Federal Reports

What We Looked AtIn response to a request from the Maritime Administration (MARAD), the National Academy of Public Administration (NAPA) reviewed MARAD’s core functions, including its role within the Department of Transportation and its contributions to the Nation. NAPA’s 2017 report included 27 recommendations to address weaknesses it identified in MARAD’s ability to articulate and meet its mission. The National Defense Authorization Act for Fiscal Year 2020 directed our office to audit MARAD’s actions to address 16 of NAPA’s 27 recommendations—related to the Agency’s program alignment, training mission, and other issues. Accordingly, the objective of this audit was to assess MARAD’s actions to address the 16 recommendations from NAPA’s 2017 report specified by Congress. What We FoundMARAD took action on 15 of the 16 recommendations we reviewed. It completed 5 of 10 recommendations related to overarching issues impacting its effectiveness, and 2 of 6 recommendations that focused on its ability to provide adequate qualified merchant mariners to meet commercial and national security needs. Nine recommendations had not been completed at the time of our audit. MARAD partially completed eight and decided not to take action on the ninth—determining that the costs outweighed the benefits. Five recommendations were partially completed because they were dependent on coordination with MARAD’s stakeholders. The other three were partially completed for a variety of reasons, including MARAD’s need to finalize policies and procedures. MARAD has indicated that it plans to take action on all of the partially completed recommendations. However, the Agency lacks updated milestones for completion or an ongoing process for tracking implementation that will place it in a better position to fulfill its mission and meet the Nation’s commercial and security needs. Our RecommendationsWe made two recommendations to facilitate MARAD’s further progress in addressing the NAPA recommendations. MARAD concurred with both recommendations and proposed appropriate actions and completion dates. Accordingly, we consider both recommendations as resolved but open pending completion of the planned actions.

For our final report on the evaluation of the United States Patent and Trademark Office’s (USPTO’s) Patent Term Adjustment (PTA) and Patent Term Extension (PTE) processes, our objectives were to determine whether USPTO (1) calculates and awards PTA and PTE in compliance with relevant statutes, regulations, and case law; (2) has adequate internal controls to ensure the proper calculation and award of PTA and PTE; and (3) uses valid and reliable data to calculate PTA and PTE.We contracted with The MITRE Corporation (MITRE)—an independent firm—to perform this evaluation. Our office oversaw the progress of this evaluation to ensure that MITRE performed the evaluation in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation (December 2020) and contract terms. However, MITRE is solely responsible for the attached report and conclusions expressed in it.

The VA Office of Inspector General (OIG) conducted this review to assess the merits of an allegation made to its hotline regarding misuse of a veteran’s funds. The daughter of a now-deceased veteran for whom no VA fiduciary was appointed alleged that staff of a state veterans home in California moved her father to a memory care unit without a diagnosis of impaired memory and took control of his funds. Although the veteran was transferred to the memory care unit, the OIG did not substantiate that staff moved him there without a diagnosis of impaired memory and took control of his funds. The Veterans Benefits Administration (VBA) electronic claims file contained a statement signed by a nurse practitioner at the home attesting to his cognitive decline, and the veteran’s death certificate listed the cause of death as cardiorespiratory arrest, progressive debility and decline, and cognitive decline.Concerning his finances, documentation revealed it was not the home but the state of California that took control of the veteran’s funds. The OIG found that neither a bank statement nor the direct deposit form submitted to VA listed the state veterans home as a joint account holder. A representative from the California Department of Veterans Affairs confirmed that the veteran’s funds were frozen to recover unreimbursed care costs. According to California law, the state has the authority to recover any unreimbursed costs of care from the personal property assets of veterans who die while residing in a state veterans home.The OIG made no recommendations but determined VBA had not finalized a decision regarding the veteran’s ability to manage his benefits payments, which might have led VA to appoint a fiduciary. The OIG addressed this in a separate management advisory memorandum to VA.

OIG is required by the Federal Information Security Management Act to assess SBA’s information security program every year. In FY 2020, SBA had an unprecedented volume of loan and grant applications because of the Coronavirus Aid, Relief, and Economic Security (CARES) Act and other related pandemic legislation. As a result, the agency experienced new information security challenges. We tested a subset of systems in eight areas, called “domains,” and evaluated them using guidance for FISMA metrics. Inspectors General are required to assess the effectiveness of information security programs on a maturity model spectrum. We rated SBA’s overall program of information security as ”not effective” because SBA only achieved a maturity level rating of “managed and measurable” in one of the eight domains. Based on tests of the eight information systems, we determined the results of each domain as follows:1. Risk Management — Defined2. Configuration Management—Defined3. Identity and Access Management — Consistently Implemented4. Data Protection and Privacy — Consistently Implemented5. Security Training — Defined6. Information Security Continuous Monitoring — Defined7. Incident Response — Managed and Measurable8. Contingency Planning — Consistently Implemented. We made 10 recommendations in five of the domains: three recommendations in risk management, three recommendations for configuration management, two for identity and access management, one recommendation for security training, and one for information security continuous monitoring. SBA management agreed with the recommendations in this report.

The Office of the Inspector General (OIG) conducted an inspection of GPO’s Suspension and Debarment Program to understand its overall process, associated timelines, and evaluate the effectiveness of the dissemination of debarments inside and outside of GPO.