Federal Reports

This is the audit of the NEA's information technology systems security. Due to security concerns, this report is not published on the internet. You can obtain a copy of this report through a freedom of information act request at the following link: https://www.arts.gov/freedom-information-act-guide.

To learn how communities across the nation responded to the pandemic during the first 18 months, we initiated a multi-part review of six communities—two cities, two rural counties, and two Tribal reservations. This report is the second community-specific report and focuses on our work in Coeur d’Alene, Idaho, where we previously identified that recipients, including city government, small businesses, and individuals, received almost $314 million from 45 pandemic relief programs and subprograms. This report provides a closer look at eight pandemic programs and subprograms provided to Coeur d’Alene by seven federal departments.

The OIG evaluated concerns at the Michael E. DeBakey VA Medical Center (facility) regarding staff’s failure to arrange an evidence-based psychotherapy (EBP) referral for a patient assigned a high risk for suicide patient record flag (high-risk flag). The OIG reviewed concerns that staff did not adequately conduct lethal means safety planning or provide required high-risk flag management for the patient.Although the patient was receiving psychiatric care, the OIG found that staff failed to provide in-person EBP until over a year after the patient’s request, inconsistent with Veterans Health Administration (VHA) requirements. The OIG also found that staff did not offer the patient equipment to participate in virtual sessions or consistently document attempts to contact the patient as required.It was determined that a psychologist and psychiatrist did not sufficiently address the patient’s access to lethal means. Given the patient’s firearm access and past suicidal behavior, the OIG would have expected the psychologist to address the patient’s potential to obtain ammunition and document a discussion of risk reduction strategies. The OIG found that the psychiatrist did not document evaluation of the patient’s access to ammunition.Following high-risk flag initiation, staff did not meet with the patient, document suicide risk assessment, or update or review the patient’s safety plan, as required. Inconsistent with a VHA requirement, an Office of Mental Health and Suicide Prevention leader reported that homeless program staff are not expected to review or update safety plans during high-risk flag follow-up appointments. The OIG made one recommendation to the Under Secretary for Health to clarify requirements for suicide risk assessment completion and safety plan reviews and five recommendations to the Facility Director related to EBP consult management, timely scheduling, and documentation; VA-issued devices; lethal means safety; and high-risk flag follow-up.

The objective of our audit was to determine whether FSA was effectively implementing the Fostering Undergraduate Talent by Unlocking Resources for Education (FUTURE) Act and the FAFSA Simplification Act provisions pertaining to Federal Tax Information (FTI) through the Student Aid and Borrower Eligibility Reform Initiative (SABER) initiative. Our audit covered December 19, 2019 (when the FUTURE Act was enacted) through May 31, 2023. We found that FSA did not effectively implement the FUTURE Act and the FAFSA Simplification Act provisions pertaining to FTI through the SABER initiative. Overall, FSA did not effectively perform implementation activities for the four FTI-related SABER systems that we reviewed in accordance with some of the processes for monitoring project costs and budgets, monitoring contracts, and managing risks that FSA established as part of an effective systems implementation framework because it did not always perform key steps or could not provide sufficient evidence to support completion of such key steps. Specifically, these key steps pertained to FSA’s establishing and monitoring of the systems’ costs and budgets, its performance oversight of the contractors responsible for implementing the systems, and its management of the risks, decisions, and issues pertaining to the systems’ implementation. For the Internal Revenue System (IRS) Publication 1075 “Tax Information Security Guidelines for Federal, State, and Local Agencies” security requirements that the IRS required FSA to implement prior to allowing the transfer of FTI to FSA systems, we found that FSA established and followed a plan to ensure that the security requirements were implemented. Additionally, we found that FSA adhered to its change management process for two FTI systems for which we tested a sample of one contract modification for each.

We assessed the Nancy Grace Roman Space Telescope project, a NASA observatory designed to explore dark energy, exoplanets, and infrared astrophysics, to determine if NASA is managing the risks and mitigating future challenges with the Roman telescope while meeting its cost, schedule, and technological goals.

Objective: To determine whether the Social Security Administration took corrective action to address the finding and recommendation in our September 2016 report, Numident Death Information Not Included on the Death Master File.