Federal Reports

Our Objective(s) To perform a quality control review (QCR) of Allmond & Company, LLC's audit of the Surface Transportation Board's (STB) financial statements as of and for the fiscal years ended September 30, 2024, and September 30, 2023. We reviewed Allmond's report, dated November 6, 2024, and related documentation.
About This ReportWe contracted with the independent public accounting firm Allmond & Company, LLC, to audit STB's financial statements, provide an opinion on those financial statements, report on internal control over financial reporting, and report on compliance with laws and other matters.
What We FoundThe independent auditor, Allmond, found one material weakness and three significant deficiencies in STB's internal controls over financial reporting.

Internal controls over preparing, reviewing, and approving journal entries recorded in the general ledger need improvement.
Control activities performed to prepare and review the interim financial statements and footnotes were not adequately designed and implemented.
Employee benefit election forms were not maintained per Office of Personnel Management requirements. Internal controls over the monitoring and review of open obligations need improvement.

Our QCR disclosed no instances in which Allmond did not comply, in all material respects, with U.S. generally accepted Government auditing standards.
RecommendationsWe agree with Allmond's 17 recommendations to help strengthen STB's internal controls.

The passive assessment covered 1,062 drinking water systems for cybersecurity vulnerabilities that serve over 193 million people across the United States. Scan results for October 8, 2024, identified 97 drinking water systems serving approximately 26.6 million users as having either critical or high-risk cybersecurity vulnerabilities. Although not rising to a level of critical or high-risk cybersecurity vulnerabilities, an additional 211 drinking water systems, servicing over 82.7 million people, were identified as medium and low by having externally visible open portals. If malicious actors exploited the cybersecurity vulnerabilities identified in this passive assessment, they could disrupt service or cause irreparable physical damage to drinking water infrastructure. While attempting to notify the EPA about the cybersecurity vulnerabilities, the OIG found that the EPA does not have its own cybersecurity incident reporting system that water and wastewater systems could use to notify the EPA of cybersecurity incidents.

The U.S. Department of Agriculture Office of Inspector General’s Annual Plan for Fiscal Year 2025 describes how OIG plans to accomplish its mission of promoting economy, efficiency, effectiveness, and integrity in the delivery of USDA programs during the fiscal year.

The report contains an unmodified opinion on Natural Resources Conservation Service’s (NRCS) financial statements as of September 30, 2024 and 2023, as well as an assessment of NRCS’ internal controls over financial reporting and compliance with laws and regulations.

The NRC OIG contracted with Sikich to audit the FY 2024 financial statements of the United States Nuclear Regulatory Commission (NRC). Sikich found:
• The financial statements as of and for the fiscal year ended September 30, 2024, are presented fairly, in all material respects, in accordance with accounting principles generally accepted in the United States of America;
• The NRC maintained, in all material respects, effective internal control over financial reporting as of September 30, 2024; and,
• No reportable noncompliance for fiscal year 2024 with provisions of applicable laws, regulations, contracts, and grant agreements we tested.

The report contains an unmodified opinion on Federal Crop Insurance Corporation/Risk Management Agency's (FCIC/RMA) financial statements as of September 30, 2024, as well as an assessment of FCIC/RMA’s internal controls over financial reporting and compliance with laws and regulations.