Federal Reports

An Amtrak Coach Cleaner based in Beech Grove, Indiana, was terminated from employment on June 15, 2023, following her administrative hearing. Our investigation found that the employee violated company policies by failing to report her arrests and convictions for operating a vehicle while intoxicated. We also found that the employee misused leave granted under the Family Medical Leave Act (FMLA) by claiming FMLA leave for the time she was incarcerated.

We are issuing this report to inform the Agency of our concerns relating to the lack of conflict-of-interest provisions and clauses in the SBIR procurement documents and to provide considerations for the EPA to strengthen its SBIR Program against fraud, waste, and abuse.

Modified Peer Review

The VA Office of Inspector General (OIG) conducted this inspection to assess the stewardship and oversight of funds by the VA New York Harbor Healthcare System. This inspection assessed financial activities and administrative processes to determine whether appropriate controls and oversight were in place. These included open obligations, purchase card use, inventory and supply management, and pharmacy operations.The inspection team could not verify that anyone reviewed 10 of 19 selected inactive obligations, and from a separate sample of 10 open obligations more than three months, four had amount discrepancies totaling more than $15,000, which the fiscal staff corrected after the team’s visit.When assessing purchase card use, the team determined the healthcare system had deficiencies in supporting documentation for sampled transactions. Cardholders did not always obtain prior approval for purchases and perform required reconciliations. The team also estimated about $44.1 million in questioned costs due to noncompliance errors in approximately 90 percent of 46,900 transactions.The team found that inventory management could improve by updating monthly usage data so the prime vendor can keep necessary items in stock and by consistently using contract waivers when purchasing items from a nonprime vendor.The team found that pharmacy efficiency could improve by narrowing the gap between observed and expected costs, bringing turnover rates closer to the recommended level, using the inventory process required by VA, and meeting reconciliation reporting requirements.The OIG made 14 recommendations to the healthcare system director, such as implementing plans to ensure staff review open obligations and pharmacy reconciliations, cardholders receive prior approval for and properly document purchases, inventory staff update usage and use the prime vendor, and the pharmacy increases inventory turnover and audits inventory.

The OIG identified 10 industry best practices for managing major investments organized across three interconnected categories: people, process, and technology. In terms of the role of people, best practices include using internal cross-functional teams and engaging with both internal and external stakeholders. Best practices for improving processes include analyzing market trends and competitor strategies, using data to adapt to changes in volume and capacity, and real-time monitoring of investment performance. Finally, best practices that leverage technology include implementing innovative network designs, standardizing facility designs, adopting flexible technology, and promoting environmentally sustainable technology.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

We audited Nationstar Mortgage, LLC’s (doing business as Mr. Cooper (Nationstar)) compliance with the Federal Housing Administration’s (FHA) requirements for providing loss mitigation assistance to borrowers after their COVID-19 forbearance ended. We concurrently conducted a nationwide audit of servicers’ compliance with the U.S. Department of Housing and Urban Development’s (HUD) COVID-19 loss mitigation requirements (HUD Office of Inspector General (OIG) Report 2023-KC-0005). This audit complements that audit by examining how a single provider, Nationstar, provided loss mitigation for borrowers coming out of COVID-19 forbearance. We selected Nationstar after completing a risk assessment in 2021 that identified a significant volume of delinquent loans with prior COVID-19 forbearance in its portfolio and based on our awareness of complaints made about Nationstar to the Consumer Financial Protection Bureau and the HUD OIG hotline. Our audit objective was to determine whether Nationstar provided proper loss mitigation assistance to FHA-insured borrowers after the COVID-19 forbearance ended.Nationstar did not provide proper loss mitigation assistance to more than 80 percent of borrowers with delinquent FHA-insured loans after their COVID-19 forbearance ended. Based on a statistical sample drawn from a universe of 4,288 FHA-insured forward loans totaling $767 million, Nationstar did not meet HUD’s requirements for providing assistance to an estimated 3,572. Based on our loan sample projection, more than half of the borrowers received incorrect loss mitigation assistance. In these cases, Nationstar did not provide the loss mitigation option for which borrowers were eligible, incorrectly calculated loss mitigation options, did not reinstate arrearages, or declined loss mitigation in error. More than one-third of the borrowers in our sample projection received the correct loss mitigation option; however, Nationstar did not correctly follow COVID-19 loss mitigation guidance for these borrowers.

The VA Office of Inspector General (OIG) conducted an inspection at the West Texas VA Health Care System in Big Spring (facility) to assess an allegation that community living center (CLC) nursing staff did not respond when a patient experienced a medical emergency.The OIG did not substantiate that facility CLC nursing staff failed to respond to the patient’s medical emergency. The OIG found that although CLC nursing staff responded, the CLC registered nurse was unaware of the facility’s medical emergency policy and, as a result, failed to follow policy by not obtaining the automated external defibrillator (AED) and calling 911 immediately to activate the emergency response.Facility leaders failed to define CLC staff responsibilities when responding to medical emergencies in the CLC and had not provided mock code training to CLC nursing staff since October 2019. At the time of the patient’s medical emergency, a bag-mask device used to assist patients with breathing was not available and staff needed to be trained on how to use an AED. The OIG could not determine if the lack of mock code and AED training and the lack of equipment affected the outcome for this patient.The CLC registered nurse failed to document relevant patient care information during and after the patient’s medical emergency. The OIG determined that the documentation failure did not affect the outcome for this patient, but complete and timely documentation is vital to accurate health information.The OIG made three recommendations to the Facility Director related to ensuring CLC nursing staff are trained on roles and responsibilities when responding to medical emergencies, mock codes are completed within the CLC to include all CLC nursing staff, and all CLC clinical staff meet electronic health record documentation requirements.

We performed an audit of loan servicers’ compliance with the Federal Housing Administration’s (FHA) requirements for providing loss mitigation assistance to borrowers after their COVID-19 forbearance ended. We initiated the audit based on the large number of borrowers exiting forbearance, because the loss mitigation programs available to these borrowers were new and created a risk for both borrowers and the FHA insurance fund when servicers do not properly provide loss mitigation. Our audit objective was to determine whether servicers provided borrowers of FHA-insured loans proper loss mitigation assistance after the COVID-19 forbearance ended.Servicers did not provide proper loss mitigation assistance to approximately two-thirds of delinquent borrowers after their COVID-19 forbearance ended. Based on a statistical sample drawn from 231,362 FHA-insured forward loans totaling $41 billion, servicers did not meet HUD requirements for providing loss mitigation assistance to borrowers of 155,297 FHA-insured loans. Nearly half of the borrowers did not receive the correct loss mitigation assistance. These borrowers did not receive the loss mitigation option for which they were eligible, had their loss mitigation option not calculated properly, or received a loss mitigation option that did not reinstate arrearages, which refers to any amount needed to bring the borrower current. Approximately one-quarter of the borrowers received the correct loss mitigation option, but servicers did not follow COVID-19 loss mitigation guidance to help borrowers with payments that were missed during forbearance.

The report presents the results of our review of the Office for Civil Rights (OCR) process for resolving web accessibility complaints that were previously dismissed and subsequently reopened as directed investigations and OCR’s approach to evaluating web accessibility complaints submitted after the November 2018 revision of its Case Processing Manual. Among our findings, we determined that OCR’s resolution of web accessibility complaints previously dismissed under section 108(t) and subsequently reopened as directed investigations differed from how these reviews were resolved in the past, specifically with regard to whether or not a compliance determination was made, and that determinations made were inappropriate based on the level of testing performed. As a result of OCR’s changes to its procedures and the unclear way these changes were implemented, it could be difficult for people unfamiliar with OCR’s process to understand OCR’s procedures for processing these complaints.

We audited the Virgin Islands Housing Finance Authority’s monitoring of its Community Development Block Grant Disaster Recovery (CDBG-DR)-funded activities. We initiated the audit because of the large amount of CDBG-DR funds awarded to the U.S. Virgin Islands for the 2017 disasters and to aid in the U.S. Department of Housing and Urban Development’s (HUD) strategic objective to support effectiveness and accountability in long-term disaster recovery. Our objective was to determine whether the Authority effectively monitored its CDBG-DR-funded activities administered by itself and its subrecipients to ensure that the national objectives and performance measures were met.The Authority did not effectively monitor its CDBG-DR-funded activities. Specifically, it did not (1) assess the activities’ performance during its monitoring, (2) consistently track the status of corrective actions, (3) verify that the activities’ national objectives were or are being met, and (4) consistently monitor the activities. These deficiencies occurred because the Authority lacked policies and detailed procedures to guide its staff on effectively monitoring and tracking corrective actions and ensure performance metrics included in subrecipient agreements were assessed. Therefore, HUD could not be assured that activities were progressing, identified deficiencies were corrected, and funds were used for authorized purposes.We recommend that the Deputy Assistant Secretary for Grant Programs require the Authority to develop and implement monitoring policies and detailed procedures to ensure that an activity’s performance is assessed, corrective actions in monitoring reports are tracked, and documentation supporting the national objectives is verified. In addition, we recommend that the Authority revise subrecipient agreements to include performance metrics and milestones that are tailored to the activity.

Objective: To determine the accuracy and costs of edit routines the Social Security Administration (SSA) uses to reinstate wage items from the Earnings Suspense File (ESF).

The BIA has not actively managed the closeout process for Public Law 93–638 agreements.

We audited the Virgin Islands Housing Finance Authority’s Non-Federal Match Program for Community Development Block Grant Disaster Recovery (CDBG-DR) funds. This Match Program was developed to assist non-Federal entities in paying for their share of projects that addressed unmet needs because of the 2017 Hurricanes Irma and Maria. We initiated this audit due to the $415 million of CDBG-DR funds allocated by the Authority and to support the U.S. Department of Housing and Urban Development’s (HUD) strategic objective of promoting effectiveness and accountability in long-term disaster recovery.Our audit objective was to determine whether the Authority effectively administered its Match Program by identifying and assessing any challenges that hindered its ability to achieve program goals.We determined that the Authority’s administration of its Match Program had weaknesses. Specifically, the Authority had (1) insufficient financial controls, (2) insufficient oversight of its Match Program-funded projects, (3) inaccurate performance measures reported in its quarterly performance reports, and (4) insufficient documentation to support its national objectives. This condition occurred because the Authority did not have adequate policies and procedures or did not implement its existing policies to ensure effective administration of its Match Program. As a result, the Authority was at risk of not managing its Match Program in compliance with HUD requirements and achieving program goals. Further, this condition could result in the Authority providing program benefits to the intended beneficiaries late and increasing the risk of the Authority issuing improper payments. We recommend that the Deputy Assistant Secretary for Grant Programs require the Authority to (1) develop and implement policies and procedures to address the challenges identified and (2) conduct training for its staff and CDBG-DR Match Program recipients.

We found the Department used WSFR grant funds to pay for unfunded pension plan costs and unallowable subaward charges.

We found that the IA did not adequately analyze labor rate costs added to the contract and that the DWP did not appropriately monitor the contract.

An Amtrak conductor based in Washington, D.C., violated company policies by failing to report an August 5, 2019, Driving While Intoxicated (DWI) conviction he incurred during his employment. Amtrak removed the employee from service pending his disciplinary hearing. The employee agreed to a Waiver in Lieu of Termination on June 9, 2023, admitting to the charges and was assessed a time-served suspension after remaining out of service for six weeks.

The VA Office of Inspector General (OIG) conducts information security inspections to assess whether VA facilities are meeting federal security requirements. They are typically conducted at selected facilities that have not been assessed in the sample for the annual audit required by the Federal Information Security Modernization Act of 2014 (FISMA) or at facilities that previously performed poorly. The OIG selected the St. Cloud VA Medical Center in Minnesota because it had not been previously visited as part of the annual FISMA audit.The OIG’s information security inspections focus on four security control areas that apply to local facilities and have been selected based on their levels of risk: configuration management, contingency planning, security management, and access controls. During this inspection, the OIG found deficiencies with configuration management, contingency planning, and access controls.Deficiencies in configuration management included critical-risk vulnerabilities that VA’s Office of Information and Technology did not identify, uninstalled patches, an inaccurate inventory, and unauthorized software, which deprive users of reliable information access and could risk unauthorized access to, or alteration or destruction of, critical systems. The team identified a contingency planning weakness concerning an untested emergency power shutoff in the data center. Weak access controls included missing logs and visitor access records, communication rooms with insufficient climate controls, and nonworking video surveillance in the data center. These deficiencies compromised the security and maintenance of the information system.The OIG made eight recommendations to the assistant secretary for information and technology and chief information officer to improve controls at the facility because they are related to enterprise-wide information security issues similar to those identified on previous FISMA audits and information security inspections. The OIG also made two recommendations to the St. Cloud VA Medical Center director.

This report examined GAO’s inventory control over certain IT assets that may process or store sensitive or classified information during the onset and height of the pandemic.

This OIG Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the outpatient setting of the Manila VA Clinic in Pasay City, Philippines. This evaluation focused on five key operational areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (suicide prevention initiatives)The OIG issued two recommendations for improvement in two areas:1. Medical staff privileging• Professional practice evaluations2. Mental health• Suicide risk evaluations

The Veterans Benefits Administration’s (VBA) compensation program provides tax free monthly payments to veterans for the effects of disabilities caused by diseases, events, or injuries incurred or aggravated during active military service. VBA also has a pension program designed to provide supplemental income to eligible wartime veterans and their survivors with financial need.In response to a backlog of claims for the compensation and pension programs, Congress directed the OIG to• report the status of the compensation and pension benefits claims backlog,• review the causes of VA’s backlog, and• analyze how an initiative to digitally scan all paper based military personnel files has helped address and resolve the backlog.Beginning in fiscal year 2020, VBA experienced an increased backlog due to pauses in in person medical exams to establish disabilities and levels of impairment from the COVID 19 pandemic. Additionally, because of the implementation of the PACT Act of 2022, VBA anticipates a further increase in the claims backlog during fiscal year 2023. VBA developed a multilevel action plan to address the anticipated increase in backlog: hiring, technology, and proactive scanning, and the initiative to digitally scan all personnel files appears to be working well.

What We Looked AtWe performed a quality control review (QCR) on the single audit that Eide Bailly LLP performed for the City of Santa Clarita’s fiscal year that ended June 30, 2021. During this period, the City expended approximately $25.4 million from U.S. Department of Transportation (DOT) programs. Eide Bailly determined that DOT’s major program was the Federal Transit Administration’s (FTA) Federal Transit Cluster. Our QCR objectives were to determine whether (1) the audit work complied with the Single Audit Act of 1984, as amended, and the Office of Management and Budget’s Uniform Guidance, and the extent to which we could rely on the auditor’s work on DOT’s major programs and (2) the City of Santa Clarita’s reporting package complied with the reporting requirements of the Uniform Guidance. What We FoundEide Bailly complied with the requirements of the Single Audit Act, the Uniform Guidance, and DOT’s major programs. We found nothing to indicate that Eide Bailly’s opinion on DOT’s major program was inappropriate or unreliable. However, we identified deficiencies that require correction in future audits. Accordingly, we assigned Eide Bailly an overall rating of pass with deficiencies.

This report presents the results of our survey on LEA experiences with using ESSER funds to purchase educational technology to continue student instruction during the coronavirus. The survey identified (1) types of educational technology that LEAs purchased with their ESSER funds, (2) challenges that LEAs experienced when using ESSER funds for educational technology, and (3) impact the educational technology had on student learning. The survey found that LEAs nationwide generally reported using ESSER funds to purchase educational technology to continue student instruction due to the coronavirus. They purchased instructional software that offered teachers flexibility when creating remote learning environments and technology-related training that was both a challenge and an unexpected opportunity to improve teacher and student use of technology. LEAs reported their experiences with educational technology purchased using ESSER funds to resolve or mitigate challenges they faced while continuing student instruction during the coronavirus. LEAs nationwide generally reported experiencing lost instructional time and using ESSER-funded technology to address the academic impact that their student populations experienced during the coronavirus.

This Office of Inspector General Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the inpatient and outpatient care provided at the New Mexico VA Health Care System, which includes the Raymond G. Murphy VA Medical Center (Albuquerque) and multiple outpatient clinics in Colorado and New Mexico. This evaluation focused on five key operational areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (emergency department and urgent care center suicide prevention initiatives)The OIG issued seven recommendations for improvement in three areas:1. Quality, safety, and value• Recommend, implement, and monitor improvement actions• Peer review processes• Patient safety events2. Medical staff privileging• Focused and Ongoing Professional Practice Evaluation processes3. Environment of care• Maintain, inspect, and test biomedical equipment• Environmental cleanliness

The VA Office of Inspector General (OIG) conducts information security inspections to assess whether VA facilities are meeting federal security requirements. They are typically conducted at selected facilities that have not been assessed in the sample for the annual audit required by the Federal Information Security Modernization Act of 2014 (FISMA) or at facilities that previously performed poorly. The OIG selected the James E. Van Zandt VA Medical Center in Altoona, Pennsylvania, because it had not been previously visited as part of the OIG’s annual FISMA audit.These inspections focus on four security control areas: configuration management, contingency planning, security management, and access controls. During this inspection, the OIG found deficiencies with configuration management, security management, and access controls.Deficiencies in configuration management included inaccurate component inventories and ineffective vulnerability management, increasing opportunities for exploitation. The security management weakness involved the facility’s special-purpose system, which did not have an authorization to operate, leaving it vulnerable to compromise. Weak access controls, such as inadequately restricting access to computer rooms, communication closets, and generators, increased the risk of damage or destruction. The team also found missing environmental controls in the communication closets, which could lead to damage to organizational assets and result in financial loss or harm to veterans.The OIG made four recommendations, including one addressed to the medical center director and three addressed to the assistant secretary for information and technology and chief information officer, who did not concur with one: to verify and make necessary corrections to the systems’ component inventory. The OIG stands by its recommendation, as the review identified about 2,500 devices on the facility’s network as compared to only about 1,450 devices identified by the component inventory, and OIT’s response did not include additional evidence that would prompt the OIG to reconsider its conclusion.

The Pandemic Response Accountability Committee’s (PRAC) Semiannual Report to Congress, covering the period from October 1, 2022 through March 31, 2023.

The Pandemic Response Accountability Committee’s (PRAC) Semiannual Report to Congress, covering the period from October 1, 2022 through March 31, 2023.

This management advisory highlights key considerations for DFC’s evolving response to the war in Ukraine. DFC remains responsible for safeguarding the funds entrusted to it by Congress and the American taxpayers, while also being timely and flexible in its efforts to assist Ukraine. Continued due diligence will help ensure DFC uses any existing and future influx of funding for Ukraine effectively, efficiently, and with appropriate management.

To report the internal control weaknesses, noncompliance issues, and unallowable costs identified in the single audit to the Social Security Administration (SSA) for resolution action.

This Office of Inspector General Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the inpatient and outpatient care provided at the VA North Texas Health Care System, which includes the Dallas VA Medical Center, Garland VA Medical Center, Sam Rayburn Memorial Veterans Center (Bonham), and multiple outpatient clinics in Texas.This evaluation focused on five key operational areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (emergency department and urgent care center suicide prevention initiatives)The OIG issued two recommendations for improvement in two areas:1. Leadership and organizational risks• Institutional disclosures2. Mental health• Follow-up for patients at risk for suicide

Amtrak (the company) contracted with the independent public accounting firm of Ernst & Young LLP to audit its consolidated financial statements as of and for the fiscal year then ended, September 30, 2022, and to provide a report on internal control over financial reporting and compliance with certain provisions of laws, regulations, contracts and grant agreements, and other matters, which they issued on December 14, 2022.1 Because the company receives federal financial assistance, it must obtain an audit performed in accordance with U.S. generally accepted government auditing standards.The contract also required Ernst & Young to perform a Single Audit of the company’s federal financial assistance for the fiscal year ended September 30, 2022, in accordance with the audit requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). The objective of the Single Audit was to test internal control over compliance with major federal program award requirements and determine whether the company complied with the laws, regulations, and provisions of contracts or grant agreements that may have a direct and material effect on its major federal programs.

In May 2022, we conducted unannounced inspections of U.S. Customs and Border Protection (CBP) facilities in the Rio Grande Valley area of Texas, specifically six U.S. Border Patrol facilities and three Office of Field Operations (OFO) ports of entry (POEs).

The U.S. Government Publishing Office (GPO), Office ofthe Inspector General (OIG) conducted an audit of payments to injured employees at GPO.Our objective was to determine whether GPO is properly paying employees who havesustained work-related injuries or diseases covered by Federal Employees’ CompensationAct (FECA).

The VA Office of Inspector General (OIG) conducted this review to determine whether VA complied with the requirements of the Payment Integrity Information Act of 2019 (PIIA) for fiscal year (FY) 2022. PIIA requires VA to review its programs and activities susceptible to significant improper payments based on Office of Management and Budget (OMB) guidance. In addition, PIIA requires inspectors general to review their agency’s improper payment report and issue an annual report on its sufficiency. Agencies found to be noncompliant with PIIA and OMB guidance are required to perform additional reporting to OMB, Congress, and the Comptroller General depending on the number of years the OIG found them noncompliant.In FY 2022, VA reported improper and unknown payment estimates totaling $3.5 billion for seven programs and activities. Of that amount, about $1.4 billion represented a monetary loss, and the remaining approximately $2.1 billion was considered either a nonmonetary loss or unknown payment that cannot be recovered. While VA reduced the monetary loss from $1.97 billion in FY 2021 to $1.4 billion in FY 2022, it is still higher than the $892 million reported in 2020. In addition, VA reported a decrease in its overall improper and unknown payment rates for six additional programs and activities.Overall, VA satisfied nine of the ten requirements under the PIIA and concurred with the OIG’s recommendations to bring the remaining two noncompliant programs (the Pension Program and the Purchased Long-Term Services and Supports Program) into compliance with the remaining unmet requirement.

We found that the DOI’s bureaus do not perform any analysis of effective royalty rates for Federal oil and gas developed on Federal lands or offshore.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

(June 2023) The Office of the Inspector General of the Intelligence Community (IC IG) recently released its semiannual report to the Director of National Intelligence (DNI) and Congress for the period of October 1, 2022, through March 31, 2023. The National Security Act of 1947 (as amended) requires the IC IG to prepare and submit to the DNI a classified and, as appropriate, unclassified report summarizing the work of the IC IG for the preceding six-month period.

An Amtrak Lead Customer Service Representative based in New Orleans, Louisiana, resigned from her position on June 1, 2023, following the issuance of our investigative report. Our investigation found that the former employee violated company policies by accepting cash kickbacks from a private transportation driver for referring passengers to his service. During her interview, the former employee admitted to receiving money for referring passengers to the transportation service.

A Crew Management Representative based in Wilmington, Delaware, violated company policy by working at her personally owned business between August 25, 2022, and February 13, 2023, while she was on leave under the Family Medical Leave Act (FMLA) and receiving short-term disability benefits in excess of $35,000. The employee was terminated on June 1, 2023, after her disciplinary hearing on May 25, 2023. She is ineligible for rehire.