Federal Reports

The Federal Information Security Modernization Act of 2014 (FISMA) provides a comprehensive framework for establishing and ensuring the effectiveness of managerial, operational, and technical controls over information technology (IT) that supports Federal operations and assets and provides a mechanism for improved oversight of Federal agency information security programs. FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce IT security risks to an acceptable level. FISMA requires agency program officials, Chief Information Officers (CIO)s, Chief Information Security Officers (CISO)s, senior agency officials for privacy, and inspectors general to conduct annual reviews of the agency’s information security program.

72nd Semiannual Report to the Congress

An Amtrak customer service representative based in Oakland, California, resigned from her position on October 10, 2024, prior to her administrative hearing. Our investigation found that the former employee violated company policies by allowing individuals who were not entitled to pass travel privileges to travel on her pass. During her interview, the former employee admitted to her actions.

William Leonard and Kevin Leonard, both California residents, pleaded guilty on May 15, 2024, in U.S. District Court, Southern District of California, to conspiracy and health care fraud charges. William and Kevin Leonard were patient brokers who unlawfully brokered patients to clinical treatment facilities owned and operated by Paragon Recovery LLC. In exchange, William and Kevin Leonard received kickbacks payments. The scheme resulted in the fraudulent billing of insurance companies for services that were not performed.Previously, Stephen Reeder, an Ohio resident, pleaded guilty on January 22, 2024, to Conspiracy related to a health care fraud scheme. Reeder was the program director at Paragon Recovery, which operated a clinical treatment facility in California. Our investigation found that Reeder and others conspired to solicit, offer, and receive illegal remunerations for referrals to clinical treatment facilities. Specifically, at the direction of the owners of Paragon Recovery, Reeder caused payment to be made to William and Kevin Leonard for patients they referred to the facility. Amtrak’s insurance providers were billed approximately $1,152,000 over the course of the scheme.

Mastermind of Multimillion-Dollar Penny-Stock Scam Indicted for Fraud and Obstruction

Our Objective(s)To evaluate FAA’s oversight of Boeing 737 and 787 production, specifically its processes for (1) identifying and resolving production issues and (2) addressing allegations of undue pressure within the production environment.Why This AuditAviation safety is FAA’s primary mission, and FAA’s oversight of passenger aircraft in the United States includes ensuring that aircraft manufacturers meet requirements when producing new aircraft. However, since 2018, Boeing has experienced multiple manufacturing issues, in addition to complaints alleging ongoing production deficiencies and undue pressure on staff. In response to these concerns, the Chairmen and Ranking Members of the House Transportation and Infrastructure Committee and its Subcommittee on Aviation and the Chair of the Senate Committee on Commerce, Science, and Transportation requested this audit.What We FoundWeaknesses in FAA’s oversight processes and systems limit its ability to identify and resolve Boeing production issues.FAA’s approach to overseeing Boeing manufacturing and production does not use data-driven assessments to target audits, and FAA has not structured its audits to perform comprehensive assessments.FAA has not adequately ensured that Boeing and its suppliers can produce parts that conform to the approved design. FAA does not require its inspectors to review First Article Inspections that are intended to ensure a manufacturer’s processes can, at the outset, produce parts that meet engineering and design requirements.Further, FAA’s compliance system cannot track milestones or determine whether potential repetitive noncompliances have occurred, nor has FAA assessed the effectiveness of Boeing’s Safety Management System.Finally, FAA has not established criteria to return delegated authority to Boeing’s Organization Designation Authorization (ODA).FAA continues to face challenges addressing allegations of undue pressure within Boeing’s aircraft manufacturing.FAA issued guidance for reporting allegations of interference to FAA. However, FAA has not enforced requirements that Boeing provide information in sufficient detail on alleged undue pressure allegations. Additionally, changes to FAA’s review process have delayed FAA’s ability to resolve allegations of undue pressure reported by Boeing.Further, despite FAA organizational changes to improve oversight, FAA managers did not know about the investigations of ongoing undue pressure allegations when they initiated a request to expand the authorized functions of Boeing’s ODA.RecommendationsWe made 16 recommendations to improve FAA oversight of Boeing aircraft production.