Reports

Treasury Inspector General for Tax Administration

American Rescue Plan Act: Review of the Reconciliation of the Child Tax Credit

Audit | 6/14/2023

1 - Open

Review all of the 6,833 taxpayers with excess Child Tax Credit identified during our review and take appropriate actions to ensure that the taxpayers receive the correct amount of the Child Tax Credit.

2 - Closed

Identify additional taxpayers after May 5, 2022, who received excess Child Tax Credit as a result of tax examiner error and take appropriate actions to ensure that these taxpayers receive the correct amount of the Child Tax Credit.

3 - Closed

Review the 105 taxpayers who potentially did not receive all of their eligible Child Tax Credit identified during our review and take appropriate actions to ensure that they receive the correct amount of the Child Tax Credit.

4 - Closed

Evaluate the priority of programming to ensure that processes and procedures are developed to identify and correct tax examiner entries input during the error correction process that exceed statutory limits, including a process to systemically reprocess corrected returns through Error Resolution programming before being released for processing.

5 - Closed

On February 17, 2022, we notified IRS management of our concerns with undeliverable payments that post after the processing of the tax return. In these instances, the IRS processed the tax return as if the payment was received by the taxpayer. As a result, the taxpayer would receive less Child Tax Credit than they are eligible to receive. We recommended that the IRS develop a process to identify undeliverable payments after
processing of the TY 2021 tax return.

6 - Closed

Identify taxpayers with advance payments who have yet to file a TY 2021 tax return and send a reminder notice, similar to the Department of the Treasury, using the advance payments as part of the criteria.

7 - Closed

Work with the Commissioner, Small Business/Self-Employed Division, to create a process to recover potentially erroneous advance payments from taxpayers who have not filed a TY 2021 tax return.

Treasury Inspector General for Tax Administration

American Rescue Plan Act: Continued Review of Premium Tax Credit Provisions

Full Details: Oversight.gov Report Page

Audit | 6/14/2023

1 - Open

The Commissioner, Wage and Investment Division, and the Commissioner, Small Business/Self-Employed Division, should consider expanding the use of soft notices to address potentially erroneous PTC claims. These notices should provide individuals with information specific to the eligibility or reporting requirements related to the potential error the IRS identified and suggest the filing of an amended return, if an error has
occurred.

2 - Closed

The Commissioner, Wage and Investment Division, should notify the 317,418 taxpayers we identified, who potentially received less PTC than they were entitled or repaid more APTC than required, that they may qualify for additional PTC or overpaid APTC and encourage them to file an amended Tax Year 2021 return, if applicable.

2 - Open

3 - Closed

The Commissioner, Wage and Investment Division, should develop processes, such as the use of courtesy letters to notify individuals of their potential eligibility, to proactively assist taxpayers who, based on available tax return and Exchange data, potentially claimed less PTC than entitled or paid more APTC than required.

3 - Open

4 - Closed

On October 26, 2022, we notified the Director, Submission Processing, of our concerns regarding taxpayers who are potentially eligible for additional PTC based on their unemployment status during Tax Year 2021. We recommended that the Director, Submission Processing, notify these taxpayers that they may qualify for additional PTC or be able to reduce the amount of excess APTC they must repay and encourage them to file an amended Tax Year 2021 return, if they qualify.

5 - Closed

On October 25, 2022, we notified the Director, Submission Processing, of our concerns with the draft Tax Year 2022 Form 8962 instructions. We
recommended that the IRS revise the instructions to inform taxpayers that they have an option to set a domestic violence indicator on their tax return.

Department of Defense OIG

Audit of DoD Actions Taken to Protect DoD Information When Using Collaboration Tools During the Coronavirus Disease–2019 Pandemic

Full Details: Oversight.gov Report Page

Audit | 6/06/2023

D-2023-0079-D000CR-0001-0001.A1a - Closed

Recommendation is CUI

D-2023-0079-D000CR-0001-0001.A1b - Closed

Recommendation is CUI

D-2023-0079-D000CR-0001-0002.A2 - Closed

Recommendation is CUI

D-2023-0079-D000CR-0001-0003.A3 - Closed

Recommendation is CUI

D-2023-0079-D000CR-0001-0004.A4 - Closed

Recommendation is CUI

D-2023-0079-D000CR-0001-0005.A5 - Closed

Recommendation is CUI

D-2023-0079-D000CR-0002-0001.B1a - Closed

(U) Rec. B.1.a: The DoD OIG recommended that the Chief Information Officer for the Defense Finance and Accounting Service renegotiate changes with the Adobe Connect vendor to configure Adobe Connect to require privileged users to authenticate into the collaboration tool using multifactor authentication.

D-2023-0079-D000CR-0002-0001.B1b - Closed

Recommendation is CUI

D-2023-0079-D000CR-0002-0002.B2 - Closed

Recommendation is CUI

D-2023-0079-D000CR-0002-0003.B3a - Closed

Recommendation is CUI

D-2023-0079-D000CR-0002-0003.B3b - Closed

Recommendation is CUI

D-2023-0079-D000CR-0002-0003.B3c - Closed

Rec. B.3.c: The DoD OIG recommended that the Chief Information Officer for the Defense Threat Reduction Agency configure Zoom for Government to lock user accounts after three unsuccessful logon attempts in a 15-minute period.

D-2023-0079-D000CR-0003-0001.C1 - Closed

Recommendation is CUI

Treasury Inspector General for Tax Administration

Recurring Identification Is Needed to Ensure That Employers Full Pay the Deferred Social Security Tax

Full Details: Oversight.gov Report Page

Audit | 5/22/2023

Treasury Inspector General for Tax Administration

Additional Actions Are Needed to Reduce Accounts Management Function Inventories to Below Pre‑Pandemic Levels

Full Details: Oversight.gov Report Page

Audit | 5/10/2023

1 - Closed

Ensure that all sites understand and begin immediately stamping the ICT received date after correspondence screening is completed, and that individual and business documents are screened with equal importance.

10 - Open

Coordinate with the Information Technology organization to explore adding Taxpayer Relations inventories into the CII, so that all Accounts Management inventory is located in the same inventory management system.

11 - Closed

The Commissioner, Wage and Investment Division, should establish time frames for and a process to measure correspondence screening timeliness at each site.

12 - Closed

The Commissioner, Wage and Investment Division, should rescind the requirement that only the TEs and the CSRs perform correspondence
screening and encourage all sites to use mail clerks, after providing them with adequate training.

13 - Closed

The Commissioner, Wage and Investment Division, should ensure prompt completion of the ICT review to determine if additional scanners will be
purchased.

2 - Closed

Discontinue correspondence screening via telework and ensure at all sites that screening must be conducted in the same IRS facility where documents are being scanned by the ICT.

3 - Closed

Identify and address the cause of Accounts Management function employees incorrectly routing cases to other IRS functions and work with other IRS functions to update their Internal Revenue Manuals to make it clear that incorrectly routed documents should be returned to the
originating employee.

4 - Closed

We recommended that management take steps to hire as many mail clerks as possible.

5 - Closed

The Commissioner, Wage and Investment Division, should establish goals for each of the Accounts Management function’s inventory types and develop a plan for addressing those goals to ensure a timely return to pre-pandemic inventory levels.

6 - Open

The Commissioner, Wage and Investment, should prioritize funding and implementation of automated processing of Forms 1040-X to increase efficiencies and reduce taxpayer burden.

7 - Closed

The Commissioner, Wage and Investment Division, should implement temporary solutions for the processing of Forms 1040-X to reduce the backlogs, reduce taxpayer burden, and save IRS resources until an automated solution is implemented.

8 - Open

Coordinate with the Information Technology organization to prevent generating transcripts for manual refunds less than $100 and adjust the frequency that some transcripts are generated to help management get through the inventory more efficiently.

9 - Closed

Temporarily relieve employees in the Accounts Management function from having to complete paperwork for barred statutes, so they can focus on eliminating the backlogged inventory and prevent future barred statutes.

Department of Defense OIG

Audit of DoD Actions Taken to Implement Cybersecurity Protections Over Remote Access Software in the Coronavirus Disease–2019 Telework Environment

Full Details: Oversight.gov Report Page

Audit | 3/24/2023

D-2023-0057-D000CR-0001-0001.A1 - Closed

Rec. A.1: The DoD OIG recommended that the Director of the U.S. Southern Command - Joint Interagency Task Force South Command, Control, Communications, Computers, Cyber and Intelligence direct its network administrators to scan the VMware Horizon main virtual desktop for malware in accordance with the McAfee Endpoint Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not scanning the main virtual desktop.

D-2023-0057-D000CR-0001-0002.A2a - Open

Rec. A.2.a: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive user accounts after no more than 35 days.

D-2023-0057-D000CR-0001-0002.A2b - Open

Rec. A.2.b: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.

D-2023-0057-D000CR-0001-0003.A3 - Closed

Rec. A.3: The DoD OIG recommended that the Chief Information Officer of the Naval Surface Warfare Center - Panama City Division direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.

D-2023-0057-D000CR-0001-0004.A4a - Closed

Rec. A.4.a: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.

D-2023-0057-D000CR-0001-0004.A4b - Closed

Rec. A.4.b: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.

D-2023-0057-D000CR-0001-0005.A5a - Closed

Rec. A.5.a: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers revise the organization's policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.

D-2023-0057-D000CR-0001-0005.A5b - Closed

Rec. A.5.b: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.

D-2023-0057-D000CR-0001-0006.A6 - Closed

Rec. A.6: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.

D-2023-0057-D000CR-0002-0001.B1 - Closed

Rec. B.1: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to revise the vulnerability management program to include mitigation timeframes for all vulnerabilities and develop plans of actions and milestones for all vulnerabilities that cannot be mitigated in a timely manner.

Department of Education OIG

University of Cincinnati’s Use of Higher Education Emergency Relief Fund Student Aid and Institutional Grants

Our objective was to determine whether the University of Cincinnati (University) used the Student Aid (Assistance Listing Number (ALN) 84.425E) and Institutional (ALN 84.425F) portions of its Higher Education Emergency Relief Fund (HEERF) funds for allowable and intended purposes. The University spent $109.9 million (83 percent) of its total HEERF allocation of $132.8 million as of September 30, 2021. The University generally used the Student Aid ($42.1 million) and Institutional ($67.8 million) portions of its HEERF grant funds for allowable and intended purposes but needs to strengthen its...

Full Details: Oversight.gov Report Page

Audit | 1/17/2023

1.1 - Closed

Require the University of Cincinnati to develop and implement a review process to prevent or detect payment errors when awarding emergency financial aid grants to students, including written policies and procedures detailing how the reviews shall be conducted and the results documented, in accordance with 2 C.F.R. section 200.303.

1.2 - Open

Require the University of Cincinnati to develop and implement written policies, procedures, and management review to ensure that its award determinations, eligibility criteria, and management decisions related to eligibility for its emergency financial aid grants to students are adequately documented and supported at the time award decisions are made, in accordance with 2 C.F.R. section 200.302(b)(3).

1.3 - Open

Require the University of Cincinnati to carefully document how its student aid eligibility criteria prioritized and continues to prioritize students with exceptional need throughout the HEERF grant performance period.

2.1 - Open

Require the University of Cincinnati to develop and implement written policies and procedures, including procedures that would identify and prevent improper revenue recognition and duplicate charges, to ensure that future calculations for charging lost revenue to its HEERF Institutional grant are reviewed for accuracy and consistency with its financial reporting policies and procedures.

2.2 - Open

Determine whether the University of Cincinnati implemented appropriate corrective actions to resolve the $797,965 in unsupported lost revenue costs it charged to its HEERF Institutional grant; and, if the corrective actions are inappropriate, require the University to either return the funds to the Department or reallocate the funds for allowable expenditures.

2.3 - Open

Determine whether the $1,916,041 that the University of Cincinnati charged to its HEERF Institutional grant for noncompetitive procurements was reasonable when compared to the costs of suitable alternatives; and, if the charges were inappropriate, require the University to either return the funds to the Department or reallocate the funds for allowable expenditures.

2.4 - Open

Require the University of Cincinnati to develop and implement written policies and procedures to ensure that procurements charged to its HEERF Institutional grant are in accordance with applicable Federal requirements; and it consistently follows its procurement policies and procedures, including maintaining sufficient documentation to support its rationale for noncompetitive procurements and the basis for and reasonableness of the contract price.

3.1 - Open

Require the University of Cincinnati to incorporate in its policies and procedures and implement the cash management requirements for minimizing the time between drawing down and disbursing Federal grant funds, and remitting interest earned in excess of $500 in accordance with 2 C.F.R. section 200.305(b).

3.2 - Open

Require the University of Cincinnati to remit $35,439 based on the TIP’s average rate of return, less no more than $320 ($500 minus the $180 already retained) for administrative expenses if applicable; and remit the actual amount of earned interest on any future advances of Federal funds, in accordance with 2 C.F.R. section 200.305(b)(9).

4.1 - Open

Require the University of Cincinnati to develop and implement written policies and procedures that incorporate the HEERF program’s reporting requirements and ensure that the expenditures in its quarterly HEERF Institutional expenditure reports are accurate and reported in the appropriate expenditure category.

Small Business Administration OIG

SBA's Guaranty Purchases for Paycheck Protection Program Loans

The Office of Inspector General (OIG) is issuing this management advisory to express concerns regarding the U.S. Small Business Administration’s (SBA) decision to end collections on purchased Paycheck Protection Program (PPP) loans with an outstanding balance of $100,000 or less. In anticipation of a significant number of delinquent PPP loans that lenders will submit for guaranty purchase, we began reviewing SBA’s process for approving PPP guaranty purchases. During our review, we identified concerns with SBA’s decision to end collections on these loans and found that expedited management...

Full Details: Oversight.gov Report Page

Review | 9/30/2022

Small Business Administration OIG

Follow-up Inspection of SBA’s Internal Controls to Prevent COVID-19 EIDLs to Ineligible Applicants

This report presents the results of our follow-up inspection to assess the effectiveness of the U.S. Small Business Administration’s (SBA) enhanced internal controls to prevent Coronavirus Disease 2019 (COVID-19) Economic Injury Disaster Loans (EIDL) to ineligible applicants. The Coronavirus Aid, Relief, and Economic Security (CARES) Act prohibited the agency from requiring tax return transcripts to prove eligibility. Congress eliminated this restriction 9 months later with the Consolidated Appropriations Act, 2021. We found SBA did not implement the tax transcript requirement in a timely...

Full Details: Oversight.gov Report Page

Inspection / Evaluation | 9/29/2022

Small Business Administration OIG

COVID-19 and Disaster Assistance Information Systems Security Controls

This report presents the results of our audit to determine whether the U.S. Small Business Administration (SBA) maintained effective management control activities and monitoring of the design and implementation of third-party operated SBA systems. SBA needed information technology systems from third-party service providers that could improve the system efficiency and productivity to process high transaction volumes, transmit data between other information systems, and safeguard the integrity and confidentiality of the personally identifiable information processed by the programs. We found the...

Full Details: Oversight.gov Report Page

Audit | 9/27/2022

1 - Open

Ensure the existing SBA System Development Methodology is updated to include supply chain risk-management practices as required by OMB Circular A-130 and high-value asset system designation guidance. Also, ensure high-value asset system risks are incorporated into the enterprise risk management framework, as recommended by OMB M-19-03 and SBA SOP 90 47 6.

10 - Open

Implement an automated process to document and monitor system changes as recommended by NIST SP 800-53 Rev. 5.

2 - Open

Communicate and enforce the SBA System Development Methodology in which a traceability matrix is used to ensure that system requirements can be tested and demonstrated in the operational system. Ensure all requirements are aligned with the contractual acceptance criteria.

3 - Open

Implement in updated agency guidance, the requirements of OMB Circular No. A-123 that stipulate a SOC 1 Type 2 report is needed for all new and existing financial systems. This guidance should also require confirmation at least annually that the controls are functioning as designed.

4 - Closed

Enforce the requirement to establish and implement internal controls to ensure appropriate program officials perform and document contract reviews to ensure that information security is appropriately addressed in the contracting language, as required by OMB Circular A-130 and SBA SOP 90 47 6.

5 - Open

In conjunction with the Enterprise Risk Management Board, implement enterprise-wide privacy risk mitigation practices that can be assimilated into new and existing system program designs.

6 - Open

Complete an initial assessment and authorization for each information system and all agency-designated common controls before operation.

7 - Open

Transition information systems and common controls to an ongoing authorization process (when eligible for such a process) with the formal approval of the respective authorizing officials or reauthorize information systems and common controls as needed, on a time or event-driven basis in accordance with agency risk tolerance, as required by OMB Circular No. A-130 and SOP 90 47 6.

8 - Open

Review and update POA&Ms at least quarterly as required by SOP 90 47 6.

9 - Closed

Ensure data-sharing agreements are reviewed annually as required by SBA SOP 90 47 6.

Date Range

Report Type

Report Category

Submitting Agency

State/Local Agency

State (State and Local Reports)

Fraud Type

Agency Reviewed

Related Organizations

Management Challenges

Any Recommendations

Any Open Recommendations

Reports

American Rescue Plan Act: Review of the Reconciliation of the Child Tax Credit

American Rescue Plan Act: Continued Review of Premium Tax Credit Provisions

Audit of DoD Actions Taken to Protect DoD Information When Using Collaboration Tools During the Coronavirus Disease–2019 Pandemic

Recurring Identification Is Needed to Ensure That Employers Full Pay the Deferred Social Security Tax

Additional Actions Are Needed to Reduce Accounts Management Function Inventories to Below Pre‑Pandemic Levels

Audit of DoD Actions Taken to Implement Cybersecurity Protections Over Remote Access Software in the Coronavirus Disease–2019 Telework Environment

University of Cincinnati’s Use of Higher Education Emergency Relief Fund Student Aid and Institutional Grants

SBA's Guaranty Purchases for Paycheck Protection Program Loans

Follow-up Inspection of SBA’s Internal Controls to Prevent COVID-19 EIDLs to Ineligible Applicants

COVID-19 and Disaster Assistance Information Systems Security Controls

Glossary

Glossary name will go here