Federal Reports

We issued this alert because, during our audit, we identified serious performance issues with U.S. Customs and Border Protection's (CBP) contract with Accenture. Accenture has yet to demonstrate the efficient, innovative, and expertly run hiring process described in its initial Performance Work Statement. In addition, before awarding Accenture the contract, CBP did not ensure the proposed systems and processes, such as applicant tracking, complied with all applicable laws and regulations or could be integrated into its hiring process. CBP also did not establish metrics to assess the contractor’s performance and hold the contractor accountable. Further, CBP allowed Accenture to use EyeDetect technology (retinal scanning tool used to discern deception) at an August 2018 hiring expo without proper approval. Unless CBP uses EyeDetect in its hiring process in the same manner Accenture does, it could potentially constitute a prohibited hiring practice. This could, in turn, subject CBP to increased legal risk and oversight by other federal agencies and Congress into CBP’s hiring practices. As of October 1, 2018 CBP had paid Accenture about $13.6 million for startup costs, security requirements, recruiting, and applicant support. In return, Accenture processed two accepted job offers. We recommended CBP assess Accenture’s performance under this contract. CBP concurred with our four recommendations.

The National Institutes of Health (NIH) is one of several Federal agencies that ship and receive select agents. In 2015, another Federal agency found that one of its facilities had inadvertently shipped live Bacillus anthracis, a select agent which causes the deadly disease anthrax, to 194 laboratories in the United States and other countries. In response to these events, we initiated a review of the policies, procedures, and protocols NIH implemented to ensure the safe shipment of select agents to and from its laboratories.

The OIG investigated allegations that an Interior Business Center (IBC) official reprised against a subordinate employee by suspending the employee’s security clearance after the employee filed an Equal Employment Opportunity (EEO) complaint against the official.We determined that the employee made a protected disclosure, that the official knew about the disclosure before suspending the clearance, and that the official did not provide clear and convincing evidence that the clearance would have been suspended regardless of the disclosure.We also determined that the IBC official consulted with the DOI Office of the Solicitor, IBC Human Resources, and the official’s supervisor before suspending the employee’s clearance. The clearance suspension was reviewed by U.S. Bureau of Reclamation (BOR) personnel, per a Memorandum of Agreement with the IBC, and the BOR recommended reinstatement. The IBC subsequently reinstated the employee’s clearance.

DHS OIG this investigation in response to a complaint made by a Lieutenant Commander in the United States Coast Guard, stationed at the U.S. Coast Guard Academy in New London, Connecticut, alleging that: (1) Complainant received a negative Officer Evaluation Report (OER) after making discrimination and harassment complaints against her superiors; (2) The U.S. Coast Guard failed to respond to the discrimination and harassment experienced by the Complainant; and (3) The U.S. Coast Guard subjected the Complainant to additional harassment and retaliatory actions after filing the complaints. DHS OIG’s investigation substantiated Complainant’s claim that she was retaliated against on the basis of her complaints, in violation of the Military Whistleblower Protection Act, 10 U.S.C. § 1034. Specifically, a preponderance of the evidence established that her complaints were a contributing factor in the numerical marks in her OER for the period ending May 31, 2016. The totality of the evidence demonstrated that the Complainant would have received higher marks absent her complaints. DHS OIG thus recommends that the Secretary order corrective action with regard to the Complainant’s OER.

What We Looked AtThe Office of Management and Budget (OMB) requires Federal agencies to implement Information Security Continuous Monitoring (ISCM), which entails the near real-time detection of cybersecurity risks, threats, and malicious activity. ISCM enables agencies to more effectively address evolving, frequent, and increasingly aggressive cybersecurity attempts to compromise Federal information systems. A large number of systems at the Department of Transportation (DOT) contain sensitive data that require protection; accordingly, we initiated this audit. Our audit objectives were to assess (1) how DOT's ISCM program conforms to OMB and National Institute of Standards and Technology requirements and (2) the status and progress of DOT's implementation of its ISCM program. This review also supports our annual audit mandated by the Federal Information Security Modernization Act.What We FoundDOT's program lacks a procedure for verifying Federal Aviation Administration (FAA) performance data reported to OMB. While DOT has met the requirement to submit quarterly reports, we identified significant errors in one submission. The Department also lacks adequate procedures for providing accurate submissions to OMB. In addition, FAA has not yet completed phase 1 of the Continuous Diagnostics and Mitigation Program, which targets the management of cybersecurity assets and activities. Finally, FAA does not have procedures for reporting on or validating its Cross Agency Priority goal data and cannot be certain those data are accurate.Our RecommendationsDOT concurred with our three recommendations to improve its ISCM program.