Federal Reports

We inspected the U.S. Small Business Administration’s (SBA) administrative process used to review potentially fraudulent Restaurant Revitalization Fund (RRF) applications and recover funds.Program officials designed the RRF application validation and approval processes using the Government Accountability Office’s A Framework for Managing Fraud Risks in Federal Programs. However, 3,790 applications submitted through a point-of-sale partner were processed without verifying gross sales, a key control designed to prevent ineligible entities from receiving awards.As a result, SBA’s RRF application processing system approved almost all 3,790 applications for awards, totaling $557 million, despite not having gross sales verified. Once notified, SBA took quick action and prevented $278.4 million from being disbursed to 1,618 of the 3,790 applicants, including 946 of the 1,056 potentially fraudulent awards which had been reported to the OIG Hotline. However, SBA has not reviewed the remaining 2,172 awards, totaling $278.6 million, which included the remaining 110 potentially fraudulent awards reported to OIG, totaling $20.7 million.We made one recommendation to prioritize and complete the review of 2,172 RRF awards, which includes 110 RRF awards that were suspected of fraud and referred to the OIG Hotline. These awards were flagged for having unsupported gross sales. SBA should take appropriate administrative actions to recover improper payments.SBA agreed with the recommendation. SBA managers planned to review all 2,172 RRF awards during the post-award process and resolve the recommendation.

We conducted this work as part of our ongoing, integrated oversight of the funding provided to Forest Service's Collaborative Aquatic Landscape Restoration (CALR) program by the Infrastructure Investment and Jobs Act (IIJA).

We determined whether the Foreign Agricultural Service (FAS) has implemented effective policies and procedures in the Market Access Program to evaluate participant eligibility, select applications, and allocate funding.

This report responds to a congressional inquiry. Our objective was to assess the effectiveness of procedures for the acceptance, handling, and delivery of Cremated Remains. We interviewed Postal Service Headquarters officials, local management and employees, a third-party company, and outside stakeholders. We conducted site observations at four mail processing facilities and 16 delivery units.

Without timely tracking and remediation of known vulnerabilities, the Agency risks compromising the confidentiality, integrity, and availability of environmental and radiation data used for determining responses to national incidents and safeguarding first responder personnel.

In July 2022, we conducted unannounced inspections of U.S. Customs and Border Protection (CBP) facilities in the Yuma and Tucson areas of Arizona, specifically five U.S. Border Patrol facilities and two Office of Field Operations (OFO) ports of entry (POE).

As part of our annual audit planning, we completed a threat assessment to identify high risk cybersecurity threats that could potentially impact Tennessee Valley Authority (TVA). We determined the potential impact for system intrusion through misconfigurations or unpatched systems to be high. Therefore, we included an audit of TVA Transmission Operations and Power Supply (TOPS) organization’s management of Mac® desktops and laptops as part of our 2022 audit plan. In summary, we determined MacBooks® managed by TOPS followed TVA’s configuration management policy. However, we determined 3 of 15 MacBooks® did not follow TVA policy for patch management. Specifically, one MacBook® was obsolete, and two had inconsistent patching history. In addition, we identified a gap between TVA policy and a TOPS patch management work instruction. TVA management agreed with our findings and took action to (1) surplus one MacBook® we identified as obsolete and (2) update the TOPS work instruction to align with TVA policy.