Federal Reports

This narrative report is a follow-up to our FY 2016 Federal Information Security Modernization Act (FISMA) Submission to the Office of Management and Budget (LTR 2017-04/FA-16-110-3) to provide findings and recommendations related to PBGC's information security program.We contracted with CliftonLarsonAllen LLP, an independent public accounting firm, to perform an evaluation of PBGC’s information security program as required by the Federal Information Security Modernization Act (FISMA). In FY 2016, PBGC made progress improving its information security program by publishing its Information Security Risk Management Framework Process and requiring the use of PIV for authentication; however, additional action is needed. More specifically, PBGC needs to permanently fill its risk executive position and ensure it fully and consistently implements current NIST access controls. The Corporation also needs to complete implementation of its information system continuous monitoring program. We reported 20 new recommendations based on the results of our FY 2016 independent evaluation. In addition to the recommendations in this report, there were eight FISMA-related recommendations reported in the Corporation’s FY 2016 internal control report AUD-2017-3/FA-16-110-2.

This Newsletter provides a bimonthly summary of selected investigative accomplishments.

The University of Arkansas for Medical Sciences Medical Center (the Hospital) complied with Medicare billing requirements for 54 of the 70 inpatient claims and all 60 outpatient claims. However, the Hospital did not fully comply with Medicare billing requirements for the remaining 16 inpatient claims. On the basis of our sample results, we estimated that the Hospital received overpayments of at least $279,000 for claims paid during 2013 and 2014.

To view the report, please click on the link below.