Federal Reports

Although DOI took steps toward building an ERM capability, we found that it was not fully implemented as required by OMB Circular A-123.

The U.S. Postal Service’s mission is to provide timely, reliable, secure, and affordable mail and package delivery to more than 160 million residential and business addresses across the country. The U.S. Postal Service Office of Inspector General (OIG) reviews delivery operations at facilities across the country and provides management with timely feedback in furtherance of this mission.

The U.S. Postal Service’s mission is to provide timely, reliable, secure, and affordable mail and package delivery to more than 160 million residential and business addresses across the country. The U.S. Postal Service Office of Inspector General (OIG) reviews delivery operations at facilities across the country and provides management with timely feedback in furtherance of this mission.

The U.S. Postal Service’s mission is to provide timely, reliable, secure, and affordable mail and package delivery to more than 160 million residential and business addresses across the country. The U.S. Postal Service Office of Inspector General (OIG) reviews delivery operations at facilities across the country and provides management with timely feedback in furtherance of this mission.

The U.S. Postal Service needs effective and productive operations to fulfill its mission of providing prompt, reliable, and affordable mail service to the American public. It has a vast transportation network that moves mail and equipment among about 315 processing facilities and 31,200 post offices, stations, and branches. The Postal Service is transforming its processing and logistics networks to become more scalable, reliable, visible, efficient, automated, and digitally integrated. This includes modernizing operating plans and aligning the workforce; leveraging emerging technologies to provide world-class visibility and tracking of mail and packages in near real time; and optimizing the surface and air transportation network. The U.S. Postal Service Office of Inspector General (OIG) reviews the efficiency of mail processing operations at facilities across the country and provides management with timely feedback to further the Postal Service’s mission.

Our Objective(s)To (1) determine whether MARAD has implemented an information management system for the SAPR Program that complies with NDAA requirements and (2) assess the system's cybersecurity and privacy controls.
Why This AuditThe 2023 National Defense Authorization Act (NDAA) required MARAD to establish for the U.S. Merchant Marine Academy's (USMMA) Sexual Assault Prevention and Response (SAPR) Program an information management system (IMS) for sexual assault and sexual harassment claims, and for the Office of Inspector General to conduct a cybersecurity audit of the system.
What We FoundMARAD has not established an information management system for USMMA's SAPR Program that complies with NDAA requirements.

Instead of acquiring a new IMS, USMMA uses a spreadsheet system for the SAPR Program.
USMMA officials acknowledge that this spreadsheet system does not meet the Academy's needs.
The SAPR Program tracks and maintains most but not all required information in its spreadsheet system.
The program also has not implemented a process to update the records of acquitted individuals in its spreadsheet system.

The SAPR Program's spreadsheet system lacks sufficient cybersecurity and privacy controls.

The program's spreadsheet system lacks the cybersecurity controls required by the National Institute of Standards and Technology and the Department of Transportation's Cybersecurity Compendium to properly secure and protect the confidentiality, integrity, and availability of the program's sensitive data and information.
MARAD's Privacy Officer has not analyzed the spreadsheet system to determine what privacy protections should be implemented to protect personally identifiable information stored in the system.

Recommendations We have made four recommendations to improve MARAD's oversight of USMMA's Sexual Assault Prevention and Response Program.

The EPA did not monitor bus deployment status and recipient use of over $836 million of 2022 Clean School Bus, or CSB, Program rebates, despite the Agency stating it would do so in the 2022 Clean School Bus (CSB) Rebates Program Guide. As of June 2024, only 22, or 6.1 percent, of the 360 schools that received rebates in 2022 had completed their rebate closeouts. At the time of this audit, we found that ten, or 59 percent, of the 17 schools we reviewed are in the process of installing the infrastructure necessary to operate the new clean buses and may not meet the program closeout deadline of October 2024. Additionally, the EPA did not provide guidance to recipients on how funds should be managed. We found that, contrary to multiple OIG briefings on strategies to reduce fraud risk, the EPA allowed recipients to keep CSB funds in accounts with other funds or earn interest on rebate funds while they wait to pay the final invoices, which increases the risk of program funds and interest earned being used for other purposes.