Federal Reports

FY 2022 Management Challenges Facing the U.S. Department of Education

Our objective was to determine whether the U. S. International Development Finance Corporation (DFC) implemented and effective information security program for fiscal year (FY) 2021, in support of the Federal Information Security Modernization Act of 2014 (FISMA). The OIG contracted with the independent certified public accounting firm of CliftonLarsonAllen LLP (CLA) to conduct the audit. CLA evaluated the effectiveness of DFC’s implementation of CLA reviewed FISMA reporting metrics and also assessed DFC’s implementation of selected controls outlined in the National Institute of Standards and Technology’s Special Publication 800-53, Revision 4, “Security and Privacy Controls for Federal Information Systems and Organizations.” CLA reviewed three of the four internal and external systems in DFC’s inventory dated February 12, 2021.We found DFC implemented an effective information security program. For example, DFC established an effective security training program, maintained an effective information system continuous monitoring program, and implemented an effective incident handling and response program. However, we did make recommendations to address weaknesses in four of the nine FY 2021 IG FISMA metric domains.

As part of our annual audit plan, we audited costs billed to the Tennessee Valley Authority (TVA) by Vega Corporation of Tennessee for general construction and modification services performed under Contract No. 14626. Our audit included approximately $8.76 million in costs billed to TVA from contract inception, November 11, 2019, through April 30, 2021. Our objective was to determine if Vega billed TVA in accordance with the contract's terms. In summary, we determined (1) Vega overbilled TVA $4,070 in ineligible fee, and (2) TVA paid an additional $187,786 in labor costs because Vega used statutory payroll tax rates instead of effective payroll tax rates in the buildup of its craft labor billing rates. We also noted opportunities to improve contract administration by TVA. Specifically, we found the contract contained (1) language requiring subcontractor approval that does not match TVA's intent and (2) inconsistent language regarding markups on subcontractor costs.(Summary Only)

The coronavirus pandemic impacted Resource Conservation and Recovery Act state program operations and resulted in fewer inspections.

Objective: To review the Social Security Administration’s (SSA) telephone services, especially as they relate to the COVID-19 pandemic.

The OIG, through an IPA (SB & Company, LLC (SBC)) conducted a risk assessment of the Commission’s purchase and travel card program. SBC performed an audit of the purchase card and travel card programs. Overall, we concluded that the risk of illegal, improper, or erroneous purchases and payments through the Commission’s charge card programs during the scope period was low for the purchase and travel card program.