Federal Reports

About This Report
Each year, as required by law, we report on the U.S. Department of Transportation’s (DOT) top management challenges to help the Department meet its strategic priorities across its wide-ranging transportation program areas. We considered several criteria to identify the Department’s top management challenges for fiscal year 2025, including safety impact, documented vulnerabilities, large dollar implications, and the Department’s ability to effect change. In all these challenge areas, it is prudent that DOT focus on oversight that ensures compliance with Federal requirements and prevents fraud, waste, and abuse. Accordingly, in each chapter we’ve included a summary of our investigative work or other recent events to highlight the impact these instances can have on the Department’s ability to achieve its strategic goals.

What We Found
We identified the following top management challenges for fiscal year 2025:

Aviation safety. Strengthen the Federal Aviation Administration’s (FAA) ability to identify and resolve Boeing Production Issues; and improve data analysis and implement initiatives to identify root causes, prevent aviation close calls, and sustain the aviation safety track record.

Surface Transportation Safety. Partner with recipients and the private sector to improve the safety of drivers, passengers, and workers; and enhance verification and enforcement of safety compliance.

Aviation Governance and Modernization. Refine air traffic controller staffing, placement, and training practices to meet facility needs and maintain safety in an evolving operational environment; keep the deployment of NextGen systems and capabilities on track while FAA terminates the Office of NextGen; and improve processes for collecting and analyzing flight delay and cancellation data and consumer complaint data to oversee airlines and protect consumers.

Surface Transportation Infrastructure. Evaluate the progress of surface transportation programs; continue to strengthen oversight of Federal transportation investments; and provide support in a dynamic surface transportation sector.

Grant and Contract Fund Stewardship. Make sound, transparent grant and contract award decisions; and confirm grant and contract funds are used as intended.

Financial Management. Improve stewardship of agency-owned or federally funded property; improve compliance with Federal requirements for monitoring and reporting on grantee spending; and improve compliance with Federal requirements for managing and expending Federal funds.

Information Security. Address longstanding weaknesses to protect DOT’s critical information systems; and execute key cybersecurity initiatives to strengthen DOT’s effectiveness addressing transportation-sector cybersecurity matters.

Transportation Transformation. Integrate new technologies into the National Airspace System; and facilitate innovation by supporting stakeholders in their safe adoption of new technologies.

Organizational Excellence. Hire, train, and retain the workforce necessary to meet Department goals; manage workforce and property assets and facilities in an evolving environment; and address longstanding organizational issues.

The Inspector General’s Statement on the SEC’s Management and Performance Challenges, October 2024

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

October 2024 Semi-Annual Report

The Office of Inspector General is tasked with ensuring efficiency, accountability, and integrity in the U.S. Postal Service. We also have the distinct mission of helping to maintain confidence in the mail and postal system, as well as to improve the Postal Service's bottom line. We use audits and investigations to help protect the integrity of the Postal Service. Our Semiannual Report to Congress presents a snapshot of the work we did to fulfill our mission for the six-month period ending September 30, 2024. Our dynamic report format provides readers with easy access to facts and information, as well as succinct summaries of the work by area. Links are provided to the full reports featured in this report, as well as to the appendices.

I am pleased to present the Defense Intelligence Agency (DIA) Office of the Inspector General (OIG) Semiannual Report (SAR) to Congress covering the period from April 1, 2024 to September 30, 2024.

The U.S. Postal Service uses expense purchase cards, which allow Facility and Architect Engineers, also known as project managers (PM), to make local purchases for operational needs. During fiscal years 2021 to 2023, the Postal Service paid approximately $257.6 million in expense purchase card payments to vendors. To support the investment associated with the Postal Service’s facilities modernization efforts, the Postal Service increased the purchase card spending threshold from $10,000 to $25,000 in April 2024. Maintaining effective controls is critical to ensuring expense purchase card transactions are valid and authorized.

OIG reviewed USDA’s compliance with a specific provision of the Whistleblower Protection Enhancement Act of 2012.

Semiannual Report to the Congress April 1, 2024 - September 30, 2024

The OIG evaluated the U.S. Department of Housing and Urban Development (HUD) Office of Housing’s (Housing) progress in applying zero trust security principles to protect personally identifiable information (PII) within the Federal Housing Administration (FHA) Catalyst system.

HUD was in the beginning stages of implementing zero trust requirements for the data and identity pillars. HUD Office of Housing systems, including FHA Catalyst, are largely dependent on enterprise initiatives and technical solutions to effectively implement many zero trust controls. Housing conducted data inventories but was unable to automate the process and had not yet included FHA Catalyst in its inventories.  HUD lacked enterprise data management processes, standards and technical solutions, which impacted Housing’s ability to manage data. Housing had not applied dynamic access controls within FHA Catalyst to limit access based on user actions and resource needs, and the system did not support continuous reauthentication of users based on their sessions.  FHA Catalyst further lacked the capability for automated user activity logging, which is necessary to detect anomalies and help identify potential attacks.  We issued 3 recommendations to improve Housing’s management of PII in a zero trust environment.

Open configuration options

Open configuration options

Recommendations

Housing

•   2023-OE-0007a-01

   

  Housing should include zero trust requirements as part of the Housing Strategic Roadmap for Housing Modernization.

   

•   2023-OE-0007a-02

   

  Housing should refine access controls within the FHA Catalyst modules that are dynamic, are tailored to user actions, and require continuous reauthentication to ensure that users have access only to information needed.

   

•   2023-OE-0007a-03

   

  Housing should coordinate with HUD’s SOC to a. Ensure that FHA Catalyst user behavior monitoring logs are regularly captured and adequately reviewed for discrepancies in user activities. b. Establish program office responsibility for the log review process.  

The Office of the Inspector General (OIG) found that the Defense Nuclear Facilities Safety Board’s (DNFSB’s) nondisclosure agreements (NDAs) complied with 5 United States Code Section 2302(b)(13) by including anti-gag clauses in the NDAs that were issued between April 2019 and April 2024.However, the OIG also reviewed the DNFSB’s internal control environment over the broader period of 2012 through 2024 and identified three internal control findings. The OIG found that between 2012 and 2019, the DNFSB issued incomplete, ineffective, and inconsistent NDAs; the issuance of NDAs was not systematic and lacked transparency; and, the DNFSB did not communicate whistleblower protections in a timely manner.The OIG makes four recommendations related to the DNFSB’s use and management of NDAs.

This is a summary of GPO OIG Report number 25-01 .The full report was provided to GPO leadership and congressional committees of jurisdiction. However, the report contains sensitive information about GPO’s Security Program and potential vulnerabilities prohibiting public release.

This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board's Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report which is available at the link below.

The report summarizes the FTC OIG’s activities and accomplishments during the second half of the FY 2024 reporting period.

Today, the U.S. Consumer Product Safety Commission Office of Inspector General released their semiannual report for the reporting period ending September 30, 2024. The report is part of the semiannual requirement to communicate OIG oversight activities of the CPSC to Congress and the American people.

We performed this review to determine whether the Yukon-Koyukuk School District’s (Alaska) expended Elementary and Secondary School Emergency Relief (ESSER) grant funds for allowable purposes in accordance with applicable requirements. We determined that all of the ESSER expenditures we reviewed for the Yukon-Koyukuk School District (Yukon-Koyukuk) were allowable. However, we found that Yukon-Koyukuk did not comply with key competitive procurement process or documentation requirements when procuring the goods or services associated with three (38 percent) of eight non-personnel expenditures, totaling $24,386 (26 percent) of the $92,527 in non-personnel expenditures we reviewed. For these expenditures, Yukon-Koyukuk used a competitive process but did not maintain documentation supporting its awarding of contracts to the selected vendors. We made two recommendations to address the procurement issues we identified to ensure ESSER funds are used, documented, and managed in accordance with applicable requirements.

The U.S. Postal Service’s mission is to provide the nation with trusted, safe, and secure mail services. As the Postal Service provides mail service to almost 167 million addresses six days a week as part of its universal service obligation, mail can be subject to theft, including internal theft. Internal mail theft includes the theft, destruction, or delay of mail and packages by postal employees.

We found BIE did not maintain supporting documentation for its analysis required by House Report 116-448.

Our Objective(s)To determine whether (1) Charles E. Harris & Associates, Inc.’s (CEH) audit work complied with the Single Audit Act of 1984, as amended, the Office of Management and Budget's Uniform Guidance and the extent to which we could rely on the auditor's work on the U.S. Department of Transportation’s (DOT) major program, and (2) the Greater Dayton Regional Transit Authority’s (Authority) reporting package complied with the reporting requirements of the Uniform Guidance.About This ReportDuring the fiscal year that ended on December 31, 2022, the Authority expended approximately $39 million from DOT programs. CEH determined DOT’s major program was FTA’s Federal Transit Cluster. We performed a quality control review on the single audit conducted by CEH to ensure compliance with all Federal laws and regulations.What We FoundReview of Audit WorkCEH complied with the requirements of the Single Audit Act, the Office of Management and Budget's Uniform Guidance, and DOT’s major program.We found nothing to indicate that CEH's opinion on DOT's major program was inappropriate or unreliable.We identified deficiencies in CEH’s audit work that require correction in future audits.Review of Reporting PackageWe did not identify any deficiencies that required correction and resubmission.QCR RatingWe assigned CEH an overall rating of Pass with Deficiencies.

The SBIR and STTR Extension Act of 2022 reauthorized the Small Business Innovation Research (SBIR) and the Small Business Technology Transfer (STTR) programs. The Inspector General of a Federal agency that participates in the SBIR or STTR programs must submit an annual report to Congress describing its investigations involving those programs (15 U.S.C. Section 638b(c). Information in this report presents the OIG investigative information related to SBIR for FY 2024.

We summarized what we have determined to be the most significant management and performance challenges facing DOI for FY 2024.

The CFTC OIG contracted with the independent public accounting firm of Williams, Adley & Company, LLP (Williams Adley) to audit the financial statements of the CFTC Customer Protection Fund (CPF) as of and for the fiscal years ended September 30, 2023, and 2024, to provide a report on internal control over financial reporting, report on compliance with laws and other matters, and provide an opinion on whether CFTC’s CPF financial management systems complied substantially with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA).

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security (InfoSec) program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2024 annual assessment. HUD continued to take positive steps to improve its IT security posture. HUD improved its InfoSec program to maturity level 3, consistently implemented. However, at this level HUD’s InfoSec program is not considered effective. HUD’s InfoSec program scored a 3.08 for the core metrics and a 3.30 for the FY 2024 supplemental metrics, both of which were at maturity level 3, consistently implemented. HUD increased in maturity for 22 metrics and maintained the same maturity for the remaining 15 metrics. Notably, not only did HUD achieve maturity level 4, managed and measurable, for the first time and it did so in 14 metrics.

Our objective was to determine whether ASPR established adequate controls for maintaining
(1) physical security over Stockpile’s Site B and (2) its records of inventory.

Transmittal of the Final Report Assessing the Federal Trade Commission’s Compliance with the Federal Information Security Management Act for Fiscal Year 2024 (Redacted for public release)

The OIG identified areas where the NRC should refine its travel charge card procedures and enhance its prevention and detection measures. The OIG found travel charge card accounts that remained open after employee separations, as well as accounts with credit limits exceeding policy-defined limits or operational needs. The OIG also found that the NRC does not provide charge card refresher training. Further, certain premium class travel authorizations did not have the required supporting documentation or were not properly authorized or justified, resulting in $47,791 of questioned costs. Finally, the OIG identified travel card transactions unrelated to official travel, which have been referred to our Investigations Division for further review. The report contains nine recommendations intended to help the NRC prevent and detect travel charge card misuse and payment delinquencies.

Some states are collecting and storing their CWSRF and DWSRF subrecipient and contractor data in unstructured or nonmachine-readable formats. Data that are not collected or stored in a structured database or machine-readable format can be difficult to access and can significantly inhibit the ability to use data analytics for proactive oversight of the state revolving funds.

The AmeriCorps Office of Inspector General (AmeriCorps OIG) conducted an investigation that found evidence that the Axiom Education and Training Center (AETC) in Machias, ME, included false information in its AmeriCorps grant application to Serve Maine, and that AETC mismanaged its AmeriCorps Digital Inclusion Initiative program.

The Defense Nuclear Facilities Safety Board (DNFSB) is an independent oversight organization within the Executive Branch created by Congress in 1988. The DNFSB is considered a critical oversight agency. The DNFSB’s mission involves providing independent analysis, advice, and recommendations to the Secretary of Energy, thereby helping the Secretary ensure adequate protection of public health and safety at defense nuclear facilities within the U.S. Department of Energy (DOE).The Reports Consolidation Act of 2000 (Public Law 106-531) requires the Office of the Inspector General (OIG) to annually update its assessment of the most serious management and performance challenges facing the DNFSB and the agency’s progress in addressing those challenges.

For our final report on our audit of the United States Patent and Trademark Office’s (USPTO’s) management of trademark pendency, our objective was to determine whether USPTO exercised effective oversight and management of trademark pendency. Specifically, we assessed USPTO’s development, monitoring, and reporting of trademark pendency measures, as well as the effectiveness of selected pendency reduction efforts. We found that despite some progress in reducing pendency from its highest levels, USPTO still needs to improve oversight of trademark application pendency. Specifically, we found that I. USPTO missed its pendency targets for multiple years and provided insufficient information in its reporting of pendency goals and results and II. USPTO’s projections of future pendency reduction may not be achievable.

The Reports Consolidation Act of 2000 (Public Law 106-531) requires the OIG to annually summarize what it considers to be the most serious management and performance challenges facing the U.S. Nuclear Regulatory Commission. The Act also requires the OIG to briefly assess the agency’s progress in addressing those challenges.

The VA Office of Inspector General (OIG) conducted a healthcare inspection to review allegations regarding the heart transplant program and the performance and behavior of the cardiothoracic section chief (section chief). The OIG also reviewed the temporary inactivation of the heart transplant program and factors associated with reactivation, and Veterans Integrated Service Network (VISN) and facility leaders’ responses to staff concerns about the heart transplant program.

The OIG did not substantiate that the section chief’s surgical patient outcomes, including morbidity and mortality rates, and the facility’s readmission rates statistically varied from national averages to warrant further assessment by the National Surgery Office.

The OIG was unable to determine whether the section chief had “incredibly long” cardiopulmonary bypass times and was not able to draw a conclusion regarding current versus historical cardiopulmonary bypass times for the section chief. The OIG noted facility staff performed a low volume of transplants, which may contribute to variations in outcomes.

The OIG substantiated the section chief repeatedly exhibited unprofessional conduct toward staff, and determined facility and surgical leaders failed to create a culture of safety to ensure staff felt comfortable reporting concerns.

The OIG found VISN leaders failed to ensure a timely quality of care review of cardiothoracic cases; however, the VISN Chief Medical Officer identified further concerns in the heart transplant program that were addressed promptly.

The OIG made two recommendations to the Under Secretary for Health related to a comprehensive review of the transplant program and oversight of quality measures; one recommendation to the VISN Director regarding completion of facility leaders’ requests for clinical care reviews; and three recommendations to the Facility Director including a clinical care review, a review of the section chief’s conduct, and a review of staff’s concerns and development of a culture of safety.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

Our Objective(s)To assess the controls BTS has in place to ensure the completeness and accuracy of data for on-time performance and reported causes of delays and cancellations.Why This AuditFlight disruptions, including both flight delays and cancellations, are a part of many passengers’ experiences. Air carriers are required to submit to BTS on-time performance data—such as departure and arrival times, elapsed flight times, and minutes of delay—as well as the reported causes of any delayed or canceled flights. Accurate reporting of these data is important for the Department of Transportation (DOT) to understand the causes of delays and cancellations and take actions to protect consumers.What We FoundBTS relies on informal procedures to verify the accuracy of on-time performance data and lacks procedures to verify the data’s completeness.BTS has established informal quality control procedures to identify inaccuracies in on-time performance data submitted by reporting carriers. For example, BTS developed an automated process that performs 117automated checks of the data to identify any errors or inconsistencies.However, BTS has not yet formally adopted these procedures nor established a plan to ensure their continued execution.Although BTS requires reporting carriers to certify that the on-time performance information they submit is correct and complete, the Agency does not have a method for verifying that carriers are reporting data for all flights, raising concerns about the data’s reliability.BTS lacks effective guidance and procedures for verifying reported causes data.BTS’ technical directives, which provide guidance to carriers on reporting the causes of flight delays and cancellations, lack clarity, leading air carriers to interpret the guidance and report their data inconsistently.BTS lacks procedures to identify and address inconsistencies in reported causes data. Instead, the Agency relies on methods the air carriers are using to ensure their submitted data is accurate.We found a high rate of disagreement between data from FAA on reported causes versus the data that carriers report to BTS. BTS has not taken steps to understand and address the causes of these discrepancies.RecommendationsWe made 7 recommendations to improve the completeness and consistency of on-time performance and reported causes data.

The purpose of this memorandum is to alert the U.S. Department of Housing and Urban Development (HUD) to an issue that the Office of the Inspector General (OIG), has identified that affects the timeliness with which public housing agencies (PHA) with units that have lead-based paint are performing required lead-based paint visual assessments.

HUD OIG audited, among other issues, whether three of the nation’s largest PHAs conducted timely lead-based paint visual assessments as required by the Lead Safe Housing Rule (LSHR).  In each of these audits, we discovered that the PHAs did not always meet the requirement to conduct lead-based paint visual assessments within 12 months as required by the LSHR.  A common issue HUD OIG found was that the PHAs incorrectly interpreted the LSHR timing requirement that lead-based paint visual assessments must occur every 12 months to be consistent with HUD’s timing requirement that physical unit inspections occur annually.  PHAs either combined the visual assessments with the annual physical condition inspections required by 42 U.S.C. (United States Code) 1437d(f), or improperly relied on the “annual” requirement instead of the LSHR 12-month requirement for the timing of lead-based paint visual assessments.

We recommend that HUD Issue guidance to PHAs clarifying the timing of unit inspections and lead-based paint visual assessments to address the misinterpretation caused by the terms “annual” and “every 12 months.”

Open configuration options

Open configuration options

Recommendations

Public and Indian Housing

•   2025-CH-0801-001-A

   

  Issue guidance to PHAs clarifying the timing of unit inspections and lead-based paint visual assessments to address the misinterpretation caused by the terms “annual” and “every 12 months.”