Federal Reports

The Federal Information Security Modernization Act of 2014 requires the Office of Inspector General to conduct an annual independent evaluation to determine whether the Department of Energy’s unclassified cybersecurity program adequately protected its data and information systems during the fiscal year. As part of that evaluation, the Office of Inspector General is required to assess the Department’s cybersecurity program according to Federal Information Security Modernization Act of 2014 security metrics issued by the Department of Homeland Security, the Office of Management and Budget, and the Council of the Inspectors General on Integrity and Efficiency.We conducted this evaluation to determine whether the Department’s unclassified cybersecurity program adequately protects data and information systems.Our fiscal year 2021 evaluation determined that the Department, including the National Nuclear Security Administration, had taken actions to address many previously identified weaknesses related to its unclassified cybersecurity program. Weaknesses included areas related to: risk management, supply chain risk management, configuration management, identity and access management, data protection and privacy, security training, information security continuous monitoring, incident response, and contingency planning. Many of the deficiencies were similar in type to those identified in our prior evaluations.The identified weaknesses in the Department’s unclassified cybersecurity program occurred for a variety of reasons. For instance, weaknesses related to configuration management, information security continuous monitoring, and contingency planning generally occurred because of deficiencies in related processes and procedures. In addition, some of the identity and access management issues we identified occurred because officials were unaware of current account management requirements. To correct the cybersecurity weaknesses identified throughout the Department, we made 61 recommendations to programs and sites during fiscal year 2021 including those identified during this evaluation and in other issued reports. Corrective actions to address each of the recommendations, if fully implemented, should help to enhance the Department’s unclassified cybersecurity program. Management concurred with the recommendations issued to programs and sites related to improving the Department’s overall cybersecurity program.

The U.S. Postal Service enters into customer agreements to provide customers with customized shipping solutions and mailing incentives. These agreements provide mutual benefits for the Postal Service and its customers. One type of customer agreement is a Negotiated Service Agreement (NSA), which is a contractual agreement between the Postal Service and a specific mailer that gives the mailer customized pricing in exchange for meeting volume and mail preparation requirements. During fiscal years (FY) 2019 to 2021, the number of domestic competitive NSAs decreased from 977 to 801 (18 percent), revenue increased from [redacted], and volume increased from [redacted] (105 percent each). Our objective was to summarize the results of our recent audits of customer compliance with five NSAs.

The former counselor did not appropriately notify the Ethics Office of employment negotiations and misused their position regarding former associates.

As part of our annual audit plan, we audited costs billed to the Tennessee Valley Authority (TVA) by Williams Plant Services, LLC (Williams) under Contract No. 10728 for managed task construction and modification work at TVA's nuclear facilities. The contract provided for TVA to compensate Williams for these services on either a time and materials or fixed price basis. Our objective was to determine if costs billed to TVA were in accordance with the contract's terms. Our audit scope included approximately $34.1 million in costs billed to TVA from January 1, 2019, through September 18, 2020.In summary, we determined Williams overbilled TVA $549,911, including (1) $359,753 in unapproved subcontractor costs, (2) $30,802 in excessive and ineligible fee applied to subcontractor costs, (3) $107,080 in ineligible temporary living allowance and travel costs, (4) $29,840 in unsupported and ineligible labor costs, (5) $14,209 in ineligible material costs, and (6) $8,227 in credits not received by TVA (which have since been recovered by TVA).In addition, we noted several opportunities to improve contract administration by TVA. Specifically, (1) TVA approved and implemented a contract rate attachment that contained incorrect craft labor rates, (2) TVA paid invoices under an incorrect contract, and (3) the contract contained inconsistent compensation terms for nonmanual labor.(Summary Only)

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report provides a focused evaluation of the quality of care delivered in the inpatient and outpatient settings of the Hershel “Woody” Williams VA Medical Center and multiple outpatient clinics in Kentucky, Ohio, and West Virginia. The inspection covers key clinical and administrative processes that are associated with promoting quality care. This inspection focused on Leadership and Organizational Risks; COVID-19 Pandemic Readiness and Response; Quality, Safety, and Value; Registered Nurse Credentialing; Medication Management: Remdesivir Use in VHA; Mental Health: Emergency Department and Urgent Care Center Suicide Risk Screening and Evaluation; Care Coordination: Inter-facility Transfers; and High-Risk Processes: Management of Disruptive and Violent Behavior.At the time of the OIG inspection, all leadership positions were permanently assigned and the executive team had worked together for over one year. The Director and Chief of Staff were assigned in February 2014 and June 2020, respectively. Employee survey data revealed an opportunity for the Director to decrease staff feelings of moral distress at work. Patient experience survey scores generally reflected similar or higher care ratings than the VHA averages, although leaders appeared to have an opportunity to improve female patients’ primary care access. The OIG’s review of the medical center’s accreditation findings did not identify any substantial organizational risk factors. However, the OIG identified concerns with conducting institutional disclosures for sentinel events. Executive leaders were knowledgeable about selected data used in Strategic Analytics for Improvement and Learning models and should continue efforts to sustain and improve performance.The OIG issued six recommendations for improvement in four areas:(1) Leadership and Organizational Risks• Institutional disclosures(2) Quality, Safety, and Value• Systems Redesign Coordinator meeting participation• Surgical work group meetings(3) Care Coordination• Inter-facility transfer form completion(4) High-Risk Processes• Disruptive behavior committee meeting attendance