Federal Reports

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements.

Why We Did This ReportThe U.S. Environmental Protection Agency Office of Inspector General conducted this audit to assess the U.S. Chemical Safety and Hazard Investigation Board’s compliance with the FY 2023–2024 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics. We contracted with SB & Company LLC to perform this audit under our direction and oversight. Summary of FindingsSB & Company concluded that the CSB achieved an overall maturity of Level 2, Defined, in fiscal year 2023. This means that the CSB’s policies, procedures, and strategies are formalized and documented but not consistently implemented. While the CSB has improved its overall maturity from the Level 1, Ad Hoc, rating it achieved in fiscal year 2022, SB & Company identified that improvements are still needed in the Incident Response domain within the Respond Function Area. Specifically, SB & Company concluded that the CSB should formally document the results of and the lessons learned during its disaster recovery testing scenarios. Because the CSB only has an informal process for documenting testing results and lessons learned, it did not fully document the results of its disaster recovery testing in a manner that was consistent with the National Institute of Standards and Technology guidelines.

The Office of the Inspector General performed an audit to determine if TVA’s security controls were appropriately configured to protect corporate Wi-Fi networks. Our scope was limited to Wi-Fi networks maintained by TVA’s Technology and Innovation organization. We determined TVA’s security controls related to overall architecture design and implementation were generally configured appropriately to protect corporate Wi Fi networks. However, we identified several areas that should be addressed to further improve the security of corporate Wi-Fi networks. Specifically, we identified:• Internal controls for specific types of attacks were ineffective.• Wireless software and hardware were unsupported by the manufacturer.• Data in transit (electronic transmission of information) was not properly secured.• Primary accounts improperly provided privileged user access.• Service account usage was not in accordance with TVA policy.• Baseline configuration management process was not designed or implemented properly.TVA management agreed with our recommendations.

The VA Office of Inspector General (OIG) conducted a review to evaluate (1) VHA and medical center leaders’ awareness and incorporation of social determinants of health (SDOH) and health-related social needs (HRSN) into inpatient medical unit discharge assessments, planning, policies, and templates; and (2) VHA’s efforts to address SDOH/HRSN with tools and community resources. The OIG determined there were no national policies or procedures that integrated SDOH/HRSN into discharge assessment and planning. Although the OIG found three national reference documents incorporating SDOH/HRSN, these documents were not considered formal guidance and were largely unknown to leaders responsible for discharge assessment and planning within inpatient units. Most medical center staff developed their own discharge policies and procedures addressing SDOH/HRSN, according to an OIG survey. The OIG also identified national templates incorporating SDOH/HRSN for primary care social workers but no template for discharge planning within medical units. VHA leaders recognized the impact of incorporating SDOH/HRSN into a screening tool and launched the Assessing Circumstances and Offering Resources for Needs initiative. The templated screening expands VHA’s capability to collect and capture SDOH/HRSN data in the electronic health record. As of July 2023, only two medical centers used the tool within inpatient medical units. The VHA Office of Health Equity developed health mapping tools to assist staff in identifying and addressing health disparities within their communities; however, few medical center leaders reported using these tools. Almost half of the surveyed leaders did not participate in formal partnerships with community resources to address SDOH. The OIG made five recommendations to the Under Secretary for Health regarding the development of national policy on incorporating SDOH/HRSN into discharge assessment and planning, implementation of a standardized template, evaluation of barriers to assessing SDOH/HRSN at discharge, use of health equity tools, and establishment of community resource partnerships to address SDOH.