audit (Redacted) We contracted with the independent public accounting firm KPMG LLP to audit the TSA consolidated balance sheet and related statements as of September 30, 2007 and 2006. As part of this review, KPMG LLP noted certain matters involving IT internal control and other operational matters and have documented their comments and recommendations in the IT Management Letter. The overall objective of our audit was to evaluate the effectiveness of IT general controls of TSA's financial processing environment and related IT infrastructure. KPMG LLP noted that TSA addressed many prior years of IT control weaknesses, but that IT general control weaknesses still existed during FY 2007. The most significant weaknesses from a financial statement audit perspec- tive related to access controls and application change control. Collectively, the IT control weaknesses limit TSA's ability to ensure the confidentiality, integrity, and availability of critical financial and operational data. These weaknesses also negatively impact TSA's internal controls over its financial reporting and operation, and KPMG LLP considers them to collectively represent a material weakness under standards established by the AICPA. (OIG-08-72, June 2008, ITA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIGr_08-72Jun08.pdf INVESTIGATIONS Transportation Security Administration Officer Convicted of Selling Security Seals We arrested a TSA officer after an investigation determined that he sold TSA "cleared baggage" stickers to an undercover agent with the knowledge that the stickers would be used to smuggle a shipment of cocaine through an international airport. After arrest, the TSA officer provided a full written confession and later pleaded guilty to theft of U.S. government property. Screener Pleads Guilty and Is Sentenced for Stealing Passengers' Personal Property We conducted an investigation into the allegation that a TSA security officer was stealing passengers' personal property items, including laptop computers and jewelry. The TSA security officer pleaded guilty to a state charge of theft second degree, was sentenced to 5 years probation, and was ordered to make restitution. Safety Concerns Raised by Federal Flight Desk Officer's Locking Pistol Holster We conducted an investigation that the design of TSA-issued locking holsters used by the Federal Flight Deck Officer (FFDO) program increases the likelihood of an accidental discharge of a weapon in an aircraft cockpit. We examined the holster and observed that 28 April 1, 2008-September 30, 2008 Semiannual Report to the Congress its design renders the weapon vulnerable to accidental discharges if improperly handled. In a darkened cockpit, under the stress of meeting the operational needs of the aircraft, a pilot could inadvertently discharge the weapon by failing to ensure it is properly seated in the holster, securing the trigger lock, and then pushing the weapon inward to secure the holster snap. Furthermore, our investigation observed that it was possible to accidentally discharge the weapon while inserting the hasp into the holster of an incorrectly seated weapon. Using a scale, we determined that only 6—7 pounds of lateral pressure on the padlock was sufficient to induce a discharge. if" Measuring foot pounds of lateral force required to induce a weapon discharge. We recommended that given the distracting environ- ment and potential low light of an aircraft cockpit, the FFDOs' weapon locking system should be simple and forgiving and that TSA should discontinue the use of the locking holster and consider other methods for FFDO to secure their weapons. UNITED STATES CITIZENSHIP AND IMMIGRATION SERVICES INVESTIGATIONS Civilian Pleaded Guilty to Visa Fraud and Aiding and Abetting (Update 10/1/07-3/31/08 SAR) We conducted a joint investigation with the United States Immigration and Customs Enforcement (ICE) Office of Investigations that resulted in the conviction of a civilian who had falsely claimed that he was conspiring with three corrupt U.S. Citizenship and Immigration Services (USCIS) employees to obtain immigration documents. The subject was charging $7,000 to file false immigration documents with USCIS on behalf of illegal aliens. No relationship was found between the subject and any USCIS employees during the investigation. The civilian pleaded guilty and was sentenced in U.S. District Court to 60 months for conspiracy to defraud the United States, presenta- tion of false immigration documents, aiding and abetting, and distribution of a controlled substance. Aiding Victims of Human Trafficking We received an allegation that a USCIS employee was keeping a foreign national in involuntary servitude at his residence. The investigation disclosed that the employee brought the foreign national to the United States, fraudulently granted her immigra- tion status, and then withheld her immigration documents to induce her to perform the duties of an unpaid servant in his home for several years. A search warrant was executed at the employee's residence, resulting in significant evidence of the offense. The USCIS employee was later admitted to a hospital following an apparent drug overdose and remains in a permanent vegetative state. Criminal charges have been declined in consideration of his medical condition. We are assisting the foreign national to transition to self-sufficiency. UNITED STATES COAST GUARD MANAGEMENT REPORTS Enhanced Configuration Controls and Management Policies Can Improve U.S. Coast Guard Network Security (Redacted) The USCG has implemented adequate security controls and policies for protecting its network infrastructure. Our audit focused on USCG security policies and procedures and network protection devices — such as firewalls, intrusion detection systems, and encryption devices — that have been deployed to protect the Coast Guard Data Network Plus 29 Semiannual Report to the Congress April 1, 2008-September30, 2008 (CGDN+) infrastructure. The overall security posture of the CGDN+ infrastructure is good. The USCG has implemented effective controls for protecting its network infrastructure; however, USCG management needs to take additional steps to ensure that the security of its network is not compromised by existing vulnerabilities. The USCG should enhance its configu- ration controls in compliance with DHS' information technology security policies and practices. Addition- ally, USCG should develop guidelines and procedures to address the security and configuration management of its network infrastructure. (OIG-08-82, August 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-82_Aug08.pdf Allision of the M/V COSCO BUSAN with the San Francisco -Oakland Bay Bridge We reviewed the USCG response to the November 7, 2007, allision of the Motor Vessel (M/V) COSCO BUSAN with the San Francisco-Oakland Bay Bridge. On November 7, 2007, with visibility restricted owing to heavy fog, the M/V COSCO BUSAN underway from Oakland, CA, allided with the San Francisco Bay Bridge. This allision created a large gash in the port side of the vessel, which caused an estimated 53,653 gallons of fuel oil to spill into San Francisco Bay. M/V COSCO BUSAN at anchor. Source: San Francisco Chronicle Due to the concerns about the subsequent USCG response and investigation, Speaker Nancy Pelosi and Chairman Elijah Cummings requested a review of the mishap. The USCGs actions before and for the first 24 hours after the allision were generally consistent with the policies and procedures in place for the San Francisco Sector at the time of the mishap. However, guidelines for vessel movement during periods of restricted visibility need to be expanded and clarified. Additionally, deficiencies in the post-mishap investigation resulted in a lost opportunity to collect and preserve all evidence relevant to the mishap. For example, communication and navigation equipment was not secured and tested, and M/V COSCO BUSAN and USCG watchstanders were not properly and timely tested for drug and alcohol use. Muir Beach cleanup Source: USCG Response to an oil spill is a multifaceted and multilay- ered effort that requires stakeholders to respond both autonomously and cooperatively. Much of the credit for the success of the response goes to the USCG, the State of California Oil Spill Prevention and Response Division, and the responsible party. (OIG-08-38, April 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-38_Apr08.pdf Independent Review of the U.S. Coast Guard's Reporting of FY 2007 Drug Control Obligations KPMG LLP, under contract with DHS OIG, was unable to issue an Independent Accountant's Report on the FY 2007 Drug Control Obligations for the USCG. USCGs management prepared the Table of Drug Control Obligations and related disclosures to comply with the requirements of the Office of National Drug Control Policy (ONDCP) Circular, Drug Control Accounting, dated May 1, 2007. However, because USCG could not provide assurance over the financial data in the detailed accounting submissions, KPMG 30 April 1, 2008-September 30, 2008 Semiannual Report to the Congress LLP could not provide the level of assurance required of the review. (OIG-08-42, April 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-42_Apr08.pdf Independent Review of the U.S. Coast Guard's Reporting of FY 2007 Drug Control Performance Summary KPMG LLP, under contract with DHS OIG, issued an Independent Accountant's Report on the FY 2007 Drug Control Performance Summary for the USCG. USCG's management prepared the Performance Summary Report and management's assertions to comply with the requirements of the ONDCP Circular Drug Control Accounting, dated May 1, 2007. KPMG LLP did not find any reason to believe that the Performance Summary Report for the year ended September 30, 2007, was not presented, in all material respects, in conformity with the ONDCP's Circular, or that management's assertions were not fairly stated, in all material respects, based on the criteria set forth in the circular. KPMG LLP did not issue any recommendations as a result of this review. (OIG-08-43, April 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-43_Apr08.pdf U.S. Coast Guard's Management of the Marine Casualty Investigations Program The House Committee on Transportation and Infrastructure and the Senate Committee on Commerce, Science, and Transportation requested that we audit the extent to which marine casualty investigations and reports result in information and recommendations that prevent or minimize the effect of similar casualties. Although the USCG's marine casualty investigations program has resulted in numerous safety alerts and recommendations designed to prevent similar casualties, the program is hindered by unqualified personnel conducting marine casualty investigations, investigations conducted at inappropriate levels, and ineffective management of a substantial backlog of investigations needing review and closure. Because of these management shortfalls, the USCG may not be able to determine the causes of accidents and may miss opportunities to issue safety alerts or recommendations that could prevent or minimize similar casualties. To improve the management and accountability of the marine casualty investigations program, we made eight recommenda- tions that included the development and implemen- tation of a plan to increase the number of qualified marine casualty investigators, including hiring civilians, and the implementation of quality control procedures to ensure that marine casualty investigations are conducted at the recommended levels. (OIG-08-51, May 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-51_May08.pdf Independent Auditor's Report on U.S. Coast Guard's FY 2008 Mission Action Plans KPMG LLP, under a contract with DHS OIG, performed an audit to evaluate and report on the status of the three detailed MAPs prepared by the USCG to correct the internal control deficiencies over financial reporting identified in Financial Management and Entity Level Controls, Fund Balance with Treasury, and Financial Reporting. KPMG LLP noted that the root causes identified were only generally defined, and critical interdepen- dencies were not identified and did not clearly link or cross-reference to audit findings and the material weakness conditions identified in the Independent Auditor's Report. The MAPs lacked specificity and milestones were not linked directly to the financial statement assertions affected by the control weaknesses. Some key milestones in the MAPs contained steps that were not measurable or designed with incremental objectives. (OIG-08-73, July 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-73Jul08.pdf Information Technology Management Letter for the U.S. Coast Guard Component of the FY 2007 Department of Homeland Security Financial Statement Audit (Redacted) We contracted the independent public accounting firm KPMG LLP to audit the USCG Consolidated Balance Sheet and related statements as of September 30, 2007 and 2006. As part of this review, KPMG LLP noted certain matters involving IT internal control and other operational and have documented their comments 31 Semiannual Report to the Congress April 1, 2008-September30, 2008 and recommendations in the IT Management Letter. The overall objective of our audit was to evaluate the effectiveness of IT general controls of USCG's financial processing environment and related IT infrastructure. KPMG LLP noted that USCG addressed many prior years of IT control weaknesses, but that IT general control weaknesses still existed during FY 2007. The most significant weaknesses from a financial statement audit perspective related to access controls, system software, entity-wide security, segregation of duties, service continuity and application change control. Collectively, the IT control weaknesses limit USCG's ability to ensure the confidentiality, integrity, and availability of critical financial and operational data. These weaknesses also negatively impact USCG's internal controls over its financial reporting and operation, and KPMG LLP considers them to collectively represent a material weakness under standards established by the AICPA. (OIG-08-69, June 2008, ITA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIGr_08-69_Jun08.pdf UNITED STATES CUSTOMS AND BORDER PROTECTION MANAGEMENT REPORTS A Review of U.S. Customs and Border Protection's Procurement of Untrained Canines From April 2006 through June 2007, CBP procured 322 untrained canines at an average price of $4,535 per canine. The costs incurred for the untrained canines were reasonable and were comparable to the costs incurred for untrained canines procured by organiza- tions such as the United States Secret Service and the Department of Defense. Regarding the cost effective- ness of the program, while only 4% of the Office of Border Patrol's 13,905 agents were canine handlers, they were credited with 60% of narcotic apprehensions and 40% of all other apprehensions in FY 2007. The solicitation and award of this contract were conducted according to applicable federal regulations. Also, U.S. Department of Agriculture officials said that the vendors were not required to possess a federally issued license to engage in the sale of animals. Through August 14, 2007, 26 (8%) of the procured canines did not complete the training. CBP donated six of these canines to private homes, which was inconsis- tent with federal regulations. We recommended that CBP adjust the delivery timeframes for vendors, properly transfer or sell unfit canines, and implement a unified system that accurately accounts for the performance of canine teams. (OIG-08-46, April 2008, ISP) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-46_Apr08.pdf Additional Controls Can Enhance the Security of the Automated Commercial Environment System (Redacted) We evaluated the Automated Commercial Environ- ment (ACE) system to determine whether CBP had implemented adequate and effective security controls to ensure the efficient collection, processing, and analysis of commercial import and export data. CBP has implemented effective measures to reduce the potential risks of unauthorized access to the ACE system. However, more effort is needed to improve the ACE security posture. We made four recommendations to improve the areas of management, operational, and technical controls. For example, we identified weaknesses in security acceptance testing during the system development process, user account management, patch management, and the inconsistent implementation of DHS Windows and Unix Baseline Configurations. (OIG-08-64, June 2008, ITA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIGr_08-64_Jun08.pdf Technical Security Evaluation of U.S. Customs and Border Protection Activities at the Chet Holifield Federal Building (Redacted) We evaluated CBP activities at the Chet Holifield Federal Building located in Laguna Niguel, CA. Specifically, we addressed how CBP has implemented computer security operational, technical, and managerial controls for its IT assets at this site. We performed onsite inspections, interviewed departmental staff, and conducted technical tests of internal controls, e.g., scans for wireless networks. Some of the Chet Holifield Federal Building operational controls did not always conform to DHS policies, including environmental, business continuity, 32 April 1, 2008-September 30, 2008 Semiannual Report to the Congress and physical security controls. For example, CBP could better protect its IT assets from damage by ensuring that the server room is not used for general storage. We briefed the DHS Chief Information Security Officer and CBP on the results of our evaluation. We also made eight recommendations to improve IT security at this site. CBP concurred with our recommendations and is addressing the findings. (OIG-08-37, April 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-37_Apr08.pdf Lessons Learned from the August 11, 2007, Network Outage at Los Angeles International Airport (Redacted) We evaluated CBP's actions to address the network outage at Los Angeles International Airport (LAX) on August 11, 2007. We also evaluated the actions that CBP took to prevent a recurrence of a similar outage. We performed onsite inspections at the airport, interviewed department staff conducted technical tests of workstations that may have been involved in the outage, and briefed CBP officials on the results of our evaluation. We recommended that CBP (1) establish and test procedures to use network operations center and onsite field support staff more effectively during a network outage, (2) provide network diagnostic tools for onsite support staff, (3) configure routers to provide required security logs; and (4) determine if steps taken at LAX should also be taken at other CBP locations. CBP officials concurred with our recommendations and have taken actions to ensure that a similar outage does not recur at this airport. (OIG-08-58, May 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIGr_08-58_May08.pdf Independent Review of the U.S. Customs and Border Protection's Reporting of FY 2007 Drug Control Obligations KPMG LLP, under a contract with DHS OIG, issued an Independent Accountant's Report on the FY 2007 Drug Control Obligations for CBP. CBP management prepared the Table of Drug Control Obligations Report and related disclosures to comply with the requirements of the ONDCP Circular, Drug Control Accounting, dated May 1, 2007. KPMG LLP did not find any reason to believe that the Table of Drug Control Obligations Report for the year ended September 30, 2007, was not presented in all material respects, in conformity with the ONDCP Circular, or that related disclosures were not fairly stated, in all material respects, based on the same criteria. KPMG LLP did not note any recommendations as a result of this review. (OIG-08-39, April 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-39_Apr08.pdf Independent Review of the U.S. Customs and Border Protection's Reporting of FY 2007 Drug Control Performance Summary KPMG LLP, under a contract with DHS OIG, issued an Independent Accountant's Report on the FY 2007 Drug Control Performance Summary for CBP. CBP management prepared the Performance Summary Report to comply with the requirements of the ONDCP Circular, Drug Control Accounting, dated May 1, 2007. KPMG LLP did not find any reason to believe that the Performance Summary Report for the year ended September 30, 2007, was not presented in all material respects, in conformity with ONDCP Circular. The Independent Accountant's Report is limited to the Performance Summary and did not cover management's assertions. (OIG-08-40, April 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-40_Apr08.pdf Independent Review of the U.S. Customs and Border Protection's Management Assertions on the 2007 Drug Control Performance Summary KPMG LLP, under a contract with DHS OIG, issued an Independent Accountant's Report on the FY 2007 Drug Control Performance Summary for CBP. Management of CBP prepared the Performance Summary Report and management's assertions to comply with the requirements of the ONDCP Circular, Drug Control Accounting, dated May 1, 2007. CBP's management reported that they could not assert that the "methodology to establish performance targets is reasonable and applied," as required by the ONDCP Circular. As a result, KPMG LLP was unable to complete their review of management's 33 Semiannual Report to the Congress April 1, 2008-September30, 2008 assertions on the Performance Summary Report, and the Independent Accountant's Report is limited to the Performance Summary only. (OIG-08-41, April 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-41_Apr08.pdf Targeting Cargo Containers 2008: Review of U.S. Customs and Border Protection's Cargo Enforcement Reporting and Tracking Systems Each year, we conduct a review of DHS' Automated Targeting System (ATS). In 2008, we reviewed CBP's Cargo Enforcement Reporting and Tracking System, a component of ATS. We identified the need for improvements in planning, updating, developing, and implementing the system. Specifically, CBP has to update the project plan to include the scope of work; a detailed implementation schedule for system design, developing, and testing; and cost estimates past phase 1. In addition, CBP bypassed key life cycle reviews designed to ensure that end users have a properly working system and have received management's approval to continue the project. CBP has expanded its international efforts to secure the cargo supply chain. For example, it continues to expand its efforts with the Customs-Trade Partnership Against Terrorism program and continues its efforts to improve ATS for cargo. We continue to review revenue management and analysis functions, and the effectiveness of trade operations security programs and strategies. (OIG-08-65, June 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-65_Jun08.pdf U.S. Customs and Border Protection's Management of 2005 Gulf Coast Hurricanes Mission Assignment Funding Regis & Associates, PC, under contract with DHS OIG, reviewed the CBP's management processes and internal controls for implementing FEMA-issued mission assignments related to the 2005 Gulf Coast hurricanes. CBP's management of mission assignments could be enhanced by (1) improving preparedness for future responses, (2) improving disaster response procurement and contract monitoring processes, (3) implementing accountable property policies and procedures at disaster field command locations, (4) providing FEMA with complete documentation to support reimbursable expenditures, and (5) improving the mission assignment reimbursement billing processes. Cumulatively, we questioned approximately $5 million of the $17.7 million in costs that CBP billed FEMA. This included $2.3 million for the cost of property reimbursed by FEMA but not returned, $2 million for unsupported expenditures, and $600,000 for expenditures that did not comply with the scope or duration of mission assignment terms. Our recommen- dations included implementing controls to record budget object codes correctly, enhanced training for accountable property officers, and developing procedures for reimbursement billings and specifying the supporting documentation required. (OIG-08-80, July 2008, EMO) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-80_JuI08.pdf Information Technology Management Letter for the FY 2007 U.S. Customs and Border Protection Financial Statement Audit (Redacted) We contracted with the independent public accounting firm KPMG LLP to audit the CBP consolidated balance sheet and related statements as of September 30, 2007 and 2006. As part of this review, KPMG LLP noted certain matters involving IT internal control and other operational matters and have documented their comments and recommendations in the IT Management Letter. The overall objective of our audit was to evaluate the effectiveness of IT general controls of CBP's financial processing environment and related IT infrastructure. KPMG LLP noted that CBP addressed many prior years of IT control weaknesses but that general control weaknesses still existed during FY 2007. The most significant weaknesses from a financial statement audit perspective related to access controls and service continuity. Collectively, the IT control weaknesses limit CBP's ability to ensure the confidentiality, integrity, and availability of critical financial and operational data. These weaknesses also negatively impact CBP's internal controls over its financial reporting and operation, and KPMG LLP considers them to collectively represent a material weakness under standards established by the AICPA. (OIG-08-50, May 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIGr_08-50_May08.pdf 34 April 1, 2008-September 30, 2008 Semiannual Report to the Congress INVESTIGATIONS Border Patrol Agent Sentenced for Distributing Marijuana from Government Vehicle We conducted an investigation of a Border Patrol Agent (BPA) who was distributing marijuana from his government vehicle while on duty. The BPA was charged with unlawful manufacture and distribu- tion of a controlled substance, pleaded guilty, and was sentenced to 6 months in prison and 4 months house arrest. Customs and Border Protection Officer Sentenced for Conspiracy to Smuggle Narcotics (Update 10/1/07-3/31/08 SAR) We conducted an investigation of a Customs and Border Protection Officer (CBPO) suspected of accepting bribes to allow illegal narcotics to be smuggled into the United States. We arrested the CBPO, who pleaded guilty to conspiracy to import a controlled substance, marijuana, exceeding 1,000 kilograms. The CBPO was sentenced to 240 months incarceration and 5 years supervised release and fined $2,000. He agreed to forfeit more than $5 million in U.S. currency, a vehicle, and assorted jewelry that were deemed to be fruit of the crime. Customs and Border Protection Officer Convicted of Alien Smuggling We conducted an investigation of a CBPO who assisted an undocumented alien to enter the United States through his inspection lane at a border crossing in Texas. The CBPO was arrested and pleaded guilty to aiding and abetting and alien smuggling. The CBPO was sentenced to 36 months of incarceration and 3 years of supervised release, and was ordered to pay a $5,000 fine. Customs and Border Protection Officer Arrested for Selling Travel Permits We investigated an allegation that a CBPO in Texas was selling Form 1-94, Arrival/Departure Records ("Travel Permits") to a document vendor, who in turn sold them to ineligible aliens. As a result of information obtained in our investigation, we enlisted the coopera- tion of a co-conspirator who was able to purchase 1-94 documents from the CBPO. The CBPO was arrested pursuant to a criminal complaint and was later convicted on charges of bribery of a public official. Our investigation has disclosed that the CBPO fraudulently issued more than 75 other travel permits, all of which we have been able to cancel or recover. Border Patrol Agent Arrested and Pled Guilty to Smuggling Illegal Aliens and Money Laundering Charges We arrested a BPA, two Mexican residents, and one Legal Permanent Resident alien after our investigation determined that from January 2005 to May 2008 they had conspired to smuggle more than 100 illegal aliens into the United States from Mexico. We substantiated that the BPA accepted bribes to facilitate the transport of undocumented aliens through the interior Border Patrol checkpoints in New Mexico. The BPA pleaded guilty to alien smuggling and money laundering charges. As part of his plea agreement, the BPA agreed to forfeit a house he owned in Texas, which the organization used as a safe house, and to pay approxi- mately $500,000 — the amount of proceeds derived from his criminal activity. Vehicle Rollover Death Investigation We conducted an investigation of an accident that resulted in the death of undocumented aliens who were traveling in a vehicle that was being pursued by BPAs. The driver of the vehicle failed to yield and ran over control tire deflation devices used by the BPAs, causing him to crash into an oncoming vehicle, which resulted in multiple deaths and injuries. The investigation cleared the BPAs from liability. The driver involved in the pursuit was found guilty of vehicular homicide and sentenced to 30 years to life and ordered to pay restitu- tion of $402,000. Customs and Border Protection Officer Sentenced on Bribery and Alien Smuggling Charges We conducted an investigation into an allegation that a CBPO was receiving bribes to smuggle illegal aliens through his security checkpoint at an airport port of entry. The CBPO was convicted by a jury of one count of bribery, one count of conspiracy to bring aliens into the United States for financial gain, and five counts of alien smuggling for financial gain. Our investigation resulted in the officer being sentenced in the Southern District of Florida to 6 1/2 years imprisonment and a $12,500 fine. 35 Semiannual Report to the Congress April 1, 2008-September30, 2008 Border Patrol Agent Sentenced to 70 Years on Bribery and Drug Conspiracy Charges (Update 10/1/07-3/31/08 SAR) We conducted an investigation into an allegation that a BPA was involved in narcotics smuggling. As a result of our investigation, the BPA was charged with two counts of bribery of a public official and one count of conspiracy to possess and distribute cocaine in excess of 500 grams. The BPA was sentenced in U.S. Federal Court to 70 years in prison after entering a guilty plea. Prior to imposing the sentence, the judge stated, "By any other name, this is treason." The BPA had fled to Mexico to avoid sentencing, but was located and formally extradited to the United States. In addition to the prison sentence, the BPA was ordered to serve 15 years of supervised release and pay a fine of $30,000. Border Patrol Agent Trainee Indicted for Impersonating a Border Patrol Agent and False Arrest We conducted an investigation of a BPA trainee who was suspected of impersonating a law enforce- ment officer. As a result of our findings, the BPA was indicted by a federal grand jury in New Mexico and charged with two counts of false impersonation as an officer of the United States and one count of false arrest by impersonator. Subject was terminated as a BPA trainee after being expelled from the Border Patrol academy. Border Patrol Agent Convicted for Lying About Hiding Drugs We investigated a BPA who pleaded guilty to making false statements or entries, following our investiga- tion into allegations that he was a drug smuggler. The investigation included an undercover operation in which the BPA failed to report a cocaine seizure and then hid the drugs for later sale. The BPA was indicted and resigned in May 2008. He subsequently pleaded guilty to making false statements and faces a maximum of 5 years in prison and a fine of up to $250,000. U.S. Customs and Border Protection Officer Sentenced for Lying During OIG Investigation We investigated a CBPO who was allegedly using a government communications system to track his girlfriend. The subject initially lied to investiga- tors, but eventually admitted using The Enforce- ment Communications System more than 100 times to monitor the passage of his girlfriend through a US.-Mexico border crossing. The CBPO resigned and pleaded guilty to lying to investigators. He was sentenced to 3 years probation and fined $100. U.S. Customs and Border Protection Officer Sentenced for Allowing the Importation of Marijuana in Exchange for Currency and Sexual Favors We conducted an investigation into an allegation that a CBPO assigned to a major northwest border port of entry was involved with smuggling marijuana. The investigation revealed that the CBPO accepted cash and sexual favors in return for allowing the introduc- tion of contraband into the United States, and aided and abetted in the importation of 100 or more kilograms of marijuana. The CBPO was indicted for importation of a controlled substance and bribery. The CBPO was convicted of bribery; was sentenced to 32 months confinement and 2 years supervised release; and paid a $100 special assessment. UNITED STATES IMMIGRATION AND CUSTOMS ENFORCEMENT MANAGEMENT REPORTS ICE Policies Related to Detainee Deaths and the Oversight of Immigration Detention Facilities Between January 1, 2005, and May 31, 2007, 33 immigration detainees died. We evaluated how ICE and its detention partners dealt with two cases where immigration detainees died in custody. In addition, we examined policies related to detainee deaths, medical standards, and other issues. Although there are compliance problems related to certain medical standards at various facilities, ICE adhered to important portions of the detainee death standard in the two cases that were the focus of this review. According to information received from clinical experts and our analysis, the two detainees' serious preexisting medical conditions led to their deaths. Although ICE's detention standards are comparable to those of other organizations, such as the American Correctional Association, we made 11 recommenda- 36 April 1, 2008-September 30, 2008 Semiannual Report to the Congress tions to improve the standards, strengthen ICE's oversight of facilities, and enhance clinical operations and detainee safety. (OIG-08-52, June 2008, ISP) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-52_Jun08.pdf U.S. Immigration and Customs Enforcement Visa Security Program Assigning experienced ICE special agents to Visa Security Units to review visa applications, initiate investigations, and provide advice and training to consular officers brings valuable law enforcement resources to overseas posts. Incorporating regular law enforcement screening and vetting of visa applicants into the visa process adds a layer of security to the Department of State consular visa adjudication process. ICE is improving its management of the program. For example, program officials developed a risk-based framework to prioritize program expansion and site selection. In addition, they developed automated tools to facilitate some program activities and limit manual data entry performed by agents. Program managers also constantly update the program's training course to keep up with changing trends and address participant suggestions. However, some program areas could be improved. We recommended that program managers enhance recording, monitoring, verifying, analyzing, and reporting of visa security activities in the current tracking system while developing a new tracking system. In addition, we recommended that program managers provide training and guidance to field personnel on new procedures and document the program's training course curriculum. ICE agreed with our findings and concurred with our recommendations. (OIG-08-79, July 2008, ISP) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-79Jul08.pdf Technical Security Evaluation of U.S. Immigration and Customs Enforcement Activities at the Cbet Holifield Federal Building (Redacted) We evaluated ICE activities at the Chet Holifield Federal Building located in Laguna Niguel, CA. Specifically, we addressed how ICE has implemented computer security operational, technical, and managerial controls for its IT assets at this site, and we recommended improvements to these controls. For example, management controls could be improved by implementing procedures to identify and disconnect unused telecommunications lines. Specifically, ICE could save $17,412 annually by disconnecting a nonoperational telecommunications line. We also identified 33 other active telecommunications lines whose ownership is unknown. Disconnecting these lines may result in a monthly cost savings of $160,220, or $1.9 million per year. Range of Potential Monthly Saving for 33 Unused Lines $300,000 ■ O) CO o .£ Q. CO $250,000 $200,000 $150,000 $100,000 $50,000 $0 $284,724 — $268,983»"^ - "^ $240,867 ^ $160,220^ $1 07,01 $98,340 $73,722,^ $47,883^»*'^ wr $1,451 $2,234 $2 980 $3,243 $4,855 37,299 *M51 »626 ICE CBP CIS ICE Average ICE CIS CBP Monthly Charges per Single Line Range of potential monthly savings for 33 unused lines We briefed the DHS Chief Information Security Officer and ICE on the results of our evaluation. We made 10 recommendations to improve IT security at this site. ICE concurred with our recommendations and is addressing the findings. (OIG-08-59, May 2008, ITA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIGr_08-59_May08.pdf Independent Review of the U.S. Immigration and Customs Enforcement's Reporting of FY 2007 Drug Control Obligations KPMG LLP, under contract with DHS OIG, issued an Independent Accountant's Report on the FY 2007 Drug Control Obligations for ICE. ICE's management prepared the Table of Drug Control Obligations and related disclosures to comply with the requirements of the ONDCP Circular, Drug Control Accounting, dated May 1, 2007. KPMG LLP did not find any reason to believe that the Table of Drug Control Obligations and related disclosures for the year ended September 37 Semiannual Report to the Congress April 1, 2008-September30, 2008 30, 2007, was not presented in all material respects, in conformity with the Circular, or that management's assertions were not fairly stated, in all material respects, based on the same criteria. KPMG LLP did not note any recommendations as a result of this review. (OIG-08-44, April 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-44_Apr08.pdf Independent Review of the U.S. Immigration and Customs Enforcement's Reporting of FY 2007 Drug Control Performance Summary KPMG LLP, under contract with DHS OIG, issued an Independent Accountant's Report on the FY 2007 Drug Control Performance Summary for ICE. ICE's Management prepared the Performance Summary and management's assertions to comply with the requirements of the ONDCP Circular, Drug Control Accounting, dated May 1, 2007. KPMG LLP did not find any reason to believe that the Performance Summary for the year ended September 30, 2007, were not presented in all material respects, in conformity with the Circular, or that management's assertions were not fairly stated, in all material respects, based on the criteria set forth in the Circular. KPMG LLP did not note any recommendations as a result of this review. (OIG-08-45, April 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-45_Apr08.pdf Review of U.S. Immigration and Customs Enforcement Detainee Telephone Services Contract The Assistant Secretary, ICE, requested an audit of the detainee telephone services contract to determine (1) services that ICE contracted for compared with services the contractor provided; (2) technical issues, including call routing, excess fees, call volume, connectivity rates, and telephone maintenance; and (3) the sale, use, and rates of debit calling cards. We could not determine the full extent of the contrac- tor's compliance with the terms and conditions of its contract with ICE because data elements required for a thorough analysis were not maintained. The contract did not provide for penalties for inadequate connectivity, excessive fees, or other improprieties. We summarized observations from our preliminary work and made three recommendations that will strengthen the detainee telephone services contract and management controls. Also, we began a followup audit to determine whether ICE information and communications management controls provide reasonable assurance that detainee telephone services are consistent with applicable standards and control provisions. (OIG-08-54, May 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-54_May08.pdf INVESTIGATIONS U.S. Immigration and Customs Enforcement Acting Field Director Pleads Guilty to Bribery Along With Private Immigration Attorney, Who Also Pleads Guilty to Marriage Fraud and Aiding and Abetting (Update 10/01/07-3/31/08 SAR) We opened an investigation on an Acting Field Office Director for ICE after receiving an allegation that he was accepting bribes and gratuities in exchange for arranging the release of ICE detainees. As a result of our investigation, we determined that a private immigration attorney was conspiring with the ICE employee to aid, abet, and counsel the commission of fraudulent marriages with illegal immigrants. The ICE employee pleaded guilty to bribery of a public official, conspiracy and misprision of felony. The private attorney in separate proceedings pleaded guilty to marriage fraud and aiding and abetting. U.S. Immigration and Customs Enforcement Immigration Enforcement Agent Pleaded Guilty to Providing False Statements We opened an investigation after receiving an allegation that an ICE Immigration Enforcement Agent (IEA) had received money for releasing illegal aliens from ICE custody. A warrant was issued and the subject was arrested, after which he assisted us by providing information that contributed to the indictment of one of his coworkers. As a result of this investigation, the IEA resigned his position with ICE and, as part of his plea agreement, he agreed to never seek another law enforcement position. The IEA pleaded guilty in the U.S. District Court to one 38 April 1, 2008-September 30, 2008 Semiannual Report to the Congress count of false statements in official writings and was sentenced to 2 years probation. U.S. Immigration and Customs Enforcement Immigration Enforcement Agent Sentenced on Sex Assault of Detainee We conducted an investigation into an allegation that a ICE IEA sexually assaulted a female detainee. The agent drove the female detainee to his residence where he sexually assaulted her before driving her to an intake facility. The agent was arrested following indictment on charges of aggravated sexual abuse, sexual abuse, sexual abuse of a ward, and possession of a firearm in further- ance of a crime of violence. As a result of our investiga- tion, the agent was convicted, sentenced to 87 months incarceration and 5 years probation, and must register as a sex offender following release. U.S. Immigration and Customs Enforcement Agent Guilty of Child Pornography We conducted an investigation that disclosed that a ICE agent purchased and stored more than 100 child pornography images on his personal computer. The ICE agent entered a guilty plea and was sentenced to 21 months of incarceration and 36 months of supervised release, fined $5,000, and given a special assessment of $100. The court also required the defendant to register as a sex offender and not to associate with anyone under 18 years of age. Contracting Officer and Two Owners of a Federal Protective Service Contract Guard Company Pleaded Guilty to Bribery Charges and Are Sentenced We conducted a joint investigation with other federal law enforcement agencies of a Federal Protective Service guard force contract administered by a General Services Administration (GSA) Contracting Officer who was suspected of accepting bribes from the owner of a contract guard company. As a result of our investigation, one of the guard company owners pleaded guilty to bribery, tax evasion, and interstate transportation of child pornography. He was sentenced to 48 months of confinement and 3 years of supervised release, ordered to pay $400,000 in restitution, and was given a $300 special assessment. A second owner was charged with a scheme to conceal material information and tax evasion, pleaded guilty, and was sentenced to 33 months of confinement and 3 years of supervised release; and paid a $200 special assessment, a fine of $10,000, and $290,360 in restitution. The GSA Contracting Officer was charged with bribery and tax evasion, pleaded guilty, and was sentenced to 60 months of confinement, 3 years of supervised release, $38,000 in restitution to the Internal Revenue Service, and $138,000 in forfeiture to the Department of Justice. MULTIPLE COMPONENTS MANAGEMENT REPORTS Management of Department of Homeland Security International Activities and Interests DHS has nearly 2,000 staff abroad based in 79 countries and a range of international activities that are managed out of domestic offices. At headquarters, the Office of International Affairs is the only office with a department-wide international focus covering all mission areas. The office has several key mandates, but for several years it was not able to address its responsi- bilities effectively because of staffing limitations. The office significantly increased its staff size, and it has begun to assume responsibilities including the develop- ment of regional engagement plans for different parts of the world. However, the office should also develop an international strategic plan and prepare guidance on training and technical assistance abroad. The office will require more support from component international affairs units and some authority over them to execute its responsibilities fully. DHS international efforts also require management attention in the field. In some locations, the department designated component staff to represent the department on a part-time basis; in others, it assigned full-time department attaches. Neither of these approaches has been completely successful, and we recommended actions to address their respective shortcomings. The department also must improve its systems for preparing, supporting, and redeploying international staff. (OIG-08-71, June 2008, ISP) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-71June08.pdf 39 Semiannual Report to the Congress April 1, 2008-September30, 2008 DHS Compliance with the Prohibition on Prepackaged News We reviewed how DHS headquarters and a selection of its components provide information to the public and, specifically, whether their activities include producing and distributing prepackaged news stories. The department does not produce prepackaged news stories for broadcast or distribution within the United States. Although there is currently no written policy or guidance within DHS, CBP, ICE, FEMA, TSA, or the U.S. Coast Guard regarding prepackaged news stories, the department committed to issuing written guidance on this policy following our review. (OIG-08-89, September 2008, ISP) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-89_Sep08.pdf Effectiveness of the Federal Trucking Industry Security Grant Program As required by the Implementing Recommenda- tions of the 9/11 Commission Act of 2007 (Public Law 110-53), we initiated the second of two reviews of the trucking industry security grant program. The program funds Highway Watch a , which was managed by the American Trucking Associations. In this report, we evaluated the performance, efficiency, and effective- ness of the program and evaluated the need for the program. Although the American Trucking Associa- tions reached enrollment targets of more than 800,000 members, security incident reporting has remained steady at less than 200 calls a month. Furthermore, to acquire the assistance of state trucking associations, the American Trucking Associations incurred costs that were not well documented. Therefore, we cannot say definitively whether the benefits achieved so far have been worth the costs. We made five recommenda- tions to improve the efficiency and effectiveness of the program, with which FEMA and TSA concurred. We made one recommendation to FEMA to validate the accuracy and eligibility of the expenditures reported by the grantee, with which it concurred. (OIG-08-100, September 2008, ISP) http://www.dhs.gov/ xoig/ r pts/ mgmt/ editorial_0334.shtm Challenges Remain in Executing Department of Homeland Security's Information Technology Program for Its Intelligence Systems (Unclassified Summary) We evaluated the security program and practices for DHS' Top Secret/Sensitive Compartmented Information information systems according to the annual FISMA requirements. We focused on the security program management, implementation, and system administration of the department's intelligence activities. Much progress has been made in establishing an enterprise-wide IT security program that supports the department's intelligence operations and assets. The Office of Intelligence and Analysis is taking an active role in the management and governance of the security for intelligence systems across the department. However, operational and procedural issues remain regarding the effectiveness of the implementation of the department's intelligence security program and system controls. Furthermore, DHS has not yet fully addressed the issues and recommendations we reported in FY 2006. Our FY 2007 recommendations included the need to issue formal guidance for the department's intelligence activities; establish an information systems security education, training, and awareness program for intelligence personnel; and address the system control issues identified during our review. (OIG-08-48, April 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-48_ApriI08.pdf Evaluation of DHS' Security Program and Practices for Intelligence Systems for FY 2008 We evaluated the security program and practices for DHS' Top Secret/Sensitive Compartmented Information information systems according to the annual FISMA requirements. We focused on the security program management, implementation, and system administration of the department's intelligence activities. The department continues to strengthen its security program for its intelligence systems. This is the department's first year reporting on USCG's FISMA compliance. Overall, the department has documented information security procedures and implemented controls, providing an effective level of security for 40 April 1, 2008-September 30, 2008 Semiannual Report to the Congress its intelligence systems. Operational issues remain regarding the effectiveness of the implementation of the department's intelligence security program and system controls. Our report to the Director of National Intelligence did not contain any recommendations. (OIG-08-87, August 2008, IT-A) http://www.dhs.gov/xoig/rpts/mgmt/ editorial_0334.shtm Acquisition Workforce Training and Qualifications We conducted an audit to determine the adequacy of internal controls to ensure compliance with applicable training and qualifications requirements for DHS' acquisition workforce. DHS, USCG, TSA, and CBP do not have complete, reliable information and related supporting documentation about their acquisi- tion personnel and their assignments. Without such information, the DHS has no assurance that qualified staffs are managing its acquisition. We made three recommendations to improve the department's ability to manage its acquisition workforce. (OIG-08-56, May 2008, OA) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-56_May08.pdf Review of Department of Homeland Security Controls for Portable Storage Devices We evaluated the use of portable storage devices at DHS. Our objective was to determine whether DHS has addressed the emerging security threat from the proliferation of portable storage devices. We also followed up DHS' response to OMB Memorandum 06-16 (M 06-16), Protection of Sensitive Agency Informa- tion, The policies developed by the department have not been implemented by the components. Specifi- cally, components do not have a centralized process to procure and distribute portable storage devices to ensure that only authorized devices that meet the technical requirements can connect to their systems. In addition, most components have not identified and do not maintain an inventory of authorized devices. Further, the devices sampled were not properly marked to protect their stored information. Finally, DHS has not implemented all M 06-16 controls, despite the fact that it has been 2 years since OMB's milestone elapsed. — I'M] Urivi »0i 131 Miic ifteJ JuapLUvc ForlrfikMuvH Portable Storage Devices Our recommendations included identifying and establishing an inventory of authorized devices; implementing controls to ensure that only authorized devices can connect to DHS systems; and performing discovery scans, at least annually, to identify unauthor- ized devices. Finally, DHS should devote additional resources to implement OMB-M-06-16 controls expeditiously. (OIG-08-95, September 2008, IT-A) http://www.dhs.gov/xoig/assets/mgmtrpts/ OIG_08-95_Sep08.pdf 41 OTHER OFFICE OF INSPECTOR GENERAL ACTIVITIES April 1, 2008-September 30, 2008 Semiannual Report to the Congress OVERSIGHT OF NONDEPARTMENTAL AUDITS We processed 12 single audit reports issued by other independent public accountant organizations. The audits were conducted according to the Single Audit Act of 1996, as amended by P.L. 104-136. We continue to monitor the actions taken to implement the recommendations in the reports. SUMMARY OF SIGNIFICANT REPORTS UNRESOLVED OVER 6 MONTHS Timely resolution of outstanding audit recommenda- tions continues to be a priority for both our office and the department. Defense Contract Audit Agency (DCAA) audits are now processed by DHS' Chief Procurement Officer's office. During this period, we transferred 13 DCAA audits having unresolved statuses for over 6 months to that office. As of this report date, we are responsible for monitoring 63 reports that contain recommendations that have been unresolved for more than 6 months. Management decisions have not been made for signifi- cant reports, as follows: 16 FEMA-related financial assistance disaster audits 20 Program management reports 27 Single audit reports 63 Total 43 LEGISLATIVE AND REGULATORY REVIEWS April 1, 2008-September 30, 2008 Semiannual Report to the Congress Section 4(a) of the Inspector General Act of 1978 requires the Inspector General to review existing and proposed legislation and regulations relating to DHS programs and operations and to make recommendations concerning their potential impact. Our comments and recommenda- tions focus on the impact of the proposed legisla- tion and regulations on economy and efficiency in administering DHS programs and operations or on the prevention and detection of fraud and abuse in DHS programs and operations. We also participate on the President's Council on Integrity and Efficiency, which provides a mechanism to comment on existing and proposed legislation and regulations that have government-wide impact. During this reporting period, we reviewed 69 legisla- tive and regulatory proposals, draft DHS policy directives, and other items. Two of these items are highlighted below. Proposed Amendments to the In3J)ed:or General A£t of 1978 — We reviewed OMB's letter expressing concerns about S. 2324, Inspector General Reform Act of 2008, Because we supported S. 2324, we disagreed with OMB's letter in most respects. In addition, we reviewed enrolled bill H.R. 928, also entitled Inspector General Reform Act of 2008, and recommended that the President sign the bill. Collection of Foreign Visitors' Biometric Data Upon Exit From U.S. Air and Sea Ports of Departure, United States Visitor and Immigrant Status Indicator Technology Program ("US'VISIT") — We commented on a draft final rule that proposed establishing an exit program at all U.S. air and sea ports of departure whereby foreign visitors would provide finger scans and other biometric data to commercial air and vessel carriers before departing the United States. DHS would receive the collected biometric data and match the alien traveler's entry and exit records to determine if the individual actually departed the United States. We expressed several concerns about the final rule's provisions. First, we noted that exit and entry records may not match or that entry records may not be located. As a result, we questioned the operational impact on CBP and ICE's ability to apprehend and detain aliens until such discrepancies are resolved. We questioned if pilot testing of biometric data collection processes considered the additional time needed before carriers could allow foreign travelers to board. We also raised concerns about security vulnerabilities because the rule did not apply to charters and other small air and vessel carriers for hire. Finally, we noted that the rule appeared to be an unfunded government mandate, with air carriers assuming the associated implementa- tion and operational costs. Therefore, we questioned if a financial impact analysis had been performed to assess air carriers' ability to assume these costs given that most are already in financial crisis. 45 CONGRESSIONAL TESTIMONY AND BRIEFINGS \11 6- 46 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Our Inspector General and senior managers testified five times before congressional committees and briefed various congres- sional committees during this period. Testimony prepared for these hearings may be accessed through our Web site at www.dhs.gov/oig. We testified on the following issues: ■ April 3, 2008: Senate Committee on Homeland Security and Governmental Affairs regarding FEMAs preparedness to address the next catastrophic disaster. (OIG-08-34 issued March 2008) April 10, 2008: House Committee on Transporta- tion and Infrastructure Subcommittee on Coast Guard and Maritime Transportation regarding the COSCO BUSAN and Marine Casualty Investiga- tion Program. (OIG-08-38 issued April 2008) May 20, 2008: House Committee on Transporta- tion and Infrastructure Subcommittee on Coast Guard and Maritime Transportation regarding the Coast Guard and National Transportation Safety Board Casualty Investigation Program. (OIG-08- 51 issued May 2008) June 5, 2008: House Committee on Foreign Affairs Subcommittee on International Organizations, Human Rights and Oversight joint hearing with House Committee on the Judiciary Subcommit- tee on the Constitution, Civil Rights and Civil Liberties regarding OIG-08-18, The Removal of a Canadian Citizen to Syria. (OIG-08-18 issued March 2008) September 17, 2008: House Committee on Home- land Security Subcommittee on Management, Investigations, and Oversight regarding Waste, Abuse, and Mismanagement of DHS Contracts. (OIG-06-18 issued December 2005, OIG-06-23 issued February 2006, OIG-08-56 issued May 2008, OIG-08-10 issued October 2007, and OIG- 08-88 issued August 2008) We briefed congressional members and their staff at a steady pace throughout the reporting period. Our office conducted 18 briefings for congressional staff on results of our work, including a review of TSAs management of aviation security activities, a review of the World Trade Center Captive Insurance Company, and a review of the TSAs efforts to proactively address employee concerns. Meetings to discuss other congres- sional concerns included TSA penetration testing, issues with Stafford Act amendments, and discussion of DHS management challenges. We sought and received thoughtful input from the department and our congressional oversight committees on our FY 2009 Annual Performance Plan to ensure that our stakeholders had an opportunity to participate in the development of the plan . We will continue to meet with congressional members and staff to discuss the final 2009 plan in the fall of 2008. Our Annual Performance Plan is the OIGs "roadmap" for audits and inspections that we plan to conduct each year to evaluate DHS programs and operations. 47 APPENDICES April 1, 2008-September 30, 2008 Semiannual Report to the Congress Appendix 1 Audit Reports With Questioned Costs Report Category Number Questioned Costs Unsupported Costs A. Reports pending management decision at the start of the reporting period 180 $505,720,253 iplol,/ f5,Uoo B. Reports issued/processed during the reporting period with questioned costs 20 $27,996,475 $8,272,263 Total Reports (A+B) 200 $533,716,728 $140,047,301 C. Reports for which a management decision was made during the reporting period 21 $112,263,908 $70,342,553 (1) Disallowed costs 15 $97,060,147 $69,898,911 (2) Accepted costs 6 $15,203,761 $443,642 D. Reports put into appeal status during period $0 $0 E. Reports pending a management decision at the end of the reporting period 179 $421,452,820 $69,704,748 F. Reports for which no management decision was made within 6 months of issuance 159 $393,456,345 $61,432,485 Notes and Explanations: Management Decision -Occurs when DHS management informs us of its intended action in response to a recommendation, and we determine that the proposed action is acceptable. Accepted Costs - Previously questioned costs accepted in a management decision as an allowable cost to a government program. Before acceptance, we must agree with the basis for the management decision. In Category C, lines (1) and (2) do not always equal the total on line C because resolution may result in values different from the original recommendations. Questioned Costs - Auditors commonly question costs arising from an alleged violation of a provision of a law, regulation, grant, cooperative agreement, or contract. A "questioned" cost is a finding in which the cost, at the time of the audit, is not supported by adequate documentation or is unreasonable or unallowable. A funding agency is responsible for making management decisions on questioned costs, including an evaluation of the findings and recommen- dations in an audit report. A management decision against the auditee would transform a questioned cost into a disallowed cost. Unsupported Costs - Costs that are not sup- ported by adequate documentation. 49 Semiannual Report to the Congress April 1, 2008-September30, 2008 Appendix 1b Audit Reports With Funds Put to Better Use Report Category Number Amount A. Reports pending management decision at the start of the reporting period 7 $65,508,708 B. Reports issued during the reporting period 1 $4,967,201 Total Reports (A+B) 8 $70,475,909 C. Reports for which a management decision was made during the reporting period. 8 $70,475,909 $65,508,708 1 $0 $4,967,201 2 (1) Value of recommendations of DCAA reports transferred to management 7 (2) Value of recommendations not agreed to by management (3) Value of deobligations agreed to by management 1 D. Reports put into the appeal status during the reporting period $0 E. Reports pending a management decision at the end of the reporting period. $0 F. Reports for which no management decision was made within 6 months of issuance $0 Notes and Explanations: In category C, lines (1) and (2) do not always equal the total on line C, because resolution may result in values greater than the original recommendations. Funds Put to Better Use - Audits can identify ways to improve the efficiency, effectiveness, and economy of programs, resulting in costs savings over the life of the program. Unlike questioned costs, the auditor recommends methods for making the most efficient use of federal dollars, such as reducing outlays, deobligating funds, or avoiding unnecessary expendi- tures. 1 This represents the value of recommendations for Defense Contract Agency Audits that we transferred to the department's Chief Procurement Officer. 2 As a result of costs that we questioned, FEMA deobligated $4.9 million in funding during our review of Hurricane Katrina Disaster Costs for Hancock County Port and Harbor Commission, under FEMA Disaster Number 1604-DR-MS, audit report #DA-08-09. 50 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Appendix 2 Compliance - Resolution of Reports and Recommendations MANAGEMENT DECISION IS PENDING 3/31/08: Reports open over 6 months 191 Recommendations open over 6 months 604 9/30/08: Reports open over 6 months 179 Recommendations open over 6 months 582 CURRENT INVENTORY Open reports at the beginning of the period 422 Reports issued this period 93 3 Reports closed this period 74 Open reports at the end of the period 441 ACTIVE RECOMMENDATIONS Open recommendations at the beginning of the period 1,894 Recommendations issued this period 715 Recommendations closed this period 464 Open recommendations at the end of the period 2,145 We are no longer processing Defense Contract Audit Agency audits effective April 1, 2008. This effort has been transferred to the Department's Chief Procurement Officer. 51 Semiannual Report to the Congress April 1, 2008-September30, 2008 Appendix 3 Management Reports Issued Report Number Date Issued Report Title Questioned Costs Unsupported Costs Funds Put to Better Use 1. OIG-08-35 4/08 Letter Report: DHS National Applications Office Privacy Stewardship (Redacted) $0 $0 $0 2. OIG-08-36 4/08 Management Letter for the FY 2007 DHS Financial Statement Audit $0 $0 $0 3. OIG-08-37 4/08 Technical Security Evaluation of U.S. Customs and Border Protection Activities at the Chet Holifield Federal Building (Redacted) $0 $0 $0 4. OIG-08-38 4/08 Allision of the M/V COSCO BUSAN with the San Francisco- Oakland Bay Bridge $0 $0 $0 5. OIG-08-39 4/08 Independent Review of the U.S. Customs and Border Protection's Reporting of FY 2007 Drug Control Obligations $0 $0 $0 6. OIG-08-40 4/08 Independent Review of the U.S. Customs and Border Protection's Reporting of FY 2007 Drug Control Performance Summary $0 $0 $0 7. OIG-08-41 4/08 Independent Review of the U.S. Customs and Border Protection's Management Assertions on the 2007 Drug Control Performance Summary $0 $0 $0 8. OIG-08-42 4/08 Independent Review of the U.S. Coast Guard's Reporting of FY 2007 Drug Control Obligations $0 $0 $0 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Appendix 3 Management Reports Issued (continued) Report Number Date Issued Report Title Questioned Costs Unsupported Costs Funds Put to Better Use 9. OIG-08-43 4/08 Independent Review of the U.S. Coast Guards' Reporting of FY 2007 Drug Control Performance Summary $0 $0 $0 10. OIG-08-44 4/08 Independent Review of the U.S. Immigration and Customs Enforcement's Reporting of FY 2007 Drug Control Obligations $0 $0 $0 11.OIG-08-45 4/08 Independent Review of the U.S. Immigration and Customs Enforcement's Reporting of FY 2007 Drug Control Performance Summary $0 $0 $0 12. OIG-08-46 4/08 u.o. ousioms ano t>oroer Protection's Procurement of Untrained Canines $0 $0 $0 13. OIG-08-47 5/08 Letter Report: Review of DHS' Financial Systems Consolidation Project $0 $0 $0 14. OIG-08-48 4/08 Challenges Remain in Executing the Department of Homeland Security's Information Technology Program for Its Intelligence Systems - Unclassified Summary $0 $0 $0 15. OIG-08-49 4/08 The Transportation Security Administration's National Deployment Force $0 $0 $0 53 Semiannual Report to the Congress April 1, 2008-September30, 2008 Appendix 3 Management Reports Issued (continued) Report Number Date Issued Report Title Questioned Costs Unsupported Costs Funds Put to Better Use 16. OIG-08-50 5/08 iiiiur iiidLicji i i uorii luiogy Management Letter for the FY 2007 Customs Border and Protection Financial Statement Audit (Redacted) $0 $0 $0 17. OIG-08-51 5/08 United States Coast Guard's Management of the Marine Casualty Investigations Program $0 $0 $0 18. OIG-08-52 6/08 ICE Policies Related to Detainee Deaths and the Oversight of Immigration Detention Facilities $0 $0 $0 19. OIG-08-53 5/08 Independent Auditor's Report on FLETC's FY 2007 Consolidated Financial Statements $0 $0 $0 20. OIG-08-54 5/08 Immigration and Customs Enforcement Detainee Telephone Services Contract $0 $0 $0 21.OIG-08-55 5/08 Interagency Agreement with U.S. Department of Housing and Urban Development for the Disaster Housing Assistance Program $0 $0 $0 22. OIG-08-56 5/08 Acquisition Workforce Training and Qualifications $0 $0 $0 23. OIG-08-57 5/08 Independent Auditor's Report on TSA's FY 2007 Balance Sheet $0 $0 $0 54 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Appendix 3 Management Reports Issued (continued) Report Number Date Issued Questioned Costs Unsupported Costs Funds Put to Better Use 24. OIG-08-58 5/08 Lessons Learned from the August n, zuu/, i\ietworK Outaqe at Los Angeles International Airport (Redacted) $0 $0 $0 25. OIG-08-59 5/08 Technical Security Evaluation of U.S. Immigration and Customs Enforcement Activities at the Chet Holifield Federal Building (Redacted) $0 $0 $0 26 OIG-08-60 m V/IVi^ \J\J \J\J 5/08 Logistics Information Systems Need to be Strengthened at the Federal Emergency Management Agency $0 $0 $0 27. OIG-08-61 5/08 DHS Must Address Internet Protocol Version 6 Challenges $0 $0 $0 28. OIG-08-62 5/08 Transportation Security Administration's Efforts to Proactively Address Employee Concerns $0 $0 $0 29. OIG-08-63 6/08 Uno OOI 1 ipUl 1UML rial lo Ul Action and Milestones for Financial System Security $0 $0 $0 30. OIG-08-64 6/08 Additional Controls Can Enhance the Security of the Automated Commercial Environment System (Redacted) $0 $0 $0 31.OIG-08-65 6/08 Targeting of Cargo Containers 2008: Review of CBP's Cargo Enforcement Reporting and Tracking System $0 $0 $0 55 Semiannual Report to the Congress April 1, 2008-September30, 2008 Appendix 3 Management Reports Issued (continued) Report Number Date Issued Questioned Costs Unsupported Costs Funds Put to Better Use 32. OIG-08-66 6/08 TSA's Administration and Coordination of Mass Transit Security Program $0 $0 $0 66. Ulo-Uo-o7 b/Oo Transportation Security Administration Single Source (Noncompetitive) Procurements IpU $0 CfcU 34. OIG-08-68 6/08 Information Technology Management Letter for the FEMA Component of the FY 2007 DHS Financial Statement Auaii (neaacieu) $0 $0 $0 35. OIG-08-69 6/08 Information Technology Management Letter for the unixea oiaies ooasi ouaru Component of the FY 2007 DHS Financial Statement Audit (Redacted) $0 $0 $0 36. OIG-08-70 6/08 Information Technology ivianagemeni LeTieriorine ri 2007 Federal Law Enforcement Training Center Financial Statement Audit (Redacted) $0 $0 $0 37. OIG-08-71 6/08 Management of Department of Homeland Security International Activities and Interests $0 $0 $0 38. OIG-08-72 6/08 Information Technology Management Letter for the FY 2007 Transportation Security Administration Balance Sheet Audit (Redacted) $0 $0 $0 39. OIG-08-73 7/08 Independent Auditor's Report on U.S. Coast Guard's FY 2008 Mission Action Plans $0 $0 $0 56 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Appendix 3 Management Reports Issued (continued) Report Number Date Issued Questioned Costs Unsupported Costs Funds Put to Better Use 40. OIG-08-74 7/08 Independent Auditor's Report on TSA's FY 2008 Mission Action Plans $0 $0 $0 41.OIG-08-75 7/08 Independent Auditor's Report on FEMA's FY 2008 Mission Action Plans $0 $0 $0 42. OIG-08-76 7/08 Independent Auditor's Report on OFM's FY 2008 Mission Action Plans $0 $0 $0 4"? OIG-08-77 Information Technology Management Letter for the FY 2007 DHS Financial Statement (Redacted) "fin 44. OIG-08-79 4 7/08 U.S. Immigration and Customs Enforcement Visa Security Program $0 $0 $0 45. OIG-08-80 7/08 U.S. Customs and Border Protection's Management of 2005 Gulf Coast Hurricanes Mission Assignment Funding $4,952,052 $2,040,092 $0 46. OIG-08-81 7/08 Hurricane Katrina Multitier Contracts $625,225 $0 $0 47. OIG-08-82 8/08 Enhanced Configuration Controls and Management Policies Can Improve USCG Network Security (Redacted) $0 $0 $0 4 Report number OIG-08-78 was not used. 57 Semiannual Report to the Congress April 1, 2008-September30, 2008 Appendix 3 Management Reports Issued (continued) Report Number Date Issued Report Title Questioned Costs Unsupported Costs Funds Put to Better Use 48. OIG-08-83 8/08 The State of Utah's Management of State Homeland Security Grants Awarded During Fiscal Years 2004 through 2006 $0 $0 $0 49. OIG-08-84 8/08 Assistance to Firefighters Grant Program - Fiscal Year 2003 $94,793 $15,863 $0 50. OIG-08-85 8/08 The Science and Technology Directorate's Processes for Selecting and Managing Research and Development Programs $0 $0 $0 51. OIG-08-86 8/08 Costs Incurred for Rejected Temporary Housing Sites $0 $0 $0 52. OIG-08-87 08/08 Evaluation of DHS' Security Program and Practices For Its Intelligence Systems for Fiscal Year 2008 (Unclassified Summary) $0 $0 $0 53. OIG-08-88 8/08 Hurricane Katrina Temporary Housing Technical Assistance Contracts $0 $0 $0 54. OIG-08-89 9/08 Letter Report: DHS Compliance with Prepackaged News Prohibition $0 $0 $0 55. OIG-08-90 9/08 TSA's Management of Aviation Security Activities at Jackson- Evers International and Other Selected Airports (Unclassified Summary) $0 $0 $0 58 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Appendix 3 Management Reports Issued (continued) Report Number Date Issued Report Title Questioned Costs Unsupported Costs Funds Put to Better Use 56. OIG-08-91 9/08 Progress Made in Strengthening DHS Information Technology Management, But Challenges Remain $0 $0 $0 57 OIG-08-92 9/08 Transportation Security Administration's Controls over SIDA Badges, Uniforms, and Identification Cards (Redacted) $0 $0 $0 58. OIG-08-93 9/08 FEMAs Sheltering and Transitional Housing Activities After Hurricane Katrina $0 $0 $0 59. OIG-08-94 9/08 Evaluation of DHS' Information Security Program for Fiscal Year 2008 $0 $0 $0 60. OIG-08-95 9/08 Review of DHS Security Controls for Portable Storage Devices $0 $0 $0 61.OIG-08-96 9/08 FEMAs Crisis Counseling Assistance and Training Program: State of Florida's Project H.O.P.E. $0 $0 $0 62. OIG-08-97 9/08 Hurricane Katrina: Wind Versus Flood Issues $0 $0 $0 63. OIG-08-98 9/08 The State of Washington's Management of State Homeland Security Grants Awarded During Fiscal Years 2004 through 2006 $0 $0 $0 Semiannual Report to the Congress April 1, 2008-September30, 2008 Appendix 3 Management Reports Issued (continued) Report Number Date Issued Report Title Questioned Costs Unsupported Costs Funds Put to Better Use 64. OIG-08-99 9/08 The State of Arizona's Management of State Homeland Security Grants Awarded During Fiscal Years 2004 through 2006 $0 $0 $0 65. OIG-08-100 9/08 Effectiveness of the Federal Trucking Industry Security Grant Program $0 $0 $0 Total, Appendix 3 $5,672,070 $2,055,955 $0 60 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Appendix 4 Financial Assistance Audit Reports Issued Report Number Date Issued Auditee Questioned Costs Unsupported Costs Funds Put to Better Use 1. DA-08-06 6/08 Review of Coast Electrical Power Association $1,250,705 $0 $0 2. DA-08-07 —7 /no 7/08 Hurricane Georges Activities for Puerto Rico Aqueduct and Sewer Authority $1,629,730 $0 $0 3. DA-08-08 7/08 Audit of Hurricane Katrina Activities for City of Waveland, Mississippi $1,020,156 $0 $0 4. DA-08-09 8/08 Hurricane Katrina Disaster Costs for Hancock County Port and Harbor Commission $5,019,617 $0 $4,967,201 5. DA-08-10 8/08 Hurricane Katrina Activities for Hancock County Medical Center $2,163,694 $0 $0 6. DA-08-11 9/08 Hurricane Katrina Activities for Singing River Electric Power Association $223,454 $0 $0 7. DD-08-02 9/08 Lafayette Parish Sheltering and Emergency Protective Measures $3,448,987 $0 $0 8. DS-08-04 7/08 San Bernardino County, California $1,485,435 $1,335,075 $0 9. DS-08-05 9/08 State of Oregon's Administration of the Fire Management Assistance Grant Program for the Bland Mountain #2 Fire $453,977 $0 $0 10. DS-08-06 9/08 State of Arizona's Administration of the Fire Management Assistance Grant Program for the Aspen Fire $20,124 $20,124 $0 11. DS-08-07 9/08 State of Montana's Administration of the Fire Management Assistance Grant Program for the Hobble Fire $5,189 $5,189 $0 61 Semiannual Report to the Congress April 1, 2008-September30, 2008 Appendix 4 Financial Assistance Audit Reports Issued (continued) Report Number Date Issued Auditee Questioned Costs Unsupported Costs Funds Put to Better Use 12. DS-08-08 9/08 State of California's Administration of the Fire Management Assistance Grant for the Canyon Fire $409,208 $22,635 $0 13. DS-08-09 9/08 State of Washington's Administration of the Fire Management Assistance Grant Program for the Middle Fork Fire $379,491 $379,491 $0 14. DS-08-10 9/08 State of New Mexico's Administration of the Fire Management Assistance Grant Program for the Atrisco Fire $815,795 $815,795 $0 15. DS-08-11 9/08 State of California's Administration of the Fire Management Assistance Grant Program for the Pine Fire $3,021,538 $2,660,694 $0 16. DS-08-12 9/08 State of Montana's Administration of the Fire Management Assistance Grant Program for the Missoula/ Mineral Fire Zone $974,680 $974,680 $0 Subtotal, Disaster Grant Assistance Audits $22,321,780 $6,213,683 $4,967,201 17. OIG-S-23-08 9/08 State of Pennsylvania 05 $2,625 $2,625 $0 Subtotal, Single Audits $2,625 $2,625 $0 Total, Appendix 4 $22,324,405 $6,216,308 $4,967,201 Notes and Explanations: Appendix 4 includes 1 of the 12 single audit reports processed during this reporting period. This is the only single audit report that disclosed questioned costs. DA Disaster Audit, Atlanta Office DD Disaster Audit, Dallas Office DS Disaster Audit, Oakland Office OIG-S Single audit report, Headquarters Report Number Acronyms: 62 April 1, 2008-September 30, 2008 Semiannual Report to the Congress Appendix 5 Schedule of Amounts Due and Recovered Report Number Date Issued Auditee Amount Due Recovered Costs 1. DD-01-04 10/03 Minnkota Power Cooperative $473,248 $3,870 2. DD-02-04 10/03 City of Hoisington, KS $7,208 $4,592 11 /nfi St. Bernard Parish Debris Removal