Open Recommendations

We recommend that CGS Administrators, LLC revise its policies and procedures so that it meets the reopening deadlines established in Federal requirements.

We recommend that CGS Administrators, LLC conduct the prior years' hospice cap calculations for the five hospices with UPIC recoupments and collect any additional overpayments.

We recommend the Vice President, Contracts and Rates Strategy, Pricing and Contracts formalize and update the cost of service study internal guidance, and develop a cadence for review and approval.

We recommend the Vice President, Contracts and Rates Strategy, Pricing and Contracts evaluate the inclusion of Valley Investment Initiative and Performance Grant credits, as well as any other local power company or customer specific costs going forward, as part of the cost of service study.

The Chief, FMSS, should ****** **** ******* ****** *** ********* *** ********* ** ******** ** **** ***** * *** * *************** ** ******** ****** ****** *** ******** **************** ** *********

The Chief, FMSS, ****** ***** *** *** ************** ** ********* * **** ** *** *********** *********** ***** ****** **** **** ** **** *** ******* **** *** ************** ** **********

The Chief, FMSS, ****** ****** **** *** ** ********* ** ******* ******** ** *** *** ******** ******** *** ***** ** ******** **** **********

Ensure the Wyoming DVS implements policies and procedures and maintains documentation to support its methodology for allocating at least 10 percent of the total grant funds to priority funding program areas as required by the VOCA Guidelines.

Ensure the Wyoming DVS enhances its risk assessment policies and procedures to help ensure that the risk rating more appropriately reflects the specific factors that most lead to risk of noncompliance.

Remedy $93,696 in unsupported pass-through entity expenditures.

We recommend that the Puerto Rico Health Department (the Health Department) update its policies and procedures to conform to Federal procurement standards—including policies and procedures related to contracts for leases, goods, and nonprofessional services—and to address the role of the Oversight Lead and the certification process.

We recommend that the Puerto Rico Department of Health (the Health Department) provide training to staff on policies and procedures.

OCIO to develop and implement a plan to remediate all identified critical, high, and medium vulnerabilities identified on OCIO devices providing services to Federal Highway information technology infrastructure within organization defined time periods required by DOT's Security Weakness Management Guide.

OCIO to work with DOT's Operating Administrations and components to ensure least privilege and boundary protection controls are in place to restrict the logical access to only users authenticated to the IT systems and services for which they are authorized.

OCIO to enforce DOT security policy for removal of default credentials and harden the device configurations for all identified compromised devices and devices that could be similarly compromised, including IT shared services/common operating environment network printers per the Departmental Cybersecurity Compendium security requirements to ensure data security.

OCIO to establish a cybersecurity process to comply with NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment and the Department Cybersecurity Incident Response Plan requirements to effectively communicate and coordinate with OIG any planned significant changes that could impact an OIG security assessment and penetration testing audit before the audit begins and when taking action to implement said changes, to ensure coordination as per the Rules of Engagement requirements and to prevent interruption of OIG penetration testing activities.

OCIO to establish a cybersecurity process to enforce the Department Cybersecurity Incident Response Plan requirements for departmental officials impacted by an incident to review audit logs and follow containment procedures to adequately support after-the-fact investigations of potential security incidents.

OCIO to enforce DOT policy for audit log retention for the proper timeframe of 12 months.

FHWA to enforce DOT security policy for removal of default credentials and harden the device configurations for all identified compromised devices and devices that could be similarly compromised, including FHWA network printers per the Departmental Cybersecurity Compendium security requirements to ensure data security.

FHWA to conduct incident response exercises with appropriate personnel that test the retrieval of security audit logs in the event of an incident.

We recommend the Architect of the Capitol (AOC) Chief Administrative Officer require the Supplies, Services and Material Management Division to identify and leverage data analytics to perform purchase card reviews to ensure compliance with AOC purchase card policies and procedures.

We recommend the Architect of the Capitol Chief Administrative Officer require the Supplies, Services and Material Management Division to update and implement the Purchase Card Review Process Standard Operating Procedure 4-13, January 27, 2020, to include criteria and procedures for conducting all purchase card reviews.

We recommend the Architect of the Capitol (AOC) Chief Administrative Officer require that purchase card approving officials perform quarterly or semiannual purchase card reviews to assist the Agency Program Coordinator in ensuring compliance with AOC purchase card policies and procedures.

We recommend the Architect of the Capitol (AOC) update the AOC Contracting Manual to include examples of split transactions and instructions on how to avoid them.

We recommend the Architect of the Capitol (AOC) develop guidance and update the AOC Contracting Manual to describe the use of third-party processors and vendors and define terms like “questionable merchant category codes,” “mandatory sources,” “third-party merchants,” “third-party processors” and “third-party vendors” in accordance with federal government best practices.

We recommend that the Architect of the Capitol (AOC) update the AOC Contracting Manual to describe the process for avoiding sales tax and add the requirement to reclaim improperly assessed taxes.

Examine existing Job Corps data regarding its drug control activities to identify appropriate data that aligns with the President's Strategy and the Office of National Drug Control Policy's reporting timelines and identify or develop appropriate and relevant performance measures that demonstrate the effectiveness of its drug control activities as they relate to the President's Strategy.

Coordinate with the Office of the Assistant Secretary for Administration and Management and the Office of National Drug Control Policy to establish reporting timelines for any performance measures that cannot be submitted before the Office of National Drug Control Policy's reporting deadline.

Establish targets for all performance measures reported by Job Corps in the National Drug Control Assessment.

We recommend the Assistant Secretary for Employment and Training capture lessons learned from the pandemic and use the information to develop performance standards for prompt payment of UI benefits under temporary UI programs.

We recommend the Assistant Secretary for Employment and Training establish policy that requires officials to issue guidance timely for ETA regional offices to monitor and measure the effectiveness of states' use of staffing to support the implementation of temporary UI programs.

We recommend the Assistant Secretary for Employment and Training establish policy that requires states to develop corrective action plans to address staffing related concerns negatively impacting permanent and temporary UI programs, as identified by regional offices during monitoring reviews.

We recommend the Assistant Secretary for Employment and Training establish policy that requires ETA officials to develop a business case analysis and supporting justification before suspending UI program integrity functions for states to manage workload surges during emergency events.

Rec 1.a: We recommend that the Under Secretary of Defense (Comptroller)/Chief Financial Officer, DoD:

Develop and implement policies and procedures to coordinate with, monitor, and hold the user entities accountable for identifying the service organizations which the user entities rely on and develop and implement procedures to communicate with their service organizations, including development of service-level or equivalent agreements that detail roles and responsibilities for each party.

Rec. 1.b: We recommend that the Under Secretary of Defense (Comptroller)/Chief Financial Officer, DoD:

Develop and implement policies and procedures to coordinate with and hold accountable the user entities and prioritize timely completion of corrective 7actions on open recommendations related to the design and implementation of complementary user entity controls required by their service organizations

Rec: 1.c: We recommend that the Under Secretary of Defense (Comptroller)/Chief Financial Officer, DoD:

Identify user entities that are effectively implementing complementary user entity controls requirements and share best practices to assist the user entities that need improvement

Rec 1.d: We recommend that the Under Secretary of Defense (Comptroller)/Chief Financial Officer, DoD:

Develop a procedure to gather data and feedback from the DoD financial management and audit communities and re-evaluate the Service Provider Working Group meeting dates each year to ensure user auditors obtain information in time to best plan the financial statement audits to meet planning, testing, and reporting phase timelines, and implement changes as determined appropriate.

Rec. 1.e: We recommend that the Under Secretary of Defense (Comptroller)/Chief Financial Officer, DoD:
Identify the service organizations that have the biggest impact across the DoD and establish specific forums for the service organizations to work with user entities and user auditors to discuss updates, complementary user entity controls, and best practices to provide continuous improvement toward achieving the congressional mandate of an unmodified financial statement opinion by FY 2028.

Work with ARC to resolve the inaccurate reporting of $116,808 for non-ARC match construction cost.

Revise policies and procedures for financial reporting of grant costs to include quality control reviews of grant expenses to ensure costs are accurately reported to ARC.

Ensure that the DEA enforces its policy requirement for Special Agents and Task Force Officers to timely complete the DEA-177 Consensual Encounter Form for each consensual encounter, and ensure that required data is being entered.

Ensure that the DEA fully implements appropriate transportation interdiction training that meets the purpose and intent of the OIG's prior recommendations, incorporates DOJ guidance, and addresses the concerns identified in the DEA Office of Training's report that led the DEA to suspend its Jetway training in April 2023.a. Once implemented, ensure that the DEA enforces its policy requirement for Special Agents and Task Force Officers participating in drug interdiction units at mass transportation facilities to complete transportation interdiction training.b. Assess whether the DEA should provide additional training to DEA Special Agents and Task Force Officers who previously received Jetway training.

Assess whether the DEA's repeated payment of a percentage of cash forfeitures to transportation company employees, based on tips leading to seizures, over a period of years, is consistent with the Limited Use Confidential Source category and appropriate under Department of Justice policy.

Assess whether the DEA, in connection with its interdiction efforts at mass transportation facilities, should permit, outside the context of a predicated investigation, cash rewards to private company employees for regularly providing, over an extended period, potentially private consumer data without their employer's knowledge and without any legal process.

Consider whether to direct the Department of Justice law enforcement components to expand their body-worn camera policies to require the use of body-worn cameras during pre-planned consensual encounters with travelers at mass transportation facilities.

Prohibit participation in transportation interdiction activities at mass transportation facilities by DEA Special Agents and Task Force Officers who have not received appropriate training.

Update the policy on "Consensual Encounters Conducted at Mass Transportation Facilities" in the DEA Agents Manual to provide additional consensual encounter guidance regarding transportation interdiction activities.

Provide additional training or guidance on the DEA-177 Consensual Encounter Form to ensure that DEA Special Agents and Task Force Officers understand the importance of the form and how to complete it accurately. Update fields or instructions on the form, if needed.

Determine whether transportation interdiction activities and the use of confidential sources for this purpose are an effective use of law enforcement resources, and assess whether the benefits of these actions outweigh the potential legal risks.

USDA OIG has determined that this recommendation contains sensitive information and will not be publicly released due to privacy concerns.