Federal Reports

City governments around the country are taking on “smart city” initiatives that use big data technology to gather information and improve life for their residents. It is often difficult for cities to deploy this technology in enough locations to collect actionable data. The Postal Service, because of its vast presence in every city, could attach sensors to its physical infrastructure to quickly gather data from around the city. The OIG identified five pilot projects in which the Postal Service could participate in the short term that would involve little to no financial or operational commitment.

This is our audit report on the National Oceanic and Atmospheric Administration (NOAA) National Marine Fisheries Service (NMFS) Fisheries Finance Program (the Program). The purpose of our audit was to evaluate management’s controls over the Program’s loan approval, monitoring, and debt collection processes.

The Virginia Department of Medical Assistance Services (State agency) did not always use the correct Federal medical assistance percentage (FMAP) when processing claim adjustments reported on Form CMS-64. The State agency used the current FMAP on the date the adjustment was made. In doing so, the State agency repaid to the Federal Government a higher amount than it received for the original claim. Furthermore, when the State agency submitted the revised claim, it received a higher FMAP payment than it should have received. Taking into consideration both of the errors, the net effect resulted in no overpayment or underpayment. The State agency agreed with our finding and concurred with our recommendation.

The Minnesota's Health Insurance Marketplace (MNsure) had implemented security controls, policies, and procedures intended to prevent vulnerabilities in its Web applications (Web site), database, and other supporting information systems. However, it did not always comply with Federal and State information technology requirements when it implemented those security controls, policies, and procedures, which increased MNsure's risk that personally identifiable information (PII) could have been exposed. We conducted tests of MNsure's Web site, database, and supporting information systems and found weaknesses in MNsure systems. Although we did not identify evidence that the vulnerabilities had been exploited, exploitation could have resulted in unauthorized access to and disclosure of PII, as well as disruption of critical marketplace operations. The vulnerabilities were collectively and, in some cases, individually significant and could have potentially compromised the integrity of the marketplace.