Federal Reports

This report assesses the effectiveness of company efforts to detect drug and alcohol issues among employees in safety-sensitive positions. We identified weaknesses in the company’s controls for detecting drug- and alcohol-related issues among its employees in safety-sensitive positions. We found that 1) drug and alcohol use was more prevalent than identified by company testing and employee assistance programs, 2) testing requirements for employees were not consistently followed, 3) collection of drug and alcohol testing data was inefficient, 4) databases of employees who required random drug and alcohol testing were missing records, 5) not all supervisors were trained to detect potential impairment of employees, and 6) oversight of prescription drug use was limited. We recommended the company establish a reliable procedure to track and monitor required drug and alcohol testing of employees in safety-sensitive positions, implement use of digital technology to improve data collection, ensure the database it uses to select employees for random testing includes all employees in safety-sensitive positions, and establish a process to ensure that supervisors have the requisite training on how to identify employees who are potentially impaired. Additionally, we recommended implementation of new measures to encourage employees in safety-sensitive positions to self-report their prescription drug use, as required by company policy.

The National Science Foundation Office of Inspector General engaged Moss Adams, LLP (Moss Adams) to conduct a performance audit of incurred costs at the University of Tennessee Knoxville (UTK) for the period July 1, 2013, to June 30, 2016. The auditors tested more than $2.9 million of the $102 million of costs claimed to NSF. The objective of the audit was to determine if costs claimed by UTK on NSF awards were allowable, allocable, reasonable, and in compliance with NSF award terms and conditions and Federal financial assistance requirements.

Williams, Adley & Company–DC, LLP completed an audit of Oregon’s management of State Homeland Security Program (SHSP) and Urban Areas Security Initiative (UASI) grants awarded during fiscal years 2013 through 2015. Williams Adley concluded that Oregon’s State Administrative Agency generally complied with applicable Federal laws and regulations. Although Williams Adley did not identify any duplicate benefits received by the state, it did identify instances in which the state did not fully comply with the FEMA FYs 2013–2015 Notice of Funding Opportunity guidance. Specifically, the state did not pass through 80 percent of funds, obligate grants within 45 days, properly charge indirect costs to SHSP grants, sufficiently monitor its subrecipients, and properly monitor equipment purchased. These issues occurred because the State Administrative Agency did not obtain written consent when withholding more than 20 percent of funds, coordinate with subrecipients after award receipt, have approved indirect cost rate agreements, adhere to its subrecipient monitoring procedures, have a tracking system, or provide guidance to subrecipients. As a result, Williams Adley could not fully assess whether the State Administrative Agency enhanced its ability to prepare for and respond to disasters and acts of terrorism. FEMA concurred with all 10 of our recommendations to strengthen program management, performance, and oversight.

In this evaluation, we found that the National Park Service (NPS) did not use philanthropic partner donations in compliance with policies, regulations, and laws. Philanthropic partners are organizations that assist parks by providing services and financial support.The NPS is authorized to work with philanthropic partners to help further the NPS’ mission. Partners provide financial support to parks in two ways: the partner either donates the funds directly to the park, for the park to manage, or maintains the funds in an account and spends them at the park’s request. One of the ways that partners donate funds to parks is in the form of “superintendent’s funds.”We visited 30 parks and found that 26 of them made, or requested their partners to make, purchases for food and beverages totaling $282,472, and for personal gifts totaling $12,553. We questioned all food, beverage, and gift expenses as the form and level of detail of supporting documentation was insufficient: it varied by park and partner, and did not consistently have written justifications for how the expenses were necessary to accomplish the mission of the NPS. Food and beverage purchases from superintendent’s funds, in particular, did not meet requirements that donated funds be treated like appropriated funds and that purchases made with donated funds be for official agency purposes.The NPS misused donations because it (1) did not oversee the use of donated funds, (2) did not compile and report total donated funds, (3) did not have an accurate directory of philanthropic partners and amounts donated, and (4) did not have policy for the use of superintendent’s funds.Because the NPS did not ensure donations were appropriate, its parks did not receive the full benefit of partner donations. In addition, by not ensuring proper use of donations though oversight, tracking, and policy, the NPS increased its risk of fraud, waste, and abuse. By strengthening controls and oversight, the NPS can help keep the public’s trust in its philanthropic partnerships and their critical role in preserving history and enhancing visitor experiences.We made eight recommendations that, if implemented, will help prevent future misuse of donations and improve oversight, reporting, and policies. The NPS responded to our draft report on February 14, 2019. Based on its response, we consider Recommendations 1, 7, and 8 resolved and implemented, Recommendations 2 and 3 unresolved and not implemented, and Recommendations 4 – 6 resolved but not implemented. We will refer Recommendations 2 – 6 to the Assistant Secretary for Policy, Management and Budget for resolution and to track implementation.

The Federal Information Security Modernization Act (FISMA) (Public Law 113-283) requires Federal agencies to have an annual independent evaluation of their information security programs and practices. This evaluation can be performed by either the agency’s Office of Inspector General (OIG) or by an independent external auditor, as determined by the OIG, to determine the effectiveness of such programs and practices. KPMG, an independent public accounting firm, performed the DOI fiscal year 2018 FISMA audit under a contract issued by the DOI and monitored by the OIG.KPMG reviewed information security practices, policies, and procedures at the DOI Office of the Chief Information Officer and 11 DOI bureaus and offices, and identified needed improvements in the areas of configuration management, identity and access management, data protection and privacy, contingency planning and incident response. KPMG made 18 recommendations related to these control weaknesses that were intended to strengthen the Department’s information security program, as well as those of the Bureaus and Offices. In its response to the draft report, the Office of the Chief Information Officer concurred with all recommendations and established a target completion date for each corrective action.

Williams, Adley & Company – DC LLP, under contract with DHS OIG, issued an Independent Accountant’s Report on U.S. Immigration and Customs Enforcement’s (ICE) fiscal year 2018 Performance Summary Report. ICE’s management prepared the Performance Summary Report (PSR) and related disclosures in accordance with the requirements of the Office of National Drug Control Policy’s Circular, Accounting of Drug Control Funding and Performance Summary, dated May 8, 2018 (the Circular). Williams Adley was unable to assess the accuracy of the number of products reported in Metric 2, “Number of counter-narcotics intelligence requests satisfied,” as part of the PSR. With the exception of the effects of this issue, Williams Adley is not aware of any material modifications that should be made to the PSR or the related assertions for the year ended September 30, 2018, in order for them to be in accordance with the requirements set forth in the Circular. Williams Adley did not make any recommendations as a result of its review.