Federal Reports

On November 30, 2018, the VA Office of Inspector General (OIG) received a request from 12 senators and one congressman to investigate allegations that VA planned to withhold retroactive payments for missed or underpaid monthly housing stipends for students under the Harry W. Colmery Veterans Education Assistance Act, also known as the Forever GI Bill. This Issue Statement discloses the information that the OIG provided to those members of Congress with some additional context. During December 2018 and January 2019, OIG staff conducted interviews with VA and contract personnel involved in the Forever GI Bill implementation efforts. The OIG also reviewed internal VA documents and the results of an independent assessment conducted by the MITRE corporation. The OIG found that the Veteran’s Benefits Administration (VBA) failed to modify their electronic systems by the required date to make accurate housing allowance payments under sections 107 and 501. These sections fundamentally redesign how VBA pays monthly housing allowances to veterans using the Post-9/11 Educational Assistance Program. VA lacked an accountable official to oversee the project during most of the effort. This resulted in unclear communication and inadequately defined expectations of the VA offices and contractors involved. In November 2018, the VA Secretary named the Under Secretary for Benefits as the official responsible for implementing the Forever GI Bill. The OIG conducted this review in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standard for Inspection and Evaluation, except for the advance reporting standards. Due to the nature of the objective to respond to congressional inquiries and disclose that information to the VA and the public, not distributing a draft to VA did not have an effect on this Issue Statement and there are no recommendations requesting VA’s response.

We conducted this review to determine whether the Department of Health and Human Services (HHS) had addressed known vulnerabilities in its oversight of the Small Business Innovation Research (SBIR) program to ensure that program funds were being spent appropriately. In 2014, we reported vulnerabilities within HHS's SBIR program and made four recommendations to improve HHS's oversight. HHS implemented two recommendations from our 2014 report prior to this review. However, HHS had not formally notified OIG of any actions to implement the two outstanding recommendations-with which HHS had concurred-regarding awardee eligibility and duplicative funding. Since implementation of the SBIR program in 1982, HHS has obligated or awarded nearly $13 billion in awards to small businesses pursuing innovative research ideas.

The OIG investigated conflict of interest allegations against a Bureau of Land Management (BLM) Supervisor. The complaint alleged that the Supervisor favored a family member in official matters involving drilling permits for the family member’s employer, an oil and gas company, and his family’s property.Our investigation showed the allegations were unfounded. We determined that the Supervisor processed Applications for Permits to Drill (APDs) in accordance with policy and without bias. We also found no evidence that the Supervisor influenced official matters involving his family’s property. Finally, we learned that BLM supervisors and department ethics officials were aware of the Supervisor’s familial relationships and approved his continued involvement with the APDs.This is a summary of an investigative report that we provided to the BLM Director.

What We Looked AtThis report presents the results of our quality control review (QCR) of KPMG LLP's management letter related to the audit it conducted, under contract with us, of the Department of Transportation's (DOT) consolidated financial statements for fiscal years 2018 and 2017. In addition to its audit report on DOT's financial statements, KPMG issued a management letter that discusses four internal control matters that it was not required to include in its audit report.What We FoundOur QCR of KPMG's management letter disclosed no instances in which KPMG did not comply, in all material respects, with generally accepted Government auditing standards.RecommendationsKPMG made eight recommendations in its management letter. DOT concurred with all eight recommendations.

What We Looked AtFAA manages air traffic control operations through a complex network of information systems and air traffic control facilities. Cyber-based threats are rapidly evolving and could threaten the connectivity of this complex aviation infrastructure. In 2016, Congress passed the FAA Extension, Safety, and Security Act. Section 2111 of the act establishes requirements for FAA to enhance cybersecurity. The Chairmen and Ranking Members of the House Committee on Transportation and Infrastructure and the Subcommittee on Aviation requested that we assess FAA's progress in addressing section 2111's requirements.What We FoundAs required by section 2111, FAA has completed a cybersecurity strategic plan, coordinated with other Federal agencies to identify cyber vulnerabilities, and developed a cyber threat model and cyber research and development plan. However, the Agency has not completed a comprehensive, strategic policy framework to identify and mitigate cybersecurity risks. For example, the Agency has not established target dates to complete implementation of recommendations from its working group established to recommend cybersecurity rulemaking and policies for aircraft systems. Furthermore, while FAA is applying its cyber threat model across the National Airspace System, mission support, and research and development areas, it has not established target dates for full model implementation. Finally, as outlined in its cybersecurity research and development plan, FAA anticipates increased investments in research areas, but has not completed decisions on its research and development priorities in upcoming fiscal years.RecommendationsFAA concurred with all three of our recommendations and proposed appropriate actions and completion dates.