Federal Reports

Letter to the Office of Management and Budget regarding Office of Inspector General's Fiscal Year 2025 risk assessment for the Government Charge Card Abuse Prevention Act of 2012.

Memorandum to the Chairman of the Railroad Retirement Board regarding OIG's fiscal year 2025 risk assessments for the Government Charge Card abuse Prevention Act of 2012.                

The VA OIG conducts information security inspections to assess whether VA facilities meet federal security requirements. The OIG followed up on an inspection it conducted at the VA Beckley Healthcare System in West Virginia in 2023.
During this follow-up inspection, the OIG identified substantial progress in addressing prior recommendations, and some continued deficiencies in configuration management, security management, and access controls.

For configuration management, the team identified one deficiency over vulnerability remediation: the healthcare system did not meet required timelines for addressing critical vulnerabilities and lacked necessary remediation plans, leaving outdated software on numerous systems. Additionally, the OIG identified several unique high and critical vulnerabilities within the network that were not reflected in the agency’s standard vulnerability reports.

The healthcare system had deficiencies in three security management controls: a special-purpose system lacked authorization to operate; a special-purpose system had inappropriate security categorizations; and staff had administrative access and a lack of separation of duties for managing a pharmacy inventory system.

Finally, the healthcare system had deficiencies in physical controls restricting access to computer rooms, although the facility was addressing these deficiencies. The team also found that the facility was not monitoring the destruction of temporary records as required.

The OIG made three recommendations to the assistant secretary of information and technology, who also serves as the chief information officer, and two recommendations to the Beckley VA Medical Center director. VA concurred with four recommendations and did not concur with one. Nevertheless, the OIG noted VA provided sufficient evidence of implementation for four of the recommendations (including the one VA did not concur with) and considers those recommendations closed. The OIG will monitor implementation of the remaining recommendation.

Why We Did This Report

The OIG conducted this audit to determine whether the EPA appropriately identified and resolved improper payments during its annual review of the State Revolving Fund Program.
 

Summary of Findings

The EPA did not appropriately identify unknown and improper payments or properly track them for reporting and resolution, which resulted in the Agency’s regions underreporting unknown and improper payments by approximately $54.4 million for fiscal year 2022 and $8.8 million for fiscal year 2023 for the transactions we reviewed.

Semiannual Report to Congress, highlighting the activities and accomplishments of the U.S. AbilityOne Commission Office of Inspector General from April 1, 2025, through September 30, 2025.

IBC ICCAD internal control vulnerabilities increase the risk of unauthorized or erroneous rate changes, data integrity issues, and audit trail gaps.