Federal Reports

We performed our inspection to determine whether the U.S. Department of Education (Department) ensured that contractors and grantees notified employees in writing of the whistleblower protections provided under 41 United States Code 4712 (Section 4712). We found that the Department did not adequately ensure that contractors and grantees notified employees in writing of the protections provided under Section 4712. Specifically, we found that the Department did not always include the required contractor employee whistleblower protections clause in contract awards, did not include a sufficient reference to whistleblower protections in its Grant Award Notifications, and did not have a process in place to ensure that contractors and grantees actually notified their employees of the whistleblower protections. We made 4 recommendations to address the issues identified.

We conducted an audit to determine whether the Federal Student Aid office (FSA) has effective plans for transitioning assigned activities to itsBusiness Process Operations (BPO) vendors and the status of the transition. We found that FSA has not developed effective plans for transitioning assigned activities to its BPO vendors. We found weaknesses related to FSA’s schedule management and lifecycle management methodology (LMM) documentation and related reviews. This included LMM documentation not always including required signoffs or indicating that required steps were completed. We also determined that the non-servicing phase was fully transitioned in March 2022, but the planned transition of the servicing and recovery phases has been pushed back repeatedly. FSA plans the servicing phase to be transitioned by November 2024. There is no planned transition date for the recovery phase. We also found that all of the BPO vendors initially struggled to meet non-servicing phase performance metrics. FSA revised the performance framework to lower targets for some metrics and remove others, which resulted in all vendors achieving passing scores. We made eight recommendations to improve FSA’s ability to effectively transition the servicing and recovery phases to BPO vendors and to ensure that performance metrics are realistic and achievable.

The National Credit Union Administration (NCUA) Office of Inspector General (OIG)conducted this self-initiated audit to assess the NCUA’s examination hours. The objectives ofour audit were to determine: (1) the NCUA’s effectiveness in establishing examination hours,and (2) whether the NCUA ensured proper regulatory safeguards remained in place to protect thecredit union system, credit union members, and the National Credit Union Share Insurance Fund(SIF) while appropriately managing the examination burden on credit unions.

The VA Office of Inspector General (OIG) conducted a healthcare inspection to review VISN and facility leaders’ response to allegations that an optometrist was not practicing to the standard of care at the Cheyenne VA Medical Center (facility) in Wyoming. In a response to an OIG request for review, VISN and facility leaders substantiated that the optometrist failed to diagnose patients and delayed testing for 15 of 16 identified patients. The response, however, lacked a plan to review the care of other patients who may have been adversely affected. The OIG identified deficiencies with the facility leaders’ response to the quality of care concerns, state licensing board reporting, and completing proficiency reports for the optometrist.The optometrist was suspended in January 2023 while facility leaders initiated a focused clinical care review of the optometrist’s practice. Although expert reviewers tasked with examining a selection of patient cases expressed significant concerns, and facility leaders’ analysis concluded the optometrist “did not meet the standard of care,” facility leaders did not initiate a review to assess the potential harm to other patients. The optometrist was allowed to return to patient care on a focused professional practice evaluation for cause and showed performance improvement before retiring in July. The OIG found that facility leaders failed to initiate the state licensing board reporting process after the optometrist “failed to meet generally accepted standards of clinical practice” due to a lack of understanding of reporting requirements. The OIG also found the optometrist’s supervisors failed to complete annual proficiency reports in 2021 and 2023 due to an oversight and inexperience by supervisors. The optometry supervisors also failed to address deficiencies identified in other completed proficiency reports. The OIG made recommendations for a comprehensive review of the optometrist’s care, state licensing board reporting, and completing the proficiency process.

Power plants rely on operational technology (OT) to ensure the plants can run without disruption. Due to the high risks associated with threat events against OT, we performed an audit of the Tennessee Valley Authority’s (TVA) OT cybersecurity at a combined cycle plant. Our objective was to determine if logical, physical, and general security controls were (1) appropriately designed to reduce cybersecurity risk and (2) operating effectively. We determined logical, physical, and some general controls were appropriately designed and operating effectively. However general security controls related to contingency planning, system inventory, system baselines, and cybersecurity monitoring needed improvement. Specifically, we identified:• Contingency plans were not documented. • OT inventory was incomplete.• System baselines were not in place.• Cybersecurity monitoring was incomplete.In addition, we determined a risk assessment had not been completed for the site’s OT systems.

U.S. Customs and Border Protection (CBP) spent $60 million of Infrastructure Investment and Jobs Act (IIJA) procurement, construction, and improvements (PC&I) funding on six contracts in fiscal years 2022 and 2023 to modernize and improve CBPowned land ports of entry (LPOEs). In FY 2022, CBP spent $16 million of IIJA PC&I funding for two contracts for maintenance and repairs at CBP-owned LPOEs. In FY 2023, CBP spent $44.5 million of IIJA PC&I funding for contracts to modernize six CBPowned LPOEs. In FY 2024, CBP plans to use IIJA PC&I funding for contracts to include work to address outstanding priority repairs at CBP-owned LPOEs.