Federal Reports

Our audit objective was to identify SWFO program challenges that may affect cost, schedule, or overall mission performance and assess the extent to which NOAA is addressing them. To satisfy our objective, we reviewed the SWFO program acquisition strategy, identified challenges in key program milestone activities, assessed program control activities, and analyzed selected issues and risks. We found that NOAA needs to ensure that SWFO-L1 has launch contingency options commensurate with its role as a critical, high-profile mission and that the SWFO program should improve its lessons learned processes and contract surveillance oversight. We also found that NOAA should update its space weather observation requirements in accordance with its validation criteria.

This audit report found that the FCC security programs were ineffective in seven of the nine metric domains. The contractor’s assessment of the overall maturity of each metric domain remained relatively consistent with the prior year. The Supply Chain Risk Management domain is the one metric domain that improved from the prior year. The FISMA evaluation report included eight findings with 21 recommendations intended to 2 improve the effectiveness of the FCC’s information security program controls. FCC management concurred with the findings.

The Office of Community Planning and Development (CPD) traditionally uses onsite monitoring to monitor its grantees. However, in response to the coronavirus disease 2019 pandemic, CPD shifted to 100 percent remote monitoring. Monitoring was momentarily paused in fiscal year (FY) 2020 and was reinstituted remotely in FY 2021.To support its remote monitoring approach, CPD launched the Grantee Document Exchange (GDX), an externally accessible portal application that allows grantees and CPD to securely share documents during monitoring sessions. CPD trained its employees on the remote monitoring process, including on GDX. In a survey that we conducted on CPD employees’ experiences using remote monitoring, most CPD employees reported that the guidance, mentoring, or technical support prepared them well to monitor remotely. CPD’s Office of Field Management (OFM) delegated the responsibility of training grantees on remote monitoring to their respective field offices. Additionally, OFM issued materials with instructions to grantees on how to use GDX. Overall, most CPD employees found remote monitoring to be somewhat or very effective in achieving CPD’s monitoring objective. However, CPD employees faced challenges and limitations with remote monitoring related to safeguarding personally identifiable information, the duration of remote monitoring sessions, and the ability to verify physical assets effectively.Going forward, CPD has opportunities to use remote monitoring judiciously and provide its employees with additional guidance on how to use remote monitoring to further its monitoring objectives. In CPD’s formal comments, CPD indicated that it had begun taking action in this direction.

EAC OIG audited EAC’s testing and certification program. The Help America Vote Act established requirements for EAC to provide for the “testing, certification, decertification, and recertification of voting system hardware and software by accredited laboratories.”

The United States International Trade Commission (USITC) OIG conducted the review in accordance with Government Auditing Standards and the Council of the Inspectors General on Integrity and Efficiency (CIGIE) Guide for Conducting Peer Reviews of Audit Organizations of Federal Offices of Inspector General. The purpose of the modified peer review is to ensure that a system of quality controls relating to the performance of audits is in place and operating effectively. The USITC OIG concluded that the FEC OIG audit policies and procedures are current and consistent with applicable professional auditing standards.

While direct weapon products at Purchased Product Value Stream had the validity of their certificates of conformance (CoCs) verified through independent testing, indirect weapon products at Purchased Product Value Stream used in the production of nuclear weapons, such as commercial off-the-shelf products, did not always have their suppliers’ CoCs independently verified. The suppliers’ CoCs were not always independently verified because Sandia National Laboratories (SNL) used a graded approach, which is allowed in National Nuclear Security Administration (NNSA) Policy (NAP) 401.1.§ 2.1, and the unverified products were deemed low risk. Per NNSA, subject matter experts from the Weapons Quality Division reviewed the rationale for the products not tested and found no issues with SNL’s approach. However, due to ambiguous language in NAP 401.1, we could not independently verify that NAP was followed. NNSA acknowledged that these sections of NAP 401.1 are an area of ambiguity across the complex.In addition, we also found that while SNL’s Microsystems Engineering, Science, & Applications (MESA) facility could demonstrate that the procured weapon products tested had their CoCs independently verified, our assurance was limited only to the suppliers tested because of the lack of a complete and accurate population. Specifically, SNL’s MESA facility did not require procured weapon products to be tracked as Mark Quality, nor formally identify the material as direct or indirect. As a result, we were unable to obtain reasonable assurance that the population of procured weapon products provided by MESA was complete and accurate for testing.