Federal Reports

The OIG determined that the current cybersecurity program guidance lacks clarity; expectations for maintaining training qualifications are not well-defined; the cybersecurity inspection process contains redundant and time-consuming tasks; and NRC staff members did not always accurately report their time spent on cybersecurity inspection-related activities.  The OIG makes 9 recommendations to enhance the effectiveness, consistency, and efficiency of the NRC’s cybersecurity inspection program. 

The VA Office of Inspector General (OIG) initiated a healthcare inspection on September 2, 2025, in response to anonymous allegations received regarding the integrity of the peer review process at the VA Caribbean Healthcare System (facility) in San Juan, Puerto Rico. The OIG conducted an unannounced site visit from December 2–4, 2025, followed by virtual interviews through January 21, 2026.

The OIG determined the facility met Veterans Health Administration (VHA) Directive 1190(1), Peer Review for Quality Management, requirements for peer review process management including alignment with committee structure, documentation of initial and final levels of care, recommendations for education and quality improvement, and required quarterly reporting to the clinical executive committee. The OIG found that peer review committee members assigned final levels of care based on a majority vote. Additionally, peer review committee members described having discussions to forget the patient outcome and focus on the episode of care under review in an effort to avoid hindsight or outcome bias. However, the OIG identified that the peer review committee made decisions regarding completing institutional disclosures, which is not part of the committee’s quality management process, that should have been made by facility leaders. The OIG made one recommendation to the Facility Director to address this issue. The Facility Director provided an action plan to ensure all discussion related to the disclosure of adverse events is removed from Peer Review Committee proceedings.

This report presents the results of our work conducted to address the performance audit objective related to the United States Consumer Product Safety Commission’s (CPSC) compliance with the requirements contained in the Payment Integrity Information Act of 2019 (PIIA) for the fiscal year ended September 30, 2025.

We performed an audit of the Tennessee Valley Authority’s (TVA) Contract No. 15387 with a company to provide a broad range of engineering, design, and construction management support when and as requested by TVA.  The objective of our audit was to determine if the costs billed to TVA were in accordance with the contract’s terms.  Our audit scope included approximately $33.2 million in costs billed to TVA between January 1, 2024, and March 31, 2025. 

In summary, we determined the company overbilled TVA an estimated $33,595, including (1) 14,079 in unsupported and overbilled travel and temporary living allowance costs, (2) $13,764 in invoice and payment errors, (3) a net $3,632 in performance fee credits, and (4) $2,120 in labor costs.  In addition, we identified opportunities for TVA to improve the administration of the contract.  Specifically, (1) the contract was unclear on how the company was to bill temporary employees it received from staffing agencies and (2) TVA did not evaluate fee for all tasks greater than $50,000, as required by the contract.   

We assessed public housing agencies’ (PHA) management of the occupancy of public housing units.  Our audit objective was to (1) assess the occupancy of public housing units, and (2) determine whether HUD had adequate oversight of PHAs’ occupancy, particularly PHAs’ management of vacant units.
 

We found PHAs had occupancy rates below HUD’s optimal level or a high number of long-term vacant units.  Further, although HUD monitors PHAs’ occupancy rates, it does not require very small PHAs or all PHAs with a high number of long-term vacant units take action to address vacancies.

These conditions occurred because PHAs experienced delays in turning over vacant units, especially units that required extensive repairs, due to (1) a lack of financial and staffing resources, including contractors, (2) inadequate processes or management oversight, and (3) holding vacant units offline to relocate tenants from units or buildings that were being repaired, renovated, demolished, or converted under HUD’s Rental Assistance Demonstration Program (RAD).  Additionally, some PHAs’ units were vacant because they were uninhabitable due to fires, natural disasters, or deterioration.  Further, HUD’s current risk mitigation action plan requires HUD staff to execute occupancy action plans for only PHAs with occupancy rates below 90 percent and 50 or more vacant units.  

As a result, PHAs were not consistently maximizing occupancy, resulting in fewer eligible families benefiting from affordable housing.  In addition, the PHAs that we reviewed lost the opportunity to receive operating subsidies and earn rental revenue for vacant units, totaling nearly $80 million in 2024 and more than $106 million in 2025.
 

We recommend that HUD’s Deputy Assistant Secretary for Field Operations (1) revise its Risk Mitigation Action Plan to include risk indicators to target PHAs with long-term vacant units and assess PHAs’ unit turnover timeliness; and (2) include a review of the physical condition of PHAs’ vacant units and turnovers as part of its field office staff’s monitoring activities.  We also recommend that HUD require PHAs to implement adequate procedures and controls over vacant units to help ensure that potential rent revenue and operating subsidies are not lost on vacant units and evaluate the physical condition of long-term vacant units and develop a plan to address the units, as appropriate.