Report Type
Report Category
Submitting Agency
- (-) Amtrak (National Railroad Passenger Corporation) OIG (1)
- (-) Department of Defense OIG (44)
- (-) Department of Energy OIG (2)
- (-) Department of Labor (2)
- (-) Election Assistance Commission OIG (27)
- (-) Federal Deposit Insurance Corporation OIG (2)
- Architect of the Capitol OIG (5)
- Defense Intelligence Agency OIG (3)
- Department of Agriculture (1)
- Department of Agriculture OIG (25)
- Department of Commerce (1)
- Department of Commerce OIG (5)
- Department of Defense (1)
- Department of Education (1)
- Department of Education OIG (44)
- Department of Energy (1)
- Department of Health & Human Services (1)
- Department of Health & Human Services OIG (109)
- Department of Homeland Security (1)
- Department of Homeland Security OIG (34)
- Department of Housing and Urban Development (1)
- Department of Housing and Urban Development OIG (35)
- Department of Justice (2008)
- Department of Justice OIG (267)
- Department of Labor OIG (68)
- Department of State (1)
- Department of State OIG (2)
- Department of the Interior (1)
- Department of the Interior OIG (36)
- Department of the Treasury (1)
- Department of the Treasury OIG (110)
- Department of Transportation (1)
- Department of Transportation OIG (10)
- Department of Veterans Affairs (1)
- Department of Veterans Affairs OIG (44)
- Election Assistance Commission (1)
- Environmental Protection Agency (1)
- Environmental Protection Agency OIG (16)
- Farm Credit Administration OIG (1)
- Federal Communications Commission (1)
- Federal Housing Finance Agency OIG (4)
- Federal Reserve Board & CFPB OIG (11)
- General Services Administration (1)
- General Services Administration OIG (12)
- Government Accountability Office (1)
- Government Publishing Office OIG (1)
- Illinois Auditor General (2)
- Legal Services Corporation (1)
- Maryland State Legislative Audits (1)
- National Aeronautics and Space Administration (1)
- National Aeronautics and Space Administration OIG (1)
- National Archives and Records Administration (1)
- National Endowment for the Arts (1)
- National Endowment for the Humanities (1)
- National Reconnaissance Office OIG (3)
- National Science Foundation (1)
- National Science Foundation OIG (14)
- National Security Agency OIG (1)
- New York, Ulster County Office of the Comptroller (4)
- New York State Comptroller (2)
- North Carolina State Auditor (1)
- Nuclear Regulatory Commission (1)
- Office of Management and Budget (4)
- Office of Personnel Management (1)
- Office of Personnel Management OIG (2)
- Office of the Special Inspector General for the Troubled Asset Relief Fund (1)
- Oregon, Multnomah County Auditor's Office (5)
- Oregon Secretary of State, Audits Division (1)
- Pandemic Response Accountability Committee (40)
- Peace Corps (1)
- Peace Corps OIG (4)
- Pension Benefit Guaranty Corporation OIG (6)
- Railroad Retirement Board OIG (7)
- Securities and Exchange Commission OIG (2)
- Small Business Administration (1)
- Small Business Administration OIG (50)
- Social Security Administration (1)
- Social Security Administration OIG (7)
- Special Inspector General for Pandemic Recovery (53)
- Special Inspector General for the Troubled Asset Relief Program (2)
- Tennessee Valley Authority OIG (4)
- Treasury Inspector General for Tax Administration (51)
- U.S. Agency for International Development (1)
- U.S. Agency for International Development OIG (30)
- U.S. Postal Service OIG (16)
- Virginia Auditor of Public Accounts (1)
- Wisconsin Legislative Audit Bureau (13)
State/Local Agency
State (State and Local Reports)
Fraud Type
Agency Reviewed
Related Organizations
Management Challenges
Any Recommendations
Any Open Recommendations
Reports
Audit of the Reliability of the DoD Coronavirus Disease–2019 Patient Health Data
Rec. 1: The DoD OIG recommended that the Director of the Defense Health Agency work with the Program Executive Officer of the Program Executive Office, Defense Healthcare Management Systems to document and implement the process for identifying and collecting patient health data of DoD patients in the Military Health System in current and future registries within their purview in a written document, such as a standard operating procedure. The procedure should identify, at a minimum, the internal controls throughout the process, the relevant data sources, data fields, and diagnostic codes used in the computer scripts, and should be reviewed and approved when updates occur.
Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
Rec. 3: The DoD OIG recommended that the Chief of the Joint Trauma System conduct an analysis to determine whether the patient data entered into the Coronavirus Disease-2019 Registry met the 90 percent accuracy rate requirement for contract W81XWH-20-P-0197 and contract W81XWH-22-C-0151.
Rec. 3.a: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to update the contractor's rating in the contractor's performance assessment reports for contract W81XWH-22-C-0151 and contract W81XWH-20-P-0197, when feasible.
Rec. 3.b: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $3.9 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-20-P-0197, if feasible.
Rec. 3.c: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $2.3 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-22-C-0151.
Rec. 3.d: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to consider all available contract remedies for contract W81XWH-22-C-0151, including modifying and, if necessary, terminating and re-competing the contract, and take action to ensure that the Department receives full value for the funds it expends for contract W81XWH-22-C-0151.
Rec. 3.e: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to delegate an official to review the concerns identified in this report, including the actions of the contracting officials, and take administrative actions, as necessary. The review should include a determination on whether the contractor's performance assessment reports were accurate and make updates as necessary.
Rec. 4.a: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System establish and implement a process for selecting Coronavirus Disease-2019 events for entry into the Coronavirus Disease-2019 Registry to limit selection bias.
Rec. 4.b: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System to include a bias disclosure notice on all reports generated from the Coronavirus Disease-2019 Registry until the Coronavirus Disease-2019 Registry data represent the population of DoD patients who had a Coronavirus Disease-2019 event.
Rec. 5.a: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) establish and implement a policy for developing and populating patient registries that aligns with the Department of Health and Human Services best practices, "Agency for Healthcare Research and Quality, Registries for Evaluating Patient Outcomes: A User?s Guide," current edition.
Rec. 5.b: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) conduct a review of all patient registries in the Military Health System to verify the reliability of data in each registry and implement corrective actions, as necessary.
Audit of DoD Actions Taken to Protect DoD Information When Using Collaboration Tools During the Coronavirus Disease–2019 Pandemic
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
(U) Rec. B.1.a: The DoD OIG recommended that the Chief Information Officer for the Defense Finance and Accounting Service renegotiate changes with the Adobe Connect vendor to configure Adobe Connect to require privileged users to authenticate into the collaboration tool using multifactor authentication.
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Recommendation is CUI
Rec. B.3.c: The DoD OIG recommended that the Chief Information Officer for the Defense Threat Reduction Agency configure Zoom for Government to lock user accounts after three unsuccessful logon attempts in a 15-minute period.
Recommendation is CUI
FDIC Examinations of Government-Guaranteed Loans
Develop and implement guidance to examination staff on the credit, operational (including fraud), liquidity, and compliance risks related to Government-guaranteed loans to ensure staff adequately plans and conducts examinations to identify and address emerging risks.
Develop and implement a training plan to ensure examination staff are trained on the requirements and risks of Government-guaranteed loan programs.
Update, develop, and distribute to FDIC examination personnel a list of FDIC examiners who have significant experience examining banks that specialize in Government-guaranteed loan programs to regional offices.
Develop and implement a process to obtain improved data regarding Government-guaranteed lending activities of FDIC-supervised financial
institutions.
Update the [redacted] MOU to include the sharing of loan portfolio information such as historical loan performance, status of guaranty, and loan-level risk characteristics.
Establish arrangements with other Federal agencies that administer Government-guaranteed loan programs to facilitate information sharing and
proactive identification of risk.
Develop and implement processes and procedures for the routine sharing, receipt, and storage of confidential information with Federal agencies that administer Government-guaranteed loan programs.
Develop and implement guidance to provide instruction to FDIC bank examination staff requiring communication and information sharing with Federal agencies that administer Government-guaranteed loan programs to ensure FDIC staff and the Federal agencies are aware of any emerging risks.
Determine whether other Federal agencies that administer Government-guaranteed loan programs have a list of FDIC-supervised banks with high risk factors associated with such programs and develop protocols to share information with relevant FDIC personnel, including examiners.
Develop and implement guidance to ensure relevant risk information exchanged with Federal Government agencies that administer Government-guaranteed loan programs is shared internally within the FDIC on an ongoing basis with the appropriate FDIC employees.
Develop and implement updated FDIC examination guidance to establish an appropriate timeframe for uploading complete supervisory business records to RADD.
Develop and implement guidance to examination staff to ensure the staff consistently evaluate Government-guaranteed loans in their review of loan classification, assessment of off-balance sheet risk, concentration risk, and ongoing monitoring.
Update and implement the Examination Profile Script to include additional questions on financial institution participation in Government-guaranteed loan programs in order to identify and address emerging risk.
Develop and implement additional items to the Safety and Soundness Request List to identify Government-guaranteed loans, the performance of those loans, and status of the guaranty.
Issue and implement guidance to require that examination staff conduct a fraud risk assessment on future Government-guaranteed loan programs involving FDIC-insured and FDIC-supervised financial institutions to inform policy decisions.
Ensure guidance on future Government-guaranteed loan programs includes all risks associated with such programs and has instructions to allow for consistency in supervisory activities.
Issue and implement guidance for examiners clarifying the FDIC supervisory expectations for reviewing bank PPP activities, including the level of PPP loan volume triggering a heightened review, how examiners should assess the PPP activities of banks that have existing BSA/AML weaknesses, and protocols for examination staff to communicate observed weaknesses.
Revise and implement FDIC guidance and practices for assessing concentrations and loan classification to ensure uniform application with the other Federal bank regulators of supervisory approaches to banks
Coordinate with the other Federal bank regulators to ensure uniform application of supervisory approaches to banks regarding concentrations and loan classification.
Audit of DoD Actions Taken to Implement Cybersecurity Protections Over Remote Access Software in the Coronavirus Disease–2019 Telework Environment
Rec. A.1: The DoD OIG recommended that the Director of the U.S. Southern Command - Joint Interagency Task Force South Command, Control, Communications, Computers, Cyber and Intelligence direct its network administrators to scan the VMware Horizon main virtual desktop for malware in accordance with the McAfee Endpoint Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not scanning the main virtual desktop.
Rec. A.2.a: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive user accounts after no more than 35 days.
Rec. A.2.b: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.3: The DoD OIG recommended that the Chief Information Officer of the Naval Surface Warfare Center - Panama City Division direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.4.a: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
Rec. A.4.b: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.5.a: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers revise the organization's policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
Rec. A.5.b: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.6: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. B.1: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to revise the vulnerability management program to include mitigation timeframes for all vulnerabilities and develop plans of actions and milestones for all vulnerabilities that cannot be mitigated in a timely manner.
Audit of the Help America Vote Act Grants Awarded to the Commonwealth of the Northern Mariana Islands
Determine the allowability of $246,556 in questioned costs ($242,982 unsupported; $3,574 ineligible) under Election Security Award MP20101001 and recover any amount that is unallowable.
Determine the allowability of $440,905 in questioned costs ($327,085 unsupported; $113,820 ineligible) under CARES Act Award MP20101CARES and recover any amount that is unallowable.
Require the Commonwealth Election Commission to calculate the interest lost on Election Security Award MP20101001 and CARES Act Award MP20101CARES and repay the unrecorded earnings using nonfederal funds.
Determine the best course of action to identify and recover additional funds from Election Security Award MP20101001 and CARES Act Award MP20101CARES that remain unspent or improperly spent.
Withhold additional grant funds for which CNMI is eligible until the Commonwealth Election Commission (1) establishes an interest‐bearing Election Fund; (2) complies with reporting requirements for Election Security Award MP20101001 and CARES Act Award MP20101CARES; and
(3) implements suitable policies for internal control.
Audit of the Help America Vote Act Grants Awarded to the State of California
We recommend that the EAC require the Office perform a reconciliation of the grant activity for the Election Security, Section 251 reissued, Section 101 reissued, and CARES Act funds and ensure that all expenditures are fully disclosed, and file amended FFRs, as applicable. If the Office determines that it is unable to perform the reconciliation of the grant activity, obtain financial services to support the completion of the reconciliation.
We recommend that the EAC require the Office implement procedures and training to properly fill out the required Federal Financial Reports, which reflect the uses of award funds and the interest and program income generated from those funds for all HAVA grants.
We recommend that the EAC require the Office transfer into the election fund $51,012 and any related fringe benefits and indirect costs for the unsupported payroll costs cited above.
We recommend that the EAC require the Office implement procedures or provide additional training to ensure that payroll costs are adequately supported with appropriate signature approvals, pay rates, and timesheets when being allocated to the HAVA grants.
We recommend that the EAC require the Office perform detailed testing on the $180,350 of additional wages selected for substantive testing to determine what amount, if any, remains unsupported.
We recommend that the EAC work with the Office to resolve the one remaining unsupported County reimbursement.
We recommend that the EAC require the Office to transfer into the election fund any amount which remains unsupported.
We recommend that the EAC require the Office to develop and implement policies and procedures and provide training to ensure adequate documentation is maintained to support the allowability of expenditures charged to the HAVA grant.
Audit of the Help America Vote Act Grants Awarded to the Commonwealth of Pennsylvania
We recommend that the EAC require the Office transfer into the election fund $80,026 for the unsupported payroll costs cited above.
We recommend that the EAC require the Office implement procedures and training which ensure that payroll costs are supported with records that accurately reflect the work performed and are incorporated into the official records before being allocated to the HAVA grants.
We recommend that the EAC require the Office to transfer into the election fund $15,198 for the questioned costs cited above.
We recommend that the EAC require the Office to develop and implement policies and procedures and provide training to ensure that subaward reimbursements charged to HAVA are for costs that are allowable, allocable and reasonable to HAVA.
We recommend that the EAC require the Office to implement procedures or training to ensure that all subrecipients are properly monitored in
accordance with federal statutes and the terms and conditions of the subaward.
We recommend that the EAC require the Office to ensure all property purchased by subrecipients with federal funds is placed on a compliant
property record.
Audit of the Help America Vote Act Grants Awarded to the State of Delaware
We recommend that the EAC require the Office to transfer to the election fund $629,248 for the unsupported costs cited above.
We recommend that the EAC require the Office to implement policies and procedures or training to ensure adequate documentation is maintained to support the allowability of expenditures charged to the HAVA grant, including maintaining copies of invoices paid, contracts from which purchases were made and purchase orders for purchases exceeding $10,000.
We recommend the EAC require the Office to provide the inventory listing maintained by the IT Department and each County.
We recommend the EAC require the Office to implement policies and procedures or training to ensure that assets are managed in accordance Uniform Guidance and the State of Delaware’s policy.
We recommend the EAC require the Office to ensure that documented policies and procedures related to internal controls and asset management are established and implemented in accordance with the State of Delaware’s policy. Implementation should include policies to review and update the procedures on a regular basis.
We recommend that the EAC require the Office to provide transaction detail of interest income earned for the Election Security and CARES Act grants.
We recommend that the EAC require the Office to complete and file FFRs for the Section 251 funds or if the Office is unable to complete the Section 251 FFR, obtain financial services to support the completion of the filings.
We recommend that the EAC require the Office to implement procedures and training to properly fill out the required FFRs, which reflect the uses of award funds and the interest income generated from those funds for all HAVA grants.
Audit of the DoD Certification Process for Coronavirus Aid, Relief, and Economic Security Act Section 4003 Loans Provided to Businesses Designated as Critical to Maintaining National Security
Rec. 1.a: The DoD OIG recommended that the Deputy Assistant Secretary of Defense (Industrial Policy) perform an after-action review to document decisions, actions, best practices, and lessons learned when operating in a pandemic environment or other national emergency, in which the DoD is tasked to provide critical information and analysis to support decisions in a short timeframe.
Rec. 1.b: The DoD OIG recommended that the Deputy Assistant Secretary of Defense (Industrial Policy) develop and implement a standard operating procedure to retain documentation to support business decisions, when certifying data points to another Federal agency.
Audit of the Help America Vote Act Grants Awarded to the State of Washington
We recommend that the EAC require the Office to transfer $158,635 into the election fund for the unallowable expenditures noted.
We recommend that the EAC require the Office to implement procedures and training to ensure that supplanting of state and local funds with federal funds does not occur.
We recommend that the EAC work with the Office to determine the proper amounts of program income to be reported on the Election Security grant FFR’s through September 30, 2020 and revise this FFR and any subsequent FFR’s as necessary.
We recommend that the EAC work with the Office to implement procedures and training in the FFR reporting process to ensure that all program income earned is fully disclosed in the financial reports.
We recommend that the EAC require the Office implement policies to ensure federal awards reported on the federal disclosure form to the OFM are accurate and are properly identified by CFDA title and number (now known as Assistance Listings) in compliance with Uniform Guidance.