Federal Reports

Seek link below for the full report, report summary, multimedia or any agency follow-up.

Challenge 1: Addressing evolving role in the Environmentally Threatened Communities (ETC) Initiative. Challenge 2: Engaging Commissioners in light of conflict-of-interest concerns and funding realities. Challenge 3: Identifying a strategic vision and plan in a period of uncertainty.

Seek link below for the full report, report summary, multimedia or any agency follow-up.

More work is needed by CSB to achieve an overall managed and measurable information security program that can effectively manage cybersecurity risks.

We contracted CliftonLarsonAllen LLP to audit NARA’s financial statements as of September 30, 2016 and 2015, and for the years then ended.

This narrative and the responses submitted to the Office of Management and Budget (OMB) through the CyberScope portal provide our independent assessment of the quality of NARA’s information security practices.

The Board of Governors provides the Postal Service with strategic direction, similar to a corporate board of directors. As of October 2016, only one of the nine governor positions was filled. In December 2016, there will be no remaining governors, unless more are confirmed. This unprecedented situation could have broad ramifications for the Postal Service.

Portions of this OIG letter have been redacted pursuant to Exemptions 1 and 5 of the Freedom of Information Act, 5 U.S.C. § 552(b)(1), (5).

Our FY 2016 FISMA review concluded that the Department’s and FSA’s overall information security programs were generally not effective. We found that although the Department and FSA made some progress in strengthening their information security since FY 2015, weaknesses remained, leaving their systems vulnerable to security threats. The report included 11 findings, 5 of which were repeat findings.

The National Credit Union Administration Office of Inspector General engaged CliftonLarsonAllen LLP (CLA) to independently evaluate NCUA’s information systems and information security program and controls for compliance with the Federal Information Security Modernization Act of 2014 (FISMA 2014). This transmits the results of CLA's FY 2016 evaluation of NCUA’s information security and privacy management programs.

CyberScope

We contracted with CliftonLarsonAllen LLP, an independent public accounting firm, to perform an evaluation of PBGC’s information security program as required by the Federal Information Security Modernization Act (FISMA). In Fiscal Year 2016, PBGC made progress improving its information security program by publishing its Information Security Risk Management Framework Process and requiring the use of PIV for authentication; however, improvements are still needed. More specifically, PBGC needed to permanently fill its risk executive position and ensure current NIST controls are fully and consistently implemented including controls over access control. The Corporation also needed to fully implement its information system continuous monitoring program. The OIG’s Report on Internal Controls Related to the Pension Benefit Guaranty Corporation’s Fiscal Year 2016 and 2015 Financial Statements Audit (AUD 2017-3/FA-16-110-2) presents additional details on the Corporation’s progress in mitigating IT control weaknesses identified in: (1) PBGC’s entity-wide security program and (2) access controls and configuration management.

EAC OIG, through the independent public accounting firm of Brown & Company CPAs and Management Consultants, PLLC, audited EAC's financial statements for the fiscal years ended September 30, 2016, and September 30, 2015.

EAC OIG, through the independent public accounting firm of CliftonLarsonAllen LLP, audited EAC's compliance with the Federal Information Security Modernization Act of 2014 for fiscal year 2016.

This report contains Sensitive But Unclassified information. To obtain further information, please contact the OIG Office of Counsel at OIGCounsel@oig.treas.gov, (202) 927-0650, or by mail at Office of Treasury Inspector General, 1500 Pennsylvania Avenue, Washington DC 20220.

Compliance with Laws and Regulations

Financial Statement

Internal Control

At the request of the Tennessee Valley Authority (TVA) Supply Chain, the OIG examined a cost proposal submitted by a company for construction services for TVA bottom ash dewatering facilities. Our objective was to determine if the company's cost proposal was fairly stated for a planned $100 million contract. In our opinion, the cost proposal was overstated. Specifically, the company's proposal included: (1) overstated fees, (2) excessive subcontractor craft labor costs, and (3) contingency costs that could inflate the final costs paid for the services. We estimated TVA could avoid about $10.81 million on the planned $100 million contract by: (1) negotiating reductions to the proposed fee rate and only applying fee to costs specified in TVA's request for proposal (RFP), (2) limiting subcontractor craft labor billing rates to the rates for the company's craft labor employees as required by the RFP, and (3) eliminating contingency costs from cost-based target cost estimate projects. Additionally, we found the company's cost proposal included incorrect craft labor rates.(Summary Only)

This report should not be distributed without the accompanying financial statements on which it is based. To request a copy of the financial statements and report, please contact:Nov. 7, 2017 — Robert J. Moss, Jr. Chief, Trust Fund and Revenue Cycle Management Defense Health Agency robert.j.moss.civ@mail.mil

This report should not be distributed without the accompanying financial statements on which it is based. To request a copy of the financial statements and report, please contact:Graham D. Ininns Chief, Contract Resource Management Defense Health Agency graham.d.ininns.civ@mail.mil

The audit found that the Illinois State Board of Education (the Illinois SEA) did not provide effective oversight to ensure that LEAs took timely and appropriate action to correct single audit findings. This occurred because the Illinois SEA lacked an audit resolution process that effectively resolved findings, did not comply with Federal requirements, and lacked coordination among divisions and between the SEA and the LEAs. No one division within the Illinois SEA was overseeing this function and the SEA did not develop appropriate controls to identify weaknesses or areas of noncompliance.

Seek link below for the full report, report summary, multimedia or any agency follow-up.

NARA OIG performed this audit to determine if NARA has developed a comprehensive information system inventory to track and monitor all information systems operated ormaintained throughout the agency. We also evaluated NARA’s information systems to determine if they were adequately classified and categorized.

NARA OIG audited the NARA's compliance with Circular A-123, FMFIA, and internal guidance related to internal controls. We also evaluated the system of internal controls for NARA program offices, the accuracy of NARA’s Fiscal Year (FY) 2015 FMFIA Assurance Statement, and supporting individual office assurance statements.

This summary report provides an overview of the results of our audit of the information security controls at New York's health insurance exchange, New York State of Health (New York marketplace). It does not include specific details of the vulnerabilities that we identified because of the sensitive nature of the information. We have provided more detailed information and recommendations to the New York marketplace so that it can address the issues we identified. The findings listed in this summary report reflect a point in time regarding system security and may have changed since we reviewed these systems.

The OIG performed procedures which were requested and agreed to by TVA management solely to assist management in determining the validity of the Winning Performance (WP) payout awards for fiscal year (FY) ended September 30, 2016. The WP payout award data that was provided to the OIG and to which the agreed-upon procedures were applied is the responsibility of TVA management. In summary, procedures applied by the OIG found: •The FY 2016 WP goals for the enterprise-wide and strategic business unit measures were properly approved.•One scorecard adjustment change form for FY2016 was approved on July 26, 2016. The change form affected one measure that was on five scorecards.•The FY2016 goals (i.e., target) for the corporate multiplier measures were properly approved.•The actual year-to-date results for the strategic business unit scorecard measures agreed with the respective supporting documentation.•The actual year-to-date results for the enterprise-wide scorecard measures agreed with the underlying support.•The actual year-to-date results for the corporate multiplier measures agreed with the underlying support.•The FY2016 WP payout percentages provided by the Benchmarking and Performance Analysis organization on October 31, 2016, were mathematically accurate and agreed with the OIG's recalculations.

Management Letter issued as part of the FY 2016 Financial Statement Audit.

Audit of FY16 NLRB financial statements.

This report contains information about recommendations from the OIG’s audits, evaluations, and reviews that the OIG had not closed as of the specified date because it had not determined that the Department of Justice had fully implemented them. The information omits recommendations that the Department of Justice determined to be classified or sensitive, and therefore unsuitable for public release. The status of each recommendation was accurate as of the specified date and is subject to change. Specifically, a recommendation identified as not closed as of the specified date may subsequently have been closed.

This is a publication by GAO's Inspector General that concerns internal GAO operations. Our audit objective was to assess GAO’s compliance with its policies and procedures regarding media sanitization, and to determine whether laptops and BlackBerrys ready for disposal were appropriately sanitized.

The Digital Accountability and Transparency Act of 2014 (the DATA Act, P.L. No. 113-101) requires that Federal agencies report financial and payment data in accordance with data standards established by the Department of Treasury (Treasury) and the Office of Management and Budget (OMB). The DATA Act also requires the Office of Inspector General (OIG) for each reporting Federal agency to submit a series of oversight reports to include, among other things, an assessment of the completeness, timeliness, quality, and accuracy of data submitted. As the agencies will not submit data in compliance with the DATA Act until May 2017, HHS OIG completed an audit readiness report progress in November 2016. Given the difficulty of defining and developing common data elements across multiple reporting areas and the volume of diverse programs administered by HHS, we determined that HHS will face challenges implementing these uniform data standards within the required time frame.