Federal Reports

This report presents a review of the U.S. Postal Regulatory Commission’s (PRC) information security program and practices for fiscal year (FY) 2025. The Federal Information Security Modernization Act, amended in 2014 (FISMA) requires agencies to develop, implement, and document agencywide information security programs and practices. FISMA also requires inspectors general to conduct annual reviews of their agencies’ information security programs and report the results to the Office of Management and Budget. 

In September 2025, the OIG issued a special report on the Peace Corps’ Information Technology environment. OIG contracted with technical subject matter experts to conduct three cybersecurity tests from January 2025 to March 2025. The three tests included a simulated phishing campaign, a review of the agency’s internal vulnerability management practices, and penetration tests that targeted critical Peace Corps systems.

While observing the agency’s security processes throughout the assessment, OIG found that the Peace Corps’ monitoring capabilities were able to identify the testing activities and demonstrate its incident response procedures. However, the cybersecurity tests also uncovered multiple vulnerabilities and misconfigurations, ranging from informational issues to critical severity risks that the Peace Corps needs to review and address.

From October 2023 through September 2024, VHA processed almost 114,000 manual journal vouchers, representing about $71.2 billion in healthcare-related accounting transactions. Manual journal vouchers are used to record salary accruals, expenditure transfers, and other adjustments where processing cannot be automated. Although these journal vouchers are intended to support accurate records, they introduce the risk of error and misclassification because they rely on manual input, a vulnerability the OIG has highlighted in the past.

The OIG found that staff at 172 medical centers did not follow VHA financial policy in processing manual journal vouchers. The OIG estimated that 76 percent of manual journal vouchers lacked one or more required elements, such as clear justification, and estimated that at least $27 billion in transactions were processed using manual journal vouchers that lacked the required documentation or approvals. Reasons included limited staff training, ineffective use of a journal voucher generator tool, and inconsistent oversight at the regional level of medical facilities’ financial teams. Some staff reported never receiving formal journal voucher training, and no refresher training or onboarding instruction was required. Moreover, use of the tool was not mandatory, and some staff used outdated versions or used the tool incorrectly. In terms of regional financial managers, their responsibilities were not clearly delineated. Oversight was therefore inconsistent, with limited monitoring of facility compliance. As a result, a large volume of transactions were at elevated risk of misstatement.

The OIG recommended developing a plan to ensure manual journal vouchers are justified, documented, and approved before they are entered into the Financial Management System (VA’s official system of record), and then reviewed after posting. In addition, VHA should require ongoing training, clarify use of journal voucher tools, and define clear oversight responsibilities for regional financial managers. VHA concurred with all four recommendations.

U.S. Postal Service employees who sustain a workrelated injury or occupational disease are covered by the Federal Employees’ Compensation Act (FECA), which provides monetary and medical benefits and assistance in returning employees to work. These benefits include wage-loss compensation, medical and rehabilitation services, and death benefit payments to surviving dependents.

The Postal Service encourages employees to report any work-related injuries or illness to their supervisors as soon as possible. Additionally, the Postal Service manages efforts to return injured employees to work through its Injury Compensation Program by monitoring their medical status and identifying suitable work. The Department of Labor (DOL) Office of Workers’ Compensation Program (OWCP) has the exclusive authority to administer, implement, and enforce FECA, including paying claims on behalf of injured employees.

The Postal Service’s workers' compensation costs per workhour have been consistently higher when compared to the private industry. This white paper is intended to provide an update on the Postal Service’s workers’ compensation activity since the last audit report, which included a summary of trends in costs from chargeback year (CBY) 2017 through CBY 2022, and employees on the periodic rolls from fiscal year (FY) 2017 through FY 2022. Specifically, the following sections show how workers’ compensation costs for the Postal Service continued to rise over the last two years.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.