Federal Reports

The VA Office of Inspector General (OIG) conducted a healthcare inspection after receiving a referral from OIG inspectors regarding facility leaders’ response to a report that a urologist had severe hand tremors and possibly low vision. The OIG identified two adverse clinical outcomes in 121 of the urologist’s surgical patients, neither of which required an increased level of care and did not result in long-term impact. The OIG determined the two complications were appropriately managed by the urologist, reported through the patient safety reporting system, and acted upon. Facility leaders failed to adequately oversee the urologist’s performance by not formally evaluating a report of the urologist’s physical impairments that could have posed a risk to patient safety. The facility conducted management reviews of the urologist, but deficiencies were identified in the processes used. Failures in facility leaders’ privileging processes led to delays in removing the urologist’s privilege to perform open procedures and a failure to inform the urologist of active privileges. Facility leaders were noncompliant with VHA directives that require reporting adverse privileging actions to the National Practitioner Data Bank and reporting patient safety concerns to state licensing boards. Consequently, patient safeguards intended to be achieved through reporting did not occur. Frequent personnel changes in facility-leader positions may have contributed to failures in oversight, privileging, and practitioner reporting processes. The noncompliance with facility and VHA policies likely occurred due to poor communication regarding the urologist’s practice and privileging status, a lack of knowledge of position responsibilities, and inexperienced support staff. The deficiencies found in the focused professional practice evaluation processes and National Practitioner Data Bank reporting were consistent with issues previously identified by the OIG. Duplicative recommendations were not made regarding these issues. The OIG made six recommendations to the Veterans Integrated Service Network 7 and facility directors.

See the additional details link below for the full report, report summary, multimedia or any agency follow-up.

We audited the Tennessee Valley Authority’s (TVA) business meeting and hospitality expenses to determine if they complied with TVA’s Business Meetings and Hospitality policy and any other applicable TVA guidance. Our audit scope included approximately $6.5 million in business meeting and hospitality expenses occurring from October 1, 2018, through September 30, 2019.Our audit found TVA’s approval process did not ensure expenses complied with the Business Meetings and Hospitality Policy. Specifically, we found expenses were approved for (1) reimbursement and/or payment without the required information and supporting documentation included with the expense voucher, (2) questionable team-building expenditures, and (3) prohibited alcohol expenditures. We also found a lack of guidance for compliance with TVA’s Food Services Policy. Additionally, we found the process for approving large meeting expenses and guidance for the classification of meeting-related expenses could be improved.We made five recommendations to TVA management to strengthen controls around business meetings and hospitality by (1) developing additional guidance to ensure compliance with the Business Meetings and Hospitality Policy and Food Services Policy, and (2) reinforcing the existing Food Services Policy. TVA management provided actions they plan to take to address each of our recommendations.

We included an audit of the Tennessee Valley Authority’s (TVA) plans for an active shooter incident in our annual audit plan due to the potential risk of an active shooter incident occurring. Our audit objective was to determine if TVA has adequate plans in place to prevent, prepare for, and manage active shooter incidents. The audit scope included all program documentation and records that support TVA's plans to prevent, prepare for, and manage active shooter incidents as of May 13, 2020. We compared TVA’s procedures around preventing, preparing for, and managing active shooter incidents to best practices recommended by the Department of Homeland Security (DHS). DHS best practices include four steps (Connect, Plan, Train, and Report) to apply in advance of an incident or attack. We found TVA has plans in place to prevent, prepare for, and manage active shooter incidents that include steps to address the connecting and planning phases of DHS recommendations to prepare for active shooter incidents. However, we found the training and reporting steps need improvement. Specifically, we found TVA’s Active Threat Awareness program training is not mandatory and less than 10 percent of TVA’s employees have taken the training. In addition, portions of best practices related to active threat awareness are included in at least ten TVA Standard Programs and Processes rather than a single document and are not easily accessible by employees. TVA management agreed with our findings and recommendations.

The cover page of this report was updated on 2/5/21 to include a comment box that states, "The statements made on pages 2 and 20 regarding OCC providing whistleblower complaints to Treasury OIG Office of Investigations (OI) were clarified in a memorandum dated February 5, 2021 (OIG-CA-21-016). The memorandum clarified that OCC should continue to send allegations of OCC employee misconduct and Orders of Investigations to OI."Please read this report in conjunction with Treasury OIG Memorandum, OIG-CA-21-016, Whistleblower Referrals to the Department of the Treasury Office of Inspector General, Office of Investigations, dated 2/5/2021.

What We Looked AtWe performed a quality control review (QCR) on the single audit that RHR Smith & Company (Smith) performed for the Green Mountain Transit Authority’s (Authority) fiscal year that ended June 30, 2018. During this period, the Authority expended approximately $14.5 million from the U.S. Department of Transportation’s (DOT) grant programs. Smith determined that DOT’s major program was the Federal Transit Cluster. Our QCR’s objectives were to determine (1) whether the audit work complied with the Single Audit Act of 1984, as amended, the Office of Management and Budget’s Uniform Guidance, and the extent to which we could rely on the auditors’ work on DOT’s major programs; and (2) whether the Authority’s reporting package complied with the reporting requirements of the Uniform Guidance. We FoundSmith’s audit work complied with the requirements of the Single Audit Act, the Uniform Guidance, and DOT’s major program. We found nothing to indicate that Smith’s opinion on DOT’s major program was inappropriate or unreliable. However, we identified a deficiency in Smith’s audit work that should be corrected in future audits. We also identified deficiencies in the Authority’s reporting package that required correction and resubmission.

What We Looked AtFreight trains in the United States generally operate with a conductor, who is responsible for the train, freight, and crew, and an engineer, who operates the locomotive. To ensure that only people who meet minimum Federal safety standards serve as conductors, in 2011, the Federal Railroad Administration (FRA) issued a rule for the certification of conductors, Title 49, Code of Federal Regulations, Part 242. This rule requires railroads to have a formal program for training prospective conductors and determining that they are competent before they are certified. Given the potential impact of the conductor certification rule on railroad safety, we initiated this audit to assess FRA’s oversight of railroad conductor certification programs. What We FoundFRA does not have sufficient oversight controls to consistently assess railroads’ compliance with Part 242 requirements. Specifically, FRA reviews of railroad conductor certification programs lack formal procedures. FRA officials currently evaluate programs using a checklist with some Part 242 requirements, an industry group program template, and officials’ professional judgment. These narrow reviews are not comprehensive, however, because programs are not evaluated at a consistent level of detail, and the process remains undocumented. FRA officials also perform Part 242 inspections and compliance audits without comprehensive procedures. As a result, the audit documentation and inspection data do not identify all of the Agency’s Part 242 compliance audits or demonstrate audit quality. However, FRA is responsive to Part 242 waiver requests and conductor certification petitions. Specifically, the Agency has procedures in place for handling waiver requests and is meeting its goal timelines for reviewing and deciding on petitions. Our RecommendationsWe made five recommendations to improve FRA’s oversight of railroad conductor certification programs, guidance for program officials and inspectors, and quality of its audit data. FRA concurred with all of our recommendations, and we consider them resolved but open pending completion of the planned actions.

U.S. Customs and Border Protection (CBP) does not have a comprehensive strategy for meeting its LS-NII scanning needs at all CBP locations. Instead, CBP used multiple plans, such as its Multi-Year Investment and Management Plan, and individual acquisition plans for each type of LS-NII equipment it may purchase. At times, these acquisition plans contained conflicting information and did not align with the program’s approved life-cycle cost estimate. We made three recommendations to improve CBP’s acquisition planning for LS-NII needs and ensure effective investments for its non-intrusive inspection program. We recommended the DHS Under Secretary for Management require the acquisition program office to develop an approved strategy that aligns its NII key acquisition documents with CBP’s evolving investments in critical LS-NII equipment. In addition, the CBP Component Acquisition Executive should implement procedures to ensure better alignment and tracking of reliable LS-NII data, and ensure an NII strategy encompasses an approved Acquisition Program Baseline that includes key performance baselines for all critical LS-NII equipment. The Department did not concur with one recommendation but concurred with two of our three recommendations.

DHS’ information security program was not effective for Fiscal Year 2019 because the Department earned a maturity rating of “Ad Hoc” (Level 1) in three of five functions, compared to last year’s higher overall rating of “Managed and Measurable” (Level 4). We attributed DHS’ regression in managing its information security program to its recent decision to permit the Coast Guard to submit its cybersecurity and Federal Information Security Management Act (FISMA) reports to the Department of Defense rather than to DHS. This decision adversely affects Department senior leadership’s ability to make informed and risk-based decisions on essential cybersecurity activities such as risk management, weakness remediation, system inventory, incident reporting, and continuous monitoring. We made five recommendations. The Department concurred with all five recommendations.