An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
U.S. Postal Service
Oversight of the Vulnerability Risk Assessment Tool Process
The mission of the U.S. Postal Inspection Service is to support and protect the U.S. Postal Service and its employees, infrastructure, and customers. One of the ways it accomplishes its mission is by providing technological support and risk management tools as well as strategy services designed to mitigate risk and prevent criminal attacks.
What We Did
Our objective was to assess the efficiency and effectiveness of the Postal Service’s and the Postal Inspection Service's oversight of the Vulnerability Risk Assessment Tool (VRAT) process and resolution of identified deficiencies. The VRAT is a risk-based model to identify security deficiencies at postal facilities. For this audit, we judgmentally selected samples of three Postal Inspection Service divisions and 12 Postal Service facilities nationwide for review based on VRAT survey and deficiency data. Additionally, we reviewed VRAT processes, procedures, training, and applicable guidance.
What We Found
The Postal Inspection Service did not effectively oversee the VRAT process. Many surveys were not started or incomplete, deficiencies remained unresolved, and the status for resolved deficiencies was not reported in the system. Additionally, while facility security training included a VRAT component, the Postal Inspection Service and Postal Service did not ensure that all facility management received this training prior to performing VRAT surveys. Lastly, there were instances where personnel from both the Postal Inspection Service and Postal Service duplicated efforts by completing separate VRAT surveys in the same fiscal year at Tier 1 (most critical) and Tier 2 (critical) facilities.
Recommendations and Management Comments
We made six recommendations to strengthen VRAT oversight by improving monitoring and follow-up processes, policies and procedures, and reporting and resolution practices; bolstering facility security training and guidance; and reducing the redundancy of VRAT surveys. Postal Service management agreed with all six recommendations. Management’s comments and our evaluation are at the end of each finding and recommendation.
The Reports Consolidation Act of 2000 requires each inspector general to prepare an annual statement summarizing what the inspector general considers to be “the most serious management and performance challenges facing the agency” and to briefly assess the agency’s progress in addressing those challenges.
Summary of Findings
For fiscal year 2026, we identified two management challenges facing the CSB. We consider these to be the CSB’s greatest vulnerabilities to waste, fraud, abuse, and mismanagement and the most significant barriers to accomplishing the CSB’s mission:
To meet the Tennessee Valley region’s growing demand for power, the Tennessee Valley Authority (TVA) is investing in existing assets and new generation. In fiscal year 2025, TVA invested more than $4.6 billion in capital investments and plans to invest $4.2 billion in fiscal year 2026. Due to potential risks to cost and schedule from rework in TVA projects, we performed an evaluation of contractor rework for Major Projects at TVA. The objectives were to evaluate TVA’s oversight of contractor rework and determine if rework was being handled in accordance with contract terms and conditions. Our scope included active projects in the implementation phase for TVA’s Major Projects organization.
We reviewed nine contracts associated with our sample of projects and identified rework was required for two. We determined the rework was handled in accordance with contract terms and conditions. Specifically, where defects were discovered, contractors took corrective actions to remedy the defects at its expense. However, we also identified a lack of guidance for oversight of rework because TVA’s project management Standard Programs and Processes do not define rework or provide any information on how rework should be documented and tracked.
This management alert presents the issues the U.S. Postal Service Office of Inspector General (OIG) identified during the Effectiveness of Package Verification Solutions audit (Project Number 25-130). Our objective is to provide immediate notification of these issues.
Background
In August 2017, the U.S. Postal Service launched the Automated Package Verification (APV) system to identify insufficient postage for some package volume. The system compares shippers’ reported package weights and measurements with actuals captured on postal processing equipment, charging any additional postage due and refunding overpayments (see Figure 1 for an example of package processing equipment). In 2018, the Postal Service invested $22.6 million to expand APV capabilities to improve revenue protection by evaluating every package that is processed on plant equipment. Since it was introduced, APV has increased Postal Service postage collection by $1.1 billion.
