Federal Reports

Why We Did This Report
The Government Charge Card Abuse Prevention Act of 2012, Pub. L. 112-194, and Office of Management and Budget Circular No. A-123, Appendix B, A Risk Management Framework for Government Charge Card Programs, directs each head of an executive agency with more than $10 million in purchase card spending annually, and each inspector general of such an executive agency, to submit to the OMB director, on a semiannual basis, a joint report on purchase card violations.

Summary
The U.S. Environmental Protection Agency prepared the Semiannual Report on Purchase Charge Card Violations for the period of October 1, 2023, to March 31, 2024, which is attached to this letter. The EPA reported no violations for the period. No additional information inconsistent with the EPA's violation report for the reporting period came to our attention. Additionally, we received no allegations of misuse of the government purchase card for the semiannual period.

Report Type
Audit
Report sub-type
Congressional Reporting
Office
Business Operations (BOD)

What Office of Inspector General Investigated:

The Library OIG engaged Sikich to conduct a performance audit of the Library’s IT inventory controls for end user devices to determine the accuracy of the Library’s inventory, the validity of the procure-to-disposal process, and the effectiveness of controls in operation.

What Office of Inspector General Found: 

• The Library’s inventory for end user devices did not accurately reflect its current information system   
• The Library’s IT asset records were not current and complete
• The Library has inadequate controls over the tracking of digital media devices through sanitization and destruction prior to final disposition.
• The Library stopped requiring property passes for Library GFE but did not update its related policies and procedures.

What Office of Inspector General Recommends: 

1.1 Complete the inventory of Library end user devices being conducted at the time of this audit, to include all MFDs, including those that are leased.  

2.1 Complete OCIO’s development and implementation of an automated IT asset management solution.

2.2 Finalize the development of formal procedures for maintaining an up-to-date inventory of hardware assets, from acquisition to final disposition, including all end user devices and  MFDs, as well as such devices purchased without the involvement of Library logistics  personnel. 3.1 Update LCD 8-330.1 to assign responsibility for the sanitization and destruction of digital media devices. 

3.2 Develop a formal process to document the OCIO and ISS responsibilities, procedures, and recordkeeping controls necessary to effectively track digital media devices through  sanitization and destruction prior to the devices’ final disposition."       

 4.1 Revise LCR 8-320, as well as other regulations and directives as appropriate, to  accurately reflect the Library’s desired operational control environment related to laptop and government mobile device physical security and the use of property passes.

In response to the terror attacks of 9/11, the First Responder Network Authority (FirstNet Authority) was established in 2012 as an independent authority within the National Telecommunications and Information Administration (NTIA) to oversee a national communications network dedicated to emergency responders and public safety.In March 2017, FirstNet Authority signed a 25-year contract with AT&T for the construction and operation of the Nationwide Public Safety Broadband Network (NPSBN). The contract requires the NPSBN (commonly known as FirstNet) to be a resilient, secure, and highly reliable broadband service with availability 99.99 percent of the time.On February 22, 2024, AT&T customers, including FirstNet customers, experienced a nationwide outage of services. According to FirstNet Authority, the NPSBN was affected by the outage for about 3 hours. We met with 10 public safety agencies from fire, police, and emergency medical services disciplines to determine the impact of the outage. Although impacts to public safety agencies across the country varied, 9 of 10 agencies we spoke with were not contacted by AT&T or FirstNet Authority when the outage occurred. We also found that the impacted agencies had to rely on their own contingency plans to maintain communication during the approximately 3-hour NPSBN outage.Notification of an outage and transparency regarding network performance are essential to maintaining confidence in the NPSBN within the public safety community. Without a reliable communication network during the outage, the safety of our nation’s first responders was jeopardized and their ability to perform their critical mission was compromised.We proposed two actions for change to NTIA and FirstNet Authority to address the concerns presented in this management alert.