Federal Reports

The National Institute of Standards and Technology’s (NIST’s) Hollings Manufacturing Extension Partnership (MEP) is a national network of 51 MEP Centers—in all 50 states and Puerto Rico—providing any U.S. manufacturer with resources to improve production processes, upgrade technological capabilities, and facilitate product innovation. NIST makes federal financial assistance awards in the form of cooperative agreements to state, university, and nonprofit organizations to operate the Centers.

This report provides additional results identified during our evaluation of MEP economic impact reporting (OIG-24-037-I), as well as actions taken by NIST in response to our work. Specifically, the report provides details on two specific instances in which our work prompted NIST to conduct its own review and issue notices of material noncompliance to Centers.

First, we found that the California Center and its subrecipient did not accurately report program income. Second, we found that the Maryland Center’s use of state grant funds was unallowable and not properly reported. Our findings in both cases led to NIST issuing the Centers notices of material noncompliance.

We made four recommendations to help NIST recover amounts owed by these Centers, ensure that the California Center and its subrecipients accurately report program income, and ensure that the Maryland Center correctly uses funds on other NIST awards.
 

The Office of Inspector General (OIG) inspected two U.S. Department of Agriculture (USDA) offices to assess inventory and information security controls for excessing USDA’s computer equipment. OIG’s objectives were to determine whether USDA is effectively managing excess equipment in its inventory and whether controls exist to provide reasonable assurance that USDA has adequate security over its excessed equipment.

What the OIG Found

According to GAO’s strategic plan, it will reduce costs of operations, in part, by leveraging cloud-based technologies. Transferring data into the cloud (data ingress) is often free to users; however, some providers charge data egress fees for accessing data or transferring it out of the cloud. Despite the minimal costs GAO has incurred for data egress, opportunities exist for GAO to improve its monitoring and cost estimating processes for cloud services.

The OIG found that, due to other priorities, GAO did not establish formal procedures implementing cloud cost management policies such as instituting and reviewing budget threshold alerts and cloud service usage reports. Due to the lack of procedures, GAO may not fully meet its strategic objective related to managing and reducing the cost of its cloud-based technologies in the future.

The OIG also found that GAO officials did not include data egress fees in a major system’s cost estimate and did not document the exclusion because they deemed data egress fees minimal. As a result, GAO may not be fully aware of the total costs for its cloud initiatives, which could impact its ability to implement new projects and the operation and maintenance of existing initiatives.

Why the OIG Did This Audit

The OIG conducted this audit to (1) describe GAO’s efforts to address data egress fees in procuring cloud services and (2) assess the extent to which the estimated costs of GAO’s cloud services programs quantify data egress fees.

Recommendations

GAO concurred with the OIG’s recommendations to (1) establish cost management procedures for its cloud systems, including addressing data egress fees and the implementation and review of alerts and reports, and (2) develop an oversight mechanism to ensure that all fees, including data egress fees, are quantified in the cost estimate, or the exclusion of any costs is documented.