Federal Reports

What We Looked At    This report presents the results of our quality control review (QCR) of an attestation examination of the Department of Transportation’s (DOT) Enterprise Services Center (ESC) controls. ESC provides financial management services to DOT and other agencies and operates under the direction of DOT’s Chief Financial Officer. The Office of Management and Budget requires ESC, as a service organization, to either provide its user organizations with independent audit reports on the design and effectiveness of its internal controls or allow user auditors to perform tests of its controls.We contracted with KPMG LLP to conduct this examination subject to our oversight. The objectives of the review were to determine whether (1) management’s description of ESC’s systems is fairly presented, (2) ESC’s controls are suitably designed, and (3) ESC’s controls are operating effectively throughout the period of October 1, 2023, through June 30, 2024. We performed a QCR on KPMG’s report and related documentation.What We FoundOur QCR disclosed no instances in which KPMG did not comply, in all material respects, with generally accepted Government auditing standards.Our RecommendationsKPMG made no recommendations.   

Amtrak notified our office February 16, 2024, of a potential data‐sharing incident. Our investigation found that an employee granted two third‐party email accounts access to an Amtrak OneDrive/SharePoint folder which contained 369 company files related to an Amtrak program. As a result of our investigation into the incident, the company took remedial action to optimize Microsoft tools for data loss prevention, conducted routine auditing and removal of guest accounts, completed additional security enhancements, and provided alerts for risky file sharing.

Although U.S. Customs and Border Protection (CBP) responded to CBPOne™ application weaknesses after implementation, it did not formallyassess and mitigate the technological risks involved with expanding theapplication to allow undocumented noncitizens (noncitizens) to scheduleappointments to present themselves for processing at Southwest BorderPorts of Entry (POEs). We found that CBP did not initially consider criticalfactors such as the design of the CBP One™ Genuine Presencefunctionality, adequacy of supporting application infrastructure,sufficiency of language translations, and equity of appointmentdistribution. As a result, noncitizens initially using the new featureexperienced application crashes, received frequent error messages, facedlanguage barriers, and may not have always had an equal opportunity tosecure an appointment.

What We Looked AtThe locks, channels, and accompanying infrastructure of the St. Lawrence Seaway are perpetual transportation assets that require periodic and regular capital reinvestment in order to continue to operate safely, reliably, and efficiently. The Great Lakes St. Lawrence Seaway Development Corporation (GLS) Seaway Infrastructure Program (SIP), previously the Asset Renewal Program, addresses the long-term capital asset renewal needs of the U.S. seaway infrastructure. Adequate internal controls are critical for GLS to generate high-quality cost estimates for its SIP projects and accurately track accumulated SIP project costs. Previously, the Government Accountability Office (GAO) identified issues with GLS’ cost estimating process. Given GAO’s previous findings and the importance of complete and accurate cost estimates, we initiated this audit. Accordingly, our audit objective was to evaluate the reliability of GLS’ cost-estimating process for SIP projects completed during fiscal years 2021 and 2022. As part of our review, we also evaluated GLS’ controls for determining the costs of completed projects.What We FoundGLS has not established adequate internal controls to effectively manage its estimating process for SIP projects. Specifically, GLS does not follow a formal process for developing reliable cost estimates. Also, GLS does not have policies and procedures for ensuring cost estimates are performed when required. In addition, we determined that GLS lacks adequate documentation of controls over determining the total costs for completed SIP projects. Specifically, GLS does not have a suitable mechanism in place to track the accumulated costs of completed SIP projects.Our RecommendationsWe made four recommendations to improve GLS’ internal controls over the SIP cost estimating process. GLS concurred with our recommendations. We consider the recommendations resolved but open pending completion of planned actions. 

Our objective was to determine whether Defense Intelligence Agency (DIA) managed its Research, Development, Testing, and Evaluation (RDT&E) funds to align with Agency mission priorities and optimize their use. To achieve the objective, we conducted a review of RDT&E budget requests and assessed the alignment of funds with DIA strategy and mission priorities. Additionally, we reviewed DIA’s obligation and expenditure performance against Office of the Secretary of Defense goals and unliquidated obligations to assess fund optimization. We also conducted interviews with Agency officials to gain insight into DIA’s processes for monitoring funds. We issued the results of our evaluation, along with four recommendations, in a final report dated August 21, 2024.