Federal Reports

We audited information systems controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment as part of the internal control assessments for the fiscal year 2019 financial statements audit under the Chief Financial Officer’s Act of 1990. Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information system security and financial management requirements. We focused our assessment on the general controls over HUD’s IBM mainframe general support system.The OIG has determined that the contents of this audit report would not be appropriate for public disclosure and has therefore limited its distribution to those officials listed on the report distribution list.

The Office of the Inspector General conducted a review of the Commercial Energy Solutions Origination and Renewables (O&R) organization to identify factors that could impact O&R’s organizational effectiveness. During the course of our evaluation, we identified behaviors that had a positive impact on O&R. These included interactions with team members and leadership. While O&R met targets for a majority of their metrics and furthered initiatives within the organization, we also identified risks to business operations and achievement of future O&R initiatives. These included educational needs, such as the need for training and the lack of documented processes and procedures, technology needs, and insufficient staffing for the future within and outside O&R. In addition, business partners discussed areas for improvement, including collaboration and O&R strategy.

In March 2020, the World Health Organization declared the coronavirus (COVID-19) outbreak a global pandemic. The Tennessee Valley Authority (TVA) began taking steps to keep employees and their families’ safe, while also ensuring the agency could fulfill its mission of service. Due to the ongoing pandemic and its impact on TVA’s workforce related to mandatory telework and staffing, we initiated an evaluation to assess TVA’s response to COVID-19. The objective of our evaluation was to assess TVA’s response to COVID-19. Our scope included actions taken by TVA related to staffing, employee safety, telework, and lessons learned. We determined most actions taken by TVA in response to COVID-19 related to staffing, employee safety, and telework were reasonable. Specifically, (1) TVA’s policies align with the Centers for Disease Control and Prevention and federal guidelines, (2) TVA took actions to document and communicate lessons learned, (3) feedback from employees and management was positive regarding changes made in response to COVID-19 on employees and their work. However, we identified potentially misleading marketing language used to promote unproven technology to combat COVID-19. In addition, we identified some opportunities for improvement related to extended telework, mask usage at TVA facilities, and information management practices. Additionally, we identified some required elements were not present in the continuity of operations plan for TVA’s River Forecast Center.

The Office of Inspector General (OIG) is initiating an audit of the AbilityOne ComplianceProgram. Our overall objective is to determine whether the Compliance Program has beenimplemented effectively to provide reasonable assurance of nonprofit agency and centralnonprofit agency compliance with applicable laws, regulations, and policies. To answer ouraudit objective, we will 1) review laws, regulations, policies, and procedures applicable tothe Compliance Program, 2) conduct interviews with key personnel, and 3) analyze data,reports, and other supporting documentation related to compliance reviews.

What We Looked AtAccording to U.S. Bank, Department of Transportation (DOT) employees made more than 1.1 million travel card transactions--totaling $180 million--in calendar year 2019. In 2014, we reported on internal control weaknesses in the Department's travel card program and found that excessive or unauthorized cash advances and instances of travel card misuse sometimes went undetected because DOT lacked robust internal controls to prevent these transactions. In addition, our annual charge card risk assessments disclosed areas that constitute risk to the Department's charge card program such as outdated and incomplete policies, overdue travel card training, and a travel card account that remained active after a travel cardholder (TCH) separated from the Agency. As a result, we determined that another audit of this program was needed. Accordingly, our objective was to determine whether DOT's internal controls for its travel card program are effectively designed and operating efficiently to prevent and detect travel card misuse and abuse.What We FoundWe identified internal control weaknesses that prohibit DOT from preventing or detecting the inappropriate use of travel cards. These weaknesses have resulted in TCHs not consistently following existing controls, increasing the risk of travel card misuse and abuse. Specifically, based on our findings for 71 of the 793 travel card transactions in our samples, TCHs did not always follow prescribed controls for an estimated $18.6 million in purchases. Furthermore, we found that TCHs did not use their Government travel cards to pay for $28 million in official travel related expenses, thus preventing DOT from receiving the total amount of rebates it would be eligible to receive.RecommendationsWe made 11 recommendations to assist DOT in increasing the effectiveness of its internal controls. DOT fully concurred with the all of our recommendations, and we consider them resolved but open pending completion of the planned actions.

Our previous work at other hospitals identified these types of hospital claims, among others, that were at risk for noncompliance:• inpatient claims billed with elective surgical procedures,• inpatient claims billed with high-risk DRG codes, • inpatient claims billed with high-severity-level DRG codes,• inpatient claims billed for mechanical ventilation, and • outpatient claims with payments greater than $25,000.For the purposes of this report, we refer to these areas at risk for incorrect billing as “risk areas.” We reviewed these risk areas as part of this audit. Medicare payments may not be made for items or services that “are not reasonable and necessary for the diagnosis or treatment of illness or injury or to improve the functioning of a malformed body member” (Social Security Act (the Act) § 1862(a)(1)(A)). In addition, the Act precludes payment to any provider of services or other person without information necessary to determine the amount due the provider (§ 1815(a)).Federal regulations state that the provider must furnish to the Medicare contractor sufficient information to determine whether payment is due and the amount of the payment (42 CFR § 424.5(a)(6)).Claims must be filed on forms prescribed by CMS in accordance with CMS instructions (42 CFR § 424.32(a)(1)). The Medicare Claims Processing Manual (the Manual) requires providers to complete claims accurately so that Medicare contractors may process them correctly and promptly (Pub. No. 100-04, chapter 1, § 80.3.2.2). The Manual states that providers must use HCPCS codes for most outpatient services (chapter 23, § 20.3). The Office of Inspector General (OIG) believes that this audit report constitutes credible information of potential overpayments. Upon receiving credible information of potential overpayments, providers must exercise reasonable diligence to identify overpayments (i.e., determine receipt of and quantify any overpayments) during a 6-year lookback period. Providers must report and return any identified overpayments by the later of (1) 60 days after identifying those overpayments or (2) the date that any corresponding cost report is due (if applicable). This is known as the 60-day rule. The 6-year lookback period is not limited by OIG’s audit period or restrictions on the Government’s ability to reopen claims or cost reports. To report and return overpayments under the 60-day rule, providers can request the reopening of initial claims determinations, submit amended cost reports, or use any other appropriate reporting process. The Hospital is a 171-bed hospital located in Kansas City, Kansas. According to CMS’s National Claims History (NCH) data, Medicare paid the Hospital approximately $124 million for 11,128 inpatient and 53,868 outpatient claims between January 1, 2016, and December 31, 2017 (audit period).

The Medicare hospice benefit allows providers to claim Medicare reimbursement for hospice services provided to individuals with a life expectancy of 6 months or less and who have elected hospice care. Previous OIG reviews found that Medicare inappropriately paid for hospice services that did not meet Medicare requirements.Our objective was to determine whether hospice services provided by Hospice Compassus, Inc., of Tullahoma, Tennessee (Tullahoma), complied with Medicare requirements.