Federal Reports

The Office of the Inspector General (OIG), Inspections Division, reviewed the effectiveness and efficiency of the U.S. Government Publishing Office’s (GPO) Privacy Program and its management of personally identifiable information (PII).

Our objective was to assess the U.S. Department of Education’s (Department) progress at improving the maturity of its security program and practices as required by the Federal Information Security Modernization Act of 2014 (FISMA).We made 77 recommendations to improve the Department's cybersecurity posture in our FYs 2019, 2020, and 2021 reports. At the start of our fieldwork, there were 29 closed and 48 open recommendations. In FY 2022, we reviewed 38 open recommendations and found the Department took action to close 28 recommendations, with 10 remaining open. Additionally, there were another 10 open recommendations that were scheduled for implementation after the close of our fieldwork.At the completion of our FY 2022 inspection, out of 77 recommendations, 57 were closed and 20 remained open.To answer this objective, we rated the Department’s performance in accordance with OMB’s guidance on the 20 metric areas required for FY 2022. These metrics represent 20 of the 66 metrics that were used to assess the Department’s effectiveness for FY 2021. In September 2020, revision 5 of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations was issued. Usually, a 1-year period is allowed for implementation of the new requirements. With the removal of 46 metric questions, for FY 2022, we were not able to test if the Department implemented these new requirements for these questions.

This report presents a summary of the results of our self-initiated audits assessing mail delivery, customer service, and property conditions at four select delivery units in the Seattle, WA, region. These delivery units included the Parkland Branch in Tacoma, Kent Main Post Office (MPO) in Kent, Renton MPO in Renton, and Lacey Branch in Lacey. We judgmentally selected these delivery units based on the number of customer inquiries per route the unit received and Stop-the-Clock (STC) scans occurring at the delivery unit. We previously issued interim reports to district management for each of these units regarding the conditions we identified. In addition, we issued a report on the efficiency of operations at the Seattle Processing and Distribution Center (P&DC), which services these four delivery units.

In a March 2021 review, the VA OIG identified several cases in which Veterans Benefits Administration (VBA) employees in Chicago, Illinois, improperly created debts in veterans’ accounts when reducing disability levels. The OIG conducted this review to determine the magnitude of the problem nationwide.The OIG found instances in which VBA employees retroactively reduced disability levels and erroneously created debts without always informing veterans. Based on the review of a statistical sample, the review team estimated errors incorrectly created debts totaling about $13.4 million.Errors included inappropriately reducing disability levels retroactively, creating debts when overpayments should have been eliminated because they were due to VBA’s own administrative errors, and failing to provide veterans with notice and due process for these actions.About $4.6 million of the estimated $13.4 million in erroneous debts had been collected from veterans as of February 2021. Some veterans were not given an opportunity to dispute the debts or request waivers and were likely unaware they did not receive all their benefits. Some veterans were told overpayments for administrative errors would not be collected but the debt was still created. About $6.9 million in debt was pending, and about $1.8 million was corrected before collection.Errors generally occurred because VBA’s electronic system did not show employees each time a debt was created. Consequently, they may not have been aware they had even created the debts.VA management concurred with the four recommendations, including to certify correction of OIG-identified errors. VBA should review all compensation awards completed since January 1, 2020, with debts associated with reduced disability levels and take appropriate action. VBA should also update its electronic system to alert employees to when their actions create a debt, and then assess the effectiveness of recommendation responses and the need for additional measures.