Federal Reports

The U.S. Postal Service’s mission is to provide timely, reliable, secure, and affordable mail and package delivery to more than 160 million residential and business addresses across the country. The U.S. Postal Service Office of Inspector General (OIG) reviews delivery operations at facilities across the country and provides management with timely feedback in furtherance of this mission.

The U.S. Postal Service needs effective and productive operations to fulfill its mission of providing prompt, reliable, and affordable mail service to the American public. It has a vast transportation network that moves mail and equipment among about 315 processing facilities and 31,200 post offices, stations, and branches. The Postal Service is transforming its processing and logistics networks to become more scalable, reliable, visible, efficient, automated, and digitally integrated. This includes modernizing operating plans and aligning the workforce; leveraging emerging technologies to provide world-class visibility and tracking of mail and packages in near real time; and optimizing the surface and air transportation network. The U.S. Postal Service Office of Inspector General (OIG) reviews the efficiency of mail processing operations at facilities across the country and provides management with timely feedback to further the Postal Service’s mission.

Our Objective(s)To (1) determine whether MARAD has implemented an information management system for the SAPR Program that complies with NDAA requirements and (2) assess the system's cybersecurity and privacy controls.
Why This AuditThe 2023 National Defense Authorization Act (NDAA) required MARAD to establish for the U.S. Merchant Marine Academy's (USMMA) Sexual Assault Prevention and Response (SAPR) Program an information management system (IMS) for sexual assault and sexual harassment claims, and for the Office of Inspector General to conduct a cybersecurity audit of the system.
What We FoundMARAD has not established an information management system for USMMA's SAPR Program that complies with NDAA requirements.

Instead of acquiring a new IMS, USMMA uses a spreadsheet system for the SAPR Program.
USMMA officials acknowledge that this spreadsheet system does not meet the Academy's needs.
The SAPR Program tracks and maintains most but not all required information in its spreadsheet system.
The program also has not implemented a process to update the records of acquitted individuals in its spreadsheet system.

The SAPR Program's spreadsheet system lacks sufficient cybersecurity and privacy controls.

The program's spreadsheet system lacks the cybersecurity controls required by the National Institute of Standards and Technology and the Department of Transportation's Cybersecurity Compendium to properly secure and protect the confidentiality, integrity, and availability of the program's sensitive data and information.
MARAD's Privacy Officer has not analyzed the spreadsheet system to determine what privacy protections should be implemented to protect personally identifiable information stored in the system.

Recommendations We have made four recommendations to improve MARAD's oversight of USMMA's Sexual Assault Prevention and Response Program.

The EPA did not monitor bus deployment status and recipient use of over $836 million of 2022 Clean School Bus, or CSB, Program rebates, despite the Agency stating it would do so in the 2022 Clean School Bus (CSB) Rebates Program Guide. As of June 2024, only 22, or 6.1 percent, of the 360 schools that received rebates in 2022 had completed their rebate closeouts. At the time of this audit, we found that ten, or 59 percent, of the 17 schools we reviewed are in the process of installing the infrastructure necessary to operate the new clean buses and may not meet the program closeout deadline of October 2024. Additionally, the EPA did not provide guidance to recipients on how funds should be managed. We found that, contrary to multiple OIG briefings on strategies to reduce fraud risk, the EPA allowed recipients to keep CSB funds in accounts with other funds or earn interest on rebate funds while they wait to pay the final invoices, which increases the risk of program funds and interest earned being used for other purposes.

During the reporting period, the Office of Audits completed and published the Fiscal Year (FY) 2023 and FY 2024 Federal Information Security Modernization Act (FISMA) audits and the Payment Integrity Information Act audit; the latter two were completed by independent public accountants (IPAs) overseen by the Office of Audits. Additionally, the audit team began work on the following audits: FY 2024 CFTC Financial Statements; FY 2024 CFTC Customer Protection Fund Financial Statements; CFTC’s Compliance with the Government Charge Card Act; and CFTC’s Enterprise Risk Management Program. The audit team is also working with the Council of Inspectors General on Financial Oversight (CIGFO) in its review of the effectiveness and internal operations of the Financial Stability Oversight Council (FSOC) designation of nonbank financial companies. In addition, we established the Office Evaluations and initiated an evaluation into the CFTC’s non-disclosure policies, forms, and agreements to assess compliance with the Whistleblower Protection Enhancement Act of 2012.

Dependency and Indemnity Compensation is a monthly benefit paid to eligible survivors of service members who died in the line of duty or as a result of a service related injury or illness. Under the PACT Act, survivors with previously denied claims may be newly eligible for Dependency and Indemnity Compensation related to toxic exposure. These survivors may reapply for benefits and might receive retroactive payments dating back to the original date of entitlement. The OIG conducted this review to assess the accuracy of VBA’s processing of Dependency and Indemnity Compensation claims reopened under the PACT Act.

The OIG team reviewed two statistical samples of claims that were reopened under the PACT Act after having previously been denied. One set were claims that, after being reprocessed, were again denied; the other set were claims that were granted after being reprocessed. Both sets involved claims completed from January 1 through July 31, 2023. The OIG found that pension management center staff generally denied these claims appropriately; however, there were some inaccuracies when claims were granted. Errors stemmed from unclear guidance on how to reevaluate claims and from a lack of information system enhancements and resulted in a projected $33.1 million in underpayments to survivors. The OIG made three recommendations to correct errors and improve the claims process.