Federal Reports

In this year’s report, we identified seven key challenges for NASA—including two that pose significant cost and schedule risks to the Artemis campaign, the Agency’s most ambitious and expensive human space exploration effort since Apollo.

During our ongoing audit to determine the extent to which U.S. Immigration and Customs Enforcement (ICE) manages and secures its mobile devices, we identified thousands of mobile applications installed by ICE employees, contractors, and other DHS agency 1 employees on ICEmanaged mobile devices. These included applications from companies banned from U.S. Government information systems, applications associated with and , third-party file sharing applications, third-party virtual private networks (VPN), and outdated messaging applications.

The objective of our audit was to assess ITA’s progress and actions to prevent, reduce, and remove foreign trade barriers. To address this objective, we assessed ITA’s process for (1) identifying and resolving trade barriers; (2) receiving, recording, and monitoring foreign trade barriers reported by U.S. companies; and (3) selecting trade barrier cases for reporting to stakeholders. We found that ITA did not effectively prevent, reduce, and remove foreign trade barriers to increase exports of U.S. goods and services and to ensure American businesses and workers have an equal opportunity to compete within foreign markets. Specifically, we found that ITA does not strategically manage trade barrier cases to ensure resources are effectively used to meet the needs of U.S. businesses; ITA did not ensure the completeness and accuracy of data reported in Salesforce; and ITA performance measures do not accurately report its efforts to assist U.S. companies in resolving trade barriers.

OIG reviewed Rural Utilities Service 's administration of grants for the Water and Waste Disposal Loan and Grant program.

The Office of Inspector General (OIG) is initiating an audit of the AbilityOne Commission’s ERM Process. Our overall objective is to determine if the Commission's ERM process is effective and used to make risk-based decisions.

USCP OIG Annual Performance Plan for Fiscal Year 2024 describes how OIG will achieve its mission of promoting economy, efficiency, effectiveness, and integrity while monitoring Department operations and programs.

To view the report, please click on the link below.

Semiannual Report to the Congress April 1, 2023 - September 30, 2023

This report summarizes work we initiated and completed during this semiannual period on a number of critical U.S. Department of Commerce (Department) activities. Over the past 6 months, our office issued 10 products related to our audit, evaluation, and inspection work. These products addressed programs and personnel associated with the U.S. Census Bureau, U.S. Economic Development Administration (EDA), National Oceanic and Atmospheric Administration (NOAA), National Telecommunications and Information Administration, United States Patent and Trademark Office, and the Department itself. This report also describes our investigative activities addressing programs and personnel associated with the Census Bureau, EDA, NOAA, and the Department.

Semiannual Report to Congress for the period April 1, 2023 – September 30, 2023

Without enforcing established access control requirements, the EPA puts the chemical data, which IRIS users rely upon to inform scientifically sound environmental regulations and policies, at risk of unauthorized changes.

The VA Office of Inspector General (OIG) conducted a healthcare inspection to assess an allegation that facility leaders failed to complete clinical and institutional disclosures for three identified patients. The OIG substantiated that one of the three patients received a delayed institutional disclosure and did not receive a clinical disclosure. The OIG found that the delay in the institutional disclosure occurred because the Chief of Staff established a process to have a peer review conducted prior to determining if an institutional disclosure was warranted. The other two patients received clinical disclosures.During the inspection, the OIG identified concerns related to deficiencies in quality management and safety processes, including failure to enter events into the Joint Patient Safety Reporting system and review adverse events, failure to initiate a required root cause analysis, and insufficient documentation and explanation of decision-making within Peer Review Committee meeting minutes. Additionally, the OIG determined that facility providers failed to properly communicate abnormal imaging and laboratory test results to patients as required by policy.The OIG made five recommendations to the Facility Director related to conducting and documenting clinical disclosures; evaluating quality management processes that impede the timeliness of conducting institutional disclosures; adhering to Peer Review Committee documentation standards; ensuring adverse events or close calls are entered into the system, reviewed, and required actions are conducted per policy; and evaluating the process for the communication of abnormal test results to patients.

The VA Office of Inspector General (OIG) conducted a national review to evaluate lung cancer screening (LCS) with low-dose computed tomography scan (CT scan) provided through the VA community care program.Lung cancer is the leading cause of cancer-related death in the United States. LCS with low-dose CT scan helps identify lung cancer prior to the development of symptoms. The US Preventive Services Task Force first recommended LCS in 2013 and updated the recommendation in 2021.The OIG surveyed 139 Veterans Health Administration (VHA) facilities. The OIG found that while VHA requires facilities that conduct LCS have an LCS coordinator and use a patient management tool/registry to track and manage patients, the same services are not required for community care LCS. Survey respondents identified the top five barriers to the management of community care low-dose CT consults.Through electronic health record reviews, the OIG found 11 VHA facilities with missing community care scan results. Fifty-seven percent of facilities had results that were not relayed to providers within 14 days of appointment completion. More importantly, 13 percent of facilities had abnormal results from the community that were not relayed to providers within 14 days.Thirty-six percent of facilities had patients that were not notified of community care low-dose CT scan results, 21 percent did not have documented patient notification within 14 days for normal results, and 4 percent within 7 days for abnormal results.Thirty-seven percent of facilities had patients that did not have one-year follow-up scans ordered and 23 percent did not have a scheduled follow-up appointment for abnormal results. The OIG found seven patients with abnormal scan results did not receive follow-up per recommendations.The OIG made five recommendations to the Under Secretary for Health related to timely and quality screening for patients who depend on community care LCS.

The Infrastructure Investment and Jobs Act authorizes $1.36 billion in appropriations for ecosystem restoration and resilience programs.

The Inspector General’s Statement on the SEC’s Management and Performance Challenges, October 2023

This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board's Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report which is available at the link below.

The U.S. Government Publishing Office (GPO), Office of the Inspector General (OIG), completed an investigation into a passport production incident at the GPO Stennis Secure Production Facility, Mississippi.

Ever since Congress created the Special Inspector General for the Troubled Asset Relief Program (SIGTARP) under the Emergency Economic Stabilization Act (EESA), we have consistently delivered for American taxpayers. As an independent watchdog, SIGTARP has a proven record of identifying waste, abuse, ineffectiveness, inefficiency, and risk in EESA programs.As a law enforcement office, SIGTARP has a proven record of identifying and investigating fraud and other crimes. SIGTARP investigations have resulted in the recovery of more than $11.4 billion while coordinating with the Department of Justice (DOJ) and other law enforcement agencies to criminally prosecute 474 defendants - 326 of them sentenced to prison, including 75 bankers. Our investigations have also resulted in enforcement actions against 25 corporations/entities, including enforcement actions against many of the largest U.S. financial institutions.We continue to support DOJ and states on prosecutions related to bankers and co-conspirators investigated by SIGTARP. During this reporting period, SIGTARP investigations led to new charges, convictions, and sentencings. For example, an attorney from Southern California was sentenced to twelve months and a day in prison and two years of supervised release and ordered to pay a $50,000 fine. This attorney previously pled guilty to a money laundering conspiracy in which a participating TARP bank was used to launder illicit funds.The Home Affordable Modification Program (HAMP) ended on April 28, 2023. According to April 2023 data, HAMP is still providing much needed foreclosure relief to more than 550,000 participating homeowners living in all 50 states. Treasury paid $122.9 million in fiscal year 2023 and made its final advance payment of eligible incentives in March 2023. SIGTARP's investigations into the HAMP program have protected consumers seeking access to HAMP and who subsequently became the victims of scams. To date, SIGTARP has brought to justice 121 convicted scammers.The fact that an EESA program closes, or the defendant is no longer taking part in the program while SIGTARP’s investigation is pending, will not stop SIGTARP or prosecutors (such as the DOJ and state Attorneys General) from bringing justice and accountability to individuals or entities that violated the laws and could do so again. The time frame of our work is not tied to the time frame of U.S. Department of the Treasury or other entities administering funds in these programs. For example, while the Hardest Hit Fund closed in December 2021, SIGTARP investigations led to a $1.5 million civil settlement with the Detroit Land Bank Authority for claims related to unsubstantiated backfill costs in connection with the Blight Elimination Program.As you can see, SIGTARP continues to address illegal conduct within EESA programs. SIGTARP remains committed to fulfilling its mission to bring accountability for fraud, waste, and abuse through the agency’s anticipated closure in March 2024. This is SIGTARP’s last semi-annual report. SIGTARP’s last quarterly report will be submitted to Congress in January 2024. We greatly appreciate the opportunity we have had since 2008 to safeguard the public’s interest.

Semiannual Report to Congress, April 1, 2023 - September 30, 2023

The report summarizes the FTC OIG’s activities and accomplishments during the second half of the FY 2023 reporting period.

U.S. Customs and Border Protection (CBP) did not fully implement the requirements of the Synthetic Opioid Exposure Prevention and Training Act. Specifically, CBP did not: • issue a component-wide policy to safely handle potential synthetic opioids; • make naloxone available or readily accessible to all personnel at risk of exposure to opioids; and • require initial and recurrent training for all personnel at risk of opioid exposure. This happened because CBP did not ensure that the Act’s requirements were implemented.

U.S. Customs and Border Protection (CBP) did not fully implement the requirements of the Synthetic Opioid Exposure Prevention and Training Act. Specifically, CBP did not: • issue a component-wide policy to safely handle potential synthetic opioids; • make naloxone available or readily accessible to all personnel at risk of exposure to opioids; and • require initial and recurrent training for all personnel at risk of opioid exposure. This happened because CBP did not ensure that the Act’s requirements were implemented.

What We Looked AtHigh value assets (HVA) are information systems, information, and data for which unauthorized access, use, disclosure, disruption, modification, or destruction could have a significant impact on U.S. national security, or public health and safety of the American people. Given the impact that cyberattacks on HVAs can have on the security and resilience of the Nation's transportation infrastructure, we initiated this audit of DOT's HVA Program. At the time of our review, DOT identified that it had 21 HVAs. Our objectives were to evaluate whether DOT (1) established an organization-wide HVA governance program to identify and prioritize HVAs and (2) assesses HVA security controls and ensures timely remediation of identified vulnerabilities.Our RecommendationsWe made seven recommendations to strengthen DOT's HVA Program cybersecurity. DOT concurred with five recommendations and did not concur with and asked to close the other two recommendations. We consider the five recommendations resolved but open pending completion of planned corrective actions. We consider the remaining two recommendations unresolved and request that DOT provide an updated response, reconsider its non-concurrence, or provide documentation to support closing the recommendations.Note: This report has been marked Controlled Unclassified Information (CUI) in coordination with the U.S. Department of Transportation to protect sensitive information exempt from public disclosure under the Freedom of Information Act, 5 U.S.C. § 552.We plan to post a redacted version of the report when it becomes available.

We audited the Puerto Rico Department of Housing’s (PRDOH) fraud risk management practices to assess the maturity of its antifraud efforts. HUD heavily relies on its grantees to detect and prevent fraud, waste, and abuse and PRDOH is HUD’s second largest Community Development Block Grant Disaster Recovery and Mitigation (CDBG-DR and CDBG-MIT) grantee with over $20 billion in block grant funding. Our objective was to assess PRDOH’s fraud risk management practices for preventing, detecting, and responding to fraud when administering programs funded by HUD grants addressing the 2017 disasters.PRDOH’s fraud risk management processes to mitigate fraud risks either did not exist or were reactionary in nature. This resulted in the lowest desired maturity goal state -- Ad Hoc -- for organizations’ antifraud initiatives. PRDOH must improve its fraud risk management practices to adequately protect HUD funding provided for disaster recovery and mitigation efforts. Because PRDOH does not proactively manage fraud risk and its fraud risk management program is at the lowest state of maturity, it may have missed opportunities to strengthen controls and eliminate fraud vulnerabilities, leaving more than $20 billion in HUD disaster recovery and mitigation funds at increased risk of fraud. Implementing best practices and maturing PRDOH’s fraud risk management program will improve HUD and Puerto Rico’s ability to prevent and detect fraud and effectively utilize federal funds to support long-term disaster recovery and mitigation needs.We recommended that HUD instruct PRDOH to (1) implement a process to regularly conduct fraud risk assessments and determine a fraud risk profile, and (2) improve its fraud awareness initiatives.Further, we recommended that HUD (3) evaluate PRDOH’s risk exposure and tolerance as part of its program-specific fraud risk assessment for disaster grant programs; (4) coordinate with HUD’s Chief Risk Officer to provide training and technical assistance to PRDOH with a focus on the design, implementation, and performance of fraud risk assessments, and establish a fraud risk management framework for the organization; (5) assess whether grantees have mature fraud risk management programs within the disaster recovery and mitigation program; and (6) determine the fraud risk exposure in HUD's disaster recovery and mitigation programs, and work with grantees to implement appropriate fraud mitigation activities.

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the care provided at the Comprehensive Healthcare Inspection of the James E. Van Zandt VA Medical Center in Altoona, Pennsylvania. This evaluation focused on five key operational areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (focusing on suicide prevention initiatives)The OIG issued one recommendation for improvement in the Medical Staff Privileging area of review regarding ensuring practitioners with equivalent specialized training and similar privileges evaluate licensed independent practitioners when completing Ongoing Professional Practice Evaluations.

Top Management Challenges

To view the report, please click on the link below.

The U.S. Department of Housing and Urban Development (HUD) program offices issued departmental notices to inform public housing agencies (PHA) and owners of the Consolidated Appropriations Act of 2021’s (the Act) requirements. In addition, HUD program offices planned to use HUD’s revised physical inspection processes to ensure that PHAs and owners complied with the Act, namely under its new National Standards for the Physical Inspection of Real Estate (NSPIRE), which incorporate the Act’s requirements into its carbon monoxide standard, to ensure that PHAs and owners complied with the Act. The final NSPIRE rule is effective July 1, 2023, for public housing programs, October 1, 2023, for multifamily housing programs, and October 1, 2024, for the Housing Opportunities for Persons With AIDS program, Housing Choice Voucher Program, and Project-Based Voucher Program. HUD will need up to 3 years to complete NSPIRE inspections for HUD-assisted properties. However, PHAs and owners will self-inspect all units annually. In addition to previous guidance and training material, HUD provided PHAs with guidance in the Joint Notice PIH [Office of Public and Indian Housing], H [Office of Housing], OLHCHH [Office of Lead Hazard Control and Healthy Homes] 2022-01 about the Act’s requirements. The notice provided educational material and initial information and guidance for PHAs, owners, and managers to educate residents on health hazards, including carbon monoxide. At the time of our interviews, all 15 PHAs expected to have carbon monoxide detectors installed by the statutory deadline of December 27, 2022. The PHAs identified three barriers to completing the required installations: (1) lack of funding to implement the requirements in the Act, (2) residents’ tampering with carbon monoxide detectors, and (3) procurement processes for carbon monoxide detectors taking longer than expected.

This report presents the results of our inspection to assess the U.S. Small Business Administration’s (SBA) Shuttered Venue Operators Grant (SVOG) controls to prevent disbursements to ineligible entities. Specifically, our review focused on general eligibility requirements applicable to all SVOG applicants and venue-specific requirements applicable to live venue operators.SBA delayed launching the SVOG application portal for over 2 weeks in April 2021 because of technical issues. In June 2021, SBA officials made program changes, which SBA called a “program refresh,” to accelerate application processing and to expedite the release of program funds. SBA stopped using the application portal to track applicant compliance with each eligibility requirement, switching instead to a manual checklist. SBA staff were instructed to presume applicant assertions to be true unless a clear indication of fraud was present. SBA also placed a strict 4-hour review time limit per application. Additionally, SBA limited or eliminated certain verification procedures.We recommended SBA management 1) reevaluate eligibility for the 47 SVOG applicants we reviewed and to recover funds from applicants determined to be ineligible and 2) implement additional controls for the monitoring, auditing, and compliance phases to prevent ineligible entities from receiving grants.

Our objective was to assess the United States Postal Service’s processes and systems over retroactive pay. To accomplish our objective, we reviewed timelines for three collective bargaining agreements (labor contracts) from contract ratification to issuing retroactive payments to affected employees.

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the care provided at the Royal C. Johnson Veterans’ Memorial Hospital in Sioux Falls and multiple outpatient clinics in Iowa and South Dakota. This evaluation focused on five key operational areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (focusing on suicide prevention initiatives)The OIG issued one recommendation for improvement in the mental health review area regarding completing Comprehensive Suicide Risk Evaluations.

We found that a full-time NPS employee wrongfully obtained State unemployment insurance and Federal Pandemic Unemployment Compensation.

Mark Hernandez, a psychiatrist based in Miami, Florida; Peter Port, owner of Safe Haven Recovery Inc.; Brian Dublynn, Vice President of Safe Haven Recovery; and medical marketer Jennifer Sanford were sentenced in United States District Court, Southern District of Florida, on October 23, 2023, for conspiracy and other charges related to health care fraud. Hernandez was sentenced to 52 months in prison and 3 years’ probation; Port was sentenced to 108 months in prison and 3 years’ probation; Dublynn was sentenced to 42 months in prison and 3 years’ probation; and Sanford was sentenced to time served and 3 years’ probation.The defendants conspired to defraud private health companies by causing Safe Haven, a substance abuse treatment facility in Miami, along with several clinical laboratories, to submit false and fraudulent claims to health insurance plans for addiction treatment services that were not provided as billed and laboratory tests that were not medically necessary. As a result of the scheme, Amtrak’s insurance providers were billed approximately $86,130.

We evaluated the U.S. Department of Commerce’s process for addressing findings and recommendations identified in single audit reports related to departmental programs. Our objective was to determine whether the Department’s oversight of its grantees is sufficient to ensure selected findings identified in single audit reports are mitigated and recommendations are resolved within the required timeframe.
We found that bureaus are mitigating and resolving single audit findings, but improvements can be made to ensure compliance with federal requirements. We issued two recommendations. The Department concurred with our findings and recommendations.

Our objective was to assess the Postal Service’s CPU and VPO programs. Specifically, we (1) assessed Postal Service oversight of CPUs and VPOs, and (2) evaluated Postal Service strategies for establishing new CPUs and VPOs. We analyzed policies, data, and growth initiatives, and visited select CPUs and VPOs nationwide.

We found that a contractor wrongfully obtained over $10.7 million in Buy Indian Act set-aside contracts from BIA and BIE.

We performed an audit examining HUD’s efforts to prevent duplication of benefits when using Community Development Block Grant (CDBG) Disaster Recovery and Mitigation funds.  Our objective was to determine how the U.S. Department of Housing and Urban Development (HUD) assesses the adequacy of grantee procedures to prevent a duplication of benefits, both before and after grant execution.

HUD certified grantees’ high-level processes for preventing duplication of benefits before grant execution and allowed grantees to develop more detailed procedures for individual grant activities later.  However, HUD did not review grantees’ more detailed procedures before grantees began spending funds on program activities.  In addition, HUD certified before grant award that grantees had adequate procedures when the grantees’ procedures did not meet the adequacy criteria HUD established in the Federal Register.  Further, HUD’s adequacy criteria did not include all statutory requirements.  Because HUD certified procedures that did not meet requirements and did not review detailed activity-level procedures before grantees began spending funds, HUD risked grantees’ failing to prevent any duplication of benefits in accordance with the law.

We recommended that the Director of the Office of Disaster Recovery (1) review grantees’ activity-level procedures to prevent any duplication of benefits for adequacy before grantees process applications for assistance and (2) ensure that all applicable requirements for preventing any duplication of benefits are included in the adequacy criteria, grantee certifications, and HUD review checklists supporting the certification.

An Amtrak lead service attendant based in Miami, Florida, resigned from her position on October 20, 2023, as a result of our investigation. We found that the former employee violated company policies by engaging in outside employment while on a medical leave of absence.

On August 20, 2020, in response to the coronavirus (COVID-19) pandemic, the Tennessee Valley Authority (TVA) created the Pandemic Relief Credit (PRC) to provide a measure of relief to local power companies (LPCs), industries, businesses, and people of TVA’s seven state service region. Relief was provided in the form of a 2.5 percent credit to LPC and directly served customers’ demand and nonfuel energy charges. In August 2021, TVA extended the 2.5 percent credit through fiscal year (FY) 2022. TVA subsequently extended the 2.5 percent credit through FY 2023. Through July 2023, TVA had issued about $630 million in PRCs.We included this audit in our annual audit plan due to the amount of credits issued to LPCs and issues identified in a previous audit of pandemic-era credits. Our audit objective was to determine if adequate controls were in place to ensure the PRCs were calculated and utilized in accordance with TVA Board of Directors’ (TVA Board) approval. Our audit scope was the $449,227,369 of credits issued under the PRC for the period October 2020 through September 2022.We determined some controls were adequate to ensure PRCs were calculated and utilized in accordance with TVA Board approval. Specifically, controls were adequate to ensure (1) PRCs were calculated accurately and (2) LPCs that elected to pass the standard service portion of the credit to their customers did so in a nondiscriminatory manner. However, we determined the control in place to ensure the Time of Use (TOU) portion of the credit that was passed to LPC customers was inadequate. Specifically, the control for testing whether the LPC was passing the credit to the TOU customers was to ask LPC personnel if the credit was passed on to the customers. Due to the inadequacy of the control, TVA was not aware that one of the 25 LPCs we tested had not passed the majority of the credits to their end-use TOU customers totaling about $420,000. In addition, since the standard service portion of the credit did not have to be passed on to LPC customers, the cash positions of LPCs could be increased by the PRC. We determined 44 LPCs had surplus cash in excess of the TVA Board’s previously established 33 percent cash ratio threshold and noted 36 of these had not passed the standard service portion of the credit on to their end-use customers.

The EPA’s P2 grant results aligned with program goals, but without a supervisory verification process, the program may report inaccurate grant results to the public.

We reviewed the Animal and Plant Health Inspection Service Wildlife Services’ investigations of livestock deaths by Mexican gray wolves.

NASA’s Artemis campaign involves multiple programs and projects, more than a dozen major prime contractors, and thousands of suppliers. When supply chain disruptions happen, it can put the entire effort at risk of significant delays and increased costs. Part of the problem, we found, is that NASA lacks full visibility into the Artemis campaign’s suppliers.