Federal Reports

As directed under the MISSION Act, VA created clinical resource hubs to improve healthcare access for veterans in underserved areas. The hubs backstop medical facilities in each regional Veterans Integrated Service Network (VISN) that do not have enough clinical staff due to attrition, recruiting difficulties, or growth in the veteran population. Hub physicians see most patients virtually. Encounters increased from almost 482,000 in fiscal year (FY) 2021 to about 1.2 million in FY 2024.

The OIG team found that despite the increase in patient encounters, physicians in some hub primary care and specialty group practices—such as cardiologists, dermatologists, and psychiatrists and psychologists—generally did not appear to meet established minimum productivity thresholds. The apparent failure to meet these thresholds may have been caused by gaps and inaccuracies in the data used to measure productivity. The available data did not consistently give physicians credit for work documented at a spoke site (where a veteran presents for care), recognizing only work documented at the facility to which the hub physician’s labor is mapped. Moreover, VHA lacked formal guidance on how hubs should measure and monitor specialty physician productivity. Hub officials simply relied on indicators like the number of patient encounters and veterans served, instead of using standardized productivity metrics that factor in the complexity of each visit. The lack of guidance also prevented VHA from identifying and remediating underperforming hub services.

The OIG recommended VHA improve data, issue guidance on which productivity measures apply to hub physicians, and clarify who should monitor productivity and take corrective action when targets are not met. These steps will help VHA evaluate whether the ever-increasing investment in hubs is justified and the number of veterans served is optimized. VHA agreed with the recommendations.

What Was Reviewed 

The U.S. International Development Finance Corporation Office of Inspector General (OIG) contracted with the independent public accounting firm RMA Associates, LLC (RMA) to audit DFC’s charge card program in accordance with Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act). The Charge Card Act requires the OIG to conduct periodic reviews of DFC’s charge card program for illegal, improper, or erroneous transactions to prevent fraud, delinquency, or misuse. 

The objectives of this audit were as follows: 

1. To determine the scope, frequency, and number of audits or reviews, conduct a risk assessment to assess, identify, and analyze the risks of illegal, improper, or erroneous purchases and payments within DFC’s charge card program. 

2. Address the requirements of the Charge Card Act, OMB and General Services Administration (GSA) requirements and standards. 

What Was Found 

In its audit of DFC, RMA found that DFC implemented an effective Government Charge Card Program for FY 2024. As a result, there were no recommendations. RMA concluded that based on the results of their review of the current information, the results of their sample testing, and Appendix B guidance, that the next audit of the charge card program should be in FY 2026 for FY 2025 transactions. There were no prior year recommendations findings and all recommendations prior to 2022 were closed.

Report on the results of our performance audit of the Maryland State Arts Council (MSAC) for the period of August 1, 2021 through July 31, 2024. During this period the National Endowment for the Arts (Arts Endowment) closed four MSAC awards, totaling $4,545,800 in Arts Endowment funds and $24,614,504 in total reported costs. 

U.S. Customs and Border Protection (CBP) did not effectively manage and secure its mobile devices, resulting in vulnerabilities and higher susceptibility to cyberattacks, potential unauthorized access to law enforcement and operational sensitive information, and waste and abuse from under- or over-usage.  Specifically, we found that CBP did not: • Consistently implement required security settings to protect its mobile devices or mitigate risks from applications installed on these devices; • Use its mobile device management system to fully manage and secure its mobile devices; • Address software vulnerabilities within the mobile device management system; • Increase monitoring and protection for devices used outside the United States, which are at a higher risk of cyberattacks; • Perform required steps to reduce risks associated with the disposal, loss, or theft of its mobile devices; and • Monitor its mobile devices for under- or over-usage. CBP allowed mobile devices to operate without completing a security authorization process to ensure required security controls; did not establish or implement sufficient security policies and processes; relied on unclear or contradictory guidance; and did not address its increased mobile device losses.  Moreover, the Department did not provide oversight to ensure that CBP fulfilled DHS requirements for monitoring mobile devices outside the United States and CBP did not enforce its policies.