Federal Reports

The cover page of this report was updated on 2/5/21 to include a comment box that states, "The statements made on pages 2 and 20 regarding OCC providing whistleblower complaints to Treasury OIG Office of Investigations (OI) were clarified in a memorandum dated February 5, 2021 (OIG-CA-21-016). The memorandum clarified that OCC should continue to send allegations of OCC employee misconduct and Orders of Investigations to OI."Please read this report in conjunction with Treasury OIG Memorandum, OIG-CA-21-016, Whistleblower Referrals to the Department of the Treasury Office of Inspector General, Office of Investigations, dated 2/5/2021.

What We Looked AtWe performed a quality control review (QCR) on the single audit that RHR Smith & Company (Smith) performed for the Green Mountain Transit Authority’s (Authority) fiscal year that ended June 30, 2018. During this period, the Authority expended approximately $14.5 million from the U.S. Department of Transportation’s (DOT) grant programs. Smith determined that DOT’s major program was the Federal Transit Cluster. Our QCR’s objectives were to determine (1) whether the audit work complied with the Single Audit Act of 1984, as amended, the Office of Management and Budget’s Uniform Guidance, and the extent to which we could rely on the auditors’ work on DOT’s major programs; and (2) whether the Authority’s reporting package complied with the reporting requirements of the Uniform Guidance. We FoundSmith’s audit work complied with the requirements of the Single Audit Act, the Uniform Guidance, and DOT’s major program. We found nothing to indicate that Smith’s opinion on DOT’s major program was inappropriate or unreliable. However, we identified a deficiency in Smith’s audit work that should be corrected in future audits. We also identified deficiencies in the Authority’s reporting package that required correction and resubmission.

What We Looked AtFreight trains in the United States generally operate with a conductor, who is responsible for the train, freight, and crew, and an engineer, who operates the locomotive. To ensure that only people who meet minimum Federal safety standards serve as conductors, in 2011, the Federal Railroad Administration (FRA) issued a rule for the certification of conductors, Title 49, Code of Federal Regulations, Part 242. This rule requires railroads to have a formal program for training prospective conductors and determining that they are competent before they are certified. Given the potential impact of the conductor certification rule on railroad safety, we initiated this audit to assess FRA’s oversight of railroad conductor certification programs. What We FoundFRA does not have sufficient oversight controls to consistently assess railroads’ compliance with Part 242 requirements. Specifically, FRA reviews of railroad conductor certification programs lack formal procedures. FRA officials currently evaluate programs using a checklist with some Part 242 requirements, an industry group program template, and officials’ professional judgment. These narrow reviews are not comprehensive, however, because programs are not evaluated at a consistent level of detail, and the process remains undocumented. FRA officials also perform Part 242 inspections and compliance audits without comprehensive procedures. As a result, the audit documentation and inspection data do not identify all of the Agency’s Part 242 compliance audits or demonstrate audit quality. However, FRA is responsive to Part 242 waiver requests and conductor certification petitions. Specifically, the Agency has procedures in place for handling waiver requests and is meeting its goal timelines for reviewing and deciding on petitions. Our RecommendationsWe made five recommendations to improve FRA’s oversight of railroad conductor certification programs, guidance for program officials and inspectors, and quality of its audit data. FRA concurred with all of our recommendations, and we consider them resolved but open pending completion of the planned actions.

U.S. Customs and Border Protection (CBP) does not have a comprehensive strategy for meeting its LS-NII scanning needs at all CBP locations. Instead, CBP used multiple plans, such as its Multi-Year Investment and Management Plan, and individual acquisition plans for each type of LS-NII equipment it may purchase. At times, these acquisition plans contained conflicting information and did not align with the program’s approved life-cycle cost estimate. We made three recommendations to improve CBP’s acquisition planning for LS-NII needs and ensure effective investments for its non-intrusive inspection program. We recommended the DHS Under Secretary for Management require the acquisition program office to develop an approved strategy that aligns its NII key acquisition documents with CBP’s evolving investments in critical LS-NII equipment. In addition, the CBP Component Acquisition Executive should implement procedures to ensure better alignment and tracking of reliable LS-NII data, and ensure an NII strategy encompasses an approved Acquisition Program Baseline that includes key performance baselines for all critical LS-NII equipment. The Department did not concur with one recommendation but concurred with two of our three recommendations.

DHS’ information security program was not effective for Fiscal Year 2019 because the Department earned a maturity rating of “Ad Hoc” (Level 1) in three of five functions, compared to last year’s higher overall rating of “Managed and Measurable” (Level 4). We attributed DHS’ regression in managing its information security program to its recent decision to permit the Coast Guard to submit its cybersecurity and Federal Information Security Management Act (FISMA) reports to the Department of Defense rather than to DHS. This decision adversely affects Department senior leadership’s ability to make informed and risk-based decisions on essential cybersecurity activities such as risk management, weakness remediation, system inventory, incident reporting, and continuous monitoring. We made five recommendations. The Department concurred with all five recommendations.

On March 27, 2020, the President signed into law the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). To date the CARES Act has provided the U.S. Department of the Interior (DOI) with $909.7 million, which includes direct apportionments of $756 million to support the needs of DOI programs, bureaus, Indian Country, and the Insular Areas, and a $153.7 million transfer from the U.S. Department of Education to the BIE.This report presents the DOI’s progress as of August 31, 2020, in spending CARES Act appropriations. Specifically, the DOI’s expenditures to date total $526,662,366, and its obligations total $624,399,884.We are also monitoring the DOI’s progress on reporting milestones established by the CARES Act and the U.S. Office of Management and Budget.We anticipate issuing updated status reports monthly.

Final FY 2020 OIG Management Challenges Report 09282020

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements