Federal Reports

Because key accounting policies were not adhered to, the EPA cannot ensure that $6.8 million in appropriated dollars went toward their intended purposes, potentially violating laws.

VA’s Financial Services Center (FSC) provides products and services to VA and other government agencies. The OIG inspected the FSC to determine whether it was meeting federal guidance in four security control areas: configuration management, contingency planning, security management, and access controls.Within configuration management, the inspection team identified deficiencies with component inventory, vulnerability management, and flaw remediation. Although the inspection team and VA’s Office of Information and Technology (OIT) both used the same vulnerability-scanning tools, OIT did not detect 228 of the 252 vulnerabilities the team identified. The poor component inventories and vulnerability management contributed to inadequate patch management. Without these controls, VA may be placing critical systems at unnecessary risk of unauthorized access, alteration, or destruction. The inspection team did not identify significant findings in the controls implemented for contingency planning, other than a minor delay in reviewing policies.The team’s review of security management controls identified that the FSC did not have procedures for how to maintain systems and information integrity. Without procedures, staff may not know how to apply policies or be held accountable for their failure to do so. Finally, the team identified access control deficiencies, as 107 of the 278 FSC systems failed to generate or forward audit logs for analysis. Also, the FSC’s video surveillance system was not fully functional. Ineffective monitoring and recording of facility activities supporting information systems minimizes the FSC’s incident response capabilities. A lack of an effective incident response capability can undermine management’s awareness of security vulnerabilities that could hinder the operation of mission critical systems.The OIG recommended maintaining an accurate inventory, implementing a more effective patch and vulnerability management program, developing local system and information integrity procedures, generating and forwarding audit reports for analysis, and continuing to upgrade the video surveillance system.

VA’s Financial Services Center (FSC) provides products and services to VA and other government agencies. The OIG inspected the FSC to determine whether it was meeting federal guidance in four security control areas: configuration management, contingency planning, security management, and access controls.Within configuration management, the inspection team identified deficiencies with component inventory, vulnerability management, and flaw remediation. Although the inspection team and VA’s Office of Information and Technology (OIT) both used the same vulnerability-scanning tools, OIT did not detect 228 of the 252 vulnerabilities the team identified. The poor component inventories and vulnerability management contributed to inadequate patch management. Without these controls, VA may be placing critical systems at unnecessary risk of unauthorized access, alteration, or destruction. The inspection team did not identify significant findings in the controls implemented for contingency planning, other than a minor delay in reviewing policies.The team’s review of security management controls identified that the FSC did not have procedures for how to maintain systems and information integrity. Without procedures, staff may not know how to apply policies or be held accountable for their failure to do so. Finally, the team identified access control deficiencies, as 107 of the 278 FSC systems failed to generate or forward audit logs for analysis. Also, the FSC’s video surveillance system was not fully functional. Ineffective monitoring and recording of facility activities supporting information systems minimizes the FSC’s incident response capabilities. A lack of an effective incident response capability can undermine management’s awareness of security vulnerabilities that could hinder the operation of mission critical systems.The OIG recommended maintaining an accurate inventory, implementing a more effective patch and vulnerability management program, developing local system and information integrity procedures, generating and forwarding audit reports for analysis, and continuing to upgrade the video surveillance system.

This report presents the OIG’s Fiscal Year (FY) 2021 assessment of the effectiveness of GAO’s information security program in relation to selected Federal Information Security Modernization Act of 2014 (FISMA) requirements.

This report offers our perspective relative to issues the company could face as it prepares to receive funding from the Infrastructure Investment and Jobs Act (IIJA), which could begin later in fiscal year 2022. While the OIG recognizes the company has made significant progress in the past decade, this report focuses on specific challenges relative to receiving IIJA funds.Safe operations and a safe workplace will remain the cornerstone of the company’s success. Taken as a whole, however, the sheer size of the IIJA’s funding and requirements could strain the company’s ability to manage its current operations while concurrently planning and managing a long-term multibillion-dollar infrastructure portfolio. Therefore, as the company prepares for its expanded role, we highlighted four challenges for consideration.• Demonstrating fiscal responsibility, including transparently and accurately accounting for IIJA funds.• Building a skilled workforce to plan and execute IIJA projects.• Working collaboratively with partners to achieve common IIJA goals.• Improving program and project management for IIJA endeavors.

Our objective was to determine to what extent the establishment of CBP’s Centers of Excellence and Expertise (Centers) has improved the assessment, collection, and protection of revenue. The absence of performance standards made it difficult to determine to what extent the establishment of the Centers improve these, but we identified several areas in which CBP could improve its compliance with the Trade Facilitation and Trade Enforcement Act of 2015 (TFTEA), and its procedural guidance for the Centers. Without established performance standards, CBP cannot determine if the Centers are achieving established goals, operating as intended, collecting and protecting trade revenue, or meeting the legislated mission set forth in the TFTEA. We made five recommendations to strengthen CBP’s procedures for assessing, collecting, and protecting trade revenue. CBP concurred with our recommendations.

Our objective was to determine the extent to which FEMA coordinated shelter and supplies to unaccompanied minors along the southwest border. We determined FEMA accomplished its operational goals to help U.S. Department of Health and Human Services (HHS) provide shelter and supplies to unaccompanied children from the U.S. southwest border. Specifically, FEMA worked closely with HHS to establish 14 emergency intake sites in high priority locations in Texas, California, Michigan, and Pennsylvania. FEMA also assisted HHS to build out 23,253 beds and provide other critical supplies, such as food, water, beds, blankets, and medical supplies to emergency intake sites. We did not make any recommendations as a result of this audit. FEMA chose not to submit management comments to the draft report.

The objectives of our audit were to determine whether Bais HaMedrash and Mesivta of Baltimore (1) applied and documented its use of professional judgment in accordance with section 479A of the Higher Education Act of 1965, as amended (HEA), and (2) reported its use of professional judgment in accordance with the Application and Verification Guide.Bais HaMedrash and Mesivta of Baltimore did not apply professional judgment in accordance with section 479A of the HEA for 52 (80 percent) of the 65 students for whom it applied professional judgment for award year 2017–2018, award year 2018– 2019, or both.Additionally, Bais HaMedrash and Mesivta of Baltimore did not document its use of professional judgment in accordance with section 479A of the HEA for 37 (57 percent) of the 65 students for whom it applied professional judgment for award year 2017–2018, award year 2018–2019, or both.

This report summarizes work that OIG initiated and completed during this semiannual period ending March 31, 2022, on a number of critical Departmental activities. Over the past 6 months—in addition to issuing OIG's annual "Top Management and Performance Challenges Facing the Department of Commerce" report—OIG issued 15 products related to its audit, evaluation, and inspection work. These products addressed programs and personnel associated with the First Responder Network Authority, National Oceanic and Atmospheric Administration (NOAA), United States Patent and Trademark Office, and the Department itself. This report also describes OIG's investigative activities addressing programs and personnel associated with the Minority Business Development Agency, NOAA, and the Department itself.

Spring 2022 GPO OIG Semiannual Report to Congress October 1, 2021 - March 31, 2022

The OBLR did not complete all certified corrective actions and still lacks current and accurate information needed to monitor an estimated $46.6 million of program income.

The objective of the audit is to express an opinion on whether the Commission’s financial statements are presented fairly, in all material respects, in accordance with accounting principles generally accepted in the United States.

The objective was to determine the extent that Cybersecurity and Infrastructure Security Agency’s (CISA) Office for Bombing Prevention (OBP) manages and assesses national capabilities to counter improvised explosive devices (C-IED). OBP needs to improve management of component participation or tracking milestone completion dates as required.

An Information Technology Manager based in Washington, D.C., was terminated from the company on March 30, 2022. We found that the manager violated company policies by discussing bidding strategies with a vendor and providing exclusive access to company facilities prior to the vendor submitting its bid to the company, giving the vendor an unfair competitive advantage.

This report presents the results of our self-initiated audit of Deposit by Mail (DBM) Controls at the U.S. Postal Service’s [redacted] (Project Number 22-234). The [redacted] is in the Lakeshores division of the Western Processing region of the Postal Service. This audit was designed to provide Postal Service management with timely information on potential financial and security risks related to DBM service at the [redacted].In February 2015, the Postal Service and a bank initiated the DBM service to allow cash and high-value mailings to be sent to the bank from retail customers through the Postal Service Priority Mail system. The bank has [redacted] retail customers that participate in the DBM service. The Postal Service receives only the revenue from postage paid on the Priority Mail pieces as high-value DBM mail is handled and processed like any other Priority Mail. DBM mail is processed at [redacted] —for delivery to the bank. The U.S. Postal Inspection Service and Postal Service personnel are responsible for security at these [redacted]. Our review focused on DBM mail service routed through the [redacted].

We reviewed the process RD used to prioritize loans and grants for substance use disorder facilities.

In reviewing FY 2019 through 2020 expenditures and obligations, an independent auditor found an instance of noncompliance with laws and regulations.

We audited the State of Florida’s Housing Repair and Replacement Program (HRRP), one of the programs that the State developed to address its unmet disaster recovery housing needs because of Hurricane Irma in 2017. We audited this program due to the large amount of Community Development Block Grant Disaster Recovery (CDBG-DR) funding allocated of $346.2 million. Our audit objective was to determine whether the State administered its 2017 CDBG-DR funds for its HRRP effectively and efficiently. Specifically, we focused on determining whether the State (1) effectively used funds for eligible homeowners and properties, (2) effectively ensured that homeowners did not receive duplication of benefits, and (3) administered this housing program in a cost-efficient and prudent manner.The State administered its HRRP effectively for the seven projects reviewed by ensuring that funds were used for eligible homeowners and properties and duplication of benefits did not occur. However, the State did not have cost reasonableness analyses for the overhead and profit amounts paid to contractors totaling $107,036 and allowed percentages up to 65 percent of the contract price. The State also misclassified $134,383 in activity delivery costs that were not eligible to be classified to the HRRP activity. These deficiencies occurred because the State did not have adequate policies and procedures to ensure the cost reasonableness of overhead and profit and proper classification of expenditures. As a result, the State could not provide assurance that disaster recovery grant funds were used in a cost-efficient and prudent manner and funds were properly classified in the reporting system for the projects and activity delivery costs reviewed.We recommend that the Deputy Assistant Secretary require the State to (1) support or reimburse its HRRP for $107,036 in overhead and profit expenditures from non-Federal funds, review the remaining contracts executed under similar circumstances, and support or reimburse overhead and profit expenditures; (2) update policies and procedures to ensure that cost reasonableness analyses are performed on overhead and profit percentages charged by contractors for future contracts; (3) develop and implement procedures to carry out recent changes made to the State’s policy manual; and (4) train staff to ensure the proper classification of expenditures.

We contracted with Williams, Adley & Company-DC, LLC, an independent certified public accounting firm (CPA firm), to audit the financial statements of the National Endowment for the Arts (NEA) for the fiscal year ended September 30, 2021. In the Independent Auditors' Report, the CPA firm concluded that the NEA’s financial statements were fairly presented in all material respects and thereby issued an unmodified opinion on those statements. In the Report on Internal Control, the CPA firm did not identify any material weaknesses. In the Report on Compliance, the CPA firm concluded that there were no instances of noncompliance for fiscal year 2021 that would be reportable under U.S. generally accepted government auditing standards.

Without documented procedures governing software management and vulnerability remediation processes, the EPA continues to be at risk of outsiders gaining access to compromise and exploit Agency systems and data.

What We Looked AtUnmanned Aircraft Systems (UAS) serve diverse sectors of the economy and are rapidly growing in number across the Nation. As UAS technology and physical and operational characteristics evolve, opportunities for some systems to evade detection and create challenges for the National Airspace System (NAS) arise. Many UAS are used for legitimate operations; however, the systems can also be used for malicious or disruptive activities by terrorists, criminal organizations, or other lone actors. To respond to these threats, private industry has developed countermeasure or mitigation technologies referred to as counter-UAS (C-UAS). Given the increasing safety and security concerns related to UAS, the Ranking Members of the House Committee on Transportation and Infrastructure and its Subcommittee on Aviation requested that we assess the Federal Aviation Administration's (FAA) C-UAS coordination efforts. Accordingly, our objectives were to assess (1) FAA's process for coordinating with other Federal agencies authorized to issue guidance and implement the use of C-UAS technologies and (2) strategies undertaken by FAA to ensure that the use of C-UAS technologies by other authorized agencies do not adversely affect aviation and aerospace safety.What We FoundFAA is coordinating with Federal agencies that use UAS detection and C-UAS technologies to ensure there is no impact to the NAS by such use. However, FAA has not conducted a strategic assessment of the UAS detection and C-UAS program to ensure it has the resources needed and agile coordination processes in place to keep pace with increasing demand. Further, because FAA has not yet completed the necessary testing of UAS detection and C-UAS technologies, the Agency cannot fully assess their impact to aviation safety and security, and may not understand those impacts for several years.Our RecommendationsFAA concurred with all three recommendations to improve the effectiveness of its C-UAS coordination and testing programs and provided appropriate actions and completion dates. We consider these recommendations resolved but open, pending completion of planned actions.

We audited the Housing Authority of Plainfield, NJ’s administration of its public housing programs. We selected the Authority based on a risk analysis of public housing agencies in New Jersey that considered the size of the agency, the amount of operating and capital funds received, and previous work conducted by the Office of Inspector General. The objective of the audit was to determine whether the Authority administered its Public Housing Operating Fund and Capital Fund programs in accordance with U.S. Department of Housing and Urban Development (HUD), Federal, and Authority requirements.The Authority did not always comply with Federal, HUD, State, and Authority requirements when administering its public housing programs. Specifically, the Authority (1) made an unauthorized disposition of property by entering into a long-term rooftop lease and did not properly handle nearly $1.3 million in related proceeds and (2) did not comply with procurement requirements when purchasing $4.1 million in goods and services. These conditions occurred because the Authority did not fully understand its relationship with HUD and requirements for property disposition, related proceeds, and procurement and because it did not have adequate controls in place. As a result, (1) HUD did not have assurance that its interest and investment were adequately protected and that $1.3 million in rooftop lease proceeds was properly accounted for and used for planned, approved purposes, and (2) the Authority paid nearly $2.9 million in unsupported costs and may pay an additional $1.2 million for procurements not adequately performed and documented.We recommend that HUD require the Authority to (1) terminate the current rooftop lease; (2) remedy the reporting and use of proceeds issues related to the nearly $1.3 million in proceeds received under the lease; (3) repay from non-Federal funds any proceeds used for unallowable expenses; (4) obtain HUD approval of any new lease agreement; and (5) implement controls to ensure compliance with requirements for third-party agreements and that disposition proceeds are properly accounted for and used. Further, we recommend that HUD require the Authority to (1) support that nearly $2.9 million paid for goods and services was reasonable in accordance with applicable requirements or repay from non-Federal funds any amount that it cannot support; (2) support that $1.2 million in funds not yet spent on the contracts reviewed, along with any new procurements, would be reasonable or reallocate the funds; (3) ensure that its staff receives training on applicable requirements; and (4) improve its controls to ensure that future procurement actions comply with requirements and that prices paid for goods and services are reasonable.

As of November 1, 2021, the EPA had 93 overdue RTRs or TRs, almost half of which were overdue by more than five years. These reviews are used to establish limits for air toxics emissions and to protect public health.

This report contains information about recommendations from the OIG's audits, evaluations, reviews, and other reports that the OIG had not closed as of the specified date because it had not determined that the Department of Justice (DOJ) or a non-DOJ federal agency had fully implemented them. The list omits information that DOJ determined to be limited official use or classified, and therefore unsuitable for public release.The status of each recommendation was accurate as of the specified date and is subject to change. Specifically, a recommendation identified as not closed as of the specified date may subsequently have been closed.

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report provides a focused evaluation of the leadership performance and oversight by Veterans Integrated Service Network (VISN) 6: VA Mid-Atlantic Health Care Network in Durham, North Carolina, covering leadership and organizational risks and key processes associated with promoting quality care. This inspection also focused on COVID-19 Pandemic Readiness and Response; Quality, Safety, and Value; Medical Staff Credentialing; Environment of Care; Mental Health: Suicide Prevention; Care Coordination: Inter-facility Transfers; and Women’s Health: Comprehensive Care.The VISN’s executive leadership team consisted of the acting Network Director, acting Deputy Network Director, acting Chief Medical Officer, and Chief Nursing Officer, who had worked together for about four months. Additional VISN leaders included the Quality Management Officer and acting Human Resources Officer. Selected survey scores related to employees’ satisfaction indicated that leaders were engaged and promoted a culture where employees felt safe bringing forward issues and concerns. Opportunities appeared to exist to improve employee perceptions of servant leadership and reduce feelings of moral distress in the workplace. Patient experience survey scores were lower than VHA averages.The OIG’s review of access metrics and clinical vacancies identified potential organizational risks at selected facilities, with extended average wait times and clinical vacancies in certain specialties. The executive leaders were knowledgeable within their scope of responsibilities about VHA data and factors contributing to poorly performing quality measures; however, opportunities existed to improve their facility-level oversight of quality, safety, and value; care coordination; and high-risk processes.The OIG issued five recommendations for improvement in three areas:(1) Medical Staff Credentialing• Physician credentials review process(2) Environment of Care• Emergency management committee meetings• Annual review of VISN-wide strengths, weaknesses, priorities, and requirements for improvement(3) Women’s Health• Annual site visits• Staff education gap assessments

The VA Office of Inspector General (OIG) assessed the stewardship and oversight of funds by the Durham VA Health Care System in North Carolina and identified potential cost efficiencies in carrying out medical center functions from October 1, 2020, through March 31, 2021. The healthcare system had 309 inactive obligations totaling $81.7 million. Of these 309 obligations, 200 (totaling over $74 million) had no activity for 181 days or more. In a subsample of 20 obligations, VA staff had not reviewed 17, as required. If inactive obligations are not reviewed, these funds cannot be reobligated and used in that fiscal year to support veterans. The OIG also found that, contrary to VA policy, healthcare system staff used purchase cards instead of contracts for 21 of 40 sampled transactions (53 percent), totaling approximately $328,000. These 21 transactions were missing required supporting documentation to verify that the transactions were approved and payments were accurate, resulting in $308,000 in questioned costs. Furthermore, the purchase card coordinator did not conduct required quarterly audits. The healthcare system had 105 more administrative full time equivalent staff than the expected number, which suggests the potential opportunity to improve efficiency. The healthcare system could improve pharmacy efficiency by narrowing the gap between the facility’s observed drug costs and expected drug costs, bringing the turnover rates closer to the Veterans Health Administration–recommended level, and meeting requirements for noncontrolled drug line audits. The OIG made nine recommendations to the healthcare system director and one recommendation to the director of contracting for Network Contracting Office 6, VA Mid-Atlantic Health Care Network.

SB & Company found that the lack of off-site data backups increases the CSB’s risk of losing significant data.

We conducted a limited review of nursing home owners to identify their operational challenges and needs of nursing homes in responding to the Coronavirus Disease 2019 (COVID-19) pandemic. Our objective was to determine the biggest challenges operators of Section 232 nursing home facilities face related to the COVID-19 pandemic and whether nursing homes are prepared to meet their future financial obligations. Most of the owners who responded to our survey indicated that nursing homes experienced financial and operational challenges during the pandemic. These challenges included staffing shortages; COVID-19 infections in residents and staff; large fluctuations in occupancy levels; rising operating costs; and difficulties in responding to local, State, and Federal requirements.

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report provides a focused evaluation of VHA facilities’ selected medical staff privileging program requirements. The report describes related findings from healthcare inspections performed at 36 VHA medical facilities from November 4, 2019, through September 21, 2020. Each inspection involved interviews with facility leaders and staff and reviews of clinical and administrative processes. The OIG reviewers evaluated meeting minutes and other relevant documents.The OIG found general compliance with many of the selected requirements. However, the OIG identified weaknesses with focused professional practice evaluation criteria, reprivileging decision processes, ongoing professional practice evaluations, processes for recommending continuing privileges, timely completion of and required signatures for provider exit review forms, and state licensing board reporting.The OIG issued six recommendations, including three repeat recommendations related to:• minimum specialty criteria for focused professional evaluations,• inclusion of service-specific criteria in ongoing professional practice evaluations, and• use of professional practice evaluation results in executive committee recommendations to continue licensed independent practitioners’ privileges.

The objective of this audit was to determine theeffects of COVID-19 and the events of January 6, 2021, on the CHOBr Project.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements

This report presents the results of our self-initiated audit of Efficiency of Operations at the Columbus Processing and Distribution Center (P&DC) in Columbus, OH (Project Number 22-041). We conducted this audit to provide U.S. Postal Service management with timely information on operational risks at this P&DC. We judgmentally selected the Columbus P&DC based on a review of overtime, penalty overtime, cancelled trips, late trips, extra trips by Postal Vehicle Service (PVS) and Highway Contract Route (HCR) drivers, and overall scanning performance. The Columbus P&DC is in the Lakeshores Division and processes letters, flats, and parcels; and it services multiple 3-digit ZIP Codes in urban and rural communities.

The U.S. Postal Inspection Service’s Analytics and Cybercrime Program provides investigative, forensic, and analytical support to field divisions and headquarters. A core component of this program is the Internet Covert Operations Program (iCOP), established in 2018 to provide analytics support for online investigations. Analysts respond to requests for assistance from postal inspectors and proactively gather intelligence using cryptocurrency analysis, open-source intelligence, and social media analysis. In April 2021, iCOP was renamed the Analytics Team. This report responds to a request from the House of Representatives Committee on Oversight and Reform to evaluate the Postal Inspection Service’s online analytical support activities, including its statutory authority and processes for these activities, and any related contracts. We reviewed 434 online analytical support requests from a statistical sample of 160 cases and 70 reports produced by iCOP to assess whether these activities were authorized. We also reviewed policies, procedures, and contracts associated with iCOP and the Analytics Team.

We present the status of the Office of Navajo and Hopi Indian Relocation’s assets and official records.

The Office of the Inspector General conducted an evaluation to determine if the Tennessee Valley Authority (TVA) was effectively managing acquisitions and disposals of real property. We determined TVA effectively managed the real property acquisitions and disposals for the sample of transactions we reviewed. Specifically, we determined sampled acquisition and disposal decisions were generally supported by the financial, environmental, and title reviews conducted as part of TVA’s real property transaction process; however, we identified noncompliance with some parts of the standard programs and processes and user guides. We also identified opportunities for improvement related to information provided to the TVA Board of Directors and clarification within the standard programs and processes and user guides. Additionally, we identified issues related to TVA’s survey process.

The objective of the independent assessment was to identify unallowable costs reimbursed to the Contractor on the Cannon House Office Building Renewal (CHOBr) Project.

The OIG conducted an administrative investigation that included a congressional request to look into allegations that Charmain Bogue, former executive director of the Veterans Benefits Administration’s Education Service, committed ethical violations arising from her spouse’s consulting work for Veterans Education Success (VES). VES is a nonprofit advocacy group that regularly had business before the Education Service. The allegations also pointed to possible incomplete financial disclosures by Ms. Bogue concerning her spouse’s consulting business. In the course of their work, investigators uncovered evidence of other potential conflicts of interest and related misconduct by Ms. Bogue.As a result of the investigation, the OIG made four findings. First, Ms. Bogue participated in Education Service matters involving VES without considering whether it raised an apparent conflict of interest and acted contrary to ethics guidance she received from her supervisors. Second, Ms. Bogue sought résumé feedback from the president of VES to aid in her search for career advancement without considering whether this raised apparent conflict of interest concerns in subsequent VES matters. VES also endorsed Ms. Bogue for presidential nominee positions. Third, although Ms. Bogue provided insufficient detail about her spouse’s business in 2019 and 2020 public financial disclosures, VA ethics attorneys had found them compliant. She remedied the subsequently identified deficiency in her 2021 disclosure. Finally, the OIG found that Ms. Bogue refused to cooperate fully in the OIG’s investigation by refusing to complete her follow-up interview. Her husband and VES president also refused to participate in OIG interviews, and the OIG lacks testimonial subpoena authority over individuals who are not VA employees. Ms. Bogue resigned from VA in January 2022 and, as a result, the OIG made no recommendations. VA concurred with the OIG’s findings.

The Patient Advocacy Program helps advance the Veterans Health Administration’s (VHA) efforts to improve customer service, support veterans’ access to quality care, and provide a mechanism to resolve healthcare issues. Patient advocates document veterans’ concerns, communicate the resolution, provide follow up and feedback, and identify trends for potential opportunities to improve medical facilities. In FY 2020, VHA tracked about 162,000 serious complaints in its patient advocate tracking systems.The OIG conducted this audit to determine whether VHA patient advocates resolved serious complaints on time and as required in that year. The audit also assessed whether VHA Patient Advocacy Program leaders effectively used program data to identify and address pervasive healthcare issues for veterans.The audit found that VHA lacked adequate governance of the Patient Advocacy Program. VHA did not effectively issue and implement adequate policies, monitor complaint practices, and provide guidance to medical facility directors responsible for local program management. This inadequacy in governance contributed to patient advocates and other program leaders not fully complying with requirements for managing complaints in FY 2020.According to an OIG survey, patient advocates and patient advocate supervisors at 17 percent of reviewed medical facilities did not always enter complaints into a patient advocate tracking system as required. Although the data indicated that patient advocates generally closed serious complaints on time, the OIG found that they did not always adhere to the documentation requirements to show full complaint resolution. In addition, there was inadequate monitoring at the local, regional, and national program levels.VA concurred with the OIG’s three recommendations to the under secretary for health to review and update program policy; implement controls for regular, documented reviews of records; and provide guidance to medical facility directors to ensure they fulfill program management duties.

We determined the U.S. Department of the Interior completed four of the six steps required by Secretary’s Order 3383.

The Federal Emergency Management Agency (FEMA) consistently followed Federal laws, regulations, and its own policies and procedures when responding to disaster declaration requests from states, territories, and tribes, and making recommendations to the President.

Brian Kerr, former Building and Bridges Assistant Supervisor, pleaded guilty in New York County Supreme Court on March 23, 2022, to two misdemeanor counts to Falsify Business Records: Make False Entry. He was sentenced to a conditional discharge and ordered to pay restitution to the company in the amount of $360.23. Kerr, among others, participated in a scheme to intentionally misuse company badges and/or create counterfeit badges that he and the others fraudulently “swiped” for one another, via Amtrak’s time and attendance machines, to clock-in or out. Kerr resigned on February 21, 2022, and is ineligible for rehire.

What We Looked AtAccording to data from the Pipeline and Hazardous Materials Safety Administration (PHMSA), more than 3.3 billion tons of hazardous materials (hazmat) are transported within the United States each year. As PHMSA is responsible for evaluating the fitness of companies that transport hazmat, we initiated this audit with the following objective: to assess PHMSA’s implementation of Federal requirements for conducting fitness reviews of applicants seeking hazmat approvals or special permits. Specifically, we assessed (1) PHMSA’s three-tier process for reviewing applicants’ fitness and (2) internal controls the Agency employed to conduct those reviews and communicate the results, as required. What We FoundPHMSA is improving its three-tier hazmat fitness review processes, but its timeliness goal is not always achievable. Specifically, PHMSA processed most Tier 1 reviews within DOT’s 120-day goal but took longer for Tiers 2 and 3. PHMSA investigators did meet Agency standards for inspecting and developing fitness memorandums. PHMSA is also improving its methods for tracking Tier 2 and Tier 3 applications and for documenting decisions regarding Tier 3 inspections. However, its software systems do not communicate with each other, and the Agency does not require fitness memorandums to identify relevant inspection report numbers—factors that will hinder PHMSA’s efforts to meet its timeliness goal or identify potential problems. PHMSA also has internal control gaps for conducting hazmat fitness reviews, although it is working to address those gaps. In addition, some data were not correctly correlated to company profiles, which could impact the accuracy of Tier 1 reports and fitness reviews. Finally, PHMSA did not fully publicly communicate, as required, the status of applications delayed more than 120 days. Until PHMSA addresses these internal control gaps, it has less assurance its application review process will meet Federal requirements. Our RecommendationsWe made 12 recommendations to improve PHMSA’s implementation of Federal requirements for conducting fitness reviews. PHMSA concurred with all 12 recommendations, and we consider them resolved but open pending completion of planned actions.

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report provides a focused evaluation of the quality of care delivered in the inpatient and outpatient settings of the W.G. (Bill) Hefner VA Medical Center. The inspection covered key clinical and administrative processes that are associated with promoting quality care. This inspection focused on Leadership and Organizational Risks; COVID-19 Pandemic Readiness and Response; Quality, Safety, and Value; Registered Nurse Credentialing; Medication Management: Remdesivir Use in VHA; Mental Health: Emergency Department and Urgent Care Center Suicide Risk Screening and Evaluation; Care Coordination: Inter-facility Transfers; and High-Risk Processes: Management of Disruptive and Violent Behavior.The medical center’s executive leadership team had worked together for approximately three months, although two leaders had served in their positions for multiple years. The remaining team members were not permanently assigned to their positions. Employee survey responses demonstrated satisfaction with leadership. However, responses also revealed opportunities to reduce staff feelings of moral distress at work. Patient experience survey data highlighted opportunities for leaders to improve experiences in the inpatient and outpatient settings. The OIG’s review of the system’s accreditation findings did not identify any substantial organizational risk factors. However, the OIG identified a concern with leaders conducting institutional disclosures for all sentinel events. Executive leaders were knowledgeable within their scope of responsibilities about VHA data, organizational factors contributing to poor performance on Strategic Analytics for Improvement and Learning measures, actions taken to maintain or improve organizational performance, employee satisfaction, and patient experiences.The OIG issued four recommendations for improvement in three areas:(1) Leadership and Organizational Risks• Institutional disclosures(2) Quality, Safety, and Value• Systems Redesign Review Advisory Group participation• Surgical work group meeting attendance(3) High-Risk Processes• Staff training

What We Looked AtThe Department of Transportation’s (DOT) Operating Administrations (OA) receive billions to provide financial assistance to States and other entities. The Office of Management and Budget (OMB) requires recipients that expend $750,000 or more to perform single audits. OMB’s Uniform Guidance sets requirements for single audits. Recipients must submit reporting packages, including auditors’ reports, to the Federal Audit Clearinghouse (FAC) and develop plans to resolve findings. Because of the importance of single audits to tax dollar stewardship, we reviewed single audit processes at the Federal Aviation Administration (FAA), Federal Highway Administration (FHWA), and Federal Transit Administration (FTA). Our audit objectives were to evaluate their processes for (1) verifying that single audits are completed and reports submitted to FAC in the timeframe required by the Uniform Guidance, (2) issuing timely management decisions on single audit findings, and (3) following up on findings and recommendations, including high-priority findings and recommendations we identify in quarterly reports.What We FoundDOT does not ensure that single audit reports are completed and timely submitted to FAC, and does not have a single audit accountable official to ensure OAs fulfill Uniform Guidance requirements. DOT does not ensure the OAs verify that recipients complete single audits and submit timely packages. FAA, FHWA, and FTA’s processes for these activities are not sufficient. This lack of oversight could inhibit DOT’s ability to reduce improper payments. DOT also does not ensure OAs issue timely management decisions and track findings. Untimely management decisions inhibit OAs’ abilities to evaluate findings and recover funds. The OAs follow up on findings that we identify in our quarterly reports rather than all findings. Because it has not designated an SAAO, DOT does not ensure OAs perform required followup. The Uniform Guidance requires agencies ensure that recipients correct all findings. Our reports do not cover all single audit findings. DOT’s lack of oversight could increase the risk of improper payments.RecommendationsOST concurred with our seven recommendations to help improve single audit process oversight. We consider all recommendations resolved but open pending completion of planned actions. 

The U.S. Department of Housing and Urban Development, Office of Inspector General, has completed its audit of Federal Housing Administration (FHA)-insured loans serviced in calendar year 2020. Our audit objective was to determine whether borrowers of FHA-insured loans maintained proper flood insurance coverage. We found FHA insured at least 31,500 loans serviced during calendar year 2020 for properties in SFHA flood zones that did not maintain the required flood insurance coverage. We found loans that had private flood insurance instead of the required NFIP coverage, NFIP coverage that did not meet the minimum required amount, or no coverage during calendar year 2020. As a result, the FHA insurance fund was potentially exposed to greater risk from at least $4.5 billion in loans that did not maintain adequate NFIP coverage. We recommend that FHA require lenders to provide evidence of sufficient flood insurance coverage or execute indemnification agreements for the 21 loans in our statistical sample that did not have sufficient flood insurance at the time of our audit, develop a control to detect loans that did not maintain the required flood insurance to avoid potential future costs to the FHA insurance fund from inadequately insured properties, and consult with HUD’s Office of General Counsel to review the language in the statutes, regulations, and handbooks and make any necessary adjustments to the forward mortgage and Home Equity Conversation Mortgage handbooks.