Federal Reports

The OIG evaluated a power outage that occurred at the Hines Information Technology Center on May 4, 2023. The outage lasted approximately 22 hours and adversely affected more than 10,000 VA employees nationwide, preventing them from accessing critical VA data and systems such as compensation, pension, and education benefits applications.The OIG found the Hines center’s physical access controls were generally adequate but did not have an effective physical control to prevent the activation of a circuit breaker that caused an inadvertent outage at the data center. Also, contrary to design standards that require redundant power distribution paths, the Hines center circuit breaker functions as a master power switch between the uninterruptible power supplies and the information technology equipment. Consequently, when an authorized employee activated the circuit breaker on May 4, 2023, electricity stopped flowing to the data center equipment and critical applications the center hosts. The OIG did not find evidence the employee intended to disrupt power, nor did it make a determination as to whether the incident was accidental.The Hines center also did not have a detailed contingency plan to guide staff in the recovery of facility information systems following a power outage. When the power outage occurred, engineering staff did not coordinate with the Office of Information and Technology and did not correctly prioritize restoration of network devices, prolonging the system downtime.Such power outages could delay veterans and their families in receiving benefits processed by staff using the affected VA data and applications. Therefore, the OIG recommended the Office of Information and Technology provide redundant electrical distribution paths, cover and add warnings to circuit breakers at Hines and other core data centers, and develop and test a detailed contingency plan to reduce system downtime in the event of a power outage.

We have compiled audit recommendations, made by the Office of the Inspector General’s Office of Audit (OA), that had not been implemented by the Social Security Administration (SSA) as of March 22, 2024. The status of each recommendation is subject to change due to SSA’s ongoing efforts to implement them and OA’s follow-up on SSA’s efforts. Specifically, a recommendation identified as not having been closed as of March 22, 2024 may now be closed as a result of actions taken after that date.

Congress enacted the Payment Integrity Information Act (PIIA) in 2019 to help agencies identify and reduce improper payments. For this mandated audit, we evaluated NASA’s compliance with PIIA requirements in fiscal year 2023.

Although the Department of Homeland Security has made improvements to reduce improper payments (IPs) and unknown payments (UPs), DHS did not comply with the Payment Integrity Information Act (PIIA) of 2019 for fiscal year 2023. According to Office of Management and Budget (OMB) Circular A-123, an agency must meet all 10 PIIA requirements to be compliant. DHS complied with 9 of the 10 requirements, but it did not comply with the requirement to publish IP and UP estimates for the Federal Emergency Management Agency’s (FEMA) Public Assistance Validate As You Go (VAYGo) program for FY 2023.

This report presents the results of our audit of the U.S. Postal Service Emergency Preparedness ofHurricane Ian.