Federal Reports

In September 2015, OIG received an allegation claiming VA management failed to comply with VA policy and guidance when it deployed Real Time Location System (RTLS) assets without appropriate project oversight. The complainant also stated that VA deployed RTLS assets without meeting VA information security requirements.OIG found that the RTLS Project Management Office (PMO) did not follow guidance from VA’s Technology Acquisition Center to use an incremental project management approach and did not follow VA’s project implementation policy requiring the use of the Project Management Accountability System for all acquisitions and delivery of RTLS assets. VA awarded the first RTLS task order in June 2012. As of December 2016, $431 million had been obligated for RTLS assets and services without Government acceptance of a functional RTLS solution.Additionally, OIG found that RTLS assets were connected to the VA network without proper testing and approval of system security controls in accordance with VA’s risk management framework. As a result, VA’s internal network faced unnecessary risks from these untested RTLS system security controls. In October 2016, RTLS was granted an initial authorization to operate on the VA network.OIG recommended the Acting Under Secretary for Health, in conjunction with the Acting Assistant Secretary for Information and Technology, apply additional resources and implement improved integrated project management controls for the reminder of the project to restrict further cost increases and enforce the use of incremental project management controls, such as those used within the Veteran-focused Integration Process (VIP) on all remaining RTLS task orders, to ensure such efforts will provide an adequate return on investment. In addition, OIG recommended the Acting Assistant Secretary for the Office of Information and Technology ensure risk assessments are conducted on future RTLS deployments to identify potential risks and vulnerabilities that may adversely affect other VA systems.

Origin-Destination Information System - Revenue, Pieces, and Weight (ODIS-RPW) is the primary probability sampling system used by the U.S. Postal Service to assist in estimating mail revenue, volume flow, and weight. As part of this system, data collection technicians test and record mailpiece characteristics, such as shape, postmark date, and origin ZIP code. Management observes and reviews these tests to ensure that data collection technicians employ proper procedures and that the data is accurate. Our objective was to determine whether the Postal Service conducted ODIS-RPW tests in accordance with established policies and procedures.

We evaluated TVA's Corrective Action Program (CAP) to determine if the CAP was effective in resolving employee concerns at Sequoyah Nuclear Plant. We determined the Sequoyah CAP was generally effective in resolving employee concerns during calendar years 2015 and 2016. Specifically, we determined condition reports (CRs) classified as CAP were addressed effectively and in a timely manner. However, we identified areas for improvement related to (1) the classification of CRs, (2) routing and documentation of anonymous CRs, and (3) CAP training.

This report contains classified information that is exempt from disclosure under the Freedom of Information Act. To obtain further information, please contact the OIG Office of Counsel at OIGCounsel@oig.treas.gov, (202) 927-0650, or by mail at Office of Treasury Inspector General, 1500 Pennsylvania Avenue, Washington DC 20220.

The report is classified. To file a Freedom of Information Act request, please submit a request to FOIA Online.