Federal Reports

Amtrak (the company) contracted with the independent certified public accounting firm of Ernst & Young LLP to audit its consolidated financial statements as of September 30, 2020, and for the year then ended, and to provide a report on internal control over financial reporting and on compliance and other matters. Because the company receives federal assistance, it must obtain an audit performed in accordance with generally accepted government auditing standards. As required by the Inspector General Act of 1978, we monitored the audit activities of Ernst & Young to help ensure audit quality and compliance with auditing standards. Our monitoring focused on two Ernst & Young reports and disclosed no instances in which Ernst & Young did not comply, in all material respects, with generally accepted government auditing standards.

While U.S. Customs and Border Protection’s (CBP) actions to implement prior OIG outage-related recommendations could not have prevented the onset of the nation-wide outage on August 16, 2019, the steps taken did help minimize the length and severity of disruptions to passenger screening. By addressing OIG recommendations, CBP established a more effective control structure for monitoring passenger screening systems, thus enabling prompt action to identify and resolve the outage. However, CBP’s configuration management policies and procedures were not sufficient to prevent the 2019 outage. Specifically, CBP’s critical passenger applications were operating on an Oracle database device that was not properly configured, and, did not have up-to-date patches. The outage resulted in longer wait times and delays up to 2.5 hours for arriving passengers, as well as the need for CBP to revert to less effective backup systems to support passenger screening procedures. CBP personnel faced additional challenges during the outage, as they were unable to quickly access “offline” systems and were not fully prepared for backup procedures. This was due to inadequate training and ineffective communication from CBP Headquarters during the outage. CBP should address these deficiencies, which may increase the risk of entry of unauthorized aliens who could threaten our Nation’s security. We made five recommendations to improve training, procedures, processes, and employee awareness. CBP concurred with all five of our recommendations.

DHS OIG issued a series of three reports between August 2014 and October 2016 examining DHS’ pandemic activities, including 28 recommendations to improve the efficiency and effectiveness of DHS planning and response activities. We conducted this verification review to determine the adequacy and effectiveness of DHS’ corrective actions. We focused our review on 11 of 28 key recommendations that dealt with DHS-wide pandemic planning and response activities. We determined that DHS provided the OIG with adequate documentation of its initial plans and actions to address the recommendations to improve the Department’s pandemic planning and response. However, DHS did not effectively implement corrective actions to address three recommendations to provide the operational efficiencies and controls needed in the current pandemic. Specifically, DHS did not ensure the office it designated to manage and account for pandemic personal protective equipment provided adequate management oversight; did not ensure components’ compliance with the Integrated Logistics Support Plan; and did not designate an office to ensure continued oversight, review, and approval of the Department’s and components’ pandemic plans. We made three new recommendations to improve oversight of pandemic planning and personal protective equipment. DHS agreed with all three recommendations.