Department of Homeland Security: Components Could Improve Monitoring of the Employee Misconduct Process [Reissued with revisions on Sep. 4, 2018.]
Highlights
What GAO Found
From fiscal years 2014 through 2016, U.S Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement (ICE), and the Transportation Security Administration (TSA) collectively opened and had closed nearly 70,000 employee misconduct cases, as shown in the table below. The most common CBP and ICE cases were for general misconduct, such as failure to follow procedures or rude conduct, while half of TSA's misconduct cases related to time and attendance misconduct. The most common misconduct outcomes for CBP, ICE, and TSA were written reprimand, suspension, and counseling, respectively. More than half of CBP and more than two-thirds of ICE misconduct cases resulted in no action or were not referred for adjudication because they were unsubstantiated or for other reasons, such as the employee under investigation retired or resigned.
Number of Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), and Transportation Security Administration (TSA) Employee Misconduct Cases Opened in Fiscal Years (FY) 2014 through 2016 and Closed at the Time of GAO's Review, and Total Onboard Staff
|
Component FY 2014 FY 2015 FY 2016 |
|||||||
|
|
Total cases |
Total onboard staff |
Total cases |
Total onboard staff |
Total cases |
Total onboard staff |
Total cases, FY14-16 |
|
CBP |
6,786 |
59,544 |
6,831 |
59,472 |
6,716 |
59,221 |
20,333 |
|
ICE |
1,285 |
18,931 |
1,148 |
18,939 |
792 |
19,276 |
3,225 |
|
TSA |
13,451 |
60,982 |
14,688 |
58,977 |
17,014 |
60,652 |
45,153 |
|
Total misconduct cases |
21,522 |
|
22,667 |
|
24,522 |
|
68, 711 |
Source: GAO analysis of CBP, ICE, and TSA data. | GAO-18-405
While CBP, ICE, and TSA have established internal controls related to handling misconduct cases, they have not consistently documented or monitored key control activities. Specifically:
- GAO analyzed random samples of misconduct cases for each component and found inconsistent documentation of control activities related to supervisory and legal review, case file data verification, and investigator recusal. For example, all three component agencies require supervisory review of criminal or serious misconduct investigations to help ensure that investigations are comprehensive and performed correctly, and they require evidence of this supervisory review in their case management systems. However, GAO estimates that less than 50 percent of ICE management inquiries (which are investigations conducted by local managers) had supervisory review documented. Regarding recusal, each component requires investigators to recuse themselves if they are unable to investigate alleged misconduct in an impartial manner. However, none of the components require documentation of recusals in their case management systems.
- CBP and ICE do not consistently document the findings of misconduct investigations—for example, whether a misconduct allegation was found to be substantiated—in their case management systems.
- Components' use of oversight mechanisms to monitor internal control is limited. Specifically, CBP and TSA do not use their self-inspection programs to test control activities related to investigating employee misconduct, and ICE does not centrally track the status of corrective actions.
- TSA cannot easily track the outcome of investigations across its case management systems. Specifically, GAO found 581 TSA misconduct allegations that were recorded in the database used by the investigating office but not found in the databases of TSA's adjudicating offices because the offices assign different case numbers to the same case.
More consistent documentation and monitoring of internal controls at each component—including tracking the status of corrective actions—would provide components with greater assurance that key controls are implemented and that deficiencies are addressed in a timely manner. Further, consistently documenting the findings of misconduct investigations and ensuring the compatibility of associated data systems would allow managers to ensure that cases are adjudicated as appropriate.
CBP, ICE, and TSA assess the performance of their employee misconduct processes primarily using timeliness targets. While components monitor the timeliness of certain stages of misconduct cases, they do not monitor all established timeliness targets, including the duration of all cases beginning to end; or document how staff are to measure targets using case management system data. According to GAO's analysis, from fiscal year 2014 through the time of GAO's review, the average total duration of employee misconduct cases ranged from 19 to 434 days, depending on the component and case type, as shown in the table below. In addition, GAO found that each component met its established timeliness targets for the investigation and adjudication stages to varying degrees. For example, CBP met its target to complete criminal investigations within 1 year in 93 percent of cases, while it met its target to complete non-criminal investigations within 60 days in 40 percent of cases. Improved monitoring of timeliness targets and the total duration of misconduct cases could allow each component to produce reliable data and increase process efficiency.
GAO Analysis of the Average Total Duration of U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement (ICE), and Transportation Security Administration (TSA) Misconduct Cases Opened in Fiscal Years 2014 through 2016 and Closed by the Time of GAO's Review
|
Average number of days |
|||
|
Case type |
CBP |
ICE |
TSA |
|
Management inquiry (reported to central intake center) |
153 |
307 |
n/a |
|
Management inquiry (reported locally only) |
85 |
186 |
19 |
|
Administrative inquiry |
280 |
434 |
41 |
|
Non-criminal investigation |
278 |
389 |
184 |
|
Criminal investigation |
318 |
163 |
219 |
|
All case types |
146 |
331 |
23 |
Legend: “n/a” = not applicable.
Source: GAO analysis of CBP, ICE, and TSA data. | GAO-18-405
Note: CBP and ICE allegations may be reported to a Joint Intake Center. TSA does not have a central intake center. Management inquiries are investigations of allegations by local managers. Administrative inquiries are investigations of allegations conducted by fact finders who are from or trained by each component's central office responsible for investigations.
Why GAO Did This Study
Department of Homeland Security (DHS) component agencies CBP, ICE, and TSA are responsible for securing the nation's borders, enforcing immigration laws, and overseeing the security of transportation systems. Recent studies of these components' employee misconduct investigation and disciplinary processes have highlighted the importance of having appropriate internal controls.
GAO was asked to review CBP, ICE, and TSA employee misconduct investigation and adjudication processes. This report (1) summarizes data on misconduct cases that were opened from fiscal years 2014 through 2016 and closed by the time of GAO's review; (2) examines the extent to which CBP, ICE, and TSA implement internal controls in their employee misconduct and discipline processes; and (3) assesses how CBP, ICE, and TSA monitor the performance of their employee misconduct processes. For each component, GAO reviewed policies, guidance, and timeliness performance reports; analyzed case management information system data; and interviewed officials involved in investigation and adjudication processes.
Reissued with revisions on Sep. 4, 2018.
This report was revised on September 4, 2018, pages 62 - 68, agency comments were added, Appendix II: Comments from the Department of Homeland Security.Recommendations
GAO is making 18 recommendations for CBP, ICE, and TSA to strengthen their employee misconduct internal controls and improve monitoring of the timeliness of the employee misconduct process (detailed on the following page). DHS concurred with GAO’s recommendations.
GAO recommends that the Commissioner of CBP, Director of ICE, and Administrator of TSA
- revise policy or guidance to ensure documentation of required control activities—such as legal and/or supervisory review and data verification—in their case management systems;
- modify their annual self-inspection programs (CBP and TSA by including evaluation and testing of internal controls related to the employee misconduct process; ICE by tracking the status of related corrective actions to ensure timely implementation);
- monitor the duration of all cases beginning-to-end by stage and by case type;
- define and document the case management system data fields to be used for monitoring all established performance targets and provide related guidance to staff; and
- monitor the timeliness of misconduct cases against established targets using case management system data.
GAO also recommends that the Commissioner of CBP and Director of ICE require documentation of investigative findings in their case management systems (CBP by documenting whether an allegation is substantiated and documenting and disseminating referral procedures for adjudication; ICE by documenting case resolution codes of management inquiries).
GAO also recommends that the Administrator of TSA develop a method for more easily connecting cases between the databases used for employee misconduct cases.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| United States Customs and Border Protection | The Commissioner of CBP should revise policy or guidance to ensure documentation of required control activities in its case management system, such as legal review of adverse actions, and data verification (Recommendation 1). |
In February 2020, CBP provided documentation of a data verification checklist used by its Office of Professional Responsibility for the Joint Integrity Case Management System. In December 2020, CBP provided their revised Human Resource Business Engine system user guide and Discipline Review Board standard operating procedure, which outline requirements and provide guidance to staff on documenting legal review and data verification in its case management system. These actions meet the intent of this recommendation.
|
| United States Customs and Border Protection | The Commissioner of CBP should require staff to document investigative findings (e.g., whether an allegation is substantiated) in the case management system, and document and disseminate associated referral procedures for adjudication (Recommendation 2). |
In May 2020, CBP revised and disseminated internal operating procedures requiring staff to enter investigative findings in the information management system. By documenting and disseminating for staff procedures related to investigative findings, CBP helps ensure that staff refers all substantiated allegations for adjudication.
|
| United States Customs and Border Protection | The Commissioner of CBP should ensure the appropriate program offices include evaluating and testing internal controls related to the employee misconduct process in CBP's annual self-inspection program (Recommendation 3). |
CBP has developed a worksheet to evaluate and test internal controls related to the employee misconduct process, and the Office of Professional Responsibility has implemented this worksheet as part of the 2019 annual self inspection program. These actions fulfill the intent of this recommendation.
|
| United States Customs and Border Protection | The Commissioner of CBP should monitor the duration of all cases beginning-to-end by stage and by case type (Recommendation 4). |
In October 2018, CBP told us that it is currently updating one of its case management systems to better monitor cases beginning-to-end by stage and by case type. As of August of 2022, CBP has developed an internal management report that monitors the total duration of all misconduct cases beginning-to-end. However, this report does not include duration by all stages and by case type. In December of 2023, CBP told us that it had awarded a contract to transition to a new case management system. As of August 2024, we are continuing to follow up with CBP on its actions to implement this recommendation, including its planned transition in January 2025 to a new case management system.
|
| United States Customs and Border Protection | The Commissioner of CBP should monitor the timeliness of misconduct cases according to established targets for management inquiries, administrative inquiries, and criminal and non-criminal investigations using case management system data (Recommendation 5). |
In October 2018, CBP stated that it is currently updating one of its case management systems to better monitor the timeliness of misconduct cases according to established targets. As of September 2021, CBP's Office of Professional Responsibility developed an internal management report that includes information on timelines for certain case types. In September 2022, CBP stated that is planning to transition to a new case management system, which will help it monitor the timeliness of cases according to established targets. In December of 2023, CBP told us that it had awarded a contract to transition to a new case management system. As of August 2024, we are continuing to follow-up with CBP on its actions to implement this recommendation, including its planned transition in January 2025 to a new case management system.
|
| United States Customs and Border Protection | The Commissioner of CBP should define and document the case management system data fields to be used for monitoring all established performance targets and provide related guidance to staff (Recommendation 6). |
In October 2018, CBP stated that its Office of Professional Responsibility will define the case management system data fields used to measure established performance targets, and it will provide the appropriate guidance to staff. As of September 2021, CBP's Office of Professional Responsibility developed an internal management report that monitors certain performance targets. As of August 2022, CBP defined and documented the case management system data fields it uses to monitor certain performance targets. However, CBP has not defined and documented case management system data fields for all its establish performance targets. In January 2023, CBP stated that it is developing a new case management system. To close this recommendation, CBP needs to define and document the data fields in the new case management system to be used for monitoring all established performance targets and provide related guidance to staff. As of August 2024, we are continuing to monitor the status of this recommendation, including CBP's planned transition in January 2025 to a new case management system.
|
| United States Immigration and Customs Enforcement | The Director of ICE should revise policy or guidance to ensure documentation of required control activities in its case management system, such as supervisory review of management inquiries, legal review of Office of Professional Responsibility-investigated cases, and data verification (Recommendation 7). |
In August 2020, ICE provided evidence of guidance disseminated to staff, which outlines procedures for documenting control activities in its case management system. This action fulfills the intent of this recommendation.
|
| United States Immigration and Customs Enforcement | The Director of ICE should require staff to document the investigative findings (case resolution codes) of management inquiries in the case management system (Recommendation 8). |
In November of 2018, ICE distributed guidance and a directive to staff for entering case resolution codes in its case management system. ICE also implemented a verification checklist that states that the case resolution code must be selected and saved prior to closing an investigation in the case management system. These actions fulfill the intent of this recommendation.
|
| United States Immigration and Customs Enforcement | The Director of ICE should modify ICE's annual self-inspection program to track the status of related corrective actions to ensure they are implemented in a timely manner (Recommendation 9). |
In October 2018, ICE stated that it is revising its policy for its self-Inspection program to track the status of related corrective actions. In July of 2021, ICE revised its self-inspection program policy, which now requires that a senior-level official within each of its directorates or offices ensures that corrective actions for all identified deficiencies are completed and to notify ICE's Office of Professional Responsibility (OPR) upon completion. Also, according to the revised policy, OPR is responsible for tracking the status of these corrective actions. These actions fulfill the intent of this recommendation.
|
| United States Immigration and Customs Enforcement | The Director of ICE should monitor the duration of all cases beginning-to-end by stage and by case type (Recommendation 10). |
In October 2018, ICE stated that beginning in fiscal year 2019, a project team will develop the capability to monitor the duration of all employee misconduct cases beginning-to-end by stage and by case type. The estimated completion date of this recommendation was June 28, 2019. In August 2020 and June 2022, the ICE Office of Human Capital provided examples of a quarterly "Aging Cases" report. While this report may help improve the timeliness of a certain stage of the process, this report does not monitor the duration of all cases beginning-to-end by stage and by case type. To close this recommendation, GAO needs evidence that ICE monitors all cases beginning-to-end by stage and by case type. As of February 2024, we are continuing to follow-up on ICE's actions to implement this recommendation.
|
| United States Immigration and Customs Enforcement | The Director of ICE should monitor the timeliness of misconduct cases according to established targets for management inquiries and Employee Relations specialist review of proposal and decision of disciplinary outcomes using case management system data (Recommendation 11). |
In April 2022, ICE provided a report that tracks the age of all closed and open management inquiry cases, including the number and percentage of management inquiries that have been completed within the 90-day target by fiscal year. In addition, ICE provided guidance to staff reminding them that management inquiry cases should be completed within 90 days of being assigned to a program office. ICE officials confirmed they will use this report to monitor the timeliness of management inquiries on an ongoing basis. In June 2022, ICE officials stated that ICE Employee Relations is using a report to monitor on a quarterly basis the number of cases that have been assigned to the Employee Relations office for more than 1 year. We believe that ICE's actions address the intent of our recommendation and will help ICE ensure that it completes management inquiries and the adjudication of misconduct cases in a timely manner. We consider this recommendation closed as implemented.
|
| United States Immigration and Customs Enforcement | The Director of ICE should define and document the case management system data fields and methodology to be used for monitoring all established performance targets and provide related guidance to staff (Recommendation 12). |
In October 2018, ICE stated that it will work to define and document the case management system data fields and methodology to be used for monitoring all established performance targets and will provide related guidance to applicable staff. The estimated completion date for this recommendation was June 28, 2019. In June 2022, ICE stated that they plan to provide documentation, but as of February 2024, ICE has not provided documentation related to this recommendation. To close this recommendation, ICE should provide evidence that it has defined and documented the case management system data fields and methodology to be used for monitoring all established performance targets and has provided related guidance to staff. As of February 2024, we are continuing to follow-up on ICE's actions to implement this recommendation.
|
| Transportation Security Administration | The Administrator of TSA should revise policy or guidance to ensure documentation of required control activities in its case management system, such as supervisory review of investigations and data verification (Recommendation 13). |
In March 2020, TSA officials provided evidence that staff are required to upload approved Records of Investigation into their case management system. TSA also provided evidence that the agency has developed guidance, which includes the use of checklists that verify data pertaining to records in both the systems' Investigation and Employee Relations databases.
|
| Transportation Security Administration | The Administrator of TSA should develop a method for more easily connecting cases between the Office of Inspection database and Employee Relations database (Recommendation 14). |
In May 2019, TSA created a data field in its Employee Relations database that displays related cases tracked in its Investigations (formerly Office of Inspection) database. This update to TSA's employee misconduct case management system allows TSA to monitor the status of investigations through adjudication.
|
| Transportation Security Administration | The Administrator of TSA should modify TSA's annual inspection process to include evaluating and testing internal controls related to the investigation of employee misconduct (Recommendation 15). |
Effective fiscal year 2020, TSA revised the scope of its annual inspection process to include evaluating and testing internal controls related to the investigation of employee misconduct and the reliability of data in its case management system.
|
| Transportation Security Administration | The Administrator of TSA should monitor the duration of all cases beginning-to-end by stage and case type (Recommendation 16). |
TSA created a new employee misconduct case management system that was initially implemented in 2021 and refined in the years that followed. In February 2024, TSA provided a sample report from its new misconduct case management system that tracks the duration of case types (e.g., management inquiries) from beginning-to-end by stage, such as the review and approval of proposed and final disciplinary action. This system allows TSA to monitor the duration of cases by case type. This meets the intent of the recommendation.
|
| Transportation Security Administration | The Administrator of TSA should monitor the timeliness of misconduct cases according to established targets for management inquiries (fact finding) and administrative inquiries, and the proposal and decision stages, using case information system data (Recommendation 17). |
In February 2024, TSA provided sample reports from its new misconduct case management system that tracks the duration of employee misconduct case processes against established timeliness targets. The reports allow TSA officials to monitor performance targets including the duration of management and administrative inquiries from beginning to end, and when applicable the duration of the review process for proposed and final disciplinary action. This meets the intent of the recommendation.
|
| Transportation Security Administration | The Administrator of TSA should define and document the case management system data fields and methodology to be used for monitoring all established performance targets and provide related guidance to staff (Recommendation 18). |
In February 2024, TSA provided a sample report from its new misconduct case management system that tracks established performance targets. TSA staff responsible for monitoring performance targets have the ability to generate reports as needed, and the new system's user guide is available to staff through a document management program on TSA's internal network. This meets the intent of the recommendation.
|