Federal Reports

This report presents a summary of the results of our self-initiated audits assessing mail delivery, customer service, and property conditions at four select delivery units in the St. Louis, MO region (Project Number 22-115). These delivery units were the Saint Peters Main Post Office (MPO) and the Maryville Gardens, Chouteau, and Marian Oldham Stations. We judgmentally selected these delivery units based on the number of customer inquiries per route each unit received and Stop-the-Clock (STC) scans occurring at each delivery unit. We previously issued interim reports to district management for each of these units regarding the conditions we identified. In addition, we issued a report on the efficiency of operations at the St. Louis Processing and Distribution Center (P&DC) which services these four delivery units.All four delivery units are in the Kansas-Missouri District of the Central Area. These four delivery units have a combined total of 113 city routes and 40 rural routes. Staffing at the delivery units during our audit included 137 full-time city carriers, 28 city carrier assistants, 41 rural carriers, 14 rural replacement carriers, one assistant rural carrier, 26 full-time clerks, and eight postal support employees (see Table 1).

This interim report presents the results of our self-initiated audit of mail delivery, customer service, and property conditions at the Bradley Carrier Annex in Milwaukee, WI (Project Number 22-147-4), and responds to a request from Senator Tammy Baldwin asking for a review of delivery operations in the Milwaukee, WI area. The Bradley Carrier Annex is in the Wisconsin District of the Central Area and services ZIP Codes 53223 and 53224. These ZIP Codes serve about 50,706 people and are considered to be urban communities.1 We judgmentally selected the Bradley Carrier Annex based on the number of Stop-the-Clock (STC)2 scans occurring at the delivery unit, rather than at the customer’s point of delivery.

Number 22-147-3), and responds to a request from Senator Tammy Baldwin asking for a review of delivery operations in the Milwaukee, WI area. The Dr. Martin Luther King Jr. Station is in the Wisconsin District of the Central Area and services ZIP Code 53212. This ZIP Code serves about 30,296 people and is considered to be an urban community.1 We judgmentally selected the Dr. Martin Luther King Jr. Station based on the number of Stop-the-Clock (STC)2 scans occurring at the delivery unit, rather than at the customer’s point of delivery.

This interim report presents the results of our self-initiated audit of mail delivery, customer service, and property conditions at the Waukesha Main Post Office (MPO) in Waukesha, WI (Project Number 22-147-2), and responds to a request from Senator Tammy Baldwin asking for a review of delivery operations in the Milwaukee, WI area. The Waukesha MPO is in the Wisconsin District of the Central Area and services ZIP Codes 53186, 53188, and 53189. These ZIP Codes serve about 94,982 people in a predominantly urban area.1 We judgmentally selected the Waukesha MPO based on the number of Stop-the-Clock (STC) scans2 performed at the unit.

This report presents the results of our self-initiated audit of the Efficiency of Operations at the Milwaukee Processing and Distribution Center (P&DC) in Milwaukee, WI (Project Number 22-154). We conducted this audit to provide U.S. Postal Service management with timely information on operational risks at this P&DC. We judgmentally selected the Milwaukee P&DC based on a review of clearance times; workhours, mail volume, and productivity; overall scanning performance; late, extra and cancelled trips; overtime and penalty overtime; and trailer utilization. The Milwaukee P&DC is in the Westshores Division, processes letters and flats,1 and services multiple 3-digit ZIP Codes in urban and rural communities2 (see Table 1).

This interim report presents the results of our self-initiated audit of mail delivery, customer service, and property conditions at the North Milwaukee Station in Milwaukee, WI (Project Number 22-147-1) in response to a request from Senator Tammy Baldwin asking for a review of delivery operations in the Milwaukee, WI area. The North Milwaukee Station is in the Wisconsin District of the Central Area and services ZIP Code 53209. This ZIP Code serves about 46,451 people and is considered to be an urban community.1 We judgmentally selected the North Milwaukee Station based on the number of Stop-the-Clock (STC)2 scans occurring at the delivery unit, rather than at the customer’s point of delivery.

OASB Complied With Statutory Requirements But Can Improve As It Matures, Report No. 573

The U.S. Postal Service announced Network Rationalization Initiatives in 2011 as an initiative to shrink its infrastructure through strategic consolidations and closings of mail processing facilities. The Postal Service used Area Mail Processing (AMP) guidelines to consolidate mail processing functions. These guidelines were designed to increase productivity through more efficient use of equipment, facilities, staffing, and transportation. To meet these objectives, the Postal Service consolidated the Cumberland Customer Service Mail Processing Center (CSMPC) in Western Maryland into the Baltimore Processing and Distribution Center (P&DC) by fiscal year 2014.On February 24, 2022, U.S. Representative David Trone of Maryland’s 6th Congressional District requested the Office of Inspector General examine service delays and disruptions in Western Maryland (3-digit ZIP Codes beginning with 215 and 267), including an examination of the current postal processing arrangement.

Findings Related to the Former SEC Ombudsman

To see our report, click on the link below

To see our report, click on the link below

We reviewed the process FAS used to award $300 million in ATP funding during FY 2019.

Dominic Signorelli, a podiatrist based in Los Angeles, was sentenced in U.S. District Court, Central District of California, on August 29, 2022, to five months in prison followed by 5 months’ home detention upon his release. He was ordered to pay a fine of $150,000 and to forfeit $955,000. Our investigation found that Signorelli received kickbacks from marketing companies for prescribing unnecessary compounded medications to patients without their knowledge. As a result of the scheme, Amtrak’s insurance providers were fraudulently charged approximately $22,000. A total of 11 defendants have been convicted and sentenced in conjunction with this scheme, with one defendant remaining to be sentenced.

As of June 30, 2022, there are 71 open recommendations (see Table 1 in the enclosed report), 10 of which were reported as implemented by management but remain open per OIG or Independent Public Accounting firm (IPA) determination; and none of the remaining 61 were considered "Overdue".

Our objective was to evaluate the effectiveness of DIA's overall information security program based on DIA's implementation of the Federal Information Security Modernization Act. We issued our results in a classified report on July 28, 2022.

Audit of NLRB IT Security for the FY 2022 FISMA submission

The Office of the Inspector General conducted an evaluation to determine if the Tennessee Valley Authority (TVA) was accurately calculating and reporting its capacity to meet energy demand. We made recommendations for TVA management to: (1) improve or create new processes to define how capacity should be calculated, used, and reported, internally and externally, (2) correct reporting errors identified and implement controls to prevent future recurrence, and (3) continue to evaluate the risk posed by TVA's current system position and take actions as necessary to address. TVA management agreed to implement our recommendations.(Summary Only)

From August 1953 through December 1987, the Agency for Toxic Substances and Disease Registry estimated one million individuals could have been exposed to contaminated drinking water at Camp Lejeune, a US military training facility. In March 2017, VA established a presumption of military service connection for eight illnesses related to veterans’ exposure to that contaminated water. The VA Office of Inspector General (OIG) conducted this review to determine whether Veterans Benefits Administration (VBA) staff followed regulations when processing and deciding claimed conditions potentially associated with contaminated water exposure at Camp Lejeune. Based on a statistical sample, the OIG estimated that of 57,500 Camp Lejeune-related claims for VA disability compensation benefits decided during the review period (March 14, 2017–March 31, 2021), VBA staff incorrectly processed 21,000. The two main errors were prematurely denying claims (17,200) by not sending required letters to veterans requesting evidence needed to document exposure and assigning incorrect effective dates for benefit entitlement (2,300 claims). Approximately 1,500 additional incorrectly processed claims involved technical or procedural errors. Premature denial of claims increased the risk that some veterans did not receive the benefits to which they were entitled, and veterans were underpaid at least $13.8 million in benefits over nearly four years because VA regional office staff did not assign the earliest effective date for benefits entitlement. The OIG found that errors were less likely to occur at the Louisville Regional Office, which processes most Camp Lejeune-related claims; staff from other VA regional offices lacked experience processing these claims. The OIG recommended that VBA centralize all Camp Lejeune-related claims processing at the Louisville Regional Office or implement a plan to mitigate the error rate disparity with other regional offices. VBA should also conduct targeted quality reviews of Camp Lejeune-related claims from all regional offices processing these claims.

For our final report on the audit of First Responder Network Authority’s (FirstNet Authority’s) process for developing Independent Government Cost Estimates (IGCEs) for its first two reinvestment task orders, our audit objective was to determine whether FirstNet Authority's process for reinvesting fee payments is effective and consistent with established practices, procedures, and regulations. We found that FirstNet Authority did not follow the U.S. Government Accountability Office's Cost Estimating and Assessment Guide when preparing and documenting IGCEs used to evaluate AT&T's proposals related to deployable and 5G task orders. Specifically, we found that FirstNet Authority did not: I. sufficiently document IGCEs; II. ensure that IGCEs reflected updates based on changed conditions; III. justify fair and reasonable pricing for additional requirements proposed by AT&T that were not included in the IGCEs; IV. address legal review concerns; and V. develop a cost estimating plan describing the steps for preparing an IGCE.

The U.S. Postal Service has one of the largest computer networks in the world, known as the [redacted] network, supporting its workforce and customers. The agency also has an extensive mail processing network critical to processing facilities nationwide. The Chief Information Officer oversees the Postal Service’s Information Technology organization. Two groups in this office are Network and Compute Technology (Telecom) and the Corporate Information Security Office (CISO). Telecom manages the network infrastructure and CISO protects and defends the network. To procure cybersecurity tools, CISO works closely with Supply Management, which is responsible for procuring goods and services for the Postal Service.

Interim Body Worn Camera Policy

We found that former Secretary Ryan Zinke and his former Chief of Staff did not comply with their duty of candor when they spoke to OIG investigators.

Objective: To determine whether the Social Security Administration (SSA) implemented appropriate controls and practices to manage its Agile software development projects.

We completed a corrective action verification (CAV) of recommendations from prior Office of Inspector General (OIG) audit reports on the U.S. Department of Housing and Urban Development’s (HUD) government purchase cards and government travel cards, both issued January 31, 2020. During our CAV, we followed up on all 10 recommendations from OIG audit report 2020-KC-0001 and all 13 recommendations from OIG audit report 2020-KC-0002. Our CAV objective was to determine whether HUD implemented adequate corrective actions in response to the recommendations.Corrective actions were not fully implemented or completed for 2 of 10 recommendations from audit report 2020-KC-0001 and 3 of 13 recommendations from audit report 2020-KC-0002. The Office of the Chief Procurement Officer (OCPO) and the Office of the Chief Financial Officer (OCFO) did not fully implement the agreed-upon corrective action plans because (1) responsibilities for the corrective actions transferred to three separate offices in less than 1 year and there were insufficient resources to complete the planned actions and (2) management later decided to change corrective action plans due to reporting difficulties, reluctance to collect information regarding disciplinary actions, and the timing of union negotiations. However, OCPO and OCFO closed the recommendations without revising the management decisions or fully implementing or completing the corrective actions. As a result, HUD lacked assurance that the agency used efficient and effective techniques to prevent or detect inappropriate use of government purchase and travel cards. Specifically, HUD could not ensure that disciplinary actions were performed when inappropriate use of government purchase and travel cards was detected or a consistent method was implemented for reviewing and analyzing (1) training records and (2) data for split transactions and appropriate methods of payment. We recommend that HUD submit a revised management decision to address the recommendation and fully implement those actions for two recommendations from OIG audit report 2020-KC-0001 (2020-KC-0001-001A and 002A) and three recommendations from OIG audit report 2020-KC-0002 (2020-KC-0002-001A, 001D, and 002C).

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements

We audited the Long Branch Housing Authority based on the results of our previous audits of the Asbury Park and Red Bank Housing Authorities, which received management services and technical assistance from Long Branch for several years. The objective of the audit was to determine whether Long Branch properly handled income and expenses associated with its agreements with Asbury Park and Red Bank in accordance with requirements.Long Branch did not properly handle income and expenses related to services provided under agreements with two other public housing agencies.  Specifically, it improperly accounted for more than $2.2 million as non-Federal funds.  Additionally, it did not properly allocate and support base payroll expenses and maintain adequate documentation to substantiate incentive payments.  This condition occurred because Long Branch improperly considered itself to be a contractor and did not have adequate controls to ensure compliance with Federal requirements.  As a result, HUD did not have assurance that $1.5 million in incentives paid from agreement income was eligible and reasonable, and nearly $700,000 in unspent agreement income that had not been used continued to improperly reside in a Long Branch account.  Additionally, HUD did not have assurance that an estimated $1 million in base payroll expenses was paid from the proper funds, and any Long Branch program funds used were not available to benefit its own residents.We recommend that HUD require Long Branch to (1) provide support to show the reasonableness and eligibility of the $1.5 million in employee incentives paid from agreement income or reimburse its program for any amount it cannot support, (2) provide support for a reasonable estimate of employee time used to perform services for the two agencies and reimburse its program for any program funds improperly used for those expenses, and (3) implement adequate controls to ensure that it properly classifies income received under any future agreements or activities and to ensure compliance with applicable cost principle requirements in the future.  Additionally, we recommend that HUD make a determination regarding nearly $700,000 in outstanding agreement income, including whether those unspent funds should be returned to the public housing agencies.

The Cybersecurity and Infrastructure Security Agency (CISA) has addressed the basic information sharing requirements of the Cybersecurity Act of 2015 (Cybersecurity Act) but has made limited progress improving the overall quality of threat information.

The Cybersecurity and Infrastructure Security Agency (CISA) has addressed the basic information sharing requirements of the Cybersecurity Act of 2015 (Cybersecurity Act) but has made limited progress improving the overall quality of threat information.

In recent years, several Department of Homeland Security (DHS) components have been victims of cyberattacks. To protect its sensitive information from potential exploitation, DHS implements multiple layers of defense against malware, ransomware, and phishing attacks.

Chau Nguyen, a.k.a. Cindy Le, a resident of Yorba Linda, California, was sentenced on August 22, 2022, in United States District Court, Central District of California, to one day in prison (time served), 12 months’ home confinement, and was ordered to pay $7,623,701 in joint restitution to Tricare and $70,065 to Amtrak. Our investigation found that Cindy Le’s husband, Tony Le, who is serving a 70-month prison sentence, used his pharmacy to submit more than $13 million in fraudulent claims for unnecessary compounded medications to both Tricare and Amtrak’s health care plans. When Tony Le was away from the pharmacy, Cindy Le continued the fraudulent scheme to illegally bilk the insurance plans. Five defendants were convicted and sentenced in this investigation, and a total of $838,552 in restitution has been ordered paid to Amtrak.

We initiated this work as a survey of Amtrak’s practices for developing and managing construction contracts. During our review, however, we identified other relevant challenges, which we are raising to inform key stakeholders as the company plans to receive its first tranche of funding from the Infrastructure Investment and Jobs Act.We found that the company’s electronic procurement system, Ariba on Demand, is not operating as a centralized and automated repository for storing its procurement contracts. This has led to contracting officers storing contract files and supporting documentation in multiple systems (in addition to Ariba on Demand) like SharePoint—a web-based collaboration platform—and on personal drives. As a result, using Ariba on Demand, our auditors were unable to determine the total number of company contracts, suppliers, and change orders. Amtrak also cannot readily find such data in Ariba on Demand or any other system. The lack of a centralized and automated repository limits companywide oversight of contracts and poses legal and financial risks. These risks will persist and be exacerbated by the influx of Infrastructure Investment and Jobs Act funds and the initiation of new construction projects. In addition, we identified six challenges with Ariba on Demand—as the company is currently using it—including a limited ability to protect sensitive information, difficulties registering suppliers, and various technical limitations that require manual workarounds and increase the time and effort necessary to develop and manage construction contracts.The company may want to determine whether Ariba on Demand has the capability to meet its needs for an automated contract repository and, if not, to explore other viable solutions. In addition, it may want to assess the relative risks of the other challenges we identified and prioritize addressing them.

The official did not comply with the Ethics Pledge by participating in a meeting with a former employer within 2 years of the official’s appointment.

In our final report, we determined what TEFAP flexibilities were available to States during the pandemic and FNS’ oversight of the States and Eligible Recipient Agencies’ compliance with administrative fund requirements.

Our objective was to evaluate the effectiveness of the Postal Service’s security controls to protect and manage its wireless infrastructure. Specifically, we conducted a technical wireless network assessment at four postal facilities from January through April 2022 using both [redacted] to determine if security controls were in place and functioning as intended.

The Office of Inspector General (OIG) evaluated and tested USDA’s virtualization platforms for compliance with controls found in National Institute of Standards and Technology (NIST) and industry best practices to determine the status of USDA’s overall management and security of IT resources.

An Amtrak Service/Train Attendant based in New Orleans was terminated from his position on August 18, 2022, following his administrative hearing. Our investigation found that the former employee violated company policies by engaging in outside self-employment while on a medical leave of absence.

We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, and system security controls for the enterprise-wide intelligence system. The Department’s information security program for FY 2021 was rated as “ineffective,” according to reporting instructions

We conducted covert tests to determine the effectiveness of TSA’s checked baggagescreening technologies, related procedures, and whether Transportation SecurityOfficers complied with screening policies and procedures. We identified vulnerabilitieswith TSA’s screener performance, associated procedures, and screening equipment.Details related to our testing results presented in the report are classified or designatedSensitive Security Information. We are making three recommendations that whenimplemented, should improve TSA’s checked baggage screening operationaleffectiveness. TSA concurred with all three recommendations.

The VA Office of Inspector General (OIG) assessed allegations at the VA Greater Los Angeles Health Care System in California (facility) that community living center (CLC) nursing staff failed to (i) assess a resident who was complaining of pain; (ii) properly document assessments, reassessments, treatments, or interventions; and (iii) follow and implement a provider’s order related to transferring the resident to a higher level of care. The OIG also identified concerns associated with an institutional disclosure and inadequate care coordination.The OIG found that the day charge nurse’s assessment was delayed and incomplete, and the day charge nurse failed to properly document the resident’s reassessments, treatments, and interventions. However, the OIG did not substantiate that other individual nursing staff members involved with the resident’s care failed to properly document the resident’s care. The OIG substantiated that nursing staff failed to document and carry out a telephone order to transfer the resident to the Emergency Department but was unable to determine if this impacted the patient’s outcome. The OIG determined that following the resident’s death, facility staff failed to conduct a comprehensive review of events leading up to and contributing to the resident’s death and, due to a lack of coordination of care at the time of discharge from the inpatient unit, the resident did not have the needed equipment upon admission to the CLC.The OIG made 10 recommendations to the Facility Director regarding confirmation of CLC nursing staff’s knowledge of policies related to nursing practices, documentation, pain assessments, verbal orders, Joint Patient Safety Reports, administrative reviews, and quality assurance reviews; a review of hand-off communications; the need for peer reviews specific to the resident’s care and CLC admission processes related to respiratory therapy equipment; completion of action items identified in the Corrective Action Plan and an institutional disclosure.

BackgroundThe U.S. Postal Service has essential business relationships with its suppliers to perform many functions that closely support Postal Service operations. The Postal Service aims to build and maintain these relationships based on the potential impact suppliers’ performance has on the Postal Service’s operational and financial position. From fiscal years (FY) 2019 to 2021, the Postal Service’s managed spend for goods and services was about $17 billion on contracts distributed throughout ten Supply Management Category Management Centers and four Portfolios. What We DidOur objective was to determine if the Postal Service evaluates and manages risks associated with suppliers’ performance to fulfill contractual requirements successfully. We reviewed a judgmental sample of 94 Postal Service suppliers with a managed spend of $1 million and above per contract from FYs 2019 to 2021.

We audited the U.S. Department of Housing and Urban Development’s (HUD) Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (CARES Act) (ESG-CV) program. Our audit objective was to determine what challenges ESG-CV grant recipients faced in implementing the program and using grant funds. We used a survey questionnaire to gather feedback and insight directly from the 362 recipients of ESG-CV grants. At the time we initiated this audit in July 2021, ESG-CV grant recipients had spent $563,178,336 of available $3.96 billion grant funds. We performed this audit to assist HUD’s Office of Community Planning and Development in identifying opportunities to improve the timeliness and use of ESG-CV grant funds.Our survey questionnaire of the ESG-CV grant recipients found that they faced challenges in implementing the program and using grant funds. The grant recipients needed an extension beyond the spending deadline of September 30, 2022, to use a majority or all of their ESG-CV funds. HUD subsequently extended the spending deadline to help address this issue. The top challenges identified by the grant recipients included staff capacity and coordinating with other sources of pandemic related funding. In addition, a majority of the grant recipients that provided ESG-CV funds to subrecipients stated that the pandemic impacted their ability to effectively monitor their ESG-CV subrecipients. As a result, while HUD has taken action to help address the spending deadline concerns, the grantees’ challenges with capacity, multiple funding sources, and monitoring their subgrantees may increase the risk of misuse of the funds. HUD can use the results of our survey questionnaire to potentially improve the continued implementation of the ESG-CV program and to inform its risk assessment of ESG-CV grantees.We recommend that the Principal Deputy Assistant Secretary for Community Planning and Development consider including grant recipients’ challenges with capacity, multiple sources of funding, and subgrantee monitoring as part of CPD’s risk assessments.

An Amtrak service attendant based in Seattle resigned from his position on August 17, 2022, as a result of our investigation into his alleged abuse of COVID-19 Leave. Our investigation found that the employee was placed on COVID-19 Leave on July 8, 2022, a type of leave that is granted for a 5-day period. However, the employee failed to produce proof of a COVID-19 diagnosis, as required by the company, and remained away from work for 30 days. Our investigation found that the employee was working as a travel advisor for a travel agency at the time of his resignation.

What We Looked AtThis report presents the results of our quality control review (QCR) of an attestation examination of the Department of Transportation's (DOT) Enterprise Services Center (ESC) controls. ESC provides financial management services to DOT and other agencies and operates under the direction of DOT's Chief Financial Officer. The Office of Management and Budget requires ESC, as a service organization, to either provide its user organizations with independent audit reports on the design and effectiveness of its internal controls, or allow user auditors to perform tests of its controls.We contracted with KPMG LLP to conduct this examination subject to our oversight. The objectives of the review were to determine whether (1) management's description of ESC's systems is fairly presented, (2) ESC's controls are suitably designed, and (3) ESC's controls are operating effectively throughout the period of October 1, 2021, through June 30, 2022. We performed a QCR on KPMG's report and related documentation.What We FoundOur QCR disclosed no instances in which KPMG did not comply, in all material respects, with generally accepted Government auditing standards.Our RecommendationsKPMG made no recommendations.The quality control review and attachments have been marked as For Official Use Only to protect sensitive information exempt from public disclosure under the Freedom of Information Act, 5 U.S.C. § 552. To receive a copy of the report, please contact our Freedom of Information Act Office.

• The magnitude and immediacy of the impact of high inflation on the Postal Service vary widely according to the category of costs and revenue. For example, inflation has a direct impact on cost-of-living adjustments (COLAs), which are pegged to the inflation rate.• Price increases for market dominant products, such as First-Class Mail, are also directly tied to inflation, albeit with a lag.• USPS can only invest cash in short-term Treasury securities, whose low interest rates do not compensate for inflation. A primary way that inflation impacts labor costs, which account for two-thirds of Postal Service’s expenses, is through cost-of-living adjustments (COLAs), which are pegged to the inflation rate. However, COLAs increase wages less than the rate of inflation, and only 72 percent of USPS employees receive COLAs. While inflation also affects the cost of products and services USPS purchases in the market, the immediacy of the impact depends on contract terms concerning price adjustments and contract lengths. For example, fuel price increases can have an immediate impact through monthly adjustments to the contracts with suppliers of contracted transportation services.Price increases for market dominant products, such as First-Class Mail, are directly tied to inflation in the year before USPS filed a notice of price changes, as measured by the Consumer Price Index for All Urban Consumers (CPI-U). However, the Postal Service can increase prices above CPI-U when certain conditions are met.Lastly, inflation erodes the purchasing power of the Postal Service’s cash on hand and borrowing limit. In particular, USPS is restricted to investing its liquidity in short-term Treasury securities, whose low interest rates do not compensate for inflation. The Postal Service should work with stakeholders to strengthen mechanisms in place to mitigate the risks of high inflation.

We audited costs claimed and grant compliance by the CNMI, Department of Lands and Natural Resources, under grants awarded by the FWS.

For our final report on our audit of the United States Patent and Trademark Office’s (USPTO’s) oversight of Patent Data Capture (PaDaCap) contracts, our audit objective was to determine whether USPTO awarded and administered PaDaCap contracts in compliance with applicable laws and federal regulations and U.S. Department of Commerce policies and procedures. To address this objective, we assessed the justification and approval of noncompetitive acquisitions, risk assessment and mitigation activities, and oversight of contractor performance. Overall, we found that USPTO did not fully comply with relevant requirements when awarding and administering the PaDaCap contracts. Specifically, we found the following: I. Ineffective acquisition planning delayed the use of competition and achieving lower prices; II. USPTO inadequately managed contract risks; III. USPTO did not timely inspect contractor deliverables and track errors; and IV. USPTO inadequately addressed contractor security issues.

BackgroundCybersecurity, a major enterprise risk consideration, is the practice of protecting systems, networks, and programs from cyberattacks. Cyberattacks targeting the critical infrastructure are increasing in frequency and sophistication, making a well-defined, proactive cybersecurity approach critical. To address these threats, the U.S. Postal Service’s Corporate Information Security Office (CISO) focuses on five cybersecurity strategic objectives: protect, monitor, respond, manage, and innovate. What We DidOur objective was to assess the effectiveness of the Postal Service’s state of cybersecurity, specifically evaluating its (1) risk profile and organizational alignment with the cybersecurity strategy, (2) cybersecurity risk management process and vulnerability management program for consistency and appropriateness, and (3) enterprise security architecture processes for alignment with best practices.

At the request of the Tennessee Valley Authority's (TVA) Supply Chain, we examined the cost proposal submitted by a company for coal combustion residual (CCR) program management services. Our examination objective was to determine if the company's cost proposal was fairly stated for a planned 20-year contract.In our opinion, the company's cost proposal was overstated. Specifically, we found the company's proposed:Gallatin Fossil Plant (GAF) project for $364.1 million included (1) craft labor rates not compliant with TVA's Project Labor Agreement (PLA), (2) overstated markup rates, and <br> (3) excessive fee.Alternate GAF proposal for $361.5 million included overstated escalation on TVA's heavy equipment, in addition to the same overstated costs in the company's $364.1 million GAF proposal.Contract rate attachments included (1) overstated and incorrect labor and labor markup rates, (2) overstated equipment rates, and (3) overstated time and material (T&M) rates.We estimated TVA could avoid either (1) $20.1 million on the proposed $364.1 million GAF project or (2) $28.6 million on the alternate proposed $361.5 million GAF project by negotiating appropriate reductions to the proposals. In addition, we suggest TVA negotiate to revise the company's rate attachments to (1) comply with the PLA and (2) appropriately reduce the labor markup rates, equipment rates, and T&M rates.(Summary Only)