Report Type
Report Category
Submitting Agency
- (-) Department of Defense OIG (18)
- (-) Department of the Interior OIG (8)
- (-) U.S. Agency for International Development OIG (4)
- Department of Agriculture OIG (7)
- Department of Commerce OIG (1)
- Department of Education OIG (16)
- Department of Health & Human Services OIG (28)
- Department of Homeland Security OIG (28)
- Department of Housing and Urban Development OIG (1)
- Department of Justice OIG (6)
- Department of Labor OIG (37)
- Department of the Treasury OIG (38)
- Department of Transportation OIG (5)
- Department of Veterans Affairs OIG (27)
- Election Assistance Commission OIG (16)
- Environmental Protection Agency OIG (5)
- Farm Credit Administration OIG (1)
- Federal Deposit Insurance Corporation OIG (1)
- Federal Reserve Board & CFPB OIG (2)
- General Services Administration OIG (5)
- National Science Foundation OIG (11)
- National Security Agency OIG (1)
- Pandemic Response Accountability Committee (1)
- Pension Benefit Guaranty Corporation OIG (2)
- Railroad Retirement Board OIG (5)
- Securities and Exchange Commission OIG (1)
- Small Business Administration OIG (33)
- Social Security Administration OIG (3)
- Tennessee Valley Authority OIG (3)
- Treasury Inspector General for Tax Administration (27)
- U.S. Postal Service OIG (11)
State/Local Agency
State (State and Local Reports)
Fraud Type
Agency Reviewed
Related Organizations
Management Challenges
Any Recommendations
Any Open Recommendations
Reports
COVID-19: Audit of Costs Incurred by International Rescue Committee from March 1, 2020, to March 31, 2022
Require International Rescue Committee to develop and implement procedures to include complete environmental information in its program reports or obtain Agency approval to exempt recipients from the reporting requirements.
COVID-19: Audit of Costs Incurred by Jhpiego Corporation from March 1, 2020 to March 31, 2022
We recommend that USAID/Bureau for Management/Office of Acquisition & Assistance ensure that Jhpiego documents key processes and controls in its company policies and procedures to include the approval requirements associated with its access revocation process, new hire orientation checklist, initial salary determinations, international travel, travel expense report, invoices, and financial reports.
COVID-19: Audit of Costs Incurred by FHI-360 from March 1, 2020 to March 31, 2022
We recommend that USAID/Bureau for Management/Office of Acquisition & Assistance require FHI-360 to develop and implement procedures to include the Compensated Personal Absence rate in its supporting documentation and negotiations leading up to the execution of a Negotiated Indirect Cost Rate Agreement, unless USAID provides written approval to bill the rate on applicable awards.
COVID-19: Enhanced Controls Could Strengthen USAID’s Management of Expedited Procurement Procedures
We recommend that the Director of the Office of Acquisition and Assistance implement procedures to remind personnel of the requirement to send pertinent documents relating to utilization of the Expedited Procedures Package for Infectious Disease Outbreaks to designated USAID mailboxes and maintain those documents in ASIST, the official award file.
We recommend that the Director of the Office of Acquisition and Assistance implement procedures to require personnel to maintain documentation of required postings to SAM.gov in ASIST, the official award file.
We recommend that the Director of the Office of Acquisition and Assistance implement procedures to strengthen training on use of noncompetitive action codes in the Global Acquisition and Assistance System to ensure consistent reporting of use of other than full and open competition for new and modified awards in the Global Acquisition and Assistance System and the Federal Procurement Data System and track use of the Expedited Procedures Package for Infectious Disease Outbreaks.
We recommend that the Director of the Office of Acquisition and Assistance implement a process to periodically reassess the needs of each disease outbreak under the Expedited Procedures Package for Infectious Disease Outbreaks, including factors for deciding whether those expedited procedures still meet an urgent foreign assistance need for each disease, and make appropriate recommendations to the Administrator.
Audit of the Reliability of the DoD Coronavirus Disease–2019 Patient Health Data
Rec. 1: The DoD OIG recommended that the Director of the Defense Health Agency work with the Program Executive Officer of the Program Executive Office, Defense Healthcare Management Systems to document and implement the process for identifying and collecting patient health data of DoD patients in the Military Health System in current and future registries within their purview in a written document, such as a standard operating procedure. The procedure should identify, at a minimum, the internal controls throughout the process, the relevant data sources, data fields, and diagnostic codes used in the computer scripts, and should be reviewed and approved when updates occur.
Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
Rec. 3: The DoD OIG recommended that the Chief of the Joint Trauma System conduct an analysis to determine whether the patient data entered into the Coronavirus Disease-2019 Registry met the 90 percent accuracy rate requirement for contract W81XWH-20-P-0197 and contract W81XWH-22-C-0151.
Rec. 3.a: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to update the contractor's rating in the contractor's performance assessment reports for contract W81XWH-22-C-0151 and contract W81XWH-20-P-0197, when feasible.
Rec. 3.b: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $3.9 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-20-P-0197, if feasible.
Rec. 3.c: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $2.3 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-22-C-0151.
Rec. 3.d: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to consider all available contract remedies for contract W81XWH-22-C-0151, including modifying and, if necessary, terminating and re-competing the contract, and take action to ensure that the Department receives full value for the funds it expends for contract W81XWH-22-C-0151.
Rec. 3.e: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to delegate an official to review the concerns identified in this report, including the actions of the contracting officials, and take administrative actions, as necessary. The review should include a determination on whether the contractor's performance assessment reports were accurate and make updates as necessary.
Rec. 4.a: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System establish and implement a process for selecting Coronavirus Disease-2019 events for entry into the Coronavirus Disease-2019 Registry to limit selection bias.
Rec. 4.b: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System to include a bias disclosure notice on all reports generated from the Coronavirus Disease-2019 Registry until the Coronavirus Disease-2019 Registry data represent the population of DoD patients who had a Coronavirus Disease-2019 event.
Rec. 5.a: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) establish and implement a policy for developing and populating patient registries that aligns with the Department of Health and Human Services best practices, "Agency for Healthcare Research and Quality, Registries for Evaluating Patient Outcomes: A User?s Guide," current edition.
Rec. 5.b: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) conduct a review of all patient registries in the Military Health System to verify the reliability of data in each registry and implement corrective actions, as necessary.
Audit of DoD Actions Taken to Protect DoD Information When Using Collaboration Tools During the Coronavirus Disease–2019 Pandemic
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
(U) Rec. B.1.a: The DoD OIG recommended that the Chief Information Officer for the Defense Finance and Accounting Service renegotiate changes with the Adobe Connect vendor to configure Adobe Connect to require privileged users to authenticate into the collaboration tool using multifactor authentication.
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Rec. B.3.c: The DoD OIG recommended that the Chief Information Officer for the Defense Threat Reduction Agency configure Zoom for Government to lock user accounts after three unsuccessful logon attempts in a 15-minute period.
Recommendation is CUI
Audit of DoD Actions Taken to Implement Cybersecurity Protections Over Remote Access Software in the Coronavirus Disease–2019 Telework Environment
Rec. A.1: The DoD OIG recommended that the Director of the U.S. Southern Command - Joint Interagency Task Force South Command, Control, Communications, Computers, Cyber and Intelligence direct its network administrators to scan the VMware Horizon main virtual desktop for malware in accordance with the McAfee Endpoint Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not scanning the main virtual desktop.
Rec. A.2.a: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive user accounts after no more than 35 days.
Rec. A.2.b: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.3: The DoD OIG recommended that the Chief Information Officer of the Naval Surface Warfare Center - Panama City Division direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.4.a: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
Rec. A.4.b: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.5.a: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers revise the organization's policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
Rec. A.5.b: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.6: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. B.1: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to revise the vulnerability management program to include mitigation timeframes for all vulnerabilities and develop plans of actions and milestones for all vulnerabilities that cannot be mitigated in a timely manner.
The Bureau of Indian Affairs Great Plains Region Did Not Oversee CARES Act Funds Appropriately
We recommend that the BIA Great Plains Region develop and implement a process to acquire the delinquent CARES Act Federal Financial Reports and Annual Narrative Reports identified in the Attachment of this management advisory.
We recommend that the BIA Great Plains Region develop a process to identify and address any other delinquent CARES Act Federal Financial Reports and Annual Narrative Reports.
We recommend that the BIA Great Plains Region develop and implement written policies and procedures that describe the roles and responsibilities of BIA officials and the review processes for Federal Financial Reports and Annual Narrative Reports to ensure submitted reports are complete, accurate, and address areas of concern.
We recommend that the BIA Great Plains Region in accordance with developed and implemented written policies and procedures, provide and track annual training for BIA officials responsible for reviewing Federal Financial Reports and Annual Narrative Reports.
The Omaha Tribe Did Not Account for CARES Act Funds Appropriately
We recommend that the BIA resolve the unreasonable hazard pay costs of $29,574 by requiring the Omaha Tribe to perform an analysis of the costs incurred to applicable criteria and document its determination of reasonableness.
We recommend that the BIA resolve the questioned hazard pay costs of $27,841 for Payment 1 by requiring the Omaha Tribe to provide detailed reconciliation of incurred costs to supporting documentation.
We recommend that the BIA resolve the questioned costs of $182,388 for Payment 2 by requiring the Omaha Tribe to provide detailed complete supporting documentation for the hazard pay and indirect costs.
We recommend that the BIA review the Omaha Tribe’s revised policy regarding the custody of checks and document that proper controls have been implemented.
We recommend that the BIA resolve the questioned costs of $42,067 by requiring the Omaha Tribe to provide a detailed list of the questioned transactions and voided checks to the BIA for its files to ensure these transactions are not claimed for reimbursement.
We recommend that the BIA resolve the questioned costs of $10,792 by requiring the Omaha Tribe to reallocate these costs to the appropriate funding source.
We recommend that the BIA require the Omaha Tribe to revise its policy to ensure a complete property record for CARES Act-funded assets in accordance with 2 C.F.R. § 200.313(d)(1).
The Bureaus of Indian Affairs and Indian Education Have the Opportunity To Implement Additional Controls To Prevent or Detect Multi-dipping of Pandemic Response Funds
We recommend that the Bureaus of Indian Affairs and Indian Education develop and implement policies, procedures, or guidance designed to prevent or detect <span class="tx-tooltip" tabindex="0">
multi-dipping
<span class="tx-tooltip-text">
When a recipient receives money from multiple federal sources and uses it for the same purpose, this could be an indication of multi-dipping.
</span>
</span>
.
We recommend that the Bureaus of Indian Affairs and Indian Education communicate the policies and procedures developed and train bureau personnel and Tribes on preventing and detecting <span class="tx-tooltip" tabindex="0">
multi-dipping
<span class="tx-tooltip-text">
When a recipient receives money from multiple federal sources and uses it for the same purpose, this could be an indication of multi-dipping.
</span>
</span>
.
We recommend that the Bureaus of Indian Affairs and Indian Education develop and implement policies, procedures, or guidance designed to prevent or detect <span class="tx-tooltip" tabindex="0">
multi-dipping
<span class="tx-tooltip-text">
When a recipient receives money from multiple federal sources and uses it for the same purpose, this could be an indication of multi-dipping.
</span>
</span>
.
We recommend that the Bureaus of Indian Affairs and Indian Education develop and implement policies, procedures, or guidance designed to prevent or detect <span class="tx-tooltip" tabindex="0">
multi-dipping
<span class="tx-tooltip-text">
When a recipient receives money from multiple federal sources and uses it for the same purpose, this could be an indication of multi-dipping.
</span>
</span>
.
We recommend that the Bureaus of Indian Affairs and Indian Education develop and implement policies, procedures, or guidance designed to prevent or detect <span class="tx-tooltip" tabindex="0">
multi-dipping
<span class="tx-tooltip-text">
When a recipient receives money from multiple federal sources and uses it for the same purpose, this could be an indication of multi-dipping.
</span>
</span>
.
We recommend that the Bureaus of Indian Affairs and Indian Education communicate the policies and procedures developed and train bureau personnel and Tribes on preventing and detecting <span class="tx-tooltip" tabindex="0">
multi-dipping
<span class="tx-tooltip-text">
When a recipient receives money from multiple federal sources and uses it for the same purpose, this could be an indication of multi-dipping.
</span>
</span>
.
We recommend that the Bureaus of Indian Affairs and Indian Education communicate the policies and procedures developed and train bureau personnel and Tribes on preventing and detecting <span class="tx-tooltip" tabindex="0">
multi-dipping
<span class="tx-tooltip-text">
When a recipient receives money from multiple federal sources and uses it for the same purpose, this could be an indication of multi-dipping.
</span>
</span>
.
We recommend that the Bureaus of Indian Affairs and Indian Education communicate the policies and procedures developed and train bureau personnel and Tribes on preventing and detecting <span class="tx-tooltip" tabindex="0">
multi-dipping
<span class="tx-tooltip-text">
When a recipient receives money from multiple federal sources and uses it for the same purpose, this could be an indication of multi-dipping.
</span>
</span>
.