Federal Reports

The U.S. Small Business Administration (SBA) Office of Inspector General contracted with the independent certified public accounting firm KPMG LLP to conduct an audit of SBA’s consolidated balance sheet as of September 30, 2025 and the related notes. KPMG was not engaged to audit the consolidated statement of net cost, consolidated statement of changes in net position, and combined statement of budgetary resources. Our contract required KPMG to conduct the audit in accordance with Government Auditing Standards and Office of Management and Budget Bulletin No. 24-02, Audit Requirements for Federal Financial Statements.

KPMG issued a disclaimer of opinion on the consolidated balance sheet as of September 30, 2025. A disclaimer means that an auditor was unable to obtain sufficient information to determine whether the organization’s financial statements were accurate. The basis for the disclaimer was that because of control deficiencies identified, SBA was unable to provide adequate evidential matter in support of a significant number of transactions and account balances related to the Paycheck Protection Program and Economic Injury Disaster Loan programs. Additionally, management was unable to provide sufficient appropriate audit evidence to support the data used to develop assumptions used in the subsidy allowance estimate for SBA’s direct loan and loan guaranty programs.

During the audit, KPMG identified four material weaknesses and one significant deficiency in internal control over financial reporting. Material weaknesses are a serious concern that an organization’s financial reporting controls are not effective to detect major errors or fraud. We note that SBA made considerable progress addressing prior year audit findings, resulting in the successful remediation of two material weaknesses (controls over general information technology and controls over the evaluation of service organizations) and the downgrading of one material weakness (controls over monitoring Restaurant Revitalization Fund and Shuttered Venue Operators Grant programs) to a significant deficiency. Appendices I and II of this report describe details of KPMG’s conclusions about the material weaknesses and significant deficiency. KPMG also identified three instances of noncompliance with applicable laws or other matters, which are discussed in Appendix III of this report.

Why We Did This Report

This report describes an issue that the U.S. Environmental Protection Agency Office of Inspector General identified during its audit of the U.S. Infrastructure Investment and Jobs Act-funded IRL Council for the Indian River Lagoon National Estuary Program grant program.
 

Summary of Findings

The EPA OIG found that the IRL Council did not complete or submit any of the required Federal Financial Reports, or FFRs, for the first two years of its award and stated the reason was that the EPA did not request annual FFRs. This raised concerns that the EPA was not requiring any National Estuary Program, or NEP, award recipients to submit FFRs annually as mandated by 2 C.F.R. § 200.328.

Today, the U.S. Consumer Product Safety Commission Office of Inspector General released their semiannual report for the reporting period ending September 30, 2025.  The report is part of the semiannual requirement to communicate OIG oversight activities of the CPSC to Congress and the American people.

Due to the importance of protecting the Tennessee Valley Authority’s (TVA) operations from external cyber events, we performed an audit of TVA’s transmission control center network cybersecurity. The audit objective was to determine if TVA has sustainable processes for identifying, implementing, and managing the network architecture to reduce the overall cybersecurity risk to TVA resources in their transmission networks.  The audit scope was limited to TVA’s transmission control center network.  We made one recommendation to TVA management. The specifics are being withheld from public release due to their sensitive nature in relation to TVA’s cybersecurity. 

Beginning in 2021, the U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG) conducted several audits to assess HUD’s anti-fraud efforts and to develop inventories of fraud risks for several of its programs. Our previous work found that HUD’s fraud risk management program was in its early stages of development and we recommended that HUD perform program-specific fraud risk assessments and incorporate these assessments into an agency-wide plan to further advance its program. To continue assisting HUD in improving its anti-fraud efforts, we conducted this work to identify potential fraud risks and schemes that could negatively impact HUD’s Office of Community Planning and Development disaster recovery funding.

CPD had made progress in its efforts to identify fraud risks for its disaster recovery program. Specifically, CPD identified several fraud risks at the disaster recovery program level and documented them in a fraud risk inventory. To further assist CPD with its fraud risk efforts, we developed our own fraud risk inventory that includes additional fraud risks. To develop our inventory, we first identified seven fraud risk factors affecting disaster recovery funding that increase the chance of fraud by heightening the incentives, opportunities, and likelihood for rationalization by individuals inclined to commit fraud. We then used those fraud risk factors, along with the results of brainstorming sessions, interviews, and reviews of audit reports, investigations, press releases from HUD’s Office of Inspector General (HUD OIG) and other Federal agencies, to develop the inventory containing 57 potential fraud risks, 20 of which CPD had previously identified in its fraud risk inventory. Fraudulent misappropriation of disaster recovery funding undermines program integrity, compromises taxpayer dollars, and hinders disaster recovery efforts, ultimately harming the affected communities.

We recommend that HUD’s Office of Community Planning and Development (CPD) improve its anti-fraud efforts by using the fraud risk inventory our office developed and its Office of the Chief Risk Officer’s risk catalog. We also recommend involving key stakeholders in the disaster recovery program’s risk identification process and communicating the identified fraud risks to relevant stakeholders, such as grantees and subrecipients, to enhance fraud prevention, detection, and response efforts within HUD and grantees’ disaster recovery programs. We further recommend that CPD use its fraud risk inventory to help identify data needs and potential system enhancements to improve its ability to monitor and respond to fraud risks in the Disaster Recovery program.

In accordance with the Reports Consolidation Act of 2000, the Inspector General is providing information on what he considers to be the most serious management and performance challenges facing the U.S. Consumer Product Safety Commission in fiscal year 2026. Congress left the determination and threshold of what constitutes a most serious management and performance challenge to the discretion of the Inspector General. These challenges are defined as mission critical areas or programs that have the potential to be a significant weakness or vulnerability that would greatly impact agency operations or strategic goals if not addressed by management.

The Delivering For America: Our Vision and Ten-Year Plan to Achieve Financial Sustainability and Service Excellence (DFA plan), released in March 2021, outlines the U.S. Postal Service’s 10-year strategy to transform into a high-performing, financially sustainable organization. With the release of Delivering For America 2.0: Fulfilling the Promise in September 2024, the Postal Service provided a blueprint for its path forward.

We, the U.S. Postal Service Office of Inspector General (OIG), have provided essential oversight of the Postal Service for nearly 30 years, and since the release of the DFA plan, have integrated an independent and objective review of its implementation into our work. This is the third in our series of DFA oversight reports in which we focused on two core areas outlined in the DFA plan: achieving service excellence and attaining financial stability.

Overall, our analysis of progress toward key initiatives shows mixed results. While the Postal Service (USPS) has made meaningful investments in infrastructure, fleet modernization, and pricing reforms, service performance has been inconsistent, and financial outcomes have fallen short of break-even targets.

As the Postal Service’s transformation is ongoing, our oversight will continue to focus on whether these efforts deliver measurable improvements in reliability, customer experience, and fiscal health that would ensure the Postal Service remains a vital, self-sustaining part of the nation’s infrastructure.