Federal Reports

The National Security Agency Office of the Inspector General (NSA OIG) publicly released today its first unclassified version of its Semi-Annual Report to Congress (SAR). The unclassified version of the SAR covers the period from October 1, 2017, through March 31, 2018, and reflects what NSA OIG could release publicly about its work for that reporting period. It discusses 16 audits, inspections, and special studies completed during that period, as well as a number of other ongoing reviews.

We determined that the Federal Air Marshall Services’ (FAMS) could not demonstrate the extent its ground-based activities’ contributed to the Transportation Security Administration’s (TSA) mission. FAMS lacked performance measures for most ground-based activities and could not provide a budget breakout by division or operational area. Without effective performance measures or detailed accounting of funding, FAMS cannot ensure it is maximizing its resources to address its highest risks and is unable to measure the value of its investment in these ground-based activities. We made two recommendations that will enhance FAMS’ overall effectiveness. TSA concurred with both recommendations.

We determined that the Federal Air Marshall Services’ (FAMS) could not demonstrate the extent its ground-based activities’ contributed to the Transportation Security Administration’s (TSA) mission. FAMS lacked performance measures for most ground-based activities and could not provide a budget breakout by division or operational area. Without effective performance measures or detailed accounting of funding, FAMS cannot ensure it is maximizing its resources to address its highest risks and is unable to measure the value of its investment in these ground-based activities. We made two recommendations that will enhance FAMS’ overall effectiveness. TSA concurred with both recommendations.

The objective of our audit was to determine the extent to which Federal Student Aid (FSA) had implemented its enterprise risk management (ERM) framework. FSA did not implement all elements of its ERM framework or implement all elements characteristic of effective ERM. FSA developed an ERM framework, established a risk management office, and created a risk management committee. However, FSA did not fully implement the following elements characteristic of effective ERM.(1) Internal Environment: FSA did not define and retain records of management’s risk management philosophy, risk appetite, or risk tolerance.(2) Information and Communication: FSA did not communicate management’s risk management philosophy, risk appetite, or risk tolerance; FSA’s ERM framework; or information about FSA’s enterprise-level risks to internal and appropriate external stakeholders.(3) Objective Setting: FSA did not ensure that objectives and risk responses were aligned with management’s risk appetite.(4) Event Identification: FSA did not identify and assess risks in a way that ensured that it had a complete risk profile (set of enterprise-level risks) to evaluate. (5) Monitoring: FSA did not annually evaluate ERM efforts to assess whether FSA was achieving its ERM objectives or reducing risks to be within the level management was willing to accept.Because FSA management did not ensure that all elements of FSA’s ERM framework and all elements characteristic of effective ERM were fully implemented, it did not have reasonable assurance that ERM efforts helped management achieve its ERM objectives and reduced enterprise-level risks to be within the level that management was willing to accept.

Administrative costs Wisconsin Physicians Service Insurance Corporation claimed on its fiscal year 2013 final administrative cost proposal were generally allowable and in accordance with its Medicare contract and applicable Federal regulations. Of the $4.0 million that we reviewed, we accepted $3.9 million as allowable, allocable, and reasonable and questioned the remaining $99,649 as unallowable costs.

Administrative costs Wisconsin Physicians Service Insurance Corporation claimed on its fiscal year 2013 final administrative cost proposal were generally allowable and in accordance with its Medicare contract and applicable Federal regulations. Of the $29.2 million reviewed, we accepted $27.7 million as allowable, allocable, and reasonable and questioned the remaining $1.5 million as unallowable costs.

The primary objectives of the audit were to determine whether program funds were managed