Federal Reports

The Federal Information Security Modernization Act (FISMA) requires Federal agencies to have an annual independent evaluation of their information security programs and practices. This evaluation is to be performed by the agency’s Office of Inspector General or by an independent external auditor to determine the effectiveness of such programs and practices. The U.S. Department of the Interior (DOI) contracted with KPMG, an independent public accounting firm, to complete a FISMA audit for fiscal year 2020.KPMG reviewed information security practices, policies, and procedures at the DOI Office of the Chief Information Officer and 11 DOI bureaus and offices. The audit revealed that improvements were needed in the areas of risk management, configuration management, identity and access management, the data protection and privacy program, the security training program, and contingency planning. Based on these findings, KPMG made 32 recommendations intended to strengthen the DOI’s information security program as well as those of the bureaus and offices.The DOI’s Office of the Chief Information Officer has concurred with all 32 recommendations and established a target completion date for each corrective action.

Our ongoing review of the use of Coronavirus Aid, Relief, and Economic Security (CARES) Act funds has identified a significant number of transactions that appear to be impermissible split purchases and that reflect possible misuse of U.S. Department of the Interior (DOI) purchase cards. We are examining some of these transactions as potential fraud. Previous investigative and audit reports from our office have identified gaps in bureau oversight of the DOI’s Government Purchase Card Program.Until effective controls are implemented and enforced consistently throughout all bureaus and offices, the DOI’s Government Purchase Card Program will continue to be at risk for improper purchases and other noncompliance with applicable laws and regulations.In this management advisory we describe findings related to our review of pandemic-related DOI purchase card transactions, specifically (1) a number of transactions that appeared to be prohibited split purchases and (2) ineffective or missing internal controls over purchase card use. We make three recommendations to help the DOI prevent fraud, waste, and mismanagement in its Government Purchase Card Program.

To see our report, click on the link below

The evaluation of AmeriCorps grants awarded to the Maine Commission for Community Service (the Commission) and one of its 14 subgrantees (LearningWorks) identified questioned Federal costs of $254,014, questioned match costs of $592,737, and compliance findings, covering the three years beginning January 1, 2016. The questioned costs arose from insufficient support for the valuations attached to in-kind claimed for contributed classroom and office space and labor donated by participating schools.The Commission and LearningWorks responded jointly to address the report’s findings and recommendations. The Commission agreed to improve its subgrantee monitoring and to train its staff regarding how to support in-kind match contributions. LearningWorks continues to assert that it properly valued and supported the in-kind match donations but nevertheless agreed to improve its documentation. AmeriCorps generally concurred with our recommendations and will resolve the questioned costs during audit resolution. Further, AmeriCorps promised to work with the Commission to strengthen its internal controls surrounding acceptable in-kind documentation from its subgrantees.

We identified violations of U.S. Immigration and Customs Enforcement (ICE) detention standards that threatened the health, safety, and rights of detainees. La Palma Correctional Center (LPCC) complied with the ICE detention standard regarding classification. However, detainee reports and grievances allege an environment of mistreatment and verbal abuse, including in response to peaceful detainee protests of the facility’s handling of the pandemic. In addressing the coronavirus disease 2019 (COVID-19), LPCC did not enforce ICE’s precautions including facial coverings and social distancing, which may have contributed to the widespread COVID-19 outbreak at the facility. In addition, LPCC did not meet standards for medical care, segregation, grievances, or detainee communication. We found that the medical unit was critically understaffed, took an average of 3.35 days to respond to detainee sick call requests, and neglected to refill some prescription medications. We also found the facility was not consistently providing required care for detainees in segregation and did not consistently record medication administration and daily medical visits for segregated detainees. Our grievance review revealed that LPCC did not give timely responses to most detainee grievances and, in some cases, did not respond at all. Finally, we found deficiencies in staff-detainee communication practices. Specifically, LPCC did not keep records of detainee requests and ICE did not provide a Deportation Officer visit or call schedule for detainees. We made eight recommendations to ICE’s Executive Associate Director of Enforcement and Removal Operations (ERO) to ensure the Phoenix ERO Field Office overseeing La Palma addresses identified issues and ensures facility compliance with relevant detention standards. ICE concurred with three of the eight recommendations.

Prior OIG work found that Medicare inappropriately paid for services that were billed as being distinct or significant and separately identifiable from other services provided on the same day. Our analysis showed that in 2018, an ophthalmology clinic in California (the Clinic) frequently billed for other services as being unrelated to, distinct from, or significant and separately identifiable from intravitreal (inside the eye) injections of the drugs Eylea and Lucentis.Our objective was to determine whether the Clinic complied with Medicare requirements when billing for intravitreal injections of Eylea and Lucentis and for other services provided on the same day as the injections.

We are proud to present the vision of the AOC OIG for the next five years that includes goals to continue efficiency and effectiveness of our internal processes and strengthens our statutory mission of independent oversight of the AOC’s programs and operations.

The Postal Service is required to maintain a safe and healthy environment for both employees and customers in accordance with its internal policies and procedures and Occupational Safety and Health Administration (OSHA). Our objective was to determine if Postal Service management is adhering to building maintenance, safety and security standards, and employee working condition requirements at post offices.

The EPA’s inspection frequency of Treatment, Storage, or Disposal Facilities with Resource Conservation and Recovery Act units closed with waste in place does not meet the EPA’s statutory requirement or policy.