An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Environmental Protection Agency
The EPA’s Fiscal Year 2026 Top Management Challenges
The Reports Consolidation Act of 2000 requires each inspector general to prepare an annual statement summarizing what the inspector general considers to be “the most serious management and performance challenges facing the agency” and to briefly assess the agency’s progress in addressing those challenges. To that end, we have prepared this statement, which identifies what we consider to be the six most serious management and performance challenges facing the EPA in fiscal year 2026. These challenges represent the Agency’s vulnerabilities to fraud, waste, abuse, and mismanagement, as well as the most significant barriers to the EPA accomplishing its mission.
Summary of Findings
We identified six top management challenges for the EPA:
Managing contracts, grants, and associated data systems.
Meeting statutory requirements for ensuring the safe use of chemicals.
Managing information technology modernization.
Maintaining mission efficiency and effectiveness during organizational change.
Managing cooperative federalism and state oversight.
Preparing for and responding to natural and manmade disasters.
The mission of the U.S. Postal Inspection Service is to support and protect the U.S. Postal Service and its employees, infrastructure, and customers. One of the ways it accomplishes its mission is by providing technological support and risk management tools as well as strategy services designed to mitigate risk and prevent criminal attacks.
What We Did
Our objective was to assess the efficiency and effectiveness of the Postal Service’s and the Postal Inspection Service's oversight of the Vulnerability Risk Assessment Tool (VRAT) process and resolution of identified deficiencies. The VRAT is a risk-based model to identify security deficiencies at postal facilities. For this audit, we judgmentally selected samples of three Postal Inspection Service divisions and 12 Postal Service facilities nationwide for review based on VRAT survey and deficiency data. Additionally, we reviewed VRAT processes, procedures, training, and applicable guidance.
What We Found
The Postal Inspection Service did not effectively oversee the VRAT process. Many surveys were not started or incomplete, deficiencies remained unresolved, and the status for resolved deficiencies was not reported in the system. Additionally, while facility security training included a VRAT component, the Postal Inspection Service and Postal Service did not ensure that all facility management received this training prior to performing VRAT surveys. Lastly, there were instances where personnel from both the Postal Inspection Service and Postal Service duplicated efforts by completing separate VRAT surveys in the same fiscal year at Tier 1 (most critical) and Tier 2 (critical) facilities.
Recommendations and Management Comments
We made six recommendations to strengthen VRAT oversight by improving monitoring and follow-up processes, policies and procedures, and reporting and resolution practices; bolstering facility security training and guidance; and reducing the redundancy of VRAT surveys. Postal Service management agreed with all six recommendations. Management’s comments and our evaluation are at the end of each finding and recommendation.
The Reports Consolidation Act of 2000 requires each inspector general to prepare an annual statement summarizing what the inspector general considers to be “the most serious management and performance challenges facing the agency” and to briefly assess the agency’s progress in addressing those challenges.
Summary of Findings
For fiscal year 2026, we identified two management challenges facing the CSB. We consider these to be the CSB’s greatest vulnerabilities to waste, fraud, abuse, and mismanagement and the most significant barriers to accomplishing the CSB’s mission:
Due to constraints on the existing fiber network, in May 2017, the TVA Board of Directors approved the Strategic Fiber Initiative (SFI) with a budget of $300 million to expand TVA’s fiber capacity by 3,500 miles over the course of ten years on 31 prioritized routes. In addition, TVA planned to lease surplus fiber to external entities to help offset a portion of the operational costs. As of January 2026, the 31 routes that were originally scheduled for fiber installation had been reduced to 19 routes and mileage reduced from 3,500 to approximately 1,900 miles to stay within the $300 million budget. Due to the decrease in mileage, we initiated an evaluation of the SFI program to identify the cause(s) for the decrease in scope for the strategic fiber program.
We determined the original budget for the SFI program contained some flawed assumptions that resulted in an underestimated cost per mile. To stay within the approved $300 million budget, TVA reduced the scope of the program. We reviewed documentation that identified some of the flawed assumptions that contributed to cost increases (resulting in scope decreases), including: (1) issues with wood poles, (2) limited use of helicopter to install the fiber, (3) increased use of contractor labor, (4) environmental requirements, and (5) outage availability. Additionally, the program has not generated the amount of revenue from leasing excess fiber capacity that was anticipated. At the request of the Project Review Board, program personnel identified lessons learned to be applied to future programs of similar size and duration.
We conducted this evaluation to determine the extent to which Drinking Water State Revolving Fund Infrastructure Investment and Jobs Act supplemental funds are used for projects that improve resilience to physical and cyber threats and hazards.
Summary of Findings
The EPA has opportunities to improve its oversight of physical or cyber resilience projects. Such oversight would help the Agency meet and track strategic goals and requirements to safeguard water and wastewater critical infrastructure.
We performed an audit of costs billed to the Tennessee Valley Authority’s (TVA) by a contractor for nuclear steam supply system refueling and inspection services at TVA’s Watts Bar Nuclear Plant and Sequoyah Nuclear Plant. The contract provided for TVA to compensate the contractor on a time and material or fixed price basis in accordance with the contract’s pricing schedule. In addition, the contract provided that (1) outside personnel used for craft labor would be reimbursed at the contractual TVA Project Maintenance and Modification Agreement rates plus an administrative fee, and (2) TVA was to pay the contractor performance fee based on a performance metric program containing bonuses, incentives, and reductions in compensation. Our audit objective was to determine if costs billed to TVA were in accordance with the contract’s terms. Our audit scope included approximately $42.5 million in costs billed to TVA from January 1, 2023, through May 31, 2025.
In summary, we determined the contractor overbilled TVA $1,386,951, including (1) $787,862 in overbilled subcontractor, travel and living, labor, and equipment costs; (2) $136,411 for performance fee not earned; (3) $130,383 due to provisional escalation costs that were not trued-up to actual; (4) $322,397 in unsupported costs; and (5) $9,898 in invoice and payment errors.
Due to the importance of protecting operational technology from cybersecurity threats, we audited the security of a specific type of system access at the Tennessee Valley Authority’s (TVA) gas sites. Our objective was to determine if a specific type of system access supporting Gas Operations was securely configured and monitored to mitigate cybersecurity threats. We made eight recommendations to TVA management. The specifics are being withheld from public release due to their sensitive nature in relation to TVA’s cybersecurity.
The Consumer Product Safety Commission (CPSC) Office of Inspector General retained Williams, Adley & Co.-DC LLP, an independent public accounting firm, to perform an audit of the CPSC’s Zero Trust implementation. Overall, the audit confirmed the CPSC’s current Zero Trust trajectory is aligned with federal cybersecurity modernization objectives and supports the continued development of a more secure and resilient information security environment.
This management alert presents the issues the U.S. Postal Service Office of Inspector General (OIG) identified during the Effectiveness of Package Verification Solutions audit (Project Number 25-130). Our objective is to provide immediate notification of these issues.
Background
In August 2017, the U.S. Postal Service launched the Automated Package Verification (APV) system to identify insufficient postage for some package volume. The system compares shippers’ reported package weights and measurements with actuals captured on postal processing equipment, charging any additional postage due and refunding overpayments (see Figure 1 for an example of package processing equipment). In 2018, the Postal Service invested $22.6 million to expand APV capabilities to improve revenue protection by evaluating every package that is processed on plant equipment. Since it was introduced, APV has increased Postal Service postage collection by $1.1 billion.
