Federal Reports

What We Looked AtThis report presents the results of our quality control review (QCR) of an audit of the Department of Transportation's (DOT) information security program and practices. The Federal Information Security Modernization Act (FISMA) requires agencies to develop, implement, and document agency-wide information security programs and practices. FISMA also requires inspectors general to conduct annual reviews of their agencies' information security programs and report the results to the Office of Management and Budget.To meet this requirement, we contracted with CliftonLarsonAllen LLP (CLA) to conduct this audit subject to our oversight. The audit objective was to determine the effectiveness of DOT's information security program and practices in five function areas--Identify, Protect, Detect, Respond, and Recover.What We FoundWe performed a QCR of CLA's report and related documentation. Our QCR disclosed no instances in which CLA did not comply, in all material respects, with generally accepted Government auditing standards.RecommendationsCLA made 18 recommendations. DOT concurs with recommendations 1, 3 through 15, and 17 and 18 and partially concurs with recommendations 2 and 16. CLA considers all 18 recommendations resolved but open pending completion of planned actions.

Our annual plan identifies the audits, inspections, and other activities that the OIG intends to undertake to assist the U.S. Department of Education in fulfilling its responsibilities to America’s citizens and students.

The Reports Consolidation Act of 2000 requires Executive Branch Inspectors General to identify and report annually on the top management challenges facing their agencies. We also adopt this requirement as a best practice. These top management challenges provide a forward-looking assessment for the coming fiscal year to aid GPO in focusing attention on the most serious management and performance issues.

This report identifies our views of the top management and performance challenges facing the company. This year, the challenge of responding to the COVID-19 pandemic supersedes and permeates the company’s ability to address all other challenges. We believe the company will need to account for and adapt to these challenges and develop a strategy to position itself to become a transportation mode of choice in what appears to be a rapidly evolving national economy.

Despite the urgent pressures of this operating environment, there are also opportunities for the company to reimagine its future by taking a fresh, holistic view of its circumstances and the forces that affect it. We identified several longstanding challenges, summarized below, where the company has made progress, but significant work remains. Addressing these challenges will help ensure Amtrak emerges from the pandemic as a more efficient and effective company.

• Safety and Security: Assessing New Risks and Addressing Longstanding Challenges

• Financial Management and Stewardship: Using Resources Wisely and Being Good Stewards of Federal Funds

• Governance: Institutionalizing More Effective Management, Accountability, and Data-driven Decision-making

• Information Technology: Advancing the Company’s Capabilities and Addressing Cybersecurity Risks

The objective of the performance audit was to determine whether SSA's overall information security program and practices were effective and consistent with Federal Information Security Modernization Act of 2014 (FISMA) requirements, as defined by the Department of Homeland Security (DHS).

We audited the Tennessee Valley Authority’s (TVA) travel expenses reimbursed within 50 miles of an official station to determine if they complied with Federal Travel Regulation and TVA policies and procedures. Our audit scope included approximately $500,000 of travel expenses within 50 miles of a TVA employee's official duty station occurring from October 1, 2018, through March 26, 2020.We found that (1) TVA’s approval process did not ensure expenses for travel within 50 miles of an official station complied with TVA’s travel policy, (2) TVA does not have documented procedures to ensure flat-rate-travel reimbursements are being verified appropriately or reimbursed properly, (3) TVA’s human resources system had incorrect official stations shown for 25 of 74 employees included in our samples, and (4) TVA’s travel policy provides limited guidance addressing the assignment and review of official stations. We made four recommendations to TVA management to strengthen controls around travel expenses reimbursed within 50 miles of an official station. TVA management provided actions they plan to take to address each of our recommendations.