Federal Reports

What We Looked AtWe contracted with the independent public accounting firm KPMG LLP to audit the Federal Aviation Administration's (FAA) financial statements as of and for the fiscal years ended September 30, 2018, and September 30, 2017, and to provide a report on internal control over financial reporting and compliance with laws and other matters. The contract required that the audit be performed in accordance with U.S. generally accepted Government auditing standards, Office of Management and Budget audit guidance, and the Governmental Accountability Office's and Council of the Inspectors General on Integrity and Efficiency's Financial Audit Manual. In connection with the contract, we performed a quality control review of KPMG's report dated November 9, 2018, related documentation, and inquired of its representatives.What We FoundOur quality control review disclosed no instances in which KPMG did not comply, in all material respects, with U.S. generally accepted Government auditing standards.RecommendationsFAA concurs with KPMG's five recommendations.

The Office of Inspector General (OIG) performed procedures that were requested and agreed to by Tennessee Valley Authority (TVA) management solely to assist management in determining the validity of the Winning Performance/Executive Annual Incentive Plan (WP) Measures for fiscal year (FY) ended September 30, 2018. The WP Measures data provided to the OIG and to which the agreed-upon procedures were applied is the responsibility of TVA management. In summary, procedures applied by the OIG found: • The FY2018 WP goals for the enterprise measures were properly approved. There were four change forms that clarified the definition sheet formulas for three separate measures. However, these change forms did not impact the measures, weights, and goals of the Enterprise measures.• The FY2018 goals (target) for the corporate multiplier measures were properly approved. • The actual FY to-date results for the enterprise measures agreed with the underlying support.• The actual FY to-date results for the corporate multiplier measures agreed with the underlying support, without exception.• The FY2018 WP payout percentage provided by the Benchmarking and Enterprise Performance organization on November 5, 2018, was mathematically accurate and agreed with the OIG’s recalculation.

The Office of the Inspector General audited TVA’s controls in place to prevent, detect, and respond to ransomware incidents. In summary, we found TVA management generally has appropriate controls in place to prevent, detect, and respond to a ransomware incident. However, for one selected system, we found inappropriate administrative access. To strengthen access controls, TVA currently has an ongoing project to identify, track, and monitor administrative accounts, which is expected to be complete in 2020. In addition, we found improvements were needed in the Ransomware Incident Action Plan. TVA’s Cybersecurity updated the Ransomware Incident Action Plan during our audit.

This management alert presents the results of our review of Inbound International Mail Operations – [Redacted] and nearby offsite facilities. We are issuing this alert to facilitate immediate corrective actions regarding the U.S. Postal Service’s ability to fulfill the U.S. Customs and Border Protection’s advanced electronic data-based holds for inbound international mail. These issues present potential public safety and security concerns to the U.S. Postal Service, its employees, and the general public.