Federal Reports

Our objective was to determine opportunities for the District to mitigate stamp stock shipment losses.

What We Looked AtThe United States has the largest and most diverse general aviation community in the world. In 2017, the Federal Aviation Administration (FAA) issued a new rule, referred to as BasicMed, which implemented an alternative way for many general aviation pilots to establish medical eligibility without having to undergo the previous medical certification process. As of April 2020, more than 55,000 pilots had been registered for BasicMed. To aid in their oversight of the new BasicMed process, then Chairmen Bill Shuster of the House Committee on Transportation and Infrastructure and Frank A. LoBiondo of the Subcommittee on Aviation requested that we examine FAA's implementation of the new BasicMed requirements. Our audit objectives were to assess FAA’s (1) procedures for implementing new medical requirements for certain small aircraft pilots, including identifying challenges to its implementation, and (2) plans for measuring the impact of the new BasicMed process on aviation safety. What We FoundFAA issued the BasicMed rule in compliance with the Act on January 11, 2017, and provided guidance and conducted outreach to stakeholders to implement the program. Under BasicMed, pilots can fly an aircraft the moment they complete the online medical course and submit other required information. However, FAA lacks an effective process to confirm pilots meet all eligibility requirements, such as whether they have a valid U.S. driver’s license. FAA also does not have a process to verify that pilots’ medical examinations are being performed by State-licensed physicians as required. In addition, FAA’s plan to measure the safety impact of the program is limited by a lack of available data. According to FAA, it may take several more years until there is sufficient data to identify trends and evaluate the rule’s safety impacts, due in part to the lengthy process for accident investigations. Our RecommendationsFAA concurred with our two recommendations to improve FAA’s process for verifying pilot’s eligibility for the BasicMed program and measuring the program’s impact on aviation safety.

What We Looked AtFAA oversees the safety of civil aviation through a complex network of information systems at air traffic control facilities. Cyber-based threats are rapidly evolving and may put air traffic control systems at risk for compromise. The FAA Extension, Safety, and Security Act of 2016 directs FAA to develop a comprehensive, strategic framework to reduce cybersecurity risks to civil aviation. Part of FAA’s efforts to implement this framework involves coordination and collaboration on aviation cybersecurity with the Departments of Homeland Security (DHS) and Defense (DOD) through the Aviation Cyber Initiative (ACI). The former Chairman of the House Committee on Transportation and Infrastructure requested that we examine FAA’s roles, responsibilities, and actions as an ACI member. Specifically, we assessed ACI’s progress in achieving its mission. What We FoundFor 3 years, FAA and its ACI partners have been providing regular updates to Federal agencies on their work, and are collaborating with Federal and aviation industry cybersecurity stakeholders. In May 2019, the Secretaries of DHS, DOD, and the Department of Transportation (DOT) finalized the approval of a charter that outlines ACI’s objectives. As DOT’s representative, FAA is an ACI co-chair with DHS and DOD. The co-chairs report to an Executive Committee of senior Agency executives. At the first ACI Executive Committee meeting in May 2019, 10 priorities were set for 2019 and 2020. ACI has implemented three of these priorities and they are on-going. ACI has also initiated work on the remaining seven. However, ACI has not developed mechanisms to monitor and evaluate results for meeting milestones and timetables for its priorities. ACI lacks an integrated budget and dedicated resources. As a result, FAA and its ACI partners face challenges in achieving its priorities; these challenges could inhibit FAA’s ability to develop a comprehensive and strategic framework for cybersecurity. RecommendationsTo enhance FAA’s progress in achieving ACI’s mission, we made one recommendation. FAA concurred with our recommendation.

The VA Office of Inspector General (OIG) reviewed whether the Veterans Health Administration (VHA) established adequate financial management practices at the VA Southeast Network and the VA Great Lakes Health Care System to promote the efficient use of their financial resources. The audit team found that VHA’s financial management practices did not include adequate controls, such as financial performance indicators, to assess whether its regional networks and medical centers used funds in a cost-effective manner. The use of financial performance indicators would allow VHA and its regional networks to identify inefficiencies that could indicate wasteful spending. VHA-wide indicators could also highlight trends and provide insights that help VHA develop best practices to enhance financial efficiency in its operations. VHA lacked an effective financial management structure to promote adequate controls. Under VHA’s current reporting structure, regional networks do not have uniform financial management functions and do not conduct oversight that promotes financial efficiency. Rather, regional oversight focuses on achieving reliable financial reporting, allocating financial resources, addressing budget excesses and shortfalls, and monitoring planned versus actual obligations of appropriated funds. The OIG recommended that VHA (1) establish key performance indicators that align with medical center operations and can be used to assess the efficient use of operating funds, (2) specify the office responsible for establishing financial controls that address the efficient use of funds at regional networks and medical centers, and (3) require VHA to establish and publish organizational charts that identify the appropriate financial management reporting lines of authority and to develop familiarization training on the reporting lines of authority at the VISN and medical center levels, as appropriate.