Federal Reports

The Postal Reorganization Act of 1970 requires annual audits of the U.S. Postal Service’s financial statements. In addition, the Postal Accountability and Enhancement Act of 2006 requires the Postal Service to comply with Section 404 of the Sarbanes-Oxley Act. This section requires the Postal Service to establish and maintain an adequate internal control structure and procedures, and assess the effectiveness.

The Federal Information Security Modernization Act of 2014 (FISMA) requires all Federal agencies to conduct independent penetration tests and vulnerability assessments on a sampling of information systems annually. In conjunction with our fiscal year 2022 FISMA evaluation (2022-OE-0001), we conducted a targeted penetration test and vulnerability assessment of sample systems that resulted in a Topic Brief. The objective of this testing was to determine whether the U.S. Department of Housing and Urban Development (HUD) sample systems and their supporting infrastructure contained security weaknesses. We identified potential vulnerabilities among the tested applications that HUD should review as part of its cybersecurity program and prioritize remediation of risks deemed critical, high, or medium. No formal recommendations were documented in the report. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

This semiannual report summarizes the OIG's activities and accomplishments for April 1, 2022,through September 30, 2022. The OIG issued one inspection and one information security metricsreview. The Office of Inspector General received 1,256 investigative contacts between April 1,2022, and September 30, 2022.

An Amtrak Electrician based in Groton, Connecticut, violated company policy by misusing his company-owned vehicle by regularly traveling to and stopping atlocations not associated with his work duties during his shifts, including making multiple visits to his residence throughout July 2022. In addition, we determined that the employee violated company policies by attempting to cover the lens of the interior Lytx camera in his vehicle and for not being honest or forthcoming with our agents during his interview. The employee was terminated after his disciplinary hearing on December 13, 2022.

The Office of the Inspector General included an audit of the Tennessee Valley Authority’s (TVA) employee relocation allowances on our annual audit plan due to the potential reputational and financial risks associated with relocations that do not comply with TVA policies and procedures. Our audit objective was to determine if relocation allowances are paid in accordance with TVA Standard Programs and Processes (SPP) 11.208, Employee Relocation Allowances. Our audit scope included 308 completed employee relocations during calendar years 2019 through 2021, totaling approximately $8.4 million. TVA utilizes a third-party vendor, SIRVA Relocation, LLC, (SIRVA) to interface with the employee and administer the relocation in accordance with TVA’s policies. We found employee relocations were generally paid in accordance with TVA SPP 11.208 and the management review control for payment of these transactions was operating effectively. However, we identified an opportunity to improve the relocation process and instances where program guidance could be clarified. Specifically, we found (1) SIRVA’s review of miscellaneous expense allowance claims was not documented consistently, (2) program guidance for some employee relocations could be improved, (3) program guidance for manager and specialist new hires is unclear, and (4) program guidance for temporary living allowances incorrectly references the Federal Travel Regulation.

As part of the Pandemic Response Accountability Committee’s (PRAC)1 effort toprovide policymakers and stakeholders with information about the nature oftelehealth and its use across federal health care programs, the Office ofInspector General (OIG) conducted an evaluation to: (1) examine the use oftelehealth across the Department of Labor’s (DOL) workers’ compensationprograms during the first year of the COVID-19 pandemic, and (2) identifyemerging risks related to the use of telehealth.

Our annual plan identifies the audits, inspections, and other activities that the OIG intends to undertake to assist the U.S. Department of Education in fulfilling its responsibilities to America’s citizens and students.