Federal Reports

RSVP of Tulsa demonstrated a lack of due diligence in ensuring the RSVP grant was properly administered.

The Minnesota Elderly Waiver program (the program) funds home- and community-based services for people aged 65 and older who are eligible for medical assistance and require the level of care provided in a nursing home but choose to live in the community, such as at a licensed family adult foster care home (home). Minnesota operates the program under a Federal waiver to its Medicaid State plan. We have conducted health and safety reviews of Head Start grantees and of regulated childcare facilities and wanted to determine whether there may be similar health and safety risks for vulnerable adults living in homes.

In response to a letter requesting that the OIG review the Department's actions related to certain provisions of the gainful employment and borrower defense regulations, we provided our views on the regulations and how the Department's proposed changes to those regulations could affect the integrity and efficiency of the student financial aid programs.

Although the Department and FSA made progress in strengthening their information security programs, we found weaknesses in the Department’s and FSA’s information systems, and those systems continued to be vulnerable to security threats. As guided by the maturity model used in the FY 2017 IG FISMA Metrics, we found the Department and FSA were not effective in all five security functions—Identify, Protect, Detect, Respond, and Recover. We also identified findings in all seven metric domains: (1) Risk Management, (2) Configuration Management, (3) Identity and Access Management, (4) Security Training, (5) Information Security Continuous Monitoring, (6) Incident Response, and (7) Contingency Planning.

Cyberscope 2017

Prescriber identifiers are a valuable program integrity safeguard. They enable CMS and Part D plan sponsors to determine if legitimate practitioners have prescribed drugs for enrollees. Plan sponsors are required to include prescriber identifiers on the Part D prescription drug event (PDE) records they submit to CMS. The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) requires that, beginning in 2016, pharmacy claims for covered Part D drugs must contain valid prescriber National Provider Identifiers (NPIs). Additionally, the law requires the Secretary of the Department of Health and Human Services to establish procedures for determining the validity of these prescriber NPIs. The law also requires OIG to submit to Congress a report on the effectiveness of these procedures no later than January 1, 2018. This evaluation report fulfills OIG's MACRA mandate.

The objective of this review was to perform an independent assessment of the Peace Corps’ information security program, including testing the effectiveness of security controls for a subset of systems as required, for FY 2017. Our results demonstrate that the Peace Corps lacks an effective information security program because of problems related to people, processes, technology, and culture. The Peace Corps needs to embrace a risk-based culture and place greater emphasis on the importance of a robust information security program by involving senior leadership, ensuring agency policies are comprehensive, and prioritizing the time and resources necessary to become fully compliant with Federal laws and eliminate weaknesses.

This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board’s Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report, which is available at the link below.

During the period April 1, 2017 through September 30, 2017, we:(1) Closed 11 audit recommendations and issued 9 new audit recommendations. The total number of open audit recommendations is 84.(2) Issued the following reports:(a) FY 2016 Improper Payments Evaluation. PBGC complied with improper payment requirements and financial assistance and contractor payment streams were not susceptible to significant improper payments.(b) Administrative Expenses for Insolvent Multiemployer Plans. PBGC adequately ensured that financial assistance recurring administrative expenses were reasonable, necessary, and adequately supported. However, we identified opportunities where PBGC could strengthen data quality and monitoring to ensure recurring administrative expenses for financial assistance are necessary and reasonable. (c) Premiums: Ways to Improve Exemption Determinations. PBGC’s premium exemption determinations can be improved with additional supporting documentation. (d) Special Report on Antideficiency Act Conclusion. PBGC’s conclusion regarding the reporting and recording of its multi-year lease obligations was not consistent with legal authority interpreting the Act, decisions of other agencies to report similar violations of the Act, and PBGC’s own decision to report a violation of the Act in another matter. (e) Risk Advisory: Personally Identifiable Information (PII) and Data Loss Prevention Controls. We identified for management and the Board weaknesses in controls to prevent the loss of sensitive data and made suggestions to mitigate this risk. (f) Inspection of Government Purchase Card Program. We found no fraudulent, improper, or abusive purchases during the period under review. However, we identified opportunities for PBGC to strengthen fraud prevention and program oversight. (3) Began the Deceased Participants Computer Matching Program. We initiated a computer matching program to identify PBGC benefits being paid to deceased participants. To date, we have identified 13 such cases. One case resulted in an indictment, two other cases are under consideration by prosecutors, and we referred 10 cases to the Office of Benefits Administration for termination of benefit payments and recoupment. Read the full report for details of our work to address these management challenge areas.

During this reporting period, we issued two reports, resulting in questioned cost of $618,577. In addition we received and addressed 20 hotline complaints. By addressing some of these complaints, we helped citizens avoid scams by individuals fraudulently representing NEA. Through the audit follow-up process, we collaborated with NEA managers to clear eleven recommendations resulting in better stewardship of NEA funds by putting in place stronger financial controls, policies, and procedures for awardees subject to OIG recommendations. Furthermore, based on a 2016 financial statement audit report recommendation, NEA put in place a process to more timely identify funds available for de-obligation, resulting in $517,218 in funds put to better use during FY 2017.

Semiannual Report to the Congress April 1, 2017 - September 30, 2017

Although Oklahoma received crossover claim adjustments, it did not have any policies and procedures for processing adjustments to Medicare crossover claims. As a result, Oklahoma did not recoup amounts due from providers or pay amounts owed to providers when an adjustment to a crossover claim changed the original deductible or coinsurance payment amounts.

We made one recommendation to the Department that once implemented, should provide DHS a formal Department-level group to facilitate long-term solutions for overarching component immigration enforcement and administration challenges, and improve efficiencies. DHS concurred with our recommendation and has begun taking action to address our findings.

We reviewed two large projects totaling $198.9 million in expenditures that CalRecycle incurred for debris removal work. We recommended that the Regional Administrator, FEMA Region IX (1) disallow as ineligible $142.7 million ($107 million Federal share) CalRecycle has received in Federal funds for debris removal work, unless FEMA (a) grants an exception to this administrative requirement, or (b) determines that costs are fully documented and eligible; (2) direct California, as recipient, to continue providing CalRecycle with technical assistance and monitoring to ensure compliance with all applicable Federal regulations and FEMA guidelines, and avoid improperly funding any of the $87.3 million ($65.4 million Federal share) it expects to claim in costs overruns for the remaining debris removal work, for an approximate total of $230 million; and (3) direct California, as grantee, to ensure that all insurance recoveries are collected from private property owners, and accurately reports the amount of insurance proceeds to FEMA.

We determined that Richland County, North Dakota does not have legal responsibility for the disaster-related repairs on township roadway projects. Rather, the repairs are the legal responsibility of individual organized townships. In the four disasters we reviewed, funding for 283 projects totaling 6.2 million is ineligible because the County does not have the legal responsibility for repairs to township roadways. Legal responsibility is one of the cornerstones of overall Public Assistance funding eligibility. We recommended FEMA determine whether there is a legal basis for allowing the County to act as the subgrantee for townships; disallow the costs as ineligible unless a legal basis is determined; and if FEMA determines the County may enter an agreement with the townships, require the agreement be in writing for future disasters. We made three recommendations and FEMA Region VIII concurred with all three of our recommendations.

First Coast Service Options, Inc., claimed $33,619 of unallowable fiscal intermediary and carrier contract Medicare pension costs on its Final Administrative Cost Proposals for fiscal years 2008 and 2009.

First Coast Service Options, Inc., understated its Medicare segment pension assets as of December 31, 2010, by $1.0 million.

First Coast Service Options, Inc., understated the Medicare segment allocable pension costs by $147,268 and understated the Other segment allocable pension costs used to calculate its indirect cost rates by $1.2 million for calendar years 2008 through 2010.

Seek link below for the full report, report summary, multimedia or any agency follow-up.

Seek link below for the full report, report summary, multimedia or any agency follow-up.

CNCS-OIG received a hotline allegation that Center for People in Need (CFPIN), Lincoln, NE, improperly managed various aspects of the CFPIN AmeriCorps program.

Audit of NLRB's compliance with the DATA Act reporting requirements.

Weaknesses in the Identity and Access Management and Incident Response metric domains leave the CSB vulnerable to attacks occurring and not being detected in a timely manner.

April 1, 2017 to September 30, 2017 Semiannual Report to Congress

This Office of Inspector General’s semiannual report summarizes our activities and accomplishments for the period April 1, 2017, through September 30, 2017. During this period, the OIG issued one final audit/evaluation report, completed one investigation, published one Management Advisory and received 302 hotline inquiries, of which 117 were charge processing issues, 82 were complaints related to Title VII of the Civil Rights Act of 1964,as amended, and 93 were other investigative allegations.

We determined that FEMA did not manage disaster relief grants and funds adequately and did not hold grant recipients accountable for properly managing disaster relief funds. We identified persistent problems such as improper contract costs and ineligible and unsupported expenditures as examples of this continued failure. During FY 2016, we identified $155.6 million, or 23 percent, in questioned costs out of the $686 million that we audited, which we recommended FEMA disallow as ineligible and unsupported costs. Further, FEMA still does not hold grant recipients accountable for failing to provide adequate monitoring or technical assistance to subgrantees.

The Postal Service’s scanned package volume increased from 3.5 billion in fiscal year (FY) 2015 to 4.3 billion in FY 2016 – an increase of 22 percent. From July 1 through December 31, 2016, the Postal Service scanned over 2 billion packages sent to over 136 million delivery locations on over 227,092 routes throughout the country. This audit was self-initiated based on our data analytics indicating an increasing number of questionable or improper delivery scans occurring at delivery units and about 1.4 million customer complaints in FY 2017 related to delivery.

Serve Washington administered $40,328,621 of AmeriCorps funds during the three years ending September 30, 2016. Serve Washington awarded subgrants to 17 organizations and was responsible for programmatic and financial oversight. The agreed-upon procedures (AUP) review included two subgrants—Kitsap Community Resources (KCR) and the Washington State Employment Security Department (ESD), including ESD’s two AmeriCorps programs, the Washington State Reading Corps and the Washington State Service Corps.Cotton & Company LLP found improper and unsupported costs claimed by the two subrecipients totaling $511,070 ($140,231 in Federal costs and $230,646 in match costs), plus an additional $136,773 in questioned education awards and $3,420 in accrued interest. No Serve Washington Commission incurred costs were questioned.The fieldwork found deficiencies with documenting claimed costs, with National Service Criminal History Checks, inaccurate timesheet recording and certifying, AmeriCorps service considered an added bonus to summer work, inadequate supervision of members recording teleservice and/or weekend service, and incomplete end of term evaluations. Serve Washington concurred with some findings and provided explanations for others. Corporation for National & Community Service Management will work with Serve Washington to resolve the findings.

Our objective was to assess the efficiency of the U.S. Postal Service’s transportation consolidation of mail (loading, unloading, and trailer utilization) for long-haul Highway Contract Routes (HCR) for the Chicago and San Francisco Network Distribution Centers (NDC). We determined the Postal Service’s consolidation of long-haul HCR trips for the Chicago and San Francisco CDFs was inefficient.

Treasury OIG Travel Inquiry Memorandum to Inspector General Thorson

At the request of the Tennessee Valley Authority's (TVA) Supply Chain, we examined the cost proposal submitted by a company for civil projects and coal combustion residual program management work at TVA's steam electric power plants. Our examination objective was to determine if the company's cost proposal was fairly stated for a planned <br> $300 million contract. In our opinion, the company's cost proposal was overstated. Specifically, we found the company's proposed costs for a Cumberland Fossil Plant (CUF) project and proposed unit rates for a Bull Run Fossil Plant (BRF) project included overstated temporary living assignment (TLA) costs, equipment costs, performance and payment bond costs, labor costs, and insurance costs. In addition, the company (1) understated its small tools rate for the CUF project due to errors in the company's estimate and (2) proposed a fee rate for the CUF project that exceeded the maximum allowable fee rate in TVA's request for proposal (RFP). We also found the company's proposed markup rate for employees who receive no benefits was overstated. We estimated TVA could avoid about $9.62 million on the planned $300 million contract by (1) negotiating appropriate reductions to TLA, equipment, performance and payment bond, labor, and insurance costs; (2) limiting the company's fee rate on the CUF project to the RFP's maximum allowable rate; and (3) negotiating appropriate reductions to unit rates in the BRF proposal. In addition, we suggest TVA negotiate revised markup rates for employees who receive no benefits. (Summary Only)

National Credit Union Administration OIG Semiannual Report to the NCUA Board and the Congress highlighting our accomplishments and ongoing work for the six-month period ending September 30, 2017.

This report summarizes work we initiated and completed during this semiannual period on a number of critical Departmental activities. Over the past 6 months—in addition to issuing our annual Top Management and Performance Challenges Facing the Department of Commerce—OIG completed nine audits, inspections, and public investigative reports. These products addressed programs and personnel associated with the Economic Development Administration (EDA), Economics and Statistics Administration (ESA), Minority Business Development Agency (MBDA), National Oceanic and Atmospheric Administration (NOAA), National Telecommunications and Information Administration (NTIA), and the Department itself.

On September 27, 2017, a former Amtrak electrician pleaded guilty in the Circuit Court of Cook County, Illinois, to theft of Amtrak property. He was sentenced to two days in jail (time considered served), two years of probation and was ordered to pay $1,199.57 in restitution.

The Office of Inspector General (OIG) conducted an audit of Amtrak’s (the company) website security program. Our audit objective was to assess whether current controls provide reasonable assurance that the company’s publicly accessible websites are secure.The company uses numerous information technology (IT) applications accessible to the public via the Internet. Given the company’s reliance on publicly accessible websites, we compared its practices for IT website security to leading practices from the private and public sectors, including those of the National Institute of Standards and Technology.

OIG reviewed purchase card practices within Veterans Integrated Service Network (VISN) 15 based on a September 2015 request from the former Chairman of the House Committee on Veterans’ Affairs. VISN 15 purchase cardholders did not use purchase cards improperly by exceeding the micro-purchase threshold or splitting purchases on a VISN 15 contract for restroom supplies. However, after the contract expired, purchase cardholders made 18 split purchases valued at approximately $73,000 when placing Federal Supply Schedule (FSS) orders to buy restroom supplies from the same vendor that had performed the expired restroom supply contract. These split purchases resulted in unauthorized commitments as well as improper payments. This occurred because purchase cardholders continued to act as if they were still operating under the contract for restroom supplies after it had expired—by placing orders with the same vendor using a General Services Administration (GSA) FSS contract. Although the GSA FSS orders were similar to the orders allowable under the terms of the expired requirements contract, they were now considered split purchases under the terms of the Federal Acquisition Regulation because they were no longer governed by the contract. The split purchases also occurred because the purchase cardholders did not have a clear understanding of what constituted a split purchase. VISN 15’s oversight of these purchase card transactions was ineffective and approving officials did not question what appeared to be the same routine purchases of restroom supplies, which had been occurring year after year subsequent to the expiration of the contract. As of July 2016, VISN 15 officials were not awarding separate contracts to purchase commodity items such as restroom supplies. We recommended the VISN 15 Director submit ratification requests for FY 2015 unauthorized commitments identified in the report, conduct additional focused training on split purchases, and establish more rigorous monitoring mechanisms over the VISN 15 purchase card program.

SIGTARP identifies the most serious management and performance challenges and threats facing the Government in TARP. Our selection is based on the significance and duration of the challenge/threat to the mission of TARP and Government interests; the risk of fraud or other crimes, waste or abuse; the impact on agencies in addition to Treasury; and Treasury’s progress in mitigating the challenge/threat.

SIGTARP's Quarterly Report to Congress

We determined that component personnel are not always safeguarding or tracking sensitive assets that, if lost, would result in critical mission impact or loss of life. Additionally, component’s practices surrounding badges may result in unnecessary risk. We recommended that DHS enhance policy, improve oversight, and require justifications for any non-law enforcement badges. We made six recommendations to improve the tracking and safeguarding of sensitive assets. DHS concurred with all six of our recommendations

The narrative and accompanying responses submitted to the Office of Management and Budget (OMB) through the CyberScope portal provide our independent assessment of the quality of NARA’s information security practices.

Audit Report

We identified vulnerabilities with FAMS contributions to aviation security. Details related to FAMS operations and flight coverage presented in the report are classified or designated as Sensitive Security Information. We made five recommendations that will enhance FAMS’ overall effectiveness. We also identified a part of FAMS operations where, if discontinued, funds could be put to better use. TSA concurred with three of the recommendations and did not concur with two recommendations

Congress has expressed concerns about the safety and well-being of children in foster care. These issues were highlighted in a series of media reports that provided several examples of children who died while in foster care. Accompanying the deaths were allegations of negligence as a contributing factor and evidence of sexual and physical abuse, sometimes after clear warning signs.