Federal Reports

This audit report determined that the Commission’s FY 2023 information security program was not in compliance with FISMA legislation, OMB guidance, and applicable NIST special publications. Five of the nine domains Kearney evaluated warrant additional management attention to address identified deficiencies - Risk Management, Supply Chain Risk Management, Configuration Management, Identity and Access Management, and Information Security Continuous Monitoring. Specifically, the FISMA evaluation report includes seven findings and offers 25 recommendations to improve the effectiveness of the FCC’s information security program controls. FCC continues to work towards an effective overall maturity level for its information security program.

In this legislatively mandated review, the OIG sought to determine whether VBA continues to use updated public disability benefits questionnaires and, because public questionnaires may pose a significant risk of fraud without adequate internal controls, to examine VBA’s oversight of their use. Publicly available questionnaires are to be completed by veterans’ non-VA medical providers, whereas internal questionnaires are completed by VA medical providers.The OIG team reviewed a sample of 100 claims for benefits completed from January 1 through December 31, 2022, supported by at least one public questionnaire. These 100 claims contained 207 public questionnaires because some claims had more than one questionnaire submitted. The team developed its own indicators of fraud risk because VBA lacked them.The team found that VBA generally accepted and used public questionnaires when determining entitlement to benefits. However, VBA does not have effective controls to mitigate the risk of using fraudulent forms to decide benefits. On the basis of its sample, the team estimated that of the 31,900 claims completed during the review period, approximately 22,000 claims (69 percent) had one or more fraud risk indicators. Although public questionnaires with fraud risk indicators show only possible instances of fraud, the team’s projections suggest that the monetary risk to VA could be approximately $390 million.The OIG made five recommendations to the under secretary for benefits, chief among them to continue developing a system for digitally capturing, analyzing, and monitoring public questionnaires to identify inauthentic or fraudulent questionnaires, and work with the Compensation Service to develop policies for reviewing and remediating any such public questionnaires identified. Other recommendations were to have outside providers certify that they completed the questionnaires under penalty of perjury, and to enhance guidance and training for claims processors.

An Amtrak Senior manager based in Philadelphia was terminated from employment on December 8, 2023, as the result of our investigation that found he submitted falsified applications to the Small Business Administration for a Coronavirus Aid, Relief, and Economic Security Act Economic Injury Disaster Loan. In addition, the former employee signed a civil settlement agreement with the U.S. Attorney’s Office, Middle District of Florida, and agreed to pay $25,441 in restitution related to the fraudulent loan.