An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Department of Commerce
Audit of the Department’s Vulnerability Reporting and Resolution Program
We assessed the effectiveness of the Department’s program for managing public-reported vulnerabilities in its public-facing information technology systems. We found that the Department established a vulnerability disclosure program; however, it was not fully effective. Specifically, the Department’s vulnerability disclosure policy (VDP) did not include all internet-accessible systems, the VDP’s testing guidelines restricted the tools public security researchers could use to identify system vulnerabilities, the Department did not always fully remediate reported vulnerabilities, and the Department did not always remediate vulnerabilities within established deadlines.
The Office of Inspector General is tasked with ensuring efficiency, accountability, and integrity in the U.S. Postal Service. We also have the distinct mission of helping to maintain confidence in the mail and postal system, as well as to improve the Postal Service's bottom line. We use audits and investigations to help protect the integrity of the Postal Service. Our Semiannual Report to Congress presents a snapshot of the work we did to fulfill our mission for the six-month period ending September 30, 2025. Our dynamic report format provides readers with easy access to facts and information, as well as succinct summaries of the work by area. Links are provided to the full reports featured in this report, as well as to the appendices.
We are pleased to present our report for the period April 1, 2025, to September 30, 2025. In this semiannual period, our audit, evaluation, and investigative activities identified more than $31.4 million in questioned costs; funds to be put to better use; recoveries, fees, and savings; and opportunities for the Tennessee Valley Authority (TVA) to improve its programs and operations. This report also includes a feature, “40 Years of Making TVA Better,” that looks back at the last four decades—the environment TVA operated in each decade and the Inspectors General that lead our office as well as highlights some of the significant projects in each decade.
The national focus to be the leader in advancing nuclear technological innovation and artificial intelligence places TVA in a spotlight to drive and deliver additional energy sources that can both help meet growing energy demand in the Valley and set the standard for the utility industry. This requires due diligence in areas that are emerging and have significant consequence. As TVA navigates these unprecedented times, our office will continue providing independent and object oversight that promotes effective and efficient operations and prevents and detects fraud, waste, and abuse.
The VA Office of Inspector General (OIG) conducted a healthcare inspection at the Lexington VA Healthcare System (system) in Kentucky to determine the validity of an allegation that patients seeking or receiving acute mental health treatment did not receive the care needed.
The OIG substantiated quality of care deficiencies for two patients seeking acute mental health treatment at the system. Multiple staff did not recognize one patient’s personally owned insulin pump as a potential lethal means, which allowed the patient to attempt suicide. Following the attempted suicide, leaders did not implement system-wide actions to mitigate the risk associated with insulin pumps for patients who have suicidal ideation. Additionally, a psychiatrist did not provide a second patient with emergency department discharge instructions or document care in the electronic health record (EHR) consistent with Veterans Health Administration (VHA) policy. The psychiatrist’s documentation included copied and pasted information and a derogatory, critical comment about the patient.
The OIG determined the System Director and Chief of Staff did not ensure that quality management processes, including safety assessment scoring, a root cause analysis, and peer review, were conducted accurately and completely to address system vulnerabilities and patient safety risks for two patients.
The System Director concurred with and provided action plans for the OIG’s eight recommendations related to personally owned insulin pumps, an insulin pump policy, compliance with discharge instructions, review of a psychiatrist’s EHR entries, accuracy of safety assessment code scores, education on root cause analysis processes, and psychiatrist peer representation at the system Peer Review Committee for psychiatry case reviews. The OIG also published a separate report with one recommendation to the Under Secretary for Health to consider specific VHA guidance related to personally owned insulin pumps as a lethal means when patients are deemed at risk for suicide.
Our Objective(s)
To assess the status of the Federal Transit Administration's (FTA) unexpended Hurricane Sandy funds.
Why This Audit
In January 2013, FTA received $10.9 billion for the widespread damage Hurricane Sandy caused to transportation infrastructure when it hit the mid-Atlantic and Northeastern United States. FTA retained approximately $10 billion of these funds to obligate to grant recipients for Hurricane Sandy related recovery, relief, and resiliency programs. Yet, as of March 2024, approximately $3.8 billion (38 percent) remained unspent. Additionally, our Agency's prior work identified concerns with FTA's tracking and oversight of its Hurricane Sandy funds, including issues with timely recipient spending of the funds.
What We Found
Most of FTA's grants with unexpended Hurricane Sandy funds have prolonged project activity.
Twenty-eight grants in our audit universe have ongoing project activities with completion milestones from April 2025 to July 2030.
FTA heavily relies on recipients' self-reporting to obtain the status of and activity associated with their unexpended Hurricane Sandy funds.
We identified 14 grants for which recipients expended a total of approximately $95.4 million for costs incurred after the grants' periods of performance ended. This $95.4 million represent questioned costs.
FTA's oversight was not sufficient to encourage expedited spending of Hurricane Sandy funds or to reduce the risks of ineligible costs.
FTA's Hurricane Sandy grants with unexpended funds are not closed despite recipients completing all project activity.
We identified six FTA Hurricane Sandy grants, representing $96.9 million in unexpended funds, that remain open despite recipients completing all project activities anywhere from approximately 1 to 8 years ago.
The recipients extended project milestones without requesting extensions to the grants' performance periods to align with project activity updates.
Without an updated grant performance period that aligns with project completion milestones, FTA lacks a reliable benchmark to assess the timeliness of grant closeout.
Further, FTA has no guidance or timeframes for its recipients to carry out the steps needed between completing project activity and beginning the grant closeout process. As a result, the process for grant closeout and deobligation of unexpended funds may be inefficient.
Recommendations
We made 4 recommendations to improve FTA's management of unexpended Hurricane Sandy funds.
This audit was performed by the independent public accounting firm KPMG LLP (KPMG) on behalf of the Department of Energy Office of Inspector General. KPMG audited the balance sheet of the Department Nuclear Waste Fund (NWF), as of September 30, 2025, and the related statements of net cost, changes in net position, and budgetary resources for the year then ended.
The audit’s objective was to obtain reasonable assurance about whether the financial statements, as a whole, are free from material misstatement, whether due to fraud or error, and to issue an auditors’ report that included an opinion.
KPMG performed the audit in accordance with generally accepted government auditing standards.
KPMG concluded that the financial statements present fairly, in all material respects, the financial position of the NWF as of September 30, 2025, and its net costs, changes in net position, and budgetary resources for the year ended, in accordance with U.S. generally accepted accounting principles.
As part of its review, KPMG also considered the NWF’s internal control over financial reporting and tested for compliance with certain provisions of laws, regulations, contracts, and grant agreements that could have a direct material effect on the financial statements. The review identified certain deficiencies in internal control that KPMG considered to be a significant deficiency as it related to internal controls over information technology systems. During testing of the NWF’s various financial systems, KPMG identified access control deficiencies associated with controls over provisioning of new or modified user access, recertification of existing user access, and terminating of user access. Furthermore, control deficiencies were identified over providing least privileged access and segregation of duties.
There were no formal recommendations for this particular review. As such, there was no formal response required.