Federal Reports

The VA Office of Inspector General (OIG) contracted with the independent public accounting firm, CliftonLarsonAllen LLP (CLA), to audit VA’s financial statements as of September 30, 2018 and 2017, and for the fiscal years (FY) then ended. This audit is an annual requirement of the Chief Financial Officers Act. CLA provided an unmodified opinion on VA’s financial statements for FYs 2018 and 2017. With respect to internal control, CLA identified five material weaknesses: (1) community care obligations, reconciliations, and accrued expenses; (2) financial systems and reporting; (3) information technology security controls; (4) compensation, pension, burial, and education actuarial estimates; and (5) entity level controls including chief financial officer organizational structure. CLA further identified two significant deficiencies: (1) loan guarantee liability; and (2) procurement, undelivered orders, accrued expenses, and reconciliations. CLA also reported VA’s substantial noncompliance with federal financial management systems requirements and the United States Standard General Ledger at the transaction level under the Federal Financial Management Improvement Act. CLA noted improvements were needed to fully comply with the intent of the Federal Managers’ Financial Integrity Act. They cited instances of noncompliance with Title 38 United States Code §5315 pertaining to the charging of interest and administrative costs and Title 38 United States Code §3733 pertaining to the vendee loan program. They noted VA reported one violation of the Antideficiency Act and was in the process of reporting a second one. VA identified five other violations carried forward from prior years that are under further discussion. They also noted noncompliance with the Improper Payments Elimination and Recovery Act for FY 2017, as reported by the OIG. CLA made recommendations for addressing each of the material weaknesses and significant deficiencies. CLA is responsible for its audit report dated November 26, 2018, and the conclusions expressed in it.

The Privacy Office did not have controls to ensure that it timely and effectively processed Family Educational Rights and Privacy Act (FERPA) complaints during our audit period. The Privacy Office had a longstanding and substantial backlog of unresolved FERPA complaints that prevented timely and effective resolution of new complaints it received. It also had a number of significant control weaknesses that hampered its ability to resolve FERPA complaints. Unresolved FERPA policy questions have also affected the Privacy Office’s ability to resolve certain complaints. The Privacy Office placed many of these complaints into an indefinite inactive status as a result. The Privacy Office could not precisely quantify the unresolved complaint backlog due to weaknesses in its tracking process, but Privacy Office officials estimated they were about 2 years behind on complaint investigations. The Privacy Office had an opportunity to eliminate, or at least significantly reduce, the complaint backlog beginning in FY 2015 when it received authority to hire several additional staff for the student privacy function. Despite highlighting elimination of the significant complaint backlog as one of the primary benefits of increasing its staffing level, the Privacy Office dedicated the majority of the new staff it obtained to performing FERPA work unrelated to resolving existing complaints, such as providing technical assistance, training, and guidance on best practices. Although these other FERPA activities are important and can lead to fewer complaints in the future, it is critical that the Privacy Office focus its attention on eliminating or reducing the backlog to ensure it is meeting its legal obligation to timely and effectively resolve FERPA complaints and reduce the risks to students and the Department caused by substantial delays in resolving complaints. The Privacy Office does not have a plan to eliminate the complaint backlog despite characterizing the backlog as among its highest management priorities.

The HHS OIG's reviews of information system general controls at two Medicaid managed care organizations (MCOs) in Arizona identified numerous security vulnerabilities. The Arizona Health Care Cost Containment System administers Arizona's Medicaid program and is the State agency responsible for monitoring the operations of its contracted MCOs. The MCOs' systems depend on the effectiveness of information system general controls, which are critical to the confidentiality, integrity, and availability of Medicaid data.

New York may have improperly claimed reimbursement for 7,650 dental services totaling $1.3 million ($670,000 Federal share). Of these, 712 claims, totaling $66,000 ($34,000 Federal share), were for Medicaid fee-for-service dental services and 6,938 claims, totaling $1.3 million ($635,000 Federal share), were for clinic dental services.

This report presents the results of our self-initiated audit to evaluate mail delivery issues on selected routes at the San Antonio – Heritage Station. The Heritage Station is in the Rio Grande District of the Southern Area. We conducted the audit to provide U.S. Postal Service management with timely information on potential operational risks at the Heritage Station.

This report presents the results of our self-initiated audit of No Sale Transactions – Dallas, TX, Mockingbird Finance Station. The Mockingbird Finance Station is in the Dallas District of the Southern Area. This audit was designed to provide U.S. Postal Service management with timely information on potential financial control risks at Postal Service locations.

We observed significant vulnerabilities in the wage index system while conducting 41 reviews of hospitals' wage data, with reports issued from 2004 through 2017. CMS uses area wage indexes to adjust hospital payments annually to reflect local labor prices. CMS calculates each area's wage index based on wage data submitted by acute-care hospitals in their Medicare cost reports. Medicare administrative contractors (MACs) perform limited reviews of these data. Federal law requires that the area wage indexes applied to urban hospitals in a State cannot be lower than the wage index for the rural hospitals in that State. This provision is called the "rural floor." Federal law allows some hospitals to reclassify to areas with higher wage indexes to receive higher payments. "Hold-harmless" provisions in Federal law and CMS policy protect hospitals from having their wage indexes lowered because of the geographic reclassification of other hospitals.