Federal Reports

Anthony Gregory, a former Amtrak conductor based in Los Angeles, California, pleaded guilty on September 3, 2025, in the Superior Court of the State of California for the County of San Diego, to one count Obscene Matter Depicting Persons Under 18 and to one count Disobeying a Court Order. Our investigation found that Gregory advertised for sale and distribution obscene matter depicting a person under the age of 18 years old. Gregory also violated a court order obtained to prevent domestic violence and disturbance of the peace.

Gregory will be sentenced at a future date.

Our Objective(s)
To perform a quality control review (QCR) of Williams Adley & Company-DC LLP's fiscal year 2025 audit of the effectiveness of STB's information security program and practices.

Why This Audit
The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to implement information security programs. The Act also requires agencies to have annual independent evaluations performed to determine the effectiveness of their programs and report the results of these reviews to the Office of Management and Budget. To meet this requirement, STB requested that we perform its fiscal year 2025 FISMA review. Williams Adley of Washington, DC, completed the audit of STB's information security program and practices under contract with the Office of Inspector General. We performed a QCR of Williams Adley's report and related documentation.

What We Found
The independent auditor, Williams Adley, found that STB's information security program and practices were not effective and made five recommendations to improve STB's information security program.
Develop and implement a formal process for defining, documenting, and maintaining its cybersecurity target profile(s).
Develop and formalize thresholds or target values for key cybersecurity and risk performance metrics.
Develop and implement detailed procedures to support its existing supply chain risk management policy and implementation plan.
Establish policies and standards for data classification, quality, access, lifecycle management, and metadata management.
Identify the baseline knowledge, skills, and abilities required for STB's cybersecurity workforce, conduct an assessment to determine any skill gaps, and customize specialized training to address the identified deficiencies.

Our QCR disclosed no instances in which Williams Adley did not comply, in all material respects, with generally accepted Government auditing standards.

Recommendations
STB concurs with Williams Adley's five recommendations.

To accomplish our objective, we applied the agreed-upon procedures described in Attachment A to the payroll periods ended September 6, 2024, and March 7, 2025, coinciding with the Supplemental Semiannual Headcount Report for September 2024 and March 2025 and to the enrollment information submitted. We randomly selected another payroll period, ending February 7, 2025, for additional testing. We confirmed Retirement and Insurance Transfer System data by verifying payroll information to source documents. We randomly selected 45 employees and compared employee withholdings and employer contributions to documentation in the employees’ Official Personnel Files. For all employees, we independently calculated employee withholdings, Postal Service contributions, and enrollment information for health benefits, life insurance, and retirement. We compared the results to actual employee withholdings and Postal Service contributions submitted to the U.S. Office of Personnel Management to determine whether differences existed.

Our Objective(s)
To assess the extent to which the Office of the Secretary of Transportation's (OST) use of working capital funds aligns with advance funding agreements for costs and types of services provided to customers.

Why This Audit
The Department of Transportation (DOT) budgeted approximately $764.2 million in fiscal year 2023 and $746.2 million in fiscal year 2024 for its Working Capital Fund (WCF). DOT's WCF is designed to be self-sustaining and achieve full cost-recovery as its expenses are recovered through funds collected from customers. Our prior work identified issues with OST's management of the WCF, including transparency and accountability concerns related to billing procedures and transaction oversight for information technology services. Given these previous findings, and the magnitude of dollars involved, we initiated this audit.

What We Found
OST's WCF service descriptions are not clear about what customers receive for their advance payments.
These descriptions are vague and lack detail to allow customers to understand what OST will provide for their advance payments.
OST does not fully update the descriptions each year to account for or explain changes in advance funding levels and business operations.

OST's WCF customer bills lack expense details and support for charges and may not promote economy and efficiency.
OST uses set billing methodologies that it provides to the customer at the beginning of each fiscal year. However, these billing methodologies often rely on outdated information.
Because OST's monthly customer bills only provide lump sum amounts for each service, they do not provide customers visibility into the specific services and expenses making up their total allocated share of the cost.

OST's WCF customer bills include errors.
These errors prevent customers from having an accurate and clear portrayal of how and at what amount OST uses their funds.

OST does not accurately account for WCF-funded DOT employees.
Specifically, we identified employees no longer working in OST, working outside their designated WCF service, and in unapproved positions or grades.
DOT has inconsistent practices and controls for listing WCF-funded employees and obtaining the required approvals to hire such employees.

Recommendations
We made 7 recommendations to improve DOT's WCF's transparency regarding OST's use of customers' advance funding-specifically costs and types of services provided to customers.

Ajmal Atherton of Brooklyn, New York, pleaded guilty on August 30, 2025, in Brooklyn District Court to one count of grand larceny in the third degree and one count of offering a false instrument for filing in the second degree. Our investigation found that Atherton fraudulently obtained New York State unemployment benefits. Atherton’s conduct was identified during an investigation into an alleged financial fraud involving a former Amtrak electrician.