Report Type
Report Category
Submitting Agency
- (-) Department of Defense OIG (44)
- (-) Department of Energy OIG (2)
- (-) Federal Deposit Insurance Corporation OIG (2)
- (-) Federal Housing Finance Agency OIG (4)
- (-) General Services Administration OIG (12)
- (-) Special Inspector General for the Troubled Asset Relief Program (2)
- (-) Treasury Inspector General for Tax Administration (51)
- Amtrak (National Railroad Passenger Corporation) OIG (1)
- Architect of the Capitol OIG (5)
- Defense Intelligence Agency OIG (3)
- Department of Agriculture OIG (24)
- Department of Commerce OIG (5)
- Department of Education OIG (42)
- Department of Health & Human Services OIG (109)
- Department of Homeland Security OIG (34)
- Department of Housing and Urban Development OIG (35)
- Department of Justice OIG (34)
- Department of Labor OIG (68)
- Department of State OIG (2)
- Department of the Interior OIG (36)
- Department of the Treasury OIG (110)
- Department of Transportation OIG (9)
- Department of Veterans Affairs OIG (44)
- Election Assistance Commission OIG (27)
- Environmental Protection Agency OIG (16)
- Farm Credit Administration OIG (1)
- Federal Reserve Board & CFPB OIG (10)
- Government Publishing Office OIG (1)
- National Aeronautics and Space Administration OIG (1)
- National Reconnaissance Office OIG (3)
- National Science Foundation OIG (13)
- National Security Agency OIG (1)
- Office of Personnel Management OIG (2)
- Office of the Special Inspector General for the Troubled Asset Relief Fund (1)
- Pandemic Response Accountability Committee (25)
- Peace Corps OIG (3)
- Pension Benefit Guaranty Corporation OIG (6)
- Railroad Retirement Board OIG (7)
- Securities and Exchange Commission OIG (1)
- Small Business Administration OIG (47)
- Social Security Administration OIG (7)
- Special Inspector General for Pandemic Recovery (53)
- Tennessee Valley Authority OIG (4)
- U.S. Agency for International Development OIG (29)
- U.S. Postal Service OIG (16)
State/Local Agency
State (State and Local Reports)
Fraud Type
Agency Reviewed
Related Organizations
Management Challenges
- Agency Operations (16)
- Federal Workforce Safety (12)
- Financial Management of Relief Funding (8)
- Grants and Guaranteed Loan Management (5)
- Informing and Protecting the Public from Pandemic-Related Fraud (3)
- IT Management and Security (11)
- Preventing and Detecting Fraud against Government Programs (1)
- Protecting the Health and Safety of the Public (8)
Any Recommendations
Any Open Recommendations
Reports
American Rescue Plan Act: Continued Review of Premium Tax Credit Provisions
The Commissioner, Wage and Investment Division, and the Commissioner, Small Business/Self-Employed Division, should consider expanding the use of soft notices to address potentially erroneous PTC claims. These notices should provide individuals with information specific to the eligibility or reporting requirements related to the potential error the IRS identified and suggest the filing of an amended return, if an error has
occurred.
The Commissioner, Wage and Investment Division, should notify the 317,418 taxpayers we identified, who potentially received less PTC than they were entitled or repaid more APTC than required, that they may qualify for additional PTC or overpaid APTC and encourage them to file an amended Tax Year 2021 return, if applicable.
The Commissioner, Wage and Investment Division, should notify the 317,418 taxpayers we identified, who potentially received less PTC than they were entitled or repaid more APTC than required, that they may qualify for additional PTC or overpaid APTC and encourage them to file an amended Tax Year 2021 return, if applicable.
The Commissioner, Wage and Investment Division, should develop processes, such as the use of courtesy letters to notify individuals of their potential eligibility, to proactively assist taxpayers who, based on available tax return and Exchange data, potentially claimed less PTC than entitled or paid more APTC than required.
The Commissioner, Wage and Investment Division, should develop processes, such as the use of courtesy letters to notify individuals of their potential eligibility, to proactively assist taxpayers who, based on available tax return and Exchange data, potentially claimed less PTC than entitled or paid more APTC than required.
On October 26, 2022, we notified the Director, Submission Processing, of our concerns regarding taxpayers who are potentially eligible for additional PTC based on their unemployment status during Tax Year 2021. We recommended that the Director, Submission Processing, notify these taxpayers that they may qualify for additional PTC or be able to reduce the amount of excess APTC they must repay and encourage them to file an amended Tax Year 2021 return, if they qualify.
On October 25, 2022, we notified the Director, Submission Processing, of our concerns with the draft Tax Year 2022 Form 8962 instructions. We
recommended that the IRS revise the instructions to inform taxpayers that they have an option to set a domestic violence indicator on their tax return.
Audit of DoD Actions Taken to Protect DoD Information When Using Collaboration Tools During the Coronavirus Disease–2019 Pandemic
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
(U) Rec. B.1.a: The DoD OIG recommended that the Chief Information Officer for the Defense Finance and Accounting Service renegotiate changes with the Adobe Connect vendor to configure Adobe Connect to require privileged users to authenticate into the collaboration tool using multifactor authentication.
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Rec. B.3.c: The DoD OIG recommended that the Chief Information Officer for the Defense Threat Reduction Agency configure Zoom for Government to lock user accounts after three unsuccessful logon attempts in a 15-minute period.
Recommendation is CUI
Audit of GSA’s Response to COVID-19: PBS Faces Challenges to Meet the Ventilation and Acceptable Indoor Air Quality Standard in GSA-Owned Buildings
We recommend that the PBS Commissioner complete a comprehensive assessment to determine whether GSA-owned building air handlers meet the ASHRAE ventilation standard’s minimum outdoor air requirements and develop a comprehensive plan to address deficiencies identified.
We recommend that the PBS Commissioner create and implement a plan to notify building occupants whenever deficiencies and hazards associated with outdoor air requirements are identified.
We recommend that the PBS Commissioner ensure that all PBS staff with ventilation system responsibilities, including contracting officer’s representatives, contracting officers, project managers, and building managers, are trained on the requirements of the ASHRAE ventilation standard.
We recommend that the PBS Commissioner ensure operations and maintenance contracts define requirements for regular testing, adjusting, and balancing of air handlers.
We recommend that the PBS Commissioner ensure that GSA’s Guidance for COVID-19 HVAC Operations adheres to CDC COVID-19 guidance for improved building ventilation.
Recurring Identification Is Needed to Ensure That Employers Full Pay the Deferred Social Security Tax
The Commissioner, Small Business/Self-Employed Division, should ensure that the 3,231 tax accounts are updated to reflect the correct balance due.
The Commissioner, Small Business/Self-Employed Division, should continue to identify new tax accounts with a Social Security tax deferral at least through Calendar Year 2024 to ensure that all unpaid deferrals are identified for collection as appropriate.
FDIC Examinations of Government-Guaranteed Loans
Develop and implement guidance to examination staff on the credit, operational (including fraud), liquidity, and compliance risks related to Government-guaranteed loans to ensure staff adequately plans and conducts examinations to identify and address emerging risks.
Develop and implement a training plan to ensure examination staff are trained on the requirements and risks of Government-guaranteed loan programs.
Update, develop, and distribute to FDIC examination personnel a list of FDIC examiners who have significant experience examining banks that specialize in Government-guaranteed loan programs to regional offices.
Develop and implement a process to obtain improved data regarding Government-guaranteed lending activities of FDIC-supervised financial
institutions.
Update the [redacted] MOU to include the sharing of loan portfolio information such as historical loan performance, status of guaranty, and loan-level risk characteristics.
Establish arrangements with other Federal agencies that administer Government-guaranteed loan programs to facilitate information sharing and
proactive identification of risk.
Develop and implement processes and procedures for the routine sharing, receipt, and storage of confidential information with Federal agencies that administer Government-guaranteed loan programs.
Develop and implement guidance to provide instruction to FDIC bank examination staff requiring communication and information sharing with Federal agencies that administer Government-guaranteed loan programs to ensure FDIC staff and the Federal agencies are aware of any emerging risks.
Determine whether other Federal agencies that administer Government-guaranteed loan programs have a list of FDIC-supervised banks with high risk factors associated with such programs and develop protocols to share information with relevant FDIC personnel, including examiners.
Develop and implement guidance to ensure relevant risk information exchanged with Federal Government agencies that administer Government-guaranteed loan programs is shared internally within the FDIC on an ongoing basis with the appropriate FDIC employees.
Develop and implement updated FDIC examination guidance to establish an appropriate timeframe for uploading complete supervisory business records to RADD.
Develop and implement guidance to examination staff to ensure the staff consistently evaluate Government-guaranteed loans in their review of loan classification, assessment of off-balance sheet risk, concentration risk, and ongoing monitoring.
Update and implement the Examination Profile Script to include additional questions on financial institution participation in Government-guaranteed loan programs in order to identify and address emerging risk.
Develop and implement additional items to the Safety and Soundness Request List to identify Government-guaranteed loans, the performance of those loans, and status of the guaranty.
Issue and implement guidance to require that examination staff conduct a fraud risk assessment on future Government-guaranteed loan programs involving FDIC-insured and FDIC-supervised financial institutions to inform policy decisions.
Ensure guidance on future Government-guaranteed loan programs includes all risks associated with such programs and has instructions to allow for consistency in supervisory activities.
Issue and implement guidance for examiners clarifying the FDIC supervisory expectations for reviewing bank PPP activities, including the level of PPP loan volume triggering a heightened review, how examiners should assess the PPP activities of banks that have existing BSA/AML weaknesses, and protocols for examination staff to communicate observed weaknesses.
Revise and implement FDIC guidance and practices for assessing concentrations and loan classification to ensure uniform application with the other Federal bank regulators of supervisory approaches to banks
Coordinate with the other Federal bank regulators to ensure uniform application of supervisory approaches to banks regarding concentrations and loan classification.
Additional Actions Are Needed to Reduce Accounts Management Function Inventories to Below Pre‑Pandemic Levels
Ensure that all sites understand and begin immediately stamping the ICT received date after correspondence screening is completed, and that individual and business documents are screened with equal importance.
Coordinate with the Information Technology organization to explore adding Taxpayer Relations inventories into the CII, so that all Accounts Management inventory is located in the same inventory management system.
The Commissioner, Wage and Investment Division, should establish time frames for and a process to measure correspondence screening timeliness at each site.
The Commissioner, Wage and Investment Division, should rescind the requirement that only the TEs and the CSRs perform correspondence
screening and encourage all sites to use mail clerks, after providing them with adequate training.
The Commissioner, Wage and Investment Division, should ensure prompt completion of the ICT review to determine if additional scanners will be
purchased.
Discontinue correspondence screening via telework and ensure at all sites that screening must be conducted in the same IRS facility where documents are being scanned by the ICT.
Identify and address the cause of Accounts Management function employees incorrectly routing cases to other IRS functions and work with other IRS functions to update their Internal Revenue Manuals to make it clear that incorrectly routed documents should be returned to the
originating employee.
We recommended that management take steps to hire as many mail clerks as possible.
The Commissioner, Wage and Investment Division, should establish goals for each of the Accounts Management function’s inventory types and develop a plan for addressing those goals to ensure a timely return to pre-pandemic inventory levels.
The Commissioner, Wage and Investment, should prioritize funding and implementation of automated processing of Forms 1040-X to increase efficiencies and reduce taxpayer burden.
The Commissioner, Wage and Investment Division, should implement temporary solutions for the processing of Forms 1040-X to reduce the backlogs, reduce taxpayer burden, and save IRS resources until an automated solution is implemented.
Coordinate with the Information Technology organization to prevent generating transcripts for manual refunds less than $100 and adjust the frequency that some transcripts are generated to help management get through the inventory more efficiently.
Temporarily relieve employees in the Accounts Management function from having to complete paperwork for barred statutes, so they can focus on eliminating the backlogged inventory and prevent future barred statutes.
Audit of DoD Actions Taken to Implement Cybersecurity Protections Over Remote Access Software in the Coronavirus Disease–2019 Telework Environment
Rec. A.1: The DoD OIG recommended that the Director of the U.S. Southern Command - Joint Interagency Task Force South Command, Control, Communications, Computers, Cyber and Intelligence direct its network administrators to scan the VMware Horizon main virtual desktop for malware in accordance with the McAfee Endpoint Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not scanning the main virtual desktop.
Rec. A.2.a: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive user accounts after no more than 35 days.
Rec. A.2.b: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.3: The DoD OIG recommended that the Chief Information Officer of the Naval Surface Warfare Center - Panama City Division direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.4.a: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
Rec. A.4.b: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.5.a: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers revise the organization's policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
Rec. A.5.b: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.6: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. B.1: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to revise the vulnerability management program to include mitigation timeframes for all vulnerabilities and develop plans of actions and milestones for all vulnerabilities that cannot be mitigated in a timely manner.
Backlogs of Tax Returns and Other Account Work Will Continue Into the 2023 Filing Season
Ventilation Issues Persist in Unrenovated Wings of GSA Headquarters Building
The Public Buildings Service Commissioner should continue to monitor IAQ in Wings 0 and 3 of the Headquarters Building, in
accordance with the PBS Desk Guide.
The Public Buildings Service Commissioner should expeditiously notify Headquarters Building occupants of any IAQ results that do not
meet ASHRAE standards.
COVID-19: PBS Faces Challenges in Its Efforts to Improve Air Filtration in GSA-Controlled Facilities
We recommend that the PBS Commissioner for GSA-owned facilities: a. Conduct an accurate and complete assessment of HVAC systems to identify deficiencies in air filtration. Based upon the assessment, PBS should maximize central air filtration in existing HVAC systems without significantly reducing design airflow; b. Review and update current and future operations and maintenance contracts to ensure that they clearly identify the required MERV air filters and preventive maintenance schedules; c. Establish controls to ensure that PBS obtains and maintains complete preventive maintenance records; and d. Ensure that contracting officer representatives conduct inspections of mechanical rooms and preventive maintenance records to ensure that air filters meet MERV requirements.
We recommend that the PBS Commissioner for GSA-leased space: a. Review and update current and future lease agreements to ensure that they clearly identify the required MERV air filters and preventive maintenance schedules; b. Ensure that lessors maintain and provide required preventive maintenance records and provide timely access to mechanical rooms; and c. Ensure that PBS representatives inspect mechanical rooms and preventive maintenance records to ensure that air filters meet MERV requirements.