Federal Reports

Why We Did This Report

The U.S. Environmental Protection Agency Office of Inspector General conducted this evaluation to determine whether the EPA verifies that EPA-authorized state lead-based paint programs continue to meet regulatory requirements after initial authorization. We initiated this evaluation in response to an anonymous OIG Hotline complaint.
 

Summary of Findings

The EPA is not verifying that authorized state lead-based paint programs remain at least as protective of human health and the environment as the federal programs and that the programs provide adequate enforcement after initial program authorization. Without changes to the EPA’s oversight procedures, authorized state lead-based paint programs may not adequately protect public health, and children may suffer adverse and irreversible health effects.

SEC Investigative Summary 25-0015

The VA Office of Inspector General (OIG) conducted a healthcare inspection to assess the impact of additional staffing on patient access to care in the community through the VA Maryland Health Care System (system) in Baltimore.

The OIG found that high consult volume contributed to system staff’s inability to schedule and complete community care consults timely and consistently coordinate community care, despite staff and system leaders taking some corrective actions to address deficiencies. The OIG also found that Care in the Community nurse care coordinators did not use care coordination plan notes for every consult or routinely document note addendums as required by the Veterans Health Administration. 

The OIG concluded that Veterans Integrated System Network leaders were aware of challenges in Care in the Community, but did not help system leaders improve and sustain consult management performance beyond providing temporary administrative staff assistance.

The OIG learned that, due to insufficient staffing, system leaders only implemented the Referral Coordination Implementation in one specialty, despite the Veterans Health Administration requirement of implementation in 34 specialty medicine areas by February 2021. The OIG concluded that, consistent with other facilities, the system struggled with Referral Coordination Initiative implementation. 

The OIG found that Patient Advocate Tracking System data was collected and trended but the Deputy Chief of Staff did not ensure the data was analyzed or staff directly implemented action plans for quality or process improvements. 

The OIG made 7 recommendations related to assessment of the Care in the Community 7-day appointment scheduling requirement, completion of performance action plans, education to address incomplete consults, consult completion, care coordination documentation, Referral Coordination Initiative implementation, and Patient Advocate Tracker System data analysis. 

Prior to the launch of the Delivering for America plan, the U.S. Postal Service used Surface Transfer Centers to distribute, consolidate, dispatch, and transfer all mail classes within the surface network. They also served as a concentration point for consolidating mail from under-utilized surface trips. In September 2024, the Postal Service transitioned to the use of RTHs. RTHs are intended to decrease the number of mail separations and fill containers quickly during processing to expedite getting mail onto trucks and out for delivery to customers.

As of March 2025, 18 RTHs were active nationwide. While the Postal Service indicated that work handled at RTHs would be insourced, some RTHs, such as the Denver RTH, continue to be operated by contractors rather than Postal Service employees.

VBA’s Pension and Fiduciary Service, which administers the death benefits program, assists eligible claimants with burial expenses, plot costs, and transportation costs for a veteran’s remains. To streamline claims processing for death benefits, VBA launched a system called pension automation. This automation system extracts data from claim applications and documents, such as a death certificate, and uses rules to generate decisions and notification letters for claims. Given VBA’s increased reliance on automation, the VA OIG conducted this review to determine whether VBA’s automation system is accurately processing claims for death benefits. 

Based on statistical analysis of a sample of 150 claims for veterans’ death benefits completed by automation from January 5, 2023, through March 31, 2024, the OIG estimated that 83 percent of such claims contained an error, of which 2,000 claims (16 percent) resulted in about $1.9 million in underpayments to survivors. Although the automation system correctly processed most burial allowances (90 percent) and plot allowances (95 percent), the OIG team estimated that 9,800 transportation claims (79 percent) were improperly processed during the review period. The most common errors identified by the team were: the automation system prematurely denied transportation claims that should have been transferred to a claims processor to review the transportation benefit; some transportation claims were never reimbursed; and the notification letter did not provide a decision on transportation for some claims. These errors occurred because the automation system did not have rules to ensure the proper processing of transportation benefits and because of a discrepancy in VBA policy. The OIG made and the under secretary for benefits concurred with two recommendations to update VBA policy and ensure automation is consistent with the policy for processing this benefit.

OIG examined the circumstances surrounding the oversight and enforcement of the Food Distribution Program on Indian Reservations (FDPIR)/Commodity Supplemental Food Program (CSFP) food delivery contract. 

Note: This report contains sensitive content that is being withheld from public release. Any monetary impact amounts redacted from this report are not reflected in monetary totals.

We found an energy company failed to decommission operations as required within one year after its Federal oil and gas leases expired.

Our objective was to assess the company’s efforts to provide high-quality customer service to passengers with disabilities.

We found that although the company has ongoing efforts to improve the service it provides to these customers, it faces challenges in two key areas. First, it does not have an overarching strategy with goals, metrics, and priorities to guide its efforts to improve customer service to passengers with disabilities. Second, it does not have full visibility over the quality of service it provides to passengers with disabilities because it does not regularly analyze key data that could provide insights. 

Without a strategy informed by relevant data, the company may not be focusing its resources on improvement initiatives with the highest potential impact. Further, it could be exposed to unnecessary financial, reputational, and legal risks from service that does not consistently meet its standards. Given the company’s limited visibility over the service it provides to passengers with disabilities, we assessed the customer experience and identified three areas where it has opportunities to improve: (1) interactions with customer-facing employees, (2) communication of essential travel information, and (3) access to onboard amenities.

We recommended that the company develop an overarching strategy and analyze the data necessary to measure its service quality. It should also implement plans and processes to address challenges in the three improvement areas we identified.

In July 2022, the VA Office of Inspector General (OIG) published a report finding that Veterans Benefits Administration (VBA) staff prematurely denied service connected compensation to veterans with conditions that could be associated with burn pit exposure. The OIG made seven recommendations, and VBA took corrective action on five, which the OIG closed. The two remaining recommendations were to review two datasets the OIG believed contained prematurely denied claims of veterans seeking service connection for burn pit-related conditions, correct any errors, and provide certification of completion. In May and August 2024, VBA requested closure of both open recommendations, asserting it had taken corrective actions as needed on all the claims. However, further review by the OIG of the claim population, as detailed in this management advisory memorandum, determined VBA did not take required corrective actions on at least an estimated 25 percent of veterans’ denied claims related to burn pit exposure.

Given the considerable errors identified in this second review of claims, the OIG lacks assurance that VBA has taken sufficient corrective action to address the original findings and remains concerned that, after nearly three years, veterans affected by these errors could still be missing service-connected compensation benefits to which they are entitled. Accordingly, the OIG did not concur with VBA’s requests to close recommendations 2 and 3 from the July 2022 report. These recommendations will remain open, and the OIG will continue to request quarterly updates from VBA on the progress it has made to appropriately remediate all errors and ensure corrective actions are taken for veterans’ denied claims related to burn pit exposure from the population identified by the OIG. In response to this memorandum, VBA will establish a workgroup to develop and implement a plan to correct the identified issues.

This Office of Inspector General (OIG) Healthcare Facility Inspection program report describes the results of a focused evaluation of the care provided at the VA Boston Healthcare System in Massachusetts. 

This evaluation focused on five key content domains:
     •    Culture
     •    Environment of care
     •    Patient safety
     •    Primary care
     •    Veteran-centered safety net

The OIG issued 11 recommendations for improvement in two domains:
  1.    Environment of care
     •    Processes to prevent repeat findings
     •    Biological hazard signs
     •    Safe and clean patient care areas
     •    Medication storage areas
           o    Restricted access
           o    Pharmacy staff inspections
           o    Temperature and humidity
     •    Urgent Care Center operates according to VHA Directive 1101.13
     •    Repeat findings and sustained improvements
     •    Trends, performance improvement plans, and outcome measures
  2.    Patient safety
     •    Test result communication policy complies with VHA directives for critical test results

The Tennessee Valley Authority’s (TVA) Supply Chain organization enters into blanket contracts with vendors to support TVA goals and lower total costs to TVA.  Blanket contracts are defined as open-scope contracts under which TVA may place multiple orders for designated products or services over a set timeframe.  Defined scopes of work and TVA’s commitment to buy are established through purchase orders (PO) issued against existing blanket contracts.

Under appropriate circumstances, TVA may group multiple blanket contracts that have the same general scope of work under a master contract.  TVA’s Supply Chain Buyer Guide, which defines best practices for contracting officers, describes this process as the competitive model.  According to the Buyer Guide, competitions between vendors under a competitive model can often be conducted quickly to better support organizational needs.

Due to issues identified in previous audits related to TVA’s lack of competition of fixed price POs, we conducted an audit to assess TVA’s process for evaluating and awarding POs issued under blanket contracts. Our audit scope focused on POs issued under blanket contracts where TVA has multiple blanket contracts for a general scope of work. 

In summary, we determined TVA does not have an overall policy and there are limited procedures and guidance for evaluating and awarding POs issued under blanket contracts where TVA has multiple blanket contracts for a general scope of work.  This has resulted in inconsistencies in how Supply Chain and the organizations have evaluated and awarded POs.  Specifically, we determined there were inconsistencies in the level of (1) competition between prequalified vendors when issuing POs and (2) Supply Chain involvement in the evaluation and selection of vendors.  With limited guidance on evaluating and awarding POs issued under blanket contracts, TVA increases its risk of not achieving best value for TVA.

This Office of Inspector General (OIG) Healthcare Facility Inspection program report describes the results of a focused evaluation of the care provided at the VA Coatesville Healthcare System in Pennsylvania. 

This evaluation focused on five key content domains:
     •    Culture
     •    Environment of care
     •    Patient safety
     •    Primary care
     •    Veteran-centered safety net

The OIG issued no recommendations.

This Office of Inspector General (OIG) Healthcare Facility Inspection program report describes the results of a focused evaluation of the care provided at the Sheridan VA Health Care System in Wyoming. 

This evaluation focused on five key content domains:
     •    Culture
     •    Environment of care
     •    Patient safety
     •    Primary care
     •    Veteran-centered safety net

The OIG issued three recommendations for improvement in two domains:
  1.    Environment of care
     •    Facility navigation tools for sensory-impaired veterans
  2.    Patient safety
     •    Patient test result communication effectiveness
     •    Service-specific workflows for test result communications

Follow-Up on the Evaluation of the Federal Labor Relations Authority’s
Compliance with the Privacy Act Mandatory Annual Training Requirement
for Fiscal Year 2023

This Office of Inspector General (OIG) Healthcare Facility Inspection program report describes the results of a focused evaluation of the care provided at the VA Connecticut Healthcare System in West Haven. 

This evaluation focused on five key content domains:
     •    Culture
     •    Environment of care
     •    Patient safety
     •    Primary care
     •    Veteran-centered safety net

The OIG issued four recommendations for improvement in three domains:
  1.    Culture
     •    Unanswered phone calls from veterans
  2.    Environment of care
     •    Performance improvement plans and outcome measures for environment of care trends
     •    Preventive maintenance for beds and stretchers
  3.    Primary care
     •    Veterans Integrated Service Network call center

We highlight the risks with how BOR administers IRA drought mitigation funds.

The U.S. AbilityOne Commission's Office of the Inspector General has issued an OIG Alert to inform Program stakeholders of recent activities of a third party. Specifically, the third party entity has published incorrect and misleading information regarding OIG activities and has insinuated that they have confidential OIG information. 

Our Objective(s)To assess the Special Crash Investigations (SCI) Program's (1) selection of crashes for investigation, (2) collection and analysis of special crash investigation data, and (3) use of this data to improve vehicle safety.
Why This AuditNHTSA estimates that 40,990 people died in motor vehicle crashes in the United States in 2023. A key component to reduce these fatalities is the SCI Program. The purpose of the SCI Program is to save lives and prevent injuries by collecting timely crash investigation information for the automotive safety community to improve the performance of advanced safety systems.
What We FoundNHTSA's SCI Program lacked a documented process to select and prioritize crashes for investigation.

The SCI Program has been successful in conducting crash investigations but lacked a documented process for selecting crashes for investigation.
The SCI Program lacked written procedures for prioritizing the crash types it investigates.

NHTSA's SCI Program procedures for collecting and analyzing special crash investigation data were insufficient.

NHTSA established an overall goal to conduct timely crash investigations and provide data that improves the performance of advanced driver safety systems. However, the Agency did not meet its timeliness goals for completing special crash investigation reports, partially due to delays in collecting crash data for analysis.
The SCI Program's procedures for retaining collected crash investigation documents did not comply with Federal Records Retention requirements.

NHTSA's SCI Program did not have a process to assess how investigation reports improve vehicle safety.

SCI Program officials pointed to examples of the positive impacts the program's investigations have had.
However, NHTSA did not have a process to formally document the extent to which special crash investigations played a role in addressing specific safety issues.

RecommendationsWe made 3 recommendations to improve NHTSA's SCI Program.

Our investigation determined that between 2022 and 2023, two Amtrak Supervisors based in Philadelphia and several other employees violated company policy by not swiping out on a Time Entry Device (TED) after their shifts and, subsequently, swiping out and immediately back in when they returned to work. This resulted in the recording of significant consecutive TED hours. The employees used this swiping protocol to inaccurately claim a full eight hours of regular pay in Amtrak’s timekeeping system, instead of correctly recording seven hours of regular pay and one hour of Code 29 pay (hours paid but not worked) to which they were actually entitled.

We also found that one of the supervisors collected additional Code 29 hours to which he was not entitled, in violation of the Infrastructure Management and Construction Services’ (IMCS) internal hours‐of‐service policy. We further found that an Engineer, based in Philadelphia, violated the internal hours‐of‐service policy by allowing and encouraging employees to claim Code 29 pay after working only 14 hours, which resulted in the company paying for hundreds of unnecessary Code 29 hours. The supervisors were terminated after their disciplinary hearings in July 2025. They are not eligible for rehire.

Our objective was to assess National Weather Service (NWS) tornado forecasting and warning performance and identify potential opportunities for enhanced effectiveness. We contracted with the Institute for Defense Analyses (IDA), an independent firm, to perform this evaluation. Our office oversaw the evaluation’s progress to ensure that IDA performed it in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation (December 2020) and contract 
terms.

Since fiscal year 2011, the NWS has achieved its Government Performance and Results Act (GPRA) performance goal for false alarm ratio in 9 of the last 12 years. However, the NWS has consistently fallen short of meeting performance goals for probability of detection and warning lead times for this same time period. In addition to the NWS’s limited effectiveness in forecasting and warning performance, NOAA lacks official outcome metrics to assess progress toward the Tornado Warning Improvement and Extension Program's goal of reducing the loss of life and economic losses from tornadoes, leaving this goal unmet without further improvements.
 

As part of its 10-year strategic Delivering for America plan, the U.S. Postal Service is redesigning its processing network and plans to invest $40 billion to create a modernized network based around regional processing and distribution centers (RPDC). The Atlanta RPDC is a one million square foot facility that opened in February 2024, consolidating operations from multiple facilities in the Atlanta region. The Postal Service approved an over $254 million investment to build out and set up the Atlanta RPDC and expects net savings of $2.6 billion over 30 years from consolidating regional operations. Efficient and effective RPDCs are critical to the success of the Postal Service’s Delivering for America plan and its goal of being financially self-sustaining.

The Management Advisory reviews expenditures related to executive transportation on car services from November 2024 to January 2025. The advisory identifies the need for updated travel policies to ensure cost-effective and justified use of government funds, aligning with the Federal Travel Regulation's "Prudent Traveler Rule." The advisory includes one recommendation to enhance documentation and justification requirements to mitigate financial risks.

This report presents the results of our Independent Auditors’ Performance Audit Report on the Federal Election Commission’s (FEC) Security Patches and Vulnerabilities Management Programs for the Fiscal Year Ending September 30, 2024.

This report provides an overview of AI and Machine Learning technologies, selected use cases, and policies implemented within DOI.

Why We Did This Report

The U.S. Environmental Protection Agency Office of Inspector General has identified a concern with the EPA’s requirement that extramural research reports be submitted to the EPA via email.

Summary of Findings

The OIG has concerns with the EPA’s requirement that awardees submit federally funded research reports via email. Email providers go to great lengths to obscure the originating IP address from an email’s header information. This makes it very difficult to determine the location from which the email was sent. The location is useful for identifying whether a research report was sent from within the United States.

OIG conducted this review to describe the factors that affect territories' administration of HAVA grants and assess the effectiveness of the EAC’s management of HAVA grants awarded to territories.

We found that none of the three Department of Homeland Security components responsible for end of parole activities—U.S. Customs and Border Protection, U.S. Citizenship and Immigration Services, and U.S. Immigration and Customs Enforcement — were designated to monitor parole expiration and DHS did not have a well-defined process to address parole expiration for aliens paroled into the United States through Operation Allies Refuge/Operation Allies Welcome, Uniting for Ukraine, and processes for Cubans, Haitians, Nicaraguans, and Venezuelans. We also found that DHS did not initiate enforcement actions for parolees whose parole expired. As a result, DHS did not have assurance that former parolees were lawfully present in the United States after parole expiration.

This report presents the results of our audit of the Food Safety and Inspection Service’s Cooperative Interstate Shipment Program.

We audited Neighborhood Loans, Inc., to evaluate its quality control (QC) program for originating and underwriting Single Family FHA-insured loans. Our audit covered the period October 2020 through September 2022.  We selected Neighborhood Loans for review based on its increasing loan volume and delinquency rate and because its rate of self-reporting loans to HUD when it identified fraud, material misrepresentations, and other material findings that it could not mitigate was below average for 5 of the last 6 years.

We found that Neighborhood Loans’ QC program for originating and underwriting FHA-insured loans was not sufficient.  Specifically, Neighborhood Loans (1) did not select the proper number of loans for review and maintain complete data to document its loan selection process; (2) did not complete all loan reviews in a timely manner; (3) did not always complete key review steps and sometimes missed material deficiencies; and (4) did not adequately assess, mitigate, and report loan review findings, which included self-reporting loans to HUD when required.  These issues occurred because Neighborhood Loans had insufficient controls over its QC program, was not always familiar with HUD requirements, and experienced staffing constraints.  As a result, HUD did not have assurance that Neighborhood Loans’ QC program fully achieved its intended purposes, which include, among other things, protecting the FHA insurance fund and lender from unacceptable risk, guarding against fraud, and ensuring timely and appropriate corrective action.

We recommend that HUD require Neighborhood Loans to (1) update its QC plan and related procedures to align with HUD requirements; (2) provide training to staff and management on HUD requirements for lender QC programs; (3) review the loans that it had not selected and take appropriate actions when applicable; (4) review its QC files for loans in which it may not have performed complete reverifications and reverify information where appropriate (5) evaluate its QC files for reviews in which it did not yet assess the risk of findings identified; and 6) evaluate its QC files for the loans in which it identified material findings to confirm whether it self-reported to HUD all findings of fraud or material misrepresentation, along with any other material findings that it did not acceptably mitigate.
 

The U.S. Postal Service’s Delivering for America 10-year plan includes initiatives to support small and medium businesses and grow parcel revenue. The Merchant Rate Card program supports this initiative, offering discounted rates to businesses (merchants) through agreements between the Postal Service and third-party platforms used by the merchant. The Postal Service had agreements that accounted for over a billion in revenue through the Merchant Rate Card program in fiscal year 2024. 

The OIG receives requests from VA’s National Acquisition Center to validate vendors’ data and compliance with Federal Supply Schedule (FSS) contract terms and conditions. The VA FSS program supports the acquisition needs of VA and other government agencies for medical equipment, supplies, pharmaceuticals, and services by contracting with vendors that provide the items at a discount. The OIG reports its findings to the National Acquisition Center, but the reports are not published because they contain sensitive commercial information.

This report summarizes 20 reports the OIG issued to the National Acquisition Center in fiscal years (FYs) 2023 and 2024. The report presents overall findings in three areas: vendors’ compliance with FSS terms and conditions, noncompliance that could be pursued under the False Claims Act, and net overcharges to the government. In the 20 reports, the OIG identified overbillings and noncompliance with the price adjustment clause, the price reductions clause, the industrial funding fee and sales reporting clause, and the trade agreements clause, as well as with the Veterans Health Care Act of 1992 and shipping charges. The OIG issued two False Claims Act reports in FY 2023 and determined the impact to the government was $13,833,997 in overcharges, of which VA was able to recover about $13,418,977. Finally, the OIG calculated about $20.1 million in overall net overcharges to the government.

Federal agencies purchased about $18.9 billion in products and services through VA’s FSS program during FY 2023 and $21.4 billion in FY 2024. The OIG’s findings and recommendations helped VA collect about $19.5 million in net overcharges (97 percent of the about $20.1 million).

U.S. Customs and Border Protection’s (CBP) inconsistent processes for
identifying special interest aliens (SIAs) created disparities in alien
screening. In July 2023, CBP’s Office of Field Operations (OFO) San Diego
Field Office and the U.S. Border Patrol (Border Patrol) Yuma and El Centro
sectors had a process to identify and provide additional screening of SIAs,
yet San Diego sector did not. This inconsistency occurred because CBP did
not have an agency-wide policy stating whether to identify aliens from
certain countries as SIAs. As a result, aliens from countries with links to
terrorism entered at least one CBP region that did not provide additional
screening.

The Office of Inspector General is issuing this inspection report to assess the U.S. Small Business Administration’s (SBA) initial response to Hurricane Milton, including staffing, loan application volume, response time to applicant queries, and timeliness of disaster loan approvals.

We found that in SBA’s initial disaster assistance response to Hurricane Milton, the agency promptly established a field presence, adequately staffed recovery centers, and responded timely to applicant queries.

Although SBA processed loan applications in 17 days on average, the agency was unable to disburse all but one of those loans during a 68-day funding lapse. As a result, the overall processing time from application receipt to disbursement of funds was 73 days on average for applications submitted before or during the funding lapse and 19 days on average for applications submitted after supplemental appropriations were approved.

We recommended SBA review current outreach strategies, including staffing assignments, and make appropriate changes to optimize resources, thereby ensuring maximum awareness of available assistance to disaster survivors. We also recommended the agency implement processes to gather feedback from applicants that would assist in monitoring the effectiveness of its outreach methods.

SBA management partially agreed with Recommendation 1 and agreed with Recommendation 2. Management’s response and planned action satisfy the intent of both recommendations.

Like other organizations, Amtrak (the company) has been migrating its existing technology systems and data and deploying new systems to the cloud, and its efforts are ongoing. During our ongoing audit of the company’s cloud computing practices, we identified two pressing cybersecurity issues. We are providing this early alert to bring these issues to the company’s immediate attention. Given the sensitive nature of the information, we are summarizing the results in this public version of the report.

SUMMARY OF RESULTS

Our work to date on the company’s cloud computing practices, which we plan to continue, identified two matters for immediate consideration. In commenting on a draft of this interim report, the company’s Executive Vice President for Digital Technology and Innovation agreed with our matters for consideration and described actions the company plans to take to address them.

The VA Office of Inspector General (OIG) conducted a healthcare inspection to evaluate facility leaders’ response to surgical care concerns related to two facility surgeons at the St. Cloud VA Medical Center (facility) in Minnesota.

The OIG found facility leaders generally met the Veterans Health Administration requirements for summary suspension notifications and initiation of focused clinical care reviews (FCCR) for the surgeons. However, the OIG identified concerns related to clinical privileges and professional practice evaluations for the medical staff.

The OIG determined that the surgical service chief failed to ensure that one surgeon’s application for privileges included recent surgical case volume and case mix as required. Additionally, although the focused professional practice evaluation plan for monitoring the surgeon included direct observation, the surgeon was not directly observed to ensure competency with surgical procedures. The OIG determined that facility leaders failed to initiate reporting of the surgeon to the state licensing board (SLB) when clinical care concerns were identified in the surgeon’s FCCR.

The OIG found facility surgeons’ ongoing professional practice evaluations reviewed only procedures completed in the surgical outpatient clinic and did not include the evaluation of operating room surgical procedures. The OIG is concerned that the failure to include all aspects of the surgeons’ practice limited facility leaders’ ability to ensure the effectiveness of the professional evaluation processes and processes used to monitor the quality of surgical care.

The OIG found that the surgical service chief was clinically inactive for the first two years of employment. As a result, facility leaders had no ability to ensure the competent clinical performance of the surgical service chief.

The OIG made four recommendations to the Facility Director related to comprehensive review of surgical service credentialing and privileging processes, professional practice evaluations, and SLB reporting processes.

We found that a former Research Archeologist at a non-profit organization embezzled over $35,000 of BOR funds for personal expenses.

To comply with Section 508 of the Rehabilitation Act of 1973, VA must make the information and communication technology it uses accessible to veterans with disabilities and anyone else seeking VA information. The OIG conducted this audit to follow up on a 2024 report on areas where VA’s implementation and monitoring of Section 508 requirements could be improved and to evaluate whether the procurement process for information and communication technology meets Section 508 standards.

The OIG team sampled 30 critical information technology and communications systems for review. The team did not independently verify compliance with Section 508 standards and relied on self-reporting by VA to assess progress and deficiencies. Of the 30 systems, VA’s Office of 508 Compliance classified only four as compliant. The OIG concluded that VA officials did not ensure the sampled information technology systems they procured would meet the accessibility standards required by law. The team also reviewed contract documentation for the 30 systems and found contracting officers and the designated officials for VA program offices did market research on vendors that could meet business requirements, but they took no additional action to verify that sampled systems were accessible to individuals with disabilities.

The OIG made four recommendations, including that the assistant secretary for information and technology ensure staff receive training and updated guidance on their roles and responsibilities. VA should also ensure the Office of 508 Compliance receives complete market research showing the technology VA seeks to procure is the most compliant under Section 508. The OIG also recommended the deputy assistant secretary for acquisition and logistics develop policies for ensuring information and communications technology procurements comply with Section 508.

We rated the Department of Homeland Security’s information security program for fiscal year 2024 as “effective,” according to this year’s reporting instructions. We based this rating on our evaluation of the Department’s compliance with requirements of the Federal Information Security Modernization Act of 2014 for unclassified and national security systems. DHS received a maturity rating of “Level 5 – Optimized” in the Identify and Respond functions and received a maturity rating of “Level 4 – Managed and Measurable” in the Protect, Detect, and Recover functions based on this year’s reporting guidance

Why We Did This Report

The U.S. Environmental Protection Agency Office of Inspector General initiated an evaluation of the risks to federal facility Superfund site remedies from sea-level rise or increased storm surge.

Summary of Findings

The OIG determined that 49 of the 157 federal facility Superfund sites on the National Priorities List are potentially at risk from sea-level rise or increased storm surge. Sea-level rise and increased storm surge at federal facility Superfund sites are of concern to the EPA because of the federal government’s role in overseeing cleanup at these sites and also because many of these sites are located near population centers and important ecological areas. Federal facility Superfund sites may be at risk if the cleanup remedies that have been implemented at those sites to keep people and the environment safe are susceptible to sea-level rise or increased storm surge.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

The audit objective was to determine if the Web-Based Licensing (WBL) System effectively manages the U.S. Nuclear Regulatory Commission’s (NRC) materials licensing and inspection information and provides for the security, availability, and integrity of the system data. 

The OIG found that the WBL System’s inactivity controls interrupt users’ work processes; WBL users are unable to edit role-based licensing information in the Export/Import and Decommissioning, Uranium Recovery and Waste Programs modules; the WBL User Guide lacks quality information for using certain WBL modules; WBL users are generally unfamiliar with the change control process; several WBL enhancements do not work as intended; the licensing and inspection modules do not contain quality data; and, WBL System data is not readily available for the agency to use in other applications.

The report contains 15 recommendations to increase the WBL System’s functionality, effectiveness, and users’ efficiency. 

Our objective was to assess the extent to which the company has effective processes and controls during the pre-award phase to ensure contracts it awards are in its best interest.

We found that certain pre-award contracting activities generally worked well, but we identified two areas where weaknesses place the company at greater risk of paying more than it should for goods and services. First, the company could better ensure its employees adhere to its requirements for contracts requiring cost estimates and technical evaluation committees. Second, consistent with considerations from our prior work, the company has opportunities to better identify and mitigate fraud risks that can occur during the pre-award phase of its procurement process. This includes collecting and analyzing data to detect contract and procurement fraud and identify suspicious patterns across solicitations

We recommended that the company’s Procurement department (1) develop and implement a process to assess ongoing solicitations to determine their compliance with company requirements, (2) develop additional guidance for contracting officers regarding cost estimate details, (3) collect and analyze pre-award data to identify fraud indicators, and (4) develop and implement additional recurring fraud training for employees involved in the pre-award phase.

Our Objective(s)To assess FAA's efforts to advance beyond visual line of sight (BVLOS) drone operations outside the parameters of existing drone regulations.
Why This AuditNationwide interest in using unmanned aircraft systems (UAS), commonly referred to as drones, in increasingly complex operations BVLOS is expanding. FAA has efforts underway to help advance BVLOS operations, policy, and rulemaking, including through the BEYOND program. However, there are potential challenges and safety risks associated with integrating drones into the National Airspace System (NAS). We initiated this audit to continue our oversight of FAA's drone integration efforts for complex BVLOS operations due to their potential for introducing risks to the NAS and the importance of maintaining the United States as a leader in aeronautics.
What We FoundFAA approved increasingly complex BVLOS drone operations.

FAA increased approvals for BVLOS operations from 1,229 in 2020 to 26,870 in 2023. FAA used small UAS rule waivers, air carrier operating certificates, and regulatory exemptions to increase approvals.

FAA's BVLOS operational goals and metrics were difficult for most lead participants to meet.

A majority of program lead participants did not meet most of BEYOND's six operational performance metrics, and operators flew only a small percentage of flights without a visual observer.
The BEYOND program's overall effectiveness is hindered by its lack of participant and mission variety.

FAA collects and shares partnership program data but is not using comprehensive data to inform rulemaking, and its validation process can lead to errors.

FAA applied lessons learned to enhance its data collection process but does not consolidate data across offices.
While BEYOND program data is shared with participants, it has limited use informing rulemakings.
FAA's data input and validation process is vulnerable to errors.

FAA ceased collecting data on BEYOND program societal and economic benefits and community engagement.

FAA's rulemaking team decided they no longer needed societal and economic benefits data, despite program goals to collect it.

RecommendationsWe made 7 recommendations to improve FAA's efforts to advance BVLOS drone operations outside the parameters of existing drone regulations.

Our audit objective was to assess the U.S. Department of Commerce’s management and implementation of the Grants Enterprise Management System (GEMS) project. We found that bureaus have procured multiple systems to manage grants; bureaus did not follow Department information technology investment review and governance processes before contracting for alternative grants management systems; the GEMS project should improve its management of requirements, cost, and schedule; and the National Oceanic and Atmospheric Administration’s transition to GEMS provided lessons for future transitions.