Federal Reports

The VA Office of Inspector General (OIG) assessed allegations that San Diego VA Medical Center (facility) staff provided an inadequate evaluation of cognitive functioning, suicide risk, grave disability, and care coordination for a patient who died approximately six hours after leaving the facility. The OIG also evaluated a concern about mental health emergency response (code green) policy and practice inconsistencies.In early 2022, facility police officers (Officers 1 and 2) responded to a report that the patient “was loitering.” The patient denied needing assistance and planned to remain on VA property overnight. The patient made threatening statements after being told the patient’s vehicle would be towed due to a suspended vehicle registration and the patient not having a valid drivers’ license. Officer 2 escorted the patient to the Emergency Department, and a nurse called a code green.The code green team resident physician determined that the patient did not meet criteria for a psychiatric hold. Officer 2 provided the patient with transportation options. Later the Officers saw the patient, who refused to check in to the Emergency Department. The Officers walked the patient off VA property. Approximately six hours later, the patient’s death was reported to the Medical Examiner’s Office after an interstate driver reported having struck the patient.The OIG did not substantiate that facility staff failed to adequately evaluate the patient’s cognitive functioning, suicide risk, and grave disability. The OIG substantiated that staff failed to coordinate the patient’s care. The code green team leader inaccurately documented having “passed care.” The OIG concluded that staff appropriately respected the patient’s right to decline care when the patient later refused services.The OIG found inconsistencies between policy and practice in the patient’s code green event.The OIG made two recommendations to the Facility Director related to code green documentation and policy.

To see the interactive report, click here: https://oig.justice.gov/reports/federal-bureau-prisons-efforts-maintain…

What We Looked AtWe queried and downloaded 74 single audit reports prepared by non-Federal auditors and submitted to the Federal Audit Clearinghouse between January 1, 2023 and March 31, 2023, to identify significant findings related to programs directly funded by the Department of Transportation (DOT). What We FoundWe found that reports contained a range of findings that impacted DOT programs. The auditors reported 36 incidents of significant noncompliance with Federal guidelines related to 15 grantees that require prompt action from DOT’s Operating Administrations (OA). Of the 36 findings, 21 were repeat findings related to 8 grantees. The auditors also identified questioned costs totaling $14,886,138 for six grantees. Of this amount, $7,612,623 was related to the Crow Tribe of Indians, $5,472,288 was related to Pit River Tribe, and $1,146,291 was related to the COVID-19 formula grants of the Suburban Mobility Authority for Regional Transportation, Detroit, MI. Additionally, we identified nonmonetary repeat findings that caused a disclaimer of opinion for the Crow Tribe of Indians, Crow Agency, MT. RecommendationsWe recommend that DOT coordinate with the impacted OAs to develop a corrective action plan to resolve and close the findings identified in this report. We also recommend that DOT determine the allowability of the questioned transactions and recover $14,886,138, if applicable.

Evaluation of the FLRA's Preparedness Against Cyber Security Attacks

OIG identified the prevention measures that Forest Service established for recreation sites in response to the COVID-19 pandemic.

The lack of vulnerability scans increases the risk that vulnerabilities are not identified and remediated in a timely manner and could result in data loss or disruption to Agency operations.

The Federal Information Security Modernization Act of 2014 (FISMA) requires the Office of Inspector General to conduct an annual independent evaluation to determine whether the Department of Energy’s unclassified cybersecurity program adequately protected its data and information systems. As part of that evaluation, the Office of Inspector General is required to assess the Department’s cybersecurity program according to FISMA security metrics issued by the Office of Management and Budget and the Council of the Inspectors General on Integrity and Efficiency.We conducted this evaluation to determine whether the Department’s unclassified cybersecurity program adequately protected data and information systems. Our fiscal year 2022 FISMA evaluation determined that the Department, including the National Nuclear Security Administration, had not taken appropriate actions to address many previously identified weaknesses related to its unclassified cybersecurity program. Although actions were taken to close 23 of 61 recommendations from our prior evaluations, 38 recommendations remained open. We also issued 35 new recommendations, many of which were similar in type to the deficiencies identified in our previous reports.The weaknesses identified occurred for a variety of reasons. For instance, weaknesses related to system integrity of web applications generally occurred because the applications were configured without adequate security controls designed to reject malicious input. In addition, identity and access management weaknesses occurred because officials were unaware of, or had not implemented, current account management requirements.To correct the cybersecurity weaknesses identified throughout the Department, we made 73 recommendations (of which 38 were made during prior evaluations) to the Department’s programs and sites, including those identified during this evaluation and in other issued reports. Specific recommendations were made to each of the locations where weaknesses were identified. Corrective actions to address each of the recommendations, if fully implemented, should enhance the Department’s unclassified cybersecurity program. Management concurred with all but two recommendations issued to programs and sites related to improving the Department’s cybersecurity program.