Open Recommendations

(U) Rec. B.1: The DoD OIG recommended that the Director of the Test Resource Management Center develop a plan to improve electromagnetic pulse test facility capabilities in coordination with the Services and electromagnetic pulse testing facilities to ensure testing gaps are accounted for and addressed to meet the requirements of MIL-STD-2169D.

We recommend that the Centers for Medicare & Medicaid Services provide States with matched T-MSIS enrollment data that identify Medicaid beneficiaries who were concurrently enrolled in a Medicaid managed care program in two States.

We recommend that the Centers for Medicare & Medicaid Services assist States with utilizing the data as needed to reduce future capitation payments made on behalf of beneficiaries concurrently enrolled in two States.

We recommend that the Centers for Medicare & Medicaid Services: direct the MACs to recover the $331,448 from the CAHs for 12,156 claims for which the health care practitioners had not reassigned their billing rights to the CAHs and $83,412 in cost-sharing overcharges to Medicare beneficiaries that are within the 4-year reopening period;

We recommend that the Centers for Medicare & Medicaid Services direct the MACs to recover the $575,990 from the health care practitioners for 7,857 claims for which health care practitioners had reassigned their billing rights to the CAHs and $197,909 in cost-sharing overcharges to Medicare beneficiaries that are within the 4-year reopening period.

We recommend that the Centers for Medicare & Medicaid Services coordinate with the MACs to develop and implement claim system edits or alternative means to prevent and detect overpayments for professional service payments.

CLA recommends that the National Institutes of Health management implement the recommendations below to enhance cybersecurity controls over its grant program. 1. Assess its grant award programs to determine which grants should require additional cybersecurity protections due to research potentially including sensitive and confidential data or NIH intellectual property or both.

2. Based on results of NIH's risk assessment of grant applicants, include in the funding opportunity announcements or grant terms and conditions or both the cybersecurity controls that should be implemented.

3. Strengthen the NIHGPS to establish clear and measurable standards for cybersecurity protections.

4. Strengthen its pre-award process to identify and address how cybersecurity risk will be assessed.

5. Strengthen its post-award process to confirm that cybersecurity protections have been implemented to adequately safeguard sensitive and confidential data.  

(U) Rec. 1: The DoD OIG recommended that the Commander of the United States Africa Command modify United State Africa Command Instruction 3200.21, "United States Africa Command Joint Targeting Instruction," June 1, 2020, to include the requirement to maintain specific documents for target development and targeting operations based on the procedures used to develop the target.

CMS should clarify that States should review their Medicaid managed care plans' MLR reports to verify the accuracy of reported data elements.

CMS should provide additional guidance to States regarding Medicaid managed care plans' reporting of non-claims costs in MLR reports.

CMS should design an annual MLR reporting template for States to provide to their Medicaid managed care plans.

CMS should clarify that States should verify the completeness of their Medicaid managed care plans' MLR reports.

We recommend that the Chief of Border Patrol develop and implement a comprehensive policy for use of different pathways for expedited processing during times of increased apprehension activity. The policy should require: x Issuing A-numbers for all migrants released into the United States to ensure DHS and other Federal agencies can track migrants throughout the immigration process; and x Ensuring processing pathways comply with existing law and policy.

Provide adequate documentation to support that the $2,588,362 in CDBG-DR funds for three unsupported project and program management services expenditures cited in this report was spent for supported, necessary, and reasonable costs. Any amount for which adequate support cannot be provided should be repaid from non-Federal funds.

The Global Engagement Center should clarify and codify the roles and responsibilities of the Policy, Plans, and Operations Division and the Interagency and International Coordination Cell in the Foreign Affairs Manual.

The Global Engagement Center should approve a plan to implement its Functional Bureau Strategy, update its major programs to include key priorities, and assess its execution by conducting regular reviews with its staff, in accordance with Department standards.

The Global Engagement Center should appoint an evaluation coordinator with decision-making authority to conduct evaluations appropriate to its portfolio, in accordance with Department standards.

The Global Engagement Center should review risks to its strategic objectives, implement processes for identifying and responding to risk, and communicate risk response guidance to staff in accordance with Department standards.

The Global Engagement Center should comply with federal and Department standards with respect to pre-award design and approval processes for its federal assistance programs.

The Global Engagement Center should complete the closeout process for awards currently overdue and implement procedures for the timely close out of future awards.

The Global Engagement Center should comply with Department contracting officer’s representative program standards.

The Global Engagement Center should use domain names for the Global Engagement Center’s analytics platforms that comply with Department standards.

The Global Engagement Center, in coordination with the Bureau of Educational and Cultural Affairs, should require the Information Systems Security Officers for the Global Engagement Center analytics platforms to perform their duties in accordance with Department guidance.

The Global Engagement Center should implement procedures to ensure all aspects of its analytics platforms’ systems documents are completed and current, in accordance with Department standards.

The Global Engagement Center, in coordination with the Office of the Under Secretary for Public Diplomacy and Public Affairs, should conduct a cost-benefit analysis for its analytics support program.

Develop and implement guidance for Border Patrol sectors to address the expiration of the CDC order pursuant to Title 42.

Develop and implement contingency plans for increased apprehensions and processing.

Implement a process to monitor connections to the NSF network from outside the U.S., ensuring the system accurately captures the user’s country location, and take any necessary measures to protect NSF’s network and data when unauthorized connections are identified.

Provide documentation, or a full and detailed explanation, of the process Michigan used to determine that the four education-related entities that received GEER grant funds were essential for carrying out emergency educational services, providing childcare and early childhood education, providing social and emotional support, or protecting education-related jobs.

Develop and implement a process to ensure that it documents the criteria and decisions made for awarding future GEER grant funds in accordance with applicable requirements.

Take appropriate action if the documentation and other information provided by Michigan in response to the above recommendations does not support that the State followed applicable requirements.

Timely design and implement a monitoring plan that will ensure that K–12 GEER and Early On program subgrantees’ use of GEER grant funds complies with the CARES Act and other applicable Federal requirements. The monitoring plan should include protocols to review, on at least a sample basis, and using a riskbased approach, supporting documentation for subgrantee expenditures charged to the GEER grant to provide assurance that funds were used for allowable purposes.

Develop and implement a process to review, on at least a sample basis, and using a risk-based approach, supporting documentation and award calculations for the FFF Path 1 scholarship awards.

OIG recommends that the Bureau of Diplomatic Security (a) determine whether the $361,627,297 in questioned costs spent on Contract 19AQMM19C0007 are supported and allowable and (b) recover any costs determined to be unsupported and unallowable.

We recommend that Regence BlueCross BlueShield of Oregon refund to the Federal Government the $1,890,855 of estimated net overpayments.

We recommend that Regence BlueCross BlueShield of Oregon identify, for the high-risk diagnoses included in this report, similar instances of noncompliance that occurred before or after our audit period and refund any resulting overpayments to the Federal Government.

We recommend that Regence BlueCross BlueShield of Oregon continue to examine its existing compliance procedures to identify areas where improvements can be made to ensure that diagnosis codes that are at high risk for being miscoded comply with Federal requirements (when submitted to CMS for use in CMS's risk adjustment program) and take the necessary steps to enhance those procedures.

Thoroughly review each COVID-19 EIDL, grant, and advance application submitted from foreign IP addresses that were approved and funded and verify eligibility. If ineligibility or evidence of potential fraud is found, SBA should stop any further or future disbursements, recover any disbursed funds, and refer fraudulent loans to OIG for investigation.

Examine controls related to foreign IP addresses and ensure these controls are more effective in future disaster processing systems.

We recommend that the New York State Department of Health refund the estimated $84,329,893 to the Federal Government for payments that did not comply with Federal and State requirements.

We recommend that the New York State Department of Health work with the transportation manager to review the payments to transportation providers that may not have complied with Federal and State requirements, resulting in an estimated $112,028,279 in Federal Medicaid reimbursement, and refund to the Federal Government any unallowable amounts.

The FHFA Office of General Counsel’s Designated Agency Ethics Official or Alternate Designated Agency Ethics Official should improve the Agency’s existing internal controls over its employee financial disclosure process by performing and documenting technical reviews and conflict of interest analysis within 60 days of receiving employee financial disclosure reports as required by OGE regulations and FHFA policy.

FHFA should improve existing internal controls over its employee financial disclosure process by ensuring that employees file their financial disclosure reports timely as required by the U.S. Office of Government Ethics regulations and FHFA policy.

Rec. 1.c: The DoD OIG recommended that the Principal Director, Defense Pricing and Contracting develop and implement guidance or best practices for agreement personnel to validate that the nontraditional defense contractor participated to a significant extent, as proposed, throughout the duration of the prototype project.

Implement and document in appropriate policy and procedures a process to validate whether minority depository institutions continue to meet the minority depository institution definition.

The Indian Health Service should develop a strategy for expeditiously deploying a new information system when it is necessary to meet an urgent, mission-critical need. The strategy should define the minimum set of controls out of the total number of required controls that should be addressed and, if applicable tested, before the new system is authorized to operate until it is feasible to address all required controls. The authorization to operate should include an acceptance of risk for not implementing all required controls, specify a date by which the remaining required controls will be implemented and tested, and be replaced…