Federal Reports

This final report provides the results of our evaluation of the U.S. Department of Commerce’s (the Department’s) processes for handling hotline complaints referred by the Office of Inspector General (OIG). The objective of our evaluation was to review the Department’s processes for responding to hotline complaint referrals where OIG requests that the Department conduct an inquiry and provide a response detailing its results (also known as H referrals). Overall, we found that the Department lacked an effective process and internal controls over its hotline \ referrals. This report includes recommendations for the Department to implement internal controls for addressing H referrals efficiently and effectively. See appendix A for specific details on our objective, scope, and methodology.

The OCFO cannot provide reasonable assurance that crosscutting risks are identified and mitigated and that Agency resources are directed to the most critical strategic needs.

The U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG), completed an audit to determine whether FHA-insured borrowers properly received the COVID-19-related forbearance.  The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), signed into law on March 27, 2020, provided a mortgage payment forbearance option for all borrowers who suffered a financial hardship due to the COVID-19 national emergency.We found that at least one-third of the nearly 335,000 borrowers who were delinquent on their FHA-insured loans and not on forbearance in November 2020, were either not informed or misinformed about the COVID-19 forbearance.  As a result, these borrowers experiencing a hardship due to COVID-19 did not benefit from the COVID-19 forbearance.  We also found that servicers improperly administered the forbearance for at least one-sixth of the nearly 815,000 borrowers on forbearance plans in November 2020.  Servicers also performed excessive communication and collection efforts for borrowers who were already in forbearance. As a result, these borrowers experienced additional burdens from improperly administered forbearance.We recommend that FHA identify borrowers who are delinquent and did not fully benefit from the COVID-19 forbearance and ensure that information about the CARES Act and COVID-19 forbearance is distributed to these borrowers. We also recommend that FHA review the 21 loans in our statistical sample with improperly administered forbearance to ensure that the borrowers were assisted by the servicers, if possible, and ensure that these servicers updated their forbearance procedures to prevent future noncompliance; ensure that the issues found during our audit are incorporated into servicing monitoring reviews to deter future noncompliance and prevent potential loss to the FHA fund; and provide additional guidance to the servicers so that they limit their communication and collection efforts for the borrowers in forbearance.

Independent Auditors' Report on the Government Publishing Office (GPO) fiscal year (FY) 2021 Financial Statements.

In connection with the audit of the U.S. Government Publishing Office fiscal year (FY) 2021 financial statements, attached is the information technology (IT) management letter issued by the independent public accounting firm of KPMG LLP (KPMG).

In connection with the audit of the U.S. Government Publishing Office fiscal year (FY)2021 financial statements, attached is the non-information technology (IT) management letter issued by the independent public accounting firm of KPMG LLP (KPMG).

This audit repoort concluded that the FCC’s information security program was effective and in compliance with FISMA legislation, OMB memoranda, and other applicable guidance. This is the first year that the agency’s information security program has been in compliance, which is a significant accomplishment. The FISMA evaluation report includes seven findings and offers 13 recommendations intended to improve the effectiveness of the FCC’s information security program controls.

The information security program of AmeriCorps remains ineffective and has shown little progress since FY 2018. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: organization-wide risk management, IT asset inventory management, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management practices. AmeriCorps has not made significant progress in implementing prior FISMA recommendations. AmeriCorps has implemented only eight of the 39 open recommendations from the FY 2017- FY 2020 FISMA evaluations.. Implementing more of these recommendations will help AmeriCorps to mature its information security program and bring it closer to effectiveness. The failure to address critical deficiencies leaves AmeriCorps systems and data vulnerable to breach, which may expose sensitive information, including Personally Identifiable Information, to unauthorized access, use and disclosure. Our report offers 13 new recommendations, which together with the prior year recommendations, will assist AmeriCorps in developing a mature and effective information security program. AmeriCorps concurred with 12 of the 13 new recommendations and provided alternative actions to resolve the remaining recommendation.