Federal Reports

We conducted a series of OIG audits at four HHS Operating Divisions (OPDIVs) using network and web application penetration testing to determine how well HHS systems were protected when subject to cyberattacks.

DOJ News Release

We audited selected controls of the GrantSolutions and OneStream applications as part of the internal control assessments required for the fiscal year 2018 financial statement audit under the Chief Financial Officer’s Act of 1990. Our objective was to review the controls for compliance with U.S. Department of Housing and Urban Development information technology policies and Federal information system security and financial management requirements. The OIG has determined that the contents of this audit report would not be appropriate for public disclosure and has therefore limited its distribution to those officials listed on the report distribution list.

As part of our annual audit plan, we audited the tool controls at Sequoyah Nuclear Plant (SQN). Our audit objective was to determine if SQN is in compliance with the Tennessee Valley Authority’s (TVA) Nuclear Power Group Business Practice 226 (BP-226), Tool and Equipment Accountability. In summary, we determined SQN is not in compliance with BP-226. Specifically, we found (1) issues and returns of tools and equipment are not made in TVA’s Tool Management System, and periodic random inventories are not performed; (2) tool room access is not adequately controlled; and (3) a new tool tracking system TVA is planning to use cannot accommodate rigging requirements. TVA management agreed with our findings and recommendations.

Fiscal Year 2018 Risk Assessment of the FTC's Charge Card Program