Federal Reports

The Office of Inspector General (OIG) is issuing this inspection report to determine whether data sharing between the Employment and Training Administration and the U.S. Small Business Administration (SBA) could mitigate the risk of fraudulent unemployment insurance benefit payments and SBA disaster program disbursements.

In 2020, soon after Congress expanded the Unemployment Insurance and Economic Injury Disaster Loan Programs in response to the adverse economic effects caused by the Coronavirus Disease 2019 pandemic, the U.S. Department of Labor OIG and SBA OIG respectively began reporting on heightened risks of fraud and found similar fraud indicators. The two OIGs found that billions of dollars were paid to the same likely fraudsters under both programs. The DOL and SBA OIGs identified this issue through a data use agreement and subsequent data sharing and matching project, highlighting an opportunity to collaborate on data matching to mitigate fraud.

SBA OIG made three recommendations – two to facilitate improved fraud controls via collaboration and one to reevaluate eligibility. SBA agreed with the three recommendations, and the planned actions will resolve those recommendations.

Although DOI took steps toward building an ERM capability, we found that it was not fully implemented as required by OMB Circular A-123.

The U.S. Postal Service’s mission is to provide timely, reliable, secure, and affordable mail and package delivery to more than 160 million residential and business addresses across the country. The U.S. Postal Service Office of Inspector General (OIG) reviews delivery operations at facilities across the country and provides management with timely feedback in furtherance of this mission.

The U.S. Postal Service’s mission is to provide timely, reliable, secure, and affordable mail and package delivery to more than 160 million residential and business addresses across the country. The U.S. Postal Service Office of Inspector General (OIG) reviews delivery operations at facilities across the country and provides management with timely feedback in furtherance of this mission.

The U.S. Postal Service’s mission is to provide timely, reliable, secure, and affordable mail and package delivery to more than 160 million residential and business addresses across the country. The U.S. Postal Service Office of Inspector General (OIG) reviews delivery operations at facilities across the country and provides management with timely feedback in furtherance of this mission.

The U.S. Postal Service needs effective and productive operations to fulfill its mission of providing prompt, reliable, and affordable mail service to the American public. It has a vast transportation network that moves mail and equipment among about 315 processing facilities and 31,200 post offices, stations, and branches. The Postal Service is transforming its processing and logistics networks to become more scalable, reliable, visible, efficient, automated, and digitally integrated. This includes modernizing operating plans and aligning the workforce; leveraging emerging technologies to provide world-class visibility and tracking of mail and packages in near real time; and optimizing the surface and air transportation network. The U.S. Postal Service Office of Inspector General (OIG) reviews the efficiency of mail processing operations at facilities across the country and provides management with timely feedback to further the Postal Service’s mission.

Our Objective(s)To (1) determine whether MARAD has implemented an information management system for the SAPR Program that complies with NDAA requirements and (2) assess the system's cybersecurity and privacy controls.
Why This AuditThe 2023 National Defense Authorization Act (NDAA) required MARAD to establish for the U.S. Merchant Marine Academy's (USMMA) Sexual Assault Prevention and Response (SAPR) Program an information management system (IMS) for sexual assault and sexual harassment claims, and for the Office of Inspector General to conduct a cybersecurity audit of the system.
What We FoundMARAD has not established an information management system for USMMA's SAPR Program that complies with NDAA requirements.

Instead of acquiring a new IMS, USMMA uses a spreadsheet system for the SAPR Program.
USMMA officials acknowledge that this spreadsheet system does not meet the Academy's needs.
The SAPR Program tracks and maintains most but not all required information in its spreadsheet system.
The program also has not implemented a process to update the records of acquitted individuals in its spreadsheet system.

The SAPR Program's spreadsheet system lacks sufficient cybersecurity and privacy controls.

The program's spreadsheet system lacks the cybersecurity controls required by the National Institute of Standards and Technology and the Department of Transportation's Cybersecurity Compendium to properly secure and protect the confidentiality, integrity, and availability of the program's sensitive data and information.
MARAD's Privacy Officer has not analyzed the spreadsheet system to determine what privacy protections should be implemented to protect personally identifiable information stored in the system.

Recommendations We have made four recommendations to improve MARAD's oversight of USMMA's Sexual Assault Prevention and Response Program.