Federal Reports

The VA Office of Inspector General (OIG) evaluated the merits of a May 2021 hotline complaint alleging that the Veterans Benefits Administration (VBA) disregarded privacy procedures so it could more quickly use a workload tracking system without receiving the appropriate security authorization. The Mission Accountability Support Tracker (MAST) helps quantify the work VBA’s support services staff perform in response to employee requests for facility, equipment, and vehicle management; reasonable accommodation; and identification card issuance and renewal. Because staff use personally identifiable information (PII) in their work, the information could be compromised in an unauthorized, unsecure application.The complaint also alleged that VBA knew that MAST did not have an approved privacy threshold analysis or privacy impact assessment, yet trained staff on using the system and knowingly “loaded” PII into the application. The privacy threshold analysis and privacy impact assessment mitigate the risk of unauthorized access and subsequent data misuse, changes, loss, or disclosure. The assessments also help ensure that systems or applications have security controls that are appropriate for the sensitivity of the information stored.The OIG found that VBA and the Office of Information and Technology (OIT) did not correctly follow privacy and security procedures. VBA’s privacy threshold analysis was inaccurate, and OIT did not conduct a privacy impact assessment. OIT’s misclassification of MAST as an asset resulted in insufficient security controls. Further, VBA lacked the authority to operate MAST before using it in regional offices.The OIG made four recommendations to ensure future information technology projects follow an approved management process and that VBA provides sufficient guidance to staff to ensure MAST is used as intended while keeping the PII of VA employees and contractors safe and secure.

This report presents a summary of the results of our self-initiated audits assessing mail delivery, customer service, and property conditions at three select delivery units in the Indianapolis, IN region (Project Number 22-091). These delivery units were the Plainfield Main Post Office (MPO) in Plainfield, the Carmel MPO in Carmel, and Linwood Station in Indianapolis. We previously issued interim reports to district management for each of these units regarding the conditions we identified. In addition, we issued a report on the efficiency of operations at the Indianapolis Processing and Distribution Center (P&DC), which services these three delivery units.All three delivery units are in the Indiana District of the Central Area and have a combined total of 66 city routes and 44 rural routes. Staffing at the delivery units during our audits included 69 full-time city carriers, 19 city carrier assistants, 45 full-time rural carriers, 23 rural replacement carriers, 24 full-time clerks, and five postal support employees (see Table 1).