Federal Reports

What We Looked AtWe performed a quality control review (QCR) on the single audit that FORVIS, LLP performed for the Indianapolis Airport Authority’s (IAA) fiscal year that ended December 31, 2021. During this period, IAA expended approximately $48.5 million from a U.S. Department of Transportation (DOT) grant program, the Federal Aviation Administration’s Airport Improvement Program, which FORVIS determined was a major program. Our QCR objectives were to determine (1) whether the audit work complied with the Single Audit Act of 1984, as amended, and the Office of Management and Budget’s Uniform Guidance, and the extent to which we could rely on the auditors’ work on DOT’s major program; and (2) whether IAA’s reporting package complied with the reporting requirements of the Uniform Guidance. What We FoundIn our QCR, we determined that FORVIS’ audit work complied with the requirements of the Single Audit Act, the Uniform Guidance, and DOT’s major program. We found nothing to indicate that FORVIS’s opinion on DOT’s major program was inappropriate or unreliable. In addition, we did not identify deficiencies in IAA’s reporting package that required correction and resubmission.

We found the DOI can improve its oversight of tasers to reduce the risk of injury to the public and law enforcement officers.

Our objective was to determine the adequacy of National Institute of Standards and Technology's (NIST’s) oversight of MEP to ensure requirements are met. We found that NIST’s inadequate oversight of Hollings Manufacturing Extension Partnership has led to inefficient use of financial resources and concerns that recipients did not comply with key award terms. Specifically, we found NIST did notrequire Centers to use unexpended program income (UPI) during the award period and allowed Centers to retain substantial amounts of UPI from federal financial assistance awards; review executive salaries for reasonableness, resulting in Center executives receiving considerable salaries in excess of limits used by other federal agencies; andaddress potential conflicts of interest amongst recipients.

Our audit objective was to identify SWFO program challenges that may affect cost, schedule, or overall mission performance and assess the extent to which NOAA is addressing them. To satisfy our objective, we reviewed the SWFO program acquisition strategy, identified challenges in key program milestone activities, assessed program control activities, and analyzed selected issues and risks. We found that NOAA needs to ensure that SWFO-L1 has launch contingency options commensurate with its role as a critical, high-profile mission and that the SWFO program should improve its lessons learned processes and contract surveillance oversight. We also found that NOAA should update its space weather observation requirements in accordance with its validation criteria.

This audit report found that the FCC security programs were ineffective in seven of the nine metric domains. The contractor’s assessment of the overall maturity of each metric domain remained relatively consistent with the prior year. The Supply Chain Risk Management domain is the one metric domain that improved from the prior year. The FISMA evaluation report included eight findings with 21 recommendations intended to 2 improve the effectiveness of the FCC’s information security program controls. FCC management concurred with the findings.

The Office of Community Planning and Development (CPD) traditionally uses onsite monitoring to monitor its grantees. However, in response to the coronavirus disease 2019 pandemic, CPD shifted to 100 percent remote monitoring. Monitoring was momentarily paused in fiscal year (FY) 2020 and was reinstituted remotely in FY 2021.To support its remote monitoring approach, CPD launched the Grantee Document Exchange (GDX), an externally accessible portal application that allows grantees and CPD to securely share documents during monitoring sessions. CPD trained its employees on the remote monitoring process, including on GDX. In a survey that we conducted on CPD employees’ experiences using remote monitoring, most CPD employees reported that the guidance, mentoring, or technical support prepared them well to monitor remotely. CPD’s Office of Field Management (OFM) delegated the responsibility of training grantees on remote monitoring to their respective field offices. Additionally, OFM issued materials with instructions to grantees on how to use GDX. Overall, most CPD employees found remote monitoring to be somewhat or very effective in achieving CPD’s monitoring objective. However, CPD employees faced challenges and limitations with remote monitoring related to safeguarding personally identifiable information, the duration of remote monitoring sessions, and the ability to verify physical assets effectively.Going forward, CPD has opportunities to use remote monitoring judiciously and provide its employees with additional guidance on how to use remote monitoring to further its monitoring objectives. In CPD’s formal comments, CPD indicated that it had begun taking action in this direction.