Federal Reports

This report presents the results of our audit of delivery operations and property conditions in the Alabama-Mississippi District in the Southern Area.

The design and execution of the 7th Drinking Water Infrastructure Needs Survey and Assessment did not result in allotments of lead service line, or LSL, funds that accurately reflected the LSL replacement needs in each state. The EPA used the responses to the survey's supplemental LSL questionnaire to project how many LSLs each state had, a number that it then used to determine how to allot the approximately $2.8 billion of LSL replacement funds provided by the Infrastructure Investment and Jobs Act, or IIJA, for fiscal year 2023. The LSL questionnaire, however, was originally designed to only estimate LSL replacement costs, not to allot billions of dollars of IIJA LSL funds. As such, it lacked the rigorous internal controls needed to ensure data quality and reliability, and the EPA did not implement the needed internal controls after the purpose of the LSL questionnaire expanded.

The overall objective is to review the Commission's ERM program to assess its maturity level, which will provide an overall understanding as to where the Commission’s current ERM program stands

We found issues with resolution of deficiencies, emergency management and security, data reliability, and staffing at Havasupai Elementary School.

This report presents the results of our verification inspection of the U.S. Small Business Administration’s (SBA) corrective actions for the two recommendations from the Office of Inspector General (OIG) audit report SBA’s 504 Loan Liquidation Process (Report 16-23). SBA’s 504 Certified Development Company (CDC) Loan Program provides small businesses with long-term, fixed-rate financing for the purchase of land, buildings, machinery, and other fixed assets. The loans are funded through a variety of sources, including private sector lenders, proceeds from selling SBA-guaranteed debentures, and borrower equity investments. A third-party lender must provide at least 50 percent of the project’s financing, while the CDC provides up to 40 percent through a 100 percent SBA-guaranteed debenture and the applicant provides at least 10 percent. SBA is responsible for liquidating the assets in the event of a default on the loan. Specifically, SBA’s Fresno and Little Rock Commercial Loan Service Centers (CLSC) are responsible for managing 504 loan liquidation operations. We initiated this verification inspection to determine the extent to which SBA (1) effectively managed and monitored the 504 loan liquidation portfolio and (2) maximized recovery when liquidating 504 loans. Accordingly, our objective was to determine the effectiveness of SBA’s actions for establishing a training plan and holding training courses on 504 loan liquidations for both CLSCs and continuing to review CLSC internal guidance, systems, and practices to ensure that 504 loans are liquidated consistently nationwide.We determined that SBA effectively implemented corrective actions for both recommendations.

The fiscal year (FY) 2025 management and performance challenges directly relate to the U.S. Consumer Product Safety Commission’s (CPSC) mission of “Protecting the public from hazardous consumer products” and address the CPSC’s Strategic Goal 4: Efficiently and effectively support the CPSC’s mission. The challenges currently facing the CPSC are similar to those reported in previous years. However, the agency seems to be bringing a new sense of urgency to dealing with many of these issues. Indeed, progress has been reported by the agency in a number of areas.

FBI Arrests Alabama Man in the January 2024 SEC X Hack that Spiked the Value of Bitcoin

Data Center Company CEO Indicted for Major Fraud and Making False Statements to the U.S. Securities and Exchange Commission

This Office of Inspector General (OIG) Healthcare Facility Inspection program report describes the results of a focused evaluation of the care provided at VA Northeast Ohio Healthcare System in Cleveland. This evaluation focused on five key content domains:• Culture• Environment of care• Patient safety• Primary care• Veteran-centered safety netThe OIG made no recommendations for improvement.

This report summarizes the following top management and performance challenges facing the Department of Commerce in FY 2025: (I) Modernizing Technology and Systems (Maximizing Cybersecurity and IT Security, Modernizing IT Systems and Operations, and Integrating AI and Other Emerging Technologies Safely); (II) Providing Core Services and Data (Ensuring Secure, Fair International Trade, Maintaining and Improving NOAA Operations and Services, Safeguarding Intellectual Property and Fostering Innovation, and Ensuring Quality Population Data); and (III) Managing Spending (Strengthening Oversight in Response to Dramatic Growth, Strengthening Oversight of the Hollings MEP Program, Managing Major Broadband Grant Programs, Managing and Overseeing CHIPS Funding, Overseeing the NPSBN Program, and Overseeing NIST Facility Improvement Project Contracts)

The Government Charge Card Abuse Prevention Act requires Inspectors General to conduct periodic assessments of agency purchase and travel card programs to analyze the risk of illegal, improper, or erroneous transactions. For fiscal year 2024, we concluded the risk for these transactions was low, and therefore, we do not currently plan to conduct an audit of the Agency’s charge card programs.

In fiscal year 2023, the CSB complied with improper payment requirements pursuant to the PIIA. The CSB's combined outlays for all programs totaled $8.988 million. CSB management decided to perform an improper payment risk assessment for fiscal year 2023 even though it was not required to do so, as none of its programs or activities exceeded the $10 million threshold. The risk assessment revealed no unknown payments and a gross improper payment totaling $23,651, or 0.26 percent of total outlays, in the following expense categories: payroll, lodging taxes, sales taxes, and purchases. In addition, we confirmed that the CSB completed OMB requirements to publish any applicable payment integrity information in its annual financial statement and post the annual financial statement on its website.

As required by the Reports Consolidation Act of 2000, Public Law 106-531, we prepared an assessment summarizing what we consider to be the most significant management and performance challenges facing GSA in Fiscal Year 2025.

This report represents our current assessment of the U.S. Small Business Administration's programs and activities that pose significant risks, including those that are particularly vulnerable to fraud, waste, error, mismanagement, or inefficiencies. The Challenges are not presented in order of priority, as we believe that all are critical management or performance issues.

Management and performance challenges facing the Commission and briefly assesses management's progress

The Federal Information Security Modernization Act of 2014 (FISMA) provides a comprehensive framework for establishing and ensuring the effectiveness of managerial, operational, and technical controls over information technology (IT) that supports Federal operations and assets and provides a mechanism for improved oversight of Federal agency information security programs. FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce IT security risks to an acceptable level. FISMA requires agency program officials, Chief Information Officers (CIO)s, Chief Information Security Officers (CISO)s, senior agency officials for privacy, and inspectors general to conduct annual reviews of the agency’s information security program.

An Amtrak customer service representative based in Oakland, California, resigned from her position on October 10, 2024, prior to her administrative hearing. Our investigation found that the former employee violated company policies by allowing individuals who were not entitled to pass travel privileges to travel on her pass. During her interview, the former employee admitted to her actions.

Semiannual Report to the Congress, April 1, 2024 through September 30, 2024

William Leonard and Kevin Leonard, both California residents, pleaded guilty on May 15, 2024, in U.S. District Court, Southern District of California, to conspiracy and health care fraud charges. William and Kevin Leonard were patient brokers who unlawfully brokered patients to clinical treatment facilities owned and operated by Paragon Recovery LLC. In exchange, William and Kevin Leonard received kickbacks payments. The scheme resulted in the fraudulent billing of insurance companies for services that were not performed.Previously, Stephen Reeder, an Ohio resident, pleaded guilty on January 22, 2024, to Conspiracy related to a health care fraud scheme. Reeder was the program director at Paragon Recovery, which operated a clinical treatment facility in California. Our investigation found that Reeder and others conspired to solicit, offer, and receive illegal remunerations for referrals to clinical treatment facilities. Specifically, at the direction of the owners of Paragon Recovery, Reeder caused payment to be made to William and Kevin Leonard for patients they referred to the facility. Amtrak’s insurance providers were billed approximately $1,152,000 over the course of the scheme.

Mastermind of Multimillion-Dollar Penny-Stock Scam Indicted for Fraud and Obstruction

Our Objective(s)To evaluate FAA’s oversight of Boeing 737 and 787 production, specifically its processes for (1) identifying and resolving production issues and (2) addressing allegations of undue pressure within the production environment.Why This AuditAviation safety is FAA’s primary mission, and FAA’s oversight of passenger aircraft in the United States includes ensuring that aircraft manufacturers meet requirements when producing new aircraft. However, since 2018, Boeing has experienced multiple manufacturing issues, in addition to complaints alleging ongoing production deficiencies and undue pressure on staff. In response to these concerns, the Chairmen and Ranking Members of the House Transportation and Infrastructure Committee and its Subcommittee on Aviation and the Chair of the Senate Committee on Commerce, Science, and Transportation requested this audit.What We FoundWeaknesses in FAA’s oversight processes and systems limit its ability to identify and resolve Boeing production issues.FAA’s approach to overseeing Boeing manufacturing and production does not use data-driven assessments to target audits, and FAA has not structured its audits to perform comprehensive assessments.FAA has not adequately ensured that Boeing and its suppliers can produce parts that conform to the approved design. FAA does not require its inspectors to review First Article Inspections that are intended to ensure a manufacturer’s processes can, at the outset, produce parts that meet engineering and design requirements.Further, FAA’s compliance system cannot track milestones or determine whether potential repetitive noncompliances have occurred, nor has FAA assessed the effectiveness of Boeing’s Safety Management System.Finally, FAA has not established criteria to return delegated authority to Boeing’s Organization Designation Authorization (ODA).FAA continues to face challenges addressing allegations of undue pressure within Boeing’s aircraft manufacturing.FAA issued guidance for reporting allegations of interference to FAA. However, FAA has not enforced requirements that Boeing provide information in sufficient detail on alleged undue pressure allegations. Additionally, changes to FAA’s review process have delayed FAA’s ability to resolve allegations of undue pressure reported by Boeing.Further, despite FAA organizational changes to improve oversight, FAA managers did not know about the investigations of ongoing undue pressure allegations when they initiated a request to expand the authorized functions of Boeing’s ODA.RecommendationsWe made 16 recommendations to improve FAA oversight of Boeing aircraft production. 

OIG reviewed whether Conservation Reserve Program recipients who received Climate-Smart Practice Incentive payments in FY 2023 were eligible for the incentive.

An Amtrak engineer based in Raleigh, North Carolina, received a written reprimand and a 40-day suspension without pay on October 7, 2024. Our investigation found that the employee violated company policies by using the company’s trademarked logo and a picture of one of its locomotives on the website for his personal business.

We identified the Commission’s major management and performance challenges by recognizing and assessing key themes from OIG audits, evaluations, hotline complaints, investigations, and an internal risk assessment, as well as reports published by external oversight bodies, such as the Office of Personnel Management and the Government Accountability Office. Additionally, we reviewed previous management challenge reports to determine if those challenges remain significant for this submission. Finally, we considered publicly available information and internal Commission records. In addition to the management challenges, we are providing management’s statements regarding prior and planned actions to address each challenge. The resulting product provides greater transparency to achieve improved agency performance.

Evaluation of the FLRA's Compliance with the Privacy Act Mandatory Annual Training Requirement for Fiscal Year 2023

The objective of this statutory audit was to review the U.S. Department of Education (Department) compliance with the requirements outlined under section 759(a) of the Geospatial Data Act. Specifically, we sought to determine whether the Department implemented the 13 covered agency responsibilities listed in section 759(a) of the Geospatial Data Act. We found that the Department is in compliance with the applicable responsibilities outlined under section 759(a) of the Geospatial Data Act. Specifically, we found that the Department implemented all 12 of the 13 covered agency responsibilities listed in section 759(a) of the Geospatial Data Act that we reviewed. We were unable to evaluate compliance with one covered agency responsibility as the applicable data standards related to this responsibility have not yet been defined by the Federal Geographic Data Committee and the Office of Management and Budget. Although the Department has continued to meet the requirements of the Geospatial Data Act thus far, we noted concerns regarding the allocation of resources that could negatively impact the Department’s ability to remain compliant going forward.

Our Objective(s) To assess the Department of Transportation's (DOT) progress implementing its responsibilities under the Geospatial Data Act (GDA) as a (1) lead covered agency and (2) covered agency.Why This Audit Federal agencies and State governments rely on geospatial data to accomplish their missions. Geospatial data can also be critical to monitoring and responding to transportation safety issues. The GDA requires inspectors general of covered agencies to report to Congress at least every 2 years on their agencies' collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data. This is our third audit under the act, which revisits the objectives of our first two audits conducted in 2020 and 2022.What We FoundDOT fully complies with the GDA's requirements for lead covered agencies.DOT has fully implemented the five responsibilities related to the maintenance and dissemination of its transportation theme data.The Department has developed a plan to implement standards for transportation theme data, which includes creating an online document repository and procedures for standards adjudication and adoption.DOT complies with the GDA’s general and reporting requirements for covered agencies but partially complies with the inventory requirement.DOT meets all 12 of the Act's applicable covered agency requirements for advancing geospatial data through implementation of its strategy, record schedules, and use of geospatial information.The Department provided timely annual reports to the Federal Geographic Data Committee and Congress; however, it did not maintain an accurate geospatial system inventory.Recommendations We made two recommendations to improve DOT’s geospatial data assets inventory and reduce geospatial systems’ risks.

As of January 2024, 85 percent of HUD employees had approved telework agreements, and 9 percent had approved remote work agreements. HUD estimated that 31 percent of remote employees were remote as a reasonable accommodation. Most of HUD’s remote workers served in a limited number of occupations. We evaluated the Office of the Chief Human Capital Officer’s (OCHCO) controls over the quality of data related to remote work and telework, including employees’ assignments to locality pay areas. OCHCO implemented controls over telework and remote work agreements and locality pay for remote workers. OCHCO established centralized oversight of the Flexiplace program and conducted periodic reviews of all Flexiplace agreements to verify that agreements complied with policy. Before our evaluation, OCHCO reviewed the locality pay of 700 remote workers and identified 6 with incorrect locality pay. Additional controls over Flexiplace telework agreements would reduce the risk of incorrect locality payments to teleworkers and of out-of-date telework agreements. Locality payments for teleworkers are not impacted by their telework location, so OCHCO chose not to specifically review locality payments to teleworkers or telework agreement location data. We identified 2 percent of teleworkers with discrepancies between their official duty stations and Flexiplace agreements, but these employees had a low risk of receiving incorrect locality payments. Discrepancies may also include telework agreements that were out of date or incorrect official duty stations but correct locality payments. In response to our evaluation, OCHCO modified its review process for remote work agreements to track whether employees approved for remote work as a reasonable accommodation submitted remote work agreements.In addition, 9 percent of teleworkers (626 employees) had official duty stations that matched the self-reported duty stations listed on their telework agreements but had telework worksites that were more than HUD’s defined commuting distance of a 50-mile radius from their agency worksite. The U.S. Office of Personnel Management’s policy allows teleworkers to live outside an agency’s defined official station radius. Given that HUD’s data indicated that 9 percent of HUD employees had commutes longer than 50 miles, some of these 626 HUD employees may have received incorrect locality pay or had official duty stations or telework worksites that needed to be corrected. HUD employees’ supervisors are typically responsible for enforcing the telework and remote work policy and the terms of their agreements and for ensuring that employees reflected their telework or remote schedules on their timesheets. OCHCO offered a variety of training courses designed to support supervisors in overseeing telework and remote work programs. The training included 27 courses for supervisors related to telework and remote work and 30 courses addressing managing employee performance, including employees who participate in telework or remote work programs.We recommend that the Chief Human Capital Officer implement a process to identify teleworkers most at risk of receiving incorrect locality payments, verify that their official duty stations are correct and they are reporting to their official duty stations as required, and if necessary, correct their locality payments.

This report presents the results of our audit of the U.S. Postal Service’s cost attribution for parcelonlyprocessing facilities.

This report presents the results of our audit of the status of the Postal Service’s acquisition of newdelivery vehicles.

This plan identifies and prioritizes issues, workload management and resources for FY 2025. It identifies our mandated and discretionaryengagements for FY 2025 as well as our continuing projects from FY 2024. Successful execution of this plan will enable the OIG toprovide high quality work products to its stakeholders and assist the CFTC to ensure its resources are expended in a responsible andreasonable manner.

FISMA requires each Inspector General to conduct an annual independent evaluation of their agency’s information security program, practices, and controls for select systems. The Office of Management and Budget’s (OMB) FY 2023–2024 Inspector General Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics directs Inspectors General to evaluate the maturity level (from a low of 1 to a high of 5) of their agency’s information security program for FY 2024.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.