The Department of Homeland Security’s financial statements in fiscal year 2020 received a clean opinion from auditors, the eighth consecutive year with a clean opinion, but the review still uncovered several weaknesses, according to the department’s Office of Inspector General (IG).

The independent audit was conducted by the accounting firm KPMG and released by the IG, which said the department “continued to improve financial management” in FY ’20. However, it added, “KMPG issued an adverse opinion on DHS’ internal control over financial reporting because of material weaknesses in internal control.”

KPMG found material weaknesses in information technology (IT) controls and information systems, and in financial reporting, and also found “significant deficiencies” in entry processing, refunds and drawbacks, seized and forfeited property, grants management, and insurance liabilities.

The audit found IT control deficiencies across DHS, including at headquarters and most of the department’s operating components and management directorate. The IT control “deficiencies have persisted since the inception of DHS” in 2003, the 29-page report said.

The IT control deficiencies “increase the risk that current employees, separated employees, or contractors may obtain unauthorized or inappropriate access to information systems or data,” the audit said. “Such access could lead to unauthorized activities or inappropriate disclosures of sensitive data.”

The report said that other IT control deficiencies could lead to “inappropriate changes” to information systems, compromising data reliability, and that deficiencies in “security management increase the risk that system vulnerabilities will not be identified and remediated, compromising the reliability and integrity of data and increasing the risk of data loss.”

DHS agreed with the conclusions of the audit and said it is making progress in correcting some deficiencies.