Federal Reports

We audited the U.S. Department of the Interior’s (DOI’s) Interior Business Center (IBC), which manages procurements for over 50 Federal and State client agencies, to determine whether its internal control system was sufficient to ensure that it followed the Federal Acquisition Regulation (FAR) or other applicable regulations when awarding procurements on behalf of its clients.We found that the IBC had deficiencies in the internal controls designed to ensure that procurement files are complete and accurate. Due to these deficiencies, the IBC did not have an adequate internal control system to ensure that it followed the FAR when awarding procurements. Thirty-three percent of the 85 procurement files we reviewed for our audit had missing or incomplete supporting documentation, or the files themselves were missing.Our report offers four recommendations to help the IBC improve its preaward practices and oversight.

We evaluated the U.S. Department of the Interior’s (DOI’s) and the U.S. Geological Survey’s (USGS’) implementation of Phase 1 of the Continuous Diagnostics and Mitigation (CDM) program for a USGS system. Our evaluation revealed control deficiencies for hardware and software asset management and configuration management. Specifically, the DOI did not require bureaus and offices to maintain accurate hardware asset inventories for information systems, which prevented them from monitoring key security metrics through the DOI’s CDM dashboard. We also found that the DOI did not implement software blacklists or whitelists to help ensure that unapproved, unsupported, or potentially malicious software was not present on system computing devices. Further, we found that the USGS failed to require systems to operate with only those ports, protocols, and services necessary for essential operations, which increased their vulnerability to attack, and that the USGS did not timely mitigate vulnerabilities on USGS-owned system assets.

We conducted this audit to determine whether the DOI and its bureaus included the required documentation for charge card transactions, properly used fiscal year (FY) 2019 disaster relief funds, and properly allocated FY 2019 disaster relief funds when using U.S. Government charge cards.We found that the Bureau of Reclamation, U.S. Fish and Wildlife Service (FWS), National Park Service (NPS), and U.S. Geological Survey (USGS) had incidents of missing or insufficient documentation to support purchases. We also found the FWS, NPS, and USGS used FY 2019 disaster relief funds to purchase items that were not associated with the allowable uses Congress identified. We question $83,165 in costs allocated to the FY 2019 disaster relief funds. We note that the bureaus properly allocated most FY 2019 Government charge card purchases using disaster relief funds. We also identified two other matters related to charge card use in emergency situations and disaster relief expense reallocations.We make eight recommendations to help the DOI and its bureaus resolve questioned costs and strengthen internal controls over disaster relief funds and the Government charge card program. Based on the DOI’s response to our draft report, we consider four recommendations to be resolved and implemented, three recommendations to be resolved but not implemented, and one recommendation to be unresolved. We will refer four recommendations to the Office of Policy, Management and Budget for resolution and implementation tracking.

This report presents the results of our audit of Agreement Nos. A17AV00656, A16AV00812, and A15AV00702 between the Bureau of Indian Education (BIE) and St. Stephens Indian School Educational Association, Inc., which provided St. Stephens a total of $12.5 million to operate elementary and high school facilities owned by the Bureau of Indian Affairs (BIA) between July 2015 and June 2018.We conducted this audit to determine whether agreement expenses were allowable and St. Stephens complied with applicable laws and regulations, BIE and BIA guidelines, and agreement terms and conditions. We reviewed transactions charged to the agreements totaling $5.8 million.We found multiple instances in which St. Stephens did not use agreement funds for allowable activities and did not comply with applicable Federal regulations and agreement provisions, which led us to identify $442,632 in funds that could be put to better use and question $35,432 of St. Stephens’ claimed costs. In addition, we determined that the BIE did not consistently oversee St. Stephens agreements in accordance with applicable regulations and BIA policy.We make 11 recommendations to help the BIE and the BIA resolve questioned costs and provide better oversight to St. Stephens.

The Federal Information Security Modernization Act (FISMA) requires Federal agencies to have an annual independent evaluation of their information security programs and practices. This evaluation is to be performed by the agency’s Office of Inspector General or by an independent external auditor to determine the effectiveness of such programs and practices. The U.S. Department of the Interior (DOI) contracted with KPMG, an independent public accounting firm, to complete a FISMA audit for fiscal year 2020.KPMG reviewed information security practices, policies, and procedures at the DOI Office of the Chief Information Officer and 11 DOI bureaus and offices. The audit revealed that improvements were needed in the areas of risk management, configuration management, identity and access management, the data protection and privacy program, the security training program, and contingency planning. Based on these findings, KPMG made 32 recommendations intended to strengthen the DOI’s information security program as well as those of the bureaus and offices.The DOI’s Office of the Chief Information Officer has concurred with all 32 recommendations and established a target completion date for each corrective action.

Our ongoing review of the use of Coronavirus Aid, Relief, and Economic Security (CARES) Act funds has identified a significant number of transactions that appear to be impermissible split purchases and that reflect possible misuse of U.S. Department of the Interior (DOI) purchase cards. We are examining some of these transactions as potential fraud. Previous investigative and audit reports from our office have identified gaps in bureau oversight of the DOI’s Government Purchase Card Program.Until effective controls are implemented and enforced consistently throughout all bureaus and offices, the DOI’s Government Purchase Card Program will continue to be at risk for improper purchases and other noncompliance with applicable laws and regulations.In this management advisory we describe findings related to our review of pandemic-related DOI purchase card transactions, specifically (1) a number of transactions that appeared to be prohibited split purchases and (2) ineffective or missing internal controls over purchase card use. We make three recommendations to help the DOI prevent fraud, waste, and mismanagement in its Government Purchase Card Program.

To see our report, click on the link below

The evaluation of AmeriCorps grants awarded to the Maine Commission for Community Service (the Commission) and one of its 14 subgrantees (LearningWorks) identified questioned Federal costs of $254,014, questioned match costs of $592,737, and compliance findings, covering the three years beginning January 1, 2016. The questioned costs arose from insufficient support for the valuations attached to in-kind claimed for contributed classroom and office space and labor donated by participating schools.The Commission and LearningWorks responded jointly to address the report’s findings and recommendations. The Commission agreed to improve its subgrantee monitoring and to train its staff regarding how to support in-kind match contributions. LearningWorks continues to assert that it properly valued and supported the in-kind match donations but nevertheless agreed to improve its documentation. AmeriCorps generally concurred with our recommendations and will resolve the questioned costs during audit resolution. Further, AmeriCorps promised to work with the Commission to strengthen its internal controls surrounding acceptable in-kind documentation from its subgrantees.