Federal Reports

The National Credit Union Administration (NCUA) Office of Inspector General (OIG)conducted this self-initiated audit to assess the NCUA’s examination hours. The objectives ofour audit were to determine: (1) the NCUA’s effectiveness in establishing examination hours,and (2) whether the NCUA ensured proper regulatory safeguards remained in place to protect thecredit union system, credit union members, and the National Credit Union Share Insurance Fund(SIF) while appropriately managing the examination burden on credit unions.

The VA Office of Inspector General (OIG) conducted a healthcare inspection to review VISN and facility leaders’ response to allegations that an optometrist was not practicing to the standard of care at the Cheyenne VA Medical Center (facility) in Wyoming. In a response to an OIG request for review, VISN and facility leaders substantiated that the optometrist failed to diagnose patients and delayed testing for 15 of 16 identified patients. The response, however, lacked a plan to review the care of other patients who may have been adversely affected. The OIG identified deficiencies with the facility leaders’ response to the quality of care concerns, state licensing board reporting, and completing proficiency reports for the optometrist.The optometrist was suspended in January 2023 while facility leaders initiated a focused clinical care review of the optometrist’s practice. Although expert reviewers tasked with examining a selection of patient cases expressed significant concerns, and facility leaders’ analysis concluded the optometrist “did not meet the standard of care,” facility leaders did not initiate a review to assess the potential harm to other patients. The optometrist was allowed to return to patient care on a focused professional practice evaluation for cause and showed performance improvement before retiring in July. The OIG found that facility leaders failed to initiate the state licensing board reporting process after the optometrist “failed to meet generally accepted standards of clinical practice” due to a lack of understanding of reporting requirements. The OIG also found the optometrist’s supervisors failed to complete annual proficiency reports in 2021 and 2023 due to an oversight and inexperience by supervisors. The optometry supervisors also failed to address deficiencies identified in other completed proficiency reports. The OIG made recommendations for a comprehensive review of the optometrist’s care, state licensing board reporting, and completing the proficiency process.

Power plants rely on operational technology (OT) to ensure the plants can run without disruption. Due to the high risks associated with threat events against OT, we performed an audit of the Tennessee Valley Authority’s (TVA) OT cybersecurity at a combined cycle plant. Our objective was to determine if logical, physical, and general security controls were (1) appropriately designed to reduce cybersecurity risk and (2) operating effectively. We determined logical, physical, and some general controls were appropriately designed and operating effectively. However general security controls related to contingency planning, system inventory, system baselines, and cybersecurity monitoring needed improvement. Specifically, we identified:• Contingency plans were not documented. • OT inventory was incomplete.• System baselines were not in place.• Cybersecurity monitoring was incomplete.In addition, we determined a risk assessment had not been completed for the site’s OT systems.

U.S. Customs and Border Protection (CBP) spent $60 million of Infrastructure Investment and Jobs Act (IIJA) procurement, construction, and improvements (PC&I) funding on six contracts in fiscal years 2022 and 2023 to modernize and improve CBPowned land ports of entry (LPOEs). In FY 2022, CBP spent $16 million of IIJA PC&I funding for two contracts for maintenance and repairs at CBP-owned LPOEs. In FY 2023, CBP spent $44.5 million of IIJA PC&I funding for contracts to modernize six CBPowned LPOEs. In FY 2024, CBP plans to use IIJA PC&I funding for contracts to include work to address outstanding priority repairs at CBP-owned LPOEs.

NPS did not take sufficient steps to implement Justice40 and did not identify data necessary to track, monitor, and report the impact of DOI actions.

What OIG Evaluated: 

The Library Office of Inspector General assessed whether the Library of Congress is exercising proper strategic planning and performance management at an agency-wide level. 

What OIG Found: 

We found:
- Strategic Planning and Performance Management office has not fully Implemented Key Performance Indicators.
- The Library’s Service Units Do Not Identify Risks for Service Unit Performance Goals.
-  Strategic Planning and Performance Management Is Not Validating/Verifying Funding Status as Part of the Review of the Directional Plan.

What OIG Recommends: 

1. Complete the development of policies and procedures for developing and reporting  KPIs.
2. Complete the development of KPIs for the fourth strategic goal, Fostering Innovation.
3. Develop a process for validating KPI data.                 
4. As part of the maturation of the Library’s Enterprise Risk Management Program, perform an analysis of current SUPG setting and associated risk management processes and determine whether additional risk management procedures are necessary.
5. Implement the Library’s own recommendations related to SUPG setting and associated risk management processes based on the analysis performed as part of recommendation 4.