Federal Reports

The Bureau of Industry and Security (BIS) administers and enforces U.S. export regulations to control the export of goods and technologies for national security and foreign policy purposes. Our objective for this audit was to assess the effectiveness of BIS actions to detect violations of export controls for Russia and Belarus in fiscal years 2022 and 2023.

BIS prevents the diversion or misuse of export-controlled items abroad by conducting pre-license checks and post-shipment verifications—collectively known as end-use checks—on foreign end users for individual export transactions, to help ensure that U.S. exports are being used as intended and to assess the legitimacy of end users.

Overall, we found that BIS needs to strengthen its end-use check process to prevent restricted shipments to Russia and Belarus. Specifically, we found weaknesses in BIS methods to identify and select high-risk shipments for end-use checks; document results and assign final ratings of compliance with export control regulations; and complete enforcement actions to hold potential violators of export controls accountable. These weaknesses undermine the transparency and accountability of BIS’s regulatory oversight and underscore the need for improvements to strengthen and modernize the end-use check process.

We made six recommendations to strengthen and modernize the end-use check process.

Our objective was to determine whether NTIA has an adequate review process to ensure that states’ and territories’ plans meet the BEAD program’s planning phase requirements. We found that NTIA did not have an adequate review process to ensure that states’ and territories’ plans met the BEAD program’s planning phase requirements. Specifically, we found that NTIA did not have complete and accurate documentation to support its decisions for the BEAD program planning phase deliverables and experienced delays during its review of the required planning phase deliverables for the BEAD program grant awards.

We made five recommendations to NTIA to provide adequate oversight of its review of the deliverables and establish milestones or performance metrics for completing its reviews of planning phase deliverables. NTIA concurred with our recommendations and is working to implement them.

This report provides status information on DOI’s American Relief Act supplemental funding for disaster relief as of the end of 2025.

The VA OIG reviewed whether the Veterans Benefits Administration (VBA) had sufficient procedures to verify the continued eligibility of beneficiaries (including both veterans and survivors) aged 100 years or older who were receiving recurring benefits as of May 31, 2025. Overall, the OIG found that VBA generally processed reviews accurately for most domestic beneficiaries (those with an address in the United States); while deficiencies such as incomplete or inaccurate documentation were identified, these issues were not systemic. However, VBA staff did not consistently process reviews for foreign beneficiaries (those with a foreign address).

Of the 195 foreign beneficiaries requiring routine review, 119 cases (about 61 percent) contained processing inaccuracies, and seven resulted in about $612,000 in overpayments. Many of the issues stemmed from systemic weaknesses, including the omission of beneficiaries residing in the Philippines from the review process and uncertainty among staff about how to verify whether foreign beneficiaries were still alive. Staff also lacked clarity regarding which regional office had jurisdiction over compensation cases involving beneficiaries with a Philippines address. Although responsibility for these cases was centralized to the San Diego office in 2020, the OIG observed that some cases were transferred between the San Diego and Manila offices for months before action was taken.

The OIG made six recommendations to strengthen oversight of benefit payments for beneficiaries aged 100 years or older. VBA concurred with all recommendations and requested that one be closed. Based on evidence VBA provided, the OIG considers that recommendation closed. Regarding the remaining recommendations, VBA has begun updating its procedures to improve the accuracy and consistency of these reviews.

This report transmits the results of the Federal Election Commission Office of the Inspector General fiscal year (FY) 2025 annual review of the FEC's compliance with the Payment Integrity Information Act of 2019 (PIIA).

The Department of Homeland Security Office of Intelligence and Analysis (I&A) and Office of the Chief Information Officer (OCIO) did not effectively manage and secure I&A mobile devices, resulting in vulnerabilities and a higher risk of cyberattacks, unauthorized access to sensitive information, and waste. • Two I&A-developed apps used to share intelligence with law enforcement and first responders had three vulnerabilities known to I&A but not remediated, risking exploitation.  • 76 percent of apps installed on I&A mobile devices pose security risks, are prohibited, or allow prohibited activities. • I&A and OCIO did not ensure I&A devices were authorized and protected for use outside of the United States, increasing the risk of exploitation by foreign adversaries. • I&A accounted for only 11 percent of mobile devices recorded in OCIO’s asset management system as issued to I&A staff, and OCIO did not properly sanitize disposed-of I&A mobile devices, risking protection of sensitive information.  • 27 percent of mobile device and 44 percent of mobile device management system security settings did not comply with DHS requirements, exposing devices to cybersecurity risks such as unauthorized access and data breaches. These deficiencies occurred in part because I&A did not address known vulnerabilities in mobile apps.  Additionally, OCIO did not establish or enforce security policies and procedures for mobile devices and supporting infrastructure, and in some cases had not identified vulnerabilities.  Also, I&A’s foreign travel policy was outdated, and OCIO had not implemented separate security controls for I&A devices used for international travel.   Data Access: OCIO denied us direct access to ServiceNow, which precluded an independent, comprehensive review of the data.