Department of Homeland Security:

Components Could Improve Monitoring of the Employee Misconduct Process [Reissued with revisions on Sep. 4, 2018.]

GAO-18-405: Published: Jul 31, 2018. Publicly Released: Aug 30, 2018.

Additional Materials:

Contact:

Rebecca Gambler
(202) 512-8777
gamblerr@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

From fiscal years 2014 through 2016, U.S Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement (ICE), and the Transportation Security Administration (TSA) collectively opened and had closed nearly 70,000 employee misconduct cases, as shown in the table below. The most common CBP and ICE cases were for general misconduct, such as failure to follow procedures or rude conduct, while half of TSA's misconduct cases related to time and attendance misconduct. The most common misconduct outcomes for CBP, ICE, and TSA were written reprimand, suspension, and counseling, respectively. More than half of CBP and more than two-thirds of ICE misconduct cases resulted in no action or were not referred for adjudication because they were unsubstantiated or for other reasons, such as the employee under investigation retired or resigned.

Number of Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), and Transportation Security Administration (TSA) Employee Misconduct Cases Opened in Fiscal Years (FY) 2014 through 2016 and Closed at the Time of GAO's Review, and Total Onboard Staff

Component                 FY 2014                             FY 2015                                      FY 2016

 

Total cases

Total onboard staff

Total cases

Total onboard staff

Total cases

Total onboard staff

Total cases, FY14-16

CBP

6,786

59,544

6,831

59,472

6,716

59,221

20,333

ICE

1,285

18,931

1,148

18,939

792

19,276

3,225

TSA

13,451

60,982

14,688

58,977

17,014

60,652

45,153

Total misconduct cases

21,522

 

22,667

 

24,522

 

68, 711

Source: GAO analysis of CBP, ICE, and TSA data. | GAO-18-405

While CBP, ICE, and TSA have established internal controls related to handling misconduct cases, they have not consistently documented or monitored key control activities. Specifically:

  • GAO analyzed random samples of misconduct cases for each component and found inconsistent documentation of control activities related to supervisory and legal review, case file data verification, and investigator recusal. For example, all three component agencies require supervisory review of criminal or serious misconduct investigations to help ensure that investigations are comprehensive and performed correctly, and they require evidence of this supervisory review in their case management systems. However, GAO estimates that less than 50 percent of ICE management inquiries (which are investigations conducted by local managers) had supervisory review documented. Regarding recusal, each component requires investigators to recuse themselves if they are unable to investigate alleged misconduct in an impartial manner. However, none of the components require documentation of recusals in their case management systems.
  • CBP and ICE do not consistently document the findings of misconduct investigations—for example, whether a misconduct allegation was found to be substantiated—in their case management systems.
  • Components' use of oversight mechanisms to monitor internal control is limited. Specifically, CBP and TSA do not use their self-inspection programs to test control activities related to investigating employee misconduct, and ICE does not centrally track the status of corrective actions.
  • TSA cannot easily track the outcome of investigations across its case management systems. Specifically, GAO found 581 TSA misconduct allegations that were recorded in the database used by the investigating office but not found in the databases of TSA's adjudicating offices because the offices assign different case numbers to the same case.

More consistent documentation and monitoring of internal controls at each component—including tracking the status of corrective actions—would provide components with greater assurance that key controls are implemented and that deficiencies are addressed in a timely manner. Further, consistently documenting the findings of misconduct investigations and ensuring the compatibility of associated data systems would allow managers to ensure that cases are adjudicated as appropriate.

CBP, ICE, and TSA assess the performance of their employee misconduct processes primarily using timeliness targets. While components monitor the timeliness of certain stages of misconduct cases, they do not monitor all established timeliness targets, including the duration of all cases beginning to end; or document how staff are to measure targets using case management system data. According to GAO's analysis, from fiscal year 2014 through the time of GAO's review, the average total duration of employee misconduct cases ranged from 19 to 434 days, depending on the component and case type, as shown in the table below. In addition, GAO found that each component met its established timeliness targets for the investigation and adjudication stages to varying degrees. For example, CBP met its target to complete criminal investigations within 1 year in 93 percent of cases, while it met its target to complete non-criminal investigations within 60 days in 40 percent of cases. Improved monitoring of timeliness targets and the total duration of misconduct cases could allow each component to produce reliable data and increase process efficiency.

GAO Analysis of the Average Total Duration of U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement (ICE), and Transportation Security Administration (TSA) Misconduct Cases Opened in Fiscal Years 2014 through 2016 and Closed by the Time of GAO's Review

Average number of days

Case type

      CBP

     ICE

     TSA

Management inquiry (reported to central intake center)

 153

307

n/a

Management inquiry (reported locally only)

85

186

19

Administrative inquiry

280

434

41

Non-criminal investigation

278

389

184

Criminal investigation

318

163

219

All case types

146

331

23 

Legend: “n/a” = not applicable.

Source: GAO analysis of CBP, ICE, and TSA data. | GAO-18-405

Note: CBP and ICE allegations may be reported to a Joint Intake Center. TSA does not have a central intake center. Management inquiries are investigations of allegations by local managers. Administrative inquiries are investigations of allegations conducted by fact finders who are from or trained by each component's central office responsible for investigations.

Why GAO Did This Study

Department of Homeland Security (DHS) component agencies CBP, ICE, and TSA are responsible for securing the nation's borders, enforcing immigration laws, and overseeing the security of transportation systems. Recent studies of these components' employee misconduct investigation and disciplinary processes have highlighted the importance of having appropriate internal controls.

GAO was asked to review CBP, ICE, and TSA employee misconduct investigation and adjudication processes. This report (1) summarizes data on misconduct cases that were opened from fiscal years 2014 through 2016 and closed by the time of GAO's review; (2) examines the extent to which CBP, ICE, and TSA implement internal controls in their employee misconduct and discipline processes; and (3) assesses how CBP, ICE, and TSA monitor the performance of their employee misconduct processes. For each component, GAO reviewed policies, guidance, and timeliness performance reports; analyzed case management information system data; and interviewed officials involved in investigation and adjudication processes.

What GAO Recommends

GAO is making 18 recommendations for CBP, ICE, and TSA to strengthen their employee misconduct internal controls and improve monitoring of the timeliness of the employee misconduct process (detailed on the following page). DHS concurred with GAO’s recommendations.

GAO recommends that the Commissioner of CBP, Director of ICE, and Administrator of TSA

  • revise policy or guidance to ensure documentation of required control activities—such as legal and/or supervisory review and data verification—in their case management systems;
  • modify their annual self-inspection programs (CBP and TSA by including evaluation and testing of internal controls related to the employee misconduct process; ICE by tracking the status of related corrective actions to ensure timely implementation);
  • monitor the duration of all cases beginning-to-end by stage and by case type;
  • define and document the case management system data fields to be used for monitoring all established performance targets and provide related guidance to staff; and
  • monitor the timeliness of misconduct cases against established targets using case management system data.

GAO also recommends that the Commissioner of CBP and Director of ICE require documentation of investigative findings in their case management systems (CBP by documenting whether an allegation is substantiated and documenting and disseminating referral procedures for adjudication; ICE by documenting case resolution codes of management inquiries).

GAO also recommends that the Administrator of TSA develop a method for more easily connecting cases between the databases used for employee misconduct cases.

For more information, contact Rebecca Gambler at (202) 512-8777 or gamblerr@gao.gov.

Reissued with Revisions Sep. 04, 2018

This report was revised on September 4, 2018, pages 62 - 68, agency comments were added, Appendix II: Comments from the Department of Homeland Security.

Recommendations for Executive Action

  1. Status: Open

    Comments: In February 2020, CBP provided documentation of a data verification checklist used by its Office of Professional Responsibility for the Joint Integrity Case Management System. However, CBP also needs to develop a similar tool or method to verify case management data contained in its Human Resource Business Engine system. And to fully implement this recommendation, CBP needs to revise policy or guidance to ensure documentation of control activities (data verification and legal review of adverse actions) in its case management systems.

    Recommendation: The Commissioner of CBP should revise policy or guidance to ensure documentation of required control activities in its case management system, such as legal review of adverse actions, and data verification (Recommendation 1).

    Agency Affected: Department of Homeland Security: United States Customs and Border Protection

  2. Status: Open

    Comments: In February 2020, CBP provided documentation of its internal operating procedures related to investigative findings. However, these procedures did not include a requirement that staff enter this information in the appropriate data system field witihin the Joint Integrity Case Management System. CBP needs to document that staff are required to enter investigative findings in this data field. CBP also needs to document and disseminate associated referral procedures for adjudication based on the investigative finding entered in the system.

    Recommendation: The Commissioner of CBP should require staff to document investigative findings (e.g., whether an allegation is substantiated) in the case management system, and document and disseminate associated referral procedures for adjudication (Recommendation 2).

    Agency Affected: Department of Homeland Security: United States Customs and Border Protection

  3. Status: Closed - Implemented

    Comments: CBP has developed a worksheet to evaluate and test internal controls related to the employee misconduct process, and the Office of Professional Responsibility has implemented this worksheet as part of the 2019 annual self inspection program. These actions fulfill the intent of this recommendation.

    Recommendation: The Commissioner of CBP should ensure the appropriate program offices include evaluating and testing internal controls related to the employee misconduct process in CBP's annual self-inspection program (Recommendation 3).

    Agency Affected: Department of Homeland Security: United States Customs and Border Protection

  4. Status: Open

    Comments: In October 2018, CBP told us that it is currently updating one of its case management systems to better monitor cases beginning-to-end by stage and by case type. Once implemented, CBP's Office of Professional Responsibility will develop an internal management report that includes information on caseload and associated timelines. The estimated completion date for this recommendation is September 30, 2019. As of February 2020, we are continuing to follow up with CBP on its actions to implement this recommendation.

    Recommendation: The Commissioner of CBP should monitor the duration of all cases beginning-to-end by stage and by case type (Recommendation 4).

    Agency Affected: Department of Homeland Security: United States Customs and Border Protection

  5. Status: Open

    Comments: In October 2018, CBP stated that it is currently updating one of its case management systems to better monitor the timeliness of misconduct cases according to established targets. Once updated, CBP's Office of Professional Responsibility will develop an internal management report that includes information on caseload and associated timelines. The estimated completion date for this recommendation is September 30, 2019. As of February 2020, we are continuing to follow up with CBP on its actions to implement this recommendation.

    Recommendation: The Commissioner of CBP should monitor the timeliness of misconduct cases according to established targets for management inquiries, administrative inquiries, and criminal and non-criminal investigations using case management system data (Recommendation 5).

    Agency Affected: Department of Homeland Security: United States Customs and Border Protection

  6. Status: Open

    Comments: In October 2018, CBP stated that its Office of Professional Responsibility will define the case management system data fields used to measure established performance targets, and it will provide the appropriate guidance to staff. The estimated completion date of this recommendation is September 30, 2019. As of February 2020, we are continuing to follow up with CBP on its actions to implement this recommendation.

    Recommendation: The Commissioner of CBP should define and document the case management system data fields to be used for monitoring all established performance targets and provide related guidance to staff (Recommendation 6).

    Agency Affected: Department of Homeland Security: United States Customs and Border Protection

  7. Status: Open

    Comments: In November 2018, ICE provided documentation of related communication provided to staff. However, this documentation did not include revised policy or guidance documents. To fully implement this recommendation, revised policy or guidance documents should specify how staff should document in the employee misconduct case management systems the following control activities: supervisory review of management inquiries, legal review of Office of Professional Responsibility-investigated cases, and verification of case management systems data. As of February 2020, we are continuing to monitor ICE's actions to implement this recommendation.

    Recommendation: The Director of ICE should revise policy or guidance to ensure documentation of required control activities in its case management system, such as supervisory review of management inquiries, legal review of Office of Professional Responsibility-investigated cases, and data verification (Recommendation 7).

    Agency Affected: Department of Homeland Security: United States Immigration and Customs Enforcement

  8. Status: Open

    Comments: In November 2018, ICE provided documentation of related communication provided to staff. However, this documentation did not include revised policy or guidance documents that requires staff to document the investigative findings in the employee misconduct case management system. As of February 2020, we are continuing to monitor ICE's actions to implement this recommendation.

    Recommendation: The Director of ICE should require staff to document the investigative findings (case resolution codes) of management inquiries in the case management system (Recommendation 8).

    Agency Affected: Department of Homeland Security: United States Immigration and Customs Enforcement

  9. Status: Open

    Comments: In October 2018, ICE stated that it is revising its policy for its self-Inspection program to track the status of related corrective actions. ICE also stated that it will review three program offices for compliance with these revised policies and procedures during fiscal year 2019. The estimated completion date of this recommendation is June 28, 2019. As of February 2020, we are continuing to monitor ICE's actions to implement this recommendation.

    Recommendation: The Director of ICE should modify ICE's annual self-inspection program to track the status of related corrective actions to ensure they are implemented in a timely manner (Recommendation 9).

    Agency Affected: Department of Homeland Security: United States Immigration and Customs Enforcement

  10. Status: Open

    Comments: In October 2018, ICE stated that beginning in fiscal year 2019, a project team will develop the capability to monitor the duration of all employee misconduct cases beginning-to-end by stage and by case type. The estimated completion date of this recommendation is June 28, 2019. As of February 2020, we are continuing to monitor ICE's actions to implement this recommendation.

    Recommendation: The Director of ICE should monitor the duration of all cases beginning-to-end by stage and by case type (Recommendation 10).

    Agency Affected: Department of Homeland Security: United States Immigration and Customs Enforcement

  11. Status: Open

    Comments: In October 2018, ICE stated that its Office of Professional Responsibility developed guidance regarding established targets for the completion of management inquiries and will distribute the guidance to applicable staff. ICE also stated that it is developing timeliness targets for Employee Relations specialist review of proposals and decisions of disciplinary outcomes and will also distribute this guidance to applicable staff. The estimated completion date for this recommendation is June 28, 2019. As of February 2020, we are continuing to monitor ICE's actions to implement this recommendation.

    Recommendation: The Director of ICE should monitor the timeliness of misconduct cases according to established targets for management inquiries and Employee Relations specialist review of proposal and decision of disciplinary outcomes using case management system data (Recommendation 11).

    Agency Affected: Department of Homeland Security: United States Immigration and Customs Enforcement

  12. Status: Open

    Comments: In October 2018, ICE stated that it will work to define and document the case management system data fields and methodology to be used for monitoring all established performance targets and will provide related guidance to applicable staff. The estimated completion date for this recommendation is June 28, 2019. As of February 2020, we are continuing to monitor ICE's actions to implement this recommendation.

    Recommendation: The Director of ICE should define and document the case management system data fields and methodology to be used for monitoring all established performance targets and provide related guidance to staff (Recommendation 12).

    Agency Affected: Department of Homeland Security: United States Immigration and Customs Enforcement

  13. Status: Open

    Comments: In May 2019, TSA officials provided evidence that their case management system documents supervisory review of proposed discipline. To fully implement this recommendation, TSA will need to provide evidence that the case management system also documents review of an investigation by a supervisory investigative agent. TSA will also need to provide evidence that the case management system includes the ability to document verification of case management data, and TSA will also need to provide the final distributed reference and guidance materials related to documenting these two control activities in the case management system. We are continuing to follow up on the actions taken by TSA to implement this recommendation.

    Recommendation: The Administrator of TSA should revise policy or guidance to ensure documentation of required control activities in its case management system, such as supervisory review of investigations and data verification (Recommendation 13).

    Agency Affected: Department of Homeland Security: Transportation Security Administration

  14. Status: Closed - Implemented

    Comments: In May 2019, TSA created a data field in its Employee Relations database that displays related cases tracked in its Investigations (formerly Office of Inspection) database. This update to TSA's employee misconduct case management system allows TSA to monitor the status of investigations through adjudication.

    Recommendation: The Administrator of TSA should develop a method for more easily connecting cases between the Office of Inspection database and Employee Relations database (Recommendation 14).

    Agency Affected: Department of Homeland Security: Transportation Security Administration

  15. Status: Open

    Comments: Effective September 2018, TSA revised its Employee Relations program policy, requiring its Employee Relations office to review proposed adverse actions resulting from field office management inquiries. In October 2018, TSA officials stated that the agency implemented a training program for field office staff to comply with this policy requirement. However, this policy revision does not directly address the scope of TSA's annual inspection reviews. To fully implement this recommendation, TSA needs to revise the scope of its annual inspection process to include evaluating and testing internal controls, and provide documentation of the relevant key questions for the inspection, related to the investigation of employee misconduct. We are continuing to follow up on the actions taken by TSA to implement this recommendation.

    Recommendation: The Administrator of TSA should modify TSA's annual inspection process to include evaluating and testing internal controls related to the investigation of employee misconduct (Recommendation 15).

    Agency Affected: Department of Homeland Security: Transportation Security Administration

  16. Status: Open

    Comments: In April 2019, TSA provided documentation of an internal report that measures duration. However, the report does not provide management information on the duration of cases from beginning-to-end, by stage and case type. TSA needs to provide evidence that it monitors the duration of cases, including a description of which process stages are measured by case type and which data fields are used to measure the total duration from beginning-to-end, by stage and case type. We are continuing to follow up on the actions taken by TSA to implement this recommendation.

    Recommendation: The Administrator of TSA should monitor the duration of all cases beginning-to-end by stage and case type (Recommendation 16).

    Agency Affected: Department of Homeland Security: Transportation Security Administration

  17. Status: Open

    Comments: In April 2019, TSA provided evidence of a report it uses to measure duration. However, this report does not show how TSA performs with regards to established targets. TSA needs to provide evidence of how it monitors the timeliness of misconduct cases according to established targets for each case type (management inquiry, administrative inquiry, and investigation), including which specific data fields are used to measure the targets for each case type. We are continuing to follow up on the actions taken by TSA to implement this recommendation.

    Recommendation: The Administrator of TSA should monitor the timeliness of misconduct cases according to established targets for management inquiries (fact finding) and administrative inquiries, and the proposal and decision stages, using case information system data (Recommendation 17).

    Agency Affected: Department of Homeland Security: Transportation Security Administration

  18. Status: Open

    Comments: In May 2019, TSA provided guidance to its staff related to monitoring performance targets. However, these documents do not specify which system data should be used as part of the methodology for monitoring all established performance targets. TSA needs to provide documentation of guidance to staff that defines and documents all the specific case management system data field names (in the various databases, as applicable) and methodology staff should use to monitor all established timeliness targets. We are continuing to follow up on the actions taken by TSA to implement this recommendation.

    Recommendation: The Administrator of TSA should define and document the case management system data fields and methodology to be used for monitoring all established performance targets and provide related guidance to staff (Recommendation 18).

    Agency Affected: Department of Homeland Security: Transportation Security Administration

 

Explore the full database of GAO's Open Recommendations »

Mar 18, 2020

Mar 11, 2020

Feb 26, 2020

Feb 25, 2020

Feb 19, 2020

Feb 13, 2020

Feb 12, 2020

Feb 11, 2020

Feb 10, 2020

Looking for more? Browse all our products here