Federal Reports

This management advisory is to alert the U.S. Department of the Interior (DOI) to an incident we discovered in which a DOI employee unnecessarily shared a spreadsheet containing the personally identifiable information (PII) of 182 employees from a number of DOI bureaus.During a recent investigation, we learned that the DOI employee created the spreadsheet for use in internal training and then emailed it to a group of from several DOI bureaus. Because the group members all got the same spreadsheet, they were able to access the PII of employees in DOI bureaus outside their own. We determined that the group members had no business- or training-related need for the PII of employees from other bureaus.The subject of our investigation attempted to send the list to his personal email account and intended to access it on his personal computer, which had software installed that made it vulnerable to outside access and control. Although the subject's attempt was blocked, the DOI employee's unnecessary transmittal of the spreadsheet to the entire group placed the PII of 182 employees at an increased risk of compromise. We encourage DOI to review its procedures for limiting access to PII only to those with a business need to know.

We audited costs claimed by the State of Connecticut’s Department of Economic and Community Development (DECD) on Grant No. P13AF00113 with the National Park Service (NPS) to determine whether (1) they were reasonable, supported, allowable, and allocable and (2) the DECD complied with Federal regulations, State and NPS policies and procedures, and grant agreement terms and conditions. We also reviewed the use of grant funds for site survey work and determined that it was allowable under the governing legislation.We reviewed $5,002,392 in costs claimed between July 1, 2013, and March 31, 2017, and determined that $1,912 of the costs claimed by the DECD on the grant was unallowable, and that there was an undetermined amount of unallowable administrative costs under Federal regulations, State and NPS policies and procedures, and grant agreement terms and conditions. We also identified $244,978 in unallowable costs, but the DECD provided us with the required approval after we brought these costs to the DECD’s attention. In addition, we identified deficiencies in compliance. Specifically, the DECD:• Did not track administrative costs• Paid costs outside the period of performance without obtaining timely approval• Did not properly segregate Federal funds• Made an ineligible purchase of $1,912• Did not identify a computer in use as Federal Government property• Did not properly document subgrant monitoring• Did not properly complete the Federal Financial ReportsThese deficiencies occurred because the DECD misapplied or misunderstood the Federal regulations, State and NPS policies and procedures, and grant agreement terms and conditions. These deficiencies led to $1,912 in ineligible costs (for a computer charged to the grant but not used) and an undetermined amount of other questioned costs because the DECD did not properly track expenditures.In this audit report, we made nine recommendations to help the NPS develop policies and procedures to ensure the DECD’s compliance with Federal regulations, State and NPS policies and procedures, and grant agreement terms and conditions.

During an audit of the costs claimed by the State of Connecticut’s Department of Economic and Community Development (DECD) on Grant No. P13AF00113 with the National Park Service (NPS), we found several issues with NPS oversight over the DECD’s performance. Specifically, the NPS did not:• Clearly define administrative costs when monitoring expenses• Properly review the Federal Financial Reports (SF-425s)• Document or communicate major funding changes to CongressIn this management advisory, we make three recommendations to the NPS to resolve these issues.

The Government Charge Card Abuse Prevention Act of 2012 (Public Law 112-194) requires Offices of Inspector General to, among other things, conduct periodic assessments of the government purchase card program to identify and analyze risks of illegal, improper, or erroneous purchases and payments. According to the Office of Management and Budget memorandum M-13-21, this risk assessment should be performed annually. The purpose of this special report is to fulfill the requirements of the Act and OMB guidance. Generally, we found that PBGC has policies and procedures in place to address the requirements in the Act, and has internal controls to assist in the monitoring of this program. Based on our review, we determined that the risk of illegal, improper, or erroneous purchases in PBGC’s Purchase Card program is low. We conclude that an OIG audit of this program is not warranted at this time.

For our final audit report conducted to review the NOAA Office of Marine and Aviation Operations (OMAO) ship fleet, our objective was to determine whether NOAA OMAO coordinates ship maintenance and repairs of its fleet using the Shipboard Automated Maintenance Management System (SAMMS).

The VA Office of Inspector General (OIG) conducted a focused evaluation of the quality of care delivered in the inpatient and outpatient settings of the South Texas Veterans Health Care System (facility). The review covered key clinical and administrative processes associated with promoting quality care—Leadership and Organizational Risks; Quality, Safety, and Value; Medication Management: Anticoagulation Therapy; Coordination of Care: Inter-Facility Transfers; Environment of Care; High-Risk Processes: Moderate Sedation; and Long-Term Care: Community Nursing Home Oversight. OIG also provided crime awareness briefings to 105 employees.The facility had stable executive leadership with the exception of the vacancy for the Associate Director; however, it appears that the vacancy has not impacted the provision of quality care. Facility leaders were actively engaged with employees and patients and were working to improve satisfaction scores. Organizational leaders support patient safety, quality care, and other positive outcomes. OIG’s review of accreditation organization findings, sentinel events, disclosures, Patient Safety Indicator data, and Strategic Analytics for Improvement and Learning (SAIL) results did not identify any substantial organizational risk factors. Although the senior leadership team was knowledgeable about selected SAIL metrics, the leaders should continue to take actions to improve performance of the Quality of Care and Efficiency metrics likely contributing to the facility’s current 3-star rating. OIG noted findings in two of the areas of clinical operations reviewed and issued three recommendations that are attributable to the Chief of Staff, Nurse Executive, and Assistant Director. The identified areas with deficiencies are:(1) Environment of Care• Safety and infection prevention on the cardiac intensive care unit at the parent facility• Locked mental health unit employee and Interdisciplinary Safety Inspection Team member training(2) Long-Term Care: Community Nursing Home Oversight• Clinical visits for patients residing in community nursing homes