Federal Reports

This report presents the results of our audit of Network Changes: Regional Transfer Hubs.

The U.S. Postal Service implemented the Regional Transfer Hubs (RTH) initiative nationwide as part of its efforts to streamline and modernize its network. The initiative reduces origin separations and moves mail across the country to RTH operations where it is then sorted for destinating facilities. The Postal Service expects this initiative to reduce the overall number of trips needed and transportation costs. As of March 2025, the Postal Service had 18 active RTHs located throughout the country with plans to activate more.

Our objective was to evaluate the implementation and effectiveness of the Postal Service's RTH initiative. We reviewed and analyzed transportation and service performance data from October 2023 through March 2025. Additionally, we conducted site observations and interviewed Postal Service personnel at five RTH facilities during April and May 2025.

What Was Reviewed 

The U.S. International Development Finance Corporation Office of Inspector General (OIG) contracted with the independent public accounting firm RMA Associates, LLC (RMA) to audit DFC’s charge card program in accordance with Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act). The Charge Card Act requires the OIG to conduct periodic reviews of DFC’s charge card program for illegal, improper, or erroneous transactions to prevent fraud, delinquency, or misuse. 

The objectives of this audit were as follows: 

1. To determine the scope, frequency, and number of audits or reviews, conduct a risk assessment to assess, identify, and analyze the risks of illegal, improper, or erroneous purchases and payments within DFC’s charge card program. 

2. Address the requirements of the Charge Card Act, OMB and General Services Administration (GSA) requirements and standards. 

What Was Found 

In its audit of DFC, RMA found that DFC implemented an effective Government Charge Card Program for FY 2024. As a result, there were no recommendations. RMA concluded that based on the results of their review of the current information, the results of their sample testing, and Appendix B guidance, that the next audit of the charge card program should be in FY 2026 for FY 2025 transactions. There were no prior year recommendations findings and all recommendations prior to 2022 were closed.

Report on the results of our performance audit of the Maryland State Arts Council (MSAC) for the period of August 1, 2021 through July 31, 2024. During this period the National Endowment for the Arts (Arts Endowment) closed four MSAC awards, totaling $4,545,800 in Arts Endowment funds and $24,614,504 in total reported costs. 

U.S. Customs and Border Protection (CBP) did not effectively manage and secure its mobile devices, resulting in vulnerabilities and higher susceptibility to cyberattacks, potential unauthorized access to law enforcement and operational sensitive information, and waste and abuse from under- or over-usage.  Specifically, we found that CBP did not: • Consistently implement required security settings to protect its mobile devices or mitigate risks from applications installed on these devices; • Use its mobile device management system to fully manage and secure its mobile devices; • Address software vulnerabilities within the mobile device management system; • Increase monitoring and protection for devices used outside the United States, which are at a higher risk of cyberattacks; • Perform required steps to reduce risks associated with the disposal, loss, or theft of its mobile devices; and • Monitor its mobile devices for under- or over-usage. CBP allowed mobile devices to operate without completing a security authorization process to ensure required security controls; did not establish or implement sufficient security policies and processes; relied on unclear or contradictory guidance; and did not address its increased mobile device losses.  Moreover, the Department did not provide oversight to ensure that CBP fulfilled DHS requirements for monitoring mobile devices outside the United States and CBP did not enforce its policies.