Federal Reports

OIG contracted an Independent Public Accounting firm to review the Rural Utilities Service’s process for evaluating and prioritizing the level of service provided for its broadband program, as well as how the current mapping software addresses previously identified programming errors.

U.S. Customs and Border Protection (CBP) conducts minimal secondary inspections on passengers and crew disembarking cruise ships to prevent illicit drugs and contraband from entering the United States.  As a result, CBP may be missing opportunities to interdict these items, which could adversely affect public health and safety. 

We examined two of six pillars identified in the April 2022 DHS Plan for Southwest Border Security and Preparedness aimed at preparing for anticipated increases in migration after the end of Title 42, which prohibited introduction into the United States of certain people from foreign countries traveling from Canada or Mexico, regardless of their countries of origin.  We found that the Department of Homeland Security generally implemented the two pillars we reviewed, which focused on surging resources to the Southwest border and increasing efficiencies for migrant processing.   • DHS and U.S. Customs and Border Protection (CBP) increased personnel resources through CBP agent and officer details, support from DHS components and Federal partners, contract support, and the DHS Volunteer Force.   • DHS also expanded ground and air transportation capacity through agreements and contracts, and CBP increased its holding capacity through expanded or new soft-sided facilities.   • CBP developed a medical support plan and added contract medical support personnel.  To expedite the movement of aliens out of CBP custody, DHS co-located personnel, tested new technology, and streamlined and digitized alien processing. We found the Department can prepare more efficiently and effectively for future alien surges.  Although DHS and CBP preparations helped CBP generally meet detention standards, during our on-site inspections we found that two sectors experienced overcrowding in single adult male holding rooms.  Although not specified in the DHS plan, CBP did not consistently use the designated system to manage resource requests, which resulted in unfulfilled requests.   Data Access: CBP denied us access to CBP One, Unified Secondary, and e3.  CBP instead provided data extracts, which limited OIG’s ability to perform comprehensive assessments and delayed the review. 

Report on the Performance Audit over High-Cost Universal Broadband (HUBB) Portal Data

Our Objective(s)
To evaluate the Federal Aviation Administration's (FAA) (1) policies and procedures for the International Aviation Safety Assessment (IASA) program and (2) ability to monitor foreign civil aviation authorities (CAAs) for potential safety concerns.

Why This Audit
In 2022, FAA announced changes intended to better mitigate international civil aviation risks, strengthen international relationships with CAAs, and improve effectiveness in executing the IASA process. While the changes were suspended in 2024, a new set of revisions was proposed. It remains uncertain how the Agency's proposed changes will impact the program's ability to evaluate and monitor foreign CAAs' compliance with ICAO standards.

What We Found
The IASA program's execution is hindered by inadequate milestones, lack of documentation, and fluctuating policy and guidance.
FAA's assessment times have increased overall for higher-risk CAAs, and the Agency does not have completion goals for tracking assessments, which may prevent it from promptly addressing safety issues.
In 2022, FAA issued a policy statement intended to enhance the IASA program. However, the Agency suspended it in 2024, issued a new policy statement, and requested comments on the proposed changes. These comments have not yet been finalized as of April 2025.
FAA does not consistently maintain documentation for its assessments and some in-country evaluation checklists are outdated, causing disagreements between officials and delayed assessment times.

FAA monitors CAAs for safety concerns but competing priorities and limited resources restrict the number of IASA reassessments.
In 2023, FAA updated and improved its Risk Assessment Tool-originally developed in 2006-which the Agency uses to determine which CAAs should be reassessed.
FAA is not always able to conduct recommended CAA reassessments timely, and sometimes the Agency does not conduct these reassessments at all.

Recommendations
We made 7 recommendations to improve FAA's administration of the IASA program.

Our Objective(s)
To perform a quality control review (QCR) of Sikich's fiscal year 2025 audit of the effectiveness of the Department of Transportation's (DOT) information security program and practices.

Why This Audit
The Federal Information Security Modernization Act of 2014 requires agencies to develop, implement, and document agencywide information security programs and practices. The Act also requires inspectors general to conduct annual reviews to determine the effectiveness of their agencies' information security programs and report their review results to the Office of Management and Budget. To meet this requirement, we contracted with Sikich to conduct this audit subject to our oversight. We performed a QCR of Sikich's report and related documentation.

What We Found
The independent auditor, Sikich, found that DOT's information security program and practices were not effective and made seven recommendations to improve DOT's information security program.
Establish and implement guidance for performing Cybersecurity Framework 2.0 activities through policies and procedures, including the development of current and target cybersecurity profiles which consider anticipated changes in DOT's cybersecurity posture.
Define and implement policies and procedures that utilize standard data elements and taxonomy to develop and maintain an up-to-date inventory of all software assets and associated licenses, including Executive Order critical software.
Document policies and procedures for developing and maintaining a comprehensive and accurate inventory of data and the corresponding metadata for DOT's data types.
Create and maintain a comprehensive inventory of data and corresponding metadata.
Work with Federal Aviation Administration (FAA) Chief Information Officer (CIO) to secure a reliable funding stream for continuous vetting.
Work with FAA CIO to initiate and complete the background investigation of FAA employees in public trust positions.
Work with FAA CIO to enroll FAA employees into continuous vetting through Trusted Workforce.

Our QCR disclosed no instances in which Sikich did not comply, in all material respects, with generally accepted Government auditing standards.

Recommendations
DOT concurs with Sikich's seven recommendations.