Federal Reports

The VA Office of Inspector General (OIG) conducted a healthcare inspection to assess whether leaders implemented corrective actions to address pharmacy-related concerns at the VA Central Western Massachusetts Healthcare System (system) in Leeds.In early 2023, the OIG received five allegations related to prescription processing delays and inadequate pharmacy staff training, and requested the Veterans Integrated Service Network (VISN) Director to respond to the allegations. According to the response, an external review, performed by individuals associated with another VISN, partially substantiated or substantiated four of the five allegations and made 12 recommendations. The System Associate Director (Associate Director) adopted the recommendations as corrective actions and, in July, tasked the chief of pharmacy with implementation. The OIG opened a hotline in September to determine whether system leaders had implemented the 12 corrective actions.The OIG determined that 11 of the 12 corrective actions were incomplete. The OIG found the chief of pharmacy perceived the corrective actions as a disciplinary tool rather than an opportunity to improve pharmacy services and that this impacted implementation of the corrective actions.Further, the Associate Director and the acting Associate Director, as the chief of pharmacy’s supervisors, did not provide effective and timely oversight to ensure completion of the corrective actions. Although not required, they also missed opportunities to involve the VISN Pharmacist Executive earlier, rather than waiting until corrective action deadlines had passed, diminishing the effectiveness of the VISN Pharmacist Executive to assist the system with timely intervention.The OIG made three recommendations to the VISN Director related to the completion of the corrective actions; training of pharmacy staff and supervisors; and ensuring that leaders receive administrative action, as appropriate.

The Science and Technology Directorate (S&T) can improve management of its research, development, testing, and evaluation (R&D) activities related to critical infrastructure security and resilience. Although S&T is actively making efforts to improve processes, it:• does not use a risk-based, holistic approach to prioritize critical infrastructure R&D programs and projects department-wide;• does not follow established project management principles and its own project management policies and procedures; and• relies on inaccurate and incomplete information to manage its critical infrastructure R&D projects.These problems occurred because S&T relies on component-based R&D prioritization processes instead of establishing and updating department-wide strategic priorities. Additionally, S&T does not ensure adherence to project management best practices, such as integrating program and project plans, using standard terminology and abbreviations, and tailoring its processes to fit the project needs. Finally, S&T has no formal data validation process to ensure the quality of R&D project management data

What We Looked At    This report presents the results of our quality control review (QCR) of an attestation examination of the Department of Transportation’s (DOT) Enterprise Services Center (ESC) controls. ESC provides financial management services to DOT and other agencies and operates under the direction of DOT’s Chief Financial Officer. The Office of Management and Budget requires ESC, as a service organization, to either provide its user organizations with independent audit reports on the design and effectiveness of its internal controls or allow user auditors to perform tests of its controls.We contracted with KPMG LLP to conduct this examination subject to our oversight. The objectives of the review were to determine whether (1) management’s description of ESC’s systems is fairly presented, (2) ESC’s controls are suitably designed, and (3) ESC’s controls are operating effectively throughout the period of October 1, 2023, through June 30, 2024. We performed a QCR on KPMG’s report and related documentation.What We FoundOur QCR disclosed no instances in which KPMG did not comply, in all material respects, with generally accepted Government auditing standards.Our RecommendationsKPMG made no recommendations.   

Amtrak notified our office February 16, 2024, of a potential data‐sharing incident. Our investigation found that an employee granted two third‐party email accounts access to an Amtrak OneDrive/SharePoint folder which contained 369 company files related to an Amtrak program. As a result of our investigation into the incident, the company took remedial action to optimize Microsoft tools for data loss prevention, conducted routine auditing and removal of guest accounts, completed additional security enhancements, and provided alerts for risky file sharing.

Although U.S. Customs and Border Protection (CBP) responded to CBPOne™ application weaknesses after implementation, it did not formallyassess and mitigate the technological risks involved with expanding theapplication to allow undocumented noncitizens (noncitizens) to scheduleappointments to present themselves for processing at Southwest BorderPorts of Entry (POEs). We found that CBP did not initially consider criticalfactors such as the design of the CBP One™ Genuine Presencefunctionality, adequacy of supporting application infrastructure,sufficiency of language translations, and equity of appointmentdistribution. As a result, noncitizens initially using the new featureexperienced application crashes, received frequent error messages, facedlanguage barriers, and may not have always had an equal opportunity tosecure an appointment.

What We Looked AtThe locks, channels, and accompanying infrastructure of the St. Lawrence Seaway are perpetual transportation assets that require periodic and regular capital reinvestment in order to continue to operate safely, reliably, and efficiently. The Great Lakes St. Lawrence Seaway Development Corporation (GLS) Seaway Infrastructure Program (SIP), previously the Asset Renewal Program, addresses the long-term capital asset renewal needs of the U.S. seaway infrastructure. Adequate internal controls are critical for GLS to generate high-quality cost estimates for its SIP projects and accurately track accumulated SIP project costs. Previously, the Government Accountability Office (GAO) identified issues with GLS’ cost estimating process. Given GAO’s previous findings and the importance of complete and accurate cost estimates, we initiated this audit. Accordingly, our audit objective was to evaluate the reliability of GLS’ cost-estimating process for SIP projects completed during fiscal years 2021 and 2022. As part of our review, we also evaluated GLS’ controls for determining the costs of completed projects.What We FoundGLS has not established adequate internal controls to effectively manage its estimating process for SIP projects. Specifically, GLS does not follow a formal process for developing reliable cost estimates. Also, GLS does not have policies and procedures for ensuring cost estimates are performed when required. In addition, we determined that GLS lacks adequate documentation of controls over determining the total costs for completed SIP projects. Specifically, GLS does not have a suitable mechanism in place to track the accumulated costs of completed SIP projects.Our RecommendationsWe made four recommendations to improve GLS’ internal controls over the SIP cost estimating process. GLS concurred with our recommendations. We consider the recommendations resolved but open pending completion of planned actions. 

Our objective was to determine whether Defense Intelligence Agency (DIA) managed its Research, Development, Testing, and Evaluation (RDT&E) funds to align with Agency mission priorities and optimize their use. To achieve the objective, we conducted a review of RDT&E budget requests and assessed the alignment of funds with DIA strategy and mission priorities. Additionally, we reviewed DIA’s obligation and expenditure performance against Office of the Secretary of Defense goals and unliquidated obligations to assess fund optimization. We also conducted interviews with Agency officials to gain insight into DIA’s processes for monitoring funds. We issued the results of our evaluation, along with four recommendations, in a final report dated August 21, 2024.