Federal Reports

What We Looked AtFAA oversees the safety of civil aviation through a complex network of information systems at air traffic control facilities. Cyber-based threats are rapidly evolving and may put air traffic control systems at risk for compromise. The FAA Extension, Safety, and Security Act of 2016 directs FAA to develop a comprehensive, strategic framework to reduce cybersecurity risks to civil aviation. Part of FAA’s efforts to implement this framework involves coordination and collaboration on aviation cybersecurity with the Departments of Homeland Security (DHS) and Defense (DOD) through the Aviation Cyber Initiative (ACI). The former Chairman of the House Committee on Transportation and Infrastructure requested that we examine FAA’s roles, responsibilities, and actions as an ACI member. Specifically, we assessed ACI’s progress in achieving its mission. What We FoundFor 3 years, FAA and its ACI partners have been providing regular updates to Federal agencies on their work, and are collaborating with Federal and aviation industry cybersecurity stakeholders. In May 2019, the Secretaries of DHS, DOD, and the Department of Transportation (DOT) finalized the approval of a charter that outlines ACI’s objectives. As DOT’s representative, FAA is an ACI co-chair with DHS and DOD. The co-chairs report to an Executive Committee of senior Agency executives. At the first ACI Executive Committee meeting in May 2019, 10 priorities were set for 2019 and 2020. ACI has implemented three of these priorities and they are on-going. ACI has also initiated work on the remaining seven. However, ACI has not developed mechanisms to monitor and evaluate results for meeting milestones and timetables for its priorities. ACI lacks an integrated budget and dedicated resources. As a result, FAA and its ACI partners face challenges in achieving its priorities; these challenges could inhibit FAA’s ability to develop a comprehensive and strategic framework for cybersecurity. RecommendationsTo enhance FAA’s progress in achieving ACI’s mission, we made one recommendation. FAA concurred with our recommendation.

The VA Office of Inspector General (OIG) reviewed whether the Veterans Health Administration (VHA) established adequate financial management practices at the VA Southeast Network and the VA Great Lakes Health Care System to promote the efficient use of their financial resources. The audit team found that VHA’s financial management practices did not include adequate controls, such as financial performance indicators, to assess whether its regional networks and medical centers used funds in a cost-effective manner. The use of financial performance indicators would allow VHA and its regional networks to identify inefficiencies that could indicate wasteful spending. VHA-wide indicators could also highlight trends and provide insights that help VHA develop best practices to enhance financial efficiency in its operations. VHA lacked an effective financial management structure to promote adequate controls. Under VHA’s current reporting structure, regional networks do not have uniform financial management functions and do not conduct oversight that promotes financial efficiency. Rather, regional oversight focuses on achieving reliable financial reporting, allocating financial resources, addressing budget excesses and shortfalls, and monitoring planned versus actual obligations of appropriated funds. The OIG recommended that VHA (1) establish key performance indicators that align with medical center operations and can be used to assess the efficient use of operating funds, (2) specify the office responsible for establishing financial controls that address the efficient use of funds at regional networks and medical centers, and (3) require VHA to establish and publish organizational charts that identify the appropriate financial management reporting lines of authority and to develop familiarization training on the reporting lines of authority at the VISN and medical center levels, as appropriate.

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report provides a focused evaluation of the quality of care delivered in the inpatient and outpatient settings of the Tuscaloosa VA Medical Center and one outpatient clinic in Alabama. The inspection covers key clinical and administrative processes that are associated with promoting quality care. For this inspection, the areas of focus were Leadership and Organizational Risks; Quality, Safety, and Value; Medical Staff Privileging; Environment of Care; Medication Management: Long-Term Opioid Therapy for Pain; Mental Health: Suicide Prevention Program; Care Coordination: Life-Sustaining Treatment Decisions; Women’s Health: Comprehensive Care; and High-Risk Processes: Reusable Medical Equipment. The executive leaders worked together for four months; however, the Director and the Associate Director for Patient Care Services had worked together since 2015. Survey results revealed opportunities for the Associate Director for Patient Care Services to improve employee satisfaction. Survey data indicated that patients were generally satisfied with their care experiences, but there were opportunities to improve appointment wait times. Review of the medical center’s accreditation findings, sentinel events, and disclosures did not identify any substantial organizational risks. However, the OIG identified concerns regarding peer review and patient safety programs. The executive leaders were extremely knowledgeable within their scope of responsibilities about Strategic Analytics for Improvement and Learning data and should continue to act to sustain and improve performance. The OIG issued 14 recommendations for improvement in five areas: (1) Environment of Care • Emergency egress accessible • Wheelchair maintenance (2) Mental Health • Community outreach • Patient follow-up (3) Care Coordination • Goals of care conversations • Multidisciplinary committee representatives and activities (4) Women’s Health • Staffing requirements (5) High-Risk Processes • Equipment inventory file • Instrument tracking system • Annual risk analysis • Environmental cleanliness • Sterile area climate control • Staff training

This memorandum is Sensitive But Unclassified. To obtain further information, please contact the OIG Office of Counsel at OIGCounsel@oig.treas.gov, (202) 927-0650, or by mail at Office of Treasury Inspector General, 1500 Pennsylvania Avenue, Washington DC 20220.

The unclassified version of the SAR covers the period from October 1, 2019 through March 31, 2020, and reflects what the NSA OIG could release publicly about its work for that reporting period. The OIG issued 10 reports and oversight memoranda during the period, making 94 recommendations to assist the Agency in addressing the findings and deficiencies identified. NSA's management agreed with all OIG recommendations made during this period. The Director of the NSA and Congress received the classified version of the SAR in accordance with the IG Act.