Federal Reports

During our audit period, Cahaba GBA was a subsidiary of Blue Cross and Blue Shield of Alabama (BCBS Alabama), whose home office is in Birmingham, Alabama. Cahaba GBA administered the Medicare Parts A and B Jurisdiction 10 MAC contract under cost reimbursement contracts with CMS. The Jurisdiction 10 MAC contract ended on January 11, 2014. Cahaba GBA continued to perform Medicare work after being awarded the MAC contract for Medicare Parts A and B Jurisdiction J (formerly Jurisdiction 10) effective September 17, 2014. BCBS Alabama has two Medicare segments that participate in its qualified defined-benefit pension plan: (1) Cahaba GBA and (2) Cahaba Safeguard Administrators, LLC (Cahaba CSA). On January 1, 2013, BCBS Alabama created the Healthcare Business Solutions, LLC (HBS), intermediate home office segment (HBS segment) by transferring assets into it from the Cahaba GBA and Cahaba CSA segments. This report addresses the allowable pension costs claimed by Cahaba GBA under the provisions of its MAC contracts and CAS- and FAR-covered contracts. We are addressing Cahaba CSA’s compliance with the MAC contracts in a separate audit.The disclosure statement that Cahaba GBA submits to CMS states that Cahaba GBA uses pooled cost accounting. Medicare contractors use pooled cost accounting to calculate the indirect cost rates (whose computations include pension and PRB costs) that they submit on their ICPs. Medicare contractors use the indirect cost rates to calculate the contract costs that they report on their ICPs. In turn, CMS uses these indirect cost rates in determining the final indirect cost rates for each contract. Medicare Reimbursement of Pension CostsCMS reimburses a portion of the annual contributions that contractors make to their pension plans. The pension costs are included in the computation of the indirect cost rates reported on the ICPs. In turn, CMS uses indirect cost rates in reimbursing costs under cost-reimbursement contracts. To be allowable for Medicare reimbursement, pension costs must be (1) measured, assigned, and allocated in accordance with CAS 412 and 413 and (2) funded as specified by part 31 of the FAR. In claiming costs, contractors must follow cost reimbursement principles contained in the FAR, the CAS, and the Medicare contracts. Incurred Cost Proposal AuditsAt CMS’s request, Davis Farr, LLP (Farr), performed audits of the ICPs that Cahaba GBA submitted for CYs 2014 through 2016. The objectives of the Farr ICP audits were to determine whether costs were allowable in accordance with the FAR, the U.S. Department of Health and Human Services Acquisition Regulation, and the CAS. For our current audit, we relied on the Farr ICP audit findings and recommendations when computing the allowable pension costs discussed in this report. We incorporated the results of the Farr ICP audits into our computations of the audited indirect cost rates, and ultimately the pension costs claimed, for the contracts subject to the FAR. CMS will use our report on allowable pension costs, as well as the Farr ICP audit reports, to determine the final indirect cost rates and the total allowable contract costs for Cahaba GBA for CYs 2014 through 2016. The cognizant Contracting Officer will perform a final settlement with the contractor to determine the final indirect cost rates. These rates ultimately determine the final costs of each contract.

During our audit period, Cahaba CSA was a subsidiary of Blue Cross and Blue Shield of Alabama (BCBS Alabama), whose home office is in Birmingham, Alabama. The Cahaba CSA Medicare segment administered program safeguard functions under a contract with CMS. With the implementation of the Health Insurance Portability and Accountability Act of 1996 and the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA), CMS established the Medicare Integrity Program zones. CMS created seven program integrity zones based on the newly-established MAC jurisdictions. CMS awarded Zone Program Integrity Contactor (ZPIC) contracts for Zone 3 and Zone 6 to Cahaba CSA effective April 8, 2011, and September 30, 2011, respectively. BCBS Alabama has two Medicare segments that participate in its qualified defined-benefit pension plan: (1) Cahaba Government Benefits Administrators, LLC (Cahaba GBA), and (2) Cahaba CSA. On January 1, 2013, BCBS Alabama created the Healthcare Business Solutions, LLC (HBS), intermediate home office segment (HBS segment) by transferring assets into it from the Cahaba GBA and Cahaba CSA segments. This report addresses Cahaba CSA’s compliance with the MAC contracts when claiming pension costs for Medicare reimbursement. We are addressing Cahaba GBA’s compliance with the MAC contracts in a separate audit. The disclosure statement that Cahaba CSA submits to CMS states that Cahaba CSA uses pooled cost accounting. Medicare contractors use pooled cost accounting to calculate the indirect cost rates (whose computations include pension and PRB costs) that they submit on their ICPs. Medicare contractors use the indirect cost rates to calculate the contract costs that they report on their ICPs. In turn, CMS uses these indirect cost rates in determining the final indirect cost rates for each contract. Medicare Reimbursement of Pension CostsCMS reimburses a portion of the annual contributions that contractors make to their pension plans. The pension costs are included in the computation of the indirect cost rates reported on the ICPs. In turn, CMS uses indirect cost rates in reimbursing costs under cost-reimbursement contracts. To be allowable for Medicare reimbursement, pension costs must be (1) measured, assigned, and allocated in accordance with CAS 412 and 413 and (2) funded as specified by part 31 of the FAR. In claiming costs, contractors must follow cost reimbursement principles contained in the FAR, the CAS, and the Medicare contracts. Incurred Cost Proposal AuditsAt CMS’s request, Davis Farr, LLP (Farr), performed audits of the ICPs that Cahaba CSA submitted for CYs 2014 through 2016. The objectives of the Farr ICP audits were to determine whether costs were allowable in accordance with the FAR, the U.S. Department of Health and Human Services Acquisition Regulation, and the CAS. For our current audit, we relied on the Farr ICP audit findings and recommendations when computing the allowable pension costs discussed in this report. We incorporated the results of the Farr ICP audits into our computations of the audited indirect cost rates, and ultimately the pension costs claimed, for the contracts subject to the FAR. CMS will use our report on allowable pension costs, as well as the Farr ICP audit reports, to determine the final indirect cost rates and the total allowable contract costs for Cahaba CSA for CYs 2014 through 2016. The cognizant Contracting Officer will perform a final settlement with the contractor to determine the final indirect cost rates. These rates ultimately determine the final costs of each contract.

We reviewed four recommendations from our 2017 evaluation report titled Improvements Needed in the Bureau of Reclamation’s Oversight of Tribal Rural Water Projects to verify whether the Bureau implemented them.We confirmed that the recommendations have been resolved and implemented.

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report provides a focused evaluation of the quality of care delivered in the inpatient and outpatient settings of the Ralph H. Johnson Medical Center and multiple outpatient clinics in Georgia and South Carolina. The inspection covers key clinical and administrative processes that are associated with promoting quality care. This inspection focused on Leadership and Organizational Risks; Quality, Safety, and Value; Medical Staff Privileging; Environment of Care; Medication Management: Long-Term Opioid Therapy for Pain; Mental Health: Suicide Prevention Program; Care Coordination: Life-Sustaining Treatment Decisions; Women’s Health: Comprehensive Care; and High-Risk Processes: Reusable Medical Equipment.The executive leadership team had worked together in their current positions for five months prior to the inspection, although three of the five leaders had worked together for several years. Survey scores related to employee satisfaction were generally better than those for VHA. Patient experience survey data indicated satisfaction with the care provided. Leaders appeared to support efforts to improve and maintain patient safety, quality care, and other positive outcomes. The OIG’s review of accreditation findings and disclosures did not identify any substantial organizational risk factors. The leaders were knowledgeable about Strategic Analytics for Improvement and Learning data and should continue to take actions to sustain and improve performance.The OIG issued 13 recommendations for improvement across six areas:(1) Quality, Safety, and Value• Peer review processes(2) Medical Staff Privileging• Professional practice evaluations• Provider exit reviews(3) Environment of Care• Safety and cleanliness(4) Mental Health• Staff training(5) Women’s Health• Women’s health primary care providers• Committee membership• Maternity care coordinator(6) High-Risk Processes• Airflow testing

CMS implemented an OPPS, which is effective for services furnished on or after August 1, 2000, for hospital outpatient services. Under the OPPS, Medicare pays for hospital outpatient services on a rate-per-service basis that varies according to the assigned ambulatory payment classification (APC). CMS uses Healthcare Common Procedure Coding System (HCPCS) codes and descriptors to identify and group the services within each APC group. All services and items within an APC group are comparable clinically and require comparable resources.In general, an ASC provides outpatient surgical services to patients who need no hospitalization. CMS implemented a revised ASC payment system, which is effective for services furnished on or after January 1, 2008, for these services. Like OPPS payments, Medicare pays ASCs on a rate-per-service basis that varies according to the assigned APC. CMS has estimated that average ASC payment rates have declined relative to OPPS payment rates over a recent 10-year period, from 65 percent of average OPPS rates in CY 2008 to 56 percent (as proposed) of average OPPS rates in CY 2018. Medicare Part B provides supplementary medical insurance for medical and other health services, including coverage of hospital outpatient services. CMS administers Part B and contracts with Medicare administrative contractors (MACs) to, among other things, determine reimbursement amounts and pay claims, conduct reviews and audits, and safeguard against fraud and abuse. CMS relies on a network of MACs to serve as the primary operational contact between the Medicare fee-for-service program and the health care providers enrolled in the program. MACs calculate the payment for each outpatient service using the OPPS or the ASC payment system.OPPS and ASC Federal regulations require payment reductions for medical device credits to be based on the device offset amount (42 CFR §§ 419.45 and 416.179). The device offset amount is CMS’s best estimate of the device cost that is included in the APC payment. Appendix B contains additional information that defines the term “device offset.”CMS guidance specifies how a hospital or ASC must report the occurrence of a medical device credit, as part of its claim under the OPPS or ASC payment system, each time the hospital or ASC:• furnishes a replacement device received without cost or with a full credit or • furnishes a replacement device for which the hospital or ASC receives a partial credit of 50 percent or more of the cost of a new replacement from a manufacturer, due to warranty, recall, or a defect in a previous device.Before January 2014, for outpatient hospitals, CMS guidance also stated that the hospital must report a modifier on claims that include a medical device (if replaced at no cost or if replaced with a full or partial credit). The Manual, chapter 4, sections 61.3.1, 61.3.2, and 61.3.3. When a hospital reported this modifier, CMS guidance stated that the OPPS payment was reduced based on the device offset amount, which is consistent with 42 CFR § 419.45. The Manual, chapter 4, section 61.3.4. However, after CMS’s publication in CY 2013 of an OPPS Final Rule effective for CY 2014 (the CY 2014 Final Rule ), CMS revised its guidance to state that, effective January 2014, hospitals must report the amount of the device credit in the amount portion of the value code and that OPPS payments for replaced devices are reduced by using the lower of the device credit reported with the value code or device offset amount. The Manual, chapter 4, sections 61.3.5 and 61.3.6. This Manual provision is inconsistent with the current OPPS regulation at 42 CFR § 419.45 and the ASC regulation at 42 CFR § 416.179.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements

Our objective was to determine whether the Social Security Administration (SSA) had adequate controls to ensure it properly adjusted the monthly benefit amounts of retired beneficiaries who worked before they attained full retirement age.

This report presents the results of the examination of the description of the National Finance Center’s (NFC) payroll and personnel system for processing user entities’ payroll and human resource transactions throughout the period October 1, 2019 to June 30, 2020 based on the criteria identified in NFC’s assertion and the Office of the Chief Information Officer’s (OCIO) assertion. This report also presents the results of the examination of the suitability of the design and operating effectiveness of NFC’s and OCIO’s controls included in the description to achieve the related control objectives stated in the description.

An Amtrak baggageman based in Chicago, Illinois, was terminated from employment on November 3, 2020, following his administrative hearing. On September 14, 2020, we were notified that the former employee had been arrested for offenses which included Identity Theft. At the time of his arrest, he was in possession of 21 Social Security cards and 13 state and government-issued identification cards belonging to 21 different individuals. Our investigation found that of the 21 individuals’ identification documents in his possession, 19 were previously located in the Chicago Union Station lost and found or were reported lost on Amtrak trains.

The VA Office of Inspector General (OIG) conducted an inspection in response to multiple allegations related to Ophthalmology Clinic management, quality of care, oversight, medication management, and facility leaders’ failures at the VA Central Iowa Health Care System (facility) in Des Moines. The OIG team did not substantiate that the facility hired a new physician right out of residency to be Chief of Ophthalmology, there was a lack of appropriate supervision of ophthalmology residents, the quality of cataract surgeries decreased while the number of complications increased, cataract surgery outcomes were not reviewed by an oversight group, and surgery managers and facility leaders were told about complications and other concerns and did not take action. Facility audit report findings identified inappropriate storage and labeling of medications in the Ophthalmology Clinic. The OIG found facility leaders took actions to resolve the findings. The OIG identified deficits in Ophthalmology Clinic staff members’ knowledge and use of the required patient safety event reporting system. The OIG also identified issues with the management and impact of ongoing personnel conflicts within the Ophthalmology Clinic. Leaders at multiple levels had difficulty managing the impact of interpersonal conflicts in the Ophthalmology Clinic that adversely affected the culture of the clinic. The OIG made four recommendations to the Facility Director related to training staff on reporting patient safety incident events and close calls, entering patient safety events and close calls into the Joint Patient Safety Reporting system, addressing the Ophthalmology Clinic culture, and the oversight and management of the Ophthalmology Clinic.

John Kosloski, a chiropractor based in Dolton, Illinois, pleaded guilty in U.S. District Court, Northern District of Illinois, to Health Care Fraud on November 3, 2020. Our investigation found that Kosloski submitted fraudulent medical claims to Amtrak insurance providers for services that were not rendered. Kosloski obtained personal identifying information of former Amtrak employees or those of their dependents, in exchange for cash kickbacks. As a result of this scheme, Amtrak incurred a loss of approximately $504,374. Kosloski’s sentencing is pending.

An Amtrak trackman/watchman based in Chicago, Illinois, was terminated from employment on November 3, 2020, following his administrative hearing. Our investigation found that the former employee failed to report an arrest and conviction for a DUI while employed with the company. We also found that the former employee violated company policy by signing out a company vehicle when his driver’s license was suspended, and that he bid for a position which required a valid driver’s license for which he submitted fraudulent records. Further, the former employee was dishonest with our agents during his interview.

This is the audit of the Arts Endowment's information technology systems security. Due to security concerns, this report is not published on the internet. You can obtain a copy of this report through a freedom of information act request at the following link: https://www.arts.gov/freedom-information-act-guide.

We found violations of U.S. Immigration and Customs Enforcement (ICE) detention standards undermining the protection of detainees’ rights and the provision of a safe and healthy environment. Although the Howard County Detention Center (HCDC) generally complied with ICE detention standards regarding communication, it did not meet the standards for detainee searches, food service, and record requirements for segregation and medical grievances. We determined HCDC excessively strip searched ICE detainees when leaving their housing unit to attend activities within the facility, in violation of ICE detention standards and the facility’s own search policy. In addition, HCDC failed to provide detainees with two hot meals per day, as required. For those in segregation, HCDC did not document that detainees received three meals per day and daily medical visits. Further, HCDC did not properly document the handling of detainee medical grievances. We made two recommendations to ICE’s Executive Associate Director of Enforcement and Removal Operations (ERO) to ensure the Baltimore ERO Field Office overseeing HCDC addresses identified issues and ensures facility compliance with relevant detention standards. ICE concurred with both recommendations and is implementing a corrective action plan to address the concerns we identified.

Modernization has improved the Federal Emergency Management Agency’s (FEMA) Federal Insurance and Mitigation Administration (FIMA) ability to timely process policies and claims data, enhanced reporting capabilities, and provided more reliable address validation. Despite these improvements, the transition to PIVOT did not resolve longstanding data reliability issues, as FIMA migrated the vast majority of its historical legacy data, including errors, into the PIVOT system. FIMA also deployed PIVOT without adequate controls to prevent potentially erroneous transactions from being recorded in the system. We made three recommendations to improve the quality of data in the modernized NFIP system and educate stakeholders on data quality issues that exist in historical NFIP data. FEMA concurred with all three recommendations.

DHS OIG issued this management alert to notify the Department of Homeland Security (DHS) and the Federal Protective Service (FPS) of an urgent issue that requires immediate attention and action. DHS must take immediate action to: (1) Ensure that the Director of FPS has authority to designate DHS employees under 40 U.S.C. § 1315(b)(1); and (2) Ensure proper, by-name designation of any DHS employees authorized to exercise authority under 40 U.S.C. § 1315 to protect Federal property and persons on that property. During an ongoing review, we learned that the FPS Director did not properly designate DHS employees deployed to protect Federal properties under 40 U.S.C. § 1315(b)(1). Proper designation is important because deployed law enforcement officers from U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, the Transportation Security Administration, and U.S. Secret Service typically lack this precise scope of authority. Another effect of the FPS Director’s approach is that several law enforcement personnel were deployed to Portland, Oregon to augment FPS’ protection efforts, but may not have received training on 40 U.S.C. § 1315 before they were deployed.

Final financial statements audit for fiscal year 2020.

NGA OIG Fall Semiannual Report to Congress, 1 April - 30 September 2020

This investigation addressed an allegation that an employee violated federal ethics laws by obtaining outside employment with a TVA contractor while still employed with TVA. The investigation revealed that the employee obtained outside employment only after TVA eliminated his position and he began a 90-severance period during which TVA told him he could pursue employment with any outside company. Furthermore, there was no evidence the employee attempted to influence any official action at TVA during this period. The employee did not comply with several legal and regulatory requirements such as filing a statement notifying the Designated Agency Ethics Official (DAEO) of his negotiation for outside employment. Additionally, the employee did not file a recusal statement, obtain a written waiver for outside employment or qualify for a regulatory exemption from these requirements. The evidence shows the employee worked solely with TVA Human Resources (HR) during the termination process and did not receive advice from the DAEO regarding these requirements.The OIG recommends that TVA HR consult with TVA’s DAEO to ensure TVA employees receive detailed guidance regarding outside employment and post-employment issues.

We inspected the U.S. Government Publishing Office’s (GPO) Acquisition Services with the intent of answering the following question: Are GPO’s procedures for procuring supplies and services contracts effective in preventing late penalty fees? Our report contains six recommendations designed to improve GPO’s contracting processes. The recommendations focus on statute compliance by providing the OIG with requested documentation; updating policies; improving timeliness by training Acquisition Services personnel the (cradle-to-grave) payment process; ensuring that Acquisition Services personnel are current in their contracting certifications; implementing a tracking system to document certifications and required continuous learning points (CLPs); and improving penalty tracking and reporting.

Although the Department had several notable improvements in implementing its cybersecurity initiatives, its overall IT security programs and practices were not effective in all of the five security functions. We had findings in all eight metric domains, which included findings with the same or similar conditions identified in prior reports. Specifically, we found that the Department can strengthen its controls in areas such as - (1) Risk Management. Remediation process for its Plan of Action and Milestones; enterprise supply chain assessment strategy; IT inventory reporting; and required IT security clauses for its contracts: (2) Configuration Management. Use of unsecure connections and appropriateapplication connection protocols; and reliance on unsupported operating systems, databases, and applications in its production environments:(3) Identify and Access Management. Removing access of terminated users to the Department’s network and database management: and(4) Incident Response. Timely reporting of incidents; and ensuring data loss prevention tools work accordingly. Until the Department improves in these areas, it cannot ensure that its overall information security program adequately protects its systems and resources fromcompromise and loss.

Features of the April 1– September 30, 2020 Semi-Annual report include: • A letter from the Special Inspector General on the Emergency Economic Stability Act and impacts as a result of COVID-19.o Through EESA’s valuable programs, underemployed and unemployed American’s can stay in their homes. • An Overview of the SIGTARP’s oversight of Making Home Affordable, including the Home Affordable Modification Program. o With the expiration of the foreclosure moratorium in the CARES Act, HAMP continues to prevent foreclosures for the more than 700,000 participants who live in all 50 states.• An overview of SIGTARP’s oversight of the Hardest Hit Fund.o HHF was extended to assist those impacted by the pandemic. During the past six-months states have seen significant increases in applications. There is currently more than $492 million still available to help homeowners.• An overview of the SIGTARP’s oversight of bank and TARP investment programs.o EESA programs for troubled assets (or TARP ‘bailout’) are largely closed after a decade. There are TARP securities in two banks and three credit unions. SIGTARP investigations have resulted in 450 criminal charges issued.

This report was submitted to the Comptroller General in accordance with Section 5 of the Government Accountability Office Act of 2008. The report summarizes the activities of the Office of Inspector General (OIG) for the six-month reporting period ending September 30, 2020. During the reporting period, the OIG issued two audit reports, closed four investigations and initiated two additional investigations. The OIG processed 56 hotline complaints, many of which were referred to other OIGs for action because the matters involved were within their jurisdictions. The OIG also initiated five proactive inquiries based upon traditional areas of vulnerability that cut across agencies and core administrative functions and closed two inquiries.The OIG remained active in the GAO and OIG communities by briefing new GAO employees on its audit and investigative missions, and participating in committees and working groups of the Council of Inspectors General on Integrity and Efficiency, including those related to the Pandemic Response Accountability Committee. Details of these activities and other accomplishments are provided in the report.

Under the home health prospective payment system (PPS), the Centers for Medicare & Medicaid Services pays home health agencies (HHAs) a standardized payment for each 60-day episode of care that a beneficiary receives. The PPS payment covers intermittent skilled nursing and home health aide visits, therapy (physical, occupational, and speech-language pathology), medical social services, and medical supplies.Our prior audits of home health services identified significant overpayments to HHAs. These overpayments were largely the result of HHAs improperly billing for services to beneficiaries who were not confined to the home (homebound) or were not in need of skilled services.Our objective was to determine whether Visiting Nurse Association of Central Jersey Home Care and Hospice, Inc., (VNA of Central Jersey) complied with Medicare requirements for billing home health services on selected types of claims.

As required by FISMA, OIG reviewed USDA’s ongoing efforts to improve its information technology security program and practices during FY 2020.

This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board's Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report, which is available at the link below.

The report summarizes the FTC OIG’s activities and accomplishments during the second half of the FY 2020 reporting period.

Semiannual Report to the Congress April 1, 2020 - September 30, 2020

The National Security Agency Office of the Inspector General (OIG) released an unclassified summary of its Audit of the Agency's Retention Incentive Program. The OIG concluded that the NSA lacked administrative controls necessary to ensure that it was properly determining eligibility and incentives in a consistent manner. Moreover, we found that without more defined program goals and a documented process for evaluating success, the Agency cannot determine whether the program is effectively expending Agency resources in retaining key personnel, and doing so without risk to other work roles and programs. Additionally, we found that the Agency paid significant amounts in what the OIG determined were or may be noncompliant group retention incentives.The OIG made 12 recommendations to assist the Agency in addressing these issues. The Agency agreed with all of the OIG’s recommendations; three were closed upon issuance of the audit, and the OIG found that the actions planned by the Agency met the intent of the remaining recommendations.

Management Challenges- Fiscal Year 2020

The Office of Inspector General (OIG) reviewed Veterans Crisis Line (VCL) operations ranging from contingency planning to quality metrics and lessons learned during the COVID-19 pandemic. The OIG completed remote interviews, document reviews, and surveyed VCL employees and Suicide Prevention staff. VCL staff had historically worked from communal call centers with shared space and equipment, a model that posed a safety risk to staff during the pandemic. To continue operations, VCL’s primary challenge was to equip and transition nearly 800 employees to telework-based operations. Over the course of six weeks, VA’s Office of Information and Technology prioritized VCL’s equipment needs and issued computers, monitors, and iPhones. Regional information technology staff ensured that VCL employees connected to the VA intranet site and accessed the programs needed to perform their duties. VCL employees were provided with training, guidance, and resources related to telework and new VCL processes. VCL leaders implemented precautionary measures to reduce staff’s risk of exposure in the call centers during the transition to telework by expanding call center space to allow for social distancing, providing face masks and sanitizing wipes, and requiring compliance with VHA-wide screening for COVID-19 symptoms before building entry. Despite these efforts, some surveyed employees felt some measures were inadequate to ensure safety. The VCL continued to meet performance targets for key indicators including speed of answer, rate of call abandonment, and levels of silent monitoring and caller satisfaction during and after staff’s transition to telework. VCL leaders reported that, in the future, VCL could benefit from a broader technology and equipment plan, its own information technology staff, and managing its own contracts; better succession planning with overlap for key positions; and maintaining an inventory of items such as headsets, keyboards, and cell phones. The OIG made no recommendations.

Our objective was to assess the U.S. Postal Inspection Service’s oversight of the Confidential Funds Program (CFP) during fiscal years (FY) 2018 and 2019.

We investigated allegations that Helen Hernandez, former Secretary of the Credit and Finance Office (CFO), Oglala Sioux Tribe, Pine Ridge Indian Reservation, SD, issued payroll deduction loans to herself. It was also alleged that Hernandez used other individuals’ personal information to acquire loans in their names and then used those funds for her benefit.Our investigation showed Hernandez, then the Secretary of the CFO, issued 44 checks between February 2014 and June 2015, worth approximately $42,100 in total. Hernandez admitted to fraudulently issuing the checks and entering false loan recipient names in CFO records to conceal her activities. She was one of only two employees at the CFO and was responsible for receiving applications, verifying qualifications, and otherwise processing loans. Because of the lack of a clear separation of duties, she could essentially issue loans to whomever she chose, with no outside verification.The U.S. Attorney’s Office, District of South Dakota, indicted Hernandez, who pled guilty to 18 U.S.C. § 1163, “Embezzlement and theft from Indian tribal organizations,” and agreed to pay restitution of $42,100 to the Oglala Sioux Tribe.

An Amtrak ticket agent based in North Dakota was terminated from employment on October 28, 2020, following her administrative hearing. Our investigation found that the former employee left her post on seven separate occasions for extended periods of time, without approval or authorization, to attend personal events and activities on company time, and without clocking out as company policy requires.

The Office of Inspector General assessed NASA’s strategic workforce planning, training, and certification of its acquisition workforce.

On March 27, 2020, the President signed into law the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). To date the CARES Act has provided the U.S. Department of the Interior (DOI) with $909.7 million, which includes direct apportionments of $756 million to support the needs of DOI programs, bureaus, Indian Country, and the Insular Areas, and a $153.7 million transfer from the U.S. Department of Education to the BIE.This report presents the DOI’s progress as of September 30, 2020, in spending CARES Act appropriations. Specifically, the DOI’s expenditures to date total $546,908,092, and its obligations total $658,490,397.We are also monitoring the DOI’s progress on reporting milestones established by the CARES Act and the U.S. Office of Management and Budget.We anticipate issuing updated status reports monthly.

Our objectives for this report were to assess (1) the extent to which the company’s employees who perform safety-related work are at risk for prescription opioid impairment and misuse and (2) the company’s efforts to detect and deter this risk.After examining de-identified prescription and medical claims data from fiscal year 2019 for 11,356 employees who performed safety-related work, we found that some employees are potentially at risk for prescription opioid misuse, overdose, and impairment. This includes 113 employees who met one or more of the Centers for Disease Control and Prevention indicators for potential opioid use disorder or overdose. We also found that the company’s random drug testing program excludes safety-related positions and common prescription opioids because the company limits its program to the U.S. Department of Transportation’s minimum requirements. Finally, we found that the company’s Benefits group does not require the company’s benefit administrators—CVS/Caremark and Aetna—to report key information from their opioid monitoring tools to the company, such as prescription patterns they detect, trends in specific opioid risk factors, and the number and status of interventions the administrators have taken.To address the findings, we recommended that the company assess its workforce and identify all positions in which employees’ use of prescription opioids could impair their ability to safely perform job-related tasks. We also recommend that the company identify whether additional prescription opioids are of substantial concern for safety-related work. We recommend that the company then develop a strategy to negotiate with unions to expand its random drug testing program to cover these additional positions and any additional opioids. In addition, we recommend that the Benefits group identify and require benefit administrators to provide additional data, subject to U.S. Health Insurance Portability and Accountability Act of 1996 requirements, that would help support effective decision-making.

To examine the readiness of NASA’s acquisition workforce to respond to current and future contracting needs.

We audited the City of Compton’s Neighborhood Stabilization Programs (NSP) 1 and 3 due to a referral made by our Office of Investigation because of concerns related to ongoing issues at the City and complaints received about the City’s administration of U.S. Department of Housing and Urban Development (HUD) funds.  In addition, HUD’s Office of Community Planning and Development rated the City as high risk for administering program funds in fiscal year 2018.  Our audit objective was to determine whether the City administered NSP1 and NSP3 funds in compliance with its own procedures and HUD regulations.The City did not (1) maintain procurement documents for acquisition and rehabilitation services and consultant services to show fair and open competition at a reasonable price, (2) always disburse program expenses in compliance with its own procedures and HUD regulations, and (3) submit the required reports to HUD on time and post HUD quarterly performance reports on its website.  These issues occurred because the City did not implement its procurement controls.  In addition, the City experienced high staff turnover, which did not allow it to administer these programs in compliance with HUD regulations.  As a result, the City did not give vendors the opportunity to bid in fair and open competition for the services needed in the targeted areas.  Also, the City disbursed a total of $272,206 in questioned program expenses.  In addition, the City’s late submission of required reports to HUD and lack of posting performance reports on its website prevented HUD, the general public, government entities, and other stakeholders from knowing the progress of its program-funded projects and activities.We recommend that HUD require the City to (1) implement procurement controls to maintain complete procurement documents, (2) provide adequate documents to support $270,656 in program expenses, and (3) submit future required reports to HUD on time and post the missing and future HUD quarterly performance reports on its website.

We investigated an allegation that U.S. Geological Survey (USGS) Director James Reilly retaliated against a USGS employee after the employee filed a complaint with our office about Reilly’s conduct. We substantiated the allegation. We issued a report on our investigation to the Secretary of the Interior for any action deemed appropriate.

Michael Hollingsworth, a resident of New York, was sentenced on October 26, 2020, in U.S. District Court, Southern District of New York, to 36 months of probation and forfeiture of $200 for falsifying an Amtrak pre-employment drug test. Hollingsworth received cash from an Amtrak job applicant to submit a fraudulent drug test sample so the applicant would pass Amtrak’s drug screening requirement. At the time, Hollingsworth was the owner and operator of DDW Drug Testing Services, a subcontractor that conducts pre-employment drug-test collections for Amtrak’s prime contractor. His company served as the primary drug test sample collector for Amtrak in the New York City area since 2016. He previously pleaded guilty for his role in the scheme on November 19, 2019.In addition to our investigation into Hollingsworth’s activities, we issued a management information report to the company presenting our observations regarding Amtrak’s prime contractor. Our report identified a disturbing lack of due diligence by the contractor regarding their subcontractors involved in the pre-employment drug testing process. We also found that the prime contractor was less than candid with Amtrak officials and us about prior problems with Hollingsworth. The company concurred with our observations and took corrective action to address them.

What We Looked AtThis report presents the results of our quality control review (QCR) of an audit of the Department of Transportation's (DOT) information security program and practices. The Federal Information Security Modernization Act (FISMA) requires agencies to develop, implement, and document agency-wide information security programs and practices. FISMA also requires inspectors general to conduct annual reviews of their agencies' information security programs and report the results to the Office of Management and Budget.To meet this requirement, we contracted with CliftonLarsonAllen LLP (CLA) to conduct this audit subject to our oversight. The audit objective was to determine the effectiveness of DOT's information security program and practices in five function areas--Identify, Protect, Detect, Respond, and Recover.What We FoundWe performed a QCR of CLA's report and related documentation. Our QCR disclosed no instances in which CLA did not comply, in all material respects, with generally accepted Government auditing standards.RecommendationsCLA made 18 recommendations. DOT concurs with recommendations 1, 3 through 15, and 17 and 18 and partially concurs with recommendations 2 and 16. CLA considers all 18 recommendations resolved but open pending completion of planned actions.

Our annual plan identifies the audits, inspections, and other activities that the OIG intends to undertake to assist the U.S. Department of Education in fulfilling its responsibilities to America’s citizens and students.