Federal Reports

Each year agency program officials, chief information officers, and inspectors general must review their agencies’ information security programs and report to the Department of Homeland Security and Congress on the programs’ compliance with the Federal Information Security Modernization Act (FISMA). The OIG contracted with an independent public accounting firm CliftonLarsonAllen LLP (CLA) to evaluate VA’s information security program for FY 2022. After evaluating 47 major applications and general support systems hosted at 23 VA sites and on the VA Enterprise Cloud, CLA concluded that VA continues to face significant challenges meeting FISMA requirements. The audit found continuing significant deficiencies related to access, configuration management, and change management controls, as well as service continuity practices, all of which are designed to protect mission-critical systems from unauthorized access, alteration, or destruction. These deficiencies can be remedied by improving the deployment of security patches, system upgrades, and system configurations to mitigate significant security vulnerabilities; enforcing a consistent process across all field offices and improve performance monitoring to ensure controls operate as intended at all facilities and communicate identified security deficiencies to mitigate significant risks; and addressing security-related issues that contributed to the information technology material weakness reported in the FY 2022 audit of VA’s consolidated financial statements. VA concurred with CLA’s 26 recommendations, some of which addressed repeat deficiencies from previous FISMA reports spanning multiple years. CLA will follow up on the outstanding recommendations and evaluate the adequacy of corrective actions in the FY 2023 audit of VA’s information security program.

We assessed NASA’s progress in developing new technologies and sustainable energy options for aircraft propulsion.

The U.S. Environmental Protection Agency Office of Inspector General conducted this audit to determine whether the U.S. Chemical Safety and Hazard Investigation Board complied with the Payment Integrity Information Act of 2019 in fiscal year 2022.

The Payment Integrity Information Act of 2019 (PIIA) was signed into law in March 2020. PIIA requires agencies to identify and review all programs and activities they administer that may be susceptible to significant improper payments based on guidance provided by the Office of Management and Budget (OMB). Additionally, the OMB Memorandum M-21-19, Transmittal of Appendix C to OMB Circular A-123, Requirements for Payment Integrity Improvement, requires agencies to report technically improper payments, which are defined as a payment to the right recipient for the right amount where the payment process failed to follow all applicable statutes and regulations.We conducted this audit to determine whether the Department of Energy met OMB criteria for compliance with PIIA.The Department’s fiscal year 2022 improper payment reporting was aligned with OMB criteria. Specifically, the Department published its fiscal year 2022 Agency Financial Report and posted that report, and the accompanying materials, on its website. However, we identified areas where improvements to the payment integrity process are warranted. Specifically, the Department informed us that it underreported its improper payments in the fiscal year 2022 Agency Financial Report by approximately $867,000 because of a data entry error created by a third-party contractor. Additionally, new spending and loan programs introduce an increased risk that the Department may exceed the OMB’s $100 million threshold for being susceptible to improper payments. Because of this influx of funds, we determined that enhancements to the payment integrity process are necessary. Our recommendations focused on: (1) completing planned corrective actions for the consolidation of payment reporting sites’ improper payment information in the Agency Financial Report; (2) updating the Office of the Chief Financial Officer’s annual guidance to sites to include more specific direction on payment reporting sites’ collection of useful and consistent data to identify detailed root causes of reported improper payments and on developing plans to mitigate them in the future; and (3) expanding the Office of the Chief Financial Officer’s use of data analytics, at both the Department-wide level and payment reporting site level, to identify potential root causes for improper payments that could lead to the Department’s improper payment rate exceeding the OMB threshold.Management concurred with our findings and recommendations, and its proposed corrective actions are consistent with our recommendations.

A post office suspension occurs when the U.S. Postal Service temporarily stops operations at a Postal Service-operated retail facility. A facility may be suspended due to a natural disaster, termination of a lease or rental agreement, lack of qualified personnel to operate the office, irreparable or severe damage to the retail facility, or the lack of adequate measures to safeguard the retail facility or its revenues. The Postal Service’s policy requires a post office suspension be resolved by either re-opening or permanently closing the facility, which is typically completed between 180 to 280 days.Post office suspensions have long been an interest of the Postal Regulatory Commission (PRC), Congress, and other stakeholders. The PRC has publicly expressed concerns over the years about the number of unresolved post office suspensions. The Postal Service has been trying to clear a backlog of post office suspensions that developed over many decades. As of the end of fiscal year (FY) 2022, the Postal Service reported 381 unresolved post office suspensions. Since FY 2020, the PRC has required the Postal Service to provide a detailed plan to resolve post office suspensions in its Annual Compliance Report (ACR). The Postal Service has used its Change Suspension Discontinuance Center (CSDC) system since 2012 to track information on facilities throughout the post office suspension process.

This Office of Inspector General Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the inpatient and outpatient care provided at the South Texas Veterans Health Care System, which includes the Audie L. Murphy Memorial Veterans’ Hospital in San Antonio, the Kerrville VA Medical Center, and multiple outpatient clinics in Texas. This evaluation focused on five key operational areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (emergency department and urgent care center suicide prevention initiatives)The OIG issued three recommendations for improvement in three areas:1. Leadership and organizational risks• Adverse event evaluation and institutional disclosures2. Medical staff privileging• Reprivileging decisions3. Mental health• Follow-up for patients at risk of suicide

A Las Vegas man pleaded guilty to charges of Wire Fraud and Aggravated Identity Theft in U.S. District Court, Eastern District of Pennsylvania, on May 17, 2023. The man admitted to participating in a "phishing" scheme in which he fraudulently obtained credit card and personal identifying information (PII) from his victims, including names and banking information. He used the victims' credit card information and PII to purchase online travel tickets on common carriers, including Trailways and Amtrak, and then resold the tickets to other individuals and kept the proceeds. He was indicted on July 11, 2019, and his sentencing hearing is pending.

The U.S. Environmental Protection Agency Office of Inspector General conducted this audit to determine whether the U.S. Chemical Safety and Hazard Investigation Board complied with the Payment Integrity Information Act of 2019 in fiscal year 2022.