Report Type
Report Category
Submitting Agency
State/Local Agency
State (State and Local Reports)
Fraud Type
Agency Reviewed
- (-) Amtrak (National Railroad Passenger Corporation) (0)
- (-) Architect of the Capitol (0)
- (-) Department of Defense (8)
- (-) Department of Housing and Urban Development (1)
- (-) Railroad Retirement Board (5)
- (-) Social Security Administration (3)
- Chemical Safety and Hazard Investigation Board (1)
- Department of Agriculture (2)
- Department of Commerce (1)
- Department of Education (10)
- Department of Health & Human Services (27)
- Department of Justice (6)
- Department of Labor (27)
- Department of the Interior (6)
- Department of the Treasury (30)
- Department of Transportation (5)
- Election Assistance Commission (5)
- Environmental Protection Agency (4)
- Federal Deposit Insurance Corporation (1)
- General Services Administration (1)
- Internal Revenue Service (10)
- Multiple Agencies (1)
- National Security Agency (1)
- Small Business Administration (29)
- Tennessee Valley Authority (1)
- U.S. Agency for International Development (4)
- U.S. Postal Service (9)
Related Organizations
Management Challenges
Any Recommendations
Any Open Recommendations
Reports
Controls over the Social Security Administration’s National 800-number Service During the COVID-19 Pandemic
Create a performance standard that requires that teleservice center managers and other employees who conduct service observations conduct a minimum of three service observations for each qualified 800-number employee per month, as required by SSA policy.
Create policy to ensure all problematic calls identified through speech analytics are referred to regional management and regional management intervenes with the 800-number employees referred within defined timeframes to ensure prompt interventions address problematic and/or inadequate customer service.
Audit of the Reliability of the DoD Coronavirus Disease–2019 Patient Health Data
Rec. 1: The DoD OIG recommended that the Director of the Defense Health Agency work with the Program Executive Officer of the Program Executive Office, Defense Healthcare Management Systems to document and implement the process for identifying and collecting patient health data of DoD patients in the Military Health System in current and future registries within their purview in a written document, such as a standard operating procedure. The procedure should identify, at a minimum, the internal controls throughout the process, the relevant data sources, data fields, and diagnostic codes used in the computer scripts, and should be reviewed and approved when updates occur.
Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
Rec. 3: The DoD OIG recommended that the Chief of the Joint Trauma System conduct an analysis to determine whether the patient data entered into the Coronavirus Disease-2019 Registry met the 90 percent accuracy rate requirement for contract W81XWH-20-P-0197 and contract W81XWH-22-C-0151.
Rec. 3.a: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to update the contractor's rating in the contractor's performance assessment reports for contract W81XWH-22-C-0151 and contract W81XWH-20-P-0197, when feasible.
Rec. 3.b: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $3.9 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-20-P-0197, if feasible.
Rec. 3.c: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $2.3 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-22-C-0151.
Rec. 3.d: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to consider all available contract remedies for contract W81XWH-22-C-0151, including modifying and, if necessary, terminating and re-competing the contract, and take action to ensure that the Department receives full value for the funds it expends for contract W81XWH-22-C-0151.
Rec. 3.e: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to delegate an official to review the concerns identified in this report, including the actions of the contracting officials, and take administrative actions, as necessary. The review should include a determination on whether the contractor's performance assessment reports were accurate and make updates as necessary.
Rec. 4.a: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System establish and implement a process for selecting Coronavirus Disease-2019 events for entry into the Coronavirus Disease-2019 Registry to limit selection bias.
Rec. 4.b: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System to include a bias disclosure notice on all reports generated from the Coronavirus Disease-2019 Registry until the Coronavirus Disease-2019 Registry data represent the population of DoD patients who had a Coronavirus Disease-2019 event.
Rec. 5.a: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) establish and implement a policy for developing and populating patient registries that aligns with the Department of Health and Human Services best practices, "Agency for Healthcare Research and Quality, Registries for Evaluating Patient Outcomes: A User?s Guide," current edition.
Rec. 5.b: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) conduct a review of all patient registries in the Military Health System to verify the reliability of data in each registry and implement corrective actions, as necessary.
Audit of DoD Actions Taken to Implement Cybersecurity Protections Over Remote Access Software in the Coronavirus Disease–2019 Telework Environment
Rec. A.1: The DoD OIG recommended that the Director of the U.S. Southern Command - Joint Interagency Task Force South Command, Control, Communications, Computers, Cyber and Intelligence direct its network administrators to scan the VMware Horizon main virtual desktop for malware in accordance with the McAfee Endpoint Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not scanning the main virtual desktop.
Rec. A.2.a: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive user accounts after no more than 35 days.
Rec. A.2.b: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.3: The DoD OIG recommended that the Chief Information Officer of the Naval Surface Warfare Center - Panama City Division direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.4.a: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
Rec. A.4.b: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.5.a: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers revise the organization's policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
Rec. A.5.b: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.6: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. B.1: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to revise the vulnerability management program to include mitigation timeframes for all vulnerabilities and develop plans of actions and milestones for all vulnerabilities that cannot be mitigated in a timely manner.
The Social Security Administration’s Enumeration Services During the COVID-19 Pandemic
Develop and periodically conduct comprehensive refresher training on topics including but not limited to:
- processing original Social Security Number (SSN) cards for individuals aged 12 or older and emphasize requirements and documentation of the in-person interview;
- acceptable forms of evidentiary documents, and
- processing new (different) and replacement SSN cards when adoption
Complete the privacy assessments for the WorkTrack application.
Update quality control reviews to include comparison of SSNAP inputs to an applicant-submitted Form SS-5 and evidentiary documents, and provide feedback to the technicians who made input errors (such as race and ethnicity) or did not use the appropriate evidentiary documents.
Revise enumeration policy to include clear instructions for when Form SSA-5002 is required and how to properly document the form.
Update Program Operations Manual System (POMS) to provide current instructions for enumeration notices and archive outdated policy.
Retain enumeration notices in the Online Retrieval System for individuals with assigned SSNs.
Create and implement automated tools to assist staff in navigating through enumeration evidentiary document requirements.
Take corrective action on all keying errors and cross-referencing errors we identified.
Require managers to verify that incident reports are submitted through the Personally Identifiable Information (PII) Loss Reporting Tool before they approve reimbursement to customers for replacing lost original documents.
Update the National Mail Handling Business Process to include standard Agency-wide mitigation steps for misdirected mail including original documents.
The RRB Did Not Have Detailed Project Plans to Expend Information Technology Modernization Funds
The Railroad Retirement Board's Bureau of Information Services should identify, and document detailed project plans for their Information Technology Modernization initiatives through the Information Resources Management Strategic Plan, which should include the agency's goals, project milestones, and a description of the work necessary, as required by the Office of Management and Budget Circular A-130.
The Social Security Administration’s Mail Processing During the COVID-19 Pandemic
If cost-effective, invest in software and equipment to reduce manual processing of incoming mail.
Expand the use of Post Office Boxes for long-term, high-volume workloads.
If cost-effective, outsource additional mail duties to contractors.
Incorporate centralized printing of forms and notices into SSA’s systems modernization efforts.
Implement policy and operational changes, where appropriate, to decrease reliance on original documents.
Implement options for customers to submit the most frequently used forms online.
Implement capabilities for employees to securely correspond with the public electronically.
Implement online versions of the most frequently sent notices.
Evaluation of Department of Defense Military Medical Treatment Facility Challenges During the Coronavirus Disease-2019 (COVID-19) Pandemic in Fiscal Year 2021
Rec. A.1.a: The DoD OIG recommended that the Director of the Defense Health Agency, in conjunction with the Secretaries of the Military Departments, establish a working group to address the staffing challenges identified by Military Medical Treatment Facilities during this evaluation. The working group should establish milestones to streamline the hiring process to allow Military Medical Treatment Facilities to more quickly fill civilian staffing positions.
Rec. A.1.b: The DoD OIG recommended that the Director of the Defense Health Agency, in conjunction with the Secretaries of the Military Departments, establish a working group to address the staffing challenges identified by Military Medical Treatment Facilities during this evaluation. The working group should establish milestones to determine if salaries for Military Medical Treatment Facility civilian nurses are commensurate with each facility's local market and if military treatment facilities are able to hire nurses at those salaries. For locations where military treatment facility salaries are not commensurate with the local market, take appropriate actions that will reduce the disparity in those markets.
Rec. A.1.c: The DoD OIG recommended that the Director of the Defense Health Agency, in conjunction with the Secretaries of the Military Departments, establish a working group to address the staffing challenges identified by Military Medical Treatment Facilities during this evaluation. The working group should establish milestones to establish a central authority with the knowledge of the Services' requests for individual and large group deployments of medical staff coming out of Military Medical Treatment Facilities and the associated risks to health care delivery.
Rec. A.1.d: The DoD OIG recommended that the Director of the Defense Health Agency, in conjunction with the Secretaries of the Military Departments, establish a working group to address the staffing challenges identified by Military Medical Treatment Facilities during this evaluation. The working group should establish milestones to assess the ability of Military Medical Treatment Facilities to rapidly receive augmentation of medical staff from the Reserve Components.
Rec. A.2.a: The DoD OIG recommended that the Director of the Defense Health Agency, in coordination with the Secretaries of the Military Departments establish the manpower requirements for the coronavirus disease-2019 mission within the Military Medical Treatment Facilities for the staff required to support testing, vaccinations, contact tracing, and acute respiratory clinics.
Rec. A.2.b: The DoD OIG recommended that the Director of the Defense Health Agency, in coordination with the Secretaries of the Military Departments identify the medical personnel requirements within the Military Medical Treatment Facilities, including clinicians, nurses, and support staff, needed for future long-term pandemic response and biological incidents.
Rec. B: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) develop DoD policy for the maximum consecutive hours to be worked, maximum shifts per week, and coverage of duties when absent, for Military Health System staff (at minimum, active duty military and civilian physicians, nurses, respiratory therapists, and lab technicians) working in Military Medical Treatment Facilities to reduce the physical impacts leading to fatigue and burnout, and develop the appropriate waivers of this policy for Military Health System staff.
Rec. C: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) direct a new or existing working group to develop a plan to implement the recommendations in the Military Health System COVID-19 After Action Report and to develop and monitor milestones for each recommendation.
Audit of Entitlements for Activated Army National Guard and Air National Guard Members Supporting the Coronavirus Disease–2019 Mission
Rec. 1.a: The DoD OIG recommended that the Under Secretary of Defense (Comptroller)/Chief Financial Officer, DoD, in coordination with the Under Secretary of Defense for Personnel and Readiness, update the DoD Financial Management Regulation, volume 7A, "Military Pay Policy - Active Duty and Reserve Pay," chapter 27, "Family Separation Allowance" to clearly state that the permanent duty station of a Reserve Component member on temporary duty status is the member's primary residence for the purpose of determining Family Separation Allowance entitlement.
Rec. 1.b: The DoD OIG recommended that the Under Secretary of Defense (Comptroller)/Chief Financial Officer, DoD, in coordination with the Under Secretary of Defense for Personnel and Readiness, update the DoD Financial Management Regulation, volume 7A, "Military Pay Policy - Active Duty and Reserve Pay," chapter 27, "Family Separation Allowance" to clarify that Family Separation Allowance entitlement determination is based on the commuting distance between the member's primary residence and their temporary duty location.
Rec. 2.a: The DoD OIG recommended that the Chief, National Guard Bureau, in coordination with the Director of the Army National Guard and the Director of the Air National Guard, develop and implement policies and procedures to require the Army National Guard and Air National Guard to complete a review of proof of residency documentation when the member's primary residency is established or changed for the Basic Allowance for Housing entitlement to ensure consistency throughout all Army National Guard and Air National Guard units and organizations within every state, territory, and the District. The policies and procedures should also include requirements that: * document a member's primary residence address; * require members to provide proof of their primary residence address; * certify the primary address of members and review supporting documentation; and * provide oversight to ensure primary residence address information is complete and accurate.
Rec. 2.b: The DoD OIG recommended that the Chief, National Guard Bureau, in coordination with the Director of the Army National Guard and the Director of the Air National Guard, develop and implement policies and procedures to outline the process and frequency of recertification for Basic Allowance for Housing entitlement that Army National Guard and Air National Guard officials will use to verify and fully document the dependency status of members to provide clarification to the DoD Financial Management Regulation, volume 7A, chapter 26. These procedures should include: * how recertifications will be completed; * which members will complete a recertification; and * how Army National Guard and Air National Guard officials will provide oversight to ensure that information is complete and accurate.
Rec. 2.c: The DoD OIG recommended that the Chief, National Guard Bureau, in coordination with the Director of the Army National Guard and the Director of the Air National Guard, develop and implement policies and procedures to require Army National Guard and Air National Guard officials to review and document the status of a military member married to another military member regardless of which Military Service, Reserve or Active Component, or Army National Guard or Air National Guard unit the member's spouse belongs to, and identify which member will claim any applicable dependents.
Rec. 2.d: The DoD OIG recommended that the Chief, National Guard Bureau, in coordination with the Director of the Army National Guard and the Director of the Air National Guard, develop and implement policies and procedures to specify the methods for confirming eligibility and paying Family Separation Allowance for Army National Guard and Air National Guard members, in accordance with the DoD Financial Management Regulation, volume 7A, chapter 27, and include the: * timeliness of payments; * determination of Family Separation Allowance eligibility for back to back orders; * members assigned to their normal duty locations; and * requirement to track members to know when they return to their primary residence.
Rec. 2.e: The DoD OIG recommended that the Chief, National Guard Bureau, in coordination with the Director of the Army National Guard and the Director of the Air National Guard, develop and implement policies and procedures to establish formal dissemination and communication procedures for National Guard Bureau policies related to entitlements provided to the Army National Guard and Air National Guard, including the policies in the preceding recommendations. The procedures should require: * creation of a central location where policies and procedures will be kept for easy access by all states, territories, and the District; and * confirmation of receipt from all of the states, territories, and the District when procedures are communicated or obtained.
Rec. 3: The DoD OIG recommended that the Chief, National Guard Bureau, in coordination with the Director of the Army National Guard and the Director of the Air National Guard, develop and implement additional internal control procedures for the review of transactions manually submitted by the Army National Guard and Air National Guard to the payment system prior to payment to ensure the completeness and accuracy of transactions.
Railroad Retirement Board Did Not Implement Sufficient Internal Controls in the Mobile Phones Deployed as a Result of the Pandemic
The Bureau of Information Services should update their mobile phone policies to include and implement a National Archives and Records Administration-approved records schedule and transfer procedures for electronic records associated with mobile phones.
The Bureau of Information Services should develop and implement a records management and retention system for electronic records.
The Bureau of Information Services should research the capabilities of Railroad Retirement Board's Microsoft Azure Cloud's functionality to determine feasibility of incorporating the automated records management and retention capabilities to govern the mobile phones electronic records.
The Bureau of Information Services should submit a yearly affidavit to confirm electronic records associated with mobile phones have been identified and retained until the full transition into Microsoft Azure Cloud.
The Railroad Retirement Board's Director of Administration should define and communicate 'personal usage' establishing Railroad Retirement Board's core hours of 5:00 am to 7:00 pm. Any usage outside of core hours would be considered personal usage excluding business management purposes.
The Railroad Retirement Board's Bureau of Information Services should 1) continue efforts to update the Telecommuting and Mobile Security Computing Policy with current laws and regulations and 2) develop a periodic monitoring control to assess personal usage and address it according to agency guidance.
The Bureau of Information Services should incorporate the mobile phones in an existing assessable unit and update their mobile phone policies to include documentation regarding the specific roles and responsibilities of each office overseeing the mobile phone program.
The Bureau of Information Services should enforce and execute a review and approval process for application and software download and restrict access to specified applications found in their Railroad Retirement Board G-6 Rules of Behavior.
The Bureau of Information Services should implement procedures to periodically track, log, and monitor iPhone usage and the completion of the G-6 Acknowledgement Statement.
The Bureau of Information Services should periodically review the mobile phone inventory for completeness and accuracy to include a comparison with Railroad Retirement Board's personnel position index.
The Bureau of Information Services should implement the use of unique identifiers between disparate data sets (e.g., mobile phone inventory, personnel position index) to facilitate comparisons and reconcile inconsistent information.
Management Information Report - Railroad Retirement Board's Actions in Response to Pandemic Funding
The Bureau of Fiscal Operations should reconcile the obligations as reported to USAspending.gov and the weekly outlay report to determine the correct total for Coronavirus Disease 2019 obligations charged to the $5 million technology appropriation.
The Railroad Retirement Board's Executive Committee should establish a group tasked with hiring decisions for appropriated funds from the American Rescue Plan Act. This group should use documented and reliable procedures that are based on accurate and reliable data sources to determine hiring and staffing levels using appropriated funders from the American Rescue Plan Act.
The Railroad Retirement Board's Executive Committee should reconsider and revise its plans concerning hiring based on the American Rescue Plan Act appropriation because adequate supporting documentation had not been prepared.