Federal Reports

Our objective was to determine whether the U.S. Census Bureau has implemented adequate data collection procedures to ensure that American Community Survey (ACS) estimates are reliable. We found that the bureau did not effectively implement its data collection and quality control procedures to ensure that ACS estimates were reliable. We also found that the bureau did not sufficiently monitor ISR data collection procedures and did not effectively implement personal visit data collection and quality control procedures.  

We recently issued an audit report on the City and County of Honolulu’s (City) fraud risk management practices, which determined the grantee did not adequately develop a fraud risk management framework for the Coronavirus Aid, Relief, and Economic Security (CARES) Act funding provided for the Emergency Solutions Grant (ESG) program to prevent, detect, and respond to fraud (Audit Report No. 2024-LA-1002, issued August 6, 2024). This audit follows that recent work, in which we audited the City’s ESG CARES Act program with the objective of determining if improper payments existed.  

The City made some improper payments in its ESG CARES Act program because it did not always follow HUD’s requirements.  Specifically, the City and its subrecipients did not (1) determine that 233 landlord signing bonus payments totaling $714,512 were reasonable and necessary, (2) prorate the rent amount for partial months resulting in $51,235 in overpaid rent (projected to be $248,572 in overpayments based on our statistical sample), and (3) ensure there were no duplication of benefits for three program participants totaling $10,100.  We also determined that HUD communicated draw deadline dates to grantees that were inconsistent with guidance it publicly issued, causing the City to draw $1.9 million in grant funds after the deadline.  These conditions occurred because we determined that officials of the City and its subrecipients were not aware of some of HUD’s requirements for the ESG CARES Act program and did not have controls for preventing a duplication of benefits.  In addition, HUD used a single draw deadline for grantees, which conflicted with the three separate expenditure deadlines that it established, but did not issue formal written notice so that all grantees, subrecipients, and the public would be aware of the single deadline.  These results reduced the number of participants that could have been served by the program, intended to reduce or mitigate homelessness, and impacted the City’s ability to maintain program and payment integrity of the ESG CARES Act program.  Although the ESG CARES Act program has concluded, the City could make some of the same types of improper payments in the annual ESG program and other HUD-funded programs it operates, since these programs allow expenses for similar activities.

We recommend that the Director of HUD’s Honolulu Office of Community Planning and Development instruct the City to (1) determine whether the $714,512 paid for 233 signing bonuses under the ESG CARES Act program were reasonable and necessary, (2) develop and implement written policies and procedures for the ESG program to ensure that rents are prorated for the first month for tenant-based rental assistance, (3) repay HUD from non-Federal funds $51,235 in overpaid rent to landlords, (4) develop and implement written policies and procedures to prevent duplication of benefits, and (5) review the rental assistance payments made for the ESG CARES Act program to identify other possible duplication of benefits with other rental assistance programs that the City operates. 
 

We found that a former Principal of a BIE Boarding School in Arizona viewed and possessed child pornography while on duty. 

The objective of this audit was to determine whether the Farm Credit Administration has designed and implemented appropriate controls over its Emergency Operations Center.

During fiscal year (FY) 2025, the Office of Inspector General (OIG) conducted cybersecurity reviews to determine whether the Department of Energy’s unclassified cybersecurity program was implemented in accordance with Federal and Department requirements. The OIG also performed the audit, The Department of Energy’s Fiscal Year 2025 Consolidated Financial Statements, which included test work over controls related to information technology.

The management letter discusses the results of cybersecurity reviews conducted by the OIG in FY 2025 and the results of our Federal Information Security Modernization Act of 2014 evaluation.

The OIG issued 33 cybersecurity findings (including 13 repeat prior year findings) to Department sites and programs related to information technology controls. However, three of those prior year findings, along with their recommendations, are being tracked in other OIG issued reports. Additionally, the audit, The Department of Energy’s Fiscal Year 2025 Consolidated Financial Statements, identified a significant deficiency related to access controls over various Department financial systems. The findings that led to the significant deficiency are included within this report.

The weaknesses occurred for a variety of reasons. For instance, deficiencies related to access controls occurred, in part, due to management not responding to changes in risks or identifying risks associated with inappropriate or unnecessary access to systems.

Without improvements to address the weaknesses identified in our report, the Department may be unable to adequately protect its information systems and data from compromise, loss, or unauthorized modification.