What GAO Found
During fiscal years 2012 and 2013, the Department of Homeland Security's (DHS) Office of Inspector General (OIG) issued 361 audit and inspection reports that collectively cover key components, management challenges identified by the OIG, and relevant high-risk areas identified by GAO. Of the 361 reports, 200 pertained solely to the Federal Emergency Management Agency (FEMA)—the DHS component with the largest budget. Of those FEMA reports, 118 reports involved audits of disaster assistance grants.
The OIG's organizational structure, roles, and responsibilities are generally consistent with the Inspector General (IG) Act of 1978, as amended (IG Act). In 2013, the OIG made changes to its structure to enhance independence and oversight, including establishing an Office of Integrity and Quality Oversight. However, areas for improvement exist for the OIG to better meet its responsibilities.
The OIG has not reached agreement with the Federal Bureau of Investigation (FBI) on coordinating and sharing border corruption information. The IG Act requires OIGs to recommend policies for and to conduct, supervise, or coordinate relationships with other federal agencies regarding cases of fraud or abuse. The Senate Appropriations Committee directed DHS to report jointly with the OIG and other DHS components on plans for working with the FBI.
The OIG lacks adequate controls to protect identities of employees filing complaints because its process for recording complaints involves significant manual procedures, without review, that can be subject to human error. The IG Act requires that OIGs not disclose the identity of an employee filing a complaint without the employee's consent unless such disclosure is unavoidable during the course of an investigation. The OIG is aware of these issues and is developing standard operating procedures.
The OIG does not have a policy for obtaining legal advice from its own counsel or guidelines specifying when it is appropriate to consult with the department's counsel. The former Acting IG requested legal help from a counsel at the department for 4 months, and it was not clear if this request was for appropriate matters. The IG Act requires the IG to obtain legal advice from a counsel reporting directly to the IG or another IG. The OIG Deputy Counsel has asked a working group to draft guidelines on consultations with the department's counsel.
The OIG's policies and procedures are consistent with independence standards. However, OIG senior executives did not always comply with the policy to annually complete certificates of independence. Because the OIG does not centrally maintain the certifications, management's ability to monitor compliance is hindered. For example, no certificate of independence could be found for the former Acting IG. As a result of an impairment to the former Acting IG's independence that was not identified in a timely manner, the OIG had to reissue six reports for fiscal year 2012 to add an explanatory statement about the impairment. External peer reviews of the OIG's audit function, completed in 2009 and 2012, also found that OIG staff, including senior executives, had not documented their independence as required.
Why GAO Did This Study
The DHS OIG plays a critical role in strengthening accountability throughout DHS. The OIG received about $141 million in fiscal year 2013 appropriations to carry out this oversight.
The joint explanatory statement to the Department of Homeland Security Appropriations Act, 2013, directed GAO to review the OIG and its organizational structure for meeting independence standards. This report examines (1) the coverage the OIG's audits and inspections provided of DHS's component agencies, management challenges, and high-risk areas; (2) the extent to which the OIG's organizational structure, roles, and responsibilities were consistent with the IG Act; and (3) the extent to which the design of the OIG's policies and procedures was consistent with applicable independence standards.
To address these objectives, GAO obtained relevant documentation, such as selected reports and OIG policies and procedures, and compared this information to the IG Act and independence standards. GAO also interviewed officials from the OIG, DHS components, and the FBI.
GAO is making three recommendations for improving controls over processing complaints, obtaining legal advice, and monitoring compliance with independence standards. The IG concurred with GAO's recommendations and described actions being taken to address them.
Recommendations for Executive Action
|Office of Inspector General||1. To improve its intake and complaint processing function, the OIG should design and implement additional controls, which may include additional automated controls and supervisory review, to provide reasonable assurance that employees' identities are not disclosed without their consent when forwarding complaints to DHS components.|
|Office of Inspector General||2. To help avoid any impairment to independence when seeking legal advice, the OIG should develop a policy for obtaining legal advice from counsel reporting either directly to the IG or another IG and work with the IG's counsel to establish guidelines for when it would be appropriate for the OIG to consult with the department's counsel.|
|Office of Inspector General||3. To help ensure that senior executives are aware of independence requirements so that they are able to identify and mitigate any threats to their independence, the OIG should revise its guidance in the <em>OIG Audit Manual</em> to require signed annual certificates of independence to be collected and maintained centrally in order to monitor compliance.|