Federal Reports

We assessed the effectiveness of the Department’s program for managing public-reported vulnerabilities in its public-facing information technology systems. We found that the Department established a vulnerability disclosure program; however, it was not fully effective. Specifically, the Department’s vulnerability disclosure policy (VDP) did not include all internet-accessible systems, the VDP’s testing guidelines restricted the tools public security researchers could use to identify system vulnerabilities, the Department did not always fully remediate reported vulnerabilities, and the Department did not always remediate vulnerabilities within established deadlines.

The Office of Inspector General is tasked with ensuring efficiency, accountability, and integrity in the U.S. Postal Service. We also have the distinct mission of helping to maintain confidence in the mail and postal system, as well as to improve the Postal Service's bottom line. We use audits and investigations to help protect the integrity of the Postal Service. Our Semiannual Report to Congress presents a snapshot of the work we did to fulfill our mission for the six-month period ending September 30, 2025. Our dynamic report format provides readers with easy access to facts and information, as well as succinct summaries of the work by area. Links are provided to the full reports featured in this report, as well as to the appendices.

We are pleased to present our report for the period April 1, 2025, to September 30, 2025.  In this semiannual period, our audit, evaluation, and investigative activities identified more than $31.4 million in questioned costs; funds to be put to better use; recoveries, fees, and savings; and opportunities for the Tennessee Valley Authority (TVA) to improve its programs and operations.  This report also includes a feature, “40 Years of Making TVA Better,” that looks back at the last four decades—the environment TVA operated in each decade and the Inspectors General that lead our office as well as highlights some of the significant projects in each decade.

The national focus to be the leader in advancing nuclear technological innovation and artificial intelligence places TVA in a spotlight to drive and deliver additional energy sources that can both help meet growing energy demand in the Valley and set the standard for the utility industry.  This requires due diligence in areas that are emerging and have significant consequence. As TVA navigates these unprecedented times, our office will continue providing independent and object oversight that promotes effective and efficient operations and prevents and detects fraud, waste, and abuse.

The VA Office of Inspector General (OIG) conducted a healthcare inspection at the Lexington VA Healthcare System (system) in Kentucky to determine the validity of an allegation that patients seeking or receiving acute mental health treatment did not receive the care needed.

The OIG substantiated quality of care deficiencies for two patients seeking acute mental health treatment at the system. Multiple staff did not recognize one patient’s personally owned insulin pump as a potential lethal means, which allowed the patient to attempt suicide. Following the attempted suicide, leaders did not implement system-wide actions to mitigate the risk associated with insulin pumps for patients who have suicidal ideation. Additionally, a psychiatrist did not provide a second patient with emergency department discharge instructions or document care in the electronic health record (EHR) consistent with Veterans Health Administration (VHA) policy. The psychiatrist’s documentation included copied and pasted information and a derogatory, critical comment about the patient. 

The OIG determined the System Director and Chief of Staff did not ensure that quality management processes, including safety assessment scoring, a root cause analysis, and peer review, were conducted accurately and completely to address system vulnerabilities and patient safety risks for two patients.

The System Director concurred with and provided action plans for the OIG’s eight recommendations related to personally owned insulin pumps, an insulin pump policy, compliance with discharge instructions, review of a psychiatrist’s EHR entries, accuracy of safety assessment code scores, education on root cause analysis processes, and psychiatrist peer representation at the system Peer Review Committee for psychiatry case reviews. The OIG also published a separate report with one recommendation to the Under Secretary for Health to consider specific VHA guidance related to personally owned insulin pumps as a lethal means when patients are deemed at risk for suicide.

This audit was performed by the independent public accounting firm KPMG LLP (KPMG) on behalf of the Department of Energy Office of Inspector General. KPMG audited the balance sheet of the Department Nuclear Waste Fund (NWF), as of September 30, 2025, and the related statements of net cost, changes in net position, and budgetary resources for the year then ended.

The audit’s objective was to obtain reasonable assurance about whether the financial statements, as a whole, are free from material misstatement, whether due to fraud or error, and to issue an auditors’ report that included an opinion.

KPMG performed the audit in accordance with generally accepted government auditing standards.

KPMG concluded that the financial statements present fairly, in all material respects, the financial position of the NWF as of September 30, 2025, and its net costs, changes in net position, and budgetary resources for the year ended, in accordance with U.S. generally accepted accounting principles.

As part of its review, KPMG also considered the NWF’s internal control over financial reporting and tested for compliance with certain provisions of laws, regulations, contracts, and grant agreements that could have a direct material effect on the financial statements. The review identified certain deficiencies in internal control that KPMG considered to be a significant deficiency as it related to internal controls over information technology systems. During testing of the NWF’s various financial systems, KPMG identified access control deficiencies associated with controls over provisioning of new or modified user access, recertification of existing user access, and terminating of user access. Furthermore, control deficiencies were identified over providing least privileged access and segregation of duties.

There were no formal recommendations for this particular review. As such, there was no formal response required.

This audit was performed by the independent public accounting firm of KPMG LLP (KPMG) on behalf of the Department of Energy Office of Inspector General. KPMG audited the balance sheet of the Department’s Federal Energy Regulatory Commission, as of September 30, 2025, and the related statement of net cost, changes in net position, custodial activity, and statement of budgetary resources for the year then ended.

The audit’s objective was to obtain reasonable assurance about whether the financial statements, as a whole, are free from material misstatement, whether due to fraud or error, and to issue an auditors’ report that included an opinion.

KPMG performed the audit in accordance with generally accepted government auditing standards.

KPMG concluded that the financial statements present fairly, in all material respects, the financial position of the Federal Energy Regulatory Commission as of September 30, 2025, and its net cost, changes in net position, custodial activity, and budgetary resources for the year then ended, in accordance with U.S. generally accepted accounting principles. KPMG also considered the Federal Energy Regulatory Commission’s internal control over financial reporting as part of their review and did not identify any deficiency in internal control over financial reporting that is considered a material weakness. KPMG tested for compliance with certain provisions of laws, regulations, contracts, and grant agreements that could have a direct material effect on the financial statements. The results of the auditors’ review disclosed no instances of noncompliance or other matters required to be reported under Government Auditing Standards, applicable Office of Management and Budget guidance, or the Federal Financial Management Improvement Act of 1996.

There were no formal recommendations for this particular review. As such, there was no formal response required.

DFC is at a pivotal juncture. The Trump administration has established government-wide priorities centered on making America safer, stronger, and more prosperous. To help advance these goals, DFC has been tasked with significant new responsibilities. These responsibilities include partnering with Ukraine on the United States–Ukraine Reconstruction Investment Fund and focusing investments in new sectors, such as nuclear energy technology, artificial intelligence, and drone technology. Further, DFC faces reauthorization and current proposals call for dramatically increasing the Corporation’s contingent liability and expanding the use of equity, among other changes.

In addition to new responsibilities, DFC has experienced leadership turnover. DFC did not have a permanent CEO for most of 2025, 3 and its public sector board members and politically appointed leadership are new to DFC. DFC also experienced a 25 percent workforce reduction with many employees retiring or taking the administration’s deferred resignation program. Thus, the Corporation must position itself to take on new responsibilities and prioritize investments in new sectors with fewer staff. This year’s Top Management Challenges identifies three key items DFC should consider: (1) Updating the Strategic Plan Due to Changes in Priorities and Leadership; (2) Developing a Strategic Workforce Plan; and (3) Streamlining the Origination Process. Addressing these challenges will help DFC achieve its mission.