Federal Reports

Congress enacted section 117 of the Higher Education Act, as amended, (Section 117) mandating financial transparency of institutions of higher education (institution) through required reporting of gifts from and contracts with a foreign source. Applicable institutions must file a disclosure report by one of the two annual reporting deadlines, January 31 or July 31, whichever is sooner, once the reporting obligation has been triggered. Section 117 helps to raise awareness of potential foreign influence on college campuses which could help stakeholders assess, detect, and respond to potential threats to U.S. academic and research pursuits, free speech on campuses, and national security. We conducted an inspection to evaluate FSA’s oversight of institutions’ reporting of foreign gifts and contracts under Section 117. To answer our objective, we reviewed FSA’s oversight activities, along with FSA’s monitoring plan, policies, and procedures related to its oversight of institutional reporting under Section 117. We also determined if FSA is accurately posting the data it receives from institutions. We found that FSA’s oversight of institutions’ reporting of foreign gifts and contracts under Section 117 needs improvement. Specifically, FSA’s oversight activities are limited to reviewing whistleblower tips, Department of Education news bulletins, and other media reports for potential institutional noncompliance with Section 117 and providing technical assistance to institutions. FSA does not have any monitoring plans, policies, or procedures in place for its oversight of Section 117 reporting. Additionally, we found that FSA is accurately posting the data it receives from institutions through its Section 117 reporting portal onto its public-facing website; however, FSA could improve its Section 117 reporting portal to assist in identifying and reducing data input errors.

Our Objective(s)To perform a quality control review (QCR) of Allmond & Company, LLC's (Allmond), management letter related to the audit of STB's financial statements for fiscal years ended September 30, 2024, and September 30, 2023. We reviewed Allmond's management letter, dated November 6, 2024, and related documentation.
About This ReportWe contracted with the independent public accounting firm Allmond to audit STB's financial statements. Allmond also issued a management letter discussing internal control matters that Allmond was not required to include in its audit report.
What We FoundThe independent auditor, Allmond, found seven internal control matters in STB's operations.

STB does not have agency-specific written policies and procedures for processing personnel actions.
STB does not enforce existing policies that require employees to submit, and supervisors to approve, leave requests for annual leave used.
STB does not perform a full review of accountable property and does not update inventory listings when items are issued or reassigned to employees.
STB does not have a procedure to validate upward and downward adjustment activity in the general ledger and to make the necessary corrections to ensure that both the upward and downward adjustment balances are accurate.
STB does not have procedures to ensure that employees' annual leave balances are correct and that carryover balances comply with laws and regulations.
STB expensed a portion of capitalized equipment in error.
STB taxed Federal Employees Health Benefits premiums in error.

Our QCR disclosed no instances in which Allmond did not comply, in all material respects, with U.S. generally accepted Government auditing standards.
RecommendationsWe agree with Allmond's 13 recommendations to help strengthen STB's internal controls.

Our Objective(s)To perform a quality control review (QCR) of KPMG LLP's management letter related to the audit of the Federal Aviation Administration's (FAA) consolidated financial statements as of and for the fiscal years ended September 30, 2024, and September 30, 2023. We reviewed KPMG's management letter, dated November 27, 2024, and related documentation.
About This ReportWe contracted with the independent public accounting firm KPMG to audit FAA's consolidated financial statements. KPMG also issued a management letter discussing internal control matters that KPMG was not required to include in its audit report.
What We FoundThe independent auditor, KPMG, found 12 internal control matters in FAA's management of operations. Two of the matters are related to DOT's internal controls and, although they affect FAA's control environment, FAA is not required to take corrective actions. The remaining 10 internal control matters are weaknesses in FAA's:

procurement system separation of users,
procurement system new user and recertification processes,
timely recording of procurement
accounting for costs incurred in projects with both construction and operating
and accuracy of intragovernmental lease payments
over the timely deobligation of grant undelivered orders,
calculation of non-letter of intent and additional Infrastructure Investment and Jobs Act grant accruals, and
Headquarters review of manual journal vouchers.
In addition, documentation weaknesses exist in the Enterprise Services Center's review of FAA journal entries, and
FAA has an insufficient number of personnel to support the annual recertification of payroll system users.

Our QCR disclosed no instances in which KPMG did not comply, in all material respects, with U.S. generally accepted Government auditing standards.
RecommendationsWe agree with KPMG's 15 recommendations to strengthen FAA's information technology and service organization system, business process, and manual journal voucher controls.

Our Objective(s)To determine whether DOT has established and implemented effective controls to secure and manage its mobile devices. As part of our review of DOT's mobile device management, we also assessed DOT's processes for maintaining an inventory of mobile devices and monitoring the costs of their use.
Why This AuditMany Federal employees use mobile devices, including smart phones to access their agencies' networks and systems, including those that process sensitive information. However, these devices can leave sensitive data vulnerable to cybersecurity threats and malicious software. Given increased use of mobile devices by DOT personnel and the cybersecurity risks associated with this use, we initiated this audit.
What We FoundDOT is taking steps to secure its mobile devices but has not yet implemented sufficient controls to effectively secure and manage all devices.

DOT's Office of the Chief Information Officer (OCIO), the Federal Aviation Administration (FAA), the U.S. Merchant Marine Academy (USMMA), and the Office of Inspector General (OIG) have begun implementing user and device authentication and data protection controls for their use of mobile devices. However, FAA and USMMA have not rapidly adopted software updates to ensure mobile operating systems are configured securely.
FAA and USMMA do not always restrict the use of mobile applications and do not have effective policies and procedures to manage and secure their mobile devices. In addition, OCIO and USMMA have not addressed security control weaknesses for their mobile device management solutions.

FAA has not maintained accurate inventories, and DOT OCIO and FAA have not ensured efficient spending for mobile devices.

Maintaining accurate inventories and monitoring spending are keys to efficient mobile device management. However, FAA did not maintain accurate inventories of its mobile devices. We found 157 personally owned mobile devices that had been granted access to FAA's network resources that FAA did not report to OIG when we took inventory.
DOT OCIO and FAA did not have effective controls in place to ensure efficient spending on mobile devices and services. We identified that FAA and OCIO were spending money on many mobile devices with zero usage, resulting in our identification of up to $422,838.45 for FAA and up to $203,884.19 for OCIO in funds that could be put to better use.

RecommendationsWe made 6 recommendations to improve DOT's process for managing and securing mobile devices within DOT's enterprise.

Our Objective(s)To inform FHWA's guidance for preventing and detecting anticompetitive practices. Specifically, we (1) assessed competition in procurement for Federal-aid highway projects using statistical methods, (2) provided estimates of the effects on contract costs when certain anticompetitive practices occur, and (3) identified opportunities to improve FHWA's guidance for preventing and detecting anticompetitive practices.
Why This AuditFederal law generally requires States to award contracts for Federal-aid highway projects through competitive bidding. However, concerns about anticompetitive bidding practices in highway procurements have existed for decades. Because of the importance of competition in highway procurement and the low number of studies that have attempted to assess it, we undertook this audit.
What We FoundOur analyses found significant indications of potential complementary bidding on highway procurements.

At least a third of the contracts we analyzed using machine learning in Florida, Georgia, North Carolina, New Jersey, Pennsylvania, and South Carolina were potentially affected by complementary bidding.
Our conservative, econometric method also flagged significant potential complementary bidding in most States we examined, affirming the machine learning results.

Contracts identified as potentially affected by complementary bidding had higher costs, but separate analysis of firms in flagged pairs found limited evidence of their affecting costs.

We estimated that the costs of flagged contracts ranged from an average of 5.2 percent to 10.2 percent higher, depending on the State, than for comparable potentially competitive contracts.
Cumulatively, these estimated cost increases amount to $1.19 billion (in 2021 dollars), or a 6.9 percent cost increase in the Federal-aid highway contracts flagged by our analyses across the six States.

While FHWA has improved its guidance for preventing anticompetitive practices, our analysis shows a more systematic approach to detection is needed.

FHWA's guidance during our review period did not adequately support State DOTs' prevention or identification of anticompetitive practices.
Although improved, FHWA's current guidance continues to lack explicit direction for frequent, regular, and systematic analysis.

RecommendationsWe made 1 recommendation to improve State DOTs' capabilities to detect and mitigate anticompetitive bidding.