Federal Reports

The Office of the Inspector General audited TVA’s transmission system’s Internet security. We (1) identified vulnerabilities that increase TVA’s risk of successful cyberattacks, (2) found a gap in how TVA’s cybersecurity monitoring system detects cyberattacks against the transmission system, and (3) found TVA had not configured network devices in a consistent manner. TVA management remediated or mitigated all identified vulnerabilities and agreed with our remaining findings and recommendations.

Based on our data analysis of miscellaneous services for fiscal year (FY) 2019, Quarter (Q) 2, we determined the Dickinson MPO made local purchases and payments totaling $7,060. This is a significant change from having no activity in FYs 2017 and 2018. The objective of this audit was to determine whether local purchases and payments made at the Dickinson MPO were valid, properly supported and processed.

The Social Security Act requires that each Medicare administrative contractor (MAC) have its information security program evaluated annually by an independent entity. The Centers for Medicare & Medicaid Services (CMS) contracted with Guidehouse, LLP (Guidehouse), to evaluate information security programs at the MACs, using a set of agreed-upon procedures (AUPs). HHS OIG must submit to Congress annual reports on the results of these evaluations, to include assessments of their scope and sufficiency. This report fulfills that responsibility for fiscal year 2018.

This report presents the results of our self-initiated audit of Postage Refunds – North Topeka, KS, Post Office. OIG data analytics identified that the North Topeka Post Office issued postage refunds exceeding $38,000 from January 1 through March 31, 2019, for Account Identifier Code (AIC) 528, Refund of Permit Postage and Fees. The refunds represented 84 percent of total AIC 528 refunds issued during this period in the Central Plains District. The objective of this audit was to determine whether refunds for postage were valid, properly supported, and processed at the North Topeka Post Office.

The Child Care and Development Block Grant Act of 2014 (CCDBG Act) added new requirements for States receiving Child Care and Development Fund (CCDF) money to conduct comprehensive criminal background checks on staff members and prospective staff members of childcare providers every 5 years. States must have requirements, policies, and procedures in place to conduct criminal background checks for staff members of childcare providers (other than relatives) that are licensed, regulated, or registered under State law or receive CCDF funds. Background check requirements apply to any staff member who is employed by a childcare provider for compensation or whose activities involve the care or supervision of children or unsupervised access to children.

OIG administers Medicaid Fraud Control Unit (MFCU) grant awards, annually recertifies each MFCU, and oversees MFCU performance in accordance with the requirements of the grant. As part of this oversight, OIG conducts periodic reviews of MFCUs and prepares public reports. These onsite reviews supplement OIG's annual recertifications of the MFCUs. The primary purpose of this onsite review was to identify and address factors that contributed to the Utah MFCU's low number of fraud convictions during fiscal years (FYs) 2015-2017 and declining amounts of nonglobal* civil settlements, judgments, and recoveries in FY 2017.