An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
U.S. Postal Service
Mail Delivery, Customer Service, and Property Conditions Review – Marian Oldham Station, St. Louis, MO
This interim report presents the results of our self-initiated audit of mail delivery, customer service, and property conditions at the Marian Oldham Station in St. Louis, MO (Project Number 22-115-4). The Marian Oldham Station is in the Kansas-Missouri District of the Central Area and services ZIP Codes 63106 and 63108,1 which serve about 32,922 people and are considered to be urban. We judgmentally selected the Marian Oldham Station based on the number of customer inquiries per route that the unit received. From December 1, 2021 through February 28, 2022, the unit received 13.03 inquiries per route, which was more than the average of 7.02 inquiries per route for all sites serviced by the St. Louis Processing and Distribution Center (P&DC).
This interim report presents the results of our self-initiated audit of mail delivery, customer service, and property conditions at the Saint Peters Main Post Office (MPO) in Saint Peters, MO (Project Number 22-115-1). The Saint Peters MPO is in the Kansas-Missouri District of the Central Area and services ZIP Code 63376, which serves about 71,535 people and is considered to be urban. We judgmentally selected the Saint Peters MPO based on the number of customer inquiries per route the unit received. From December 1, 2021 through February 28, 2022, the unit received 12.54 inquiries per route, which was more than the average of 7.02 inquiries per route for all sites serviced by the St. Louis Processing and Distribution Center (P&DC).
- Identify Fiscal Year risk metrics associated with the cybersecurity control areas included in the scope of our evaluation. - Determine maturity levels for the four aforementioned cybersecurity control areas using a defined maturity model spectrum. - Report findings identified during the performance of evaluation procedures over selected cybersecurity controls.
What OIG Found:
- Lack of Signed IT Contingency Plans - Lack of Complete and Accurate Inventory of Hardware Assets - Lack of Formal Policies and Procedures for Software Asset Management - Lack of Periodic Review/Update over the Library’s Organization-Tier Policies - Lack of Annual System Security y Plan Compliance Reviews - Inconsistent System-Level Ongoing Control Assessments - Inconsistent Completing and Reviewing of Security y Assessments Reports
What OIG Recommends:
- Confirm and enforce a quality y control procedure to ensure that IT CPs are signed by the responsible personnel (Information System Business Owner, its ervice Operations Director, and Business Continuity y and Disaster Recovery Official) and uploaded to the Library’s governance risk and compliance (GRC) platform, as required by Library policies. 2.1 Develop formal procedures for maintaining an up-to-date inventory of hardware assets and removing unauthorized or unmanaged hardware assets in a timely manner. - Implement tools to a) track and monitor or all authorized hardware assets on the Library network and b) report or prevent unauthorized devices connecting to the network. - Maintain a complete, accurate, and centralized repository of all hardware assets connected to the Library network. - Develop and implement formal policies and procedures over their process for maintaining an up to-date software inventory that incorporates security y controls requirements from National Institute of Standards and Technology Special Publication (SP) 800-53, Configuration Management (CM-8), and industry practices from National Institute of Standards and TechnologySP 800-37 and National Institute of Standards and TechnologySP 800-128. - Complete the implementation of its Configuration Management Database (CMDB) to track and manage the inventory of software assets. - Identify Fiscal Year and authorize backup personnel to perform the annual review of the Library Security &A Guidance and Library Information Security y Continuous Monitoring (ISCM) Guidance in the event that the responsible personnel is unavailable. - Identify Fiscal Year and authorize backup personnel to perform the annual System Security Plan (SSP) compliance review in the event that the responsible personnel is unavailable. - Remediate or enter Plan of Action and Milestones (POA&Ms) for control assessment discrepancies associated with relevant information systems so they are in alignment with the Library’s policies and procedures and notifying the Authorizing Official (AO) of all updates or changes. - Identify Fiscal Year adequate resources to perform system control assessments. - Enhance the Library’s procedures for validating the completion and tracking of ongoing control assessments to ensure they are being performed in accordance with the Library’s policies and procedures. - Complete Security Assessment Reports (SARs) for the respective systems and notifying the AO of the results. - Implement a quality control process to validate the completion of SARs in accordance with the Library’s policies and procedures.
Financial Audit of the Power Transmission System for Wind Project in Sindh Wind Corridor in Pakistan Managed by National Transmission and Dispatch Company Limited, Grant 391-PEPA-ENR-WTL-00, for the Fiscal Year that Ended June 30, 2021
Financial Closeout Audit of MCC Resources Managed by Millennium Challenge Coordinating Unit Sierra Leone Under the Threshold Agreement, April 1, 2021, to July 29, 2021
Our objective for this report was to assess the company’s efforts to address challenges in recruiting and retaining skilled engineering managers as it recovers from the pandemic and builds for the future.We found that the company is fully aware of the difficulties of recruiting and retaining skilled engineering managers in today’s labor market and has taken steps to address them. These steps include establishing meaningful pay differences between managers and subordinates, benchmarking management compensation with market rates, increasing salaries for field engineers, and offering one-time bonuses to entice agreement employees to move into management positions. In addition, the company recently commissioned a compensation analysis that will benchmark its salaries and determine appropriate rates for management positions company-wide. The analysis, scheduled to be completed this summer, is the first such review since 2014. We also found that the company has additional opportunities to build on these efforts, to include codifying existing policies on compensation and using workforce data to assess the effectiveness of its recruitment and retention effort for engineering managers.To address the report’s findings, we recommended that the company 1) establish formal compensation policies that define a schedule for regularly conducting analyses to identify whether the company is offering market-competitive salaries and communicate the policy to all relevant parties, 2) routinely analyze common workforce metrics such as employee turnover and share the metrics with relevant departments through existing workforce management tools, and 3) Use the common workforce metrics to assess the effectiveness of recent efforts to address compensation or work-life balance issues and determine whether further adjustments are needed.
The Office of Inspector General (OIG) is initiating an audit of Third-Party Service Provider Agreements. Our overall objective is to determine the extent to which the services provided by third-party organizations align with the terms of existing service agreements.
