Federal Reports

Under the Infrastructure Law, the Department of Energy’s Office of Fossil Energy and Carbon Management is to receive $2.1 billion to implement the new Carbon Dioxide Transportation Infrastructure Finance and Innovation Program, which can be distributed through loans, loan guarantees, or grants. To carry out this new program, the Department entered into a Memorandum of Understanding with the Loan Programs Office (LPO) to administer the funding based on its experience in evaluating financing for large-scale energy infrastructure projects and issuing Government loans and loan guarantees. In addition to the impending Infrastructure Law funding, the LPO currently administers three distinct loan programs with more than $40 billion in loan and loan guarantee authority, as well as manages a portfolio comprising of more than $30 billion of loans, loan guarantees, and conditional commitments.The Office of Inspector General has identified prior reports from six audits, two inspections, and numerous investigations regarding the LPO. Additionally, we identified several Government Accountability Office reports related to the LPO. Based on our review of this body of work, we identified four major risk areas that warrant immediate attention and consideration from Department leadership to prevent similar problems from recurring. Specifically, this includes: insufficient federal staffing; inadequate policies, procedures, and internal controls; lack of accountability and transparency; and potential conflicts of interest and undue influence.As part of this effort, we discussed the risk areas highlighted above with LPO officials. According to LPO officials, actions have been taken or were underway to address the risk areas. For example, officials asserted that the number of staff has significantly increased in recent years and additional positions are being actively pursued to ensure sufficient staffing exists to meet program needs. In addition, officials indicated that enhanced policies and procedures are in place that address previously identified weaknesses. These policies include more stringent documentation requirements and require the LPO to conduct an annual assessment of internal controls to validate their effectiveness. Further, LPO officials noted that administrative remedies would be considered and pursued as necessary as the program moves forward with new loans and loan guarantees.While LPO officials asserted that actions have been taken or were underway to address the risk areas, we did not perform test work to determine whether the actions will be fully effective to correct previously identified weaknesses. As such, we have identified several prospective considerations to help prevent fraud, waste, and abuse as the Department moves forward with financing projects funded through the Infrastructure Law and existing loan authorities. As a top priority, we suggest that the LPO undertake proper staffing, and develop comprehensive policies, procedures, and internal controls to ensure the Government and taxpayers are adequately protected.

As part of the Veterans Health Administration’s (VHA) suicide prevention strategy, suicide prevention coordinators at VA medical facilities are required to reach out to veterans referred from the Veterans Crisis Line. Coordinators provide access to assessment, intervention, and effective care; encourage veterans to seek care, benefits, or services with the VA system or in the community; and follow up to connect veterans with appropriate care and services after the call. VHA’s Office of Mental Health and Suicide Prevention is responsible for issuing policy and guidance for managing crisis line referrals. The VA Office of Inspector General (OIG) conducted this review to evaluate whether coordinators properly managed crisis line referrals to ensure at-risk veterans were reached.The OIG found that coordinators mistakenly closed some veteran referrals because coordinators lacked the proper training, guidance, and oversight necessary to maximize chances of reaching at-risk veterans referred by the crisis line. VHA lacked comprehensive performance metrics to assess coordinators’ management of crisis line referrals, and coordinators lacked clear guidance on how to manage crisis line referrals. Until VHA provides appropriate training, issues adequate guidance, and improves performance metrics, coordinators could miss opportunities to reach and assist at-risk veterans.The OIG made five recommendations to the under secretary for health that include improving data integrity, training coordinators on using patient outcome codes, developing additional guidance, monitoring compliance with requirements to space calls over three days, and evaluating program data for additional opportunities to improve services for referred veterans.

The Federal Information Security Modernization Act of 2014 requires the Office of Inspector General to conduct an annual independent evaluation to determine whether the Department of Energy’s unclassified cybersecurity program adequately protected its data and information systems during the fiscal year. As part of that evaluation, the Office of Inspector General is required to assess the Department’s cybersecurity program according to Federal Information Security Modernization Act of 2014 security metrics issued by the Department of Homeland Security, the Office of Management and Budget, and the Council of the Inspectors General on Integrity and Efficiency.We conducted this evaluation to determine whether the Department’s unclassified cybersecurity program adequately protects data and information systems.Our fiscal year 2021 evaluation determined that the Department, including the National Nuclear Security Administration, had taken actions to address many previously identified weaknesses related to its unclassified cybersecurity program. Weaknesses included areas related to: risk management, supply chain risk management, configuration management, identity and access management, data protection and privacy, security training, information security continuous monitoring, incident response, and contingency planning. Many of the deficiencies were similar in type to those identified in our prior evaluations.The identified weaknesses in the Department’s unclassified cybersecurity program occurred for a variety of reasons. For instance, weaknesses related to configuration management, information security continuous monitoring, and contingency planning generally occurred because of deficiencies in related processes and procedures. In addition, some of the identity and access management issues we identified occurred because officials were unaware of current account management requirements. To correct the cybersecurity weaknesses identified throughout the Department, we made 61 recommendations to programs and sites during fiscal year 2021 including those identified during this evaluation and in other issued reports. Corrective actions to address each of the recommendations, if fully implemented, should help to enhance the Department’s unclassified cybersecurity program. Management concurred with the recommendations issued to programs and sites related to improving the Department’s overall cybersecurity program.