Archive

Archive for the ‘Office of Inspector General’ Category

USPS OIG — eCommerce Customer Registration

August 28, 2014 Comments off

eCommerce Customer Registration (PDF)
Source: U.S. Department of Health and Human Services, Office of Inspector General

Background
The U.S. Postal Service’s Customer Registration application allows customers to create accounts through USPS.com to purchase products and services through over 40 eCommerce applications such as Every Door Direct Mail, Premium Forwarding Service, Click-N-Ship, and the Postal Store. Customers must provide personally identifiable information to create an account. There were over 24 million Customer Registration users as of June 2014 and revenue totaled about $1.2 billion in fiscal year (FY) 2013.

Our objective was to determine the effectiveness of controls used to safeguard the eCommerce Customer Registration process and reduce online credit card fraud.

What the OIG Found
Controls used to safeguard the eCommerce Customer Registration process and reduce online credit card fraud need improvement. Management has not established a threshold for fraud-related chargebacks (transactions rejected by credit card companies) for the four eCommerce applications in our review. As a result, management cannot objectively measure when to increase oversight and controls to reduce fraud.

Of the four applications, Click-N-Ship’s credit card fraud-related loss of $4.6 million was above the industry’s recommended threshold for acceptable levels of credit card fraud in FY 2013. In addition, management did not always ensure all credit card company chargebacks were validated.

Further, seven of the eight Customer Registration controls we tested worked as management intended. However, we identified one vulnerability that could permit a cyber criminal to impersonate a valid user and obtain postage using stolen credit card data. Finally, we did not identify any critical or high-risk vulnerabilities when conducting over 3,000 additional tests of the USPS.com login page.

What the OIG Recommended
We recommended management establish a threshold for credit card fraud and develop a policy defining chargeback roles and responsibilities. We also recommended management maintain chargeback research results from all eCommerce managers and configure eCommerce applications to prevent the noted security vulnerability.

About these ads

An Overview of 60 Contracts That Contributed to the Development and Operation of the Federal Marketplace

August 27, 2014 Comments off

An Overview of 60 Contracts That Contributed to the Development and Operation of the Federal Marketplace
Source: U.S. Department of Health and Human Services, Office of Inspector General

Summary

WHY WE DID THIS STUDY
The Patient Protection and Affordable Care Act required the establishment of a health insurance exchange (marketplace) in each State. For States that elect not to establish their own marketplaces, the Federal Government is required to operate a marketplace on behalf of the State. A marketplace is designed to serve as a one-stop shop where individuals can obtain information about their health insurance options, determine eligibility for insurance affordability programs, and select the plan of their choice. CMS operates the Federally Facilitated Marketplace (Federal Marketplace). CMS relied-and continues to rely extensively-on contractors to operate the Federal Marketplace. This report is the first in a series that will address the planning, acquisition, management, and performance oversight of Federal Marketplace contracts, as well as various aspects of Federal Marketplace operations. This report provides descriptive and financial data on 60 contracts related to the development of the Federal Marketplace at HealthCare.gov.

HOW WE DID THIS STUDY
CMS identified 60 contracts (“the contracts”) related to the development and operation of the Federal Marketplace. Not all of these contracts were awarded solely for the purpose of the Federal Marketplace. To determine the estimated value of the contracts and the amount obligated for the contracts as of February 2014, OIG analyzed contract, order, and modification documentation provided by CMS for the 60 contracts. We calculated the total obligation and expenditure amounts related to the Federal Marketplace portions of each contract by summarizing the financial accounting transactions that CMS identified as related to the Federal Marketplace for each contract. These financial accounting transactions (obligations and expenditures) include all transactions that CMS processed through its Healthcare Integrated General Ledger Accounting System (HIGLAS) as of February 28, 2014, that CMS had provided to us as of June 18, 2014.

SUMMARY
The 60 contracts related to the development and operation of the Federal Marketplace started between January 2009 and January 2014. The purpose of the 60 contracts ranged from health benefit data collection and consumer research to cloud computing and Web site development. The original estimated values of these contracts totaled $1.7 billion; the contract values ranged from $69,195 to over $200 million. Across the 60 contracts, nearly $800 million has been obligated for the development of the Federal Marketplace as of February 2014. As of that date, CMS had paid nearly $500 million for the development of the Federal Marketplace to the contractors awarded these contracts.

Audit Report — Management of the National Nuclear Security Administration’s Biosafety Laboratories

August 26, 2014 Comments off

Audit Report — Management of the National Nuclear Security Administration’s Biosafety Laboratories (PDF)
Source: U.S. Department of Energy, Office of Inspector General

Background
In response to the increase in infectious diseases and the threat of bioterrorism, the Department of Energy’s National Laboratories perform research with biological agents. To conduct this biological research, the Department and the National Nuclear Security Administration (NNSA) operate multiple laboratory facilities in accordance with various biosafety levels (BSL) established by the Centers for Disease Control and Prevention. The BSLs classify the containment level and risk associated with biological agents depending on the threat the agents pose to personnel and the environment. For example, BSL-1 is for low-risk agents; BSL-2 is for medium-risk agents; and BSL-3 is for those agents that cause serious and potentially lethal infections. Department and NNSA sites primarily perform BSL-1 and BSL-2 research; however, Lawrence Livermore National Laboratory (LLNL) operates a facility with three BSL-3 laboratories while Los Alamos National Laboratory (LANL) is considering opening a facility with two BSL-3 laboratories. Extensive biological research is performed at LLNL and LANL for other Government agencies through the Department’s Work for Others (WFO) program.

In our report on Coordination of Biological Select Agent Activities at Department of Energy Facilities (DOE/IG-0695, July 2005), we reported that the Department had not developed a plan for construction and operation of its BSL-3 laboratories. Thus, it lacked assurance that capabilities were not being duplicated unnecessarily. As a result of our prior work and Presidential actions to streamline Government and reduce costs, we initiated this audit to determine whether NNSA managed its biosafety laboratories effectively. We limited our review to biosafety laboratories located at LLNL and LANL.

Results of Audit
We found that NNSA was considering a $9.5 million expansion of its BSL-3 and BSL-2 laboratory capabilities at LANL that may not be the most effective use of resources. Specifically, NNSA identified the development of a BSL-3 facility at LANL as its preferred alternative for meeting biosafety laboratory needs even though it had not fully considered the need for and cost effectiveness of additional capacity. Nor, had it developed a sound basis for measuring the utilization of existing facilities – a critical factor in determining the need for additional capacity. Despite the lack of information on the need for additional capacity and current laboratory utilization rates, LANL was also considering building a new BSL-2 facility.

In particular, NNSA proposed development of a facility with two BSL-3 laboratories at LANL. Additionally, LANL is in the early planning stage for constructing a new BSL-2 facility. The estimated cost to open LANL’s new BSL-3 and to construct/open BSL-2 capabilities was about $1.5 million and $8 million, respectively. Given current budget realities, plans to develop additional capabilities without fully demonstrating a need may not be prudent.

Review of Alleged Patient Deaths, Patient Wait Times, and Scheduling Practices at the Phoenix VA Health Care System

August 26, 2014 Comments off

Review of Alleged Patient Deaths, Patient Wait Times, and Scheduling Practices at the Phoenix VA Health Care System (PDF)
Source: U.S. Department of Veterans Affairs, Office of Inspector General

This is the final report addressing allegations of gross mismanagement of VA resources, criminal misconduct by senior leadership, systemic patient safety issues, and possible wrongful deaths at the Phoenix VA Health Care System. The OIG found patients at the Phoenix VA Health Care System experienced access barriers that adversely affected the quality of primary and specialty care provided for them. Patients frequently encountered obstacles when patients or their providers attempted to establish care, when they needed outpatient appointments after hospitalizations or emergency department visits, and when seeking care while traveling or temporarily living in Phoenix.

In February 2014, a whistleblower alleged that 40 veterans died waiting for an appointment but the whistleblower did not provide us with a list of 40 patient names. However, we conducted a broader review of 3,409 veteran patients identified from multiple sources, including the electronic wait list, various paper wait lists, the OIG Hotline, the U.S. House Veterans Affairs Committee and other congressional sources, and media reports. We were unable to assert that the absence of timely quality care caused the deaths of these veterans.

This report includes case reviews of 45 patients who experienced unacceptable and troubling lapses in follow-up, coordination, quality, and continuity of care. The patients discussed reflect both patients who were negatively impacted by care delays (28 patients including 6 deaths), as well as patients whose care deviated from the expected standard independent of delays (17 patients including 14 deaths). In addition to 1,400 veterans waiting to receive a scheduled primary care appointment who were appropriately included on the Phoenix VA Health Care System Electronic Wait List, we identified over 3,500 additional veterans. Many of the 3,500 veterans were on what we determined to be unofficial wait lists and were at risk of never obtaining their requested or necessary appointments.

Since the Phoenix VA Health Care System story first appeared in the national media, the OIG received approximately 225 allegations regarding health care at Phoenix and approximately 445 allegations regarding manipulated wait times at other VA medical facilities. The VA OIG Office of Investigations opened investigations at 93 sites of care in response to allegations of wait time manipulations. We are coordinating our investigations with the Department of Justice and the Federal Bureau of Investigation.

DHS OIG — Implementation Status of the Enhanced Cybersecurity Services Program

August 20, 2014 Comments off

Implementation Status of the Enhanced Cybersecurity Services Program (PDF)
Source: U.S. Department of Homeland Security, Office of Inspector General

The National Protection Programs Directorate (NPPD) is primarily responsible for fulfilling the DHS national, nonͲlaw enforcement cybersecurity missions. Within NPPD, the Office of Cybersecurity and Communications is responsible for the implementation of the Enhanced Cybersecurity Services program. Our overall objective was to determine the effectiveness of the Enhanced Cybersecurity Services program to disseminate cyber threat and technical information with the critical infrastructure sectors through commercial service providers.

NPPD has made progress in expanding the Enhanced Cybersecurity Services program. For example, as of May 2014, 40 critical infrastructure entities participate in the program. Additionally, 22 companies have signed memorandums of agreement to join the program. Further, NPPD has established the procedures and guidance required to carry out key tasks and operational aspects of the program, including an inͲdepth security validation and accreditation process. NPPD has also addressed the privacy risk associated with the program by developing a Privacy Impact Assessment. Finally, NPPD has engaged sector-specific agencies and government furnished information providers to expand the program, and has developed program reporting and metric capabilities to monitor the program.

Although NPPD has made progress, the Enhanced Cybersecurity Services program has been slow to expand because of limited outreach and resources. In addition, cyber threat information sharing relies on NPPD’s manual reviews and analysis, which has led to inconsistent cyber threat indicator quality.

USPS OIG — Geo-Fence Technology in Delivery Operations

August 20, 2014 Comments off

Geo-Fence Technology in Delivery Operations (PDF)
Source: U.S. Postal Service, Office of Inspector General

Background
The U.S. Postal Service is developing and pilot testing the Delivery Management System to improve carrier efficiency during street delivery. This system combines Global Positioning System data and other data from various systems to allow supervisors to see “at a glance” the location of each carrier and whether they are ahead of or behind their scheduled delivery time. These scheduled delivery times are based on each routes’ base evaluation and the associated Managed Service Point scan times on each route.

This system will also include geo-fence technology to assist supervisors in monitoring delivery operations. Geo-fence technology is a system based on the concept of virtual geographic zones. Should a carrier deviate from his or her designated geographic zone during street delivery, an alert is sent to the supervisor in an email or text message. The geo-fence component of the pilot program was expected to begin in July 2014. There are seven planned test sites consisting of one delivery unit in each of the seven Postal Service areas of operation.

Our objective was to assess the Postal Service’s efforts to implement geo-fence technology in delivery operations.

What the OIG Found
The Postal Service’s planned use of geo-fence technology in the delivery environment is a proactive way to increase carrier visibility to aid street management.

However, we identified an inaccuracy in the Delivery Management System. Specifically, projected scan times are not adjusted for authorized route deviations when carriers are assigned deliveries on portions of additional routes. This occurs because the Postal Service has not updated the Delivery Management System for these authorized route deviations. Management planned to address this scan variance issue in April 2014; but, as of June 2014, had not finalized the adjustments.

Inaccurate scan variance data may cause supervisors to react to carrier delays that are actually justified based on their daily delivery assignment.

What the OIG Recommended
We recommended the vice president, Product Information, modify the Delivery Management System software to capture adjustments for time and location projections when carriers are assigned deliveries on more than one route prior to nationwide implementation of the Delivery Management System.

USPS OIG — Competition Advocate – Audit Report

August 19, 2014 Comments off

Competition Advocate – Audit Report (PDF)
Source: U.S. Postal Service, Office of Inspector General

Background
The U.S. Postal Service established the competition advocate (advocate) on January 28, 2011. The advocate promotes competition by helping contracting officials develop effective ways to obtain best value in contracting and issuing an annual report on noncompetitive purchase activity. The advocate must review noncompetitive requests for contractual actions (steps to create or modify a contract) greater than $1 million. The advocate does not approve or deny noncompetitive purchases but offers feedback to contracting officers (CO) on how to increase competition, including how to transition work to internal resources and research potential suppliers. COs are supposed to consider this feedback when evaluating whether the Postal Service should compete a contract. The advocate does not decide appeals by contractors.

What the OIG Found
We could not determine the advocate’s impact in promoting contract competition because the Postal Service does not have metrics to measure advocate performance. For example, for 35 of the 74 contractual actions, the advocate provided feedback on ways to increase competition, but there are no metrics to determine the impact of this feedback. Without such metrics, the Postal Service cannot accurately gauge the advocate’s success in promoting competition. In addition, the advocate did not review requests for 12 of the 74 contractual actions, totaling about $40 million. This occurred because there is no process to ensure that the advocate reviews all applicable requests. These actions were awarded without an opportunity for the advocate to suggest ways to promote competition.

Further, COs did not document their consideration of the advocate’s comments on requests for two contractual actions, totaling about $2.8 million. This occurred because Postal Service policy does not explicitly state how the CO should document responses to the advocate’s comments.

What the OIG Recommended
We recommended management develop metrics to gauge the impact of the advocate, reiterate the requirement to obtain the advocate’s review of applicable requests, and establish a process to verify that the advocate reviewed all applicable noncompetitive actions. We also recommended management clarify how COs should address the advocate’s feedback.

Follow

Get every new post delivered to your Inbox.

Join 899 other followers