Inspectors General:

DHS OIG's Structure, Policies, and Procedures Are Consistent with Standards, but Areas for Improvement Exist

GAO-14-726: Published: Sep 24, 2014. Publicly Released: Sep 24, 2014.

Additional Materials:

Contact:

Asif A. Khan
(202) 512-9869
khana@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

During fiscal years 2012 and 2013, the Department of Homeland Security's (DHS) Office of Inspector General (OIG) issued 361 audit and inspection reports that collectively cover key components, management challenges identified by the OIG, and relevant high-risk areas identified by GAO. Of the 361 reports, 200 pertained solely to the Federal Emergency Management Agency (FEMA)—the DHS component with the largest budget. Of those FEMA reports, 118 reports involved audits of disaster assistance grants.

The OIG's organizational structure, roles, and responsibilities are generally consistent with the Inspector General (IG) Act of 1978, as amended (IG Act). In 2013, the OIG made changes to its structure to enhance independence and oversight, including establishing an Office of Integrity and Quality Oversight. However, areas for improvement exist for the OIG to better meet its responsibilities.

The OIG has not reached agreement with the Federal Bureau of Investigation (FBI) on coordinating and sharing border corruption information. The IG Act requires OIGs to recommend policies for and to conduct, supervise, or coordinate relationships with other federal agencies regarding cases of fraud or abuse. The Senate Appropriations Committee directed DHS to report jointly with the OIG and other DHS components on plans for working with the FBI.

The OIG lacks adequate controls to protect identities of employees filing complaints because its process for recording complaints involves significant manual procedures, without review, that can be subject to human error. The IG Act requires that OIGs not disclose the identity of an employee filing a complaint without the employee's consent unless such disclosure is unavoidable during the course of an investigation. The OIG is aware of these issues and is developing standard operating procedures.

The OIG does not have a policy for obtaining legal advice from its own counsel or guidelines specifying when it is appropriate to consult with the department's counsel. The former Acting IG requested legal help from a counsel at the department for 4 months, and it was not clear if this request was for appropriate matters. The IG Act requires the IG to obtain legal advice from a counsel reporting directly to the IG or another IG. The OIG Deputy Counsel has asked a working group to draft guidelines on consultations with the department's counsel.

The OIG's policies and procedures are consistent with independence standards. However, OIG senior executives did not always comply with the policy to annually complete certificates of independence. Because the OIG does not centrally maintain the certifications, management's ability to monitor compliance is hindered. For example, no certificate of independence could be found for the former Acting IG. As a result of an impairment to the former Acting IG's independence that was not identified in a timely manner, the OIG had to reissue six reports for fiscal year 2012 to add an explanatory statement about the impairment. External peer reviews of the OIG's audit function, completed in 2009 and 2012, also found that OIG staff, including senior executives, had not documented their independence as required.

Why GAO Did This Study

The DHS OIG plays a critical role in strengthening accountability throughout DHS. The OIG received about $141 million in fiscal year 2013 appropriations to carry out this oversight.

The joint explanatory statement to the Department of Homeland Security Appropriations Act, 2013, directed GAO to review the OIG and its organizational structure for meeting independence standards. This report examines (1) the coverage the OIG's audits and inspections provided of DHS's component agencies, management challenges, and high-risk areas; (2) the extent to which the OIG's organizational structure, roles, and responsibilities were consistent with the IG Act; and (3) the extent to which the design of the OIG's policies and procedures was consistent with applicable independence standards.

To address these objectives, GAO obtained relevant documentation, such as selected reports and OIG policies and procedures, and compared this information to the IG Act and independence standards. GAO also interviewed officials from the OIG, DHS components, and the FBI.

What GAO Recommends

GAO is making three recommendations for improving controls over processing complaints, obtaining legal advice, and monitoring compliance with independence standards. The IG concurred with GAO's recommendations and described actions being taken to address them.

For more information, contact Asif A. Khan at (202) 512-9869 or khana@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: The agency concurred with our recommendation. In October 2014, the OIG provided additional training to all intake analysts on confidentiality and Privacy Act information to reinforce protections for complainants and highlight distinctions between complainants' filing statuses. In addition, the OIG stated that it implemented continuous, routine quality assurance monitoring to provide oversight of intake analysts' work products, including the movement or referral of complaints. The OIG also stated that it plans to modify the Electronic Data System to establish an automated control for protecting employees' identities, but it has not yet indicated when it expects to complete that action.

    Recommendation: To improve its intake and complaint processing function, the OIG should design and implement additional controls, which may include additional automated controls and supervisory review, to provide reasonable assurance that employees' identities are not disclosed without their consent when forwarding complaints to DHS components.

    Agency Affected: Department of Homeland Security: Office of Inspector General

  2. Status: Closed - Implemented

    Comments: The agency concurred with our recommendation. In November 2014, the DHS IG issued a Directive Number 306-112-01 that established policy requiring that the IG receive independent legal advice from either a counsel reporting directly to the IG, or under certain circumstances, from a counsel reporting to another IG. The directive also provides guidelines on when it may be appropriate for the OIG to consult on legal matters with the DHS Office of General Counsel.

    Recommendation: To help avoid any impairment to independence when seeking legal advice, the OIG should develop a policy for obtaining legal advice from counsel reporting either directly to the IG or another IG and work with the IG's counsel to establish guidelines for when it would be appropriate for the OIG to consult with the department's counsel.

    Agency Affected: Department of Homeland Security: Office of Inspector General

  3. Status: Closed - Implemented

    Comments: The agency concurred with our recommendation. In November 2014, the DHS OIG revised its audit manual to include a requirement that senior executives sign annual independence statements that are to be collected and maintained by the OIG's Office of Integrity and Quality Oversight.

    Recommendation: To help ensure that senior executives are aware of independence requirements so that they are able to identify and mitigate any threats to their independence, the OIG should revise its guidance in the OIG Audit Manual to require signed annual certificates of independence to be collected and maintained centrally in order to monitor compliance.

    Agency Affected: Department of Homeland Security: Office of Inspector General

 

Explore the full database of GAO's Open Recommendations »

May 17, 2016

Apr 25, 2016

Apr 19, 2016

Apr 15, 2016

Apr 14, 2016

Apr 12, 2016

Mar 31, 2016

Mar 16, 2016

Mar 11, 2016

Looking for more? Browse all our products here