Federal Reports

As of June 30, 2022, there are 71 open recommendations (see Table 1 in the enclosed report), 10 of which were reported as implemented by management but remain open per OIG or Independent Public Accounting firm (IPA) determination; and none of the remaining 61 were considered "Overdue".

Our objective was to evaluate the effectiveness of DIA's overall information security program based on DIA's implementation of the Federal Information Security Modernization Act. We issued our results in a classified report on July 28, 2022.

Audit of NLRB IT Security for the FY 2022 FISMA submission

The Office of the Inspector General conducted an evaluation to determine if the Tennessee Valley Authority (TVA) was accurately calculating and reporting its capacity to meet energy demand. We made recommendations for TVA management to: (1) improve or create new processes to define how capacity should be calculated, used, and reported, internally and externally, (2) correct reporting errors identified and implement controls to prevent future recurrence, and (3) continue to evaluate the risk posed by TVA's current system position and take actions as necessary to address. TVA management agreed to implement our recommendations.(Summary Only)

From August 1953 through December 1987, the Agency for Toxic Substances and Disease Registry estimated one million individuals could have been exposed to contaminated drinking water at Camp Lejeune, a US military training facility. In March 2017, VA established a presumption of military service connection for eight illnesses related to veterans’ exposure to that contaminated water. The VA Office of Inspector General (OIG) conducted this review to determine whether Veterans Benefits Administration (VBA) staff followed regulations when processing and deciding claimed conditions potentially associated with contaminated water exposure at Camp Lejeune. Based on a statistical sample, the OIG estimated that of 57,500 Camp Lejeune-related claims for VA disability compensation benefits decided during the review period (March 14, 2017–March 31, 2021), VBA staff incorrectly processed 21,000. The two main errors were prematurely denying claims (17,200) by not sending required letters to veterans requesting evidence needed to document exposure and assigning incorrect effective dates for benefit entitlement (2,300 claims). Approximately 1,500 additional incorrectly processed claims involved technical or procedural errors. Premature denial of claims increased the risk that some veterans did not receive the benefits to which they were entitled, and veterans were underpaid at least $13.8 million in benefits over nearly four years because VA regional office staff did not assign the earliest effective date for benefits entitlement. The OIG found that errors were less likely to occur at the Louisville Regional Office, which processes most Camp Lejeune-related claims; staff from other VA regional offices lacked experience processing these claims. The OIG recommended that VBA centralize all Camp Lejeune-related claims processing at the Louisville Regional Office or implement a plan to mitigate the error rate disparity with other regional offices. VBA should also conduct targeted quality reviews of Camp Lejeune-related claims from all regional offices processing these claims.

For our final report on the audit of First Responder Network Authority’s (FirstNet Authority’s) process for developing Independent Government Cost Estimates (IGCEs) for its first two reinvestment task orders, our audit objective was to determine whether FirstNet Authority's process for reinvesting fee payments is effective and consistent with established practices, procedures, and regulations. We found that FirstNet Authority did not follow the U.S. Government Accountability Office's Cost Estimating and Assessment Guide when preparing and documenting IGCEs used to evaluate AT&T's proposals related to deployable and 5G task orders. Specifically, we found that FirstNet Authority did not: I. sufficiently document IGCEs; II. ensure that IGCEs reflected updates based on changed conditions; III. justify fair and reasonable pricing for additional requirements proposed by AT&T that were not included in the IGCEs; IV. address legal review concerns; and V. develop a cost estimating plan describing the steps for preparing an IGCE.

The U.S. Postal Service has one of the largest computer networks in the world, known as the [redacted] network, supporting its workforce and customers. The agency also has an extensive mail processing network critical to processing facilities nationwide. The Chief Information Officer oversees the Postal Service’s Information Technology organization. Two groups in this office are Network and Compute Technology (Telecom) and the Corporate Information Security Office (CISO). Telecom manages the network infrastructure and CISO protects and defends the network. To procure cybersecurity tools, CISO works closely with Supply Management, which is responsible for procuring goods and services for the Postal Service.

Interim Body Worn Camera Policy