Federal Reports

Package Manager is part of the Centralized Benefits Communication Management Program introduced in 2018 to modernize VBA mailing. The application bundles documents from veterans’ electronic claims folders and standard enclosures into virtual packages for printing and mailing. Employees then must click a “send” button to move the package to a centralized print vendor. If a send button is not clicked, the package for that recipient remains unsent.

The review team found that, due to a lack of oversight, about 2.1 million packages created from January 2018 through October 2022 were still unsent as of November 10, 2022. After reviewing statistical samples of unsent packages, the OIG team estimated about 801,000 of the 2.1 million packages lacked evidence of the letters being sent to one or more of the intended recipients.

VBA leaders did not establish controls for unsent packages because they did not anticipate that employees would create packages but not send them. Furthermore, quality reviews by VBA had not identified a trend of employees failing to send packages.

While some unsent packages did not affect veterans’ benefits, others might have, such as those requesting evidence for claims that were ultimately denied. In these cases, VBA did not fulfill its requirement to help veterans obtain evidence. The OIG team could not determine what would have happened had these letters been sent. Still other packages included required letters notifying veterans of decisions on their claims. These notices are critical so that veterans understand the decisions’ effects on their benefits and options for seeking further review.

The OIG recommended that the under secretary for benefits implement plans to provide oversight for unsent packages and to address packages the team identified in this review as unsent.

The VA Office of Inspector General (OIG) conducted a national review to evaluate Veterans Health Administration’s (VHA’s) implementation of the PACT Act of 2022, which mandated veteran toxic exposure screenings, and required clinical staff training.

Section 603 of the PACT Act mandated that, within 90 days of the date of enactment, VHA implement a health screen to identify potential toxic exposures during military service. The Act requires VHA to screen veterans and address issues specific to toxic exposures during military service.

VHA developed a method of screening, and as of November 30, 2023, screened over four million of the nine million enrolled veterans. VHA also complied with requirements to train clinical staff to “identify, treat, and assess the impact on veterans of illnesses related to toxic exposures.”

VHA issued memorandums to Veterans Integrated Service Network (VISN) and facility directors requiring additional toxic exposure screening training for clinical staff. However, 21.4 percent of clinical staff completed training prior to performing a screening during the period November 8, 2022, through January 9, 2023. Although training compliance increased after VHA issued additional guidance in January 2023, many veterans were likely screened by clinical staff who had not completed training.

The OIG did not assess the impact of screening on primary care workload, but VHA leaders acknowledged toxic exposure screening adds to workload and had not evaluated nor considered mitigating efforts for the additional workload burden.

The OIG made two recommendations to the Under Secretary for Health related to assessing training noncompliance and evaluating the impact of toxic exposure screening on primary care.

This report presents the results of our audits of the United States Department of Agriculture’s (USDA) consolidated financial statements for the fiscal years ending September 30, 2024, and 2023.

Results of FEC's FY 24 Financial Statement Audit

At the request of the Tennessee Valley Authority’s (TVA) Supply Chain, we examined the cost proposal submitted by a contractor for engineering services in connection with the validation phase of TVA’s Small Modular Reactor and Clinch River Nuclear project. Our examination objective was to determine if the cost proposal was fairly stated for a planned $25 million contract.

In our opinion, the cost proposal was overstated. Specifically, the proposed labor markup and other direct cost rates were overstated compared to recent actual costs. Additionally, (1) the proposed maximum wage ranges were not reflective of contractor’s actual wage ranges and (2) to the draft contract should be revised to clarify language regarding fee and long-term travel. We suggest TVA management (1) negotiate reduced labor markup and other direct cost rates to more accurately reflect the contractor’s recent actual costs, (2) negotiate revisions to the proposed wage ranges to more accurately reflect contractor’s actual wage ranges, and (3) revise the draft contract to clarify TVA’s intent regarding fee and long-term travel.

EAC OIG, through the independent public accounting firm of Allmond & Company, LLC, audited EAC’s financial statements for the fiscal year ended September 30, 2024.

EAC OIG, through the independent public accounting firm of Allmond & Company, LLC, audited EAC's financial statements for fiscal year 2024. The purpose of this letter is to convey information concerning control weaknesses that did not rise to the level of a significant deficiency or material weakness.

Andre Wilburn, a resident of New York, was sentenced in U.S. District Court, Eastern District of New York, on November 14, 2024, to two years of imprisonment, five years of probation, and was ordered to pay restitution in the amount of $468,037 for his participation in an Amtrak ticket fraud scheme. Wilburn and his co-conspirators used stolen credit card information to make unauthorized purchases of Amtrak tickets and then canceled or exchanged those tickets for eVouchers. Subsequently, they sold the fraudulently obtained eVouchers on the internet. Wilburn pleaded guilty on October 24, 2019, to access device fraud and aggravated identity theft for his involvement in the eVoucher scheme.

In addition, Wilburn was sentenced to 30 years of imprisonment and five years of probation on November 14, 2024, for charges of Coercion and Enticement of a minor. Amtrak OIG agents discovered child pornography on Wilburn’s computer during the investigation, including images that showed Wilburn conducting sexual acts on a child. Wilburn pleaded guilty to one count of the charge on August 15, 2022.

This report is redacted.

This report is redacted.

The report identifies the major management challenges to programs and management functions within the Federal Election Commission.

We contracted with the independent public accounting firm of Sikich CPA LLC to audit the financial statements of FHA as of and for the fiscal years ending September 30, 2024 and 2023, and to provide reports on FHA’s (1) internal control over financial reporting and (2) compliance with laws, regulations, contracts, and grant agreements and other matters.  Our contract with Sikich required that the audit be performed in accordance with U.S. generally accepted government auditing standards, Office of Management and Budget audit requirements, and the Financial Audit Manual of the U.S. Government Accountability Office and the Council of the Inspectors General on Integrity and Efficiency.

In its audit of FHA, Sikich reported

That FHA’s financial statements as of and for the fiscal year ending September 30, 2024, were presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles.

No material weaknesses or significant deficiencies for fiscal year 2024 in internal control over financial reporting, based on limited procedures performed.

No reportable noncompliance for fiscal year 2024 with provisions of applicable laws, regulations, contracts, and grant agreements or other matters.

In connection with the contract, we reviewed Sikich’s reports and related documentation and questioned its representatives.  Our review, as differentiated from an audit of the financial statements in accordance with U.S. generally accepted government auditing standards, was not intended to enable us to express and we do not express opinions on FHA’s financial statements or conclusions about (1) the effectiveness of FHA’s internal control over financial reporting and (2) FHA’s compliance with laws, regulations, contracts, and grant agreements or other matters.  Sikich is responsible for the attached Independent Auditors’ Report, dated November 13, 2024, and the conclusions expressed therein.  Our review disclosed no instances in which Sikich did not comply, in all material respects, with U.S. generally accepted government auditing standards.

FHA’s financial statements are included in FHA’s Annual Management Report, which can be found at FHAFY2024ANNUALMGMNTRPT.PDF.

We contracted with the independent public accounting firm Sikich CPA LLC to audit the financial statements of Ginnie Mae as of and for the years ending September 30, 2024 and 2023, and to provide reports on Ginnie Mae’s (1) internal control over financial reporting and (2) compliance with laws, regulations, contracts, and grant agreements and other matters.  Our contract with Sikich required that the audit be performed in accordance with U.S. generally accepted auditing standards, Office of Management and Budget audit requirements, and the Financial Audit Manual of the U.S. Government Accountability Office and the Council of the Inspectors General on Integrity and Efficiency.

In its audit of Ginnie Mae, Sikich reported

That Ginnie Mae’s financial statements as of and for the fiscal year ending September 30, 2024, were presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles.

No material weaknesses or significant deficiencies for fiscal year 2024 in internal control over financial reporting, based on limited procedures performed.

No reportable noncompliance for fiscal year 2024 with provisions of applicable laws, regulations, contracts, and grant agreements or other matters.

In connection with the contract, we reviewed Sikich’s reports and related documentation and questioned its representatives.  Our review, as differentiated from an audit of the financial statements in accordance with U.S. generally accepted government auditing standards, was not intended to enable us to express and we do not express opinions on Ginnie Mae’s financial statements or conclusions about (1) the effectiveness of Ginnie Mae’s internal control over financial reporting and (2) Ginnie Mae’s compliance with laws, regulations, contracts, and grant agreements or other matters.  Sikich is responsible for the attached Independent Auditors’ Report, dated November 13, 2024, and the conclusions expressed therein.  Our review disclosed no instances in which Sikich did not comply, in all material respects, with U.S. generally accepted government auditing standards.

When Ginnie Mae publishes its Annual Report, we will update this post to include this report and a link to Ginnie Mae's audited financial statements.

The report description is: Under a contract monitored by the National Credit Union Administration (NCUA) Office of the Inspector General (OIG), KPMG, an independent certified public accounting firm, performed an audit of the NCUA’s schedule of investments; accounts receivables, net (other than intragovernmental); and other taxes and receipts as of September 30, 2024. KPMG conducted the audit in accordance with auditing standards generally accepted in the United States of America, in accordance with the standards applicable to financial audits contained in Government Auditing Standards issued by the Comptroller General of the United States, and in accordance with OMB Bulletin No. 24-02, Audit Requirements for Federal Financial Statements. Those standards and OMB Bulletin No. 24-02, require that KPMG plan and perform the audit to obtain reasonable assurance about whether the schedule is free from material misstatement. KPMG prepared the audit report for the purpose of providing financial information to the U.S. Department of Treasury and the U.S. Government Accountability Office to use in preparing and auditing the Financial Report of the U.S. Government. The report includes: (1) an opinion on the schedule, (2) internal control over financial reporting specific to the schedule, and (3) compliance and other matters specific to the schedule. In its audit, KPMG found: • The schedule presents fairly, in all material respects, the investments; accounts receivables, net (other than intragovernmental); and other taxes and receipts of the NCUA as of and for the period ended September 30, 2024, in accordance with U.S. generally accepted accounting principles. • There were no internal control deficiencies identified for the schedule considered to be material weaknesses; and • There were no instances of noncompliance or other matters required to be reported under Government Auditing Standards or OMB Bulletin No. 24-02.

In this year’s report, we identified three key challenges for NASA—improving the management of major programs and projects, partnering with commercial industry, and enabling mission critical capabilities and support services.

The Office of the Inspector General contracted with the independent certified public accounting firm Ernst & Young LLP to audit (1) the Social Security Administration’s (SSA) financial statements as of September 30, 2024 and 2023 and the related notes to the financial statements; (2) the sustainability financial statements, including the statements of social insurance as of January 1, 2024 and 2023 and the related notes to the sustainability financial statements; and (3) the statements of changes in social insurance amounts for the periods January 1, 2023 to January 1, 2024 and January 1, 2022 to January 1, 2023. We also contracted with Ernst & Young to provide an opinion on internal control over financial reporting and report on compliance and other matters. The contract requires that the audit be conducted in accordance with auditing standards generally accepted in the United States; Government Auditing Standards issued by the Comptroller General of the United States; and Office of Management and Budget (OMB) Bulletin No. 24-02, Audit Requirements for Federal Financial Statements. Those Standards and Bulletin require that Ernst & Young plan and perform the audits to obtain reasonable assurance about whether the financial statements are free from material misstatement and whether effective internal control over financial reporting was maintained in all material respects.

This letter transmits Ernst & Young’s Report of Independent Auditors.

In accordance with the Reports Consolidation Act of 2000, the OIG reports annually on the most serious management and performance challenges the U.S. Department of Education (Department) faces. For FY 2025, we identified four management challenges the Department faces as it continues its efforts to promote student achievement and preparation for global competitiveness by fostering educational excellence and ensuring equal access. These challenges are (1) oversight and monitoring of student financial assistance programs, (2) oversight and monitoring of grantees, (3) data quality and reporting, and (4) information technology security. The report includes a summary of each challenge, a brief assessment of the Department’s progress in addressing each challenge, and shares information on further actions that, if properly implemented, could enhance the effectiveness of the Department’s programs and operations.

Over 5,300 lenders, including bank and non-bank lenders, participated in the Paycheck Protection Program (PPP), an $813.7 billion program that provided forgivable loans to eligible borrowers. The primary distinction between the two is that non-bank lenders are not federally regulated. Both were allowed to partner with third-party service providers to assist in the PPP loan process. We assessed the U.S. Small Business Administration’s (SBA) oversight of non-bank lenders, including financial technology (fintech), and third-party service providers in the PPP.

Opportunities exist for SBA to enhance its oversight of non-bank lenders, including fintechs, and service providers to promote program integrity and reduce financial loss. SBA had processes in place to approve non-bank lenders to become PPP lenders; however, it performed limited oversight of these lenders and was unaware of the extent of service providers’ participation in the PPP.

Executive and legislative actions led SBA to reduce or eliminate barriers for PPP borrowers, resulting in a significant increase in loans being made by non-bank lenders, including fintechs. Additionally, hold harmless provisions protected lenders from consequences if the lender complied with applicable legal requirements. Reduced controls and limited oversight increased the risk of fraud.

We found non-bank PPP lenders made $14.2 billion in suspected fraudulent loans at a rate more than five times higher than loans made by traditional bank lenders. Over $6.1 billion of the $14.2 billion in suspected fraudulent non-bank PPP loans, or nearly 43 percent, were made by lenders categorized as fintechs and other State Regulated Finance Companies.

Additionally, loans involving service providers had a suspected fraud rate more than three times higher than loans made without a service provider. Given SBA’s expanding loan portfolio and increasing reliance on non-bank lenders, including fintechs, in other loan programs and increasing lender reliance on fintech service providers, effective oversight is vital to ensuring program integrity and mitigating fraud risk and financial loss.

We made six recommendations for SBA to strengthen oversight of non-bank lenders and service providers. SBA management agreed with recommendations 1, 3, 4, 5, 6, and partially agreed with recommendation 2.

The VA Office of Inspector General’s information security inspection program assesses whether VA facilities are meeting federal security requirements related to four control areas the OIG determined to be at highest risk. For this inspection, the OIG selected the Health Eligibility Center (HEC) in Atlanta, Georgia. The OIG found deficiencies in three of the four areas inspected.
Configuration management controls, which identify and manage security features for all hardware and software components of an information system, were deficient in vulnerability remediation, system life-cycle management, and remediation of unauthorized software.
There were no deficiencies in contingency planning controls, which include physical and environmental controls.
In the area of security management, about 3.3 million veterans’ records containing sensitive personal information were not encrypted. VA security policy requires the encryption of sensitive information hosted on computer systems.
Access controls provide reasonable assurance that computer resources are restricted to authorized individuals. At the HEC, the OIG found deficiencies with access controls in the inventory of facility keys as well as in logging administrative actions, log retention, and log reviews.
The OIG made five recommendations aimed at correcting the identified deficiencies.

Our Objective(s)To perform a quality control review (QCR) of Allmond & Company LLC's audit of the Great Lakes St. Lawrence Seaway Development Corporation's (GLS) financial statements as of and for the fiscal years ended September 30, 2024, and September 30, 2023. We reviewed Allmond's report, dated November 6, 2024, and related documentation.
About This ReportWe contracted with the independent public accounting firm Allmond & Company, LLC to audit GLS's financial statements, provide an opinion on those financial statements, report on internal control over financial reporting, and report on compliance with laws and other matters.
What We FoundThe independent auditor, Allmond, found two significant deficiencies in GLS's internal controls over financial reporting.

Internal control relating to the valuation of operating materials and supplies was not properly designed and implemented in order to prevent or detect and correct errors in unit costs that were entered into the inventory tracking system.
Loss contingencies were not reported in accordance with generally accepted accounting principles.

Our QCR disclosed no instances in which Allmond did not comply, in all material respects, with U.S. generally accepted Government auditing standards.
RecommendationsWe agree with Allmond's six recommendations to help strengthen GLS's internal controls over financial reporting.

Our Objective(s) To perform a quality control review (QCR) of Allmond & Company, LLC's audit of the Surface Transportation Board's (STB) financial statements as of and for the fiscal years ended September 30, 2024, and September 30, 2023. We reviewed Allmond's report, dated November 6, 2024, and related documentation.
About This ReportWe contracted with the independent public accounting firm Allmond & Company, LLC, to audit STB's financial statements, provide an opinion on those financial statements, report on internal control over financial reporting, and report on compliance with laws and other matters.
What We FoundThe independent auditor, Allmond, found one material weakness and three significant deficiencies in STB's internal controls over financial reporting.

Internal controls over preparing, reviewing, and approving journal entries recorded in the general ledger need improvement.
Control activities performed to prepare and review the interim financial statements and footnotes were not adequately designed and implemented.
Employee benefit election forms were not maintained per Office of Personnel Management requirements. Internal controls over the monitoring and review of open obligations need improvement.

Our QCR disclosed no instances in which Allmond did not comply, in all material respects, with U.S. generally accepted Government auditing standards.
RecommendationsWe agree with Allmond's 17 recommendations to help strengthen STB's internal controls.

The passive assessment covered 1,062 drinking water systems for cybersecurity vulnerabilities that serve over 193 million people across the United States. Scan results for October 8, 2024, identified 97 drinking water systems serving approximately 26.6 million users as having either critical or high-risk cybersecurity vulnerabilities. Although not rising to a level of critical or high-risk cybersecurity vulnerabilities, an additional 211 drinking water systems, servicing over 82.7 million people, were identified as medium and low by having externally visible open portals. If malicious actors exploited the cybersecurity vulnerabilities identified in this passive assessment, they could disrupt service or cause irreparable physical damage to drinking water infrastructure. While attempting to notify the EPA about the cybersecurity vulnerabilities, the OIG found that the EPA does not have its own cybersecurity incident reporting system that water and wastewater systems could use to notify the EPA of cybersecurity incidents.

The U.S. Department of Agriculture Office of Inspector General’s Annual Plan for Fiscal Year 2025 describes how OIG plans to accomplish its mission of promoting economy, efficiency, effectiveness, and integrity in the delivery of USDA programs during the fiscal year.

The report contains an unmodified opinion on Natural Resources Conservation Service’s (NRCS) financial statements as of September 30, 2024 and 2023, as well as an assessment of NRCS’ internal controls over financial reporting and compliance with laws and regulations.

The NRC OIG contracted with Sikich to audit the FY 2024 financial statements of the United States Nuclear Regulatory Commission (NRC). Sikich found:
• The financial statements as of and for the fiscal year ended September 30, 2024, are presented fairly, in all material respects, in accordance with accounting principles generally accepted in the United States of America;
• The NRC maintained, in all material respects, effective internal control over financial reporting as of September 30, 2024; and,
• No reportable noncompliance for fiscal year 2024 with provisions of applicable laws, regulations, contracts, and grant agreements we tested.

The report contains an unmodified opinion on Federal Crop Insurance Corporation/Risk Management Agency's (FCIC/RMA) financial statements as of September 30, 2024, as well as an assessment of FCIC/RMA’s internal controls over financial reporting and compliance with laws and regulations.

We concluded that the officers’ pursuit was consistent with USPP policies and that, in all but one instance, the officers’ actions during the pursuit did not violate USPP policies.

Our Objective(s)To perform a quality control review (QCR) of Allmond & Company, LLC's audit of NTSB's financial statements as of and for the fiscal years ended September 30, 2024, and September 30, 2023. We reviewed Allmond's report, dated November 6, 2024, and related documentation.
About This ReportWe contracted with the independent public accounting firm Allmond & Company, LLC, to audit NTSB's financial statements, provide an opinion on those financial statements, report on internal control over financial reporting, and report on compliance with laws and other matters.
What We FoundThe independent auditor, Allmond, found no material weakness in internal control over financial reporting. Our QCR disclosed no instances in which Allmond did not comply, in all material respects, with U.S. generally accepted Government auditing standards.
Recommendations Allmond made no recommendations.

This report details KPMG’s audit of trust funds financial statements from the Bureau of Trust Funds Administration for fiscal years 2024 and 2023.

The CPSC has not complied with the ADA as well as several GSA PBS and OPM regulations for agency-operated fitness centers. The CPSC must ensure full compliance with the applicable statute and regulations moving forward to promote the health and safety of all employees.

On March 11, 2024, the Office of Inspector General (OIG) received a request from your office to review nondisclosure policies, forms, agreements, and related documents specific to the U.S Equal Employment Opportunity Commission (EEOC or Agency) to ensure the anti-gag provision is included as required by law.

In FY 2022, the Council of Inspectors General for Integrity and Efficiency (CIGIE) asked Offices of Inspector General (OIG) to identify three recommendations as their priority recommendations.

We audited WSFR grants awarded by FWS to the Arkansas Game and Fish Commission to ensure compliance and cost allowability.

The Office of the Inspector General (OIG) performed the procedures, which were requested and agreed to by Tennessee Valley Authority management solely to assist management in determining the validity of the Winning Performance (WP)/Executive Annual Incentive Plan (EAIP) Measures for fiscal year (FY) ending September 30, 2024. Tennessee Valley Authority management is responsible for the WP Measures data provided. In summary, procedures applied by the OIG found the:• FY 2024 WP goals for the enterprise measures were properly approved. • FY 2024 goals (target) for the corporate multiplier measures were properly approved. • Actual FY to-date results for the enterprise measures agreed with the underlying support, without exception.• Actual FY to-date results for the corporate multiplier measures agreed with the underlying support, without exception.• FY 2024 WP, EAIP, and Chief Executive Officer payout percentages provided by the Business Planning and Analysis organization on November 3, 2024, were mathematically accurate and agreed with the Office of the Inspector General’s recalculation.

The Office of the Inspector General performed an audit to determine if the Tennessee Valley Authority (TVA) has designed and implemented privacy requirements in accordance with the Consolidated Appropriations Act, 2005. Our scope was limited to TVA’s privacy program responsibilities as defined in the Consolidated Appropriations Act, 2005. We determined TVA had privacy policies in alignment with the Consolidated Appropriations Act, 2005. In addition, TVA had implemented requirements from the Consolidated Appropriations Act, 2005, such as sustaining privacy protection, assuring compliance with fair information practices, proposals, congressional reporting, protecting, PII, training, compliance with policies, and recording.However, we identified six issues that should be addressed by TVA management to further comply with the requirements of the Consolidated Appropriations Act, 2005, and TVA policy. Specifically, we found:1. Discrepancies between TVA privacy system inventory and the PIA inventory.2. PIAs did not follow TVA policy.3. The privacy continuous monitoring program was outdated.4. Hard copy RPII and a restricted area were not secured.5. The PIA template did not contain all required information.6. Privacy policies were not consistent with applicable legal guidance.TVA management agreed with our recommendations.

The NCUA OIG conducted this audit based on OIG’s 2023 Annual Work Plan to assess the NCUA’s revised process to charter new federal credit unions. The objectives of our audit were to determine whether: (1) the NCUA’s efforts to streamline its chartering process made it more efficient and effective for potential organizers interested in applying for a new federal credit union charter; and (2) the NCUA adequately communicated its revised chartering process to potential organizers. The scope of our audit covered the NCUA’s chartering activities from January 2019 through June 2024.

Maurice Driver, a former Amtrak lead service attendant based in Washington, D.C., was sentenced in U.S. District Court, District of Columbia, on November 6, 2024, for making false statements. He was sentenced to time served and a criminal fine of $200.
 

According to court documents, Driver was working as a Lead Service Attendant in the café car on an Amtrak train, which departed from Washington, D.C., in the afternoon of January 3, 2024, and ended in Chicago, Illinois, on the morning of January 4, 2024.
While working on that train, Driver met a passenger, spoke, and texted with the passenger, and allowed the passenger to use a vacant sleeper car on the train. On January 4, 2024, in Chicago, that passenger reported to Amtrak Police that Driver sexually assaulted her in a sleeper car on the train. Amtrak OIG then initiated an investigation of the sexual assault allegations. During an interview with an Amtrak OIG Special Agent, Driver made multiple false and misleading statements about his communications and contacts with the passenger, denying that he gave the passenger his personal phone number, texted with the passenger, and that he showed the passenger to a sleeper car. On August 8, 2024, Driver pleaded guilty to lying to a federal agent, and he was terminated from the company on October 31, 2024. He is not eligible for rehire.

In accordance with the Reports Consolidation Act of 2000, the Office of Inspector General OIG identified and reported the following as the Peace Corps’ most significant challenges based on the results and findings of its audit, evaluation, and investigation work, as well as the information uncovered from OIG’s oversight responsibilities:• Volunteer Delivery System;• Volunteer Healthcare and Safety;• Human Capital Management; and• Information Technology Security Management

The Office of Inspector General is issuing this evaluation report to determine whether the U.S. Small Business Administration (SBA) approved disaster loan applications with related Coronavirus Disease 2019 (COVID-19) Economic Injury Disaster Loans (EIDL) or Paycheck Protection Program (PPP) loans with fraud hold codes.In October 2022, SBA established an informal review process to match disaster assistance loan applications to pandemic loans that had fraud hold codes based on taxpayer identification numbers. In August 2023, the agency began transitioning to a new system that uses fraud detection software to review each loan application and includes a check for pandemic program loans with fraud hold codes.Even though SBA implemented controls to mitigate fraud risks in its disaster assistance loan program, the agency approved 188 loans totaling $8,127,613 that were flagged as potentially fraudulent. Agency officials took action to prevent one of these loans from being disbursed after we brought this to their attention.We recommended SBA review and verify the 187 loans that matched to a related COVID-19 EIDL or PPP loan with a fraud hold code for legitimacy and eligibility. The agency agreed with our recommendation and intends to review these loans. Management’s proposed corrective actions satisfy the recommendation.

To summarize and assess the most serious management and performance challenges facing the Social Security Administration.

The U.S. Postal Service’s Mobile Delivery Device – Technology Refresh (MDD‑TR) is a handheld mobile scanning device used by Postal Service employees to improve real-time delivery scanning capabilities. As a part of the Delivering for America plan, the Postal Service committed to modernizing the MDD‑TRs to improve employee efficiency, increase security of mail and package delivery, and ensure employee safety. Select MDD‑TRs also use electronic lock (eLock) technology as a part of a multi-factor authentication requirement to open mail collection boxes and cluster box units — adding another level of security to prevent mail from being stolen. Since 2023, the devices have received software updates improving carrier security and efficiency through address edits, global positioning system, and hazard maps. These improvements support the Postal Service’s commitment to creating a safe and secure work environment.