DHS OIG, OIG-11-61, Independent Auditors' Report on U.S. Customs and Border Protection's FY 2010 Financial Statements (2011)

DHS OIG

Section: Independent Auditors' Report on U.S. Customs and Border Protection's FY 2010 Financial Statements

Effective: 3/25/2011

Bluebook Citation: DHS OIG, OIG-11-61, Independent Auditors' Report on U.S. Customs and Border Protection's FY 2010 Financial Statements (2011)

Department of Homeland Security Office of Inspector General Independent Auditors’ Report on U.S. Customs and Border Protection’s FY 2010 Financial Statements OIG-11-61 March 2011 Office ofInspector General U.S. Department of Homeland Security Washington, DC 20528 Homeland Security MAR 25 2011 Preface The Department of Homeland Security (DHS) Office ofInspector General (OIG) was established by the Homeland Security Act of2002 (Public Law 107-296) by amendment to the Inspector General Act of1978. This is one of a series of audit, inspection, and special reports prepared as part of our oversight responsibilities to promote economy, efficiency, and effectiveness within the department. The attached report presents the results of the U.S. Customs and Border Protection's (CBP) financial statement audits for fiscal year (FY) 2010 and FY 2009. We contracted with the independent public accounting firm KPMG LLP (KPMG) to perform the audits.

The contract required that KPMG perform its audits according to generally accepted government auditing standards and guidance from the Office of Management and Budget and the Government Accountability Office. KPMG concluded that CBP's consolidated financial statements as of and for the years ended September 30, 2010 and 2009, are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles. The FY 2010 auditors' report discusses one material weakness, and five other significant deficiencies in internal control. KPMG is responsible for the attached independent auditors' report, and the conclusions expressed in the report.

We do not express opinions on CBP's financial statements or provide conclusions on compliance with laws and regulations. The recommendations herein have been discussed in draft with those responsible for implementation. We trust this report will result in more effective, efficient, and economical operations. We express our appreciation to all of those who contributed to the preparation of this report.

JtiCA%-fCr e L. Ri~~ds Assistant Inspector General for Audits KPMG LLP 2001 M Street, NW Washington, DC 20036-3389 Independent Auditors’ Report Inspector General U.S. Department of Homeland Security: Commissioner U.S. Customs and Border Protection: We have audited the accompanying consolidated balance sheets of the U.S. Customs and Border Protection (CBP), a Component of the U.S. Department of Homeland Security (the Department), as of September 30, 2010 and 2009, and the related consolidated statements of net cost, changes in net position, and custodial activity, and combined statements of budgetary resources (hereinafter referred to as “consolidated financial statements”) for the years then ended. The objective of our audits was to express an opinion on the fair presentation of these consolidated financial statements. In connection with our fiscal year 2010 audit, we also considered CBP’s internal control over financial reporting and tested CBP’s compliance with certain provisions of applicable laws, regulations, and contracts that could have a direct and material effect on these consolidated financial statements. Summary As stated in our opinion on the consolidated financial statements, we concluded that CBP’s consolidated financial statements as of and for the years ended September 30, 2010 and 2009, are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles.

Our consideration of internal control over financial reporting resulted in identifying six significant deficiencies of which one we consider to be a material weakness. The significant deficiencies, as defined in the Internal Control Over Financial Reporting section of this report, are as follows: Material Weakness: A. Drawback of Duties, Taxes, and Fees Significant Deficiencies: B. Financial Reporting C. Property, Plant, and Equipment D. Inactive Obligations E. Entry Process 1. In-Bond Program 2. Trade Compliance Measurement 3.

Bonded Warehouse and Foreign Trade Zones F. Information Technology The results of our tests of compliance with certain provisions of laws, regulations, and contracts disclosed no instances of noncompliance or other matters that are required to be reported herein under Government Auditing Standards and Office of Management and Budget (OMB) Bulletin No. 07-04, Audit Requirements for Federal Financial Statements, as amended. KPMG LLP is a Delaware limited liability partnership, the U.S. member firm of KPMG International Cooperative (“KPMG International”), a Swiss entity. The following sections discuss our opinion on CBP’s consolidated financial statements; our consideration of CBP’s internal control over financial reporting; our tests of CBP’s compliance with certain provisions of applicable laws, regulations, and contracts; and management’s and our responsibilities. Opinion on the Financial Statements We have audited the accompanying consolidated balance sheets of the U.S. Customs and Border Protection (CBP), a component of the U.S. Department of Homeland Security (the Department) as of September 30, 2010 and 2009, and the related consolidated statements of net cost, changes in net position, and custodial activity, and the combined statements of budgetary resources for the years then ended.

In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of CBP as of September 30, 2010 and 2009, and its net costs, changes in net position, budgetary resources, and custodial activity for the years then ended, in conformity with U.S. generally accepted accounting principles. The information in the Management’s Discussion and Analysis and Required Supplementary Information (RSI) sections is not a required part of the consolidated financial statements, but is supplementary information required by U.S. generally accepted accounting principles. We have applied certain limited procedures, which consisted principally of inquiries of management regarding the methods of measurement and presentation of this information. However, we did not audit this information and, accordingly, we express no opinion on it.

As a result of such limited procedures, we believe that the RSI Statement of Budgetary Resources is not in conformity with accounting guidance because the RSI presents the fiscal year 2009 Statement of Budgetary Resources by major fund type instead of by major budget account. The information in the Commissioner’s Message, Message from the Chief Financial Officer, Other Accompanying Information, Office of Inspector General (OIG) Report on Major Management Challenges, and Acronyms, as reflected in the Annual Financial Report Fiscal Year 2010’s accompanying table of contents are presented for purposes of additional analysis and are not required as part of the consolidated financial statements. This information has not been subjected to auditing procedures and, accordingly, we express no opinion on it. Internal Control Over Financial Reporting Our consideration of the internal control over financial reporting was for the limited purpose described in the Responsibilities section of this report and was not designed to identify all deficiencies in internal control over financial reporting that might be significant deficiencies or material weaknesses and therefore, there can be no assurance that all deficiencies, significant deficiencies, or material weaknesses have been identified.

However, in our fiscal year 2010 audit, we identified certain deficiencies in internal control over financial reporting that we consider to be a material weakness and other deficiencies that we consider to be significant deficiencies. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct misstatements on a timely basis. A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis. We consider the deficiencies in Exhibit I to be a material weakness.

A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. We consider the deficiencies described in Exhibit II to be significant deficiencies. 2 Exhibit III presents the status of prior year significant deficiencies and material weaknesses. We noted certain additional matters that we will report to management of CBP in a separate letter.

Compliance and Other Matters The results of our tests of compliance as described in the Responsibilities section of this report disclosed no instances of noncompliance or other matters that are required to be reported herein under Government Auditing Standards or OMB Bulletin No. 07-04. Responsibilities * * * * * * * Management’s Responsibilities. Management is responsible for the consolidated financial statements; establishing and maintaining effective internal control; and complying with laws, regulations, and contracts applicable to CBP. Auditors’ Responsibilities.

Our responsibility is to express an opinion on the fiscal year 2010 and 2009 consolidated financial statements of CBP based on our audits. We conducted our audits in accordance with auditing standards generally accepted in the United States of America; the standards applicable to financial audits contained in Government Auditing Standards, issued by the Comptroller General of the United States; and OMB Bulletin No. 07-04. Those standards and OMB Bulletin No. 07-04 require that we plan and perform the audits to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement. An audit includes consideration of internal control over financial reporting as a basis for designing audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of CBP’s internal control over financial reporting.

Accordingly, we express no such opinion. An audit also includes: • • • Examining, on a test basis, evidence supporting the amounts and disclosures in the consolidated financial statements; Assessing the accounting principles used and significant estimates made by management; and Evaluating the overall consolidated financial statement presentation. We believe that our audits provide a reasonable basis for our opinion. In planning and performing our fiscal year 2010 audit, we considered CBP’s internal control over financial reporting by obtaining an understanding of CBP’s internal control, determining whether internal controls had been placed in operation, assessing control risk, and performing tests of controls as a basis for designing our auditing procedures for the purpose of expressing our opinion on the consolidated financial statements, but not for the purpose of expressing an opinion on the effectiveness of CBP’s internal control over financial reporting.

Accordingly, we do not express an opinion on the effectiveness of CBP’s internal control over financial reporting. We did not test all controls relevant to operating objectives as broadly defined by the Federal Managers’ Financial Integrity Act of 1982. As part of obtaining reasonable assurance about whether CBP’s fiscal year 2010 consolidated financial statements are free of material misstatement, we performed tests of CBP’s compliance with certain provisions of laws, regulations, and contracts, noncompliance with which could have a direct and material effect on the determination of the consolidated financial statement amounts, and certain provisions of other laws and regulations specified in OMB Bulletin No. 07-04. We limited our tests of compliance to the 3 provisions described in the preceding sentence, and we did not test compliance with all laws, regulations, and contracts applicable to CBP.

However, providing an opinion on compliance with laws, regulations, and contracts was not an objective of our audit and, accordingly, we do not express such an opinion. ______________________________ CBP’s response to the findings identified in our audit are presented in Management’s Response to the Independent Auditor’s Report. We did not audit CBP’s response and, accordingly, we express no opinion on it. This report is intended solely for the information and use of CBP’s management, DHS’ management, the DHS’ Office of Inspector General, OMB, the U.S. Government Accountability Office, and the U.S. Congress, and is not intended to be and should not be used by anyone other than these specified parties. January 25, 2011 4 EXHIBIT I Material Weaknesses A. Drawback of Duties, Taxes and Fees Background: CBP performs an important revenue collection function for the U.S. Treasury.

CBP collected approximately $29.5 billion in import duties, taxes and fees in fiscal year 2010 on merchandise arriving in the United States from foreign countries. Drawback is a remittance, in whole or in part, of duties, taxes, or fees previously paid by an importer. Drawback typically occurs when the imported goods, on which duties, taxes, or fees have been previously paid, are subsequently exported from the United States or destroyed prior to entering the commerce of the United States. Depending on the type of drawback claim, the claimant has up to eight years from the date of importation to file for drawback.

Condition: We noted the following weaknesses related to internal controls over drawback of duties, taxes, and fees paid by the importer: • CBP is unable to prevent, or detect and correct excessive drawback claims against an entry summary due to the inherent limitations of the Automated Commercial System (ACS) and the lack of controls therein. An entry summary can be composed of numerous line items. ACS does not have the capability to compare, verify, and track essential information on drawback claims to the related underlying consumption entries (UCEs), their individual line items, or export documentation upon which the drawback claim was based. Currently, the Drawback module within ACS does not provide information at the line item level to ensure drawback claims are not over claimed and thus are not overpaid at the individual line item level.

By law, the amount paid for drawback claims against a given import entry should not exceed 99% of the duties, taxes, and fees collected at the individual line item level. • ACS only provides information to ensure that the total amount of all drawback claims against a given import entry summary does not exceed 100% of the total amount of duties, taxes, and fees collected, at the entry summary level. In addition, export information is not linked to the Drawback module and, therefore, electronic comparisons of export data cannot be performed within ACS to ensure that overpayments of drawback claims are not made. • Drawback review policies did not require drawback specialists to review all or a statistically valid sample of prior drawback claims against a selected import entry to determine whether, in the aggregate, an excessive amount had been claimed against import entries. We also noted that CBP utilizes a “validity tree” approach when selecting prior related drawback claims for review. The validity tree approach requires CBP to review the largest prior related drawback claims; however, the approach is not statistical.

In addition, drawback review policy and procedures allow drawback specialists, with supervisory approval, to judgmentally decrease the number of UCEs randomly selected for review, which decreases the review’s effectiveness. Further, CBP’s sampling methodology for selecting UCEs is not considered to be statistically valid and CBP’s Drawback Operations Guide does not include procedures for statistically projecting errors noted in the sample. I.1 • The statutory period for document retention related to a drawback claim is only three years from the date of payment. However, there are several situations that could extend the life of the drawback claim well beyond three years.

EXHIBIT I

Cause/Effect: Due to system functionality limitations, much of the drawback process is manual, placing an added burden on limited resources. CBP uses a sampling approach to compare, verify, and match consumption entry and export documentation to drawback claims submitted by importers. However, system and procedural limitations decrease the effectiveness of this approach. The inherent risk of fraudulent claims or claims made in error is high, which increases the risk of erroneous payments.

In addition, the length of the drawback claim lifecycle is often indeterminate, while the document retention period is set by statute at only three years. Criteria: Under the Federal Managers Financial Integrity Act of 1982 (FMFIA), management must implement cost- effective controls to safeguard assets and ensure reliable financial reporting. OMB’s Revised Implementation Guidance for the Federal Financial Management Improvement Act states that financial systems should “routinely provide reliable financial information uniformly across the Federal government following professionally-accepted accounting standards” to support management of current operations. The Federal Systems Integration Office (FSIO) publications and OMB Circular No. A-127, Financial Management Systems, outline the requirements for Federal systems.

FSIO’s Core Financial System Requirements states that the core financial system must maintain detailed information by account sufficient to provide audit trails and to support billing and research activities. OMB Circular No. A-127 requires that the design of financial systems should eliminate unnecessary duplication of a transaction entry. Whenever appropriate, data needed by the systems to support financial functions should be entered only once and other parts of the system should be updated through electronic means consistent with the timing requirements of normal business/transaction cycles. Title 19 of the Code of Federal Regulations (CFR), Section 191.51(b)(1) states, “The amount of drawback requested on the drawback entry is generally to be 99 percent of the import duties eligible for drawback.

Claims exceeding 99 percent (or 100% when 100% of the duty is available for drawback) will not be paid until the calculations have been corrected by the claimant.” OMB Circular No. A-123, Management’s Responsibility for Internal Control, states, “Management is responsible for establishing and maintaining internal controls to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations.” Recommendations: We recommend that CBP: 1. Implement effective internal controls over drawback claims as part of any new system initiatives, including the ability to compare, verify, and track essential information on drawback claims to the related underlying consumption entries and export documentation for which the drawback claim is based, and identify duplicate or excessive drawback claims; 2. Develop and implement automated controls to prevent overpayment of a drawback claim; and I.2 3. Pilot statistically valid drawback claim review programs at each Drawback Center.

Analyze the results of the pilots and determine the benefit of full implementation of the programs.

EXHIBIT I CBP

Response: See management’s response included in the attached letter. I.3 EXHIBIT II Other Significant Deficiencies B. Financial Reporting Background: CBP’s investment in accounting and financial reporting infrastructure did not keep pace with its significant growth in prior years, creating an environment where financial statement errors are more likely In Fiscal Year (FY) 2010, CBP management recognized that its operations continue to to occur. experience rapid and large scale growth and took action to bring the resources allocated to its financial management in line with this growth. However, our audit determined that some financial reporting deficiencies continued to exist, which impair CBP’s ability to produce timely, reliable financial information throughout the fiscal year. Condition: We noted that CBP: • Did not timely resolve or have proper oversight of financial management issues, particularly when the information resides with and/or is controlled and maintained by a contractor, to ensure that policies are followed and transactions are recorded accurately and timely in the general ledger.

The lack of oversight contributed to the following conditions: • Operating materials and supplies (OM&S) transactions were not recorded in a timely manner. CBP’s contractors were unable to record transactions in the Computerized Aircraft Reporting and Material Control (CARMAC) system during the fiscal year. Thus, an inventory backlog existed which was not identified until late in the fiscal year. Therefore, OM&S amounts recorded in CBP’s general ledger throughout the fiscal year were incomplete. • Inaccurate reporting of the percentage of completion (POC) of construction projects in the first half of FY 2010.

CBP lacked documented processes for detailed reviews of provided POCs to determine if the POC was accurate. CBP did not detect inaccurate POCs prior to providing guidance to project managers in the third quarter of FY 2010. • Resolution of accounting issues related to SBInet valuation were not finalized until the final weeks of the fiscal year. Ultimately, a $9.4 million write-off was identified, but was not timely recorded. • Did not have sufficient internal controls in place related to journal entries. Specifically, CBP: • Did not have proper segregation of duties in place over certain manual journal entries recorded in its general ledger.

In a sample of 200 manual journal entries, we noted 114 instances in which the same individual was responsible for multiple key aspects of a transaction, including authorizing, processing, recording, and reviewing. • Recorded intra-departmental eliminating journal entries without sufficient supporting documentation. In a sample of 860 operating expense transactions of all types throughout FY 2010, we noted 19 instances of intra-departmental journal entry transactions where CBP identified II.1 EXHIBIT II differences between its account balances and the balances of its trading partners; however, CBP did not obtain support for the trading partner’s balance. CBP only obtained a copy of the trading partner’s trial balance with the corresponding elimination pair. In those cases, CBP did not work with the trading partner to reconcile the differences noted between the two agencies and instead, recorded the unsupported trading partner amount. • Did not have sufficient controls in place to review automated journal entries.

CBP does not perform a review of these entries either at the time the posting logic is established and then periodically to identify necessary updates, or at the time each automated journal entry is recorded. • Used an incorrect population when performing its search for unrecorded accounts payable, which is used to support its accounts payable estimate. This resulted in CBP identifying certain payments as unrecorded accounts payable when these payments had already been recorded; thus, overstating its estimate of accounts payable. In addition, when performing its search, CBP allocated invoices to either the prior or current fiscal year in their entirety, rather than considering whether the period of performance indicated that it should be allocated across fiscal years. Criteria: OMB Circular No. A-123, Management’s Responsibility for Internal Control, defines internal control and provides guidance to Federal managers on improving the accountability and effectiveness of Federal programs and operations by establishing, assessing, correcting, and reporting on internal control.

In particular, it states, “Management is responsible for establishing and maintaining internal control to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations.” The Government Accountability Office (GAO)’s Standards for Internal Control in the Federal Government states, “Operating information is required for development of financial reports. This covers a broad range of data from purchases, subsidies, and other transactions to data on fixed assets, inventories, and receivables… Effective communications should occur in a broad sense with information flowing down, across, and up the organization.” In addition, it states, “Key duties and responsibilities need to be divided or segregated among different people to reduce the risk of error or fraud. This should include separating the responsibilities for authorizing transactions, processing and recording them, reviewing the transactions, and handling any related assets. No one individual should control all key aspects of a transaction or event.” Cause/Effect: CBP does not have an effective process in place to timely review and analyze contractor information that could potentially impact the financial statements.

As a result, CBP is unable to address changes in its operations that could potentially result in errors or omissions in the financial statements, or misapplication of generally accepted accounting principles (GAAP) may go undetected throughout the year. CBP does not have proper segregation of duties or sufficient review over manual journal entries and therefore could record inaccurate or unsubstantiated journal entries in the general ledger. CBP does not have Standard Operating Procedures (SOP) for the creation, implementation, and periodic review of automated posting logic, which may allow the implementation of inaccurate posting logic and may misstate the effected accounts each time the automated posting occurs. II.2 CBP does not have sufficient controls or documented policies and procedures in place to detect errors in its population used to search for unrecorded accounts payable, which led to double counting of $43 million of accounts payable.

CBP’s process did not provide for expenses to be allocated over multiple fiscal years and therefore incorrectly allocated these types of expenses to one fiscal year in their entirety.

EXHIBIT II

Recommendations: We recommend that CBP: 1. Executive senior management emphasize the importance of the financial statements to all program offices to ensure they provide the information necessary to identify and address risks and issues related to CBP’s operations which could possibly lead to misstatements on CBP’s financial statements; 2. Program offices conduct an assessment relating to their financial reporting requirements to ensure they have the proper resources and processes in place to timely and accurately provide the information necessary to accurately report CBP’s financial statements; 3. Conduct an assessment of manual journal entries and enhance internal controls surrounding the process; 4.

Work with DHS components and the DHS Office of Financial Management to obtain detailed information supporting intra-departmental transactions; 5. Formalize and improve its approval process for creating or changing automated journal entry postings in SAP, CBP’s financial reporting system; and 6. Adopt revised standard operating procedures to address additional steps necessary to prevent duplicate entries in the population used to formulate estimated accounts payable and include an allocation of expenses across fiscal years where applicable. C. Property, Plant, and Equipment (PP&E) Background: CBP has acquired substantial new technology, facilities, and other assets in recent years through purchase and construction.

CBP’s increased assets include construction of border fencing (both physical and virtual), purchase of inspection equipment at ports of entry, and new construction at port of entry facilities. Condition: We noted that CBP: • Did not have a fully implemented, documented, formal process in place to obtain accurate Percentage of Completion (POC) amounts from project/construction managers. Specifically, we noted a lack of proper, timely guidance provided to project managers on how to calculate a POC. Once CBP issued guidance in the third quarter of FY 2010, the POC amounts reported varied, including both increases and decreases from those reported earlier in the FY.

In addition, CBP only issued POC criteria II.3 EXHIBIT II guidance for those projects that relate to new construction and thus POC amounts that relate to alterations or renovations of a port remain at the discretion of a project manager. At two renovation sites we visited, the POC amounts reported were not consistent with the project schedules outlined and observed at the time of our site visits and these errors were not detected by CBP’s review process. • Did not have a formal review process to determine if the project managers reported a correct POC amount and did not require project managers to provide documentation supporting the reported POC throughout the year. Additionally, CBP did not obtain sufficient support when recording amounts other than the POC reported by the project managers. For example, in one quarter, CBP obtained the amount its contractor would be recording as a receivable and recorded this amount as a payable and accrued CIP.

However, CBP did not obtain sufficient detail to determine if these amounts were accurate and subsequently determined that the POC amounts reported by project managers were more accurate. • Did not properly and timely record Construction in Progress (CIP) settlement transactions. Specifically, we noted 76 instances in which assets were untimely moved from CIP to fixed assets, resulting in the misclassification of assets in the general ledger. These delays spanned from one to twelve months. As a result of these late settlements, depreciation for the assets was understated from the time the assets were placed in service and when the assets were settled.

To correct depreciation in the general ledger, CBP recorded an additional $35.7 million in accumulated depreciation and depreciation expense. In addition, we noted 40 assets in which CBP understated their value at the time the assets were placed in service. CBP did not recognize the full value of the asset until further invoices were received. We noted that six of these assets were moved from CIP in the current year and 34 were moved in the prior year, but continued to increase in value in the current year. • Did not properly perform and/or document physical annual inventories related to real and personal property and did not detect assets incorrectly recorded, misclassified, or not recorded in the general ledger. • Recorded certain asset additions for an amount other than the amount paid, or using the incorrect general ledger account. • Recorded certain asset retirements for assets still in use, without proper approval, one to thirty-five months after removing the asset from service, or using the incorrect general ledger account.

Criteria: Statements of Federal Financial Accounting Standards (SFFAS) 6, Accounting for Property, Plant, and Equipment states: - “PP&E consists of tangible assets, including land, that meet the following criteria: they have estimated useful lives of 2 years or more; they are not intended for sale in the ordinary course of operations; and they have been acquired or constructed with the intention of being used, or being available for use by the entity; - “PP&E shall be recognized when title passes to the acquiring entity or when the PP&E is delivered to the entity or to an agent of the entity. In the case of constructed PP&E, the PP&E shall be recorded as construction work in process until it is placed in service, at which time the balance shall be transferred to general PP&E.” II.4 EXHIBIT II - “All general PP&E shall be recorded at cost. Cost shall include all costs incurred to bring the PP&E to a form and location suitable for its intended use.” - “In the period of disposal, retirement, or removal from service, general PP&E shall be removed from the asset accounts along with associated accumulated depreciation/amortization. Any difference between the book value of the PP&E and amounts realized shall be recognized as a gain or a loss in the period that the general PP&E is disposed of, retired, or removed from service.

General PP&E shall be removed from the general PP&E accounts along with the associated accumulated depreciation/amortization, if prior to disposal, retirement or removal from service, it no longer provides service in the operations of the entity.” OMB Circular No. A-123, Management’s Responsibility for Internal Control, states that “Management is responsible for developing and maintaining effective internal control. Effective internal control provides assurance that significant weaknesses in the design or operation of internal control, that could adversely affect the agency’s ability to meet its objectives, would be prevented or detected in a timely manner.” Cause/Effect: CBP did not have documented and/or fully implemented policies and procedures and does not have sufficient oversight of its policies and procedures, to ensure that all PP&E transactions are recorded timely and accurately. As a result, CBP’s CIP, PP&E, depreciation expense, and accumulated depreciation may be misstated at any point during the fiscal year by the recording of transactions, which are incorrect, unsupported, or untimely. Recommendations: We recommend that CBP: 1.

Ensure standard procedures are in place and used by all Facilities Management and Engineering (FM&E) Program Management Offices (PMO) to determine POCs for all capitalized projects; 2. Implement formal, documented FM&E PMO level review controls to determine if the POCs reported are accurate and consistent with established accounting criteria prior to their recording in the financial statements; 3. Establish and implement a standardized process that is integrated with its financial system of record in order to facilitate the timely recording of assets placed into service; 4. Implement policies and procedures to monitor project estimated completion dates and notify project managers of pending dates to record completed assets or provide revised completion dates; 5.

Refine and reinforce or implement new guidance for the performance and documentation of PP&E inventories; 6. Emphasize the need to record asset additions and disposals in accordance with established policy; and 7. Consider adding supervision and monitoring controls to ensure that all intended corrective actions are effective and functioning properly. II.5 EXHIBIT II D. Inactive Obligations Background: CBP issued Directive 1220-011C, Reviews of Unliquidated Obligations and Open Goods/Service Receiving Records, during fiscal year 2009, which requires all obligation and open goods receipt and service entry sheet records to be reconciled to supporting documentation at the close of each quarter.

Additionally, it requires a semi-annual review of specific populations of obligations to identify the status for each record. Condition: CBP is not enforcing its policies and procedures to monitor and deobligate or close-out its obligations in a timely manner. During our testwork over CBP’s Undelivered Orders (UDO) balance as of September 30, 2010, we selected a statistical sample of 367 UDOs and noted eleven UDOs were no longer valid and had not been deobligated. CBP did not reconcile these UDOs to supporting documentation (e.g., documents within the contract action file) and reasonably assure that only valid obligations remained open.

In addition, six of the sampled UDOs had been identified as no longer valid by CBP, but were not deobligated at the individual obligation level. Although CBP has made progress in deobligating invalid obligations, CBP was unable to process all deobligations at the detail level prior to September 30, 2010, and therefore, recorded an on-top adjustment for inactive obligations in the amount of $83 million. Furthermore, CBP is not properly enforcing its policies and procedures for timely receipt of certification letters and deobligation of expired contracts. We noted when completing its review of UDOs as of December 31, 2009, CBP marked 11,895 of 18,019 UDOs as not reviewed, which was inconsistent with its certifications that all UDOs had been reviewed as of that date.

Criteria: U.S. Code Title 31 Section 1501(a)(1) states, “An amount shall be recorded as an obligation of the United States Government only when supported by documentary evidence of a binding agreement between an agency and another person (including an agency) that is in writing, in a way and form, and for a purpose authorized by law; and executed before the end of the period of availability for obligation of the appropriation or fund used for specific goods to be delivered, real property to be bought or leased, or work or service to be provided.” Section 1554(c) states, “The head of each agency shall establish internal controls to assure that an adequate review of obligated balances is performed…” CBP Directive 1220-011C states that “All obligation and open goods receipt and service entry sheet records must be reconciled to supporting documentation at the close of each quarter of the fiscal year, i.e., December 31, March 31, June 30, and September 30. Additionally, a semi-annual review of specific population of obligations must be performed and the status for each record identified. This is done to reasonably assure that only valid obligations remain open and open goods receipt and service entry sheet records are accurate.” Cause/Effect: CBP did not properly enforce its policies and procedures to monitor all open obligations on a periodic basis to determine if amounts require deobligation. As a result, undelivered orders and related account balances may be overstated at any point during the fiscal year.

II.6 EXHIBIT II Recommendations: We recommend that CBP: 1. Re-emphasize and reinforce compliance with Directive No. 1220-011C and implement proper monitoring controls to identify all invalid obligations and subsequently deobligate those obligations timely; 2. Continue to resolve its backlog of obligations marked for deobligation and implement procedures to monitor obligations identified as no longer valid to ensure there is a necessary reason for them to remain obligated; and 3. Improve the oversight of the preparation of the detailed report listing open obligations to be reviewed by program offices in order to (a) refine the open obligations requiring detailed program office review, (b) improve Office of Administration oversight of program office review, and (c) work towards review of all open obligations.

E. Entry Process 1.

In-Bond Program Background: General In-Bond Process An in-bond entry allows the movement of cargo through the United States without payment of duty and taxes prior to entry into domestic or foreign commerce. The cargo may enter commerce after it arrives at the destination port and an entry is filed. An in-bond also allows foreign merchandise arriving at one U.S. port to be transported through the U.S. and be exported from another U.S. port without the payment of duty. The shipment also might not enter commerce if the shipment is entered into a bonded warehouse or admitted into a foreign trade zone.

Compliance Audit and In-Bond serve as a compliance measurement In 1998, CBP implemented an audit system within ACS to system. This audit system, known as Tin-Man, utilizes random examinations and post audit reviews to ensure bonded carrier compliance with bond obligations. Tin-Man is used to select ports to perform physical examinations at the time of arrival and departure and to perform post audit reviews of carrier activity. Once each week, ports throughout the U.S. should be assigned post audits and physical examinations to perform based on a GAO-approved algorithm.

In-Bond Shipments Overdue for Export (M02) Report In-bond shipments overdue for export are included on the M02 report. Items on this report are in-bond movements transmitted by importers or brokers via the Automated Manifest System (AMS), Automated Broker Interface (ABI), or paper that have not exported within the required time limit. Review of the M02 report is designed to identify cargo that has not been exported and therefore may have physically, but not formally entered into U.S. commerce, thus circumventing the assessment and payment of duties and fees. II.7 EXHIBIT II Monthly List of In-Bond Shipments Overdue (M07) Report In-Bond shipments overdue are included on the M07 report.

Data on paperless and conventional in-bond movements transmitted by AMS participants, as well as in-bond information input via the “INBE” function in ACS appears in this report. Review of the M07 report is designed to identify cargo that has not arrived at the original destination port of entry communicated to CBP. Condition: We noted the following weaknesses exist over the in-bond program: • Ports are required to submit a summary of post audits conducted and the associated results to Headquarters. However, due to a system limitation in ACS, Headquarters cannot run an oversight report to determine if ports have completed all required audits.

The SINS report in ACS is designed to provide this function, but it currently does not accurately list the history of all in-bonds selected for audit and is not consistent with the listing of incomplete Tin-Man audits on the INES report. • The M02 report does not track air in-bonds. CBP is currently creating a report to track air in-bonds, but it was not implemented in FY 2010. • Requirements for ports to retain documentation produced in the course of resolution of items on the M02 report and the M07 report were issued in April 2010, and therefore were not in operation for all of FY 2010. In addition, there is no requirement for ports to completely resolve all items on the M02 and M07 reports each time they are run. Therefore, certain items on the report may not be resolved. • Tin-Man is designed to designate both examinations of cargo and post audits on a weekly basis.

CBP must manually reset Tin-Man at the beginning of each fiscal year in order to select the examinations and post audits for the upcoming year. However, CBP failed to manually reset the cargo examination portion of Tin-Man, which resulted in no cargo examinations designated for the ports by the Tin-Man system for FY 2010. • CBP does not perform a formal analysis to determine the overall compliance rate of the in- bond program. CBP does not analyze the rate and types of violations found to determine the effectiveness of the in-bond program, nor does it identify a projected total amount of uncollected duties and fees on in-bond merchandise that has physically entered U.S. commerce without formal entry to ensure there is not a potentially significant loss of revenue. Criteria: According to Title 19 Section 18.2(d) of the CFR, the carrier’s “Failure to surrender the in- bond manifest or report the arrival of bonded merchandise within the prescribed period shall constitute an irregular delivery and the initial bonded carrier shall be subject to applicable penalties (see Section 18.8).” 19 CFR Section 18.6 (b) states, “When there is a shortage of one or more packages, or nondelivery of an entire shipment, or delivery to unauthorized locations, or delivery to the consignee without the permission of Customs, the port director may demand return of the merchandise to Customs custody.

The demand shall be made no later than 30 days after the shortage, delivery, or nondelivery is discovered by Customs.” 19 CFR Section II.8 EXHIBIT II 18.8(b) designates the penalties to be “liquidated damages under the carrier’s bond for any shortage, failure to deliver, or irregular delivery, as provided in such bond.” OMB Circular No. A-123, Management’s Responsibility for Internal Control, states that “management is responsible for establishing and maintaining internal controls to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations.” Cause/Effect: A Headquarters memorandum to all field offices was issued in April 2010 indicating the retention guidelines for in-bond audits, in-bond examinations, the M02 report, and the M07 report. However, not all ports were in compliance with the memorandum. Additionally, there is no requirement for ports to completely resolve all items on the M02 and M07 reports each time they are run. The inability to effectively and fully monitor the in-bond process and verify the arrival of in-bond merchandise at the port level could lead to a lack of identification of additional revenue due to uncollected duties and fees on in-bond merchandise that has physically entered U.S. commerce without formal entry.

Current ACS system limitations also limit the ability of CBP to accurately monitor the in-bond process, both at the Headquarters and port levels. The lack of an automatic compilation and analysis of audit results at the national level hampers CBP’s ability to efficiently and fully determine the effectiveness of in-bond audits, common in-bond errors, and weaknesses in the overall in-bond process. There was a lack of oversight by CBP over the reset of the Tin-Man function within ACS. As a result, CBP does not have sufficient results to monitor the cargo examination portion of the in-bond process as ports did not perform any Tin-Man generated cargo examinations in FY 2010.

Recommendations: We recommend that CBP: 1. Continue with the deployment of the Automated Commercial Environment (ACE) system, M1, to replace the M02 and M07 reports and provide guidance to the field once new reports are delivered by OIT; 2. Continue with the deployment of ACE M1 to replace the Tin-Man system and provide guidance to the field; 3. Resolve errors in the universe of overdue air in-bonds.

Issue guidance and require ports to run and resolve items on M19 report; 4. Until the deployment of M1, develop or re-emphasize formal requirements for all ports to: • Continue to run and resolve items on the M02 and M07 reports throughout the year, and II.9 EXHIBIT II • Maintain documentation related to the resolution of items on the M02 and M07 reports; and 5. Increase Headquarters oversight of the in-bond process by: • Analyzing the summary of post-audits conducted and associated results, • Ensuring OIT resets the Tin-Man system at the beginning of the fiscal year, and • Performing a formal analysis to determine the overall compliance rate of the in-bond program. 2.

Trade Compliance Measurement Background: Trade Compliance Measurement (TCM) (previously referred to as Entry Summary Compliance Measurement (ESCM provides key data to CBP for the management of risk associated with trade compliance and revenue collection. CBP utilizes TCM to measure the effectiveness of its control mechanisms deployed and its execution in collecting revenues rightfully due to the U.S. Treasury. Further, TCM is used to determine the revenue gap that is reported as “Other Accompanying Information” in the financial statements. In February 2010, ACS was replaced by the Automated Targeting System (ATS) as the targeting platform and ACE as the findings platform for all ACE and ACS entries.

This change affected all future entries, whether filed in ACE or ACS. All determinations for reviews on entry summaries filed are recorded in the Validation Activity (VA) tool in ACE. Condition: We noted the following weaknesses related to TCM: • TCM Coordinators and Headquarters did not have the tools necessary to effectively monitor the TCM program at the port and national level throughout the fiscal year. Through corroborative inquiry at eleven statistically selected ports of entry, we noted an inconsistent use of data queries and reports by the TCM Coordinators to monitor TCM at the ports.

Specifically, o The Compliance Measurement Accuracy and Tracking System (CMATS) tool was unavailable for use by the TCM Coordinators for FY 2010. CMATS operated off the Customs Automated Port Profile (CAPPS) database and was utilized prior to FY 2010 as a tool to identify data quality errors or anomalies. Per the Entry Summary Compliance Measurement Policy Memo (FY10), issued in September 2009, CMATS and CAPPS were required to be used by the ports until several months after the switch from ACS to ACE. Per discussion with CBP, CMATS and CAPPS were unavailable for use by ports for the entire FY 2010.

Until the implementation of ACE in February 2010, a number of “maintenance” reports were available to the ports on a monthly basis. However, not all ports were aware of or used the “maintenance” reports and TCM Coordinators did not have a standard method of monitoring TCM. Additionally, these reports did not provide II.10 EXHIBIT II Headquarters with timely and efficient review of anomalous and non-anomalous entries, nor the reliability and accuracy of TCM entries. o Once the TCM program switched from ACS to ACE in February 2010, the expected reporting functionality of ACE did not function properly, and therefore, impeded the ability of Headquarters and TCM Coordinators to pull reports that would provide adequate monitoring of TCM. Limited guidance was given to the ports on how to monitor TCM until the reporting functionality in ACE could be improved.

In the fourth quarter of the fiscal year, Headquarters distributed a database to the ports, which provided both Headquarters and the ports with an effective tool to analyze and monitor TCM hits. • In FY 2008, guidance from the Commercial Targeting and Enforcement Directorate suspended the requirement for TCM Coordinators at the ports to perform random reviews of non-anomalous lines due to an error in the programming of the CMATS tool. This suspension was not replaced by any other data query or tool in FY 2009 or in FY 2010 with the implementation of ACE, thus a comprehensive data quality review has not been fully implemented. Criteria: Statement of Federal Financial Accounting Standards No. 7: Accounting for Revenue and Other Financing Sources and Concepts for Reconciling Budgetary and Financial Accounting, Section 69.2, Available Information on the Size of the Tax Gap, states, “Collecting entities should provide any relevant estimates of the annual tax gap that become available as a result of federal government surveys or studies. The tax gap is defined as taxes or duties due from non-compliant taxpayers or importers.

Amounts reported should be specifically defined, e.g., whether the tax gap includes or excludes estimates of taxes due on illegally earned revenue.” OMB Circular A-136, Financial Reporting Requirements, Section 4 Part II 5.3, Tax Burden/Tax Gap, states: “Entities that collect taxes may consider presenting the information described below, if the information is readily available and the preparers believe the information will enhance the usefulness of the statements. Refer to SFFAS No. 7 for further guidance. A perspective on the income tax burden. This could take the form of a summary of the latest available information on the income tax and on related income, deductions, exemptions, and credits for individuals by income level and for corporations by value of assets.

Available information on the size of the tax gap. Collecting entities should provide any relevant estimates of the annual tax gap that become available as a result of Federal surveys or studies.” Cause/Effect: The current version of ACE does not provide TCM Coordinators at the ports or Headquarters with the appropriate reporting tools to monitor TCM hits. Guidance issued to TCM Coordinators for FY 2010 did not provide for adequate, timely, and efficient oversight of II.11 EXHIBIT II TCM hits. Policies and procedures were not developed and/or implemented for the entire fiscal year to ensure the reliability and accuracy of TCM input results.

Incomplete guidelines may lead ports to inadequately monitor the TCM process throughout the fiscal year, resulting in a lack of appropriate review of TCM entries. With inadequate oversight of the TCM data, CBP may have an inaccurately projected revenue gap. Additionally, CBP may incorrectly evaluate the effectiveness of its control environment over the collections of duties, taxes, and fees. Recommendations: We recommend that CBP: 1.

Continue distribution of the monthly TCM database to the ports which satisfies the requirements for TCM Coordinator and Headquarters oversight of the TCM process at the port level. 2. Continue the development of reporting functionalities in ACE to replace the manual TCM databases distributed to the ports. 3.

Bonded Warehouse and Foreign Trade Zones Background: Bonded Warehouses (BWs) are facilities under CBP’s supervision used to store merchandise that has not made entry into the U.S. Commerce. BWs are used to provide a place for storing goods in the U.S. for up to 5 years. The goods that are stored in such warehouses are secured by the bond on the warehouse. Goods are entered into the BW by submission of the CBP Entry Summary Form 7501.

Foreign Trade Zones (FTZs) are secure areas under CBP supervision considered outside of the CBP territory. Authority for establishing these facilities is granted by the Foreign Trade Zones Board under the Foreign Trade Zones Act of 1934, as amended (19 U.S.C. 81a-81u). Foreign and domestic merchandise may be moved into zones for operations not otherwise prohibited by law, including storage, exhibition, assembly, manufacturing, and processing. Goods are admitted into a FTZ using CBP Form 214.

Condition: We noted the following internal control weaknesses related to the BW and FTZ processes: • While CBP has developed national databases within the Automated Commercial Environment (ACE), which contain an inventory of all BWs and FTZs, such databases have not been tested for completeness. In addition, these databases are not currently used to document the assessed risk of each BW or FTZ, scheduled compliance reviews, or the results of compliance reviews. Furthermore, there are no requirements for Headquarters or the Field Offices to compare this database to the compliance review schedules submitted by the ports to ensure that all compliance reviews are performed. II.12 EXHIBIT II • The current BW and FTZ Compliance Review Handbooks lack specific guidance, in the form of a questionnaire or checklist, for determining the risk assessment of a BW or FTZ.

The Compliance Review Handbooks state that a risk assessment should be performed by “analyzing and combining the findings of compliance reviews, security surveys, compliance measurement data, informed and enforced compliance, historical data, and other risk factors listed in this handbook.” During FY 2010, CBP created a standard checklist for compliance reviews to be utilized by all ports; however, the checklist has not been incorporated into the BW and FTZ Compliance Review Handbooks, which are the primary resource for CBP Officers completing compliance reviews. • Headquarters compiles a survey that is completed by the ports at the end of each fiscal year to determine the current status of the BW and FTZ programs. The FY 2010 survey included appropriate data to allow CBP to analyze trends in the BW and FTZ programs; however, the analysis CBP performed was limited in scope and was not formalized or documented. Additionally, there is a lack of communication of the overall findings of the survey to the port level. A memo was issued to the ports from Headquarters at the end of FY 2010; however, the memo included limited information of the overall findings on the overall program effectiveness. • At eleven statistically selected ports with BW and FTZ facilities, we noted the following specific findings related to BW and FTZ internal controls: 1.

Frequency of Compliance Reviews – Two ports were not conducting the appropriate number of compliance reviews based on guidance in the BW and FTZ Compliance Review Handbooks. Specifically, one port did not schedule or complete any compliance reviews in FY 2010 for BWs and FTZs that had no activity during FY 2009. Additionally, one port appropriately classified several FTZs and BWs as medium or high risk facilities, but did not schedule or perform the appropriate number of compliance reviews during the fiscal year. 2.

Compliance Review Schedules – Lack of review and approval at the Field Offices and/or Headquarters level of compliance review schedules submitted at both ports noted in the above bullet. Currently, there is no requirement for the Field Offices and/or Headquarters to review the compliance review schedules compiled by the port. 3. Risk Assessment – At one port, for one FTZ activated in FY2010, documentation of an initial risk assessment was unable to be provided.

Criteria: CBP’s supervisory authority over bonded warehouses and foreign trade zones is outlined in 19 CFR Section 19.4(a), “…the port director may authorize a Customs officer to supervise any transaction or procedure at the bonded warehouse facility. Such supervision may be performed through periodic audits of the warehouse proprietor's records, quantity counts of goods in warehouse inventories, spot checks of selected warehouse transactions or procedures or reviews of conditions of recordkeeping, storage, security, or safety in a warehouse facility.” 19 CFR Section 146.3 states, “Customs officers will be assigned or detailed to a zone as necessary to maintain appropriate Customs supervision of merchandise and records pertaining thereto in the zone, and to protect the revenue. … Supervision may be performed through a periodic audit of the operator’s records, quantity count of goods in a II.13 EXHIBIT II inventory, spot check of selected zone recordkeeping, security, or conditions of storage in a zone.” transactions or procedures, or review of OMB Circular No. A-123 states that “management is responsible for establishing and maintaining internal controls to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations.” Cause/Effect: CBP does not have effective methods to communicate policies to the ports related to both the frequency of compliance reviews and the documentation of risk assessments. CBP does not have updated formal, comprehensive guidance related to the monitoring of the BW and FTZ programs by Headquarters and the Field Offices, such as procedures to ensure all BWs and FTZs have an appropriate risk assessment and that all necessary compliance reviews are scheduled and completed. Headquarters cannot effectively monitor the BW/FTZ program if a complete population of all BWs and FTZs is not compiled.

Exceptions to and deviations from Headquarters guidance at the port level could affect Headquarters’ ability to determine the overall compliance of the BW/FTZ program. If there is insufficient monitoring of BWs and FTZs, BW/FTZ operators may be able to operate BWs and FTZs that contain merchandise without the monitoring of CBP. The lack of a checklist or specific guidance for determining risk assessment could lead to inconsistent procedures in assessing risk at the port level. Recommendations: We recommend that CBP: 1.

Continue to work with the Office of Administration to develop capabilities that will allow for more varied and extensive reporting of data from port offices. 2. Continue to post information onto the CBPnet secure site regarding bonded facilities. 3.

Develop and issue Self Inspection Worksheet questions regarding bonded facilities and compliance reviews. F. Information Technology Background: Controls over information technology (IT) and related financial systems are essential elements of financial reporting integrity. Effective general controls in an IT and financial systems environment are typically defined in five key control areas: security management, access control, configuration management, segregation of duties and contingency planning. In addition to reliable controls, financial management system functionality is important to program monitoring, increasing accountability of financial and program managers, providing better information for decision-making, and increasing the efficiency and effectiveness of services provided by the Federal government.

II.14 EXHIBIT II Condition: During FY 2010, CBP took corrective actions to address prior year IT control deficiencies. However, during FY 2010, we continued to find control deficiencies related to IT general controls and functionality. The key deficiency from a financial reporting perspective relates to information security. Collectively, the IT control deficiencies limit CBP’s ability to ensure that critical financial and operational data is maintained in such a manner to ensure confidentiality, integrity, and availability.

Additionally, CBP’s current system of record used to process entries imported into the U.S. cannot support all of CBP’s operations, which limits CBP’s ability to effectively manage and monitor the custodial revenue and drawback processes. Because of the sensitive nature of the issues identified, we will issue a separate restricted distribution report that discusses the control deficiencies in more detail. Criteria: The Federal Information Security Management Act (FISMA), passed as part of the E-Gov Act of 2002, mandates that Federal entities maintain IT security programs in accordance with OMB and the U.S. Department of Commerce. OMB Circular No. A-130, Management of Federal Information Resources, and various National Institute of Standards and Technology (NIST) guidelines describe specific essential criteria for maintaining effective general IT controls.

In addition, OMB Circular No. A-127, Financial Management Systems, prescribes policies and standards for executive departments and agencies to follow in developing, operating, evaluating, and reporting on financial management systems. Recommendation: We recommend that CBP improve the application and general controls over its financial systems to ensure adequate security, protection, and functionality of the information systems. CBP Response: See management’s response included in the attached letter. II.15 Status of Prior Year Material Weaknesses and Significant Deficiencies EXHIBIT III As Reported at September 30, 2009 Status as of September 30, 2010 Prior Year Condition Financial Reporting Property, Plant, and Equipment (PP&E) – Secure Border Initiative Material weakness: CBP’s controls did not detect misstatements in its financial statements.

In addition, CBP did not have sufficient resources, infrastructure, or communication to timely identify, consider, and resolve significant accounting issues related to new accounting standards, new operations, or changes in operations. Material weakness: Several weaknesses existed related to accounting for PP&E of the Secure Border Initiative, such as not timely addressing the accounting impact and procedures necessary to account for the virtual fence, miscalculation of depreciation to the FM&E TI physical fence, and reviewing journal entry accruals. PP&E – Improper Settlement of Assets from Construction in Progress Material weakness: Weaknesses existed related to the untimely transfer of construction in progress to fixed assets and settlement of assets without proper supporting documentation. PP&E – Management Oversight of PP&E and Transactions Drawback of Duties, Taxes and Fees Inactive Obligations Material weakness: Several weaknesses existed related to oversight of PP&E, such as not properly performing inventory counts, and recording addition and retirement transactions untimely or inaccurately.

Material weakness: ACS lacked controls to detect and prevent excessive drawback claims and payments, requiring inefficient compensating manual processes, and the drawback review policies did not require drawback specialists to review all related drawback claims. Significant deficiency: Weaknesses in CBP’s policies and procedures related to the monitoring of obligations, the timely deobligation of inactive obligations, and the timely receipt of certification letters. III.1 Significant deficiency: Weaknesses continue to exist related to timely communication and oversight of financial management issues. See control finding letter B. Significant deficiency: Although improvements were made, weaknesses continue to exist related to timely addressing accounting issues related to the Secure Border Initiative, which are reported in the Financial Reporting significant deficiency.

See control finding letter B. Significant deficiency: Weaknesses continue to exist related to untimely transfer of construction in progress in fixed assets. See control finding letter C. Significant deficiency: Weaknesses continue to exist related to recording PP&E transactions. See control finding letter C. Continue as a material weakness: Weaknesses continue to exist related to the drawback process in fiscal year 2010. See control finding letter A. Continue as a significant deficiency: Weaknesses continue to exist related to monitoring obligations and timely deobligation of inactive obligations.

See control finding letter D. Exhibit III Prior Year Condition Entry Process – In Bond As Reported at September 30, 2009 Status as of September 30, 2010 Significant deficiency: Several weaknesses existed related to in-bond, such as lack of official guidance related to monitoring in-bond shipments at the port level, lack of CBP-HQ review of the in- bond program, and the overall inability to determine the effectiveness of the in-bond program for CBP in its entirety. Continue as a significant deficiency: Although improvements were made, weaknesses still remain during fiscal year 2010. See control finding letter E, section 1. Entry Process – Entry Summary Compliance Measurement (renamed Trade Compliance Measurement in FY 2010) Significant deficiency: Several weaknesses existed related to ESCM, such as inconsistent procedures followed at the ports and development and/or implementation of policies and procedures to ensure reliability and accuracy of ESCM input results.

Continue as a significant deficiency: Although improvements were made, weaknesses still remain during fiscal year 2010 related to TCM. See control finding letter E, section 2. Entry Process – Bonded Warehouse and Foreign Trade Zones Information Technology Significant deficiency: Several weaknesses existed related to BW/FTZ, such as lack of official risk assessment guidance, lack of a complete inventory of all BWs/FTZs, and lack of management review of the BW/FTZ surveys. Significant deficiency: Weaknesses were noted in entity-wide security, system access, segregation of duties, service continuity, and system software change management.

Continue as a significant deficiency: Weaknesses continue to exist related to the bonded warehouse and foreign trade zone process during fiscal year 2010. See control finding letter E, section 3. Continue as a significant deficiency: Weaknesses continue to exist related to IT general and application controls and IT functionality during fiscal year 2010. See control finding letter F. III.2 1300 Pennsylvania Avenue NW Washington, DC 20229 u.s. Customs and Border Protection JAN 1It 2011 MEMORANDUM FOR: FROM: SUBJECT: Richard L. Skinner Inspector General Department of Homeland Security Deborah J. Schilling Chief Financial Officer U.S. Customs and Border Protection Management Response to Independent Auditor's Report on U.S. Customs and Border Protection's Fiscal Year 2010 Financial Statements On behalf of U.S. Customs and Border Protection (CBP), I am responding to the Independent Auditor's Report on CBP's Fiscal Year (FY) 2010 Financial Statements, which is included in our FY 2010 Annual Financial Report.

I accept the independent public accounting firm's (KPMG LLP) unqualified opinion on CBP's FY 2010 Financial Statements, which concluded that CBP's consolidated financial statements are fairly presented in all material respects and in conformity with accounting principles. CBP has reviewed and concurs with the one material weakness and the five significant deficiencies. Mission Action Plans (MAPs) outlining CBP's strategy to correct these conditions will be prepared and provided to the Office of Financial Management, Department of Homeland Security. CBP will continue to work to resolve all auditor-identified weaknesses.

CBP appreciates the opportunity to review this year's audit report and looks forward to continuing our professional auditing relationship with your office. If you have any questions or would like additional information, please contact me at (202) 344-2300, or a member of your staff may contact Mari Boyd, Executive Director, Financial Operations, at (202) 344-2364. ·~9·~ Deborah J. Schilling Appendix A Report Distribution Department of Homeland Security Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretariat Director, GAO/OIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Chief Financial Officer Chief Information Officer U.S. Customs and Border Protection Commissioner Chief Financial Officer Chief Information Officer Office of Management and Budget Chief, Homeland Security Branch DHS OIG Budget Examiner Congress Congressional Oversight and Appropriations Committees, as appropriate ADDITIONAL INFORMATION AND COPIES To obtain additional copies of this report, please call the Office of Inspector General (OIG) at (202) 254-4100, fax your request to (202) 254-4305, or visit the OIG web site at www.dhs.gov/oig.

OIG HOTLINE

To report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal or noncriminal misconduct relative to department programs or operations: • Call our Hotline at 1-800-323-8603; • Fax the complaint directly to us at (202) 254-4292; • Email us at [email protected]; or • Write to us at: DHS Office of Inspector General/MAIL STOP 2600, Attention: Office of Investigations - Hotline, 245 Murray Drive, SW, Building 410, Washington, DC 20528. The OIG seeks to protect the identity of each writer and caller.

Chat with this agency guidance using AI

Ask CiteLaw's AI Navigator anything about this agency guidance, verify citations, and research related authorities. Sign up for CiteLaw free today to get started.