Federal Reports

OIA allocated nearly $20 million in IIJA and IRA funding to American Samoa, Guam, and the Commonwealth of the Northern Mariana Islands.

To learn how communities across the nation responded to the pandemic, we initiated a multi-part review of six communities—two cities, two rural counties, and two Tribal reservations. This report is the third community-specific report and focuses on our work in Sheridan County, Nebraska, where we previously identified that recipients, including city government, small businesses, and individuals, received almost $61 million from 31 pandemic relief programs and subprograms. This report provides a closer look at six pandemic programs and subprograms provided to Sheridan County by six federal departments.

For nearly 25 years, astronauts have continuously lived and worked onboard the International Space Station. As the Station ages, NASA will be challenged to ensure the safety of astronauts aboard and to sustain continuous operations, which includes conducting science and research and maintaining the ISS. At the same time, the Agency will need to develop capabilities to safely deorbit the ISS. In this audit, we examined NASA’s management of risks to sustaining ISS operations through 2030, ensuring crew and operational safety and conducting a safe, controlled deorbit in 2031.

The AmeriCorps Office of Inspector General (OIG) has identified concerns regarding the award, management, and oversight of a contract for AmeriCorps’ new grants management system. Specifically, this alert identifies several factors contributing to cost overruns that will likely exceed $9 million—more than double the amount of the original contract—including the choice of a firm-fixed price contract for a project with uncertain requirements, a lack of technical expert involvement in contract oversight, and the descoping of contract tasks to accommodate cost overruns. While the OIG has not yet undertaken a full review of the allegations received, information collected to date warrants alerting AmeriCorps leadership of these concerns so that management has timely information to mitigate these risks in its ongoing management of this and other major contracts. AmeriCorps oversees many contracts, including other contracts related to IT modernization. As set forth below, AmeriCorps OIG suggests specific steps that AmeriCorps take to improve its contract management practices and avoid wasteful contract overruns.

The VA Office of Inspector General’s (OIG’s) Mental Health Inspection Program (MHIP) evaluates Veterans Health Administration’s (VHA’s) continuum of mental healthcare services. This inspection focused on the inpatient care delivered at the VA Augusta Health Care System (HCS) in Georgia. Augusta HCS met some VHA requirements for inpatient mental health units, such as the presence of a mental health executive council, completion of twice-yearly environment of care inspections, and a plan for continued transformation to recovery-oriented services. A review of electronic health records indicated veterans and the interdisciplinary treatment team were involved in treatment planning, and most veterans had documented safety plans. However, some records did not include evidence of timely suicide risk screening. Discharge instructions were typically difficult to understand and lacked important details for appointment follow-up and medication management.The OIG was concerned about access to inpatient mental health care. Specifically, the high volume of community referrals contrasted with Augusta HCS’s low bed utilization. The OIG identified communication gaps between Augusta HCS and mental health leaders regarding the explanations for beds being out of service, causes of low bed utilization, and process improvement efforts to address these concerns.The inpatient unit’s physical environment incorporated natural sunlight in some common areas, but needed cosmetic improvements in sleeping areas and contained toilets with ligature points that posed a safety risk. Additionally, many inpatient unit staff did not have evidence of completed trainings on environment of care inspection requirements or suicide prevention strategies. As a result of its findings, the OIG issued 21 recommendations to Augusta HCS and Veterans Integrated Service Network leaders. These recommendations, once addressed, may improve the quality and delivery of veteran-centered, recovery-oriented care on the inpatient mental health unit and beyond.

In January 2023, the VA Office of Inspector General (OIG) received a hotline allegation that Network Contracting Office (NCO) 12 participated in unethical sole-source contracting practices while procuring cardiothoracic services contracts at the Captain James A. Lovell Federal Health Care Center in North Chicago, Illinois, with a nonaffiliate contractor. The OIG referred the complaint to Regional Procurement Office (RPO) Central, the responsible VA office. RPO Central in March 2023 asked the Medical Sharing Office/Affiliate National Program Office (MSO) to determine whether contract reviews were circumvented. One month later, the MSO completed its investigation and found contracting officers made decisions that indicated a preference to avoid review processes and not maximize competition. Contracting officers also did not publicly post sole-source acquisition justifications as required. NCO 12 disagreed with the MSO’s findings.The OIG reviewed whether NCO 12 participated in improper sole-source procurement and to determine whether the results of the MSO investigation were resolved. The OIG substantiated that NCO 12 avoided the MSO review process by regularly awarding short-term contracts since 2012 to avoid a lapse in service. Although NCO 12 did not violate VHA policy, the OIG found that contracting officials were not effective at ensuring their strategies for acquiring cardiothoracic services at Lovell were in the best interest of the government and in keeping with the latest VA clinical care standards.Because RPO Central has not resolved the issues MSO identified, it did not comply with the requirement to maintain effective internal controls intended to support efficient operations. Unless RPO Central directs NCO 12 to submit contracts for MSO review, these practices may continue.The OIG made four recommendations to correct the deficiencies identified and ensure the best interests of the government is served in contracting for cardiothoracic services at Lovell.

The Cybersecurity and Infrastructure Security Agency (CISA) addressed the basic information-sharing requirements of the Cybersecurity Act of 2015. In calendar years 2021 and 2022, CISA updated its guidance, properly classified cyber threat indicators (CTI) and defensive measures, and accurately accounted for security clearances to address the basic information-sharing requirements of the Act. In March 2022, CISA completed upgrades to its Automated Indicator Sharing (AIS) 2.0 capability to address information-sharing limitations.

U.S. Immigration and Customs Enforcement (ICE) did not effectively manage and secure its mobile devices or the infrastructure supporting the devices. Specifically, ICE did not implement security settings required to protect its mobile devices and did not mitigate vulnerabilities from applications installed on these devices. In addition, ICE did not use its Mobile Device Management software and other threat defense tools to fully manage and secure some mobile devices and did not address vulnerabilities within the Mobile Device Management software and the servers supporting it. Further, ICE did not implement increased monitoring and protection for devices used outside the United States, which were at a higher risk of cyberattacks. Finally, ICE did not always perform required steps to reduce risks associated with disposal, loss, or theft of its mobile devices.