This is the accessible text file for GAO report number GAO/OIG-11-4 
entitled 'Semiannual Report: October 1, 2010 - March 31, 2011' which 
was released on June 23, 2011. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. The published product may be 
reproduced and distributed in its entirety without further permission 
from GAO. However, because this work may contain copyrighted images or 
other material, permission from the copyright holder may be necessary 
if you wish to reproduce this material separately. 

Office of the Inspector General: 
United States Government Accountability Office: GAO/OIG: 

May 2011: 

Semiannual Report: 

October 1, 2010 - March 31, 2011: 

GAO/OIG-11-4: 

Office of the Inspector General: 
United States Government Accountability Office: 

Memorandum: 

Date: May 24, 2011: 

To: Comptroller General Gene L. Dodaro: 

From: [Signed by] Inspector General Frances Garcia: 

Subject: Semiannual Report-—October 1, 2010, through March 31, 2011: 

In accordance with Section 5 of the Government Accountability Office 
Act of 2008[Footnote 1] (GAO Act), I am pleased to present my 
semiannual report for the 6-month period ending March 31, 2011, for 
your comments and its transmission to the Congress. 

During the reporting period, the Office of the Inspector General (OIG) 
continued its efforts to finalize and implement the revised OIG order 
to reflect our statutory role and responsibilities while continuing to 
conduct audits and investigations. We are in the process of 
considering and responding to comments we received on the revised 
draft OIG order and making changes in the order, as appropriate. In 
addition, we completed an internal review of our quality assurance 
framework and are in the process of taking steps to further strengthen 
our processes and controls in response to this review. We recognize 
that other changes to our quality assurance framework may be needed as 
we finalize our OIG order and complete our transition to the role of a 
statutory OIG. As a result, we do not anticipate participating in a 
peer review until we have completed this transition and have conducted 
and fully addressed any recommendations resulting from at least two 
additional internal inspections. 

We also prepared an annual work plan for fiscal year 2011 based on our 
updated audit risk assessment of GAO operations, and we conducted a 
planning survey to further identify potential risks in GAO's 
procurement activities and areas for future work. While our 
engagements are generally focused on areas identified in our work 
plan, adjustments to our work plan are made, as needed, in an effort 
to ensure we are in tune with changing conditions or emerging issues 
and are able to respond appropriately. 

In addition, we completed our annual review of GAO's assessment of its 
management challenges. We agreed with the assessment that physical 
security, information security, and human capital continue to be 
management challenges that may affect GAO's performance. We also 
agreed with management's view that progress is being made in 
addressing these challenges. However, we believe that further review 
is warranted to determine if these areas can be removed as management 
challenges and if other risks emerge that should be designated as 
management challenges. 

Finally, we continued to participate in the activities of the broader 
inspector general community, including the Council of the Inspectors 
General on Integrity and Efficiency and the quarterly meetings of 
Legislative Branch Inspectors General. 

Audits and Inspections: 

During the reporting period, we issued two public reports—an 
assessment of the adequacy of GAO's controls to prevent and detect 
employee misuse and delinquency of government travel cards[Footnote 2] 
and an evaluation of GAO's information security program and practices 
for fiscal year 2010.[Footnote 3] A summary of these reports and GAO 
actions to address our recommendations are presented in attachment I. 

Investigations and Hotline Activities: 

Regarding our efforts to identify potential fraud, waste, and abuse, 
the OIG's hotline is our primary source of complaints.[Footnote 4] The 
OIG receives hotline complaints through a variety of sources, such as 
through its toll-free hotline number and e-mail. As shown in table 1, 
we had a total of 129 complaints, 7 of which were open at the start of 
this 6-month reporting period and 122 new complaints received during 
the period. 

Table 1: Summary of OIG Hotline and Investigative Activity, October 1, 
2010, through March 31, 2011: 

Complaints: 

Open at start of period: 7; 
Received: 122; 
Referred to FraudNet: 58; 
Closed, insufficient information/no basis: 46; 
Referred to other GAO units or agencies: 5; 
Closed investigations: 9; 
Open at end of period: 11. 

Source: GAO OIG. 

Note: "Complaints" include inquiries and allegations received by OIG. 

[End of table] 

The 7 open cases from the prior semiannual reporting period covered a 
wide range of matters, such as issues related to telework, travel 
voucher claims, and the day care facility located at GAO headquarters. 
Of these 7 cases, we closed 4-2 because of no basis for further action 
and 2 after conducting investigations. Three remained open at the end 
of the period. We referred the results of one investigation to GAO's 
Office of Workforce Relations to determine whether any administrative 
action is appropriate. 

In addition, our investigation into the daycare facility resulted in 
our suggesting that management consider expanding GAO's role in 
overseeing the facility. 

During the current reporting period, we received 122 new complaints 
through our hotline and other sources. Fifty-eight of the 122 
complaints concerned matters related to other federal agencies and 
were referred to GAO's FraudNet—a governmentwide hotline operated by 
GAO staff that receives complaints of fraud, waste, and abuse of 
federal funds. Of the remaining 64 complaints received during the 
reporting period, we: 

* closed 4 complaints after we conducted investigations and combined 3 
other complaints into ongoing investigations. The closed 
investigations included issues relating to unemployment insurance 
payments for employees of a GAO contractor, purchase card fraud, 
employee misconduct, and a whistleblower complaint regarding a GAO 
audit. One of these investigations resulted in an employee being 
counseled, and, following another investigation, an employee resigned 
from GAO before the agency could take administrative action. 

* closed an additional 44 complaints when we determined there was no 
basis for additional action, sometimes after completing preliminary 
investigative work. In one of these 44, we provided assistance to the 
District of Columbia OIG on an investigation. 

* referred 5 complaints-4 to other GAO units and 1 to another agency—
for action that involved such issues as e-mail scams, employee 
misconduct, and an information request. 

* continued efforts on the remaining 8 open complaints. 

Agency Actions on Recommendations Made in Prior OIG Reports: 

During this reporting period, GAO undertook or continued actions to 
respond to recommendations intended to provide oversight of and 
controls over GAO's contractor parking policies and practices. For 
example, GAO has developed procedures to ensure provisions in the GAO 
Vehicle Parking Program order are strictly adhered to regarding 
contractor parking. This includes developing procedures to ensure that 
contractor parking is provided according to contract provisions and 
that contract language regarding parking is standardized and includes 
appropriate caveats. 

GAO also took actions to respond to a recommendation that the Office 
of General Counsel consider the adoption of suspension and debarment 
procedures, including reporting any suspended or debarred GAO 
contractors to the Excluded Parties List System (EPLS). To address 
this recommendation, the General Counsel established a study team to 
consider the merits of a suspension and debarment procedure at GAO. 
This team recommended, and the Executive Committee concurred, in April 
2011, that GAO should develop suspension and debarment procedures, 
including EPLS reporting. GAO is now in the process of developing such 
procedures. 

I provided GAO with a draft of this report for review and comment. The 
agency provided technical comments that we incorporated, as 
appropriate. Finally, I want to thank GAO's Executive Committee, 
managers, and staff for their cooperation during our reviews. 

Attachment: 

cc: Patricia A. Dalton, Chief Operating Officer, GAO: 
David M. Fisher, Chief Administrative Officer/Chief Financial Officer, 
GAO: 
Lynn H. Gibson, General Counsel, GAO: 
GAO's Audit Advisory Committee: 

[End of section] 

Attachment I: 

Summary of GAO/OIG Reports and GAO Actions: 

Reports Issued October 1, 2010, through March 31, 2011[Footnote 5] 

GAO Travel Cards: Opportunities Exist to Further Strengthen Controls 
(GAO/OIG-11-1, Dec. 7, 2010): 

Findings: GAO's policy and procedures were generally effective in 
preventing and detecting travel charge card misuse. However, OIG 
identified areas where GAO's travel card program could be strengthened 
by adopting selected best practices identified in related Office of 
Management and Budget (OMB) guidance. As a legislative branch agency, 
GAO is not required to follow any OMB circulars, including OMB 
Circular No. A-123 or its appendixes. In testing the effectiveness of 
GAO's monitoring of travel card delinquency, OIG found that the agency 
could improve its procedures to reduce delinquency. While GAO has had 
a process to take action when employees were delinquent in paying 
their travel cards, OIG found that GAO was missing a key component—
procedures that set out the requirements and time frames for referring 
delinquent cardholders for potential disciplinary action. OIG also 
found that GAO has implemented some of the controls identified by OMB 
in its guidance but is not using other controls, such as statistical 
and narrative information on travel card use to enhance program 
oversight and management of its travel card program. Further, GAO had 
not developed a management plan to help provide a road map for 
ensuring the ongoing effectiveness of its risk management controls. In 
addition, OIG found that internal controls and best practices 
identified in OMB Circular No. A-123, Appendix B, were not used by GAO 
to manage or assess the effectiveness of GAO's travel card program 
controls. 

Recommendations and GAO actions: This report recommends that GAO (1) 
develop procedures to minimize the number of travel cards and review 
the appropriateness of travel card spending and related ATM cash 
advance limits; (2) develop policies and procedures, including time 
frames, for referring delinquent cardholders for disciplinary action 
and notifying the OIG of actions taken; (3) develop and report 
statistical and narrative travel card compliance information to 
oversight managers; (4) establish a goal to gauge agency progress in 
reducing delinquency; (5) consider establishing a policy to use OMB 
Circular No. A-123, Appendix B, in GAO's annual assessment of the 
effectiveness of the travel card program's internal controls; and (6) 
consider identifying and adopting, as appropriate, additional controls 
and best practices identified in OMB Circular No. A-123, Appendix B, 
to help reduce travel card program risk and improve management's 
assessment of travel card program controls. GAO concurred with these 
recommendations and has taken actions to reduce the number of travel 
card accounts and develop standard operating procedures to refer 
delinquent cardholders to GAO's Office of Workforce Relations. GAO is 
continuing to address the remaining recommendations in this report. 

Information Security: Evaluation of GAO's Program and Practices for 
Fiscal Year 2010 (GAO/OIG-11-3, Mar. 4, 2011)[Footnote 6]: 

Findings: The OIG's evaluation showed that, in voluntary compliance 
with the Federal Information Security Management Act of 2002 (FISMA), 
GAO has established an information security program that is generally 
consistent with requirements of this act, Office of Management and 
Budget (OMB) implementing guidance, and standards and guidance issued 
by the National Institute of Standards and Technology. However, based 
on evaluation metrics provided by OMB for inspectors general, the OIG 
identified improvement opportunities for specific elements of GAO's 
program that concerned (1) identifying the agency's systems inventory 
and assuring that all systems operated by GAO or by contractors meet 
security requirements, (2) implementing additional computer-scanning 
capabilities to test security configuration settings, (3) remediating 
configuration-related vulnerabilities in a timely manner, (4) ensuring 
that contractors have access to required role-based security awareness 
training, and (5) planning for further implementation of the personal 
identity verification requirements of Homeland Security Presidential 
Directive 12 (HSPD-12). 

Recommendations and GAO actions: This report recommends that GAO (1) 
incorporate procedures within its annual systems inventory process 
that require inventory changes to be documented and formally approved 
by the Chief Information Officer and that system interfaces be 
identified, (2) identify and pursue additional options for obtaining 
assurances that certain contractor systems meet federal information 
security requirements, (3) continue efforts to complete and document 
required information security processes and procedures for all GAO-
operated systems, (4) proceed with plans to establish a security 
configuration scanning capability for GAO notebook computers and 
workstations, (5) incorporate changes to the configuration management 
process that remediate specific open configuration-related 
vulnerabilities, (6) ensure that access to annual role-based 
information security training or its equivalent is provided for all 
contractor staff required to take this training, and (7) develop and 
brief senior management on a plan for practical implementation of HSPD-
12 requirements. GAO concurred with these recommendations and has 
identified actions to address them with target completion dates 
through the end of fiscal year 2011. 

[End of section] 

Footnotes: 

[1] Pub. L. No. 110-323, 122 Stat. 3539 (Sept. 22, 2008). 

[2] GAO, Office of the Inspector General, GAO Travel Cards: 
Opportunities Exist to Further Strengthen Controls, [hyperlink, 
http://www.gao.gov/products/GAO/OIG-11-1] (Washington, D.C.: Dec. 7, 
2010). 

[3] GAO, Office of the Inspector General, Information Security: 
Evaluation of GAO's Program and Practices for Fiscal Year 2010, 
[hyperlink, http://www.gao.gov/products/GAO/OIG-11-3] (Washington, 
D.C.: Mar. 4, 2011). 

[4] Complaints include inquiries and allegations received by OIG. 

[5] In addition to the reports cited, we issued our semiannual report 
for the 6-month period ending September 2010: GAO, Office of the 
Inspector General, Semiannual Report—April 1, 2010, through September 
30, 2010, [hyperlink, http://www.gao.gov/products/GAO/OIG-11-2] 
(Washington, D.C.: Dec. 7, 2010). 

[6] Because the full report contains sensitive information, only our 
Highlights page is publicly available on [hyperlink, 
http://www.gao.gov]. However, congressional members can request the 
full report. 

[End of section] 

Reporting Fraud, Waste, and Abuse in GAO's Internal Operations: 

To report fraud, waste, and abuse in GAO's internal operations, do one 
of the following. (You may do so anonymously.) 

* Call toll-free (866) 680-7963 to speak with a hotline specialist, 
available 24 hours a day, 7 days a week. 

* Send an e-mail to OIGHotline@gao.gov. 

* Send a fax to the OIG Fraud, Waste, and Abuse Hotline at (202) 512-
8361. 

* Write to: 
GAO Office of Inspector General: 
441 G Street NW, Room 1808: 
Washington, DC 20548: 

Obtaining Copies of GAO/OIG Reports and Testimony: 

To obtain copies of OIG reports and testimony, go to GAO's Web site: 
[hyperlink, http://www.gao.gov/about/workforce/ig.html]. 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov, 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngcl@gao.gov, 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548: 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. The published product may be 
reproduced and distributed in its entirety without further permission 
from GAO. However, because this work may contain copyrighted images or 
other material, permission from the copyright holder may be necessary 
if you wish to reproduce this material separately.