Federal Reports

The VA Office of Inspector General (OIG) contracted with the independent public accounting firm CliftonLarsonAllen LLP (CLA) to provide consulting services related to the deployment of VA’s new general ledger system known as the Integrated Financial and Acquisition Management System (iFAMS) and potential risks to the auditability of future VA financial statements. CLA did not perform an audit of iFAMS, and this engagement was not a financial statement audit. CLA expressed neither an opinion nor a conclusion on the effectiveness of VA’s controls over any part of its financial statements or the internal controls of iFAMS. However, CLA’s observations include that VA has not adequately described how the roles and responsibilities of two contractors relate to VA management’s control objectives; has not documented procedures describing controls to ensure the completeness and accuracy of financial data transmitted from iFAMS to the Management Information Exchange (MinX) system, an application used to consolidate general ledger activities from the Financial Management System and iFAMS for external financial reporting; is not periodically reconciling various reports to the iFAMS general ledger; has not prepared a risk assessment of financial statement auditability focusing on the iFAMS implementation; and continues to rely on lump sum adjustments by financial personnel as an interim fix to correct balances in iFAMS. The OIG generally releases a management advisory memorandum to provide information on matters of concern that the OIG has gathered as part of its oversight mission. In this instance, the consulting engagement resulted in information that OIG leaders felt should be brought to VA’s attention. The OIG will use the information gained from this engagement when planning future audits of VA’s financial statements.

This Office of Inspector General Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the inpatient and outpatient care provided at the VA Greater Los Angeles Healthcare System, which includes the West Los Angeles VA Medical Center and multiple outpatient clinics throughout California. This evaluation focused on five key operational areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (focusing on emergency department and urgent care center suicide prevention initiatives)The OIG issued nine recommendations for improvement in three areas:1. Quality, Safety, and Value• Peer review improvement actions• Patient safety event root cause analysis2. Medical Staff Privileging• Focused Professional Practice Evaluation time frames• Ongoing Professional Practice Evaluation service-specific criteria• Privileging request recommendations in Medical Executive Council meeting minutes3. Environment of Care• Inspecting, testing, and maintaining medical equipment• Maintaining equipment and furnishings and keeping patient care areas clean and safe• Using breathable shower curtains in mental health inpatient unit bathrooms• Recording and accessing video or audio monitoring equipment

Objective: To determine whether the Social Security Administration issued payments to beneficiaries who were deceased according to Oregon records.

Components within the Department of Homeland Security protect High Value Asset (HVA) systems with security and privacy controls designed to keep sensitive information safe. We determined that U.S. Customs and Border Protection (CBP) implemented most security and privacy controls tested for the selected HVA system, in compliance with applicable Federal and DHS requirements.

As a streamlined way to reduce interest rates on VA-guaranteed mortgages, interest rate reduction refinance loans (IRRRLs) are popular with veterans, especially when interest rates are low. In fiscal year (FY) 2020, VA reported a 598 percent increase in the number of these loans from the previous year—from 94,861 to 662,065, with IRRRLs totaling about $199 billion.Given the considerable increase in the use of IRRRLs and the large number of borrowers at risk for overcharges, the VA Office of Inspector General (OIG) conducted this audit to determine whether oversight of IRRRLs by the Veterans Benefits Administration’s (VBA) Loan Guaranty Service (LGY) ensures veterans are protected from unfavorable refinancing and unallowable or unreasonable refinance charges.The OIG found VBA made meaningful improvements in May 2020 regarding borrowers’ fee recoupment (recovering closing costs within three years), net tangible benefit (an interest rate reduction of at least one-half percent), and protections against serial refinances. However, some FY 2020 borrowers were still potentially overcharged through unsupported, unallowable, or unreasonable closing costs. Estimates totaled roughly $3 million for approximately 18,400 borrowers based on the FY 2020 audit sample. Also, borrowers did not always receive the loan comparison documents they needed to make informed decisions about whether to refinance. The OIG estimated that lenders did not provide the required statements at the time of application for at least 3 percent of the IRRRLs in FY 2020. This omission may have affected some 2,900 borrowers. LGY also lacked controls and sufficiently detailed guidance to fully perform loan oversight and quality assurance.Despite differences in some legal interpretations, VBA concurred with the OIG’s nine recommendations to strengthen LGY controls and quality assurance policies and procedures that would more effectively protect borrowers from unfavorable IRRRLs and guarantee loans that comply with program requirements.

What We Looked AtThis report presents the results of our quality control review (QCR) of an attestation examination of the Department of Transportation’s (DOT) Enterprise Services Center (ESC) controls. ESC provides financial management services to DOT and other agencies and operates under the direction of DOT’s Chief Financial Officer. The Office of Management and Budget requires ESC, as a service organization, to either provide its user organizations with independent audit reports on the design and effectiveness of its internal controls or allow user auditors to perform tests of its controls. We contracted with KPMG LLP to conduct this examination subject to our oversight. The objectives of the review were to determine whether (1) management’s description of ESC’s systems is fairly presented, (2) ESC’s controls are suitably designed, and (3) ESC’s controls are operating effectively throughout the period of October 1, 2022, through June 30, 2023. We performed a QCR on KPMG’s report and related documentation. What We FoundOur QCR disclosed no instances in which KPMG did not comply, in all material respects, with generally accepted Government auditing standards. Our RecommendationsKPMG made no recommendations. We are publicly releasing a summary of the report rather than the full report itself because the Federal Information Security Management Act of 2002 (FISMA), as amended, requires OIGs to take appropriate steps to ensure the protection of information that, if disclosed, may adversely affect information security.1144 U.S.C. § 3555(f)