Federal Reports

In April 2015, the United States Environmental Protection Agency published the Disposal of Coal Combustion Residuals [CCR] from Electric Utilities (commonly referred to as the CCR Rule), which set forth national regulations for the safe disposal of coal ash from coal-fired power plants.  On May 8, 2024, the United States Environmental Protection Agency finalized changes to the CCR Rule to include additional classes of regulated CCR storage facilities.  The CCR Rule requires that applicable CCR units be inspected both weekly for any appearances of actual or potential structural weakness and annually to ensure that the design, construction, operation, and maintenance of the CCR unit is consistent with recognized engineering standards.  In addition, the CCR Rule requires monthly monitoring of all CCR unit instrumentation for surface impoundments.  

We determined TVA performed required inspections and maintenance of CCR storage facilities.  Additionally, inspections identified no significant deficiencies, and all deficiencies and high priority instrumentation maintenance issues identified were resolved timely or had plans in place for resolution. However, we also determined (1) TVA did not maintain a comprehensive list of instrumentation requiring monitoring, (2) some issues were not identified in inspections and some instrumentation issues were not resolved, (3) remediation of minor issues identified during annual inspections was not documented, (4) annual inspection reports did not document review of weekly inspections, and (5) some inspectors did not have required training.

Former SEC Contract Specialist falsely claimed Virginia residency while living in and working from 
Florida, collecting higher locality pay for years

Veteran Readiness and Employment (VR&E) is a VBA program that provides job training and other services to rehabilitate veterans who have an employment handicap, which federal law defines as a service connected disability limiting the veteran’s “ability to prepare for, obtain, or retain employment consistent with [their] abilities, aptitudes, and interests.” The goal of VR&E is to help veterans live independently and, as much as possible, help them become employable, find a suitable job, and stay employed.

The OIG audit team reviewed claims processed from April 1, 2023, through September 30, 2023, and found that, although the program manual and staff training generally capture the regulatory requirements for determining eligibility and entitlement, VR&E counselors—staff who conduct comprehensive initial evaluations to make an employment handicap decision and process the claims—did not clearly document their decisions. Sufficient documentation is necessary to ensure consistent and accurate decisions by counselors. The evidence available to the OIG to support claims was insufficient to assess the accuracy of entitlement decisions, resulting in $309.5 million in questioned costs. VR&E’s executive director acknowledged that VR&E has not asked VA’s Office of General Counsel to comprehensively review VR&E processes, meaning the program may not be conforming with all legal requirements.

The OIG recommended that the under secretary for benefits coordinate with VA’s Office of General Counsel to assess and, if necessary, update the eligibility and entitlement decision process to ensure veterans’ eligibility periods are properly verified and entitlement decisions are sufficiently clear. Other recommendations to ensure that only veterans eligible and entitled to VR&E receive these benefits included developing a standard documentation method for deferrals, extensions, and overall eligibility decisions; making sure VR&E staff are appropriately trained; and ensuring VR&E develops a process to monitor eligibility decisions for accuracy. VA concurred with the recommendations.

Our Objective(s)
To evaluate the Federal Aviation Administration's (FAA) (1) policies and procedures for the International Aviation Safety Assessment (IASA) program and (2) ability to monitor foreign civil aviation authorities (CAAs) for potential safety concerns.

Why This Audit
In 2022, FAA announced changes intended to better mitigate international civil aviation risks, strengthen international relationships with CAAs, and improve effectiveness in executing the IASA process. While the changes were suspended in 2024, a new set of revisions was proposed. It remains uncertain how the Agency's proposed changes will impact the program's ability to evaluate and monitor foreign CAAs' compliance with ICAO standards.

What We Found
The IASA program's execution is hindered by inadequate milestones, lack of documentation, and fluctuating policy and guidance.
FAA's assessment times have increased overall for higher-risk CAAs, and the Agency does not have completion goals for tracking assessments, which may prevent it from promptly addressing safety issues.
In 2022, FAA issued a policy statement intended to enhance the IASA program. However, the Agency suspended it in 2024, issued a new policy statement, and requested comments on the proposed changes. These comments have not yet been finalized as of April 2025.
FAA does not consistently maintain documentation for its assessments and some in-country evaluation checklists are outdated, causing disagreements between officials and delayed assessment times.

FAA monitors CAAs for safety concerns but competing priorities and limited resources restrict the number of IASA reassessments.
In 2023, FAA updated and improved its Risk Assessment Tool-originally developed in 2006-which the Agency uses to determine which CAAs should be reassessed.
FAA is not always able to conduct recommended CAA reassessments timely, and sometimes the Agency does not conduct these reassessments at all.

Recommendations
We made 7 recommendations to improve FAA's administration of the IASA program.

Our Objective(s)
To perform a quality control review (QCR) of Sikich's fiscal year 2025 audit of the effectiveness of the Department of Transportation's (DOT) information security program and practices.

Why This Audit
The Federal Information Security Modernization Act of 2014 requires agencies to develop, implement, and document agencywide information security programs and practices. The Act also requires inspectors general to conduct annual reviews to determine the effectiveness of their agencies' information security programs and report their review results to the Office of Management and Budget. To meet this requirement, we contracted with Sikich to conduct this audit subject to our oversight. We performed a QCR of Sikich's report and related documentation.

What We Found
The independent auditor, Sikich, found that DOT's information security program and practices were not effective and made seven recommendations to improve DOT's information security program.
Establish and implement guidance for performing Cybersecurity Framework 2.0 activities through policies and procedures, including the development of current and target cybersecurity profiles which consider anticipated changes in DOT's cybersecurity posture.
Define and implement policies and procedures that utilize standard data elements and taxonomy to develop and maintain an up-to-date inventory of all software assets and associated licenses, including Executive Order critical software.
Document policies and procedures for developing and maintaining a comprehensive and accurate inventory of data and the corresponding metadata for DOT's data types.
Create and maintain a comprehensive inventory of data and corresponding metadata.
Work with Federal Aviation Administration (FAA) Chief Information Officer (CIO) to secure a reliable funding stream for continuous vetting.
Work with FAA CIO to initiate and complete the background investigation of FAA employees in public trust positions.
Work with FAA CIO to enroll FAA employees into continuous vetting through Trusted Workforce.

Our QCR disclosed no instances in which Sikich did not comply, in all material respects, with generally accepted Government auditing standards.

Recommendations
DOT concurs with Sikich's seven recommendations.

The objective of our review was to determine whether the U.S. Department of Education (Department) complied with transfer of funds and reprogramming requirements under appropriations laws. To achieve our objective, we identified the Department’s transfer and reprogramming activities from November 5, 2024, through January 20, 2025, and the extent to which these activities complied with applicable appropriations laws.  We found that the Department did not fully comply with transfer of funds and reprogramming requirements under applicable appropriations laws. We identified a total of six transactions, consisting of five transfers and one reprogramming, that occurred from November 5, 2024, through January 20, 2025. We determined that two of these transactions—one of the transfers and the one reprogramming—were made using authorities granted under applicable appropriations laws. For these two transactions, we found that the transfer was compliant with applicable requirements; the reprogramming was not. Specifically, we found that the Department did not consult or notify Congress of the reprogramming as required by the appropriations laws. The remaining four transfers were appropriately made under other statutory authorities. The Department’s failure to comply with applicable statutory transfer authorities and reprogramming requirements may result in Federal funds not being used as originally intended by Congress, funds being deemed unavailable for obligation, and potential violations of the Antideficiency Act. Additionally, failure to notify Congress of transfers of funds and reprogrammings hinders congressional oversight of how agencies execute their budgets and fulfill their missions. We recommended that the Department establish appropriate controls to ensure that transfers of funds and reprogrammings comply with all applicable statutory authority requirements, including notifications to the House and Senate Appropriations Committees.