Federal Reports

During the week of August 11, 2025, we performed a self-initiated audit at the Santa Clarita Processing and Distribution Center (P&DC) and four delivery units serviced by the plant. The delivery units included the Chandler Station, Encino and Sherman Oaks Branches, and Woodland Hills Main Post Office in the Los Angeles, CA, area.

We issued individual reports for the four delivery units and P&DC. We also issued another report summarizing the results of our audits at all four delivery units with specific recommendations for management to address.

The VA Office of Inspector General (OIG) completed a desk review of the single audit reporting package for the United States Veterans Initiative and Subsidiaries (U.S. VETS) for the year that ended June 30, 2024. The OIG performed this desk review consistent with its duties and responsibilities under the Inspector General Act, as amended, 5 U.S.C. § 404, with the objective of determining whether the single audit reporting package complied with the reporting requirements of the Uniform Guidance. 

Based on the OIG team’s review, the rating for the reporting package is “pass with deficiencies"—meaning there are quality deficiencies that should be brought to the attention of the auditor (and auditee, when appropriate) for correction in future audits. The OIG does not express an opinion on the quality of the audit work performed or on the accuracy of the single audit reporting package. 

Namely, the OIG team found that the U.S. VETS’ Schedule of Expenditures of Federal and Non-Federal Awards did not fully comply with reporting requirements, because it did not provide totals by individual federal programs and the associated assistance listing numbers, as required.

The OIG is providing a copy of this memorandum to VA officials, federal agencies with direct expenditures listed on the Schedule of Expenditures of Federal and Non-Federal Awards, and Armanino LLP (the firm that conducted the single audit) to inform them of the results of this desk review.

Why We Did This Report

The Pesticide Registration Improvement Act of 2003 requires the U.S. Environmental Protection Agency Office of Inspector General to perform an annual audit of the financial statements for the Pesticide Registration Fund.
 

Summary of Findings

We rendered an unmodified opinion on the EPA’s fiscal years 2024 and 2023 Pesticide Registration Fund, also known as the Pesticide Registration Improvement Act Fund, financial statements. This means that the statements were fairly presented and free of material misstatement.

Beginning in 2021, the U.S. Department of Housing and Urban Development (HUD) Office of Inspector General (OIG) conducted several audits to assess HUD’s anti-fraud efforts and to develop inventories of fraud risks for several of its programs.  Our previous work found that HUD’s fraud risk management program was in its early stages of development and we recommended that HUD perform program-specific fraud risk assessments and incorporate these assessments into an agency-wide plan to further advance its program. To continue assisting HUD in improving its anti-fraud efforts, we conducted this work to identify potential fraud risks and schemes that could negatively impact HUD’s Single Family Housing program.  Our objective was to assist HUD by developing an inventory of fraud risks for its Single Family Housing program.

As part of a larger effort by the HUD Office of Housing Operational Risk Division that included developing fraud risk inventories for all components of the Office of Housing, HUD created a fraud risk inventory for the Single Family Housing program that identified 28 fraud risks or schemes and covered many aspects of the program including appraisal, application, origination, servicing, invoices, and claims.  We identified five overall fraud risk factors that increase the chance of fraud occurring in the program by increasing the incentive, opportunity, and likelihood for an individual considering committing fraud.  We used these fraud risk factors, along with the results of brainstorming sessions, interviews, and reviews of audit reports, investigations, and press releases from HUD OIG and other agencies, to develop an inventory of 64 potential fraud schemes that HUD had not previously identified.  These schemes could be used to defraud the Single Family Housing program and undermine its integrity, resulting in an increased risk to the FHA insurance fund, borrowers, and lenders.  

We recommend that the HUD Office of Single Family Housing (1) use the OIG’s fraud risk inventory included in this report to enhance its Single Family program-specific fraud risk inventory, (2) include lenders and servicers in the fraud risk identification process and communicate the risks and schemes identified for the Single Family Housing program to relevant stakeholders, and (3) incorporate data and system enhancements into its plans to improve HUD’s ability to monitor and respond to fraud risks in the Single Family Housing program.

The Integrated Financial and Acquisition Management System (iFAMS) is a comprehensive financial management system intended to replace multiple legacy systems and combine both acquisition and financial functions. iFAMS, as part of the system’s financial-related functionality, contains sensitive acquisition information like pricing and labor rates. This information must be protected. The VA OIG conducted this audit to determine whether iFAMS user access controls that are intended to limit account privileges are sufficient to safeguard VA data and comply with applicable laws, regulations, and guidance.

The OIG found access was not sufficiently limited as required for all 20 Technology Acquisition Center (TAC) users sampled. The team determined 91 percent of the 2,818 users with access to TAC data did not work for TAC but were requesting access to TAC information as of February 2025. Additionally, 78 percent of these users had roles that granted exceptionally broad access to sensitive acquisition information, presenting widespread risk of unnecessary access.

This risk occurred, in part, because iFAMS access controls were too broad. Additionally, quality reviews did not capture all access granted to a user. Finally, the electronic tool that is available for supervisors and information owners to routinely see user roles and accesses does not show all accesses the users have been granted.

Unnecessary access could compromise sensitive acquisition data in iFAMS. With every additional user who can access sensitive information, the risk of misuse increases. VA concurred with the OIG’s three recommendations to improve iFAMS access controls before the system is implemented further.