Archive

Archive for the ‘U.S. Postal Service’ Category

USPS OIG — Management of Cloud Computing Contracts and Environment

September 10, 2014 Comments off

Management of Cloud Computing Contracts and Environment (PDF)
Source: U.S. Postal Service, Office of Inspector General

Background
The Council of Inspectors General on Integrity and Efficiency asked inspectors general in the federal community to participate in an audit of cloud computing contracts. Cloud computing provides on-demand network access to shared resources that can be rapidly released and allows customers to take advantage of cutting edge technologies at a reduced cost. Hosted services are offered by providers that host physical servers in a different location. The audit was designed to provide insight on how well the federal government is protecting data and its progress in moving towards cloud computing.

As a participant in this audit, our objectives were to determine if the U.S. Postal Service’s cloud service contracts comply with applicable standards and evaluate management’s efforts to adopt cloud computing technologies.

What the OIG Found
The Postal Service’s cloud computing contracts did not comply with all applicable Postal Service’s standards. Specifically, the Postal Service has not defined “cloud computing” and “hosted services,” established an enterprise-wide inventory of cloud computing services, required suppliers and their employees to sign non-disclosure agreements, or included all required information security clauses in its contracts.

In addition, management did not appropriately monitor applications to ensure system availability. Management also did not complete the required security analysis process for three cloud services reviewed and did not follow Postal Service policy requiring cloud service providers to meet federal government guidelines. This occurred because no group is responsible for managing cloud services, and personnel were not aware of all policy and contractual obligations.

Without proper knowledge of and control over applications in the cloud environment, the Postal Service cannot properly secure cloud computing technologies and is at increased risk of unauthorized access and disclosure of sensitive data. We claimed $33,517,151 in contractual costs for the Postal Service not following their policy and contract requirements.

What the OIG Recommended
We recommended management define “cloud computing” and “hosted services,” develop an inventory of cloud services, monitor suppliers and require them to be certified, and revise contracts to include security clauses. We also recommended management evaluate best practices for cloud computing contracts, complete the security analysis process, and ensure compliance with non-disclosure clauses.

About these ads

USPS OIG — eCommerce Customer Registration

August 28, 2014 Comments off

eCommerce Customer Registration (PDF)
Source: U.S. Department of Health and Human Services, Office of Inspector General

Background
The U.S. Postal Service’s Customer Registration application allows customers to create accounts through USPS.com to purchase products and services through over 40 eCommerce applications such as Every Door Direct Mail, Premium Forwarding Service, Click-N-Ship, and the Postal Store. Customers must provide personally identifiable information to create an account. There were over 24 million Customer Registration users as of June 2014 and revenue totaled about $1.2 billion in fiscal year (FY) 2013.

Our objective was to determine the effectiveness of controls used to safeguard the eCommerce Customer Registration process and reduce online credit card fraud.

What the OIG Found
Controls used to safeguard the eCommerce Customer Registration process and reduce online credit card fraud need improvement. Management has not established a threshold for fraud-related chargebacks (transactions rejected by credit card companies) for the four eCommerce applications in our review. As a result, management cannot objectively measure when to increase oversight and controls to reduce fraud.

Of the four applications, Click-N-Ship’s credit card fraud-related loss of $4.6 million was above the industry’s recommended threshold for acceptable levels of credit card fraud in FY 2013. In addition, management did not always ensure all credit card company chargebacks were validated.

Further, seven of the eight Customer Registration controls we tested worked as management intended. However, we identified one vulnerability that could permit a cyber criminal to impersonate a valid user and obtain postage using stolen credit card data. Finally, we did not identify any critical or high-risk vulnerabilities when conducting over 3,000 additional tests of the USPS.com login page.

What the OIG Recommended
We recommended management establish a threshold for credit card fraud and develop a policy defining chargeback roles and responsibilities. We also recommended management maintain chargeback research results from all eCommerce managers and configure eCommerce applications to prevent the noted security vulnerability.

USPS OIG — Geo-Fence Technology in Delivery Operations

August 20, 2014 Comments off

Geo-Fence Technology in Delivery Operations (PDF)
Source: U.S. Postal Service, Office of Inspector General

Background
The U.S. Postal Service is developing and pilot testing the Delivery Management System to improve carrier efficiency during street delivery. This system combines Global Positioning System data and other data from various systems to allow supervisors to see “at a glance” the location of each carrier and whether they are ahead of or behind their scheduled delivery time. These scheduled delivery times are based on each routes’ base evaluation and the associated Managed Service Point scan times on each route.

This system will also include geo-fence technology to assist supervisors in monitoring delivery operations. Geo-fence technology is a system based on the concept of virtual geographic zones. Should a carrier deviate from his or her designated geographic zone during street delivery, an alert is sent to the supervisor in an email or text message. The geo-fence component of the pilot program was expected to begin in July 2014. There are seven planned test sites consisting of one delivery unit in each of the seven Postal Service areas of operation.

Our objective was to assess the Postal Service’s efforts to implement geo-fence technology in delivery operations.

What the OIG Found
The Postal Service’s planned use of geo-fence technology in the delivery environment is a proactive way to increase carrier visibility to aid street management.

However, we identified an inaccuracy in the Delivery Management System. Specifically, projected scan times are not adjusted for authorized route deviations when carriers are assigned deliveries on portions of additional routes. This occurs because the Postal Service has not updated the Delivery Management System for these authorized route deviations. Management planned to address this scan variance issue in April 2014; but, as of June 2014, had not finalized the adjustments.

Inaccurate scan variance data may cause supervisors to react to carrier delays that are actually justified based on their daily delivery assignment.

What the OIG Recommended
We recommended the vice president, Product Information, modify the Delivery Management System software to capture adjustments for time and location projections when carriers are assigned deliveries on more than one route prior to nationwide implementation of the Delivery Management System.

USPS OIG — Competition Advocate – Audit Report

August 19, 2014 Comments off

Competition Advocate – Audit Report (PDF)
Source: U.S. Postal Service, Office of Inspector General

Background
The U.S. Postal Service established the competition advocate (advocate) on January 28, 2011. The advocate promotes competition by helping contracting officials develop effective ways to obtain best value in contracting and issuing an annual report on noncompetitive purchase activity. The advocate must review noncompetitive requests for contractual actions (steps to create or modify a contract) greater than $1 million. The advocate does not approve or deny noncompetitive purchases but offers feedback to contracting officers (CO) on how to increase competition, including how to transition work to internal resources and research potential suppliers. COs are supposed to consider this feedback when evaluating whether the Postal Service should compete a contract. The advocate does not decide appeals by contractors.

What the OIG Found
We could not determine the advocate’s impact in promoting contract competition because the Postal Service does not have metrics to measure advocate performance. For example, for 35 of the 74 contractual actions, the advocate provided feedback on ways to increase competition, but there are no metrics to determine the impact of this feedback. Without such metrics, the Postal Service cannot accurately gauge the advocate’s success in promoting competition. In addition, the advocate did not review requests for 12 of the 74 contractual actions, totaling about $40 million. This occurred because there is no process to ensure that the advocate reviews all applicable requests. These actions were awarded without an opportunity for the advocate to suggest ways to promote competition.

Further, COs did not document their consideration of the advocate’s comments on requests for two contractual actions, totaling about $2.8 million. This occurred because Postal Service policy does not explicitly state how the CO should document responses to the advocate’s comments.

What the OIG Recommended
We recommended management develop metrics to gauge the impact of the advocate, reiterate the requirement to obtain the advocate’s review of applicable requests, and establish a process to verify that the advocate reviewed all applicable noncompetitive actions. We also recommended management clarify how COs should address the advocate’s feedback.

USPS OIG — Package Services: Get Ready, Set, Grow!

July 22, 2014 Comments off

Package Services: Get Ready, Set, Grow! (PDF)
Source: U.S. Postal Service, Office of Inspector General

The package delivery market has been growing considerably. Between 2008 and 2013, the U.S. Postal Service experienced a more than 20 percent increase in package volume. The main reason is the growing popularity of e-commerce, particularly online shopping. American businesses and consumers spent more than $68 billion to ship packages domestically in 2013. E-commerce sales in the U.S. alone this year will top $430 billion; global e-commerce will exceed $1.5 trillion.

There is no doubt that packages are growing in importance to the Postal Service’s future. To meet emerging customer demands, the Postal Service needs to position itself for long-term success and broaden its role across the package delivery value chain. The Postal Service has already taken some steps towards enhancing its ability to handle an increase in packages. However, it needs a strategy that includes expanding beyond the traditional postal expertise of last-mile delivery to offer one-stop.

If It Prints, It Ships: 3D Printing and the Postal Service

July 8, 2014 Comments off

If It Prints, It Ships: 3D Printing and the Postal Service (PDF)
Source: U.S. Postal Service, Office of Inspector General

Highlights

  • 3D printing is in the initial stages of transforming major parts of our economy, such as aerospace and healthcare. It also promises to revolutionize the way consumers get customized goods by making them cheaper and more accessible.
  • Prominent industry forecasts show the 3D printing market exploding over the next several years.
  • 3D printing could lead to an increase in packages delivered by the Postal Service worth $485 million in new annual revenue, based on analysis of commercial package volume data.
  • Emerging 3D printing businesses could use the ubiquitous first- and last-mile postal network to connect with their customers.
  • The Postal Service could partner with 3D printing businesses, perhaps using excess space in postal facilities, to help streamline the fast delivery of 3D printed goods.

USPS OIG — Monitoring of Government Travel Card Transactions: Management Advisory Report

July 1, 2014 Comments off

Monitoring of Government Travel Card Transactions: Management Advisory Report (PDF)
Source: U.S. Postal Service, Office of Inspector General

Background
Citibank issues VISA branded SmartPay 2® cards to U.S. Postal Service employees for use on official travel. The Postal Service has travel card coordinators who monitor employee card use to identify transactions that could indicate misuse such as nontravel related purchases or unauthorized cash advances. There were 44,104 government travel cards issued to Postal Service personnel as of January 15, 2014. From April 1, 2012, through March 31, 2013, employees made 247,419 purchases totaling about $44.9 million and 8,793 cash advances totaling about $1.6 million.

Our objective was to determine whether Postal Service travel card coordinators were effectively monitoring government travel card transactions. Specifically, we evaluated the internal controls managed by the travel card coordinators, but did not determine the appropriateness of individual travel card transactions.

What The OIG Found
Postal Service travel card coordinators need to more effectively monitor cash advances. We judgmentally selected 1,832 cash advances for review based on noncompliance with Postal Service travel policy. We found travel coordinators did not identify for further review 1,260 transactions, totaling $215,466, that potentially did not comply with travel policy.

In addition, travel card coordinators for the U.S. Postal Inspection Service and Postal Service Headquarters need to better monitor purchases. We judgmentally selected 486 purchase transactions based on potential noncompliance with travel policy and the amount of the transaction. We found 282 purchases totaling $55,516 that were not identified by coordinators for follow up with employees’ managers. We also determined the Postal Service did not process cardholder personnel changes in a timely manner to allow coordinators to monitor travel card transactions.

Although individual employee cardholders are responsible for repayment of all cash advances and payment for all items purchased with their travel cards, effective monitoring of travel card transactions reduces the risk of credit card delinquencies or negative publicity when employees misuse their travel cards.

Follow

Get every new post delivered to your Inbox.

Join 922 other followers