Federal Reports

Agency program officials, chief information officers, and inspectors general must annually review information security programs and report to the Department of Homeland Security and Congress on agency compliance with the Federal Information Security Modernization Act (FISMA). The OIG contracted with an independent public accounting firm, CliftonLarsonAllen LLP (CLA), to evaluate VA’s information security program for FY 2024. After assessing 49 major applications and general support systems hosted at 23 VA facilities and on the VA Enterprise Cloud, CLA concluded that VA continues to face significant challenges meeting FISMA requirements because of the nature and maturity of its information security program.

The audit found continuing deficiencies related to access controls, configuration management controls, security management controls, and service continuity practices designed to protect mission-critical systems from unauthorized access, alteration, or destruction. These deficiencies can be remedied by addressing security-related issues that contributed to the information technology material weakness reported in the FY 2024 audit of VA’s consolidated financial statements; improving the deployment of security patches, system upgrades, and system configurations; improving performance monitoring to ensure controls operate as intended; and communicating identified security deficiencies to appropriate personnel.

Of CLA’s 23 recommendations, VA concurred with 12 and did not concur with 11. Some of the 23 recommendations addressed repeat deficiencies from previous FISMA reports spanning multiple years. CLA will follow up on the outstanding recommendations and evaluate the adequacy of corrective actions in the FY 2025 audit of VA’s information security program.

The purpose of this report is to provide the results of our survey of the Peace Corps’ compliance with the anti-gag provision requirement in the Whistleblower Protection Enhancement Act (WPEA) (5 U.S.C. § 2302(b)(13)). We initiated this assessment at the request of Senator Chuck Grassley. (See attached Senator Grassley Letter, dated March 11, 2024). 

The audit objective was to determine if the U.S. Nuclear Regulatory Commission (NRC) is effectively managing and monitoring selected research and development grants in accordance with applicable federal requirements, agency policies and guidance, and award terms and conditions.

The OIG found that the NRC was not effectively managing or monitoring selected research and development grants.  Specifically, the OIG found that staff in the Office of Nuclear Regulatory Research assumed grants officer responsibilities without a grants officer appointment or through a delegation as a grants officer representative.  We also found that NRC staff did not request or review source documents to support equipment purchased using grant funds.  Additionally, we found that the NRC does not have a public repository for final performance reports or other means to share the results of federally funded research grants.

The OIG further determined that the grants officer had not ensured that all relevant documents were contained in the official grant files; 11 grants were not closed out within one year of the performance end date and the NRC had not deobligated more than $321,000 in funds that could have been put to better use; and, grants awarded through the Integrated University Program (the predecessor to the University Nuclear Leadership Program) with periods of performance ending in 2021 and 2022 had more than $920,000 of funds that were not deobligated and could be put to better use.  The report contains nine recommendations to improve management and monitoring of research and development grants. 

The Office of Inspector General is issuing this inspection report to assess the U.S. Small Business Administration’s (SBA) initial response to Hurricane Helene, including staffing, loan application volume, and timeliness of disaster loan approvals.

We found that in SBA’s initial disaster assistance response to Hurricane Helene, the agency promptly established a field presence, adequately staffed recovery centers, responded timely to applicant queries, and processed loans in a timely manner.

We found that SBA processed loan applications in 20 days on average but was unable to disburse many of those loans due to a 68-day funding lapse. As a result, the overall processing time was 69 days on average with the funding lapse and 64 days on average without it. In addition, we identified opportunities for SBA to optimize its outreach efforts so disaster survivors are aware of the assistance available to them.

We recommended SBA review current outreach strategies; immediately conduct outreach efforts in North Carolina and South Carolina and perform a root cause analysis to determine the basis of insufficient outreach efforts in these two states; and implement appropriate changes to ensure maximum awareness of available assistance to disaster survivors that account for rural areas.

Management’s planned actions to review staffing assignments to ensure adequate coverage for future disasters and immediately conduct outreach efforts in North Carolina and South Carolina resolved Recommendations 1 and 2. Management’s response did not resolve Recommendation 3; therefore, we will seek resolution in accordance with our audit follow-up policy.

This Office of Inspector General (OIG) Healthcare Facility Inspection program report describes the results of a focused evaluation of the care provided at the Hershel “Woody” Williams VA Medical Center in Huntington, West Virginia. 

This evaluation focused on five key content domains:
     •    Culture
     •    Environment of care
     •    Patient safety
     •    Primary care
     •    Veteran-centered safety net

The OIG issued one recommendation for improvement in one domain:
   1.    Environment of care
     •    Safe and clean environment