Federal Reports

The objective of the evaluation is to determine whether the U.S. AbilityOne Commission's 2022- 2026 Strategic Plan has the necessary framework, including specific operational initiatives/objectives and associated performance measures. The evaluation will be conducted using Quality Standards for Inspection and Evaluation, issued by the Council of the Inspectors General on Integrity and Efficiency.

The City of Jackson’s funding for its water system did not address the capacity issues at the O.B. Curtis Water Treatment Plant, leading to chronic problems with operations and maintenance. Various Jackson departments did not effectively communicate the water system’s capacity issues internally, which only served to exacerbate the problems facing O.B. Curtis and the city’s water system. In addition, while the Mississippi State Department of Health, or MSDH, took informal compliance and enforcement actions with Jackson, it did not provide additional technical assistance to Jackson through the Local Assistance and Other State Programs set-aside. We also found that the MSDH could have been more proactive in the years leading up to Jackson’s water system failure in providing flexible Drinking Water State Revolving Fund loan options for disadvantaged communities like Jackson. The MSDH did not make these flexible loan and subsidy options available to disadvantaged communities, including Jackson, until after June 2021. Also, only after Jackson requested a refinance in October 2022 did the MSDH approve refinancing the city’s DWSRF loans.

The Office of the Inspector General performed an audit of a TVA hydroelectric facility to determine if the network architecture and assets in use to support site business and operations were compliant with TVA policies, procedures, and identified best practices. We determined several areas of the network architecture and assets did not follow TVA policies, procedures, or identified best practices. Specifically, we identified the following issues:• Network redundancy was not implemented in accordance with identified best practices.• Network asset retirement was not implemented in accordance with Power Operations’ Standard Operating Procedure.• Power Operations’ location specific standard operating procedure did not require unique passwords in accordance with identified best practices.In addition, we identified the following internal control deficiencies significant to our audit objective:• Baseline configurations were not implemented in accordance with location specific Power Operations’ standard operating procedure.• Physical access permissions and controls were not implemented in accordance with identified best practices.TVA management agreed with our recommendations.

Each year agency program officials, chief information officers, and inspectors general must review their agencies’ information security programs and report to the Department of Homeland Security and Congress on the programs’ compliance with the Federal Information Security Modernization Act (FISMA). The OIG contracted with an independent public accounting firm, CliftonLarsonAllen LLP (CLA), to evaluate VA’s information security program for FY 2023. After assessing 45 major applications and general support systems hosted at 23 VA facilities and on the VA Enterprise Cloud, CLA concluded that VA continues to face significant challenges meeting FISMA requirements.The audit found continuing significant deficiencies related to access, configuration management, and change management controls, as well as service continuity practices, all of which are designed to protect mission-critical systems from unauthorized access, alteration, or destruction. These deficiencies can be remedied by improving the deployment of security patches, system upgrades, and system configurations to mitigate significant security vulnerabilities and enforce a consistent process across all field offices; improving performance monitoring to ensure controls operate as intended at all facilities; communicating identified security deficiencies to mitigate significant risks; and addressing security-related issues that contributed to the information technology material weakness reported in the FY 2023 audit of VA’s consolidated financial statements.Of CLA’s 25 recommendations, VA concurred with 15 and non-concurred with 10; some of the 25 recommendations addressed repeat deficiencies from previous FISMA reports spanning multiple years. CLA will follow up on the outstanding recommendations and evaluate the adequacy of corrective actions in the FY 2024 audit of VA’s information security program.

Audit of National Security Loan Program Recipient – MapLarge, Inc.