Federal Reports

The OIG determined that the current cybersecurity program guidance lacks clarity; expectations for maintaining training qualifications are not well-defined; the cybersecurity inspection process contains redundant and time-consuming tasks; and NRC staff members did not always accurately report their time spent on cybersecurity inspection-related activities.  The OIG makes 9 recommendations to enhance the effectiveness, consistency, and efficiency of the NRC’s cybersecurity inspection program. 

The VA Office of Inspector General (OIG) initiated a healthcare inspection on September 2, 2025, in response to anonymous allegations received regarding the integrity of the peer review process at the VA Caribbean Healthcare System (facility) in San Juan, Puerto Rico. The OIG conducted an unannounced site visit from December 2–4, 2025, followed by virtual interviews through January 21, 2026.

The OIG determined the facility met Veterans Health Administration (VHA) Directive 1190(1), Peer Review for Quality Management, requirements for peer review process management including alignment with committee structure, documentation of initial and final levels of care, recommendations for education and quality improvement, and required quarterly reporting to the clinical executive committee. The OIG found that peer review committee members assigned final levels of care based on a majority vote. Additionally, peer review committee members described having discussions to forget the patient outcome and focus on the episode of care under review in an effort to avoid hindsight or outcome bias. However, the OIG identified that the peer review committee made decisions regarding completing institutional disclosures, which is not part of the committee’s quality management process, that should have been made by facility leaders. The OIG made one recommendation to the Facility Director to address this issue. The Facility Director provided an action plan to ensure all discussion related to the disclosure of adverse events is removed from Peer Review Committee proceedings.

This report presents the results of our work conducted to address the performance audit objective related to the United States Consumer Product Safety Commission’s (CPSC) compliance with the requirements contained in the Payment Integrity Information Act of 2019 (PIIA) for the fiscal year ended September 30, 2025.

We performed an audit of the Tennessee Valley Authority’s (TVA) Contract No. 15387 with a company to provide a broad range of engineering, design, and construction management support when and as requested by TVA.  The objective of our audit was to determine if the costs billed to TVA were in accordance with the contract’s terms.  Our audit scope included approximately $33.2 million in costs billed to TVA between January 1, 2024, and March 31, 2025. 

In summary, we determined the company overbilled TVA an estimated $33,595, including (1) 14,079 in unsupported and overbilled travel and temporary living allowance costs, (2) $13,764 in invoice and payment errors, (3) a net $3,632 in performance fee credits, and (4) $2,120 in labor costs.  In addition, we identified opportunities for TVA to improve the administration of the contract.  Specifically, (1) the contract was unclear on how the company was to bill temporary employees it received from staffing agencies and (2) TVA did not evaluate fee for all tasks greater than $50,000, as required by the contract.