Federal Reports

Beginning in 2021, the U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG) conducted several audits to assess HUD’s anti-fraud efforts and to develop inventories of fraud risks for several of its programs. Our previous work found that HUD’s fraud risk management program was in its early stages of development and we recommended that HUD perform program-specific fraud risk assessments and incorporate these assessments into an agency-wide plan to further advance its program. To continue assisting HUD in improving its anti-fraud efforts, we conducted this work to identify potential fraud risks and schemes that could negatively impact HUD’s Office of Community Planning and Development disaster recovery funding.

CPD had made progress in its efforts to identify fraud risks for its disaster recovery program. Specifically, CPD identified several fraud risks at the disaster recovery program level and documented them in a fraud risk inventory. To further assist CPD with its fraud risk efforts, we developed our own fraud risk inventory that includes additional fraud risks. To develop our inventory, we first identified seven fraud risk factors affecting disaster recovery funding that increase the chance of fraud by heightening the incentives, opportunities, and likelihood for rationalization by individuals inclined to commit fraud. We then used those fraud risk factors, along with the results of brainstorming sessions, interviews, and reviews of audit reports, investigations, press releases from HUD’s Office of Inspector General (HUD OIG) and other Federal agencies, to develop the inventory containing 57 potential fraud risks, 20 of which CPD had previously identified in its fraud risk inventory. Fraudulent misappropriation of disaster recovery funding undermines program integrity, compromises taxpayer dollars, and hinders disaster recovery efforts, ultimately harming the affected communities.

We recommend that HUD’s Office of Community Planning and Development (CPD) improve its anti-fraud efforts by using the fraud risk inventory our office developed and its Office of the Chief Risk Officer’s risk catalog. We also recommend involving key stakeholders in the disaster recovery program’s risk identification process and communicating the identified fraud risks to relevant stakeholders, such as grantees and subrecipients, to enhance fraud prevention, detection, and response efforts within HUD and grantees’ disaster recovery programs. We further recommend that CPD use its fraud risk inventory to help identify data needs and potential system enhancements to improve its ability to monitor and respond to fraud risks in the Disaster Recovery program.

Due to the importance of protecting the Tennessee Valley Authority’s (TVA) operations from external cyber events, we performed an audit of TVA’s transmission control center network cybersecurity. The audit objective was to determine if TVA has sustainable processes for identifying, implementing, and managing the network architecture to reduce the overall cybersecurity risk to TVA resources in their transmission networks.  The audit scope was limited to TVA’s transmission control center network.  We made one recommendation to TVA management. The specifics are being withheld from public release due to their sensitive nature in relation to TVA’s cybersecurity. 

Our Objective(s)To assess whether GLS's contract award and administration practices comply with Federal and Departmental requirements. Specifically, we evaluated GLS's compliance with contract award and administration requirements and overseeing contracting officer warrants.
Why This AuditBetween 2021 and 2024, GLS received around $154.8 million in Congressional funds to carry out its mission. In this time, GLS has managed a $65.1 million contract portfolio. Our prior work and that of DOT's Office of the Senior Procurement Executive previously identified that GLS did not always comply with Federal and Departmental acquisition requirements, including the Federal Acquisition Regulation (FAR), across the acquisition lifecycle. Considering these issues and the importance of GLS's mission, we initiated this audit.
What We FoundGLS cannot demonstrate compliance with several contract award and administration requirements.

For 43 of the 48 contracts in our sample-totaling $40.4 million-GLS could not demonstrate that it complied with key contract award and administration process requirements set by DOT's Transportation Acquisition Manual and the FAR.
These noncompliance issues put up to $18.7 million at risk.

GLS could not always verify that its contracting officials held proper warrants.

GLS officials could not provide evidence that three of its contracting officers who awarded six contracts in our sample between fiscal years 2021 and 2024 totaling around $1 million, were correctly warranted.
Further, between July 2023 and April 2024, GLS's Chief of the Contracting Office awarded 12 contracts totaling approximately $11.7 million without warrant authority.

RecommendationsWe made 5 recommendations to improve GLS's compliance with Federal and Departmental contracting requirements.

In accordance with the Reports Consolidation Act of 2000, the Inspector General is providing information on what he considers to be the most serious management and performance challenges facing the U.S. Consumer Product Safety Commission in fiscal year 2026. Congress left the determination and threshold of what constitutes a most serious management and performance challenge to the discretion of the Inspector General. These challenges are defined as mission critical areas or programs that have the potential to be a significant weakness or vulnerability that would greatly impact agency operations or strategic goals if not addressed by management.

The Delivering For America: Our Vision and Ten-Year Plan to Achieve Financial Sustainability and Service Excellence (DFA plan), released in March 2021, outlines the U.S. Postal Service’s 10-year strategy to transform into a high-performing, financially sustainable organization. With the release of Delivering For America 2.0: Fulfilling the Promise in September 2024, the Postal Service provided a blueprint for its path forward.

We, the U.S. Postal Service Office of Inspector General (OIG), have provided essential oversight of the Postal Service for nearly 30 years, and since the release of the DFA plan, have integrated an independent and objective review of its implementation into our work. This is the third in our series of DFA oversight reports in which we focused on two core areas outlined in the DFA plan: achieving service excellence and attaining financial stability.

Overall, our analysis of progress toward key initiatives shows mixed results. While the Postal Service (USPS) has made meaningful investments in infrastructure, fleet modernization, and pricing reforms, service performance has been inconsistent, and financial outcomes have fallen short of break-even targets.

As the Postal Service’s transformation is ongoing, our oversight will continue to focus on whether these efforts deliver measurable improvements in reliability, customer experience, and fiscal health that would ensure the Postal Service remains a vital, self-sustaining part of the nation’s infrastructure.

GPO FY 2025 Financial Statement Audit January 20, 2026. Independent Auditors' Report on GPO Fiscal Year 2025 Consolidated Financial Statements. GPO OIG contracted iwth the independent public acounting firm of KPMG LLP to audit the consolidated financial statements of GPO for FYs ended on September 30, 2025 and 2024.

GPO FY2025 Financial Statement Audit Management Letter January 20, 2026

Due to the importance of protecting the Tennessee Valley Authority (TVA) operations from external cyber events, we audited TVA’s protection mechanisms for a specific cyberattack.  Our objective was to determine if TVA’s protection mechanisms to prevent or protect against a specific type of cyberattack were adequately designed, properly implemented, and operating effectively.  Specifics are being withheld from public release due to their sensitive nature in relation to TVA’s cybersecurity.  We made two recommendations to TVA management.