Reports

FEMA’s Management of Mission Assignments to Other Federal Agencies Needs Improvement

Although the Federal Emergency Management Agency (FEMA) processed and obligated funds timely to other Federal agencies (OFA), it did not provide sufficient oversight to ensure OFAs used pandemic funding as required. Specifically, FEMA did not develop detailed cost estimates when initially establishing MAs, validate unliquidated and open obligations throughout the MA lifecycle, and verify cost eligibility against Public Assistance guidance before closing the MA.

Full Details: Oversight.gov Report Page

Audit | 9/30/2022

Fraud Risk Inventory for the Tenant- and Project-Based Rental Assistance, HOME, and Operating Fund Programs’ CARES and ARP Act Funds

In coordination with the Pandemic Response Accountability Committee, we conducted an audit to identify potential fraud schemes that could affect HUD’s pandemic funds. We reviewed the funds appropriated by the Coronavirus Aid, Relief, and Economic Security (CARES) Act and the American Rescue Plan (ARP) Act for the Tenant-Based Rental Assistance (TBRA), Project-Based Rental Assistance (PBRA), HOME Investment Partnerships, and Public Housing Operating Fund programs to identify the fraud risks and potential fraud schemes that they face while delivering services to the public.Our objective was to...

Full Details: Oversight.gov Report Page

The Three Affiliated Tribes Did Not Account for CARES Act Funds Appropriately

We determined that the Three Affiliated Tribes did not follow applicable requirements in an agreement with the BIA.

Full Details: Oversight.gov Report Page

Audit | 9/28/2022

More than $2.6 Million in Potentially Fraudulent LWA Payments Were Linked to DHS Employees’ Identities

The Federal Emergency Management Agency (FEMA) did not implement controls to prevent state workforce agencies (SWA) from paying more than $2.6 million in Lost Wages Assistance (LWA) for potentially fraudulent claims made by Department of Homeland Security employees, or claimants who fraudulently used the identities of DHS employees to obtain LWA benefits.

Full Details: Oversight.gov Report Page

Audit | 9/28/2022

1 - Closed

: We recommend the FEMA Administrator develop and implement a standard risk assessment process before initiating new Federal grant programs. This risk assessment should focus on identifying and evaluating program risks that may affect FEMA’s ability to prevent waste, fraud, and abuse in its programs and mitigating those external risks to the extent practical.

2 - Closed

We recommend the FEMA Administrator conduct an after-action study of the Lost Wages Assistance program and update FEMA Individual Assistance programs based on the lessons learned from the study.

3 - Closed

We recommend the FEMA Administrator, when mandated to rely on eligibility determinations of non-FEMA programs, develop a process to assess the program controls and identify risk, where practical.

4 - Open

We recommend the Chief Human Capital Officer for DHS’ Management Directorate develop, implement, and communicate departmental policies and procedures for the Unemployment Compensation for Federal Employees program to each component to ensure compliance with Federal requirements.

5 - Closed

We recommend the FEMA Administrator develop and implement a process to monitor whether grantees implement and use the controls attested to in FEMA-approved state administrative plans.

5 - Closed

We recommend the FEMA Administrator develop and implement a process to monitor whether grantees implement and use the controls attested to in FEMA-approved state administrative plans.

6 - Closed

We recommend the FEMA Administrator develop and implement a process to review state administrative plans for consistency and ensure they include fraud prevention and mitigation strategies.

7 - Closed

We recommend the FEMA Administrator de-obligate and recover any monies determined to have been obtained fraudulently or other improper payments through the Lost Wages Assistance program from the state workforce agencies.

COVID-19 and Disaster Assistance Information Systems Security Controls

This report presents the results of our audit to determine whether the U.S. Small Business Administration (SBA) maintained effective management control activities and monitoring of the design and implementation of third-party operated SBA systems. SBA needed information technology systems from third-party service providers that could improve the system efficiency and productivity to process high transaction volumes, transmit data between other information systems, and safeguard the integrity and confidentiality of the personally identifiable information processed by the programs.We found the...

Full Details: Oversight.gov Report Page

Audit | 9/27/2022

1 - Open

Ensure the existing SBA System Development Methodology is updated to include supply chain risk-management practices as required by OMB Circular A-130 and high-value asset system designation guidance. Also, ensure high-value asset system risks are incorporated into the enterprise risk management framework, as recommended by OMB M-19-03 and SBA SOP 90 47 6.

10 - Open

Implement an automated process to document and monitor system changes as recommended by NIST SP 800-53 Rev. 5.

2 - Open

Communicate and enforce the SBA System Development Methodology in which a traceability matrix is used to ensure that system requirements can be tested and demonstrated in the operational system. Ensure all requirements are aligned with the contractual acceptance criteria.

3 - Open

Implement in updated agency guidance, the requirements of OMB Circular No. A-123 that stipulate a SOC 1 Type 2 report is needed for all new and existing financial systems. This guidance should also require confirmation at least annually that the controls are functioning as designed.

4 - Closed

Enforce the requirement to establish and implement internal controls to ensure appropriate program officials perform and document contract reviews to ensure that information security is appropriately addressed in the contracting language, as required by OMB Circular A-130 and SBA SOP 90 47 6.

5 - Open

In conjunction with the Enterprise Risk Management Board, implement enterprise-wide privacy risk mitigation practices that can be assimilated into new and existing system program designs.

6 - Open

Complete an initial assessment and authorization for each information system and all agency-designated common controls before operation.

7 - Open

Transition information systems and common controls to an ongoing authorization process (when eligible for such a process) with the formal approval of the respective authorizing officials or reauthorize information systems and common controls as needed, on a time or event-driven basis in accordance with agency risk tolerance, as required by OMB Circular No. A-130 and SOP 90 47 6.

8 - Open

Review and update POA&Ms at least quarterly as required by SOP 90 47 6.

9 - Closed

Ensure data-sharing agreements are reviewed annually as required by SBA SOP 90 47 6.

FEMA Did Not Implement Controls to Prevent More than $3.7 Billion in Improper Payments from the Lost Wages Assistance Program

The Federal Emergency Management Agency (FEMA) did not implement controls that may have prevented the 21 state workforce agencies (SWA) in our review from distributing more than $3.7 billion in improper payments through its Lost Wages Assistance (LWA) program.

Full Details: Oversight.gov Report Page

Audit | 9/22/2022

1 - Open

We recommend the FEMA Administrator develop and implement a standard risk assessment process before initiating new Federal grant programs. This risk assessment should focus on identifying and evaluating program risks that may affect FEMA’s ability to prevent waste, fraud, and abuse in its programs and mitigating those external risks to the extent practical.

2 - Closed

We recommend the FEMA Administrator, when mandated to rely on eligibility determinations of non-FEMA programs, develop a process to assess the program controls and identify risk to the extent practical.

3 - Open

We recommend the FEMA Administrator update the State Administrative Plan template to incorporate a requirement for grantees to include a description of the steps to prevent improper payments.

4 - Open

We recommend the FEMA Administrator develop and implement a process to monitor whether grantees implement and use the controls attested in FEMA-approved State Administrative Plans.

5 - Open

We recommend the FEMA Administrator work with state workforce agencies to evaluate the Lost Wages Assistance program payments and verify that all recipients who received payment have a self-certification on file, as required; to determine whether the claimant meets eligibility requirements if no self-certification is on file; and, if not, to recover the payment.

6 - Open

We recommend the FEMA Administrator conduct an after-action study of the Lost Wages Assistance program and update FEMA’s Individuals and Households Program based on the lessons learned from the study.

7 - Closed

We recommend the FEMA Administrator de-obligate and recover any monies determined to have been obtained fraudulently or other improper payments through Lost Wages Assistance from the state workforce agencies.

Michigan’s Administration of the Governor’s Emergency Education Relief Fund

The objectives of the audit were to determine whether the State of Michigan (Michigan) designed and implemented awarding processes that ensured that the Governor’s Emergency Education Relief Fund (GEER grant) was used to support local educational agencies (LEAs) and institutions of higher education (IHEs) that were most significantly impacted by the coronavirus or LEAs, IHEs, or other education-related entities within the State that were deemed essential for carrying out emergency educational services; and monitoring processes to ensure that subgrantees used GEER grant funds in accordance with...

Full Details: Oversight.gov Report Page

Audit | 9/14/2022

COVID-19 Economic Injury Disaster Loan Applications Submitted from Foreign IP Addresses

We evaluated the U.S. Small Business Administration’s (SBA) controls to flag or prevent potentially fraudulent Coronavirus Disease 2019 (COVID-19) Economic Injury Disaster Loan (EIDL) applications submitted from foreign Internet Protocol (IP) addresses.Although the agency implemented several layers of controls to prevent or reduce fraud from foreign countries, individuals at foreign IP addresses were able to access the COVID-19 EIDL application system. SBA received millions of attempts to submit COVID-19 EIDL applications from foreign IP addresses and stopped most of them; however, the agency...

Full Details: Oversight.gov Report Page

Audit | 9/12/2022

Oklahoma’s Administration of the Governor’s Emergency Education Relief Fund Grant

The objectives of the audit were to determine whether the State of Oklahoma (Oklahoma) designed and implemented awarding processes that ensured that the Governor's Emergency Education Relief Fund (GEER grant) was used to support local educational agencies (LEA) and institutions of higher education (IHE) that were most significantly impacted by the coronavirus or LEAs, IHEs, or other education-related entities within the State that were deemed essential for carrying out emergency educational services; and monitoring processes to ensure that subgrantees used GEER grant funds in accordance with...

Full Details: Oversight.gov Report Page

Audit | 7/18/2022

1.1 - Open

Provide documentation, or a full and detailed written explanation, of the process Oklahoma used to determine the initiatives it supported with GEER grant funds and the entities it selected to administer the initiatives.

1.2 - Open

Develop and implement a process to ensure that it documents the criteria and decisions made for awarding future GEER grant funds in accordance with applicable requirements.

1.3 - Open

Develop and implement internal controls to ensure that it administers current and future GEER grants in accordance with applicable Federal laws and grant requirements, including ensuring that grant subrecipients are provided the proper award documentation; and that any entity that is awarded Federal funds retains records relating to those awards in accordance with Federal requirements.

1.4 - Open

Perform a 100 percent review, or review a statistical sample, of the Stay in School Fund microgrant recipients to confirm that all students were eligible to receive GEER grant funds.

1.5 - Open

Develop and implement written policies and procedures to describe the specific circumstances under which deviations from procurement rules are warranted, including procedures about required documentation of such decisions for procurements that do not use competitive bidding but use Federal education funds.

1.6 - Open

Take appropriate action if the documentation and other information provided by Oklahoma in response to the above recommendations does not support that the State followed applicable requirements.

2.1 - Open

Return $652,720 to the Department for the unallowable Bridge the Gap expenditures we identified or provide documentation to support that the expenditures were allowable or the items were purchased with personal funds.

2.2 - Open

Perform a 100-percent review, or review a statistical sample, of the $5,473,894 in Bridge the Gap expenditures that we did not review to determine whether the expenditures were allowable, and if applicable, return the funds for any unallowable expenditures to the Department.

2.3 - Open

Develop and implement additional internal controls for the Skills to Rebuild, Learn Anywhere Oklahoma, Bridge the Gap, and Stay in School Fund initiatives that include written monitoring procedures for those processes that are already in place, and for additional procedures that include a review of expenditures and supporting documentation, and a review of documentation that supports the information in initiatives’ weekly status reports.

2.4 - Open

Develop and implement internal controls to ensure that fiscal agents for Federal grant programs obtain an understanding of the rules and regulations surrounding the grant programs they are tasked with overseeing.

3.1 - Open

Develop and implement controls to ensure that Oklahoma’s State agencies that receive Federal funds have written cash management policies and procedures, including policies for the draw down and disbursement of grant funds in accordance with Federal requirements.

3.2 - Open

Return to the Department any unexpended GEER grant funds applicable to our audit scope that are being held by GEER grant subrecipients.

3.3 - Open

3.4 - Open

Require its fiscal agent or State program representative to work closely with the Department to ensure that other GEER grants are administered in compliance with cash management rules and with any actions the Department determines are needed, if warranted.

The RRB Did Not Have Detailed Project Plans to Expend Information Technology Modernization Funds

Full Details: Oversight.gov Report Page

Audit | 6/29/2022

Date Range

Report Category

Submitting Agency

Agency Reviewed

Related Organizations

Any Open Recommendations

Reports

FEMA’s Management of Mission Assignments to Other Federal Agencies Needs Improvement

Fraud Risk Inventory for the Tenant- and Project-Based Rental Assistance, HOME, and Operating Fund Programs’ CARES and ARP Act Funds

The Three Affiliated Tribes Did Not Account for CARES Act Funds Appropriately

More than $2.6 Million in Potentially Fraudulent LWA Payments Were Linked to DHS Employees’ Identities

COVID-19 and Disaster Assistance Information Systems Security Controls

FEMA Did Not Implement Controls to Prevent More than $3.7 Billion in Improper Payments from the Lost Wages Assistance Program

Michigan’s Administration of the Governor’s Emergency Education Relief Fund

COVID-19 Economic Injury Disaster Loan Applications Submitted from Foreign IP Addresses

Oklahoma’s Administration of the Governor’s Emergency Education Relief Fund Grant

The RRB Did Not Have Detailed Project Plans to Expend Information Technology Modernization Funds

Glossary

Glossary name will go here