An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Smithsonian Institution
Fiscal Year 2018 Independent Evaluation of the Smithsonian Institution’s Information Security Program
The Office of the Inspector General contracted with Williams Adley to conduct this audit. The objective of the audit was to evaluate the effectiveness of the Smithsonian’s information security program in fiscal year 2018.
The objective of our audit was to assess the U.S. Department of Education’s (Department) compliance with Federal Information Technology Acquisition Reform Act (FITARA) Chief Information Officer (CIO) authority enhancements and other selected requirements. We found improvements are needed in the Department’s compliance with CIO authority enhancements. Specifically, we found that the Department has fully implemented and documented in policy only 8 of the 17 CIO authority enhancements (47 percent). The Office of the Chief Information Officer was unable to provide evidence that 6 of the 17 CIO authority enhancements (35 percent) have been fully implemented and theDepartment’s policies and procedures did not fully address 5 of the 17 CIO authority enhancements (29 percent) at the time we began our audit fieldwork, although 3 authority enhancements were later documented in revised guidance.In addition, we found that improvements are needed in the Department’s process for ensuring transparency and risk management of IT resources. Specifically, we found that the Department has not correctly classified all major IT investments, has not consistently adhered to its process for assessing the risk of IT investments, and has not always conducted TechStat sessions of high risk major IT investments as required by FITARA.
Department of Health and Human Services Had Email Requirements for Political Appointees, but Office of the Secretary Lacked Effective Monitoring and Enforcement
We conducted this audit in response to a congressional letter requesting a review of email usage by political appointees at the Department of Health and Human Services (HHS) to ensure that "…officials are following the spirit and letter of all federal laws and regulations, as well as departmental policies, related to email use."
This management alert presents Issues Identified in the Outbound International Mail Market. These issues came to our attention during our ongoing audit of Costing Best Practices. The objective of this management alert was to provide Postal Service officials immediate notification of the issues identified during our ongoing audit. The issue requires immediate attention and remediation.
