Federal Reports

The OCFO cannot provide reasonable assurance that crosscutting risks are identified and mitigated and that Agency resources are directed to the most critical strategic needs.

The U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG), completed an audit to determine whether FHA-insured borrowers properly received the COVID-19-related forbearance.  The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), signed into law on March 27, 2020, provided a mortgage payment forbearance option for all borrowers who suffered a financial hardship due to the COVID-19 national emergency.We found that at least one-third of the nearly 335,000 borrowers who were delinquent on their FHA-insured loans and not on forbearance in November 2020, were either not informed or misinformed about the COVID-19 forbearance.  As a result, these borrowers experiencing a hardship due to COVID-19 did not benefit from the COVID-19 forbearance.  We also found that servicers improperly administered the forbearance for at least one-sixth of the nearly 815,000 borrowers on forbearance plans in November 2020.  Servicers also performed excessive communication and collection efforts for borrowers who were already in forbearance. As a result, these borrowers experienced additional burdens from improperly administered forbearance.We recommend that FHA identify borrowers who are delinquent and did not fully benefit from the COVID-19 forbearance and ensure that information about the CARES Act and COVID-19 forbearance is distributed to these borrowers. We also recommend that FHA review the 21 loans in our statistical sample with improperly administered forbearance to ensure that the borrowers were assisted by the servicers, if possible, and ensure that these servicers updated their forbearance procedures to prevent future noncompliance; ensure that the issues found during our audit are incorporated into servicing monitoring reviews to deter future noncompliance and prevent potential loss to the FHA fund; and provide additional guidance to the servicers so that they limit their communication and collection efforts for the borrowers in forbearance.

Independent Auditors' Report on the Government Publishing Office (GPO) fiscal year (FY) 2021 Financial Statements.

In connection with the audit of the U.S. Government Publishing Office fiscal year (FY) 2021 financial statements, attached is the information technology (IT) management letter issued by the independent public accounting firm of KPMG LLP (KPMG).

In connection with the audit of the U.S. Government Publishing Office fiscal year (FY)2021 financial statements, attached is the non-information technology (IT) management letter issued by the independent public accounting firm of KPMG LLP (KPMG).

This audit repoort concluded that the FCC’s information security program was effective and in compliance with FISMA legislation, OMB memoranda, and other applicable guidance. This is the first year that the agency’s information security program has been in compliance, which is a significant accomplishment. The FISMA evaluation report includes seven findings and offers 13 recommendations intended to improve the effectiveness of the FCC’s information security program controls.

The information security program of AmeriCorps remains ineffective and has shown little progress since FY 2018. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: organization-wide risk management, IT asset inventory management, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management practices. AmeriCorps has not made significant progress in implementing prior FISMA recommendations. AmeriCorps has implemented only eight of the 39 open recommendations from the FY 2017- FY 2020 FISMA evaluations.. Implementing more of these recommendations will help AmeriCorps to mature its information security program and bring it closer to effectiveness. The failure to address critical deficiencies leaves AmeriCorps systems and data vulnerable to breach, which may expose sensitive information, including Personally Identifiable Information, to unauthorized access, use and disclosure. Our report offers 13 new recommendations, which together with the prior year recommendations, will assist AmeriCorps in developing a mature and effective information security program. AmeriCorps concurred with 12 of the 13 new recommendations and provided alternative actions to resolve the remaining recommendation.

The VA Office of Inspector General (OIG) conducted a healthcare inspection of an allegation related to a patient who sought help with gastrointestinal symptoms at the Eastern Oklahoma VA Health Care System in Muskogee (facility) three times in 2020 and was allegedly sent away. The patient went to a non-VA hospital and was diagnosed with colorectal cancer in early 2021.The OIG did not substantiate that the patient was sent away three times. The OIG identified concerns related to the patient’s fecal immunochemical test (FIT), an Emergency Department physician’s patient assessment, and facility leaders’ response to the patient’s complaints and multiple Emergency Department physician complaints.The electronic health record contained no documented evidence that the FIT was mailed to or discussed with the patient, even when not returned.The Emergency Department physician did not adequately assess the patient by failing to perform a digital rectal examination when the patient’s clinical presentation included having blood in the stool.Facility staff did not adequately review and respond to the patient’s complaints. A primary care leader did not fully resolve complaints related to providers’ patient interactions and care. The patient advocate failed to address a complaint, document the involved providers, or contact the patient.The OIG found facility leaders initiated peer reviews and provided an institutional disclosure to the patient but identified leaders’ inadequate response to complaints about the Emergency Department physician. Beyond reporting and intermittent discussions with the provider, leaders took no further actions to address the physician’s performance concerns.The OIG made four recommendations to the Facility Director to ensure FITs are tracked, evaluate Emergency Department providers’ processes for examinations when patients present with gastrointestinal symptoms with bleeding, ensure thorough reviews and documentation of patient complaints, and ensure leaders monitor complaints related to the Emergency Department physician.

The OIG reviewed the reassignments of two executive directors in the Veterans Benefits Administration (VBA) to determine whether VA’s policies and procedures were followed when determining their eligibility for relocation allowances. The OIG found nothing improper with respect to the allowances paid to the two executive directors. The OIG observed, however, that there were inconsistencies in VA’s guidance regarding the approval of relocation allowances. Specifically, the policy guidance appears to have improperly applied criteria regarding relocation incentives rather than those for relocation allowances. These different payment options are defined in separate and distinct federal regulations and VA policy.The OIG issued a VA management advisory memorandum to share observations from its review. No additional steps are being taken at this time, including any further reporting on the examination of the two executive directors’ circumstances, as no wrongdoing or violation of law or policy was identified regarding the relocation allowances. The Office of Human Resources and Administration (HRA) will inform the OIG what action, if any, HRA takes to address the issues identified.

The OIG assessed the oversight and stewardship of funds and identified opportunities for cost efficiency at the Eastern Oklahoma VA Health Care System. The review focused on four areas:1. Open obligations. The team found that the system’s fiscal staff did not always review open obligations for goods and services to determine if they were still valid and necessary. This leaves the system vulnerable to the risk that funds will be not used in the year they were appropriated, as required. In addition, some end dates for contracts’ period of performance were not accurate.2. Purchase card use. The system did not always maintain supporting documentation for transactions, conduct quarterly audits of the purchase card program on time, and consider contracts instead of purchase cards for ongoing, repetitive orders of goods or services.3. Administrative staffing and labor costs. The system had higher administrative staff levels than similar facilities, but system leaders have taken several actions to strengthen oversight of this area. (A difference in the number of personnel should be a starting point for deeper examination and is not a determining factor by itself.) The OIG also found that staff reviewed salary cost data as required to ensure labor costs were recorded correctly.4. Pharmacy operations and cost-savings efforts. The system could improve pharmacy efficiency by narrowing the gap between the facility’s observed and expected drug costs, increasing the rate that inventory is used to reduce storage costs, and following the required process for buying drugs not included in VA’s national formulary listing.The OIG made nine recommendations for improving cost efficiency. The number of recommendations should not be used, however, to gauge the system’s overall financial health. The intent is for system leaders to use these recommendations as a road map for improvement in the areas reviewed.