Federal Reports

Peace Corps OIG'S Semiannual Report to Congress describes OIG's work in identifying significant findings relating to the Peace Corps' administration programs and operations at both headquarters and overseas posts during the semiannual reporting period from October 1, 2025, through March 31, 2026.

The VA OIG’s information security inspection program assesses whether VA facilities are meeting federal security requirements related to three high-risk control areas: configuration management, security management, and access. For this inspection, the OIG selected the VA Saginaw Healthcare System in Michigan and found deficiencies in all three areas.

Configuration management controls, which identify and manage security features for all hardware and software components of an information system, were deficient in system baseline configurations and vulnerability scanning and remediation and had unauthorized software hosted on the network.

Security management controls had one deficiency. Although a physical security issue had been previously identified, OIT staff had not developed a plan of action to address it.

Access controls had five deficiencies. The OIG found that the healthcare system staff did not implement required controls for privileged accounts, did not maintain audit logs for local databases, did not consistently verify and document identity of vendors or contractors before granting them access to systems, and did not ensure all networked medical devices were protected by access control lists for their virtual local area networks. The team also identified fire hazards in two telecommunications rooms. As a result, the facility risks unauthorized access, disruption, and destruction of critical information technology resources.

In response to the OIG’s findings, healthcare system staff eliminated the identified fire hazards. To address the other deficiencies, the OIG made 10 recommendations to VA, all of which VA concurred with. Based on evidence the healthcare system provided, the OIG considers recommendations 3 through 7, as well as 9 and 10, closed.

The VA Office of Inspector General (OIG) sought to assess whether Veterans Benefits Administration (VBA) claims processors were appropriately overriding warnings and calculator results within the Veterans Benefits Management System for Rating (VBMS R). The review focused on overrides processed between April 1 and September 30, 2024, and evaluated compliance with applicable laws, policies, and procedures.

The OIG found that while many overrides were properly executed, an estimated 9,900 were not warranted or lacked valid justification. These unwarranted override decisions occurred (1) because VBA did not conduct regular quality reviews that would provide feedback to processors, (2) because of the absence of clear guidance on what constitutes a valid override justification, and (3) because of limited functionality in two VBMS R oversight tools. These deficiencies hindered VBA’s ability to perform efficient oversight and could lead to quality reviewers examining cases that did not actually involve an override.

Actions by VBA claims processors caused about $67,200 in improper disability benefits payments and unnecessary exam costs, with the potential to affect future disability benefits payments or result in unnecessary exam costs. The OIG briefed VBA on the review’s progress in March 2025, and VBA agreed with the sample review results. In December 2025, the OIG officially briefed VBA on the findings. Although VBA has since taken steps to enhance aspects of its override process by releasing a new reporting dashboard in February 2026, the OIG has not reviewed or tested it.

To address the issues the OIG identified and strengthen the VBMS-R override process, the OIG made five recommendations focused on improving guidance, oversight, and system functionality. VBA agreed to implement all five recommendations.

Why We Did This Report

Under the Infrastructure Investment and Jobs Act, or IIJA, the U.S. Environmental Protection Agency was provided with over $60 billion in appropriations for Agency programs, including the Clean Water and Drinking Water State Revolving Fund Programs, the Superfund Program, geographic programs, and more. Since the IIJA’s enactment, the EPA Office of Inspector General has been conducting timely and relevant oversight to ensure that IIJA funds—taxpayer dollars—are used effectively. Our fourth annual IIJA progress report covers February 1, 2025, through January 31, 2026, and provides an update on our oversight of the EPA’s use of IIJA funds.

Summary of Findings

During the period covered in this report, the OIG issued seven audit reports, six evaluation reports, and two audit follow-up reports related to the Agency’s IIJA activities. In addition to examining initial implementation, we have increasingly focused on how the Agency is managing and overseeing IIJA funds that have already been awarded. In this report, we highlighted Agency accomplishments and identified key challenges, including gaps in the EPA’s guidance, oversight, timely fund utilization, recipient capacity, and data quality that risk slowing and undermining IIJA outcomes.

This memorandum provides the final results of the Office of Inspector General’s (OIG) risk assessment of the U.S. AbilityOne Commission’s (Commission) Government Purchase Card (purchase card) program for fiscal year (FY) 2025.  The OIG concluded that the risk of illegal, improper, or erroneous use in the Commission’s purchase card program is low.  As a result, an audit of the Commission’s purchase card program is not warranted.

The objective of the risk assessment was to analyze and identify the risks of illegal, improper, or erroneous purchases and payments within the Commission’s purchase card program, to determine whether an audit is warranted or make recommendations and identify areas of risk that the Commission could improve to strengthen its purchase card program.