Federal Reports

The OIG examined whether disability benefit adjustments were calculated accurately for veterans who served in the Reserve or National Guard. These veterans may have been eligible for military training pay, or “drill pay.” However, they are not entitled to receive drill pay and disability benefits in the same fiscal year. The Veterans Benefits Administration (VBA) asks veterans to choose between drill pay and disability benefits, and adjusts payment accordingly. VBA adjusts most payments using an automated process, except staff should manually adjust payments if the veterans have spent days in active duty status. This helps ensure they did not receive disability and drill pay benefits in the same fiscal year. The review team found that VBA inaccurately processed about 11 percent of adjustments in fiscal year (FY) 2016, resulting in an estimated $14.2 million in overpayments and underpayments to veterans. The team noted that VBA did not review the accuracy of automatically completed adjustments and that the automated system was not programmed to remove some cases that required manual processing. Staff in VBA’s Intake Processing Center were also unfamiliar with procedures to remove cases from the automated system when veterans responded to letters about proposed benefits. The review team found that training for VBA staff lacked detailed instructions on completing disability benefit adjustments. The OIG recommended that VBA review FY 2016 drill pay adjustments involving active duty periods and take corrective action as necessary. The OIG also recommended a review of FY 2016 adjustments that involved a veteran responding to VBA’s letter about proposed drill pay. Further, VBA should remind staff of their responsibilities for processing responses and implement a plan to ensure compliance. Finally, the OIG recommended that VBA implement a plan to provide detailed training for staff who process drill pay adjustments and monitor the training’s effectiveness.

For the final report on our audit of the Department of Commerce’s (the Department’s) Enterprise Web Solutions (EWS) system, our objectives were to determine whether the (1) processes used to vet contract staff given administrative access to the EWS system are adequate; (2) Department followed a sufficient process to identify the impact level of the EWS system; (3) Office of the Chief Information Officer took appropriate actions to protect the information on the EWS system after it was granted an authorization to operate in 2018; and (4) contract used to procure EWS services and systems complied with Department acquisition regulations. Because of the serious nature of the cybersecurity issues identified, we determined that this audit report would address the first three objectives, while a separate, follow-on audit may address the fourth. We found that the Department did not protect sensitive data on the EWS system. Many of the problems we identified indicated that the Department had serious and pervasive issues that allowed exposure of sensitive data.Specifically, we found the following:I. The Department exposed sensitive data to unvetted foreign nationals working outside the United States.II. Unauthorized foreign nationals accessed and modified the EWS system after their contract had been terminated.III. The Department mishandled the response to unauthorized access by foreign nationals.IV. The Department failed to account for sensitive data on its systems.

The Centers for Medicare and Medicaid Services (CMS) requested that OIG audit a mail-order pharmacy's Medicare Part D Eligibility Verification Transactions (E1 transactions). To address CMS's request, we conducted this audit of E1 transactions, which included the requested provider's transactions. During our audit, we discovered that providers were taking advantage of gaps in CMS's program integrity in E1 transactions. Because E1 transactions contain beneficiary protected health information (PHI), we wanted to verify that the providers were appropriately using E1 transactions for their intended purposes.

The U.S. Department of Health and Human Services (HHS) provides funding through numerous programs that support and provide assistance to low-income families. Our prior audit (A-04-14-04026) of Wateree Community Actions, Inc. (Wateree), for fiscal years (FYs) 2012 and 2013, found that Wateree improperly managed some Federal funds related to HHS programs. As a result, Wateree put at risk both vital Federal funds and its ability to continue as a viable organization assisting low-income households in South Carolina.

The National Credit Union Administration Office of Inspector General contracted with Moss Adams LLP to conduct a Material Loss Review of C B S Employees Federal Credit Union, a federally insured credit union. We reviewed the Credit Union to: (1) determine the cause(s) of the Credit Union’s failure and the resulting estimated $39.5 million loss to the National Credit Union Share Insurance Fund (Share Insurance Fund); (2) assess the NCUA’s supervision of the Credit Union; and (3) provide appropriate suggestions and/or recommendations to prevent future losses.

What We Looked AtOn March 9, 2015, the Federal Aviation Administration (FAA) established requirements for air carriers to implement a formal, top down approach to identifying and managing safety risks, known as safety management systems (SMS). However, recent events have raised concerns about FAA's safety oversight, particularly for Southwest Airlines, one of the largest passenger air carriers in the United States. In early 2018, our office received a hotline complaint regarding FAA's oversight of Southwest Airlines and a number of operational issues at the carrier. Then, in April 2018, Southwest Airlines Flight 1380 suffered an engine failure that resulted in the first U.S. passenger fatality in over 9 years. We initiated an audit to assess FAA's oversight of Southwest Airlines' systems for managing risk.What We FoundOur review identified a number of concerns regarding FAA's safety oversight of Southwest Airlines. First, Southwest Airlines continues to fly aircraft with unresolved safety concerns. For example, FAA learned in 2018 that the carrier regularly and frequently communicated incorrect aircraft weight and balance data to its pilots--a violation of FAA regulations and an important safety issue. Southwest Airlines also operates aircraft in an unknown airworthiness state, including more than 150,000 flights on previously owned aircraft that did not meet U.S. aviation standards--putting 17.2 million passengers at risk. In both cases, the carrier continues operating aircraft without ensuring compliance with regulations because FAA accepted the air carrier's justification that the issues identified were low safety risks. Second, FAA inspectors do not evaluate air carrier risk assessments or safety culture as part of their oversight of Southwest Airlines' SMS. This is because FAA has not provided inspectors with guidance on how to review risk assessments or how to evaluate and oversee a carrier's safety culture. As a result, FAA cannot provide assurance that the carrier operates at the highest degree of safety in the public's interest, as required by law.Our RecommendationsFAA concurred with all 11 of our recommendations to improve its oversight of Southwest Airlines' systems for managing risk and provided appropriate planned actions and completion dates.

To view a short video related to this report, please click the link below.

The University of Southern California did not complete verification of applicant data in accordance with Federal requirements for 7 of the 60 students included in our statistical random sample. As a result, the university improperly disbursed $21,530 in Title IV aid to four students and improperly disbursed $1,000 less in Title IV aid than one student was eligible to receive. There was no effect on the amount of Title IV aid disbursed for the other two students. Based on the results of our statistical random sample, we estimate that the University of Southern California did not complete verification in accordance with Federal requirements for 184 (12 percent) of the 1,534 Pell recipientsselected for verification for award year 2017–2018.We also found that the University of Southern California did not accurately report verification results to the Central Processing System and Common Origination and Disbursement System for 8 of the 60 students included in our statistical random sample. Based on the results of our statistical random sample, we estimate that the University of Southern California did not accurately report verification results for 199 (13 percent) of the 1,534 Pell recipients selected for verification for award year 2017–2018.