Federal Reports

What We Looked AtThe Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to implement information security programs. FISMA also requires agencies to have annual independent evaluations performed to determine the effectiveness of their programs and report the results of these reviews to the Office of Management and Budget. To meet this requirement, the Surface Transportation Board (STB) requested that we perform its fiscal year 2018 FISMA review. We contracted with Williams Adley & Company DC LLP (Williams Adley), an independent public accounting firm, to conduct this audit subject to our oversight. The audit objective was to determine the effectiveness of STB's information security program and practices in five function areas--Identify, Protect, Detect, Respond, and Recover.What We FoundWe performed a quality control review (QCR) of Williams Adley's report and related documentation. Our QCR disclosed no instances in which Williams Adley did not comply, in all material respects, with generally accepted Government auditing standards.RecommendationsSTB concurs with Williams Adley's seven recommendations.

The VA Office of Inspector General (OIG) conducted a focused evaluation of the quality of care delivered at the VA Boston Healthcare System (Facility). The review covered key clinical and administrative processes associated with promoting quality care—Leadership and Organizational Risks; Quality, Safety, and Value; Credentialing and Privileging; Environment of Care; Medication Management: Controlled Substances Inspection Program; Mental Health Care: Posttraumatic Stress Disorder Care; Long-term Care: Geriatric Evaluations; Women’s Health: Mammography Results and Follow-Up; and High-Risk Processes: Central Line-Associated Bloodstream Infections. The OIG noted that Facility leaders have been in their respective positions for at least four years. Facility leaders were actively engaged with employees and patients and were continuously striving to maintain employee and patient satisfaction scores. Facility leaders appeared to support efforts related to patient safety, quality care, and other positive outcomes. However, the presence of organizational risk factors, as evidenced by Patient Safety Indicator data, may contribute to future issues of noncompliance and/or lapses in patient safety unless corrective processes are implemented and monitored. Although the leaders were knowledgeable about selected Strategic Analytics for Improvement and Learning (SAIL) metrics, the leaders should continue to take actions to sustain performance and to improve care and performance of poorly performing Quality of Care and Efficiency metrics that are likely contributing to the current “4-Star” rating. The OIG noted findings in four of the clinical operations reviewed and issued seven recommendations that are attributable to the Director, Chief of Staff, and Deputy Director. The identified areas with deficiencies are: (1) Quality, Safety, and Value • Evaluation of peer review findings (2) Credentialing and Privileging • Focused and Ongoing Professional Practice Evaluation processes (3) Environment of Care • Separate storage for clean and dirty equipment • Solid bottom shelving in equipment storage areas (4) Medication Management: Controlled Substances Inspection Program • Annual physical security actions

The Office of Inspector General (OIG) must review a statistically valid sample of the spending data submitted by the Department of Health and Human Services (HHS) in accordance with the Digital Accountability and Transparency Act (DATA Act; P.L. No. 113-101). The DATA Act expands the reporting requirements pursuant to the Federal Funding Accountability and Transparency Act of 2006 (FFATA) (P.L. No. 109-282). Ernst & Young (EY) LLP, under its contract with the HHS OIG, audited the fiscal Year (FY) 2018 second quarter spending submitted to USAspending.gov to determine compliance with the DATA Act.

The OIG investigated allegations that a Bureau of Safety and Environmental Enforcement (BSEE) manager reprised against a BSEE employee for engaging in protected activities.We found that the employee engaged in the protected activities and that the manager knew of the complaints made to our office and to the Equal Employment Opportunity Office when the personnel actions were taken. We found, however, that the employee routinely made negative comments about BSEE managers and employees and had engaged in conduct that others perceived as harassing and hostile, and that the manager would have taken personnel action against the employee because of the employee’s misconduct, regardless of whether the employee had engaged in the protected activities.

The Office of Inspector General examined NASA’s management of its historic property, including the processes used to identify, account for, and maintain real and personal property; the extent to which historic property is used to further NASA’s current missions; and the challenges in managing historic property and aging facilities.

We initiated this investigation based on information we received while investigating U.S. Department of the Interior (DOI) Secretary Ryan Zinke’s use of noncommercial aircraft for U.S. Government travel. This investigation focused on whether Secretary Zinke abused his position by having his family members travel with him in Government vehicles, whether he asked that his wife, Lolita Zinke, be appointed as a DOI volunteer to legitimize her travel, and whether he requested a Government cell phone for her. We also examined Secretary Zinke’s use of his protective service detail, including during a vacation the Zinkes took to Turkey and Greece in August 2017. In addition, we reviewed his office’s purchase of secretarial challenge coins (small coins bearing an organization’s emblem or logo, given as tokens of recognition or appreciation), and an allegation that a DOI employee resigned because he made her walk his dog while at work.We determined that the DOI Office of the Solicitor’s Division of General Law approved Lolita Zinke and other individuals to ride in Government vehicles with Secretary Zinke. Although this violated a DOI policy prohibiting non-Government employees from riding in Government vehicles, officials we spoke to noted that the Secretary was in a unique position because he was required to use security vehicles and could not use a personal vehicle if he wanted his wife to travel with him. The Zinkes reimbursed costs associated with Lolita Zinke’s travel in DOI vehicles when required.In addition, Lolita Zinke ultimately did not become a volunteer. While Secretary Zinke confirmed that his staff had researched the implications of making her a volunteer, he denied that it was an effort to circumvent the requirement to reimburse the DOI for her travel. We also did not find that he had requested a Government cell phone for her.While we found no prohibition against a security detail protecting Secretary Zinke on his vacation, we learned that the U.S. Park Police had no finalized policy governing the detail’s activities. The detail, which was unarmed, cost the DOI over $25,000. In addition, Secretary Zinke told his detail on one occasion to drive a non-Government employee to the airport, but he was later told that this was not appropriate and it has not happened since. The remaining allegations were unfounded.We provided this report to the Deputy Secretary of the Interior.