Federal Reports

The Office of Inspector General determined that the Tennessee Valley Authority’s portfolio management process is not operating as intended. Specifically, we found: • Some types of projects did not follow the portfolio management process as required by Tennessee Valley Authority-Standard Programs and Processes 19.003. In addition, TVA does not have a reverse capital flex list, as described in the Portfolio Management Guide. • Economic analyses were not performed for 9 of 17 projects reviewed with a forecasted cost greater than $10 million, although Tennessee Valley Authority’s Portfolio Management Guide states economic analyses are required for all projects equal to or greater than $10 million. • Economic analyses for two Tennessee Valley Authority Board of Directors approved projects had negative net present values, which indicates the projects might not add value to TVA. These analyses, as well as additional costs for one of the projects, were not provided to the Tennessee Valley Authority Board of Directors.• Two purchase orders were issued prior to spend approval for one project, indicating a control gap.

The OIG examined whether VA’s regional Veterans Integrated Service Networks (VISNs) were effectively overseeing the supply chain management conducted by their medical facilities. Supply chain management is critical to preventing waste and ensuring unexpired medical products and equipment are available in good condition for patient care when and where they are needed. An audit team assessed data from 140 annual quality control reviews conducted in FY 2023 by the VISNs, in which medical facilities are evaluated on over 100 questions related to VHA requirements. The OIG team also reviewed the resulting corrective action reports. Cumulatively, the VISN supply chiefs’ assessments found that VHA facilities did not comply with supply chain management policy in about 18.5 percent of required areas. The OIG team conducted site visits to six medical facilities from different VISNs to delve further into their quality control reviews. Three of the facilities did not correct 127 of the 130 outstanding deficiencies for all six visited facilities, and the team discovered over 150 expired items that included catheters, syringes, blood collection tubes, and dental implants. The OIG team also learned of instances of delayed or canceled surgeries because supplies were unavailable. Challenges to medical facilities’ complying with supply management requirements included reports of staffing vacancies, leadership turnover, insufficient VISN support, and inadequate storage space. VISN supply chiefs also did not report all noncompliant practices, and Procurement and Logistics Office monitoring was inadequate to identify unimplemented corrective actions or inaccurate assessments. VA concurred with the OIG’s six recommendations to strengthen VISN oversight of facility supply chain management.

Management Advisory on the FTC’s Non-Federal Sourced Travel

We audited WSFR grants awarded by FWS to the California Department of Fish and Wildlife to ensure compliance and cost allowability.

This report summarizes the results of Sikich’s independent evaluation and contains nine new recommendations that will assist the agency in improving the effectiveness of its information security and its privacy programs and practices. NCUA management concurred with and hasidentified corrective actions to address the recommendations.

Cybersecurity remains one of NASA’s top management challenges. While NASA’s information security program maintained a Level 3 rating this year, it still falls short of what the Office of Management and Budget considers effective.

This report presents the results of the System and Organization Controls 1 Type 2 examination conducted in accordance with relevant attestation standards established by the American Institute of Certified Public Accountants for the United States Department of Agriculture’s (USDA) Financial Management Service (FMS) description of its financial systems used to process user entities financial transactions throughout the period October 1, 2023, to June 30, 2024. The report contains an unmodified opinion on the description and controls that were suitably designed to provide reasonable assurance that the control objectives would be achieved.

The statutes creating the SRFs require states to conduct financial and compliance audits of their SRFs. The EPA's implementing regulations expressly or implicitly require, among other things, that the states send these audits to the OIG and that the OIG review the audits. Until our April 2023 request, the states have not submitted their audits to the OIG so that the OIG can determine whether those audits meet regulatory requirements.