Federal Reports

The Office of Inspector General is issuing this inspection report to assess the U.S. Small Business Administration’s (SBA) initial response to Hurricane Milton, including staffing, loan application volume, response time to applicant queries, and timeliness of disaster loan approvals.

We found that in SBA’s initial disaster assistance response to Hurricane Milton, the agency promptly established a field presence, adequately staffed recovery centers, and responded timely to applicant queries.

Although SBA processed loan applications in 17 days on average, the agency was unable to disburse all but one of those loans during a 68-day funding lapse. As a result, the overall processing time from application receipt to disbursement of funds was 73 days on average for applications submitted before or during the funding lapse and 19 days on average for applications submitted after supplemental appropriations were approved.

We recommended SBA review current outreach strategies, including staffing assignments, and make appropriate changes to optimize resources, thereby ensuring maximum awareness of available assistance to disaster survivors. We also recommended the agency implement processes to gather feedback from applicants that would assist in monitoring the effectiveness of its outreach methods.

SBA management partially agreed with Recommendation 1 and agreed with Recommendation 2. Management’s response and planned action satisfy the intent of both recommendations.

The OIG receives requests from VA’s National Acquisition Center to validate vendors’ data and compliance with Federal Supply Schedule (FSS) contract terms and conditions. The VA FSS program supports the acquisition needs of VA and other government agencies for medical equipment, supplies, pharmaceuticals, and services by contracting with vendors that provide the items at a discount. The OIG reports its findings to the National Acquisition Center, but the reports are not published because they contain sensitive commercial information.

This report summarizes 20 reports the OIG issued to the National Acquisition Center in fiscal years (FYs) 2023 and 2024. The report presents overall findings in three areas: vendors’ compliance with FSS terms and conditions, noncompliance that could be pursued under the False Claims Act, and net overcharges to the government. In the 20 reports, the OIG identified overbillings and noncompliance with the price adjustment clause, the price reductions clause, the industrial funding fee and sales reporting clause, and the trade agreements clause, as well as with the Veterans Health Care Act of 1992 and shipping charges. The OIG issued two False Claims Act reports in FY 2023 and determined the impact to the government was $13,833,997 in overcharges, of which VA was able to recover about $13,418,977. Finally, the OIG calculated about $20.1 million in overall net overcharges to the government.

Federal agencies purchased about $18.9 billion in products and services through VA’s FSS program during FY 2023 and $21.4 billion in FY 2024. The OIG’s findings and recommendations helped VA collect about $19.5 million in net overcharges (97 percent of the about $20.1 million).

Like other organizations, Amtrak (the company) has been migrating its existing technology systems and data and deploying new systems to the cloud, and its efforts are ongoing. During our ongoing audit of the company’s cloud computing practices, we identified two pressing cybersecurity issues. We are providing this early alert to bring these issues to the company’s immediate attention. Given the sensitive nature of the information, we are summarizing the results in this public version of the report.

SUMMARY OF RESULTS

Our work to date on the company’s cloud computing practices, which we plan to continue, identified two matters for immediate consideration. In commenting on a draft of this interim report, the company’s Executive Vice President for Digital Technology and Innovation agreed with our matters for consideration and described actions the company plans to take to address them.

U.S. Customs and Border Protection’s (CBP) inconsistent processes for
identifying special interest aliens (SIAs) created disparities in alien
screening. In July 2023, CBP’s Office of Field Operations (OFO) San Diego
Field Office and the U.S. Border Patrol (Border Patrol) Yuma and El Centro
sectors had a process to identify and provide additional screening of SIAs,
yet San Diego sector did not. This inconsistency occurred because CBP did
not have an agency-wide policy stating whether to identify aliens from
certain countries as SIAs. As a result, aliens from countries with links to
terrorism entered at least one CBP region that did not provide additional
screening.

To comply with Section 508 of the Rehabilitation Act of 1973, VA must make the information and communication technology it uses accessible to veterans with disabilities and anyone else seeking VA information. The OIG conducted this audit to follow up on a 2024 report on areas where VA’s implementation and monitoring of Section 508 requirements could be improved and to evaluate whether the procurement process for information and communication technology meets Section 508 standards.

The OIG team sampled 30 critical information technology and communications systems for review. The team did not independently verify compliance with Section 508 standards and relied on self-reporting by VA to assess progress and deficiencies. Of the 30 systems, VA’s Office of 508 Compliance classified only four as compliant. The OIG concluded that VA officials did not ensure the sampled information technology systems they procured would meet the accessibility standards required by law. The team also reviewed contract documentation for the 30 systems and found contracting officers and the designated officials for VA program offices did market research on vendors that could meet business requirements, but they took no additional action to verify that sampled systems were accessible to individuals with disabilities.

The OIG made four recommendations, including that the assistant secretary for information and technology ensure staff receive training and updated guidance on their roles and responsibilities. VA should also ensure the Office of 508 Compliance receives complete market research showing the technology VA seeks to procure is the most compliant under Section 508. The OIG also recommended the deputy assistant secretary for acquisition and logistics develop policies for ensuring information and communications technology procurements comply with Section 508.