Federal Reports

The U.S. Consumer Product Safety Commission (CPSC) OIG retained KPMG, LLP (KPMG), an independent public accounting firm, to perform the independent audit of the CPSC’s financial statements for fiscal year (FY) 2025 in accordance with auditing standards generally accepted in the United States.  This report is contained in the CPSC’s Annual Financial Report which also contains the complete set of financial statements, management’s discussion and analysis, and required supplementary and other information.  KPMG found that the CPSC received a qualified or clean opinion.  However, the agency was found to have two material weaknesses, first identified in FY 2023; and one significant deficiency.

In accordance with the Reports Consolidation Act of 2000, the OIG reports annually on the most serious management and performance challenges the U.S. Department of Education (Department) faces. For FY 2026, we identified four management challenges the Department faces as it continues its efforts to promote student achievement and preparation for global competitiveness by fostering educational excellence and ensuring equal access. These challenges are (1) oversight and monitoring of grantees, (2) Oversight & monitoring of student financial assistance programs; (3) data quality and reporting, and (4) information technology security. The report includes a summary of each challenge, a brief assessment of the Department’s progress in addressing each challenge, and shares information on further actions that, if properly implemented, could enhance the effectiveness of the Department’s programs and operations.

There continues to be an increased focus on supply chain risks in the Federal Government. In December 2020, the Government Accountability Office reported that a majority of the 23 agencies reviewed, which included the Department of Energy, had not implemented selected foundational practices for managing information and communications technology supply chain risks. In the Department’s case, information technology (IT) supply chain risk management (SCRM) is a particular challenge due to the diversity of its missions and decentralized operating environment.

We initiated this audit to determine whether the Department effectively managed its IT SCRM process.

We determined that the Department made progress in effectively managing its IT SCRM process, but opportunities for improvement existed to help ensure compliance with Federal and Department requirements. Specifically, we found issues related to the accuracy of the Department’s critical software inventory and insufficient assessments and reviews of potentially vulnerable suppliers. For example, the Department had not developed an accurate inventory of its critical software, which could have prevented it from protecting critical software, platforms, and data from unauthorized access. The Department also faced unknown SCRM risks because it did not always conduct assessments of technology acquisitions, including vendors with foreign ownership, control, or influence.

Without improvements to its SCRM process, the Department is vulnerable to potentially malicious, counterfeit, or vulnerable IT equipment or services. The inability to identify critical software quickly also places the Department at an elevated risk in the event of a compromise as it may be unable to rapidly respond to remediate vulnerabilities. Further, had entities routinely performed SCRM assessments and reviews, they may have increased awareness of supply chain risks involving certain vendors, resulting in different security decisions including implementing monitoring, conducting routine reviews of the vendor, or selecting a different vendor.

We suggest that the Department develop an accurate inventory of its critical software. In addition, we also suggest that three of the sites reviewed ensure that policies and procedures related to SCRM for IT acquisitions are developed and effectively implemented.

The VA Office of Inspector General (OIG) conducted a healthcare inspection of the VA Nebraska-Western Iowa Health Care System (facility) in Omaha from November 2024 through May 2025, following a congressional request to evaluate allegations related to the inpatient mental health unit’s environment of care. The OIG also evaluated allegations from another complainant regarding unit staffing and identified additional concerns related to training, policy guidance, and oversight.

The OIG substantiated facility leaders did not ensure adequate night lighting in patient rooms, which may affect patients’ sleep and hinder staff’s ability to conduct safety rounds. The OIG also substantiated the unit was not consistently staffed with the required number of employees trained in therapeutic containment for high-risk areas, placing patients and employees at risk. Although the OIG did not substantiate allegations that the unit was unclean and restroom doors did not lock, the OIG found female patients were unable to access the restroom without staff assistance.

The OIG found nursing leaders did not (1) develop a required patient safety rounding standard operating procedure, increasing the risk of inconsistent observation practices, and (2) ensure a clear process for using a risk for violence assessment, contributing to the inability to determine required staffing.

Additionally, facility leaders did not (1) consistently report root cause analysis action items, which may result in leaders being unaware of opportunities to improve care, and (2) notify Veterans Integrated Service Network (VISN) 23 leaders of bed closures exceeding 60 days, misrepresenting available bed capacity.

The Under Secretary for Health concurred with 2 OIG recommendations related to high-risk workplace staffing guidance; the VISN Director concurred with 1 recommendation regarding oversight of bed changes; and the Facility Director concurred with 10 recommendations regarding unit lighting, rounding procedures, mitigation planning, staffing and training requirements, and root cause analysis reporting.

Semiannual Report to the Congress April 1, 2025 – September 30, 2025

The Chief Financial Officers Act of 1990 requires the Inspector General to audit the agency’s financial statements each year, which is intended to help improve an agency’s financial management and controls over financial reporting. For FY 2025, the auditors issued an unmodified opinion on the FY 2025 consolidated financial statement of the Department. The auditors reported that the FY 2025 consolidated financial statement is presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles. In the Report on Internal Control over Financial Reporting, the auditors identified one material weakness and three significant deficiencies in internal control over financial reporting. In the Report on Compliance and Other Matters, the auditors reported no instances of noncompliance that were required to be reported under Government Auditing Standards or OMB Bulletin No. 24-02. Seven recommendations were made to the Department to address the internal control findings.  Management concurred with the findings and agreed to take action to address the recommendations.  See pages 84-96 for the report.