Federal Reports

The VA Office of Inspector General (OIG) conducted this review to determine whether the Veterans Benefits Administration’s (VBA) Records Management Center disclosed third-party information (including social security numbers of other service members and medical professionals) when responding to Privacy Act requests. The act requires VBA to let beneficiaries review their claims files and have copies made. Many VBA records include third-party information, which had been redacted until a May 2016 policy change. VBA changed the policy that month because the redaction requirement was a major contributor to its massive requests backlog. Redaction also interfered with VBA’s plans to give veterans online access to their records. The May 2016 policy change did not require third parties to be notified when their information was released, meaning individuals at risk of identity theft might not be aware of that risk. VBA also did not communicate the policy change to veterans and service members. The OIG also found VBA put individuals at risk by not following procedures to encrypt sensitive information on discs mailed to veterans.The review of a random sample of 30 Privacy Act responses found 1,027 unrelated third party names and social security numbers. The OIG determined those disclosures raised legal concerns and estimated that responses under the May 2016 policy put millions of people at risk of identity theft. VA’s Office of General Counsel, however, had provided VBA with legal support for the policy change, despite the risk.The OIG asked the under secretary for benefits in a December 11, 2018, memo to immediately suspend VBA’s release policy and reevaluate the Privacy Act request program. After initially rejecting the request, the under secretary responded on June 19, 2019, saying VBA concluded that a policy update was necessary, and redactions would resume by October 1, 2019.

We contracted with Williams, Adley & Company-DC, LLC, an independent certified public accounting firm (CPA firm), to audit the financial statements of the National Endowment for the Arts (Arts Endowment) for the fiscal year ended September 30, 2019. In the Independent Auditors' Report, the CPA firm concluded that Arts Endowment’s financial statements were fairly presented in all material respects and thereby issued an unmodified opinion on those statements. In the Report on Internal Control, the CPA firm did not identify any deficiencies. However, the CPA firm noted a matter related to missing approval for personnel actions. This matter is further communicated in the Management Letter (MLC-2019-01). In the Report on Compliance, the CPA firm concluded that there were no instances of noncompliance by the Arts Endowment with applicable laws and regulations that have a material effect on the financial statements insofar as they relate to accounting matters.

What We Looked AtWe contracted with the independent public accounting firm KPMG LLP to audit the Federal Aviation Administration’s (FAA) financial statements as of and for the fiscal years ended September 30, 2019, and September 30, 2018, and to report on internal control over financial reporting and compliance with laws and other matters. The contract requires the audit to be performed in accordance with U.S. generally accepted Government auditing standards, Office of Management and Budget audit guidance, and the Governmental Accountability Office’s and Council of the Inspectors General on Integrity and Efficiency’s Financial Audit Manual. In connection with the contract, we performed a quality control review of KPMG’s report dated November 9, 2019, and related documentation, and inquired of its representatives. What We FoundOur quality control review disclosed no instances in which KPMG did not comply, in all material respects, with U.S. generally accepted Government auditing standards. RecommendationsFAA concurred with KPMG’s seven recommendations. We agree with KPMG’s recommendations and are not making any additional recommendations.

This report presents the results of our audit of FHA’s principal financial statements and notes for the fiscal years ending September 30, 2019 and 2018, including our report on FHA’s internal control and test of compliance with selected provisions of laws, regulations, contracts, and grant agreements. In our opinion, FHA’s fiscal years 2019 and 2018 financial statements were presented fairly, in all material respects, in accordance with the U.S. generally accepted accounting principles for the Federal Government. Our opinion is reported in FHA’s Fiscal Year 2019 Annual Management Report. The results of our audit of FHA’s principal financial statements and notes for the fiscal years ending September 30, 2019 and 2018, including our report on FHA’s internal control and test of compliance with selected provisions of laws, regulations, contracts, and grant agreements applicable to FHA, are presented in this report. Our audit disclosed one significant deficiency in internal controls and no instances of noncompliance with applicable laws, regulations, contracts, and grant agreements, which are discussed further in the body of this report.

We evaluated the Bureau of Reclamation’s (BOR’s) management of the San Luis Demonstration Treatment Plant (Demo-Plant). The Demo-Plant did not provide the agricultural drainage services mandated by statute and presented in the San Luis Unit drainage planning documents and, as of the beginning of 2018, did not consistently meet operational performance goals referenced in the cooperative agreement. In addition, the BOR did not effectively oversee the cooperative agreement.We, therefore, concluded that the BOR did not effectively manage the Demo-Plant, spending a reported $67.8 million as of May 18, 2018, for a plant that did not provide the salt disposal critical to agricultural drainage services and did not consistently meet its operational performance goals. In addition, the drainage needs, environmental reviews, and cost estimates for the San Luis Unit area are out-of-date; thus, years of additional planning will be needed for any future drainage activities.This is the final in a series of three reports about the Demo-Plant. We make seven recommendations to address the weaknesses in the BOR’s management of the Demo-Plant. The BOR responded to our draft report on May 17, 2019. Based on the response, we consider Recommendation 1 resolved but not implemented and Recommendations 2 – 7 unresolved. We will refer Recommendation 1 to the Assistant Secretary for Policy, Management and Budget to track implementation and Recommendations 2 – 7 for resolution and to track implementation.

We audited purchase card transactions and governing internal controls at the U.S. Department of the Interior (DOI).Our objectives were to determine whether (1) the bureaus implemented enhanced internal controls for the increase in the micropurchase limit from $3,500 to $10,000, (2) any cardholders in the audit sample of purchase card transactions misused their purchase cards, and (3) any cardholders used their purchase cards for purchases above $3,500 and $10,000.We found that bureaus did develop enhanced internal controls for the increase in the micropurchase threshold, but we found issues with the purchase card transactions because the bureaus did not ensure that internal controls were implemented and did not fully comply with departmental and bureau policies. We question $393,095 in transactions that had no receipt or insufficient documentation.In addition, we found that 2,757 cardholders (approximately 15 percent) used their cards for purchases above $3,500 and 16 cardholders (less than 1 percent) used their cards for purchases above the $10,000 micropurchase threshold.We made five recommendations to improve internal controls over purchase cards and compliance with DOI policy.

We audited costs claimed by the Vermont Fish and Wildlife Department (VFWD) under grants awarded by the U.S. Fish and Wildlife Service (FWS) through the Wildlife and Sport Fish Restoration Program. The audit included claims totaling approximately $25.4 million on 42 grants that were open during the State fiscal years that ended June 30, 2016, and June 30, 2017. The audit also covered the VFWD’s compliance with applicable laws, regulations, and FWS guidelines, including those related to the collection and use of hunting and fishing license revenues and the reporting of program income.We found that the VFWD complied, in general, with applicable grant accounting and regulatory requirements, but it did not have policies or procedures in place for allocating the compensatory time its employees earned when their working hours were split among projects that included Federal grant funds. Because of this, the VFWD may have incurred payroll costs that did not represent the actual number of hours employees worked on program grants.We made one recommendation to address the lack of policy. The FWS concurred with our recommendation and stated that it would work with the VFWD to develop a corrective action plan. We consider the recommendation resolved but not yet implemented.0