Federal Reports

We did not substantiate allegations that the executive officer of an Alaska Native-Owned Company embezzled funds from a Native Alaskan Village.

Our objective was to evaluate the U.S. Postal Inspection Service’s oversight of case management reporting requirements related to arrests. We also determined whether the Postal Inspection Service reports its results to National Instant Criminal Background Check System.Postal Inspection Service inspectors lead investigations involving postal crimes such as mail fraud and mail theft, execute federal search warrants, and make arrests. They also participate in investigations with other federal, state, and local law enforcement agencies that have a postal nexus, such as mailing of illegal drugs. The requirements for conducting and documenting their investigations are in the Case Management Reporting Guidelines (the Guidelines) and Case Closing Checklist. Inspectors use the Case Management System (CMS) to document investigations and arrests. In fiscal year (FY) 2020, postal inspectors reported 4,803 arrests and 3,642 convictions related to postal crimes.

The Office of Inspector General (OIG) performed an inspection of four mission areas within the U.S. Department of Agriculture (USDA) to determine if the mission areas were identifying and mitigating vulnerabilities on their public-facing web applications and websites.

Due to DHS’ absence of performance measures for combating wildlife trafficking, as well as limited data from U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE), we reported on the findings for immediate action, rather than expanding our audit work. DHS could not provide any performance measures and provided only limited data to demonstrate the full extent or effectiveness of its efforts to enforce wildlife trafficking laws.

What We Looked AtAs required by law, we report annually on the Department of Transportation's (DOT) most significant challenges to meeting its mission. We considered several criteria in identifying DOT's top management challenges for fiscal year 2022, including their impact on safety, documented vulnerabilities, large dollar implications, and the ability of the Department to effect change. In addition, we recognize that the Department faces the extraordinary task of meeting these challenges while also responding to the COVID-19 pandemic. Accordingly, we included COVID-19 considerations in all nine of our top management challenges.What We FoundWe identified the following top management challenge areas for fiscal year 2022: Aviation safety. Key challenges: maintaining confidence in the aircraft certification process and advancing FAA's air carrier oversight to keep pace with safety management system requirements. Surface transportation safety. Key challenge: increasing compliance with surface safety transportation regulations and programs by improving monitoring and enforcement. Air traffic control and airspace modernization. Key challenges: delivering NextGen benefits to airspace users and deploying controller automation tools to improve efficiency. Surface transportation infrastructure. Key challenges: employing effective oversight of Federal funding for response, recovery, and rebuilding projects and enhancing risk-based oversight to improve project delivery and update and maintain surface transportation infrastructure. Contract and grant fund stewardship. Key challenges: managing domestic preference and supply chain risk and dedicating qualified and sufficient oversight resources for contract and grant funds. Information security. Key challenges: addressing DOT's recurring cybersecurity weaknesses and protecting DOT's IT infrastructure and sensitive information. Financial management. Key challenges: avoiding increases in improper payments and improving policies and procedures to monitor and report grantee spending. Innovation and the future of transportation. Key challenges: safely integrating new technologies into transportation systems and implementing executive orders and other Federal priorities to tackle the impact of climate change, advance equity, and promote resilience in infrastructure and supply chains. Evolving operations and workforce management. Key challenges: integrating lessons learned to facilitate workplace reentry and communicating fully and consistently with employees on workplace procedures, status, flexibility, and expectations.

What We Looked AtThe United States Merchant Marine Academy (USMMA) is a Federal service academy operated by the Maritime Administration (MARAD). Its mission is to graduate exemplary leaders committed to serve the Nation’s security, marine transportation, and economic needs. In support of its mission, USMMA procures contracts for operational products and services that, for fiscal years 2015 through 2019, totaled an estimated $99.2 million. Prior reviews found weaknesses in MARAD’s acquisition controls and processes, such as noncompliance with Federal and departmental procurement requirements. Accordingly, we initiated this audit with the following objective: to assess contract award and administration policies, procedures, and practices for MARAD’s USMMA acquisitions. What We FoundMARAD’s ability to achieve cost-effective USMMA contracts is compromised by several management control weaknesses. Specifically, its USMMA contract documentation is incomplete, which hinders the Agency’s decision making for new investments to support Academy missions. MARAD also could not demonstrate compliance with key procurement requirements, including those to help ensure fair and reasonable pricing, for 19 sample USMMA contracts totaling $45 million. Additionally, MARAD has gaps in its management of contracting officers and contracting officer representatives assigned to USMMA contracts, increasing the risk that unauthorized or improperly qualified individuals may execute, award, or manage these contracts. For example, a contracting officer without the appropriate warrant authority awarded a $1.9 million USMMA contract, and contracting officer’s representative assigned to USMMA contracts totaling $18.2 million lacked proper certifications. Finally, frequent changes to Academy plans have impeded efficient execution of Capital Improvement Program (CIP) contracts—USMMA’s highest dollar contracts—as MARAD does not have a process to adequately assess how such changes impact the overall CIP portfolio. As a result, USMMA’s CIP project contracts have experienced inefficiencies, including increased costs and schedule delays. We estimate that MARAD’s lack of adequate controls to verify compliance with requirements has put $57.5 million in Federal funds at risk. Our RecommendationsMARAD concurred with all 10 of our recommendations. We consider all recommendations resolved but open pending completion of planned actions.

During our work related to the Fiscal Year 2021 Financial Statement Audit, the Office of Inspector General (OIG) became aware of a new practice the United States Capitol Police (USCP or the Department) used for issuing ammunition to officers for use at non-USCP firing ranges. OIG reviewed the first 2 months of ammunition issued to officers for use at non-USCP firing ranges. 

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report provides a focused evaluation of the quality of care delivered in the inpatient and outpatient settings of the VA Caribbean Healthcare System, which includes the San Juan VA Medical Center in Puerto Rico and multiple outpatient clinics in Puerto Rico and the U.S. Virgin Islands. The inspection covers key processes associated with promoting quality care. For this inspection, the areas of focus were Leadership and Organizational Risks; COVID-19 Pandemic Readiness and Response; Quality, Safety, and Value; Registered Nurse Credentialing; Medication Management: Remdesivir Use in VHA; Mental Health: Emergency Department and Urgent Care Center Suicide Risk Screening and Evaluation; Care Coordination: Inter-facility Transfers; and High-Risk Processes: Management of Disruptive and Violent Behavior.When the team conducted this inspection, the healthcare system’s leaders had worked together in their positions for less than one month. However, they had worked together in other capacities for over two years. Employee survey results highlighted opportunities to improve staff feelings of moral distress. Patient experience survey results identified opportunities for improvement in specialty care settings. Review of the facility’s accreditation findings, sentinel events, and disclosures identified concerns with the system’s completion of institutional disclosures as well as the actions taken following serious adverse events. The executive leaders spoke knowledgeably within their scope of responsibilities about VHA data and factors contributing to poorly performing quality and efficiency measures.The OIG issued 10 recommendations for improvement in five areas:(1) Leadership and Organizational Risks• Institutional disclosures• Root cause analyses(2) Quality, Safety, and Value• Surgical work group meeting attendance(3) Registered Nurse Credentialing• Primary source verification(4) Care Coordination• Active medication list transmission• Nurse-to-nurse communication(5) High-Risk Processes• Disruptive behavior committee meeting attendance• Patient notification of Orders of Behavioral Restriction• Workplace Behavioral Risk Assessment• Staff training

We conducted a performance audit of two National Endowment for the Arts (NEA) Partnership awards issued to the Florida Department of State, Division of Cultural Affairs (Division). Based on our review, we determined the Division generally met the financial and compliance requirements in the award documents. However, we determined the following areas require improvement. The Division: overstated $34,339 in costs on the 2017 award’s Federal Financial Report (FFR) and understated $453,574 in costs on the 2018 award’s FFR; did not establish documented procedures for determining the Federal allowability of costs reported on its FFRs; did not notify all subrecipients of Federal subaward management requirements; and did not verify all potential vendors or subrecipients were eligible to participate in Federal programs and activities.We believe the evidence obtained during the audit provides a reasonable basis for our findings and conclusions based on our audit objectives. We questioned $34,339 in overstated costs on the 2017 award’s FFR. There are five recommendations to address the audit findings -- four to the Division and one to the NEA.

An audit to assess the Commission's implementation of its privacy program in accordance with federal law (42 USC Sec. 2000ee-2), regulation, and policy. Specifically, the audit was to determine whether the Commission implemented comprehensive privacy and data protection policies and procedures governing the Commission's collection, use, sharing, disclosure, transfer, storage and security of information in an identifiable form relating to Commission employees and the public.

Objective: Objective: To report internal control weaknesses, noncompliance issues, and unallowable costs identified in the single audit to the Social Security Administration (SSA) for resolution.

An Amtrak supervisor based in Philadelphia resigned from his position on October 25, 2021, following the issuance of our investigative report. Our investigation found that the former employee violated company policies by falsely claiming and accepting payment for regular pay, overtime pay, and compensatory time for days he did not work. We also found that he used his company-owned vehicle for unauthorized purposes during work hours, including personal business, on at least five occasions.

What We Looked AtThis report presents the results of our quality control review (QCR) of an audit of the Department of Transportation’s (DOT) information security program and practices. The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to develop, implement, and document agencywide information security programs and practices. FISMA also requires inspectors general to conduct annual reviews of their agencies’ information security programs and report the results to the Office of Management and Budget. To meet this requirement, we contracted with CliftonLarsonAllen LLP (CLA) to conduct this audit subject to our oversight. The audit objective was to determine the effectiveness of DOT’s information security program and practices in five function areas—Identify, Protect, Detect, Respond, and Recover. What We FoundWe performed a QCR of CLA’s report and related documentation. Our QCR disclosed no instances in which CLA did not comply, in all material respects, with generally accepted Government auditing standards. Our RecommendationsDOT concurs with all five of CLA’s recommendations. CLA considers all five recommendations resolved but open pending completion of planned actions.

Evaluation of the Federal Labor Relations Authority's Compliance with the Federal Information Security Management Act, Fiscal Year 2021

Our objective was to review and assess grievances paid from October 1, 2017, through March 31, 2021, at the Springfield, MO, Processing and Distribution Center (P&DC).The Postal Service defines a grievance as a dispute, difference, or disagreement between parties or a complaint lodged by a party regarding wages, hours, or conditions of employment. A grievance includes, but is not limited to, an employee or union complaint involving the interpretation or application of or compliance with a collective bargaining agreement or any local memorandum of understanding not in conflict with the agreements. Monetary payments to employees are commonly used to resolve grievances.

Our inspection identified several issues with CARES Act and pandemic-related purchase card transactions made through September 30, 2020.

The SBIR and STTR Extension Act of 2022 reauthorized the Small Business Innovation Research (SBIR) and the Small Business Technology Transfer (STTR) programs. The Inspector General of a Federal agency that participates in the SBIR or STTR programs must submit an annual report to Congress describing its investigations involving those programs (15 U.S.C. Section 638b(c). Information in this report presents the OIG investigative information related to SBIR for FY 2021.

The VA Office of Inspector General (OIG) examined whether Veterans Integrated Service Network (VISN) 21, the regional system of hospitals serving northern and central California, Nevada, Hawaii, the Philippines, and US territories in the Pacific Basin, effectively managed its nonrecurring maintenance (NRM) needs by executing each of its medical facilities’ long-range action plans. In FY 2012, VA established the target of reducing its maintenance backlog by 95 percent over 10 years.However, within VISN 21, deferred maintenance cost estimates have increased from $599.3 million (FY 2012) to $1.4 billion (March 2021), and VISN 21 medical facilities executed only 34 of the 190 approved NRM program projects (18 percent) for FYs 2015–2018. Several factors contributed to the identified issues: medical facilities were allowed to execute nonurgent, out-of-cycle projects; engineering staffing was insufficient to execute long-range action plans; medical facilities’ long-range action plans were not achievable based on the requested NRM program budget; and the NRM program lacked deferred maintenance performance metrics.As a result, VISN 21 has not substantially reduced its maintenance backlog, which poses the risk of health service interruptions for veterans, environmental problems, accidents, and increased operating costs. In addition to the backlog stresses on the NRM program budget, VA has relied on it to upgrade physical infrastructure needed for its new $10 billion electronic health record system.The OIG made seven recommendations to help VA more effectively manage NRM needs and clear its backlog. The recommendations included establishing and enforcing the urgent-need criteria; implementing and annually reviewing an engineering staffing model that aligns with medical facilities’ NRM needs; exploring the use of non-engineering staff, contractors, or shared engineering resources; ensuring long-range action plans are feasible based on NRM budget levels; and establishing NRM performance metrics.

We confirmed closure of 14 of the 15 recommendations but recommended that the PFM reopen 1 recommendation to track implementation.

Como parte de su misión para proteger la salud humana, la EPA comunica al público los riesgos que presentan los sitios contaminados. Sin tener información exacta, clara y oportuna, los residentes que viven en sitios contaminados o cerca de ellos no pueden tomar precauciones, si es necesario, para proteger su salud y seguridad.

The Audit of the Agency’s Parking and Transportation Initiatives found that the NSA Washington (NSAW) had not identified parking as a priority at its Fort Meade, Md., location and failed to implement solutions to minimize an ongoing parking shortage. The report recounted how, for decades, NSAW employees have expressed concerns about parking. Nevertheless, the OIG found that the agency’s parking and transportation initiatives lacked sufficient goals, plans, and strategies, and that those initiatives had basic internal control deficiencies such as the lack of a consistent process for developing, approving, and implementing initiatives. This resulted in projects being demolished, inoperable, or only partially implemented, limiting or eliminating their value to the agency and negatively affecting employee morale.

The OIG’s Audit of Cost-Reimbursement Contracts revealed several deficiencies that had the potential to impact the agency’s ability to determine whether cost-reimbursement contract costs are allowable, allocable, and reasonable through the performance of due diligence regarding invoice review. The OIG found ineffective and inefficient processes by the Contracting Officer Representatives and non-compliance with contract clauses and insufficient billing documentation. The OIG questioned approximately $227 million in labor charges and more than $226,000 in travel charges.

The objective of the performance audit was to determine whether the Social Security Administration’s (SSA) overall information security program and practices were effective and consistent with Federal Information Security Modernization Act of 2014 (FISMA)1 requirements, as defined by the Department of Homeland Security (DHS).

To see our report, click on the link below

What We Looked AtThe Federal Motor Carrier Safety Administration (FMCSA) regulates and oversees the safety of commercial motor vehicles. It partners with other agencies and the motor carrier industry to conduct this work. The Agency uses 13 web-based applications to aid vehicle registration, inspections, and other activities. Many of FMCSA’s information systems contain sensitive data, including personally identifiable information (PII). Due to the importance of FMCSA’s programs to the transportation system and sensitivity of some Agency information, we conducted this audit of FMCSA’s information technology (IT) infrastructure. Our objective was to determine whether FMCSA’s IT infrastructure contains security weaknesses that could compromise the Agency’s systems and data. What We FoundWe found vulnerabilities in several Agency web servers that allowed us to gain unauthorized access to FMCSA’s network. FMCSA did not detect our access or placement of malware on the network in part because it did not use required automated detection tools and malicious code protections. We also gained access to 13.6 million unencrypted PII records. Had malicious hackers obtained this PII, it could have cost FMCSA up to $570 million in credit monitoring fees. Furthermore, the Agency does not always remediate vulnerabilities as quickly as DOT policy requires. These weaknesses put FMCSA’s network and data at risk for unauthorized access and compromise. Our RecommendationsFMCSA concurred with our 13 recommendations. We consider all 13 recommendations resolved but open pending FMCSA’s completion of planned actions. Sensitive information exempt from public disclosure under the Freedom of Information Act, 5 U.S.C. § 552, has been redacted and we have marked the document as FOR OFFICIAL USE ONLY.

What We Looked AtThe Coronavirus Aid, Relief, and Economic Security (CARES) Act of 2020 set up appropriations to support executive agency operations during the COVID-19 pandemic. The Federal Transit Administration (FTA) has received nearly $70 billion in CARES Act and other COVID-19 relief appropriations. FTA uses several financial management systems to approve, process, and disperse this funding for the transit industry’s COVID-19 response and recovery. Given the size of this investment, we initiated this audit. Our audit objective was to assess the effectiveness of FTA’s financial management systems’ security controls designed to protect the confidentiality, integrity, and availability of the systems and their information. What We FoundFTA’s financial management systems have security control deficiencies that could affect FTA’s ability to approve, process, and disburse COVID-19 funds. FTA security officials mislabeled and incorrectly documented control types for over 180 security controls in its fiscal year 2020 system security plans for these systems. FTA also does not adequately monitor security controls provided by or inherited from DOT’s common control provider. FTA also has not remediated security control weaknesses identified since 2016. Lastly, FTA lacks sufficient contingency planning and incident response capabilities such as alternate set of personnel to restore its financial management systems if its primary personnel are unavailable. Due to these security control weaknesses, FTA’s security officials cannot be sure financial management systems have the proper safeguards and countermeasures in place to protect the systems and that they effectively manage information security risk. Our RecommendationsFTA concurred with all of our 13 recommendations to help the Agency address its security control weaknesses and improve its systems’ cybersecurity posture. Sensitive information exempt from public disclosure under the Freedom of Information Act, 5 U.S.C. § 552, has been redacted and we have marked the document as FOR OFFICIAL USE ONLY.

What We Looked AtAmerican Airlines, one of the world’s largest commercial air carriers, has not experienced a fatal accident in nearly two decades. Despite this safety record, reports of potentially unsafe maintenance practices have raised concerns about the Federal Aviation Administration’s (FAA) oversight of the carrier’s maintenance programs. At the request of then-ranking members of the House Committee on Transportation and Infrastructure and its Aviation Subcommittee, we initiated this review. Specifically, we examined whether FAA ensures that American Airlines implemented effective corrective actions to address the root causes of maintenance problems and FAA’s oversight of American Airlines’ safety management systems (SMS). What We FoundFAA lacks effective oversight controls to ensure American Airlines’ corrective actions for maintenance non-compliances addressed root causes. According to FAA guidance, FAA inspectors should collaborate with the air carrier to correctly identify and fix the root cause(s) of deviations or non-compliances. However, in 171 of 185 (92 percent) of cases we sampled, FAA inspectors accepted root cause analyses by the air carrier that did not identify the true root cause of the problem. Furthermore, FAA closed compliance actions before the air carrier implemented its corrective actions. FAA’s oversight controls are also not effective for evaluating if American Airlines’ SMS sufficiently assesses and mitigates risk. FAA requires American Airlines to use its SMS to determine the level of risk associated with maintenance non-compliances. However, we found that FAA inspectors did not routinely or consistently evaluate whether the carrier adequately and effectively assessed and rated risks. This is in part because FAA did not provide its inspectors with comprehensive training and tools for overseeing and evaluating the carrier’s SMS. Our RecommendationsFAA concurred with five and partially concurred with two of our seven recommendations to improve FAA’s oversight of American Airlines maintenance programs. We consider recommendations 1, 2, 4, and 6 resolved but open, pending completion of planned actions. However, we are asking FAA for additional information and to reconsider its actions for recommendations 3, 5, and 7.

Why OIG Did This Audit Under a Medicaid waiver, Tennessee was allowed to claim as certified public expenditures (CPEs) the uncompensated cost of care (UCC) at public hospitals for Medicaid enrollees and uninsured patients. During State fiscal years (SFYs) 2009 through 2014, Tennessee claimed a total of $2 billion in CPEs.For SFYs 2010 through 2013, Tennessee claimed the same amount of $373.8 million each year, indicating that it may not have calculated specific estimates of the CPEs for each of those years, as required. Additionally, a recent audit found that a State had improperly paid $686 million in Medicaid supplemental pool payments. Our objective was to determine whether Tennessee complied with Federal requirements for claiming CPEs for public hospital unreimbursed costs. How OIG Did This AuditOur audit covered the $2 billion in CPEs that Tennessee claimed for SFYs 2009 through 2014 (audit period), which were the most recent SFYs for which supporting calculations of actual CPEs were available. We compared the CPEs that Tennessee claimed to its summaries of actual CPEs for each SFY and reviewed the UCC calculations and supporting documentation for five hospitals that received disproportionate share hospital (DSH) payments and five institutions for mental diseases (IMDs).

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements

The Office of Special Counsel (OSC) completed an investigation based on a referral from the Federal Election Commission (FEC) Office of Inspector General (OIG). On January 31, 2019, the FEC OIG received an anonymous hotline complaint that alleged prohibited personnel practices (i.e., nepotism) on the part of a senior FEC employee.

The objective of this review was to identify specific gaps in transparency in award data for federal assistance spending in response to COVID-19. We looked at 51,000 awards worth $347 billion that supported the pandemic response (as of June 15, 2021). The report includes three findings, including we found more than 15,400 awards worth $33 billion with meaningless descriptions that make it difficult to know how COVID-19 relief money was used. The report includes five recommendations to help improve the transparency into COVID-19 relief spending.

Our objective was to assess contractual compliance and oversight of the Parcel Select shipping services contract with [redacted] (customer).