Federal Reports

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

The objective of the FY 2025 Federal Information Security Modernization Act (FISMA) audit was to determine whether the U.S. Department of Education’s (Department) overall information technology (IT) security program and practices are effective as they relate to Federal information security requirements. To determine the effectiveness of the Department’s information security program, the audit team utilized the FY 2025 Inspector General FISMA reporting metrics, which required that an independent assessor evaluate core and supplemental reporting metrics identified by the Office of Management and Budget. To properly conclude on the effectiveness of the Department’s information security program and practices, a rotational strategy was used to select five in-scope systems not evaluated in the previous year’s audit. Overall, the audit team found that the Department’s information security programs and practices were effective supporting the five in-scope systems, as nine out of 10 FISMA domains were effective, and one FISMA domain was not effective. Additionally, a total of 16 conditions were identified and 5 recommendations were made across the ten FISMA domains indicating potential areas of improvement for the Department. 

The VA Office of Inspector General (OIG) conducted a healthcare inspection at the VA New Mexico Healthcare System (facility) to assess allegations and concerns related to the care of a patient who was labeled as ineligible for care and senior leaders’ associated response.

In early 2024, the patient was admitted to the facility and applied for healthcare benefits. The patient inaccurately reported income on the application, and benefits were declined. Social work staff, aware of the inaccuracies, did not ensure information was corrected. Additionally, staff attempted to arrange post-hospital services only available to eligible patients and failed to coordinate follow-up care after discharge.

In spring 2024, the patient returned to the facility, was admitted, and then discharged the same day due to being labeled as ineligible for care. The OIG did not substantiate that a podiatrist was forced to discharge the patient. However, knowledge and communication deficits contributed to the following deficiencies:
•    The emergency department provider did not follow stated practice to transfer or admit the patient. 
•    Staff missed another opportunity to update the patient’s financial information.
•    The podiatrist did not seek Chief of Staff approval to continue care at the facility or transfer the patient to a community hospital.
•    Staff did not provide an adequate discharge plan. Instead, the patient was left alone on a bench to await ambulance transport and did not receive written discharge instructions.
•    The podiatrist did not contact the community hospital to share information.
•    The nurse officer of the day failed to address a nurse’s attempt to escalate concerns.

The OIG found senior leaders did not effectively use root cause analysis processes or apply High Reliability Organization principles to assess the spring 2024 discharge. First-year podiatry residents were not supervised according to Veterans Health Administration policy.

The OIG made 15 recommendations to the Facility Director.

This is the audit of the NEA's information technology systems security. Due to security concerns, this report is not published on the internet. You can obtain a copy of this report through a freedom of information act request at the following link: https://www.arts.gov/freedom-information-act-guide

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

The OIG Audit Division conducted an audit to assess the effectiveness of GPO’s inventory management and identify opportunities for cost savings and program improvements. Our audit focused on non-moving inventory.