Federal Reports

Compliance with Laws and Regulations

Internal Controls 2017

SB & Company, LLC (SBC), an independent public accounting firm, presented an opinion on the Denali Commission’s compliance with the Digital Accountability and Transparency Act of 2014 (DATA Act). SBC planned and performed the examination to obtain reasonable assurance about• completeness, timeliness, quality, and accuracy of the fiscal year (FY) 2017, second quarter financial and award data submitted for publication on USASpending.gov, and• the Denali Commission’s implementation and use of the government-wide financial data standards established by the Office of Management and Budget and U.S. Department of the Treasury.In SBC’s opinion, the Denali Commission’s second quarter submission for FY 2017 is presented in accordance with the provisions of the DATA Act, in all material respects. SBC performed the examination in accordance with attestation standards established by the American Institute of Certified Public Accountants and in U.S. generally accepted government auditing standards.

Performance audit of NARA's compliance under the Digital Accountability and Transparency Act of 2014 (DATA Act)

The NCUA OIG engaged CliftonLarsonAllen LLP to independently evaluate the NCUA’s information security and privacy management programs and controls for compliance with FISMA 2014 and federal regulations and standards. CLA evaluated the NCUA’s information security and privacy management programs through interviews, documentation reviews, technical configuration reviews, and sample testing. CLA evaluated the NCUA against such laws, standards, and requirements as those provided through FISMA 2014, the E-Government Act, National Institute of Standards and Technology standards and guidelines, the Privacy Act, and Office of Management and Budget memoranda and privacy and information security policies.

Railroad Retirement Board's Initial DATA Act Submission, While Timely, Was Not Complete or Accurate

This is a publication by GAO's Office of Inspector General (OIG) that concerns internal GAO operations. The OIG contracted with the independent certified public accounting firm of CliftonLarsonAllen (CLA) to audit GAO’s compliance with the Digital Accountability and Transparency Act of 2014 (DATA Act), and produce this report. This report addresses (1) the completeness, timeliness, quality and accuracy of the GAO’s FY 2017, second quarter (January 2017 through March 2017) financial and award data submitted for publication on USASpending.gov and (2) GAO’s implementation and use of the Government-wide financial data standards established by the Office of Management Budget (OMB) and the Department of Treasury (Treasury), as required by the DATA Act.

CNCS did not fully comply with the DATA Act due to weaknesses in its existing financial reporting system (internal control over source systems) and internal control weaknesses within financial reporting, data management, and data reporting processes. CNCS did not submit complete, timely, quality, and accurate financial and award data for the FY 2017 second quarter. The Corporation continues to grapple with the implementation challenges previously reported in the readiness review, as well as new challenges identified by this performance audit.

Seek link below for the full report, report summary, multimedia or any agency follow-up.

The OIG contracted with an independent public accounting firm for a performance audit to assess the VA’s compliance with the Digital Accountability and Transparency Act of 2014 (DATA Act). The contractor reported that VA did not fully comply with the DATA Act due to weaknesses in VA’s existing financial management systems and internal controls related to source systems, data management, and data reporting processes. As a result, VA did not submit complete, timely, quality, and accurate financial and award data to USASpending.gov for the second quarter of fiscal year 2017. The contractor recommended that VA continue its system modernization efforts and coordinate with VA’s shared service provider to ensure DATA Act requirements will be met. The contractor made 21 recommendations for improving VA’s compliance with DATA Act.

The Office of Inspector General (OIG) performed procedures which were requested and agreed to by TVA management solely to assist management in determining the validity of the Winning Performance (WP) payout awards for fiscal year (FY) ended September 30, 2017. The WP payout award data that was provided to the OIG and to which the agreed-upon procedures were applied is the responsibility of TVA management. In summary, procedures applied by the OIG found: • The FY 2017 WP goals for the enterprise measures were properly approved. There were no change forms for FY 2017 measures.• The FY 2017 goals (i.e., target) for the corporate multiplier measures were properly approved. • The actual year-to-date results for the enterprise scorecard measures agreed with the underlying support.• The actual year-to-date results for the corporate multiplier measures agreed with the underlying support, without exception.• The FY 2017 WP payout percentage provided by the Benchmarking and Enterprise Performance organization on November 6, 2017, was mathematically accurate and agreed with the OIG’s recalculation.

EAC OIG audited EAC's adherence to the reporting and data requirements of the Digital Accountability and Transparency Act of 2014. The objective of the audit was to assess (1) the completeness, timeliness, quality, and accuracy of fiscal year 2017, second quarter financial and award data submitted for publication on USAspending.gov, and (2) EAC's implementation and use of the Government-wide financial data standards established by the Office of Management and Budget and the Department of the Treasury.

We evaluated TVA’s Corrective Action Program (CAP) to determine if the CAP was effective in resolving anonymous condition reports (CRs) at Watts Bar Nuclear Plant. We determined TVA took actions to address the anonymous CAP CRs in a timely manner. Specifically, we found for 22 of the 25 CAP CRs tested, the actions were completed within a reasonable time frame. The remaining 3 CAP CRs were appropriately closed to another CR that was previously initiated for the same concern and is scheduled for completion in May 2018. However, we identified an opportunity for improvement related to (1) routing of handwritten, anonymous CRs and (2) documenting that CRs are routed to the appropriate personnel.

The objectives of the audit were to assess the completeness, timeliness, quality, and accuracy of fiscal year 2017 second quarter financial and award data submitted for publication on Beta.USAspending.gov, and the CPSC’s implementation and use of the Government-wide financial data standards established by OMB and Treasury.

OIG-CA-18-007R Audit of Treasury's Reporting of Financial and Payment Information Under the DATA Act - Summary Results. This report includes OIG's transmittal letter, which presents Treasury's DATA Act results as a whole' Treasury's management response; OIG's report with results for Treasury's non-IRS transactions only; and TIGTA's report with IRS transaction results. This report was revised on March 30, 2018, to reflect changes made on pages 1, 3, 21, 22, 23, and 25 in report OIG-18-010R. The changes clarify the percent of inaccurate transactions and corresponding accuracy rates for the individual data elements tested by the Office of Inspector General. The addressee of this report has also been updated to reflect the change in the incumbent Assistant Secretary for Management. These corrections did not affect the findings, conclusions, andrecommendations previously reported.

This audit report should not be distributed without the financial statements on which it is based. To request the financial statements and report, file a Freedom of Information Act Request with the Department of the Army at https://www.rmda.army.mil/foia/RMDA-FOIA-Contact.html.

For our report on the Department's Digital Accountability and Act of 2014 (DATA Act) submission for the second quarter of fiscal year (FY) 2017, we contracted with K.PMG LLP, an independent public accounting firm, to examine the Department's submission (which included seven files containing financial, procurement and financial assistance award, and sub-award data).

OIG-18-010R Treasury Continues to Make Progress in Meeting DATA Act Reporting Requirements, But Data Quality Concerns Remain. This report constitutes OIG's report with results for Treasury's non-IRS transactions only. This report was revised on March 30, 2018, to reflect changes made on pages 1, 3, 21, 22, 23, and 25. The changes clarify the percent of inaccurate transactions and corresponding accuracy rates for the individual data elements tested by the Office of Inspector General. The addressee of this report has also been updated to reflect the change in the incumbent Assistant Secretary for Management. These corrections did not affect the findings, conclusions, and recommendations previously reported.

Semi Annual Report to Congress

The report begins on page 132 of the Fiscal Year 2017 United States Army Annual Financial Report.

The report begins on page 93 of the Fiscal Year 2017 United States Army Annual Financial Report.

The report begins on page 117 of the Fiscal Year 2017 Annual Financial Report

The NCUA OIG conducted this review in accordance with the DATA Act. Specifically, we conducted this review to assess the completeness, timeliness, quality, and accuracy of fiscal year 2017, second quarter financial and award data submitted for publication on USASpending.gov; and the NCUA’s implementation and use of the government-wide financial data standards established by the Office of Management and Budget and the Department of the Treasury.

We identified lessons learned regarding insurance findings and recommendations we reported in previous audit reports. To accomplish our objective, we compiled and summarized reportable issues concerning insurance under the Public Assistance program from our reports issued in fiscal years 2013–2017; analyzed the insurance findings and recommendations in those reports; and quantified the financial significance of those findings. We determined that from fiscal years 2013–2017, DHS OIG issued 37 reports with 40 recommendations totaling $322.1 million in questioned costs for reportable issues pertaining to insurance. These issues included duplicate benefits, insufficient insurance, and misapplied or misallocated insurance proceeds. Because this special report contains no recommendations, no response from FEMA is required.

The Office of Inspector General examined the completeness, timeliness, and accuracy of NASA’s financial and award data as required under the DATA Act.

Our objective was to determine whether the U.S. Postal Service made purchase card transactions that were potentially illegal, improper, or erroneous. We performed this audit in conjunction with a government-wide audit initiated by the Council of the Inspectors General on Integrity and Efficiency, Information Technology Committee, to determine risks associated with government purchase card transactions. The OIG performed this audit with 22 other Inspectors General, generally using the same audit objective, scope, and methodology.

The OIG used data analytics to identify locations with lost or stolen stamp stock shipments. We identified expenses related to lost or stolen stamp stock shipments for the San Juan Stamp Office (SJSO); Fernandez Juncos Station; and Amelia, Bayamon, and Condado Contract Postal Units (CPU) between May 1, 2016, and April 30, 2017. Our objective was to determine whether internal controls over stamp stock shipments were in place and effective at the SJSO; Fernandez Juncos Station; and Amelia, Bayamon, and Condado CPUs.

The objectives of this performance audit were to assess the completeness, timeliness, quality, and accuracy of Fiscal Year 2017, Second Quarter financial and award data submitted for publication on USAspending.gov in accordance with the DATA Act and to assess the Peace Corps’ implementation and use of the Government-wide financial data standards established by the Office of Management and Budget and the Department of the Treasury. While the Peace Corps took steps to implement and use the Government-wide data standards, problems with completeness and accuracy hinder the Peace Corps’ ability to provide reliable data, achieve full transparency to the public, and comply with Federal accountability requirements.

These challenges illustrate the most significant areas the Office of Inspector General (OIG) believes need improvement for the Peace Corps to effectively manage its resources and minimize the potential for fraud, waste, and abuse occurring in its operations. Addressing the issues related to these challenge areas will enable the agency to increase operational efficiencies and improve mission effectiveness.

We found that the Department generally met the Digital Accountability and Transparency Act of 2014 (DATA Act) reporting requirements for the FY 2017 second quarter. Specifically, we found that the Department had adequate controls over its DATA Act source systems and submission processes to reasonably assure that reported data was accurate, timely, of quality, and complete. We found that the Department’s FY 2017 second quarter summary and award-level data submitted as part of required DATA Act reporting was timely, and generally accurate, of quality, and complete, and that the Department reported the data in accordance with established Government-wide financial data standards. However, we found that the Department’s validation and reconciliation processes did not initially ensure that award-level transactions that should not be included in the submitted and certified data were appropriately excluded. Further, we found that linkages between award-level data in the Department’s systems and the data extracted from external award systems by the Treasury DATA Act Broker were not always complete, and that selected reported data elements were not always consistent with the data contained in the authoritative source system.

This report should not be distributed without the accompanying financial statements on which it is based. To request a copy of the financial statements and report, please contact:Robert J. Moss, Jr., Chief, Trust Fund and Revenue Cycle Management, Defense Health Agency, robert.j.moss.civ@mail.mil

This report should not be distributed without the accompanying financial statements on which it is based. To request a copy of the financial statements and report, please contact:Graham D. Ininns,Chief, Contract Resource Management,Defense Health Agency,graham.d.ininns.civ@mail.mil

The report is Classified. To file a Freedom of Information Act request, please submit a request to FOIA Online. https://foiaonline.regulations.gov/foia/action/public/request/publicPre…

This review is part of a series of hospital compliance reviews. Using computer matching, data mining, and data analysis techniques, we identified hospital claims that were at risk for noncompliance with Medicare billing requirements. For calendar year 2015, Medicare paid hospitals $163 billion, which represents 46 percent of all fee-for-service payments for the year.

The Office of Inspector General released a summary of its fiscal year 2017 examination of NASA’s information security program under the Federal Information Security Modernization Act (FISMA).

We found that for FY 2017, second quarter submission, PBGC generally complied with DATA Act requirements for completeness, timeliness, quality, and accuracy of the data, including implementation and use of the government-wide financial data standards established by OMB and Treasury. However, we identified some inconsistencies, omissions and errors, which caused the information available to the public and Congress on Beta.USAspending.gov to not fully reflect PBGC’s operations. We recommended PBGC to develop and implement procedures to ensure the completion of a quality control review of data files before each quarterly data submission and a review information on Beta.USAspending.gov after publication for indications of errors and incompleteness. PBGC agreed with the recommendation and provided actions taken and corrective actions planned to strengthen quality control over data submission. PBGC planned to complete corrective action by the September 30, 2017 data submission.

Audit of the FY 17 NLRB financial statements.

The Reports Consolidation Act of 2000 requires the U.S. Department of Education (Department) Office of Inspector General to identify and report annually on the most serious management challenges the Department faces. The Government Performance and Results Modernization Act of 2010 requires the Department to include in its agency performance plan information on its planned actions, including performance goals, indicators, and milestones, to address these challenges. To identify management challenges, we routinely examine past audit, inspection, and investigative work, as well as issued reports where corrective actions have yet to be taken; assess ongoing audit, inspection, and investigative work to identify significant vulnerabilities; and analyze new programs and activities that could post significant challenges because of their breadth and complexity. Last year, we presented five management challenges: improper payments, information technology security, oversight and monitoring, data quality and reporting, and information technology system development and implementation. Although the Department made some progress in addressing these areas, four of the five remain as a management challenge for fiscal year (FY) 2018. We removed information technology system development and implementation because our current body of work does not support its continued reporting as a challenge to the Department. Our planned work for FY 2018 includes audits of the Department’s implementation of the Federal Information Technology Acquisition Reform Act and the Department’s implementation of the Portfolio of Integrated Value-Oriented Technologies Contracts. Our conclusions from this and other work could result in this area returning as a management challenge in future years.The FY 2018 management challenges are: (1) Improper Payments, (2) Information Technology Security, (3) Oversight and Monitoring, and (4)Data Quality and Reporting.

The report begins on page 25 of the Fiscal Year 2017 Military Retirement Fund Audited Financial Report.

Audit Report

Ernst & Young (EY), under its contract with the HHS Office of Inspector General (OIG), audited the second quarter for fiscal year (FY) 2017 to determine HHS's compliance with the Digital Accountability and Transparency Act (DATA Act; P.L. No. 113-101) and related guidance.

The Children's Health Insurance Program Reauthorization Act of 2009 (CHIPRA) directly affects both the Children's Health Insurance Program and Medicaid. Under CHIPRA, Congress appropriated $3.2 billion for qualifying States to receive bonus payments to offset the costs of increased enrollment of children in Medicaid.

The Children's Health Insurance Program Reauthorization Act of 2009 (CHIPRA) directly affects both the Children's Health Insurance Program and Medicaid. Under CHIPRA, Congress appropriated $3.225 billion for qualifying States to receive bonus payments to offset the costs of increased enrollment of children in Medicaid.

The OIG used data analytics to identify offices with a surge of potentially fraudulent Voyager credit card activity. We identified 128 potentially fraudulent fuel transactions totaling $7,199, made primarily in Florida with a Voyager card assigned to the Southeast (SE) Austin Station, between January 1 and July 31, 2017.

This year, we highlighted the underlying causes of the Department's persistent management and performance challenges, which hamper efforts to accomplish the homeland security mission efficiently and effectively. The challenges are two-fold. First, Department leadership must commit itself to ensuring DHS operates more as a single entity rather than a collection of components. The lack of progress in reinforcing a unity of effort translates to a missed opportunity for greater effectiveness. Second, Department leadership must establish and enforce a strong internal control environment typical of a more mature organization. The current environment of relatively weak internal controls affects all aspects of the Department’s mission, from border protection to immigration enforcement and from protection against terrorist attacks and natural disasters to cybersecurity.

OIG conducted an inspection in response to Senator James Inhofe’s request to evaluate clinical, supervisory, and administrative practices at the Oklahoma City VA Health Care System (System), Oklahoma City, OK. We also evaluated the System Director’s concerns and coordinated parts of this review with The Joint Commission. Our comprehensive review identified multiple program areas, processes, and operations needing improvement. The root cause for many of these issues was poor and unstable leadership at a number of levels, most notably in the Director position. Without strong and effective leadership, an inattentive and apathetic organizational culture evolved that allowed problems to arise and persist. It was only after new leadership was installed in May 2016 that the culture improved and necessary changes took place. We made 24 recommendations.

OIG conducted a healthcare inspection to address concerns received from Congressman Jim Costa in 2014 regarding allegations from an anonymous complainant of Emergency Department (ED)-boarded patients’ length of stay, poor inpatient flow, and nurse staffing shortages at the Central California VA Health Care System (system), Fresno, CA. An anonymous complainant with similar allegations contacted the OIG Hotline in December 2013, July 2014, and February 2015. We requested system leaders respond to the allegations and in their May 2015 response, they acknowledged issues with ED-boarded patients’ length of stay, inpatient flow, and registered nurse staffing, and implemented an improvement plan with 15 actions. In January 2016, we conducted a review of system leaders’ progress after 6 months (July 1, 2015 through December 31, 2015) of implementing their action plans. We found that they did not implement 1 of the 15 actions: system leaders had not established written protocols to identify a process to transfer ED-boarded patients to available VA and non-VA facilities when acute inpatient beds were unavailable. In addition, the system’s policy that addressed the designated location for ED patient overflow did not identify criteria for ED-boarded patients who could be transferred to the Community Living Center. In the course of our review, we identified a patient whose adverse outcome illustrated many of the challenges associated with ED-boarded patients who need to be transferred due to the lack of available inpatient beds. The patient died after a prolonged transport on the maximal dose of a medication generally used in critical care. We made eight recommendations.

For a covered outpatient drug to be eligible for Federal reimbursement under the Medicaid program's drug rebate requirements, manufacturers must pay rebates to the States for the drugs. However, a prior OIG review found that States did not always invoice and collect all rebates due for drugs administered by physicians.

We determined that the Department has addressed the requirements of the Cybersecurity Act of 2015. However, the Department faces challenges effectively sharing cyber threat information across Federal and private sector entities. For example, the system DHS uses does not provide the contextual data needed to effectively defend against threats. DHS lacks a cross-domain information processing solution and automated tools to analyze and share threat information timely. DHS needs to enhance its outreach program to increase participation and improve coordination of information sharing across its partners. Further, our security testing identified configuration and patch management deficiencies related to the systems DHS uses to process and share threat information. We made five recommendations to the National Protection Programs Directorate (NPPD) to enhance the overall effectiveness of DHS’ information sharing program, including acquiring technologies needed for cross-domain sharing and automated analysis of cyber threat data, enhancing outreach to promote sharing, and implementing required security controls on selected information systems. The component concurred with all five recommendations.

Pension Management Centers (PMCs) provide benefits and services to some of the most vulnerable veterans and survivors. OIG’s review focused on rating decisions that addressed original pension benefits and claims processing actions related to Medicaid-covered nursing homes. OIG found St. Paul PMC staff failed to order general medical examinations to support veterans’ pension claims—denying 88 percent of those requiring rating decisions in 2015. St. Paul management and staff misinterpreted Veterans Benefits Administration's (VBA’s) guidance on requesting general medical examinations to support pension claims, and VBA lacked oversight for identifying inconsistent rating practices among PMCs. Consequently, claims processed by the St. Paul PMC were denied more frequently when compared to the Milwaukee and Philadelphia PMCs. Claims processors at the PMCs also delayed and inaccurately processed pension benefits reduction cases whenever beneficiaries resided in Medicaid-covered nursing care facilities. Delays and inaccuracies found in 1,900 of 2,800 Medicaid benefits reduction cases completed in 2015 resulted in an estimated $6.9 million in improper benefits payments. If the PMCs continue to delay and inaccurately process these adjustments, VBA will pay approximately $34.5 million in improper benefits from Calendar Year (CY) 2016 through CY 2020. Generally, VBA did not prioritize this workload, performance measures for Medicaid-covered nursing home care reduction cases were lacking, and PMCs did not provide training specific to Medicaid-covered cases. OIG recommended that VBA clarify guidance and provide training on ordering general medical examinations to support original pension claims, review denied pension claims to determine whether examinations were required, and implement a plan to ensure rating consistency. We also recommended that VBA prioritize benefit reduction actions and develop workload performance measures for benefits reduction cases associated with Medicaid-covered nursing homes.

This audit sought to determine whether the National Pension Call Center (NPCC) is providing timely and quality assistance to veterans and their families. OIG found Veterans Benefits Administration (VBA) management needed to improve the NPCC’s oversight of quality review and training processes. Specifically, NPCC supervisors did not review or take corrective actions for calls evaluated by quality-review specialists. Calls in Spanish were not included in Benefits Assistance Service (BAS) quality-review monitoring, and NPCC management and call agents did not complete or properly record all required training. VBA management lacked reasonable assurance that the NPCC’s hours of operation provided sufficient availability for pension recipients to speak with agents. Also, the Philadelphia VA Regional Office (VARO) staff mailed documentation that included personally identifiable information (PII) to incorrect addresses. This occurred because the NPCC coach did not implement a process requiring corrective actions to address low-scoring quality review results. BAS has never had a quality-review specialist fluent in Spanish to evaluate calls. The NPCC and BAS management provided inadequate oversight to ensure staff received or completed the required training. VBA management did not analyze the available call data to determine the number of calls that go unanswered after the close of NPCC’s business day. The Philadelphia VARO’s controls for outgoing mail processes needed strengthening. OIG recommended VBA implement controls to ensure callers receive accurate and complete responses to pension inquiries, BAS has qualified staff to evaluate the quality of Spanish-speaking calls, and required training is completed and recorded timely and to continuously evaluate data for calls made outside of normal business hours. OIG also recommended the Philadelphia VARO Director strengthen controls at the VARO to ensure documents that include PII are mailed to the intended veteran. The Acting Under Secretary for Benefits concurred with our findings and recommendations. We considered the corrective action plans acceptable and will follow up on their implementation.

On November 1, 2017, the Pennsylvania Court of Common Pleas of Bucks County sentenced an Amtrak B&B Mechanic Foreman to 6-23 months of confinement and 36 months’ probation for the Manufacture, Delivery, or Possession with the Intent to Manufacture or Deliver narcotics.