Federal Reports

This report transmits the results of the Federal Election Commission Office of the Inspector General fiscal year (FY) 2025 annual review of the FEC's compliance with the Payment Integrity Information Act of 2019 (PIIA).

The Department of Homeland Security Office of Intelligence and Analysis (I&A) and Office of the Chief Information Officer (OCIO) did not effectively manage and secure I&A mobile devices, resulting in vulnerabilities and a higher risk of cyberattacks, unauthorized access to sensitive information, and waste. • Two I&A-developed apps used to share intelligence with law enforcement and first responders had three vulnerabilities known to I&A but not remediated, risking exploitation.  • 76 percent of apps installed on I&A mobile devices pose security risks, are prohibited, or allow prohibited activities. • I&A and OCIO did not ensure I&A devices were authorized and protected for use outside of the United States, increasing the risk of exploitation by foreign adversaries. • I&A accounted for only 11 percent of mobile devices recorded in OCIO’s asset management system as issued to I&A staff, and OCIO did not properly sanitize disposed-of I&A mobile devices, risking protection of sensitive information.  • 27 percent of mobile device and 44 percent of mobile device management system security settings did not comply with DHS requirements, exposing devices to cybersecurity risks such as unauthorized access and data breaches. These deficiencies occurred in part because I&A did not address known vulnerabilities in mobile apps.  Additionally, OCIO did not establish or enforce security policies and procedures for mobile devices and supporting infrastructure, and in some cases had not identified vulnerabilities.  Also, I&A’s foreign travel policy was outdated, and OCIO had not implemented separate security controls for I&A devices used for international travel.   Data Access: OCIO denied us direct access to ServiceNow, which precluded an independent, comprehensive review of the data. 

The VA Office of Inspector General (OIG) reviewed whether the Veterans Benefits Administration’s (VBA) automated Pension and Fiduciary Service decisions correctly granted survivors’ entitlement to service-connected death benefits from September 2023 through August 2024. The OIG found legal and procedural deficiencies in automated rating decisions and notification letters. At least 8,000 decisions or letters omitted favorable findings and had issues such as incomplete evidence summaries and incorrect formatting. At least 2 percent of decisions had legal errors, resulting in an estimated $2.7 million in improper payments. A review of additional cases through November 2025 confirmed similar errors. The quality review process for automated claims was less rigorous than for traditional claims, and VA’s modernization plan to Congress did not fully explain how some claims were completely processed from beginning to end by automation.

Deficiencies stemmed from flaws in automation rules and processes that, if not addressed, will recur because the system applies predefined rules without human involvement. Oversight tools were inadequate, and procedural guidance changes did not fully address risks.

The OIG made three recommendations to the under secretary for benefits to strengthen automation processes and oversight. These include improving legal compliance in automated decisions, enhancing quality review standards, and ensuring transparency in reporting automation practices to Congress. VBA concurred in part with the first recommendation, concurred with the second, and concurred in principle with the third.

Why We Did This Report

We conducted this audit to determine whether the Environmental Finance Centers, which are funded by annual and Infrastructure Investment and Jobs Act appropriations and perform work in EPA Region 4 states, are accomplishing the outputs and outcomes established in their cooperative agreements.

Summary of Findings

We found that six out of the eight Environmental Finance Centers, or EFCs, that provided technical assistance, or TA, in EPA Region 4 exceeded their target output for the number of communities receiving TA over the first year of performance under their cooperative agreements.