Skip to main content

Inspectors General: DHS OIG's Structure, Policies, and Procedures Are Consistent with Standards, but Areas for Improvement Exist

GAO-14-726 Published: Sep 24, 2014. Publicly Released: Sep 24, 2014.
Jump To:
Skip to Highlights

Highlights

What GAO Found

During fiscal years 2012 and 2013, the Department of Homeland Security's (DHS) Office of Inspector General (OIG) issued 361 audit and inspection reports that collectively cover key components, management challenges identified by the OIG, and relevant high-risk areas identified by GAO. Of the 361 reports, 200 pertained solely to the Federal Emergency Management Agency (FEMA)—the DHS component with the largest budget. Of those FEMA reports, 118 reports involved audits of disaster assistance grants.

The OIG's organizational structure, roles, and responsibilities are generally consistent with the Inspector General (IG) Act of 1978, as amended (IG Act). In 2013, the OIG made changes to its structure to enhance independence and oversight, including establishing an Office of Integrity and Quality Oversight. However, areas for improvement exist for the OIG to better meet its responsibilities.

The OIG has not reached agreement with the Federal Bureau of Investigation (FBI) on coordinating and sharing border corruption information. The IG Act requires OIGs to recommend policies for and to conduct, supervise, or coordinate relationships with other federal agencies regarding cases of fraud or abuse. The Senate Appropriations Committee directed DHS to report jointly with the OIG and other DHS components on plans for working with the FBI.

The OIG lacks adequate controls to protect identities of employees filing complaints because its process for recording complaints involves significant manual procedures, without review, that can be subject to human error. The IG Act requires that OIGs not disclose the identity of an employee filing a complaint without the employee's consent unless such disclosure is unavoidable during the course of an investigation. The OIG is aware of these issues and is developing standard operating procedures.

The OIG does not have a policy for obtaining legal advice from its own counsel or guidelines specifying when it is appropriate to consult with the department's counsel. The former Acting IG requested legal help from a counsel at the department for 4 months, and it was not clear if this request was for appropriate matters. The IG Act requires the IG to obtain legal advice from a counsel reporting directly to the IG or another IG. The OIG Deputy Counsel has asked a working group to draft guidelines on consultations with the department's counsel.

The OIG's policies and procedures are consistent with independence standards. However, OIG senior executives did not always comply with the policy to annually complete certificates of independence. Because the OIG does not centrally maintain the certifications, management's ability to monitor compliance is hindered. For example, no certificate of independence could be found for the former Acting IG. As a result of an impairment to the former Acting IG's independence that was not identified in a timely manner, the OIG had to reissue six reports for fiscal year 2012 to add an explanatory statement about the impairment. External peer reviews of the OIG's audit function, completed in 2009 and 2012, also found that OIG staff, including senior executives, had not documented their independence as required.

Why GAO Did This Study

The DHS OIG plays a critical role in strengthening accountability throughout DHS. The OIG received about $141 million in fiscal year 2013 appropriations to carry out this oversight.

The joint explanatory statement to the Department of Homeland Security Appropriations Act, 2013, directed GAO to review the OIG and its organizational structure for meeting independence standards. This report examines (1) the coverage the OIG's audits and inspections provided of DHS's component agencies, management challenges, and high-risk areas; (2) the extent to which the OIG's organizational structure, roles, and responsibilities were consistent with the IG Act; and (3) the extent to which the design of the OIG's policies and procedures was consistent with applicable independence standards.

To address these objectives, GAO obtained relevant documentation, such as selected reports and OIG policies and procedures, and compared this information to the IG Act and independence standards. GAO also interviewed officials from the OIG, DHS components, and the FBI.

Recommendations

GAO is making three recommendations for improving controls over processing complaints, obtaining legal advice, and monitoring compliance with independence standards. The IG concurred with GAO's recommendations and described actions being taken to address them.

Recommendations for Executive Action

Agency Affected Recommendation Status
DHS Office of Inspector General To improve its intake and complaint processing function, the OIG should design and implement additional controls, which may include additional automated controls and supervisory review, to provide reasonable assurance that employees' identities are not disclosed without their consent when forwarding complaints to DHS components.
Closed – Implemented
As of March 2017, the OIG established an automated control on its public website that automatically grays out all data fields for personal information when a complainant checks a box that states "I wish to remain anonymous." Therefore, personal identification information cannot be entered once a request for anonymity is made on the website. In addition, if a DHS employee does not request anonymity when filing a complaint, the complaint record is highlighted in yellow on the DHS case management system. This highlighting alerts the complaint processor that the complaint cannot be forwarded to a DHS component without obtaining the complainant's permission. Also, the Special Agent in Charge continues to do random checks of complaint processing to ensure that complainants' identities are not inadvertently revealed. With these additional controls in place, the DHS OIG decreases its risk of disclosing employees' identities without their consent.
DHS Office of Inspector General To help avoid any impairment to independence when seeking legal advice, the OIG should develop a policy for obtaining legal advice from counsel reporting either directly to the IG or another IG and work with the IG's counsel to establish guidelines for when it would be appropriate for the OIG to consult with the department's counsel.
Closed – Implemented
The agency concurred with our recommendation. In November 2014, the DHS IG issued a Directive Number 306-112-01 that established policy requiring that the IG receive independent legal advice from either a counsel reporting directly to the IG, or under certain circumstances, from a counsel reporting to another IG. The directive also provides guidelines on when it may be appropriate for the OIG to consult on legal matters with the DHS Office of General Counsel.
DHS Office of Inspector General To help ensure that senior executives are aware of independence requirements so that they are able to identify and mitigate any threats to their independence, the OIG should revise its guidance in the OIG Audit Manual to require signed annual certificates of independence to be collected and maintained centrally in order to monitor compliance.
Closed – Implemented
The agency concurred with our recommendation. In November 2014, the DHS OIG revised its audit manual to include a requirement that senior executives sign annual independence statements that are to be collected and maintained by the OIG's Office of Integrity and Quality Oversight.

Full Report

GAO Contacts

Asif A. Khan
Director
Financial Management and Assurance

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

Employee grievancesHomeland securityInspectionInspectors generalInternal auditsInternal controlsLegal opinionsReporting requirementsStandardsAgency organizational structureComplaints processingExecutive agency oversightInformation sharingPolicies and procedures