Skip to Highlights
Highlights

What GAO Found

From fiscal years 2014 through 2016, U.S Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement (ICE), and the Transportation Security Administration (TSA) collectively opened and had closed nearly 70,000 employee misconduct cases, as shown in the table below. The most common CBP and ICE cases were for general misconduct, such as failure to follow procedures or rude conduct, while half of TSA's misconduct cases related to time and attendance misconduct. The most common misconduct outcomes for CBP, ICE, and TSA were written reprimand, suspension, and counseling, respectively. More than half of CBP and more than two-thirds of ICE misconduct cases resulted in no action or were not referred for adjudication because they were unsubstantiated or for other reasons, such as the employee under investigation retired or resigned.

Number of Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), and Transportation Security Administration (TSA) Employee Misconduct Cases Opened in Fiscal Years (FY) 2014 through 2016 and Closed at the Time of GAO's Review, and Total Onboard Staff

Component                 FY 2014                             FY 2015                                      FY 2016

 

Total cases

Total onboard staff

Total cases

Total onboard staff

Total cases

Total onboard staff

Total cases, FY14-16

CBP

6,786

59,544

6,831

59,472

6,716

59,221

20,333

ICE

1,285

18,931

1,148

18,939

792

19,276

3,225

TSA

13,451

60,982

14,688

58,977

17,014

60,652

45,153

Total misconduct cases

21,522

 

22,667

 

24,522

 

68, 711

Source: GAO analysis of CBP, ICE, and TSA data. | GAO-18-405

While CBP, ICE, and TSA have established internal controls related to handling misconduct cases, they have not consistently documented or monitored key control activities. Specifically:

  • GAO analyzed random samples of misconduct cases for each component and found inconsistent documentation of control activities related to supervisory and legal review, case file data verification, and investigator recusal. For example, all three component agencies require supervisory review of criminal or serious misconduct investigations to help ensure that investigations are comprehensive and performed correctly, and they require evidence of this supervisory review in their case management systems. However, GAO estimates that less than 50 percent of ICE management inquiries (which are investigations conducted by local managers) had supervisory review documented. Regarding recusal, each component requires investigators to recuse themselves if they are unable to investigate alleged misconduct in an impartial manner. However, none of the components require documentation of recusals in their case management systems.
  • CBP and ICE do not consistently document the findings of misconduct investigations—for example, whether a misconduct allegation was found to be substantiated—in their case management systems.
  • Components' use of oversight mechanisms to monitor internal control is limited. Specifically, CBP and TSA do not use their self-inspection programs to test control activities related to investigating employee misconduct, and ICE does not centrally track the status of corrective actions.
  • TSA cannot easily track the outcome of investigations across its case management systems. Specifically, GAO found 581 TSA misconduct allegations that were recorded in the database used by the investigating office but not found in the databases of TSA's adjudicating offices because the offices assign different case numbers to the same case.

More consistent documentation and monitoring of internal controls at each component—including tracking the status of corrective actions—would provide components with greater assurance that key controls are implemented and that deficiencies are addressed in a timely manner. Further, consistently documenting the findings of misconduct investigations and ensuring the compatibility of associated data systems would allow managers to ensure that cases are adjudicated as appropriate.

CBP, ICE, and TSA assess the performance of their employee misconduct processes primarily using timeliness targets. While components monitor the timeliness of certain stages of misconduct cases, they do not monitor all established timeliness targets, including the duration of all cases beginning to end; or document how staff are to measure targets using case management system data. According to GAO's analysis, from fiscal year 2014 through the time of GAO's review, the average total duration of employee misconduct cases ranged from 19 to 434 days, depending on the component and case type, as shown in the table below. In addition, GAO found that each component met its established timeliness targets for the investigation and adjudication stages to varying degrees. For example, CBP met its target to complete criminal investigations within 1 year in 93 percent of cases, while it met its target to complete non-criminal investigations within 60 days in 40 percent of cases. Improved monitoring of timeliness targets and the total duration of misconduct cases could allow each component to produce reliable data and increase process efficiency.

GAO Analysis of the Average Total Duration of U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement (ICE), and Transportation Security Administration (TSA) Misconduct Cases Opened in Fiscal Years 2014 through 2016 and Closed by the Time of GAO's Review

Average number of days

Case type

      CBP

     ICE

     TSA

Management inquiry (reported to central intake center)

 153

307

n/a

Management inquiry (reported locally only)

85

186

19

Administrative inquiry

280

434

41

Non-criminal investigation

278

389

184

Criminal investigation

318

163

219

All case types

146

331

23 

Legend: “n/a” = not applicable.

Source: GAO analysis of CBP, ICE, and TSA data. | GAO-18-405

Note: CBP and ICE allegations may be reported to a Joint Intake Center. TSA does not have a central intake center. Management inquiries are investigations of allegations by local managers. Administrative inquiries are investigations of allegations conducted by fact finders who are from or trained by each component's central office responsible for investigations.

Why GAO Did This Study

Department of Homeland Security (DHS) component agencies CBP, ICE, and TSA are responsible for securing the nation's borders, enforcing immigration laws, and overseeing the security of transportation systems. Recent studies of these components' employee misconduct investigation and disciplinary processes have highlighted the importance of having appropriate internal controls.

GAO was asked to review CBP, ICE, and TSA employee misconduct investigation and adjudication processes. This report (1) summarizes data on misconduct cases that were opened from fiscal years 2014 through 2016 and closed by the time of GAO's review; (2) examines the extent to which CBP, ICE, and TSA implement internal controls in their employee misconduct and discipline processes; and (3) assesses how CBP, ICE, and TSA monitor the performance of their employee misconduct processes. For each component, GAO reviewed policies, guidance, and timeliness performance reports; analyzed case management information system data; and interviewed officials involved in investigation and adjudication processes.

Reissued with revisions on Sep. 4, 2018.

This report was revised on September 4, 2018, pages 62 - 68, agency comments were added, Appendix II: Comments from the Department of Homeland Security.
Skip to Recommendations

Recommendations

GAO is making 18 recommendations for CBP, ICE, and TSA to strengthen their employee misconduct internal controls and improve monitoring of the timeliness of the employee misconduct process (detailed on the following page). DHS concurred with GAO’s recommendations.

GAO recommends that the Commissioner of CBP, Director of ICE, and Administrator of TSA

  • revise policy or guidance to ensure documentation of required control activities—such as legal and/or supervisory review and data verification—in their case management systems;
  • modify their annual self-inspection programs (CBP and TSA by including evaluation and testing of internal controls related to the employee misconduct process; ICE by tracking the status of related corrective actions to ensure timely implementation);
  • monitor the duration of all cases beginning-to-end by stage and by case type;
  • define and document the case management system data fields to be used for monitoring all established performance targets and provide related guidance to staff; and
  • monitor the timeliness of misconduct cases against established targets using case management system data.

GAO also recommends that the Commissioner of CBP and Director of ICE require documentation of investigative findings in their case management systems (CBP by documenting whether an allegation is substantiated and documenting and disseminating referral procedures for adjudication; ICE by documenting case resolution codes of management inquiries).

GAO also recommends that the Administrator of TSA develop a method for more easily connecting cases between the databases used for employee misconduct cases.

Recommendations for Executive Action

Agency Affected Recommendation Status
United States Customs and Border Protection 1. The Commissioner of CBP should revise policy or guidance to ensure documentation of required control activities in its case management system, such as legal review of adverse actions, and data verification (Recommendation 1).
Closed - Implemented
In February 2020, CBP provided documentation of a data verification checklist used by its Office of Professional Responsibility for the Joint Integrity Case Management System. In December 2020, CBP provided their revised Human Resource Business Engine system user guide and Discipline Review Board standard operating procedure, which outline requirements and provide guidance to staff on documenting legal review and data verification in its case management system. These actions meet the intent of this recommendation.
United States Customs and Border Protection 2. The Commissioner of CBP should require staff to document investigative findings (e.g., whether an allegation is substantiated) in the case management system, and document and disseminate associated referral procedures for adjudication (Recommendation 2).
Closed - Implemented
In May 2020, CBP revised and disseminated internal operating procedures requiring staff to enter investigative findings in the information management system. By documenting and disseminating for staff procedures related to investigative findings, CBP helps ensure that staff refers all substantiated allegations for adjudication.
United States Customs and Border Protection 3. The Commissioner of CBP should ensure the appropriate program offices include evaluating and testing internal controls related to the employee misconduct process in CBP's annual self-inspection program (Recommendation 3).
Closed - Implemented
CBP has developed a worksheet to evaluate and test internal controls related to the employee misconduct process, and the Office of Professional Responsibility has implemented this worksheet as part of the 2019 annual self inspection program. These actions fulfill the intent of this recommendation.
United States Customs and Border Protection 4. The Commissioner of CBP should monitor the duration of all cases beginning-to-end by stage and by case type (Recommendation 4).
Open
In October 2018, CBP told us that it is currently updating one of its case management systems to better monitor cases beginning-to-end by stage and by case type. Once implemented, CBP's Office of Professional Responsibility will develop an internal management report that includes information on caseload and associated timelines. The estimated completion date for this recommendation is September 30, 2019. As of September 2020, we are continuing to follow up with CBP on its actions to implement this recommendation.
United States Customs and Border Protection 5. The Commissioner of CBP should monitor the timeliness of misconduct cases according to established targets for management inquiries, administrative inquiries, and criminal and non-criminal investigations using case management system data (Recommendation 5).
Open
In October 2018, CBP stated that it is currently updating one of its case management systems to better monitor the timeliness of misconduct cases according to established targets. Once updated, CBP's Office of Professional Responsibility will develop an internal management report that includes information on caseload and associated timelines. The estimated completion date for this recommendation is September 30, 2019. As of September 2020, we are continuing to follow up with CBP on its actions to implement this recommendation.
United States Customs and Border Protection 6. The Commissioner of CBP should define and document the case management system data fields to be used for monitoring all established performance targets and provide related guidance to staff (Recommendation 6).
Open
In October 2018, CBP stated that its Office of Professional Responsibility will define the case management system data fields used to measure established performance targets, and it will provide the appropriate guidance to staff. The estimated completion date of this recommendation is September 30, 2019. As of September 2020, we are continuing to follow up with CBP on its actions to implement this recommendation.
United States Immigration and Customs Enforcement 7. The Director of ICE should revise policy or guidance to ensure documentation of required control activities in its case management system, such as supervisory review of management inquiries, legal review of Office of Professional Responsibility-investigated cases, and data verification (Recommendation 7).
Closed - Implemented
In August 2020, ICE provided evidence of guidance disseminated to staff, which outlines procedures for documenting control activities in its case management system. This action fulfills the intent of this recommendation.
United States Immigration and Customs Enforcement 8. The Director of ICE should require staff to document the investigative findings (case resolution codes) of management inquiries in the case management system (Recommendation 8).
Open
In November 2018, ICE provided documentation of related communication provided to staff. However, this documentation did not include revised policy or guidance documents that requires staff to document the investigative findings in the employee misconduct case management system. As of September 2020, we are continuing to follow-up on ICE's actions to implement this recommendation.
United States Immigration and Customs Enforcement 9. The Director of ICE should modify ICE's annual self-inspection program to track the status of related corrective actions to ensure they are implemented in a timely manner (Recommendation 9).
Open
In October 2018, ICE stated that it is revising its policy for its self-Inspection program to track the status of related corrective actions. ICE also stated that it will review three program offices for compliance with these revised policies and procedures during fiscal year 2019. The estimated completion date of this recommendation is June 28, 2019. As of September 2020, we are continuing to follow-up on ICE's actions to implement this recommendation.
United States Immigration and Customs Enforcement 10. The Director of ICE should monitor the duration of all cases beginning-to-end by stage and by case type (Recommendation 10).
Open
In October 2018, ICE stated that beginning in fiscal year 2019, a project team will develop the capability to monitor the duration of all employee misconduct cases beginning-to-end by stage and by case type. The estimated completion date of this recommendation is June 28, 2019. As of September 2020, we are continuing to follow-up on ICE's actions to implement this recommendation.
United States Immigration and Customs Enforcement 11. The Director of ICE should monitor the timeliness of misconduct cases according to established targets for management inquiries and Employee Relations specialist review of proposal and decision of disciplinary outcomes using case management system data (Recommendation 11).
Open
In October 2018, ICE stated that its Office of Professional Responsibility developed guidance regarding established targets for the completion of management inquiries and will distribute the guidance to applicable staff. ICE also stated that it is developing timeliness targets for Employee Relations specialist review of proposals and decisions of disciplinary outcomes and will also distribute this guidance to applicable staff. The estimated completion date for this recommendation is June 28, 2019. As of September 2020, we are continuing to follow-up on ICE's actions to implement this recommendation.
United States Immigration and Customs Enforcement 12. The Director of ICE should define and document the case management system data fields and methodology to be used for monitoring all established performance targets and provide related guidance to staff (Recommendation 12).
Open
In October 2018, ICE stated that it will work to define and document the case management system data fields and methodology to be used for monitoring all established performance targets and will provide related guidance to applicable staff. The estimated completion date for this recommendation is June 28, 2019. As of September 2020, we are continuing to follow-up on ICE's actions to implement this recommendation.
Transportation Security Administration 13. The Administrator of TSA should revise policy or guidance to ensure documentation of required control activities in its case management system, such as supervisory review of investigations and data verification (Recommendation 13).
Closed - Implemented
In March 2020, TSA officials provided evidence that staff are required to upload approved Records of Investigation into their case management system. TSA also provided evidence that the agency has developed guidance, which includes the use of checklists that verify data pertaining to records in both the systems' Investigation and Employee Relations databases.
Transportation Security Administration 14. The Administrator of TSA should develop a method for more easily connecting cases between the Office of Inspection database and Employee Relations database (Recommendation 14).
Closed - Implemented
In May 2019, TSA created a data field in its Employee Relations database that displays related cases tracked in its Investigations (formerly Office of Inspection) database. This update to TSA's employee misconduct case management system allows TSA to monitor the status of investigations through adjudication.
Transportation Security Administration 15. The Administrator of TSA should modify TSA's annual inspection process to include evaluating and testing internal controls related to the investigation of employee misconduct (Recommendation 15).
Closed - Implemented
Effective fiscal year 2020, TSA revised the scope of its annual inspection process to include evaluating and testing internal controls related to the investigation of employee misconduct and the reliability of data in its case management system.
Transportation Security Administration 16. The Administrator of TSA should monitor the duration of all cases beginning-to-end by stage and case type (Recommendation 16).
Open
In September 2020, TSA provided documentation of internal reports that measure duration. However, the reports do not provide management information on the duration of all case types from beginning-to-end and, by stage. TSA needs to provide evidence that it monitors the duration of all cases, including a description of which process stages are measured and which data fields are used to measure the total duration from beginning-to-end and by stage. In March of 2021, TSA stated that it is in the process of building new databases for managing its disciplinary systems, which will include the addition of supplemental date fields that will allow it to monitor the duration of all cases as recommended. The estimated completion date for the system changes is September 2021.
Transportation Security Administration 17. The Administrator of TSA should monitor the timeliness of misconduct cases according to established targets for management inquiries (fact finding) and administrative inquiries, and the proposal and decision stages, using case information system data (Recommendation 17).
Open
In September 2020, TSA provided evidence of reports it uses to measure duration. However, these reports do not show how TSA performs with regards to established targets. TSA needs to provide evidence of how it monitors the timeliness of all established targets , including which specific data fields are used to measure these targets. In March of 2021, TSA stated that it is in the process of building new databases for managing its disciplinary systems, which will include the addition of supplemental date fields that will allow it to monitor the duration of cases according to established targets as recommended. The estimated completion date for the system changes is September 2021.
Transportation Security Administration 18. The Administrator of TSA should define and document the case management system data fields and methodology to be used for monitoring all established performance targets and provide related guidance to staff (Recommendation 18).
Open
In May 2019, TSA provided guidance to its staff related to monitoring performance targets. However, these documents do not specify which system data should be used as part of the methodology for monitoring all established performance targets. TSA needs to provide documentation of guidance to staff that defines and documents all the specific case management system data field names (in the various databases, as applicable) and methodology staff should use to monitor all established timeliness targets. In March of 2021, TSA stated that it is continuing to update its management directives to to fulfill the intent of the recommendation. The estimated completion date is September 2021.

Full Report

GAO Contacts