Federal Reports

Why We Did This Report

This report describes an issue that the U.S. Environmental Protection Agency Office of Inspector General identified during its audit of the U.S. Infrastructure Investment and Jobs Act-funded IRL Council for the Indian River Lagoon National Estuary Program grant program.
 

Summary of Findings

The EPA OIG found that the IRL Council did not complete or submit any of the required Federal Financial Reports, or FFRs, for the first two years of its award and stated the reason was that the EPA did not request annual FFRs. This raised concerns that the EPA was not requiring any National Estuary Program, or NEP, award recipients to submit FFRs annually as mandated by 2 C.F.R. § 200.328.

Today, the U.S. Consumer Product Safety Commission Office of Inspector General released their semiannual report for the reporting period ending September 30, 2025.  The report is part of the semiannual requirement to communicate OIG oversight activities of the CPSC to Congress and the American people.

We found that ONRR did not appropriately identify, assess, issue, and collect penalties related to mineral and energy leases.

The Department of Game and Fish should take steps to improve its leave allocation process, as well as subaward and equipment management.

Beginning in 2021, the U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG) conducted several audits to assess HUD’s anti-fraud efforts and to develop inventories of fraud risks for several of its programs. Our previous work found that HUD’s fraud risk management program was in its early stages of development and we recommended that HUD perform program-specific fraud risk assessments and incorporate these assessments into an agency-wide plan to further advance its program. To continue assisting HUD in improving its anti-fraud efforts, we conducted this work to identify potential fraud risks and schemes that could negatively impact HUD’s Office of Community Planning and Development disaster recovery funding.

CPD had made progress in its efforts to identify fraud risks for its disaster recovery program. Specifically, CPD identified several fraud risks at the disaster recovery program level and documented them in a fraud risk inventory. To further assist CPD with its fraud risk efforts, we developed our own fraud risk inventory that includes additional fraud risks. To develop our inventory, we first identified seven fraud risk factors affecting disaster recovery funding that increase the chance of fraud by heightening the incentives, opportunities, and likelihood for rationalization by individuals inclined to commit fraud. We then used those fraud risk factors, along with the results of brainstorming sessions, interviews, and reviews of audit reports, investigations, press releases from HUD’s Office of Inspector General (HUD OIG) and other Federal agencies, to develop the inventory containing 57 potential fraud risks, 20 of which CPD had previously identified in its fraud risk inventory. Fraudulent misappropriation of disaster recovery funding undermines program integrity, compromises taxpayer dollars, and hinders disaster recovery efforts, ultimately harming the affected communities.

We recommend that HUD’s Office of Community Planning and Development (CPD) improve its anti-fraud efforts by using the fraud risk inventory our office developed and its Office of the Chief Risk Officer’s risk catalog. We also recommend involving key stakeholders in the disaster recovery program’s risk identification process and communicating the identified fraud risks to relevant stakeholders, such as grantees and subrecipients, to enhance fraud prevention, detection, and response efforts within HUD and grantees’ disaster recovery programs. We further recommend that CPD use its fraud risk inventory to help identify data needs and potential system enhancements to improve its ability to monitor and respond to fraud risks in the Disaster Recovery program.

Due to the importance of protecting the Tennessee Valley Authority’s (TVA) operations from external cyber events, we performed an audit of TVA’s transmission control center network cybersecurity. The audit objective was to determine if TVA has sustainable processes for identifying, implementing, and managing the network architecture to reduce the overall cybersecurity risk to TVA resources in their transmission networks.  The audit scope was limited to TVA’s transmission control center network.  We made one recommendation to TVA management. The specifics are being withheld from public release due to their sensitive nature in relation to TVA’s cybersecurity.