Federal Reports

The Federal Information Security Modernization Act (FISMA) requires annual evaluations of the information security program at each federal agency. The Department of Homeland Security and the Office of Management and Budget review the results, which are used to develop a report to Congress on agencies’ compliance with FISMA. The OIG contracted with an independent public accounting firm to assess VA’s information security program for fiscal year (FY) 2019, in accordance with FISMA. CliftonLarsonAllen LLP evaluated 49 major applications and general support systems hosted at 24 VA facilities that support the Veterans Health Administration, Veterans Benefits Administration, and National Cemetery Administration. The firm concluded that VA continues to face significant challenges meeting FISMA requirements and made 25 recommendations. It noted that all recommendations were repeated or modified from previous reports on FISMA compliance. The firm recommended that VA address security related issues that contributed to the information technology weakness reported in the FY 2019 audit of VA’s consolidated financial statements. It also recommended improving deployment of security patches, system upgrades, and system configurations that would mitigate significant security vulnerabilities and enforce a consistent process across field offices. Another recommendation was to improve performance monitoring to ensure controls are operating as intended, and to communicate identified security deficiencies to appropriate personnel. VA successfully closed three previous recommendations for FISMA compliance in FY 2019. CliftonLarsonAllen LLP will follow up on the outstanding recommendations and evaluate VA’s corrective actions during its FISMA audit for FY 2020. If VA continues to delay corrective actions, a material weakness in informational technology security controls may be reported in the FY 2020 audit of VA’s consolidated financial statements.

The purpose of this report is to bring to your attention needed improvements that the Office of Inspector General (OIG) identified while reviewing the implementation of Peace Corps PEPFAR Financial Guidance. For this review, we assessed how overseas posts followed the Peace Corps’ guidance when using the President’s Emergency Plan for AIDS Relief (PEPFAR) funding for payments. Our review found that the Peace Corps does not have adequate policy, procedures, and guidance to ensure that PEPFAR funds received by the Peace Corps are appropriately managed. Further, we found that the Peace Corps is not adequately complying with the limited PEPFAR guidance it has promulgated.

The Office of Inspector General (OIG) performed an inspection of the subject topic to address specific questions raised in a Congressional request. In response to the request, we assessed actions taken by the Food and Nutrition Service to award a contract to provide electronic payment software to support the use of the Supplemental Nutrition Assistance Program (SNAP) electronic benefits transfer (EBT) services at farmers markets and direct marketing farmers. We reviewed relevant laws, regulations, policies and procedures related to awarding the contract. This inspection was conducted in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation. The report contains sensitive information and will not be publicly released due to privacy concerns.

This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board's Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report, which is available at the link below.

Semiannual Report to the Congress October 1, 2019 - March 31, 2020

This report summarizes work that we initiated and completed during this semiannual period on a number of critical Departmental activities. Over the past 6 months, our office issued 20 products related to our audit, evaluation, and inspection work. These products addressed programs and personnel associated with the Bureau of Industry and Security (BIS), U.S. Census Bureau (the Bureau), U.S. Economic Development Administration (EDA), First Responder Network Authority (FirstNet), International Trade Administration (ITA), National Oceanic and Atmospheric Administration (NOAA), U.S. Patent and Trademark Office (USPTO), and the Department itself. This report also describes our investigative activities addressing programs and personnel associated with ITA, the Minority Business Development Agency (MBDA), National Institute of Standards and Technology (NIST), NOAA, USPTO, and the Department itself. In October 2019, we issued our annual report identifying what we consider, from our oversight perspective, to be the top management and performance challenges facing the Department in fiscal year (FY) 2020, a summary of which begins on page 2.