The independent public accounting firm KPMG LLP (KPMG) has issued an unmodified (clean) opinion on the Department of Homeland Security’s (DHS) consolidated financial statements. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2022 and 2021.
KPMG issued an adverse opinion on DHS’ internal control over financial reporting as of September 30, 2022. KPMG’s report identified material weaknesses in internal control relating to information technology (IT) controls and information systems; financial reporting; insurance liabilities; and new system obligations. A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. For example, KPMG found “ineffective design, implementation, or operating effectiveness of IT general controls over IT operating systems, databases, and applications supporting financial reporting processes across DHS” in areas including access control and security management.
KPMG also reported “significant deficiencies” in seized and forfeited property, and grants management as well as instances of noncompliance with the Federal Managers’ Financial Integrity Act of 1982 and the Federal Financial Management Improvement Act of 1996. The audit found that DHS – particularly at the Federal Emergency Management Agency – had “ineffective controls over monitoring of grant recipients; and insufficient delegation of authority documentation for controls over the review of disaster grant obligations and deobligations”. KPMG found that DHS did not enforce accountability of personnel responsible for monitoring grant recipients and documenting the delegation of authority for the review of disaster grant obligations and deobligations. In addition, the firm said DHS did not establish control thresholds to determine the appropriate scope of grant monitoring site visits and desk reviews to minimize residual risk. Among the 19 recommendations in KPMG’s report, is a call for DHS to perform a robust risk assessment to assess and minimize the residual risk related to unmonitored grants. DHS concurred with all of the recommendations.