Week 7 - Homeland Security

 

   

Fiscal Year 2016

Annual Performance Plan

A Messagefrom the Inspector General

This past fiscal year, the talented staff in the Office of Inspector General (OIG) continued to foster positive change in the Dep artment of Homeland Security's (DHS) programs and operations. In the upcoming fiscal year (FY), we will continue our work to help the Department accomplish its mission effectively and efficiently. We add value to the Department by shining an objective and independent light on the Department's programs and operations and recommending needed improvements.

This year, we will continue to innovate our way of doing business,

including using non-traditional products, such as:

• Management advisories, which focus on significant issues needing

immediate management attention, such as an advisory we issued in

April 2015 about maintenance problems with an alarm system at the residence of a former President, or where we see problems

because D HS' actions did not meet the intent of our

recommendations or address the identified issues.

• Verification reviews, which look at recommendations DHS has

addressed, and we have closed, to determine whether the

Department's actions actually fixed identified problems, such as a

review we recently completed looking at DHS' progress in achieving

interoperable radio communications.

• Investigations, conducted in an abbreviated timeframe, of activities and incidents involving matters of public interest, such as the Border Patrol's handling of the flux of unaccompanied alien children in the summer of 2014 or the conduct of two Secret Service special agents at the White House perimeter in March of this year.

• Life cycle audits, in which we proactively audit Department grants

before a significant amount of money is spent, to try to prevent

improper expenditures.

We have other planned programs as well. The President's FY 2016 budget will provide OIG with specialized resources to focus on acquisition management. Given that, in FY 2014, DHS spent more than $25 billion on contractual services and supplies and acquisition of assets, it is imperative that we concentrate resources on this inherently complex, high-risk area. The President's budget also creates a welcome enhancement in our Office of Inspections and Evaluations, which will allow us to respond to matters of importance to Congress and other stakeholders in a timely manner.

This fiscal year, we will also assume responsibility from the Recovery Accountability and Transparency Board for analyzing Disaster Relief Fund data. We plan to use this data to identify indicators of fraud, waste, and abuse, as well as conduct risk modeling to help identify future audit areas.

For additional information about this plan or the resulting work, please contact our Office of Public Affairs at DHS­ [email protected] or follow us on Twitter, @dhsoig.

John Roth Inspector General

2

 

 

Our Mission ...................................................................................... 4

Our Planning Approach ..................................................................... 4

Fiscal Year 2016 Projects ................................................................. 5

Preventing Terrorism and Enhancing Security .......................................... 6

Enforcing and Administering Our Immigration Laws ................................ 9

Securing and Managing Our Borders...................................................... 11

Strengthening National Preparedness and Resilience to Disasters .......... 13

Safeguarding and Securing Cyberspace.................................................. 19

Promoting Management Stewardship ..................................................... 22

Promoting Program Integrity .................................................................. 28

OIG Contacts .......................................................................................... 32

Appendix –Abbreviations......................................................................... 33

Table of Contents

3

 

   

Our Mission

As an agent of change, the Department of Homeland Security (DHS) Office of Inspector General (OIG) detects and eliminates fraud, waste, and abuse; identifies risk areas; and recommends corrective actions for Department management to implement. DHS OIG was established through the Homeland Security Act of 2002 by amendment to the Inspector General Act of 1978 and proudly serves the men and women of the Department and its Secretary, the President, Congress, and the American people. Our unified, coordinated program of independent and objective audits, inspections, evaluations, and investigations helps the Department fulfill its vital mission to secure our Nation and safeguard its people.

We convey to the Department and its stakeholders impartial, timely information about the performance of programs and operations, and we objectively assess emerging concerns. Our recommendations are designed to promote good governance, informed decision making, and accountability.

Our Planning Approach

In planning our work for FY 2016, we continued to prioritize helping the Department achieve its critical missions and ensuring the proper stewardship and integrity of Department programs and resources. We will also conduct legislatively mandated work and requested reviews to address the concerns of Congress, the Department, and our other stakeholders.

We are committed to delivering relevant, accurate, timely, and high quality products and services that identify the best use of taxpayer dollars. To accomplish this, we will conduct integrated audits, inspections, evaluations, and investigations focused on high-risk and high-impact, vulnerable programs and activities. We will align our work with the Department’s five missions: (1) preventing terrorism and enhancing security, (2) enforcing and administering immigration laws, (3) securing and managing our borders, (4) ensuring preparedness and resilience to disasters, and (5) safeguarding and securing cyberspace. We will also initiate work to improve management stewardship and program integrity. This fiscal year, we also plan to review acquisition management, expand our data analytics, conduct verification reviews of prior recommendations, and issue management advisories as necessary. Our investigators will continue their efforts to ensure the integrity of DHS employees and programs.

4

 

   

                                                       

 

Fiscal Year 2016 Projects

Our FY 2016 projects and the resulting reports should help the Department assess its progress toward achieving its stated missions as outlined in The Quadrennial Homeland Security Review1 (QHSR) issued in June 2014, and improve the overall management and integrity of Department programs and operations.

In the following project charts, our planned work is organized by QHSR mission area and two additional areas: management stewardship and program integrity. Projects fall into two groups: New or In-Progress. New projects are those we plan to begin in FY 2016. In-Progress projects are ongoing projects we began in a prior fiscal year and will continue in FY 2016. For each project, we identify the DHS component or directorate we will review. The Office of Investigations does not list projects in the charts; it conducts investigations at DHS components throughout the year.

Although we intend to conduct every project in our FY 2016 plan, we may have to set aside some of our planned work to address emerging issues and changing circumstances at the Department.

1 The Department’s 2014 QHSR provides strategic guidance and sets priorities for homeland security over the next 4 years based on risk and charts a path for addressing emerging threats and hazards. The 2014 QHSR is the Department’s second effort; the first QHSR was issued on February 1, 2010.

5

 

 

Preventing Terrorism and Enhancing Security

According to the Department’s 2014 QHSR, the terrorist threat has changed since the attacks of September 11, 2001. This remains true, as we have witnessed in the past year. Organized radical extremist groups repeatedly seek to recruit members and export terrorism to the United States. We have also seen domestic “lone offenders” and those inspired by extremist ideologies commit terrorist acts. These threats are difficult to detect. In countering terrorism, DHS focuses on preventing attacks; preventing unauthorized acquisition, importation, movement, or use of chemical, biological, radiological, and nuclear materials and capabilities in the United States; and reducing the vulnerability of critical infrastructure and key resources, essential leadership, and major events to terrorist attacks and other hazards. OIG will seek to determine how efficiently and effectively the Department is working to counter these emerging threats. Our work will include a review of the Federal Air Marshal Service’s management of its resources and a review of the effectiveness of TSA’s carry-on baggage screening technologies and checkpoint screener performance.

Project Title Objective(s) Component

or Directorate

New Federal Air Marshal Service’s Oversight of Civil Aviation Security

Determine whether the Federal Air Marshal Service adequately manages its resources to detect, deter, and defeat threats to the civil aviation system.

TSA

TSA Carry-On Baggage Penetration Testing

Determine the effectiveness of TSA’s carry- on baggage screening technologies and checkpoint screener performance in identifying and resolving potential security threats at airport security checkpoints.

TSA

Secret Service Information Technology (IT) Integration and Transformation

Determine the extent to which the Secret Service’s IT Integration and Transformation effort supports its investigative and protective missions, goals, and objectives.

Secret Service

DHS’ Use of Big Data and Predictive Analytics

Identify DHS’ current initiatives to leverage Big Data and use predictive analytics to improve Department functions; determine DHS’ future plans to leverage Big Data and to use predictive analytics.

Multiple Components

6

 

 

Project Title

Airport Security Capping Report

Objective(s)

Synthesize the results of our airport security evaluations into a capping report that groups and summarizes identified weaknesses and root causes and recommends how TSA can systematically and proactively address these issues at airports nationwide.

Component or

Directorate TSA

Reducing Over- classification of DHS’ National Security Information

Determine whether applicable and appropriate classification policies, procedures, rules, and regulations have been adopted, followed, and administered effectively.

Multiple Components

TSA’s Classification Program

Determine whether TSA is effectively managing its classification program and its use of the Sensitive Security Information designation.

TSA

TSA’s Office of Intelligence and Analysis

Determine whether TSA’s Office of Intelligence and Analysis is effectively meeting its mission mandates.

TSA

In-Progress TSA Security Vetting of Passenger Rail Reservation Systems

Determine the extent to which TSA has policies, processes, and oversight measures to improve security at the National Railroad Passenger Corporation (AMTRAK).

TSA

U.S. Secret Service Radio Communications

Determine the adequacy of the Secret Service’s radio communications program.

Secret Service

Reliability of TWIC Background Check Process

Determine whether the screening process for the Transportation Worker Identification Credential program (TWIC) is operating effectively and whether the program's continued eligibility processes ensure that only eligible TWIC card holders remain eligible.

Coast Guard, TSA

TSA’s Security Technology Integrated Program (STIP)

Determine whether TSA has incorporated adequate IT security controls for passenger and baggage screening STIP equipment to ensure it is performing as required.

TSA

7

 

 

Project Title Objective(s) Component

or Directorate

Secret Service Actions Related to Three Security Breaches

Determine the cause for each incident; whether the Secret Service followed its own security plans and policies; what actions were taken to correct deficiencies, and whether these corrections were adequate.

Secret Service

Joint Review on Domestic Sharing of Counterterrorism Information

Determine (1) how DHS component representatives contribute to the counterterrorism mission of field-based entities, such as fusion centers; (2) the requirements DHS places on fusion centers receiving funding for counterterrorism activities; (3) DHS' process for sharing counterterrorism information with field-based entities; (4) how DHS components receive and process counterterrorism information from field- based entities; and (5) how DHS ensures proper safeguarding of its shared counterterrorism information with field- based entities.

DHS

TSA’s Controls Over Access Media Badges

Identify and test selected controls over access media badges issued by airport operators.

TSA

8

 

 

Enforcing and Administering Our Immigration Laws

DHS and its components coordinate and work with Federal, state, and local partners to prevent dangerous individuals from entering and remaining in the United States. DHS and its components also enforce immigration laws to ensure that only those who are eligible receive immigration benefits. For those seeking immigration benefits, the Department must administer immigration laws equitably and promptly and focus on providing more efficient and timely services to immigrants. These efforts will help reduce illegal immigration and residence in the United States. OIG will conduct work to determine the effectiveness of the Department’s efforts to strengthen immigration enforcement, provide timely and effective services, and administer and manage immigration benefits. For example, OIG will assess whether DHS properly screens aliens from specially designated countries, has adequate controls over approvals under Deferred Action for Childhood Arrivals, and appropriately segregates detained aliens.

Project Title Objective(s) Component

or Directorate

New Immigration and Custom Enforcement’s (ICE) Screening of Aliens from Specially Designated Countries

Determine whether ICE ensures the proper screening of aliens from specially designated countries.

ICE

ICE Detention Center Contracts

Determine whether the Department and ICE effectively solicited, awarded, and managed detention center contracts according to the Federal Acquisition Regulation, departmental contracts, and procurement guidance.

ICE

U.S. Citizenship and Immigration Services (USCIS) Fraud Risk Framework

Determine whether USCIS has an adequate fraud risk framework and is using it to develop and adjust its fraud risk strategy.

USCIS

9

 

 

Project Title Objective(s) Component

or Directorate

Controls Over USCIS Approval of Deferred Action for Childhood Arrivals (DACA)

Review controls over the DACA approval process and conduct data analysis and other tests to determine whether DACA applicants met the requirements. Specifically, assess the reliability of supporting documentation USCIS uses to adjudicate DACA cases.

USCIS

Systematic Alien Verification for Entitlements (SAVE) Program

Assess USCIS' progress in implementing OIG recommendations for ensuring the use of up-to-date information to verify the status of deportable aliens under the SAVE program.

USCIS

ICE’s Oversight of Contracted Detention Centers

Determine the effectiveness of ICE’s oversight of contracted detention centers.

ICE

ICE’s Oversight of Aliens Held in Segregation

Determine whether ICE is overusing segregation for detainees, particularly for mentally ill detainees.

ICE

In-Progress USCIS Progress in Implementing Online Processing Using Electronic Immigration System

Assess the effectiveness of USCIS' plans for automated processing of immigration benefit claims.

USCIS

Potential for Greater Revenue from H2B Visas

Evaluate the extent to which additional revenues can be generated, assess USCIS’ methodology to set a base fee for H2B visas, and determine whether the fee adequately covers the cost to adjudicate these applications.

USCIS

Use of ICE/USCIS Data to Identify Potential Human Trafficking Victims

Determine whether there is evidence that individuals charged or convicted of human trafficking used legal means to bring potential victims into the United States; identify whether improvements in data quality can help identify potential victims; and determine whether better coordination between ICE and USCIS could help identify additional human trafficking victims.

ICE, USCIS

10

 

 

Securing and Managing Our Borders

The Department must protect the Nation’s borders by excluding terrorists, preventing human and drug trafficking, and countering other threats to our national security, economic security, and public safety. DHS needs to respond quickly and adapt to evolving trends in illegal border crossings. DHS’ border management focuses on securing all points of entry, safeguarding and streamlining lawful trade and travel, and disrupting and dismantling transnational criminal and terrorist organizations. OIG will continue to assess whether DHS and its partners are securing and managing the flow of people and goods to minimize risk and ensure economic prosperity. We plan to review whether U.S. Customs and Border Protection (CBP) effectively monitors all passengers and cargo leaving the United States for illegal cash smuggling, as well as CBP’s compliance with procedures related to hold rooms and short-term custody. We will also review historical border metrics to identify issues and recommend improvements to these metrics and measurements.

Project Objective(s) Component

or Directorate

New CBP’s Controls Over Monetary Smuggling

Determine whether CBP effectively monitors all passengers and cargo leaving the United States for illegal cash smuggling.

CBP

CBP International Mail Screening

Determine whether CBP’s process for screening international mail adequately mitigates safety and security risk to the public.

CBP

CBP’s Use of Hold Rooms and Short-term Custody

Determine whether CBP complies with policies and procedures related to hold rooms and short-term custody of aliens.

CBP

Border Security Metrics

Conduct a metastudy on historical border metrics and data to identify issues and recommend improvements to border metrics and measurements.

ICE

CBP’s Risk Based Strategy

Determine whether CBP’s Border Patrol has effectively implemented its risk-based strategy.

CBP

11

 

 

Project Objective(s) Component

or Directorate

In-Progress Controls Over Approval of Global Entry Applications

Determine the systems CBP uses to screen Global Entry applicants and the accuracy and completeness of screening data; and whether and how new derogatory information or evidence of wrongdoing is used to identify potential new threats and actions taken to address these threats.

CBP

DHS Drug Interdiction Efforts

Determine the extent to which DHS is executing its responsibilities under the National Drug Control Strategy.

DHS

Operational Readiness of Border Patrol’s Special Operations Groups

Determine the effectiveness of CBP's Special Operations Groups in accomplishing its mission.

CBP

CBP’s Criminal Investigative Authority

Determine whether CBP has an effective process for determining the required number of criminal investigators needed to accomplish its mission.

CBP

CBP’s Forward Operating Bases on the Southwest Border

Determine whether Forward Operating Bases provide adequate living conditions, security, and safety for CBP employees.

CBP

12

 

 

 

Strengthening National Preparedness and Resilience to Disasters

Every year, natural disasters put millions of Americans in danger and destroy billions of dollars’ worth of property. The Federal Emergency Management Agency (FEMA) must work with Federal, state, local, tribal, and private sector partners to prevent, prepare for, and respond to natural and manmade disasters. Since Hurricane Katrina, FEMA has taken steps to improve disaster planning, but disaster assistance is inherently high risk. In the last 5 years, FEMA provided about $10 billion annually in assistance to state and local governments and to those affected by disasters. Since 2009, FEMA has also provided about $5.5 billion in preparedness grants.

In FY 2016, OIG will continue our proactive audit approach focused on mitigating the risks of improperly spending Federal tax dollars. We will audit FEMA’s initial response to presidentially declared disasters, community grantees’ capacity to carry out grant-related responsibilities, and early community compliance with Disaster Relief Fund spending requirements. We will review FEMA’s efforts to improve its grant management and to more efficiently carry out its many missions. To aid us in these efforts, the Office of Information Technology Audits’ (ITA) Data Analytics and Support Division will assume responsibility for analyzing and researching Disaster Relief Fund data, which was previously done by the Recovery Accountability and Transparency Board, which sunset on September 30, 2015. Using specialized tools and technology, staff will analyze and research data from various sources seeking indicators of fraud, waste, and abuse.

Project Title Objective(s) Component or Directorate

New

FEMA’s Initial Response to Presidentially Declared Disasters

Determine the effectiveness of FEMA’s initial response to presidentially declared disasters. (About six audits.)

FEMA

A Community’s Capacity to Effectively Manage FEMA Disaster Grant Funding

Determine whether grantees and subgrantees need additional FEMA and/or state monitoring and technical assistance to account for and expend FEMA disaster grant funds according to Federal requirements. (About 20 audits.)

FEMA

13

 

 

Early Warnings – A Community’s Initial Compliance with Federal Financial and Procurement Requirements for Disaster Grant Funding

Early in the disaster recovery/rebuilding phase, determine whether grantees and subgrantees are accounting for and expending FEMA disaster grant funds according to Federal requirements and give them the opportunity to correct or minimize the financial impact of noncompliance. (About 20 audits.)

FEMA

State Disaster Grant Management and Administrative Costs Charged to the Disaster Relief Fund

Determine the amount of funding states receive to manage and administer Disaster Relief Fund grants; whether management and administration costs comply with Federal regulations; and whether FEMA is properly accounting for and reporting those costs. (About four audits.)

FEMA

FEMA’s Procedures to Ensure Compliance with Requirements to Obtain and Maintain Insurance

Determine the effectiveness of FEMA’s procedures to ensure disaster grant recipients obtain and maintain required amounts of insurance for future damages.

FEMA

FEMA's Reimbursement of New York City's Hotel Essential Sheltering Program Expenses

Determine whether expenses, submitted by the State of New York to FEMA for reimbursement, from New York City's Hotel Essential Sheltering Program hotels are eligible, reasonable, and valid.

FEMA

Emergency Assistance FEMA Provided to New York City for Commercial Properties Following Hurricane Sandy

Determine the extent to which FEMA has properly recovered its costs for emergency assistance to commercial properties and accounted for government-furnished property.

FEMA

FEMA Disaster Management and Stafford Act Implementation

Determine whether FEMA is developing a long-term strategy to improve its implementation of Stafford Act provisions.

FEMA

Assessment of the Section 428 Public Assistance Alternative

Determine the overall effectiveness of the alternative procedures program, including whether the program helps improve the speed of disaster

FEMA

14

 

 

Procedures Program recovery, the accuracy of the cost estimates, the effectiveness of the financial incentives and disincentives, and the effectiveness of independent expert panels. As mandated, the report will contain recommendations concerning the continuation and/or changes to improve the alternative procedures program.

FEMA Flood Mapping Contracts

Determine whether FEMA effectively solicited, awarded, and managed flood mapping contracts in accordance with the Federal Acquisition Regulation and departmental policies.

FEMA

National Flood Insurance Program: Write Your Own Program Payments and Receipts

Determine the adequacy of FEMA's oversight over the expenses paid and income received by individual insurance companies that participate in the Write Your Own Flood Insurance program.

FEMA

National Security Grants’ Effectiveness in Improving the Nation’s Ability to Respond to a Major Disaster

Determine whether National Preparedness Grants have improved the Nation’s preparedness to respond to a major disaster.

FEMA

Texas and New Mexico Management of State Homeland Security Program and Urban Areas Security Initiative Grants

Determine whether selected states distributed, administered, and spent Homeland Security Grant Program (HSGP) funds strategically, effectively, and in compliance with laws, regulations, and guidance.

Analysis of Disaster Relief Fund Data

Research and analyze voluminous data and vet state and local communities and contractors receiving money from the Disaster Relief Fund against various data sources to provide summary products and facilitate reporting by OIG’s Emergency Management Oversight and Office of Investigations.

FEMA

Effectiveness of CBP’s Mission

Determine CBP’s progress in developing and testing disaster

CBP

15

 

 

Critical Systems Disaster Recovery and Contingency Planning Efforts

recovery and contingency plans to ensure the recovery of mission critical systems within identified recovery timeframes.

In-Progress

Permanent Projects Funded with Sandy Recovery Improvement Act Section 428 Alternative Procedures Authority

Determine whether FEMA’s Sandy Recovery Improvement Act Section 428 alternative procedures permanent project grants comply with FEMA’s Public Assistance Alternative Procedures Pilot Program Guide for Permanent Work.

FEMA

Summary of Disaster Grant Audit Procurement Findings and FEMA’s Actions to Recover Improperly Spent Procurement Funds

Summarize procurement findings in OIG’s disaster grant audit reports issued from FYs 2009–2013 and determine the extent to which FEMA recovered money improperly spent.

FEMA

Public Assistance Grantee Cash Management Practices

Determine FEMA’s Public Assistance cash management policies for selected grantees and whether the grantees complied with these policies.

FEMA

FEMA’s Initial Response to Presidentially Declared Disasters

Determine the effectiveness of FEMA’s initial response to the presidentially declared disaster in Texas.

FEMA

A Community’s Capacity to Effectively Manage FEMA Disaster Grant Funding

Determine whether grantees and subgrantees need additional FEMA and/or state monitoring and technical assistance to account for and expend FEMA disaster grant funds according to Federal requirements. We are conducting these audits in the states of California and Colorado.

FEMA

16

 

 

Early Warnings – A Community’s Initial Compliance with Federal Financial and Procurement Requirements for Disaster Grant Funding

Early in the disaster recovery- rebuilding phase, determine whether grantees and subgrantees are accounting for and expending FEMA disaster grant funds according to Federal requirements and give them the opportunity to correct or minimize the financial impact of noncompliance. We are conducting these audits in the states of Alabama, Colorado, Connecticut, Florida, Georgia, Mississippi, New Jersey, New Mexico, and New York.

FEMA

FEMA-approved Public Assistance Projects that Applicants Have Not Started

Determine the number of approved Public Assistance projects in which applicants have not started construction, when those projects were approved, and why some applicants take years to begin construction on some projects.

FEMA

The Extent to Which FEMA Public Assistance Grants are Closed in a Timely Manner

Determine the average amount of time it takes for recipients of Public Assistance grants to complete projects and FEMA to close presidentially declared disasters.

FEMA

Effectiveness of FEMA Qualification System for Deploying Staff to Disasters

Determine whether the FEMA Qualification System and Automated Deployment Database are effective in providing sufficient and qualified staff to disasters in a timely manner.

FEMA

Effectiveness of FEMA’s Transitional Sheltering Assistance program for Hurricane Sandy

Determine the effectiveness of FEMA's Transitional Sheltering Assistance program for Hurricane Sandy.

FEMA

DHS Pandemic Planning

Determine whether DHS has implemented adequate preparedness plans to continue mission essential functions during a pandemic.

DHS

DHS Response to Ebola

Determine whether DHS has effectively implemented DHS' enhanced screening measures for a response to an Ebola outbreak.

DHS

17

 

 

Colorado's Emergency Management Performance Grant Program

Determine whether FEMA and the Colorado Division of Homeland Security and Emergency Management are sufficiently monitoring the Emergency Management Performance Grant Program to ensure that program funds are used according to grant program guidelines and other applicable state and Federal laws.

FEMA

Maryland's Management of State Homeland Security Grant Program and Urban Areas Security Initiative Grants

Determine whether Maryland distributed, administered, and spent HSGP funds strategically, effectively, and in compliance with laws, regulations, and guidance and the extent the funds enhanced Maryland's ability to prevent, prepare for, protect against, and respond to natural and manmade disasters.

FEMA

FEMA IT Management

Determine whether FEMA’s IT management approach addresses planning, governance, and management of technology to support its mission.

FEMA

18

 

 

Safeguarding and Securing Cyberspace

DHS’ cybersecurity responsibilities focus on implementing protective measures to secure cyberspace and its associated infrastructure, as well as restoring information systems and data to ensure their confidentiality, integrity, and availability. The Department also seeks to protect computers and networks from accidental or malicious harm by preventing, detecting, and responding to risks and attacks. OIG will conduct work to determine whether the Department has made progress in implementing its cybersecurity responsibilities and in migrating its core financial processes and systems to a common baseline configuration that will support consolidated financial statement reporting. We will also review whether the Department is on track to adopt common baseline controls for IT management and evaluate the Department’s progress in implementing the Homeland Security Cybersecurity Workforce Assessment Act.

Project Objective(s) Component

or Directorate

New DHS’ Implementation of the Federal Information Technology Acquisition Reform Act

Determine whether DHS is on track to adopt the Office of Management and Budget’s (OMB) common baseline controls for IT management.

Management Directorate

(MGMT)

DHS Implementation of New FISMA Requirements

Evaluate the National Protection and Programs Directorate’s (NPPD) progress toward implementing the cybersecurity responsibilities in the Federal Information Security Modernization Act of 2014.

NPPD

Homeland Security Workforce Assessment Act Implementation

Evaluate the Department’s progress in implementing the Homeland Security Cybersecurity Workforce Assessment Act.

Multiple Components

Federal Law Enforcement Training Center (FLETC) Privacy Stewardship

Determine whether FLETC ensures it complies with Federal privacy and security laws, regulations, and policies; and instills a culture of privacy in the law enforcement community through effective training on baseline requirements for privacy, security, civil rights, and civil liberties.

FLETC

19

 

 

Project

Annual Evaluation of DHS’ Information Security Program for FY 2016

Objective(s)

Determine whether DHS’ information security program and practices are adequate and effective; determine DHS’ progress in addressing open recommendations from our prior year review.

Component or

Directorate Multiple

Components

Annual Evaluation of DHS’ Information Security (INFOSEC) Program (Intelligence Systems – Intelligence Community) for FY 2016 (Classified)

Determine whether DHS' INFOSEC program and practices are adequate and effective in protecting the information and the information systems that support DHS' intelligence operations and assets for FY 2016; determine DHS’ progress in addressing open recommendations from our prior year review.

Multiple Components

Annual Evaluation of DHS’ INFOSEC Program (Intel Systems – DHS Intelligence and Analysis) for FY 2016 (Classified)

Determine whether DHS’ information security program is adequate and effective in protecting the information and the information systems that support DHS’ intelligence operations and assets. In addition, we determine what progress DHS has made in addressing open recommendations from our prior year review.

Multiple Components

20

 

 

Project Objective(s) Component

or Directorate

In-Progress Secret Service’s Enterprise Investigative System’s Master Central Index (MCI)

Determine the effectiveness of protections in place to prevent and detect unauthorized access and disclosure of information included in Secret Service’s Enterprise Investigative System’s MCI, a mission- critical mainframe computer database containing sensitive law enforcement and personal information.

Secret Service

Insider Threat Risk at the Science and Technology Directorate (S&T)

Assess S&T’s progress toward protecting its IT assets from the risk posed by its employees, especially those with trusted or elevated access to sensitive but unclassified information systems or data.

S&T

Annual Evaluation of DHS’ Information Security Program for FY 2015

Determine whether DHS’ information security program and practices are adequate and effective; determine DHS’ progress in addressing open recommendations from our prior year review.

Multiple Components

Annual Evaluation of DHS’ INFOSEC Program (Intel Systems – DHS Intelligence and Analysis) for FY 2015 (Classified)

Determine whether DHS’ information security program is adequate and effective in protecting the information and the information systems that support DHS’ intelligence operations and assets. In addition, we determine what progress DHS has made in addressing open recommendations from our prior year review.

Multiple Components

Cyber Security Division's Efforts to Support Federal Cybersecurity Initiatives

Review S&T Cyber Security Division’s efforts to support and carry out Federal cybersecurity initiatives.

S&T

21

 

 

Promoting Management Stewardship

DHS is the third largest agency in the Federal Government, with a budget of more than $60.5 billion in FY 2015. The Department’s funding is directed to prevent terrorism and enhance security, secure and manage our borders, enforce and administer our immigration laws, safeguard and secure cyberspace, ensure resilience to disasters, and provide essential support to national and economic security. Sound management and effective stewardship practices are critical in the Department’s efforts to conduct its complex and vital mission and achieve its objectives within allocated resources. OIG will review areas of high risk to ensure that DHS is efficiently managing and safeguarding its programs and resources and making well-informed decisions about program investments. We will review contracts to determine their compliance with policy and regulations, audit internal controls over financial reporting, and determine whether grant funds are being properly administered and spent. We are also planning reviews of DHS’ and the Secret Service’s hiring practices.

Project Title Objective(s) Component

or Directorate

New Operation Stonegarden Grants

Determine whether FEMA and CBP have sufficient oversight of Operation Stonegarden grants to ensure the awarded funds are properly administered and spent effectively.

FEMA

FEMA’s Oversight of Delegated Authorities

Determine whether FEMA is properly overseeing delegated authorities and whether the authorities have improved mission performance.

FEMA

DHS Performance and Learning Management System

Evaluate DHS’ acquisition, implementation, and oversight of the Performance and Learning Management System.

DHS HQ

DHS Strategic Source Contract Vehicles

Determine whether strategic source contracts are achieving expected results.

DHS

Audit of Selected 2015 DHS Contracts

Determine whether selected 2015 contracts below acquisition levels 1, 2, and 3 were properly solicited, awarded, and managed.

DHS

22

 

 

Project Title Objective(s) Component

or Directorate

Improper Payments Elimination and Recovery Act of 2010

Determine whether DHS is in compliance with the Improper Payments Elimination and Recovery Act of 2010. (Annual requirement.)

DHS

DHS Major Management and Performance Challenges

Summarize OIG’s conclusions about the most serious management and performance challenges facing DHS and assess its progress in addressing those challenges. (Annual requirement.)

DHS

Chief Financial Officers Act of 1990, Section 304

Determine the fairness of presentations of DHS FY 2016 financial statements. (Annual requirement.)

DHS

DHS Financial Accountability Act; OMB Circular A-123, Appendix A

Determine the effectiveness of DHS' internal controls over financial reporting. (Annual requirement.)

DHS

Government Charge Card Abuse Prevention Act of 2012

Assess DHS’ purchase card programs (convenience checks, combined integrated card programs, and travel card programs) to analyze the risks of illegal, improper, or erroneous purchases. (Annual requirement.)

DHS

Office of National Drug Control Policy Reauthorization Act of 1998

Express a conclusion about the reliability of each assertion made in CBP’s, ICE’s, and the Coast Guard Office of National Drug Control Policy’s (ONDCP) Detailed Accounting Submissions and Performance Summary Reports. (Annual requirement.)

CBP, ICE, Coast Guard

ONDCP

Single Audit Act Reviews

Review nonfederal auditors' work for compliance with OMB Circular A-133 requirements.

DHS

Other Than Full and Open Competition

Assess departmental compliance with applicable laws and regulations for grants and contracts awarded by any Other Than Full and Open Competition contracting during FY 2015. (Legislative mandate.)

DHS

23

 

 

Project Title Objective(s) Component

or Directorate

Conference Spending

Report to the Appropriations Committees not later than 30 days after the end of FY 2015 on DHS spending on conferences, ceremonies, and similar events, based on quarterly reporting to OIG. (Legislative mandate.)

DHS

DHS Hiring Speed Determine the average length of time to hire and on-board new employees.

DHS

Secret Service Background Check Process

Examine Secret Service practices of hiring and deploying personnel without completing the security clearance process.

Secret Service

Follow-up on Protective Mission Panel Report’s Recommendations

Determine whether the Secret Service has implemented the recommendations from the Protective Mission Panel report. (Legislative mandate.)

Secret Service

DHS Implementation of E-mail as a Service (EaaS)

Determine whether EaaS has met performance and cost expectations.

MGMT

Compliance with Federal Disaster Grant Spending Requirements

For substantially completed disaster projects, determine whether grantees and subgrantees accounted for and spent FEMA disaster grant funds according to Federal requirements. (About 10 audits.)

FEMA

FY 2015 Capping Report of Disaster Grant Audits

Summarize the results of reports issued in FY 2015 on FEMA grantees’ and subgrantees’ compliance with Federal disaster grant spending requirements.

FEMA

In-Progress TSA’s Risk-Based Strategy

Determine the extent to which TSA's intelligence-driven, risk-based strategy informs security and resource decisions to protect the traveling public and the Nation's transportation systems.

TSA

24

 

 

Project Title

Improvements to FEMA Oversight of HSGP Based on Audits of States and Territories

Objective(s)

Determine whether FEMA implemented permanent changes to its oversight of the HSGP, based on recurring recommendations from audits of states and territories. Determine whether these changes improved the ability of states and territories to manage the program according to law, regulations, and guidance.

Component or

Directorate FEMA

TSA’s Office of Human Capital Contracts

Determine whether TSA's human capital contracts are managed effectively, comply with DHS’ acquisition guidelines, and are achieving expected goals.

TSA

DHS Major Management and Performance Challenges

Summarize OIG's conclusions about the most serious management and performance challenges facing DHS and assess its progress in addressing those challenges. (Annual requirement).

MGMT

Chief Financial Officers Act of 1990 Section 304

Determine the fairness of presentations of DHS FY 2015 financial statements by obtaining an understanding of internal control over financial reporting, testing controls to determine audit procedures, and reporting on weaknesses identified during the audit; test compliance with certain laws, regulations, and provisions of contracts or grant agreements. (Annual requirement.)

DHS

DHS Financial Accountability Act; OMB Circular A-123, Appendix A

Determine the effectiveness of DHS' internal controls over financial reporting. (Annual requirement.)

DHS

Improper Payments Elimination and Recovery Act of 2010

Determine whether DHS is in compliance with the Improper Payments Elimination and Recovery Act of 2010. (Annual requirement.)

DHS

25

 

 

Project Title

CBP’s FY 2015 Financial Statements

Objective(s)

Determine the fairness of presentations of CBP's FY 2015 financial statements by obtaining an understanding of internal control over financial reporting and testing those controls to determine audit procedures; report on weaknesses identified during the audit; test compliance with certain laws, regulations, and provisions of contracts or grant agreements.

Component or

Directorate CBP

Office of National Drug Control Policy Reauthorization Act of 1998

Express a conclusion about the reliability of each assertion made in CBP's, ICE's, and Coast Guard ONDCP’s Detailed Accounting Submissions and Performance Summary Reports. (Annual requirement.)

CBP, ICE, Coast Guard

ONDCP

DHS Training Centers

Determine whether DHS' oversight over its training centers ensures the most cost-effective use of resources.

DHS

FEMA’s National Flood Insurance Program: Write Your Own Program

Determine the adequacy of FEMA's oversight of the Write Your Own Program.

FEMA

Assistance to Firefighter Grants

Determine the extent to which Assistance to Firefighter Grant recipients comply with grant requirements and guidance precluding waste, fraud, and abuse of grant funds.

FEMA

Compliance with Federal Disaster Grant Spending Requirements

For substantially completed disaster projects, determine whether grantees and subgrantees accounted for and spent FEMA disaster grant funds according to Federal requirements. We are conducting these audits in the states of Alabama, Nebraska, Tennessee, and Texas.

FEMA

FY 2014 Government Charge Card Risk Assessment

Determine the level of risk associated with the design of internal controls implemented to prevent illegal, improper, or erroneous purchases and payments for purchase cards, travel cards, and centrally billed accounts. (Annual requirement.)

MGMT

26

 

 

Project Title Objective(s)

Component or

Directorate Office of Assess the extent to which I&A is I&A Intelligence and Analysis (I&A) Privacy Stewardship

integrating baseline requirements for privacy, security, civil rights, and civil liberties in its mission programs.

27

 

 

Promoting Program Integrity

Threats to the integrity of DHS’ programs are pervasive. Corruption in border management and the acquisition process can be especially detrimental to the Department’s efforts to accomplish its mission effectively and efficiently. We will continue to share information and coordinate with the Department on an overall integrity strategy to prevent, report, and respond to corruption. OIG will continue to investigate employee corruption and misconduct and to evaluate management controls over high-risk programs. We will determine whether program safeguards ensure compliance with laws, regulations, and best practices, and evaluate the strength of the Department’s disciplinary processes. To protect DHS’ financial interests, we will identify vulnerabilities and fraud indicators. Additionally, we will periodically examine the progress toward implementing our recommendations and verify whether corrective actions taken in response to recommendations achieved the intended results.

Project Title Objective(s) Component

or Directorate

New Strategic Workforce Planning and Training

Determine whether the Department’s workforce planning and training efforts result in an appropriately sized and skilled workforce to effectively meet its missions.

DHS

Conduct and Discipline

Determine whether DHS has an equitable and consistent disciplinary process to correct inappropriate conduct at all levels.

DHS

Component-level Acquisition Programs

Determine whether components’ guidance is sufficient to properly execute contracts that do not reach the thresholds for acquisition levels 1, 2, and 3.

TBD

Analysis of Potential Efficiencies in Coast Guard and CBP’s Office of Air and Marine (OAM) Air and Water Operations

Determine whether the Coast Guard and OAM have fragmented programs, and if there is any duplication or overlap in their programs. If so, identify potential efficiencies in their program operations.

Coast Guard, CBP

28

 

 

Project Title

Verification Reviews

Objective(s)

Periodically conduct verification reviews to evaluate progress on selected audit recommendations, including whether corrective actions achieved the intended results.

Component or

Directorate Multiple

Components

IT Portion of FY 2016 Financial Statement Audit (Consolidated and Component-level)

Determine the effectiveness of DHS’ general and application controls that govern critical financial systems and data. Separate reports will be issued for the listed components.

Multiple Components

Office of Civil Rights and Civil Liberties (CRCL)

Determine whether CRCL is effectively meeting its mission mandates, including overseeing protection of members of the public.

CRCL

DHS’ DNA Program Determine the policies and procedures DHS and its components have in place to safeguard DNA collected for immigration programs.

S&T, USCIS, ICE, CBP

Operations of the DHS Equal Employment Opportunity (EEO) Office and Anti- Harassment Office

Evaluate whether DHS EEO Office and Anti-Harassment Office operations are effective and efficient.

MGMT

In-Progress DHS’ Working Capital Fund

Assess whether DHS manages its Working Capital Fund to provide cost- efficient support services throughout DHS.

DHS

DHS Use of Reimbursable Work Authorizations and Interagency Agreements

Determine whether DHS' use of Reimbursable Work Authorizations is in compliance with statutory, regulatory, departmental, and component requirements.

DHS

DHS' Use of Force Determine the extent to which DHS components are being properly and uniformly trained to execute DHS' use of force policy.

DHS

29

 

 

Project Title Objective(s) Component

or Directorate

IT Portion of the FY 2015 Financial Statement Audit – (Consolidated and Component-level)

Determine the effectiveness of DHS’ general and application controls that govern critical financial systems and data. Separate reports will be issued for the listed components.

Multiple Components

DHS’ Financial Systems Modernization Efforts

Determine the Department’s progress in modernizing and migrating its core financial processes and systems to a common baseline configuration that will support consolidated financial statement reporting.

Multiple Components

CBP Office of Internal Affairs’ (IA) Privacy Policies and Practices

Determine whether CBP IA appropriately collected, stored, and shared personally identifiable information (PII) in this incident and whether CBP IA’s privacy policies and agreements for collecting, storing, and sharing PII are adequate.

CBP

CBP’s Implementation of the Prison Rape Elimination Act (PREA)

Determine whether CBP is meeting its scheduled milestones for implementing PREA.

CBP

Review of the Policies and Training Governing Off-Duty Conduct for DHS Employees Posted Overseas

Determine whether DHS has adequate policies and training for DHS employees posted overseas to govern off-duty conduct.

DHS

DHS’ Use of Special Government Employees (SGE)

Examine DHS’ process for hiring SGEs and provide other information about the Department’s SGEs.

DHS

FEMA Inspection Determine whether FEMA’s Office of the Chief Security Officer hired employees with criminal backgrounds, allowed employees to violate overtime and compensatory time policies, and used the Disaster Relief Fund inappropriately.

FEMA

30

 

 

Project Title

Naturalization of Aliens with Deportation Orders and Multiple Identities

Objective(s)

Determine whether USCIS has granted naturalization to aliens without identifying fingerprint records associating the aliens with multiple identities and final removal orders, and whether USCIS uses fingerprint records effectively to identify naturalization applicants with multiple identities and final removal orders. Determine whether USCIS, CBP, and ICE procedures for handling these suspected immigration fraud cases are effective.

Component or

Directorate USCIS, CBP,

ICE

31

 

 

OIG Contacts

Headquarters Mailing Address:

Office of Inspector General/MAIL STOP 0305 Department of Homeland Security

245 Murray Lane SW Washington, DC 20528-0305

(202) 254-4100

Click here to: Subscribe to OIG Email Alerts

OIG Executive Team:

John Roth ……. Inspector General (vacant) ……. Deputy Inspector General (vacant) ……. Chief of Staff Dorothy Balaban ……. Special Assistant to the Inspector General Laurel Rimon ……. Counsel to the Inspector General Mark Bell ……. Assistant Inspector General/Audits John V. Kelly ……. Assistant Inspector General/Emergency Management Oversight Sondra McCauley ……. Assistant Inspector General/Information Technology Audits Anne L. Richards ……. Assistant Inspector General/Inspections & Evaluations John E. McCoy II ……. Assistant Inspector General/Integrity & Quality Oversight Andrew Oosterbaan ……. Assistant Inspector General/Investigations Louise McGlathery ……. Assistant Inspector General/Management Erica Paulson ……. Director, Office of Legislative Affairs & Acting Director, Office of

Public Affairs

32

 

 

Appendix – Abbreviations

CBP U.S. Customs and Border Protection DHS Department of Homeland Security

FEMA Federal Emergency Management Agency FLETC Federal Law Enforcement Training Center

FY fiscal year I&A Office of Intelligence and Analysis ICE U.S. Immigration and Customs Enforcement IT information technology

MGMT Management Directorate NPPD National Protection and Programs Directorate OIG Office of Inspector General

ONDCP Office of National Drug Control Policy QHSR Quadrennial Homeland Security Review S&T Science and Technology Directorate TSA Transportation Security Administration

Coast Guard U.S. Coast Guard USCIS U.S. Customs and Immigration Service

Secret Service U.S. Secret Service

33

 

34  

ADDITIONAL INFORMATION AND COPIES To view this and any of our other reports, please visit our website at: www.oig.dhs.gov. For further information or questions, please contact Office of Inspector General Public Affairs at: [email protected]. Follow us on Twitter at: @dhsoig.

OIG HOTLINE To report fraud, waste, or abuse, visit our website at www.oig.dhs.gov and click on the red "Hotline" tab. If you cannot access our website, call our hotline at (800) 323-8603, fax our hotline at (202) 254-4297, or write to us at: Department of Homeland Security Office of Inspector General, Mail Stop 0305 Attention: Hotline 245 Murray Drive, SW Washington, DC 20528-0305