Weak Oversight, Poor Coordination Plague DHS Operations

With its $60 billion budget, some 250,000 employees and 250,000 contractors, the Homeland Security Department needs to operate more like a unified organization with a complex mission than a collection of fiefdoms, a watchdog found.

John Roth, the DHS inspector general, highlighted nine areas of concern in his annual report on management challenges to the secretary: acquisition; financial management , information management and privacy; transportation security; border security and immigration enforcement; grants management; employee accountability and integrity; and infrastructure protection, cybersecurity and insider threats. In other words, much of the department’s portfolio suffers from major management problems.

“Some of the most persistent challenges arise from the effort to combine and coordinate diverse legacy agencies into a single, cohesive organization capable of fulfilling a broad, vital, and complex mission. DHS must continually seek to integrate management operations under an authoritative governing structure capable of effectively overseeing and managing programs that cross component lines,” Roth wrote.

For example, DHS components, in unspooling their $18 billion acquisition budget (the government’s third largest), “did not always follow departmental acquisition guidance, which led to acquisition cost overruns, missed schedules, and lackluster acquisition performance,” Roth wrote. “Even though DHS has initiated efforts to improve its acquisition processes, DHS leadership continues to authorize and invest in major acquisition programs that lack the foundational documents and management controls necessary to manage risks and measure performance."

Computer security was another area of concern. To better guard against internal sabotage or unauthorized disclosures, DHS’ Domestic Nuclear Detection Office—after the chief information officer has clarified policy—“should strengthen processes and controls for its IT infrastructure by implementing updated insider threat procedures,” the report said. That office “also needs to document the effectiveness of controls or processes to detect and respond to unauthorized data exfiltration from its unclassified IT assets,” including by disabling portable media ports on controlled assets where there is no legitimate business need.

In June, a contractor notified DHS leaders of a database breach that may have exposed the background check records of about 25,000 department employees, the auditors noted.

In the area of grants management, the watchdog praised the Federal Emergency Management Agency for improving the way it tracks disaster funds, which totaled more than $14 billion in fiscal 2014. Ambiguous objectives, passive management, poor oversight and increased grant funding have contributed to problems FEMA has had historically in ensuring grantees spend funds appropriately, but the IG noted that since Hurricane Katrina in 2005, FEMA has significantly improved grant tracking.

The IG also gave credit to Homeland Security for obtaining a clean audit on all financial statements earlier this year, although noted “it required considerable manual effort to overcome deficiencies in internal control and a lack of financial IT systems functionality."

In summarizing its investigations of employee integrity, the IG reported that fiscal 2014 brought in about 29,000 complaints, which prompted more than 1,000 probes. About 200 cases were accepted for prosecution, resulting in 300 convictions and 100 personnel actions, the report said.

Though the report made no formal recommendations, component managers responded in detail to each of the nine areas of concern.