Federal Reports

NGA OIG Fall Semiannual Report to Congress, 1 April - 30 September 2025

The Federal Information Security Modernization Act of 2014 (FISMA) requires Federal agencies to develop, document, and implement an agency-wide information security program to ensure that information technology resources are adequately protected. FISMA mandates that each agency Office of Inspector General, or external auditor, as determined by the Inspector General, perform an annual independent evaluation of the agency’s information security program and practices to determine its effectiveness.

As an independent agency within the Department of Energy, the Federal Energy Regulatory Commission (FERC) is mandated to comply with FISMA. Therefore, we initiated this evaluation to determine whether FERC’s unclassified cybersecurity program adequately protected data and information systems in accordance with FISMA. The Office of Inspector General contracted with KPMG LLP to assist in the assessment of FERC’s unclassified cybersecurity program. The Office of Inspector General monitored KPMG LLP’s work to ensure it complied with applicable requirements.

Our fiscal year 2025 evaluation found that FERC had adequately protected data and information systems in accordance with FISMA. Specifically, during our review of the FISMA security metrics, we determined that FERC had implemented an effective unclassified cybersecurity program within the context of the maturity model. In addition, based on our limited testing of general information technology controls and business process application controls at FERC, we determined that all selected controls were adequately designed, implemented, and operating effectively through fiscal year end.

Based on our review of the required FISMA metrics and selected controls over financial processes, we did not identify weaknesses that required immediate corrective actions related to FERC’s cybersecurity program. As such, we did not make any recommendations.

We determined that the Forest Service did not provide financial assistance to facilities that purchase and process ecosystem restoration byproducts in accordance with IIJA requirements, resulting in $86 million in questioned costs and $94 million in unsupported costs.

Our Objective(s)To evaluate single audit reports uploaded to the Federal Audit Clearinghouse between July 1, 2025 and September 30, 2025, and identify findings that affect directly awarded Department of Transportation (DOT) programs.
Why This AuditOIG performs oversight of independent, non-Federal auditors' single audit reports. Over the past 3 fiscal years, on average over 250 single audit reports were issued that included findings related to programs directly funded by DOT. We issue memoranda that summarize these reports' significant findings and recommendations that require priority action by DOT. When warranted, we also recommend that DOT recover funds inappropriately expended by non-Federal entities.
What We FoundAuditors reported 20 findings related to 15 grantees that included significant noncompliance with Federal guidelines which require prompt action from DOT's Operating Administrations.

Of the 20 findings, 11 were repeat findings related to 6 grantees.

Auditors identified questioned costs totaling $4,203,255 for 8 grantees.

Of this amount, $1,610,569 was related to the Joint Programs of the Shoshone and Arapaho Tribes of the Wind River Reservation, Fort Washakie, WY; $1,200,000 was related to the Saginaw Transit Authority Regional Services, Saginaw, MI; and $575,874 was related to the Puerto Rico Bus Authority, San Juan, PR.

We identified nonmonetary repeat findings that caused a disclaimer of opinion for one entity and qualified opinions for three entities.
RecommendationsWe made 4 recommendations to strengthen OST oversight of non-Federal entities and determine the allowability of questioned costs.

Introduction

This management alert presents issues the U.S. Postal Service Office of Inspector General (OIG) identified during the Counterfeit Postage Program audit (Project Number 25-072). Our objective is to provide immediate notification of these issues related to an identified deficiency in the prevention of Enterprise Payment Account (EPA) fraud.

Background

The Postal Service offers mailers the ability to obtain and pay for package labels through various systems designed to improve customer experience.

The audit of AmeriCorps’ Grant Closeout Process found that AmeriCorps’ grant closeout policies and procedures generally complied with the provisions of 2 C.F.R. § 200.344 with the following issues identified: 1) AmeriCorps did not have adequate policies and procedures for processing grant funds returned post-closeout; 2) AmeriCorps did not have sufficient internal controls to ensure timely grant closeout; and 3) AmeriCorps’ recording of grant data into USAspending.gov was inconsistent and inaccurate. These issues stemmed from AmeriCorps’ lack of a formal procedure to process grant funds returned after closeout, which led to data discrepancies between the Payment Management System and AmeriCorps’ grant system of record, eGrants. AmeriCorps relies on manual data entry methods to report grant award information to USAspending.gov, without sufficient system controls or independent reviews to detect and correct errors prior to submission. Furthermore, AmeriCorps failed to effectively utilize administrative closeouts when grant recipients did not provide final reports within one year of the award’s period of performance end date. AmeriCorps’ response to the findings and recommendations is included in the report.

We found that unsupported costs were charged to an IRA grant and BOR did not properly oversee a grant and cooperative agreement.