Federal Reports

In May 2024, we conducted on-site, unannounced inspections at five U.S. Customs and Border Protection (CBP) facilities in the Tucson area, specifically four U.S. Border Patrol (Border Patrol) facilities and one Office of Field Operations port of entry. At the time of our on-site inspections, Border Patrol held 1,381 detainees in custody in the Tucson Coordination Center, Tucson Soft-sided Facility, Nogales Processing Facility, and Ajo station. In all four facilities, we found Border Patrol held detainees longer than specified in the National Standards on Transport, Escort, Detention, and Search, which generally limits detention to 72 hours. Overall, Border Patrol met other applicable standards to provide or make available amenities such as food, water, and medical care to detainees. However, we found Border Patrol did not follow standard procedures for managing detainee property in one holding facility, instances where agents did not document welfare checks for detainees with medical conditions, holding cells that were over capacity, and insufficient medical staffing. In addition, we found data integrity issues with information in Border Patrol’s electronic system of record, e3.

Kevin Leonard, a Tennessee resident, was sentenced on January 31, 2025, in U.S. District Court, Southern District of California, for health care fraud. Leonard was sentenced to 5 years of probation and ordered to forfeit $234,000. Leonard was a patient broker who unlawfully brokered patients to clinical treatment facilities owned and operated by Paragon Recovery LLC. In exchange, Leonard and others received kickback payments. The scheme resulted in the inflated fraudulent billing of insurance providers, including Amtrak’s.
 

In addition, Casimiro Bojorquez, a California resident, pleaded guilty on January 14, 2025, to conspiracy related to the health care fraud scheme. Our investigation found that Bojorquez and others conspired to solicit, offer, and receive illegal remunerations for referrals to clinical treatment facilities owned and operated by Paragon Recovery. Amtrak’s insurance providers were billed approximately $1,152,000 by facilities owned and operated by Paragon Recovery over the course of the scheme.

Bojorquez and two other codefendants will be sentenced at a future date.

Amtrak uses operational technology (OT) systems to manage equipment that controls train operations, such as communications and dispatching. Disruptions to these systems resulting from a disaster—whether caused by human or technical error, natural disasters, cybersecurity attacks, or physical attacks—could cause train delays and cancellations, revenue losses, and safety risks. Accordingly, our objective was to assess the company’s disaster recovery practices for its OT systems. Given the sensitive nature of the report’s information, we summarized the results in this public version of the report. Our assessment of the company’s disaster recovery practices for its OT systems resulted in three recommendations. Company executives agreed with our recommendations and described ongoing and planned actions to address them.

At the request of the Tennessee Valley Authority’s (TVA) Supply Chain, we examined the cost proposal submitted by a contractor for the New Caledonia Gas Plant.  Our examination objective was to determine if the cost proposal was fairly stated.  The contractor proposed a target cost estimate (TCE) of approximately $474.7 million for the construction of a potential simple cycle natural gas electricity generating plant at TVA’s New Caledonia site in Steens, Mississippi.

In our opinion, the cost proposal was overstated. Specifically, we found the proposal for the $474.7 million New Caledonia Gas Plant project included (1) overstated labor costs, (2) inflated subcontract costs, (3) overstated or unallowable other direct costs, (4) understated equipment costs, and (5) overstated (i.e., general and administrative, fee, and taxes).  We estimated TVA could avoid $63.7 million on the proposed $474.7 million New Caledonia Gas Plant project by negotiating appropriate reductions to the proposed TCE.  Additionally, we suggest TVA negotiate to revise the draft contract language and rate attachments to incorporate appropriate changes.

The proposal also included an alternative option to complete the project under a fixed price compensation method for a firm fixed price of approximately $506.4 million.  We analyzed the TCE proposal and alternative fixed price proposal and determined it would be more cost efficient for TVA to (1) negotiate appropriate reductions, including any necessary scope changes, and (2) utilize the TCE instead of agreeing to the fixed price proposal.

The Office of the Inspector General performed an audit of the Tennessee Valley Authority’s (TVA) cybersecurity vulnerability management program.  Our objective was to determine if TVA is compliant with the Cybersecurity and Infrastructure Security Agency (CISA) Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities (KEVs), and CISA BOD 19-02, Vulnerability Remediation Requirements for Internet-Accessible Systems. 

We determined TVA generally complied with CISA BOD 19-02 and CISA BOD 22-01; however, two requirements were not fully met. Specifically, TVA did not (1) update CISA with modifications to the inventory of internet-accessible internet protocol (IP) addresses within the five-day requirement or (2) meet the CISA required remediation timeline for 8 of 22 KEVs.

In compliance with the Act, the U.S. Environmental Protection Agency Office of Inspector General conducts periodic audits, assessments, and reviews of the travel and purchase card programs at the EPA and the U.S. Chemical Safety and Hazard Investigation Board. In fiscal year 2024, however, the EPA OIG did not perform a purchase or travel card program audit, review, or assessment for the EPA or the CSB. Also, as of the date of this letter, there are no outstanding OIG recommendations related to the EPA or CSB travel and purchase card programs.

The Federal Election Commission (FEC) Office of the Inspector General (OIG) implemented its annual work 
plan to ensure its resources are effectively and efficiently utilized throughout the performance year.

Objective:  To determine whether the Social Security Administration correctly applied workers' compensation (WC) off-set for Disability Insurance beneficiaries who received WC payments from Colorado and Minnesota.

The Department of Homeland Security has taken steps to develop guidance and establish oversight for artificial intelligence (AI) use, but more action is needed to ensure DHS governs and manages AI use appropriately. DHS issued AI-specific guidance, appointed a Chief AI Officer, and established multiple working groups and its AI Task Force to help guide the Department’s AI efforts. However, more action is needed to ensure DHS has appropriate governance for responsible and secure use of AI.