Department of Education

We identified internal control weaknesses in the system that increase the risk that Virginia will be unable to prevent or detect unauthorized access and disclosure of personally identifiable information. Specifically, we found that although Virginia classified the Single Sign-on Web System as a...

We reported that FSA did not always accurately assess the operational status of the fully or partially operational functions, processes, and subprocesses. We also noted that FSA did not sufficiently document its validation assessments. As a result, there was a risk that FSA did not accurately assess...

we determined that that charter school relationships with charter management organizations posed a significant risk to Department program objectives. Specifically, we found that 22 of the 33 charter schools in our review had 36 examples of internal control weaknesses related to the charter schools’...

We found that the Department was complying with appropriate guidance and requirements and appeared to be on track for meeting its milestones. We did not find any evidence to indicate that the Department was not on track for implementing DATA Act reporting requirements by the May 2017 deadline. We...

We issued a management information report to the Department to highlight several areas of concern and some positive practices identified through our audits of SEA oversight of LEA single audit resolution. The results of our audits in the three States (Illinois, Massachusetts, andNorth Carolina)...

We found that the Institute of Education Sciences (IES) did not effectively implement Department requirements for the contractor personnel security screening process. We specifically noted weaknesses in IES’s development of internal policies and procedures, designation of contractpositions and...

We reported that the Indiana Department of Education did not provide adequate oversight to ensure that its system met minimum security requirements that included a creating System Security Plan, completing a compliance audit and risk assessment, and classifying its security level. We also reported...

The OIG’s contracted auditors found that the FY 2016 financial statements for the Department and FSA were presented fairly in all material respects, in accordance with generally accepted accounting principles. However, the auditors identified two significant deficiencies in internal control over...

We determined that FSA had adopted and implemented new tools and processes in this area in response to the April 2015 closure of one of the largest for-profit education companies in the United States, but further improvements were needed. We reported that FSA needed to improve its processes for...

We found that the Rehabilitation Services Administration (RSA) did not have adequate internal controls to provide reasonable assurance that data State vocational rehabilitation agencies submitted in their RSA-911 reports were accurate and complete. We found that RSA’s monitoring procedures did not...