Federal Reports

For our final report on our audit of the Economic Development Administration’s (EDA’s) Disaster Relief Workforce Planning, our audit objective was to determine whether EDA’s workforce planning process for awarding and administering the Disaster Supplemental funds was adequate and effective. We found that (1) EDA has not developed and implemented a comprehensive workforce plan to meet the current and future needs of the organization and (2) EDA’s recruitment efforts are significantly behind its established milestones to ensure that EDA has adequate staff available to handle the increased workload.

The Office of Inspector General (OIG) completed a final action verification of all 21 recommendations in Audit Report 88501-0002-12, Management and Security Over USDA's Universal Telecommunications Network. The purpose of our final action verification was to determine if the Office of the Cheif Information Officer (OCIO) and the Office of Pprocurement and Property Management (OPPM) provided the Office of the Chief Financial Officer (OCFO) sufficient documentation that supported the management decision reached with OIG and was satisfactory for closing the audit report recommendations.

The information security program of the Corporation for National and Community Service (CNCS) has been assessed as not effective with little progress over the past three years. While security training remains an area of strength at CNCS, performance in this area is outweighed by the substantial risks resulting from the continuing control weaknesses in configuration management, identity, and access management, and data protection and privacy. For example, the CNCS network continues to be exposed to critical and high severity vulnerabilities stemming from un-patched software, improper configuration settings, and unsupported software. These types of gaps limit the protection of CNCS’s systems and data and may expose sensitive information, including Personally Identifiable Information, to unauthorized access and use.Our report offers 33 recommendations (22 new, 3 modified, and 8 repeats), which if implemented, will assist CNCS in addressing challenges in its development of a mature and effective information security program. Also, we again recommend that CNCS complete a strategic analysis of the government-wide metrics and the weaknesses identified in this evaluation, to develop a multi-year approach designed to realize steady, measurable improvements in information security in each of the domains and security function areas. Implementing such a plan will require CNCS to allocate sufficient resources, including staffing, and to be accountable for interim milestones, in order to reach an overall effective rating.