Federal Reports

Our Objective(s)To (1) determine whether MARAD has implemented an information management system for the SAPR Program that complies with NDAA requirements and (2) assess the system's cybersecurity and privacy controls.
Why This AuditThe 2023 National Defense Authorization Act (NDAA) required MARAD to establish for the U.S. Merchant Marine Academy's (USMMA) Sexual Assault Prevention and Response (SAPR) Program an information management system (IMS) for sexual assault and sexual harassment claims, and for the Office of Inspector General to conduct a cybersecurity audit of the system.
What We FoundMARAD has not established an information management system for USMMA's SAPR Program that complies with NDAA requirements.

Instead of acquiring a new IMS, USMMA uses a spreadsheet system for the SAPR Program.
USMMA officials acknowledge that this spreadsheet system does not meet the Academy's needs.
The SAPR Program tracks and maintains most but not all required information in its spreadsheet system.
The program also has not implemented a process to update the records of acquitted individuals in its spreadsheet system.

The SAPR Program's spreadsheet system lacks sufficient cybersecurity and privacy controls.

The program's spreadsheet system lacks the cybersecurity controls required by the National Institute of Standards and Technology and the Department of Transportation's Cybersecurity Compendium to properly secure and protect the confidentiality, integrity, and availability of the program's sensitive data and information.
MARAD's Privacy Officer has not analyzed the spreadsheet system to determine what privacy protections should be implemented to protect personally identifiable information stored in the system.

Recommendations We have made four recommendations to improve MARAD's oversight of USMMA's Sexual Assault Prevention and Response Program.

The EPA did not monitor bus deployment status and recipient use of over $836 million of 2022 Clean School Bus, or CSB, Program rebates, despite the Agency stating it would do so in the 2022 Clean School Bus (CSB) Rebates Program Guide. As of June 2024, only 22, or 6.1 percent, of the 360 schools that received rebates in 2022 had completed their rebate closeouts. At the time of this audit, we found that ten, or 59 percent, of the 17 schools we reviewed are in the process of installing the infrastructure necessary to operate the new clean buses and may not meet the program closeout deadline of October 2024. Additionally, the EPA did not provide guidance to recipients on how funds should be managed. We found that, contrary to multiple OIG briefings on strategies to reduce fraud risk, the EPA allowed recipients to keep CSB funds in accounts with other funds or earn interest on rebate funds while they wait to pay the final invoices, which increases the risk of program funds and interest earned being used for other purposes.

During the reporting period, the Office of Audits completed and published the Fiscal Year (FY) 2023 and FY 2024 Federal Information Security Modernization Act (FISMA) audits and the Payment Integrity Information Act audit; the latter two were completed by independent public accountants (IPAs) overseen by the Office of Audits. Additionally, the audit team began work on the following audits: FY 2024 CFTC Financial Statements; FY 2024 CFTC Customer Protection Fund Financial Statements; CFTC’s Compliance with the Government Charge Card Act; and CFTC’s Enterprise Risk Management Program. The audit team is also working with the Council of Inspectors General on Financial Oversight (CIGFO) in its review of the effectiveness and internal operations of the Financial Stability Oversight Council (FSOC) designation of nonbank financial companies. In addition, we established the Office Evaluations and initiated an evaluation into the CFTC’s non-disclosure policies, forms, and agreements to assess compliance with the Whistleblower Protection Enhancement Act of 2012.

Dependency and Indemnity Compensation is a monthly benefit paid to eligible survivors of service members who died in the line of duty or as a result of a service related injury or illness. Under the PACT Act, survivors with previously denied claims may be newly eligible for Dependency and Indemnity Compensation related to toxic exposure. These survivors may reapply for benefits and might receive retroactive payments dating back to the original date of entitlement. The OIG conducted this review to assess the accuracy of VBA’s processing of Dependency and Indemnity Compensation claims reopened under the PACT Act.

The OIG team reviewed two statistical samples of claims that were reopened under the PACT Act after having previously been denied. One set were claims that, after being reprocessed, were again denied; the other set were claims that were granted after being reprocessed. Both sets involved claims completed from January 1 through July 31, 2023. The OIG found that pension management center staff generally denied these claims appropriately; however, there were some inaccuracies when claims were granted. Errors stemmed from unclear guidance on how to reevaluate claims and from a lack of information system enhancements and resulted in a projected $33.1 million in underpayments to survivors. The OIG made three recommendations to correct errors and improve the claims process.

We audited WSFR grants awarded by FWS to the North Carolina Department of Environmental Quality, Division of Marine Fisheries to ensure compliance and cost allowability.

The PACT Act significantly expanded veterans’ eligibility for disabilities that VA presumes are related to exposure to toxic substances. The VA Office of Inspector General (OIG) conducted this review to determine whether Veterans Benefits Administration (VBA) staff processed PACT Act claims for presumptive disabilities in accordance with applicable laws and procedures before denying them.

This report highlights that claims processors sometimes requested unwarranted examinations, which delayed claims processing and burdened veterans, or the processors did not return examinations for clarification when there was insufficient or conflicting information. Claims processors also sometimes requested medical opinions to determine service connection for disabilities the PACT Act presumed to be connected to service. These errors resulted in unnecessary payments for examinations and medical opinions, as well as underpayments to veterans. Additional errors had the potential to affect veterans’ benefits, such as when claims processors prematurely based decisions on inadequate or inconsistent examination results before denying veterans’ claims.

The OIG team also identified errors in claims processing that, while correctly denying service connection, resulted in an estimated $1.4 million in unnecessary costs for unwarranted examinations and medical opinions in the six-month review period. Underpayments were also identified totaling about $56,700 for two veterans’ claims during the same period who were improperly denied service connection. The team also found an estimated minimum of 870 potential errors that could affect veterans’ benefits. The OIG acknowledges that VBA has taken steps to address these kinds of errors for examinations, but that work is ongoing.

VBA concurred with the OIG’s two recommendations to update the claims processing manual to clarify when examinations and medical opinions are needed and to continue to develop tools to aid claims processors in determining when they are needed and to evaluate their effectiveness.