Federal Reports

VA medical facilities use automated dispensing cabinets to help manage medication inventory and allow clinical staff to dispense medications to patients near the point of care. The OIG conducted this national review to evaluate whether controls at VHA medical facilities ensure accountability over high-risk medications when clinical staff remove them from these cabinets using generic information, such as codes or nonpatient information.

The OIG estimated that in fiscal year 2024, VA medical facilities could not fully account for 46 percent of medications removed with generic information from cabinet A (one of two types of cabinets reviewed, called A and B in the report). Facilities had the most issues tracing propofol to specific patients. Cabinet B transactions could not be projected due to data limitations, but these transactions may also be at risk of not being traceable to a patient. These issues occurred because medical facilities’ standard operating procedures and local policies did not address monitoring of medication removals from cabinets using generic information. Some staff reported using generic information out of convenience or to be more efficient.

The OIG reviewed 40 transactions in which staff removed controlled substances using generic information and found one instance in which a facility could not trace a controlled substance to a specific patient. VHA policy does not prohibit using cabinets to store controlled substances, but it does require facilities to maintain full accountability over them through an electronic record that tracks the medication’s removal from a cabinet to its final dispensation. Removing medications without using a patient’s name increases the risk of drug diversion, so this practice should be closely monitored.

VHA concurred with the OIG’s three recommendations to enhance local guidance on, compliance with, and monitoring of these transactions.
 

The Federal Information Security Modernization Act of 2014 requires Federal agencies to develop, implement, and manage agency-wide information security programs. Agencies are also required to provide acceptable levels of security for the information and systems that support their operations and assets.

The Federal Information Security Modernization Act of 2014 also mandates that the Office of Inspector General conduct an independent evaluation to determine whether the Department of Energy’s unclassified cybersecurity program adequately protected its data and information systems in accordance with Federal and Department requirements.

Our fiscal year 2024 Federal Information Security Modernization Act of 2014 evaluation determined that the Department, including the National Nuclear Security Administration, had taken actions to address some of the previously identified weaknesses related to its unclassified cybersecurity program. While actions were taken to close 19 of 63 (30 percent) recommendations from our prior year audits and evaluations, 44 prior year recommendations remained open. We also issued 79 new recommendations throughout the fiscal year related to various areas of cybersecurity programs.

The weaknesses identified occurred for a variety of reasons. For instance, findings at some Department sites had occurred due to vulnerability management processes that were not fully effective in identifying, addressing, and/or remediating vulnerabilities. We also found that several sites had not fully developed and/or maintained policies and procedures to help facilitate the design and implementation of security controls.

Without improvements to address the weaknesses identified in our report, the Department may be unable to adequately protect its information systems and data from compromise, loss, or modification.

When fully implemented, the 123 recommendations made during fiscal year 2024 should help to enhance the Department’s unclassified cybersecurity program. The Department should emphasize closing findings in a timely manner, especially those findings repeated from prior years. As cybersecurity remains an ongoing challenge, it is important that the Department take action to implement the latest Federal cybersecurity requirements and enhancements to assist in ensuring adequate protection of the Department’s data and information systems at risk to emerging threats and vulnerabilities.
 

We initiated this report to address allegations on failures of the Department of Energy to provide effective oversight of travel card use by a political appointee. This report also presents findings related to a limited number of other political appointees and Department senior executives (collectively, “Executives”).

Our review substantiated four of the five items noted in the allegation regarding misuse or abuse of the rules and regulations related to the political appointee. We did not substantiate the allegation related to use of split disbursements.

Additionally, our review found that weaknesses were not just limited to the individual identified in the allegation but extended to a small number of other Executives within the Department. We found that certain Executives misused their Government-issued travel cards by making personal purchases using the cards and maintaining delinquent travel card account balances. Upon notification of travel card issues by the Office of Travel Management, we found that Executive leadership did not always act on the derogatory information provided related to travel card misuse. Notably, the misuse and lack of leadership action was not limited to any one program but identified across many Department program elements.

This report provides areas of consideration for the Department, specifically focused on enhancing controls in this area, including ensuring that timely and appropriate actions are taken in response to reported travel card misuse and delinquencies.

We conducted a performance audit of the Michigan Arts and Culture Council (Council) for the period of October 1, 2020 through September 30, 2023.  Based on our review, we determined the Council met program requirements for each award and generally complied with award criteria.  However, we identified opportunities for improvement in the Council’s subawarding and award management procedures and controls, and issues with select subrecipient costs.  We provided 12 recommendations to address the report findings – five to the Council and seven to the Arts Endowment.  We believe these recommendations, if implemented, will help ensure the Council meets Federal and Arts Endowment requirements and better manages its awards.