Federal Reports

Why We Did This Report

The U.S. Environmental Protection Agency Office of Inspector General conducted this audit to assess the EPA’s compliance with the fiscal year 2024 Inspector General Federal Information Security Modernization Act of 2014 reporting metrics. The reporting metrics outline five security function areas and nine corresponding domains to help federal agencies manage cybersecurity risks.

Summary of Findings

We assessed the EPA’s information security program effectiveness against the Office of Management and Budget’s FY 2023–2024 Inspector General Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics at the maturity level of Level 4 (Managed and Measurable). The Agency achieved Level 4 ratings for 30, or 81 percent, of the 37 fiscal year 2024 metrics. Overall, we concluded that the EPA achieved a maturity level of Level 4 for the five security functions and nine domains outlined in the IG FISMA Reporting Metrics. This means that the EPA collects quantitative and qualitative measures on the effectiveness of policies, procedures, and strategies across the organization that are used to assess and make necessary changes. We identified that the EPA had deficiencies in the following areas:

• Complete and accurate inventory of EPA information systems.
• Software asset management data. We found that the Agency’s software management asset tool lacks complete and accurate data related to its software license inventory.

We audited the Puerto Rico’s Department of Natural and Environmental Resources (PRDNER’s) use of Federal Emergency and Pandemic Relief Financial Assistance Funds. Our audit objective was to determine whether federal funds received by PRDNER to support its fisheries in recovering from the impacts of the COVID-19 pandemic1 and damages caused by several hurricanes were properly disbursed and used for their intended purpose. We conducted this audit in response to a congressional request, and answers to congressional questions about disaster relief funds are included in this report.

Overall, we found that for the funds it expended, PRDNER properly disbursed and used funds as intended. However, PRDNER was slow in spending funds, as only approximately 7 percent of the total disaster assistance funds ($801,362 of the approximate $11.4 million) have been expended since April 1, 2020. Additionally, PRDNER has expended funds for only 4 of the 17 (approximately 24 percent) combined projects under both awards.

This Office of Inspector General (OIG) Healthcare Facility Inspection program report describes the results of a focused evaluation of the care provided at the VA Memphis Healthcare System in Tennessee. 

This evaluation focused on five key content domains:
   •    Culture
   •    Environment of care
   •    Patient safety
   •    Primary care
   •    Veteran-centered safety net
 

The OIG issued five recommendations for improvement in one domain:
  1.    Environment of care
   •    Crosswalk visibility and pedestrian safety
   •    Doorway and emergency exit safety
   •    Braille signs and auditory cues
   •    Toxic exposure screening completion

This is the third report of the fiscal year 2024 financial statement audits of the Smithsonian Institution performed by the independent accounting firm of KPMG LLP.
 

This letter to Congress reports on NCUA OIG's assessment of the NCUA's 2024 compliance under the Payment Integrity Information Act of 2019 (PIIA).