Open Recommendations

We recommend that DHS develop continuous monitoring and testing of IT general controls to identify weaknesses, assess the resulting risks created by any identified IT deficiencies, and respond to those risks through implementing compensating controls.

Communications within Components, between headquarters and Components, and between financial and IT management, should be improved to ensure coordination between headquarters and Components with resource constraints to respond to financial accounting and reporting risks and control deficiencies.

Communications within Components, between headquarters and Components, and between financial and IT management, should be improved to ensure the structure, process, and communication between key stakeholders is sufficient to ensure there is a complete understanding of the end-to-end flow of transactions for key business processes that impact financial reporting.

Communications within Components, between headquarters and Components, and between financial and IT management, should be improved to ensure individuals within the financial reporting, accounting and budget departments identify and use quality information for financial reporting.

Communications within Components, between headquarters and Components, and between financial and IT management, should be improved to ensure roles and responsibilities of program and field personnel that provide key financial information are communicated, and that those personnel understand and comply with policies.

Communications within Components, between headquarters and Components, and between financial and IT management, should be improved to ensure individuals with key internal control responsibilities have a sufficient understanding of the implication of IT vulnerabilities and limitations,and manual compensating internal controls are designed and implemented to mitigate risk.

Communications within Components, between headquarters and Components, and between financial and IT management, should be improved to ensure monitoring across larger Components with decentralized operations to ensure responsibilities have been properly assigned and clearly communicated, and that internal control over financial reporting and compliance with direct and material laws and regulations have been properly designed and implemented and are operating effectively across the organization.

We recommend that DHS design continuous monitoring controls to ensure personnel with internal control oversight responsibilities adequately examine transactions with a higher risk of error.

We recommend that DHS seek opportunities to implement more reliable controls earlier in the process to prevent errors at the transaction source.

We recommend that DHS enhance internal testing of both financial and IT controls to identify and remediate deficiencies as they may arise in order to sustain auditable financial statements in the future.

We recommend that Coast Guard enhance controls over the management review of the CIP rollforward to ensure validity of activity within defined thresholds and accurate recording in the general ledger.

We recommend that DHS appropriately align knowledgeable resources to evaluate the roles of service organizations, assess controls at those service organizations, and identify and assess complimentary controls within the Components relying on those service organizations.

We recommend that Coast Guard further develop the design of controls over the review of CIP activity cost decisions to ensure a sufficient number of review is completed.

We recommend that Coast Guard refine the design of controls over the physical count of real property assets to ensure the completeness and existence of all real property assets.

We recommend that Coast Guard reinforce controls over the timely recording of asset addition and retirement activity.

Related to the Entry Process: We recommend that CBP update and redistribute guidance to necessary personnel regarding the appropriate CBP directives to ensure consistent performance of controls across all locations and provide training to all personnel on new policies to ensure consistent implementation at decentralized locations.

Related to the Entry Process: We recommend that CBP develop policies and procedures to ensure that each STB is reviewed for sufficiency until automation occurs.

We recommend that Coast Guard improve and reinforce existing policies, procedures, and related internal controls to ensure that: a) management adequately researches, supports, and reviews all journal entries and adjusting entries prior to recording in the general ledger; b) management records approved on top adjustment entries in the correct underlying general ledger systems in order to generate accurate beginning balances; c) personnel record transactions to the accurate trading partner upon initiation; reconcile all intragovernmental balances with trading partners; and resolve differences in a timely manner; and d) management enhances documentation of their actuarial liability estimate reviews and refines their review…

Related to the Entry Process: We recommend that CBP fully implement the automated controls over continuous transaction bond processing.

Related to the Entry Process: We recommend that CBP enhance policies and procedures over the review of FP&F and liability for deposit account balances to ensure balances are properly stated at year-end.

Related to Refunds and Drawbacks: We recommend that CBP continue with the scheduled implementation of the new drawback system.

Related to Refunds and Drawbacks: We recommend that CBP implement requirements of TFTEA, which will take effect beginning in February 2018.

We recommend that USSS establish new, or improve existing, policies, procedures, and related internal controls over the valuation of its pension liability to ensure: a) personnel adequately understand the pension estimate; b) management maintains oversight of assumptions used in significant estimates and routinely evaluates continued appropriateness of those assumptions; c) management completes the annual pension checklist; and d) management reviews the underlying census data at least annually.

We recommend that the Department conduct complete risk assessments to identify significant risk areas and continuously monitor and test the financial and IT controls within those areas.

We recommend that FEMA implement the recommendations in Comment II-F, Grants Management.