Federal Reports

On 18 December 2015, Congress enacted the Cybersecurity Information Sharing Act of 2015 (6 U.S.C. § 1501 et seq.) (the Act) to improve cybersecurity in the United States through enhanced sharing of cyber threat information. The Act creates a framework to facilitate and promote the voluntary sharing of cyber threat indicators (CTIs) and defensive measures (DMs) among Federal and between Federal and non-Federal entities. The Act required the Inspectors General of the “appropriate Federal entities,”
defined as the Departments of Commerce, Defense, Energy, Homeland Security, Justice, and the Treasury, and the Office of the Director of National Intelligence, in consultation with the Inspector General of the Intelligence Community, and the Council of Inspectors General on Financial Oversight, to jointly report to Congress by 18 December every two years, on the actions of the appropriate Federal entities to carry out the Act over the most recent two-year period. This report meets the biennial joint reporting requirement.

The FCC financial statements were fairly presented in all material respects, in conformity with U.S. generally accepted accounting principles. In addition, Kearney did not find any reportable instances of noncompliance with laws, regulations, and contracts applicable to FCC. The report includes two significant deficiencies with 28 recommendations for improvement. 

For Oversight reporting, the FCC financial Statements (25-AUD-06-01) reported 1 recommendation and 27 recommendations for FISMA (25-EVAL-04-01).

The independent public accounting firm of McBride, Lock & Associates, LLC, under contract with the Office of Inspector General, audited Help America Vote Act (HAVA) grants administered by the Oregon Secretary of State, totaling almost $22.1 million. This included federal funds, state matching funds, interest income, and program income earned on the reissued Section 251 and Election Security grants.

The Office of Inspector General (OIG) contracted with the independent certified public accounting firm Harper, Rains, Knight, & Company, P.A. (HRK) to audit the Commission’s financial statements and related footnotes as of September 30, 2025.  The contract requires that the audit be performed in accordance with U.S. generally accepted government auditing standards Office of Management and Budget audit guidance, Government Accountability Office/Council of the Inspectors General on Integrity and Efficiency Financial Audit Manual, and Audit Requirements for Federal Financial Statements.  HRK found:

• The financial statements present fairly, in all material respects, the Commission's financial position as of September 30, 2025, and its net cost of operations, changes in net position, and budgetary resources for the fiscal years then ended in accordance with accounting principles generally accepted in the United States of America.
• One material weakness related to the Commission not having appropriate controls in place to review the validity of material financial adjustment transactions recorded by their service provider on their behalf.
  While the report includes one material weakness related to a gap in controls over financial reporting by a shared service provider, HRK’s objective was not to provide an opinion on the effectiveness of the Commission's internal control or compliance.

The Inspector General Act of 1978, as amended, requires that the Inspector General take appropriate steps to ensure that any work performed by non-Federal auditors complies with the auditing standards established by the Comptroller General. We evaluated the independence, objectivity, and qualifications of the auditors and specialists; reviewed the plan and approach of the audit; monitored the performance of the audit; sought and obtained clarification of the auditor's methodology and findings; and reviewed HRK's reports and related audit documentation.

HRK is responsible for the attached independent auditor’s report and the conclusions expressed therein. The OIG does not express opinions on the Commission’s financial statements or internal control over financial reporting, or conclusions on compliance or other matters. The audit report provides an opinion on the Commission’s financial statements and communicates reporting requirements on internal control over financial reporting and compliance with laws and regulations.

We received an anonymous hotline complaint in January 2025 asking the Office of Inspector General to investigate a conflict of interest involving two senior CPSC officials at the Consumer Product Safety Commission.

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security (InfoSec) program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2025 annual assessment.  In FY 2025, we assessed HUD at maturity level 3, consistently implemented, for its overall InfoSec program.  HUD has made incremental progress across its InfoSec program and should continue to take steps to improve the security of its IT systems and assets, which will lead to an increase in its FISMA maturity level.  We assessed HUD’s maturity across 25 metrics.  HUD scored 3.13 in the 20 core metrics that we have assessed every year since FY 2022, and it scored 2.67 in the 5 supplemental metrics that were first assessed in FY 2025.