Federal Reports

The Federal Information Security Modernization Act of 2014 (FISMA) requires each agency’s Inspector General (IG) to conduct an annual independent evaluation to determine the effectiveness of the information security program (ISP) and practice of its respective agency. Our objective was to evaluate the Tennessee Valley Authority’s (TVA) strategy and the progress of TVA’s ISP and agency practices for ensuring compliance with FISMA and applicable standards, including guidelines issued by the Office of Management and Budget and the National Institute of Standards and Technology. Our audit scope was limited to answering the fiscal year (FY) 2017 IG metrics developed as a collaborative effort by Office of Management and Budget, Department of Homeland Security, and Council of Inspector Generals on Integrity and Efficiency in consultation with the Federal Chief Information Officer Council. The FY2017 IG FISMA metrics recommend a majority of the functions be at a maturity level 4 (managed and measurable) or higher to be considered effective. Based on our analysis of the metrics and associated maturity levels defined within the FY2017 IG FISMA metrics, we found TVA’s ISP was operating in an effective manner.

The Office of the Inspector General conducted a review of the Chief Human Resource Office’s (CHRO) organization to identify operational and cultural strengths and risks that could impact CHRO’s organizational effectiveness. Our report identified strengths within CHRO related to (1) organizational alignment, (2) development of the CHRO strategy, and (3) management support within the business units. However, we also identified risks related to (1) collaboration across the CHRO, (2) relationship and inclusion issues, (3) potential for noncompliance with the Tennessee Valley Authority's code of conduct, and (4) the potential for ineffective CHRO measurements.

The VA Office of Inspector General (OIG) conducted a focused evaluation of the quality of care delivered in the inpatient and outpatient settings of the John D. Dingell VA Medical Center (facility). The review covered key clinical and administrative processes associated with promoting quality care—Leadership and Organizational Risks; Quality, Safety, and Value; Medication Management: Anticoagulation Therapy; Coordination of Care: Inter-Facility Transfers; Environment of Care; High-Risk Processes: Moderate Sedation, and Long-Term Care: Community Nursing Home Oversight. OIG also provided crime awareness briefings to 53 employees.The facility has generally stable executive leadership and active engagement with employees and patients to improve satisfaction scores. Organizational leaders support patient safety, quality care, and other positive outcomes (such as initiating processes and plans to improve perceptions of the facility through active stakeholder engagement). OIG’s review of accreditation organization findings, sentinel events, disclosures, Patient Safety Indicator data, and Strategic Analytics for Improvement and Learning (SAIL) results identified multiple organizational risk factors. The senior leadership team was knowledgeable about selected SAIL metrics and should continue to take considerable actions to improve care and performance, particularly Quality of Care and Efficiency metrics likely contributing to the current 2-star rating.OIG noted findings in four of the six areas of clinical operations reviewed and issued 10 recommendations that are attributable to the Chief of Staff, Nurse Executive, and Associate Director. The identified areas with deficiencies are:(1) Quality, Safety, and Value • Review of credentialing and privileging data(2) Medication Management: Anticoagulation Therapy• Patient education specific for newly prescribed anticoagulant medications• Employee competency assessments(3) Environment of Care• Environment of care rounds attendance• Damaged furnishings in patient care areas• Panic alarm testing• Radiation shield and apron integrity inspection and testing• Annual inspection of radiology equipment• Interdisciplinary Safety Inspection Team training(4) Long-Team Care: Community Nursing Home Oversight• Cyclical clinical visits

Congress required that the OIG report on the accuracy and timeliness of VA payments for medical care provided under Choice. This report addresses payments processed through VA’s Fee Basis Claims System from November 2014 through September 2016. The Veterans Health Administration’s (VHA’s) Office of Community Care (OCC) contracted with Third Party Administrators (TPAs) to process claims and pay Choice medical providers. During the 23-month audit period, OIG sampled from a population of 2 million Choice claims. Of those claims, an estimated 224,000 were paid in error, and 1 million were processed in excess of the 30-day Prompt Payment Standard. The OIG determined weak internal controls over the payment process contributed to these errors. Also, the OCC did not establish clear written policies for Choice claim payments, ensure quality information was available to payment staff, use an information system that could adequately address overpayment of medical claims, establish monitoring activities to determine if payment controls worked, or accurately estimate staffing needs for claims processing. The OIG estimated OCC made $39 million in overpayments to TPAs. The OIG recommended that VHA management ensure systems used for processing medical claims from TPAs have the ability to adjudicate reimbursement rates accurately and issue written payment policies to claims-processing staff. The OIG also recommended that OCC establish expectations and obligations for TPAs that submit invoices for payment, develop sufficient claims-processing capacity to meet expected TPA claim volume, and ensure future TPA contracts contain timeliness standards for processing payments. The Executive in Charge, VHA, concurred and agreed that a full review of Choice payments and recovery of all identified overpayments is essential.

Management Letter for the FY 2015 Financial Statement Audit

The report is classified. To file a Freedom of Information Act request, please submit a request to FOIA Online.

We did not post this report due to concerns with information protected under the Freedom of Information Act.

The National Credit Union Administration OIG conducted risk assessments for fiscal year 2016 as required by the Government Charge Card Abuse Prevention Act of 2012. Specifically, we conducted risk assessments of the NCUA’s individually billed accounts travel card program and centrally billed accounts travel and purchase card programs.