Federal Reports

The OCFO cannot provide reasonable assurance that crosscutting risks are identified and mitigated and that Agency resources are directed to the most critical strategic needs.

The U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG), completed an audit to determine whether FHA-insured borrowers properly received the COVID-19-related forbearance.  The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), signed into law on March 27, 2020, provided a mortgage payment forbearance option for all borrowers who suffered a financial hardship due to the COVID-19 national emergency.We found that at least one-third of the nearly 335,000 borrowers who were delinquent on their FHA-insured loans and not on forbearance in November 2020, were either not informed or misinformed about the COVID-19 forbearance.  As a result, these borrowers experiencing a hardship due to COVID-19 did not benefit from the COVID-19 forbearance.  We also found that servicers improperly administered the forbearance for at least one-sixth of the nearly 815,000 borrowers on forbearance plans in November 2020.  Servicers also performed excessive communication and collection efforts for borrowers who were already in forbearance. As a result, these borrowers experienced additional burdens from improperly administered forbearance.We recommend that FHA identify borrowers who are delinquent and did not fully benefit from the COVID-19 forbearance and ensure that information about the CARES Act and COVID-19 forbearance is distributed to these borrowers. We also recommend that FHA review the 21 loans in our statistical sample with improperly administered forbearance to ensure that the borrowers were assisted by the servicers, if possible, and ensure that these servicers updated their forbearance procedures to prevent future noncompliance; ensure that the issues found during our audit are incorporated into servicing monitoring reviews to deter future noncompliance and prevent potential loss to the FHA fund; and provide additional guidance to the servicers so that they limit their communication and collection efforts for the borrowers in forbearance.

Independent Auditors' Report on the Government Publishing Office (GPO) fiscal year (FY) 2021 Financial Statements.

In connection with the audit of the U.S. Government Publishing Office fiscal year (FY) 2021 financial statements, attached is the information technology (IT) management letter issued by the independent public accounting firm of KPMG LLP (KPMG).

In connection with the audit of the U.S. Government Publishing Office fiscal year (FY)2021 financial statements, attached is the non-information technology (IT) management letter issued by the independent public accounting firm of KPMG LLP (KPMG).

This audit repoort concluded that the FCC’s information security program was effective and in compliance with FISMA legislation, OMB memoranda, and other applicable guidance. This is the first year that the agency’s information security program has been in compliance, which is a significant accomplishment. The FISMA evaluation report includes seven findings and offers 13 recommendations intended to improve the effectiveness of the FCC’s information security program controls.

The information security program of AmeriCorps remains ineffective and has shown little progress since FY 2018. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: organization-wide risk management, IT asset inventory management, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management practices. AmeriCorps has not made significant progress in implementing prior FISMA recommendations. AmeriCorps has implemented only eight of the 39 open recommendations from the FY 2017- FY 2020 FISMA evaluations.. Implementing more of these recommendations will help AmeriCorps to mature its information security program and bring it closer to effectiveness. The failure to address critical deficiencies leaves AmeriCorps systems and data vulnerable to breach, which may expose sensitive information, including Personally Identifiable Information, to unauthorized access, use and disclosure. Our report offers 13 new recommendations, which together with the prior year recommendations, will assist AmeriCorps in developing a mature and effective information security program. AmeriCorps concurred with 12 of the 13 new recommendations and provided alternative actions to resolve the remaining recommendation.

The VA Office of Inspector General (OIG) conducted a healthcare inspection of an allegation related to a patient who sought help with gastrointestinal symptoms at the Eastern Oklahoma VA Health Care System in Muskogee (facility) three times in 2020 and was allegedly sent away. The patient went to a non-VA hospital and was diagnosed with colorectal cancer in early 2021.The OIG did not substantiate that the patient was sent away three times. The OIG identified concerns related to the patient’s fecal immunochemical test (FIT), an Emergency Department physician’s patient assessment, and facility leaders’ response to the patient’s complaints and multiple Emergency Department physician complaints.The electronic health record contained no documented evidence that the FIT was mailed to or discussed with the patient, even when not returned.The Emergency Department physician did not adequately assess the patient by failing to perform a digital rectal examination when the patient’s clinical presentation included having blood in the stool.Facility staff did not adequately review and respond to the patient’s complaints. A primary care leader did not fully resolve complaints related to providers’ patient interactions and care. The patient advocate failed to address a complaint, document the involved providers, or contact the patient.The OIG found facility leaders initiated peer reviews and provided an institutional disclosure to the patient but identified leaders’ inadequate response to complaints about the Emergency Department physician. Beyond reporting and intermittent discussions with the provider, leaders took no further actions to address the physician’s performance concerns.The OIG made four recommendations to the Facility Director to ensure FITs are tracked, evaluate Emergency Department providers’ processes for examinations when patients present with gastrointestinal symptoms with bleeding, ensure thorough reviews and documentation of patient complaints, and ensure leaders monitor complaints related to the Emergency Department physician.