Federal Reports

Although U.S. Customs and Border Protection (CBP) and U.S.Immigration and Customs Enforcement (ICE) have policies andprocedures to check the identity of noncitizens seeking entry intothe United States, they cannot always verify the noncitizens’identities. According to Federal law, noncitizens withoutidentification are not admissible into the country and shall bedetained. However, CBP and ICE officials are permitted to releasenoncitizens into the United States based on various considerations.Prior to releasing these individuals, CBP and ICE immigration officersaccept self-reported biographical information, which they use toissue various immigration forms. Once in the United States,noncitizens can travel on domestic flights.

As required by the Inspector General Act of 1978 (as amended), this Semiannual Report summarizes the activities of the Office of Inspector General for the preceding 6-month period.

This document discusses EAC OIG's planned oversight activities for fiscal year 2025.

Our review of prior Department of Homeland Security Office of Inspector General and U.S. Government Accountability Office (GAO) oversight reports identified recurring challenges with DHS’ strategic planning efforts. We previously reported that DHS and its components had not promptly updated strategic guidance (1) by mandated deadlines or (2) to reflect new information that would have a significant impact on the risk environment for which the strategic guidance was developed. In conducting this review of reports issued from fiscal years 2018 to 2022, we determined 7 prior DHS OIG reports and 7 prior GAO reports referenced 20 outdated or expired DHS strategic guidance documents.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

We found that a former DOI Deputy Secretary failed to monitor his investments or recuse himself from a matter in which he held financial interests.

The AmeriCorps Office of Inspector General (AmeriCorps OIG) received allegations that a grantee falsely reported elevated numbers of active volunteers in its Senior Companion Program (SCP) and failed to produce required match funds. The investigation found insufficient evidence to support the allegations. However, during a self-inspection of its fiscal records during this investigation, the grantee discovered $8,434.69 was inappropriately charged to its grant between July 2020 through March 2021 and reported its findings to AmeriCorps OIG.

The AmeriCorps Office of Inspector General (AmeriCorps OIG) investigated allegations that The New Teacher Project (TNTP), New York, NY, improperly exited five AmeriCorps members (members) with 1700 hours and thus certified full time education awards for the members, despite previous denials from AmeriCorps State and National to TNTP’s request to retroactively backdate the members’ enrollment in the MyAmeriCorps Portal.

Following the receipt of a complaint that an AmeriCorps member was simultaneously enrolled in two AmeriCorps programs at different grantees without the grantees’ knowledge, AmeriCorps Office of Inspector General (AmeriCorps OIG) initiated a proactive review of members with multiple service terms during the same timeframe.

An initial query of data covering 2016 to 2023 held in AmeriCorps systems identified 14 members with overlapping service terms. A more detailed review of those 14 members found three of the members had service terms who appeared to be simultaneously enrolled in two full-time programs for some period of time.

The Nuclear Regulatory Commission’s (NRC) oversight of the reactor operator licensing examination process is effective, efficient, and reliable. However, the agency could benefit from providing additional guidance and clarity in the current version of NUREG-1021, “Operator Licensing Examination Standards for Power Reactors” (Rev. 12). Specifically, NUREG-1021 contains process gaps and lacks clarity in policy interpretation. This occurred because when the agency updated NUREG-1021, it did not identify certain process gaps. This lack of clarity in the guidance could lead to potential delays and errors in processing reactor operator licensing applications and in rendering requalification decisions. This report makes one recommendation to identify process gaps and update NUREG-1021 to ensure that guidance in future revisions remains current and addresses emerging issues.

The Office of the Inspector General (OIG) contracted with Sikich to conduct the Audit of the Defense Nuclear Facilities Safety Board’s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024. The objective was to assess the effectiveness of the information security policies, procedures, and practices of the Defense Nuclear Facilities Safety Board (DNFSB). The findings and conclusions presented in this report are the responsibility of Sikich. The OIG’s responsibility is to provide oversight of the contractor’s work in accordance with generally accepted government auditing standards. Based on its assessment of the period October 1, 2023, through June 30, 2024, Sikich found that the DNFSB has not established an effective agency-wide information security program or effective information security practices. There are weaknesses that impact the agency’s ability to adequately protect the DNFSB’s systems and information.

The VA Office of Inspector General (OIG) Vet Center Inspection Program provides a focused evaluation of aspects of the quality of care delivered at vet centers. The OIG inspected four randomly selected vet centers throughout Pacific district 5 zone 2: Corona and Temecula, California; and Kauai and Western Oahu, Hawaii.The OIG inspection focused on four review areas: suicide prevention; consultation, supervision, and training; outreach; and environment of care. In the suicide prevention review, the OIG team evaluated vet center staff participation in the VA medical facility mental health executive council meetings resulting in no recommendations across all four vet centers inspected. The consultation, supervision, and training review identified concerns with external clinical consultation, vet center director monthly chart reviews, and completion of select trainings resulting in four recommendations across all four vet centers inspected. The outreach review evaluated outreach plan completion, inclusion of strategic components, and tailoring of outreach activities to cultural background information identified in the plan which resulted in two recommendations across all four vet centers inspected. The environment of care review evaluated vet centers’ physical environment and general safety resulting in eight recommendations across all four vet centers inspected. The OIG issued a total of 14 recommendations for improvement.

The Office of the Inspector General (OIG) contracted with Sikich to conduct an audit of the United States Nuclear Regulatory Commission’s (NRC) Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024. The objective was to assess the effectiveness of the information security policies, procedures, and practices of the NRC. The findings and conclusions presented in this report are the responsibility of Sikich. The OIG’s responsibility is to provide oversight of the contractor’s work in accordance with generally accepted government auditing standards. Based on its assessment of the period October 1, 2023, through June 30, 2024, Sikich found that although the NRC has established an effective agency-wide information security program and effective information security practices, there are weaknesses that may have some impact on the agency’s ability to optimally protect the NRC’s systems and information.

In March 2018, the VA Office of Inspector General (OIG) reported on deficiencies within the Veterans Health Administration (VHA) personnel suitability program, concluding that neither VA nor VHA effectively governed the background investigation process to ensure requirements were met at medical facilities nationwide. In September 2023, the OIG reported on similar deficiencies during a follow-up audit of VHA’s personnel suitability program. These prior audits identified issues that could affect the entire VA enterprise, prompting the OIG to conduct this audit of the background investigation process for Veterans Benefits Administration (VBA) and National Cemetery Administration (NCA) staff and determine whether investigation actions were completed on time and recorded reliably.VBA and NCA did not effectively govern their personnel suitability programs to ensure that background investigations were completed within required time frames or recorded reliably. The team found problems at every stage of the process: completion by candidates of questionnaires that the Defense Counterintelligence and Security Agency must have to begin background investigations, on-time initiation of background investigations, resumption of discontinued investigations, adjudications on schedule, and investigation documentation in employee personnel folders. Delayed adjudications were especially problematic. The OIG team estimated that 71 percent of VBA employees and 58 percent of NCA employees were not adjudicated by VA within the required 90 days of the date of the final investigative report.These issues occurred because VBA and NCA prioritized prescreening over adjudicating investigation results for newly hired staff. Further, whereas each administration tracked metrics for the prescreening process, neither tracked metrics for background investigation adjudications. As a result, both administrations assume unnecessary risk by allowing staff who are not fully vetted to handle sensitive personal information and interact with veterans.The OIG made two recommendations to the under secretary for benefits and two recommendations to the under secretary for memorial affairs.

Annual summary perspective on the most serious management and performance challenges facing the FTC, as well as a brief assessment of the agency’s progress in addressing those challenges.

The VA Office of Inspector General (OIG) Vet Center Inspection Program provides a focused evaluation of aspects of the quality of care delivered at vet centers. The OIG inspected four randomly selected vet centers throughout Pacific district 5 zone 1: Anchorage, Alaska; Eugene, Oregon; and Everett and Walla Walla, Washington.The OIG inspection focused on four review areas: suicide prevention; consultation, supervision, and training; outreach; and environment of care. In the suicide prevention review, the OIG team evaluated vet center staff participation in the VA medical facility mental health executive council meetings resulting in one recommendation for two of four vet centers inspected. The consultation, supervision, and training review identified concerns with external clinical consultation, vet center director monthly chart reviews, and completion of select trainings resulting in two recommendations across three of four vet centers inspected. The outreach review evaluated outreach plan completion, inclusion of strategic components, and tailoring of outreach activities to cultural background information identified in the plan which resulted in one recommendation across all four vet centers inspected. The environment of care review evaluated vet centers’ physical environment and general safety resulting in eight recommendations across three of the four vet centers inspected.The OIG issued a total of 12 recommendations for improvement

During our unannounced inspection of Baker County Sheriff’s Office (Baker) in Macclenny, Florida, we found Baker and ICE staff complied with ICE’s 2019 National Detention Standards for Non-Dedicated Facilities (NDS 2019) for classification, grievances, recreation, segregation, facility conditions, and medical care. However, Baker and ICE staff did not always comply with standards related to the voluntary work program, staff-detainee communication, and use of force.

What We Looked AtFollowing a series of disruptive cyberattacks in the public and private sectors, the President issued an Executive Order in 2021 requiring civilian Federal agencies to protect and secure their critical infrastructure and computer systems, which underpin the American people’s security and privacy. The Continuous Diagnostics and Mitigation (CDM) program aims to provide a consistent, Governmentwide set of continuous monitoring tools to enhance the Federal Government’s ability to identify and respond in real-time or near real-time, to the risk of emerging cyber threats. The Department of Transportation (DOT) uses continuous monitoring tools on its networks to secure information technology assets. We initiated this audit to assess DOT’s continuous monitoring tools for detecting, preventing, and reporting cybersecurity threats that may compromise DOT’s information systems and data. Specifically, we evaluated DOT’s (1) automation of its continuous monitoring tools to provide near real-time detection of cybersecurity risks in key operational areas, (2) hardware asset inventory reports and the software installed on the Department’s hardware assets, and (3) configuration of its network software and remediation of known network asset vulnerabilities.What We FoundFirst, DOT uses continuous monitoring tools to automate cybersecurity monitoring, but FAA is not using tools to provide near real-time monitoring on all mission-critical NAS systems. Specifically, the Department uses continuous monitoring tools to support essential CDM requirements and has implemented a CDM Dashboard to automatically report cybersecurity information. However, FAA has not performed near real-time cyber monitoring activities on 62 of 85 National Airspace Systems Cyber Management Systems due to air traffic and safety concerns. Second, DOT did not maintain an accurate inventory of its hardware assets, and FAA is still developing policies for a software inventory reconciliation process. Third, DOT is not configuring all its network software in accordance with requirements nor mitigating its known network vulnerabilities associated with its continuous monitoring tools and network endpoints. Addressing our concerns is key to DOT’s progress in reducing its threat surface and improving its cybersecurity posture. Our RecommendationsWe made five recommendations to improve the DOT’s cybersecurity posture and reduce cybersecurity risks. DOT and FAA agreed with the recommendations. We consider all recommendations resolved but open pending completion of planned actions. Note: This report has been marked Controlled Unclassified Information (CUI) in coordination with the U.S. Department of Transportation to protect sensitive information exempt from public disclosure under the Freedom of Information Act, 5 U.S.C. § 552. Relevant portions of this public version of the report have been redacted.

What We Looked At This report presents the results of our quality control review (QCR) of an audit of the Department of Transportation’s (DOT) information security program and practices. The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to develop, implement, and document agency-wide information security programs and practices. FISMA also requires inspectors general to conduct annual reviews of their agencies’ information security programs and report the results to the Office of Management and Budget. To meet this requirement, we contracted with Sikich to conduct this audit subject to our oversight. The audit objective was to determine the effectiveness of DOT’s information security program and practices in five function areas—Identify, Protect, Detect, Respond, and Recover.What We FoundOur QCR disclosed no instances in which Sikich did not comply, in all material respects, with generally accepted Government auditing standards.Our RecommendationsDOT concurs with all 10 of Sikich’s recommendations. Sikich considers 10 recommendations resolved but open pending completion of planned actions. 

Most of the 47 states that charged fees to CWSRF loan recipients did not provide some required fee information in either their intended use plan or annual report for 2022. This may have occurred because the Office of Water's guidance was not clear with respect to the definitions of the required information and how regional reviewers should obtain missing information. As a result, the EPA may not have had complete fee information available for its oversight activities. Additionally, the public may not have had access to all the required fee information, including the amount of accumulated fee revenue available for use.

The VA Office of Inspector General (OIG) Vet Center Inspection Program provides a focused evaluation of aspects of the quality of care delivered at vet centers. The OIG inspected four randomly selected vet centers throughout Pacific district 5 zone 3: Phoenix and West Valley, Arizona; Antelope Valley, California; and Santa Fe, New Mexico.The OIG inspection focused on four review areas: suicide prevention; consultation, supervision, and training; outreach; and environment of care. In the suicide prevention review, the OIG team evaluated vet center staff participation in the VA medical facility mental health executive council meeting resulting in one recommendation across two of the four vet centers inspected. The consultation, supervision, and training review identified concerns with external clinical consultation, vet center director monthly chart reviews, and completion of select trainings resulting in three recommendations across three of the four vet centers inspected. The outreach review evaluated outreach plan completion, inclusion of strategic components, and tailoring of outreach activities to cultural background information identified in the plan which resulted in one recommendation across all four vet centers inspected. The environment of care review evaluated vet centers’ physical environment and general safety resulting in five recommendations across all four vet centers inspected.The OIG issued a total of 10 recommendations for improvement.

The OIG’s Oversight of the U.S. Postal Service’s Delivering for America Plan

EXIM OIG's Strategic Plan. Revised in September 2024, Reissued September 2025 following guidance from the Administration

This report presents the results of our audit of the United States Postal Regulatory Commission’s(PRC) Compliance with the Federal Information Security Modernization Act of 2014 for FiscalYear 2024.

We performed this review to determine whether Linn-Mar Community School District (Iowa) expended Elementary and Secondary School Emergency Relief (ESSER) grant funds for allowable purposes in accordance with applicable requirements. We determined that all 20 (100 percent) ESSER expenditures that we reviewed for Linn-Mar were allowable. However, we found that Linn-Mar did not comply with key competitive procurement process or documentation requirements when procuring the goods or services associated with 6 (40 percent) of the 15 non-personnel expenditures, totaling $228,510 (49 percent) of the $466,572 in non-personnel expenditures reviewed. For these expenditures, Linn-Mar either did not use a competitive procurement process or failed to maintain documentation sufficient to support that a competitive procurement process was used. We made two recommendations to address the procurement issues that we identified to ensure that ESSER funds are used, documented, and managed in accordance with applicable Federal requirements.

The Office of the Inspector General (OIG) found that the U.S. Nuclear Regulatory Commission (NRC) headquarters occupant emergency plan includes adequate procedures to facilitate the emergency evacuation of disabled personnel and other personnel needing assistance. However, the agency must remedy problems with two-way communication systems, area of refuge signage, and fire door accessibility to align with safety codes and better support personnel needing assistance during emergency evacuations. Additionally, NRC headquarters personnel could benefit from more frequent limited-scope training to supplement annual full-scope evacuation and accountability drills.This report makes four recommendations to improve two-way communication systems, area of refuge signage, and fire door accessibility, and one recommendation to enhance training for personnel needing or rendering assistance during an emergency evacuation.

Our objective was to assess the company’s management and oversight of the Frederick Douglass Tunnel program.We found that the company is developing its management structure for the FDT program but initially did not have an effective structure or sufficient staff in place. In December 2022, the company decided to hire a contractor—a “delivery partner”—to provide management and oversight, but until it onboarded the contractor more than a year later, it relied on an overwhelmed internal team to manage multiple, complex, and concurrent commitments. As a result, the requisite planning has yet to be completed despite the program approaching major construction, which significantly increases the risk of cost overruns and delays.We recommend that Amtrak’s Capital Delivery department advance the requisite planning before major construction begins. We also recommend that the company improve its program planning processes to ensure that it implements a management structure and provides sufficient staff early enough to avoid similar challenges on future programs.

The VA Office of Inspector General (OIG) conducted a healthcare inspection to assess allegations regarding community care consult appointment scheduling practices and delays for patients with serious health conditions who received community care at the VA Western New York Healthcare System (system) in Buffalo.The OIG substantiated community care staff’s delays in scheduling patients’ radiation therapy and neurosurgery appointments resulted in delays in patient care, and in some cases caused or increased the risk of patient harm. The OIG found that a delay in scheduling, and eventual cancellation of, community care radiation therapy to treat a patient’s cancer-related pain resulted in progressive, debilitative pain. Although late in the course of the disease, receiving radiation therapy may have decreased the pain and improved the quality of life in the patient’s final months. System leaders failed to conduct an institutional disclosure to the patient’s family.The OIG determined system and community care leaders failed to resolve significant community care scheduling delays for patients with serious health conditions, despite patient advocacy by providers and community care staff. The OIG found leaders relied on inaccurate assurances from system community care leaders that urgent, high-risk patient care consults were reviewed and prioritized, even when alerts to patient concerns continued. System and community care leaders’ lack of action was contrary to high reliability organization principles and values, as they failed to consistently focus on patients, get to the root cause of concerns, and predict and eliminate risk before causing patient harm.The OIG made two recommendations to the VISN Director related to system leaders’ response to patient concerns, and oversight of community care practices; and two recommendations to the System Director related to the establishment of community care policies in alignment with VHA community care standards, and the disclosure of an adverse event.

At the request of Senator Charles Grassley, our office reviewed the U.S. International Development Finance Corporation’s (DFC) nondisclosure policies, forms, agreements, and related documents to ensure conformity with the anti-gag provision of the Whistleblower Protection Enhancement Act of 2012(WPEA).

Objectives: To determine whether—for a select group of employees—the Social Security Administration: (1) complied with its policies and procedures over employees’ premium pay hours and (2) paid employees the proper premium pay amounts.

The Department of Homeland Security has technology that enables identification and sharing of emerging threat information, but DHS partners did not always use this technology to obtain threat information. DHS has various technological methods for maintaining real-time situational awareness and identifying threat information, such as the Office of Homeland Security Situational Awareness’ media monitoring and a virtual situation room. DHS shares this information via its Homeland Security Information Network (HSIN). However, DHS partners often did not leverage HSIN for information sharing. According to the Office of the Chief Information Officer’s data, more than half of the 55,609 active HSIN account holders did not log into HSIN between March 22 and September 15, 2023.

The OIG inspection team inspected Plant Operations processes and procedures used to measure performance. Specifically, the OIG:1. Identified what metrics Plant Operations uses.2. Determined how Plant Operations incorporates identifying and reporting metrics into its processes and procedures.

This report presents the results of our audit of delivery operations and property conditions in theSouth Carolina District in the Southern Area.

OIA allocated nearly $20 million in IIJA and IRA funding to American Samoa, Guam, and the Commonwealth of the Northern Mariana Islands.

To learn how communities across the nation responded to the pandemic, we initiated a multi-part review of six communities—two cities, two rural counties, and two Tribal reservations. This report is the third community-specific report and focuses on our work in Sheridan County, Nebraska, where we previously identified that recipients, including city government, small businesses, and individuals, received almost $61 million from 31 pandemic relief programs and subprograms. This report provides a closer look at six pandemic programs and subprograms provided to Sheridan County by six federal departments.

For nearly 25 years, astronauts have continuously lived and worked onboard the International Space Station. As the Station ages, NASA will be challenged to ensure the safety of astronauts aboard and to sustain continuous operations, which includes conducting science and research and maintaining the ISS. At the same time, the Agency will need to develop capabilities to safely deorbit the ISS. In this audit, we examined NASA’s management of risks to sustaining ISS operations through 2030, ensuring crew and operational safety and conducting a safe, controlled deorbit in 2031.

The AmeriCorps Office of Inspector General (OIG) has identified concerns regarding the award, management, and oversight of a contract for AmeriCorps’ new grants management system. Specifically, this alert identifies several factors contributing to cost overruns that will likely exceed $9 million—more than double the amount of the original contract—including the choice of a firm-fixed price contract for a project with uncertain requirements, a lack of technical expert involvement in contract oversight, and the descoping of contract tasks to accommodate cost overruns. While the OIG has not yet undertaken a full review of the allegations received, information collected to date warrants alerting AmeriCorps leadership of these concerns so that management has timely information to mitigate these risks in its ongoing management of this and other major contracts. AmeriCorps oversees many contracts, including other contracts related to IT modernization. As set forth below, AmeriCorps OIG suggests specific steps that AmeriCorps take to improve its contract management practices and avoid wasteful contract overruns.