Federal Reports

The VA Office of Inspector General (OIG) conducted this audit to determine whether VA complied with the law governing geospatial data and to follow up on recommendations from its previous report. VA’s administrations rely on geospatial data when supporting budgets, performing strategic planning, and making policy decisions to provide health care, benefits, and burial services to veterans.In its previous report, the OIG found VA was not compliant with three covered agency requirements: VA was not compliant with requirements 1 and 3 because all necessary actions had not been completed, and VA was not compliant with requirement 9 because it had not met additional recommended criteria to protect personal privacy and maintain confidentiality. Since the previous report, VA continues to move toward compliance. For this audit, the OIG found VA was not compliant with two of the 12 requirements. According to VA officials, VA does not collect, hold, manage, or consume declassified geospatial data, and the OIG team did not find evidence to the contrary, making the related requirement not applicable.While VA was found not compliant with requirements 5 and 9, the OIG only made two recommendations regarding requirement 9 because VA is working toward satisfying requirement 5. The OIG’s two recommendations follow: (1) reevaluate the risk determination for the Veterans Health Administration Geographic Information System and determine if the system should be set to a security categorization level of moderate based on the personally identifiable information and other sensitive data maintained in the system and (2) reassess whether the security incidents were a breach and instruct staff associated with the incident response process that each security and privacy incident that occurs must be captured on a separate Privacy Security Events Tracking System ticket and investigation details must be accurately documented and confirmed.

The VA Office of Inspector General (OIG) assessed the oversight and stewardship of funds by the VA Northeast Ohio Healthcare System and sought to identify potential cost efficiencies. This inspection examined four financial activities and administrative processes to determine whether appropriate controls and oversight were in place: use of managerial cost accounting information, open obligations oversight, purchase card use, and supply chain management operations.The inspection team found that the healthcare system’s use of managerial cost accounting information did not fully align with federal financial accounting standard practices regarding performance measurement, budgeting, cost control, and making economic decisions. The healthcare system also did not always comply with policy to review open obligations and deobligate funds no longer needed. As a result of the healthcare system’s lack of follow up and reconciliations, the team estimated at least $5.5 million in open obligations were invalid, should have been deobligated, and could have been put to better use.Further, the OIG found that 18 of 52 sampled purchase card transactions did not comply with VA policy. Violations included lack of supporting documentation and untimely approvals of reconciliations. The team estimated 100 transactions totaling about $561,000 were modified into smaller parts. And, the healthcare system could benefit from improving the efficiency of inventory oversight by ensuring inventory values are recorded correctly in the Generic Inventory Package. Establishing local processes and procedures for the timely review of data to detect and correct errors would increase the reliability of inventory data and could help ensure metrics are met.The OIG made 10 recommendations for improvement. The recommendations address issues that, if left unattended, may eventually interfere with financial efficiency practices and the strong stewardship of VA resources.

Since 2020, the Department of Homeland Security has taken certain actions to address cyber and physical security threats to the election infrastructure but has adjusted its efforts to combat disinformation. The Cybersecurity and Infrastructure Security Agency (CISA) added a new Election Security Advisor position in each of its 10 regions to provide specialized assistance to election infrastructure stakeholders. CISA also continues to provide security resources to state and local partners to improve election infrastructure security, such as cyber and physical security assessments and tabletop exercises.