Federal Reports

The OIG conducted this mandated review to assess VA’s reporting of staffing and vacancy data on its public-facing website. VA is required to release this information publicly each quarter by the VA MISSION Act of 2018 (the Act). The review team found VA partially complied with Section 505 of the Act. VA reported time-to-hire data using a 100-day target instead of the Office of Personnel Management’s required 80-day target. However, VA implemented sufficient corrective actions to close three of the five recommendations from the OIG’s June 2019 report. In doing so, VA ensured compliance with reporting requirements for vacancies and employee gains and losses. Vacancies were reported by specific occupational series as required, allowing the public to see whether unfilled positions were greater in clinical or nonclinical roles. Additionally, VA properly published staffing gains and losses by quarter, as opposed to fiscal year to date. VA also improved transparency and usefulness of its data. All seven quarterly staffing and vacancy publications were posted on VA’s public website. Furthermore, in the three most recent quarterly releases, VA provided an executive summary with a brief data element synopsis for its administrations and staff offices. Finally, VA added a summary page to the staffing and vacancy spreadsheets that provided the reader with information on how to interpret the data, overall figures for the previous quarterly data releases, and the top five vacant occupations in the Veterans Health Administration. However, action is still needed to close recommendations on disclosing data limitations and updating the methodology for aggregation and reporting. The OIG recommended the assistant secretary for human resources and administration ensure that time to hire data are reported as required and confer with the Office of General Counsel to ensure that changes in reporting methodology adhere to the Act.

The Office of the Inspector General conducted a review of the Financial Operations and Performance (FO&P) organization to identify factors that could impact FO&P’s organizational effectiveness. Our report identified behaviors that positively affected FO&P. These included leadership actions and other drivers of engagement, such as positive relationships with team members and the use of an employee-driven recognition program. We also identified risks to operations that, although minimal, if left unaddressed, could hinder FO&P’s effectiveness. These included (1) risks to adequate information sharing among FO&P departments and effective customer service and (2) perceived risks to achievement of FO&P’s initiatives and operations.

Medicaid telemedicine services are health services delivered via telecommunication systems. A Medicaid patient located at a patient site uses audio and video equipment to communicate with a physician or licensed practitioner located at a distant site. Medicaid views telemedicine services as a cost-effective alternative to the more traditional face-to-face way of providing medical care.

For our audit of a sample of 124 standalone contracts and individual task orders composed of various contract types (e.g., time-and-material, labor-hour, and fixed price) that were closed during fiscal years (FYs) 2016 and 2017, our objective was to determine whether National Institute of Standards Technology (NIST), National Oceanic and Atmospheric Administration (NOAA), and U.S. Census Bureau (the Bureau) contracting personnel administered contract closeout procedures in accordance with federal and Departmental regulations.Overall, we found that—for all 124 standalone contracts and individual task orders—contracting personnel did not comply with at least one or more of the key Federal Acquisition Regulation, Commerce Acquisition Manual, and Departmental contract closeout requirements. Based on our review, the total expended value of contracts that did not fully comply with the closeout requirements was approximately $391.3 million.

A contractor providing information technology security services for Amtrak violated company policies by wrongfully uploading sensitive and proprietary Amtrak data to his personal Google cloud storage and a personally owned USB flash drive without company knowledge or approval. Our agents were able to identify and remove the company’s data from his cloud storage and flash drive. In addition, the company has remediated certain vulnerabilities and continues to take steps to address security weaknesses identified as part of our investigation.