The GSA Star Logo U.S. General Services Administration ADMINISTRATOR'S SEMIANNUAL MANAGEMENT REPORT TO CONGRESS REPORT NO. 70 OCTOBER 1, 2023 - MARCH 31, 2024 U.S. General Services Administration Robin Carnahan Administrator Office of the Chief Financial Officer Nimisha Agarwal Chief Financial Officer Office of Audit Management and Accountability Evan Farley Director May 2024 This report is in the public domain. Authorization to reproduce it in whole or in part is granted. While permission to reprint this publication is not necessary, the citation should be: U.S. General Services Administration, Office of the Chief Financial Officer, Audit Management and Accountability, Administrator's Semiannual Management Report to the Congress, No. 70, Washington, DC 20405. Copies of this report can be obtained using any of the following: Email: GAO-IGAuditMgmtDiv@gsa.gov Online: Semiannual Management Report to Congress Contents Message from the Administrator........................................................................................................ 3 Overview ............................................................................................................................................ 4 Management's Response to the OIG Semiannual Report to Congress .................................. 4 U.S. General Services Administration Organization ................................................................. 4 Audit Follow-up Program ................................................................................................................... 5 Organization of Audit Follow-up Program ................................................................................. 5 Agency Audit Follow-up Official ................................................................................................ 5 Chief Financial Officer (CFO) .................................................................................................... 5 Heads of Services and Staff Offices ........................................................................................5 Synopsis of Audit Activity .................................................................................................................. 6 Audits with Disallowed Costs .................................................................................................... 7 Audits with Better Use Funds (Potential Cost Savings) ........................................................... 8 Audits under Appeal/Litigation ................................................................................................... 9 Contract Audits ................................................................................................................................ 10 Internal Audits.................................................................................................................................. 11 Open OIG Recommendations Not Fully Resolved as of March 31, 2024 ..................................... 12 Audits with Management Decisions and Approved Due Dates ............................................. 12 Audit Responses Awaiting OIG Feedback ............................................................................. 21 Audit Responses in Development ........................................................................................... 23 Glossary of Terms ........................................................................................................................... 24 Appendix .......................................................................................................................................... 26 Message from the Administrator I am pleased to provide Congress with the U.S. General Services Administration's (GSA) Semiannual Management Report to Congress, which summarizes the agency's audit-related actions and accomplishments for the six months that ended 03/31/2024. GSA greatly values the contributions of GSA Office of Inspector General (OIG) auditors and takes their recommendations seriously. GSA continues strengthening its oversight and has a solid commitment to thoughtful and creative solutions that save taxpayer dollars and ensure Federal workforce safety. This commitment is reflected in its actions on auditor recommendations and many other initiatives. GSA looks forward to continued work with GSA's OIG and Congress to support Government responsiveness to American taxpayers. Signature of Robin Carnahan. Robin Carnahan Administrator U.S. General Services Administration Overview Management’s Response to the OIG Semiannual Report to Congress This report, GSA's 70th report to Congress since the implementation of the reporting requirement, presents management's perspective on audit resolution and follow-up activity for the semiannual reporting period, in addition to general statistical summaries. The data in the report indicates that GSA's audit monitoring and management activities continue to play a significant role in the efficient management of GSA operations, the accomplishment of the agency mission, and the effective use of taxpayer dollars. U.S. General Services Administration Organization GSA's Public Buildings Service and Federal Acquisition Service provide government-wide delivery of real estate, acquisition, and technology services. At the same time, GSA's Office of Government-wide Policy manages the development of certain government-wide policies and regulations and specific policies applicable to GSA only. GSA's 11 regions provide local support to Federal agencies nationwide, while GSA's several staff offices provide support to other GSA organizations and to other Federal agencies and the public. The Administrator of General Services directs the execution of all GSA functions. Members of the Administrator's office and Heads of Services and Staff Offices advise and make recommendations on policy or operational issues of national scope. Under the Administrator's leadership, they are also responsible for executing programs and services within their service, region, or staff office. Audit Follow-Up Program Organization of Audit Follow-up Program GSA has effective systems in place for tracking and managing audit recommendations, and enhancement and modification of these systems is ongoing. GSA's management is accountable for ensuring prompt, appropriate corrective action and works with supervisors and program managers who develop remedies from identified findings, and report progress in implementing solutions. Agency managers have the responsibility to act on the auditor's recommendations, with the audit resolution process overseen by the Agency Audit Follow-up Official. The descriptions of the duties of the GSA officials involved in the audit follow-up process are below. Agency Audit Follow-up Official The Deputy Administrator of General Services, as the Agency Audit Follow-up Official, has overall responsibility for the audit follow-up program. This includes responsibility for ensuring the adequacy of the Agency’s follow-up system, monitoring the resolution of audit recommendations, and ensuring timely implementation of corrective actions. The incumbent in this position also makes final decisions to resolve differences between Agency management and the GSA OIG. Chief Financial Officer (CFO) The CFO provides direction and oversight to the officials in the Office of the Chief Financial Officer (OCFO) who manage the GSA's Audit Resolution and Follow-up System. Their responsibilities are as follows: • Liaise with the GSA OIG and GAO for the coordination of OIG and GAO audits within GSA, and coordinate preparation of responses and reports for the signature of the Heads of Services and Staff Offices or the Administrator, as required, • Ensure timely and effective resolution and implementation of audit recommendations made by the GSA OIG and GAO, • Ensure agency efficacy in the resolution of findings that cross multiple offices or agencies, • Oversee the collection and proper accounting of monetary amounts determined due to the Government as the result of audit-related claims, • Upon request, review past or present audit recommendations concerning GSA programs, • Maintain automated control systems for internal and external audits that provide an accurate means for monitoring, analyzing, tracking, and documenting actions taken to implement audit recommendations, and; • Provide analysis to identify trends, minimize repeat findings, and enable preventive action. Heads of Services and Staff Offices Heads of Services and Staff Offices, to whom audit recommendations pertain, have primary responsibility for resolving and implementing recommendations promptly. Their responsibilities include: • Ensuring controls are implemented to provide timely, accurate, and complete responses to audit reports, • Developing, advocating, and documenting agency positions on audit recommendations, • Preparing responses for GAO draft reports and transmittals for final GAO reports in coordination with OCFO, and • Providing comments on audit decision papers prepared by the OIG to ensure that management's position on unresolved audit recommendations is properly stated. Synopsis of Audit Activity The Inspector General Act of 1978, as amended, requires the Administrator of General Services to report directly to Congress on management decisions and final actions taken on audit recommendations made by the GSA OIG. This report covers the period of October 1, 2023, through March 31, 2024. Included in the report are summaries of GSA audit activities concerning: • GSA implementation of GSA OIG audit report recommendations, • Final actions not taken on audits 1 year after the date of the management decision; and • Audit reports and audit actions involving financial recommendations, including disallowed costs, funds put to better use (better use funds), or both. On October 1, 2023, GSA had 56 contract and internal audit reports pending final action. These reports contained financial recommendations totaling $375,836,618.00 (sum of row A, pages 7 and 8). • Financial recommendations for 31 contract audits totaled $375,836,618.00. • Financial recommendations for 25 internal audits totaled $0.00. Between October 1, 2023, through March 31, 2024, GSA finalized management decisions on 20 audit reports concerning nationwide GSA programs and operations. • Concerning all 20 of audits, a total of $83,448.00 in pre- and post-award contracts and internal program spending identified as having been incorrectly charged to the Government was determined to be disallowed costs. • GSA OIG recommended in 14 of the pre-award audits that $105,229,969.00 could be used more effectively if management acted to fully implement and complete GSA OIG's recommendations (see Appendix). During this 6-month reporting period, GSA successfully took final action on 32 audits. GSA's audit actions represent the recovery of $610,139.00 (row C, page 7) in Government funds and the identification of $221,711,917.00 in potential future savings (row C, page 8). As of March 31, 2024, GSA had 36 open internal and contract audits, with five audits in litigation. Audits with Disallowed Costs Final Action for the 6 Months Ending March 31, 2024 Number of Audit Reports Disallowed Costs A. Audit reports where final action had not been taken by the commencement of the reporting period. 56 $63,629,040.00 B. Audit reports where GSA/OIG made management decisions during the reporting period. 20 $83,448.00 C. Audit reports where GSA took final action during the reporting period. 32 $610,139.00 (i) the dollar value of disallowed costs $126,883.00 - collections $104,591.00 - offset $0.00 - property in lieu of cash $22,292.00 - surplus $0.00 - other $0.00 (ii) the dollar value of disallowed costs written off by management. $483,256.00 D. Audit reports where GSA did not take final action by the end of the reporting period and includes audit reports issued during this reporting period. 36 $12,914,764.00 Audits with Better Use Funds (Potential Cost Savings) Final action for the six-month period March 31, 2024 Number of Audit Reports No budget Impact (Actual and Estimated) A. Audit reports where final action had not been taken by management by the commencement of the reporting period 56 $312,207,578.00 B. Audit reports where GSA/OIG made management decisions during the reporting period 20 $105,229,969.00 C. Audit reports where GSA took final action during the reporting period. 32 $221,711,917.00 (i) the actual dollar value of recommendations that were actually completed. $259,804.00 (ii) the actual dollar value of recommendations that management has subsequently concluded should not or could not be implemented or completed. $0.00 (iii) the actual dollar value of recommendations that management has subsequently concluded should not or could not be determined (calculated). $0.00 (iv) the estimated dollar value of ''funds to be put to better use'' as agreed to by GSA management and GSA OIG. $221,452,113.00 D. Audit reports for which no final action has been taken by the end of the reporting period and audit reports issued during this reporting period. 36 $149,197,996.00 Audits under Appeal/Litigation Financial recommendations are not included for contract awards or actions that are not completed. Audit Report Number and Name of Contractor Issue Date of Report Management Decision Amounts of Disallowed Costs A200986P4X21014 Balfour Beatty Construction, LLC 02/11/2021 $0.00 A201000P4X21031 Berkel & Company Contractors, Inc. 06/09/2021 $0.00 A200997P4X21040 Kirlin Design Build, LLC 08/27/2021 $0.00 A220029P4X24005 Swinerton Builders 11/22/2023 $0.00 A230062P5X24011 Wilson 5 Service Company, Inc. 02/02/2024 $0.00 Contract Audits Audits with Management Decisions made prior to March 31, 2023, with No Final Action as of March 31, 2024 Audit Report Number and Name of Contractor Issue Date of Report Management Decision Amounts of Disallowed Costs Reason for No Final Action A190088Q6X20050 United Rentals, Inc. 09/29/2020 $3,466,171.00 In negotiation - Negotiations are proceeding between Contracting Officer and contractor. A200986P4X21014 Balfour Beatty Construction, LLC 02/11/2021 $0.00 Litigation in process - The contractor has appealed the Contracting Officer's decision, and the audit is now in the litigation process. A201000P4X21031 Berkel & Company Contractors, Inc. 06/09/2021 $0.00 Litigation in process - The contractor has appealed the Contracting Officer's decision, and the audit is now in the litigation process. A200997P4X21040 Kirlin Design Build, LLC 08/27/2021 $0.00 Litigation in process - The contractor has appealed the Contracting Officer's decision, and the audit is now in the litigation process. A210054P4X22013 Desbuild EG Management Services JV, LLC 03/03/2022 $0.00 Mediation In Progress - GSA and the vendor entered a period of mediation to resolve a dispute. A220021P4X22030 Brasfield & Gorrie, LLC 09/15/2022 $0.00 In negotiation - Negotiations are proceeding between Contracting Officer and contractor. A210075Q2X23013 CommunicateHealth, Inc. 12/13/2022 $264,716.00 In the process of collection - GSA is in the process of collecting funds owed the government from the contractor. A220034Q6X23018 Science Applications International Corporation 02/06/2023 $209,139.00 Price/settlement negotiated - Negotiations have been completed between Contracting Officer and contractor. Internal Audits Audits with Management Decisions made prior to March 31, 2023, with No Final Action as of March 31, 2024 Audit Report Number and Title of Report Issue Date of Report Management Decision Amounts of Disallowed Costs Reason for No Final Action Projected Completion Date A180068Q3P20002 FAS's Use of Pricing Tools Results in Insufficient Price Determinations 12/23/2019 $0.00 Audit is in the Implementation Stage. 08/30/2024 A190021P5R21003 PBS's National Capital Region is Failing to Adequately Manage and Oversee the Building Services Contracts at the FDA's White Oak Campus 05/17/2021 $0.00 Audit is in the Implementation Stage. 01/31/2025 JE21-002 Evaluation of the General Services Administration's Use of an Ad Hoc Appraisal Process for an Executive 09/14/2021 $0.00 GSA and GSAIG are working to develop and approve a resolution plan. TBD JE23-003 GSA Misled Customers on Login.gov's Compliance with Digital Identity Standards 03/07/2023 $0.00 All recommendations closed although the record remains open. TBD Open OIG Recommendations Not Fully Implemented as of March 31, 2024 Audits with Management Decisions and Approved Due Dates All of the pages with the same type of information follow the same format - Audit Report Number and Title of Report Issue Date of Report Management Decision Amounts of Disallowed Costs Reason for No Final Action Original Due Date Current Due Date A180068Q3P20002 FAS's Use of Pricing Tools Results in Insufficient Price Determinations 12/23/2019 003 Develop and implement controls to ensure compliance with FAS Policy and Procedure 2018-03 - Proper Documentation of Price Analysis Decisions - Federal Supply Schedule (FSS) Program - in regards to documenting use of the pricing tools. Specifically, controls should ensure FAS contracting officers document: a. The criteria used in the query of the pricing tools; b. All detailed data records obtained in the pricing tool output; c. A verification that labor category comparisons made using the pricing tools are "same or similar" in accordance with FAR 15.4; and, d. Any filtering or removal of data records the contracting officer determined were outliers or not "same or similar." Original due date: 08/30/2024 Current due date: 08/30/2024 A190021P5R21003 PBS's National Capital Region is Failing to Adequately Manage and Oversee the Building Services Contracts at the FDA's White Oak Campus 05/17/2021 003C OIG recommends that the PBS Regional Commissioner for the National Capital Region take appropriate action to address the issues associated with oversight of the O&M building services contract. At a minimum, PBS NCR should perform a comprehensive review of the after-hours staffing from August 2015 to the present; determine the total amount of overpayment for shifts that were understaffed and inadequately staffed; recover the overpayment from Honeywell; and return any overpayment to FDA. Original due date: 01/31/2025 Current due date: 01/31/2025 A210081Q3P23001 GSA's Fiscal Year 2020 Transactional Data Reporting Pilot Evaluation Provides an Inaccurate Assessment of the Program 05/01/2023 002A OIG recommends that the GSA Administrator, FAS Commissioner, and Associate Administrator of the Office of Government-wide Policy, address the problems with the TDR data and usage as described in this report within 1 year of report issuance. To do so, the FAS Commissioner should, at a minimum conduct a comprehensive assessment of all TDR data. Original due date: 09/30/2024 Current due date: 09/30/2024 A210081Q3P23001 GSA's Fiscal Year 2020 Transactional Data Reporting Pilot Evaluation Provides an Inaccurate Assessment of the Program 05/01/2023 002B OIG recommends that the GSA Administrator, FAS Commissioner, and Associate Administrator of the Office of Government-wide Policy, address the problems with the TDR data and usage as described in this report within 1 year of report issuance. To do so, the FAS Commissioner should, at a minimum verify the accuracy and completeness of all TDR data. Original due date: 09/30/2025 Current due date: 09/30/2025 A210081Q3P23001 GSA's Fiscal Year 2020 Transactional Data Reporting Pilot Evaluation Provides an Inaccurate Assessment of the Program 05/01/2023 002D OIG recommends that the GSA Administrator, FAS Commissioner, and Associate Administrator of the Office of Government-wide Policy, address the problems with the TDR data and usage as described in this report within 1 year of report issuance. To do so, the FAS Commissioner should, at a minimum require the contractors that are not submitting complete and accurate data to correct their data or suspend their contract. Original due date: 09/30/2024 Current due date: 09/30/2024 A201018P4R23008 Audit of GSA's Response to COVID-19: PBS Faces Challenges to Meet the Ventilation and Acceptable Indoor Air Quality Standard in GSA-Owned Buildings 06/05/2023 001 OIG recommends that the PBS Commissioner complete a comprehensive assessment to determine whether GSA-owned building air handlers meet the American Society of Heating, Refrigerating, and Air-Conditioning Engineers (ASHRAE) ventilation standard's minimum outdoor air requirements and develop a comprehensive plan to address deficiencies identified. Original due date: 05/31/2024 Current due date: 05/31/2024 A201018P4R23008 Audit of GSA's Response to COVID-19: PBS Faces Challenges to Meet the Ventilation and Acceptable Indoor Air Quality Standard in GSA-Owned Buildings 06/05/2023 003 OIG recommends that the PBS Commissioner ensure that all PBS staff with ventilation system responsibilities, including CORs, contracting officers, project managers, and building managers, are trained on the requirements of the American Society of Heating, Refrigerating, and Air-Conditioning Engineers (ASHRAE) ventilation standard. Original due date: 05/31/2024 Current due date: 05/31/2024 Audit of GSA's Response to COVID-19: PBS Faces Challenges to Meet the Ventilation and Acceptable Indoor Air Quality Standard in GSA-Owned Buildings 06/05/2023 004 OIG recommends that the PBS Commissioner ensure O&M contracts define requirements for regular testing, adjusting, and balancing of air handlers. Original due date: 05/31/2024 Current due date: 05/31/2024 Audit of GSA's Response to COVID-19: PBS Faces Challenges to Meet the Ventilation and Acceptable Indoor Air Quality Standard in GSA-Owned Buildings 06/05/2023 005 OIG recommends that the PBS Commissioner ensure that GSA's Guidance for COVID-19 HVAC Operations adheres to CDC COVID-19 guidance for improved building ventilation. Original due date: 05/31/2024 Current due date: 05/31/2024 A220016Q6P23002 Multiple Award Schedule Contracts Offered Prohibited Items, Putting Customers at Risk of Unauthorized Surveillance by Foreign Adversaries 07/10/2023 001 OIG recommends that the FAS Commissioner strengthen FAS's Robomod process to ensure that it identifies MAS contracts with prohibited telecom items. Original due date: 06/28/2024 Current due date: 06/28/2024 A210076P4R23009 Audit of PBS Basic Repairs and Alterations Project: William Augustus Bootle Federal Building and U.S. Courthouse 09/29/2023 001 OIG recommends that the PBS Region 4 Regional Commissioner review current and pending 8(a) program contracts to ensure contractor pricing is justified, and renegotiate when appropriate. Original due date: 08/30/2024 Current due date: 08/30/2024 A210076P4R23009 Audit of PBS Basic Repairs and Alterations Project: William Augustus Bootle Federal Building and U.S. Courthouse 09/29/2023 002 OIG recommends that the PBS Region 4 Regional Commissioner review current and pending 8(a) program contracts to ensure certified cost or pricing data is received when applicable. Original due date: 08/30/2024 Current due date: 08/30/2024 A210076P4R23009 Audit of PBS Basic Repairs and Alterations Project: William Augustus Bootle Federal Building and U.S. Courthouse 09/29/2023 003 OIG recommends that the PBS Region 4 Regional Commissioner review current repairs and alterations contracts to ensure that contracting officers incorporate design changes into the contract and perform appropriate cost analyses. Contracting officers should also determine whether ratifications are required for changes in scope that were inappropriately authorized. Original due date: 08/30/2024 Current due date: 08/30/2024 A210076P4R23009 Audit of PBS Basic Repairs and Alterations Project: William Augustus Bootle Federal Building and U.S. Courthouse 09/29/2023 004 OIG recommends that the PBS Region 4 Regional Commissioner review current and planned repairs and alterations contracts and take steps to ensure that PBS personnel adhere to existing PBS policy that prohibits the practice of splitting projects to circumvent the prospectus process. Original due date: 06/28/2024 Current due date: 06/28/2024 A210076P4R23009 Audit of PBS Basic Repairs and Alterations Project: William Augustus Bootle Federal Building and U.S. Courthouse 09/29/2023 005 OIG recommends that the PBS Region 4 Regional Commissioner review current repairs and alterations contracts to ensure contractor and subcontractor employees possess appropriate security clearances to comply with the contract and Homeland Security Presidential Directive 12 requirements. Original due date: 08/30/2024 Current due date: 08/30/2024 A210076P4R23009 Audit of PBS Basic Repairs and Alterations Project: William Augustus Bootle Federal Building and U.S. Courthouse 09/29/2023 006 OIG recommends that the PBS Region 4 Regional Commissioner review current repairs and alterations contracts and ensure that CORs review certified payroll records and perform labor interviews, as appropriate, prior to approval of invoices to verify that contractor and subcontractor employees are paid in accordance with Construction Wage Rate Requirements. Original due date: 08/30/2024 Current due date: 08/30/2024 A210076P4R23009 Audit of PBS Basic Repairs and Alterations Project: William Augustus Bootle Federal Building and U.S. Courthouse 09/29/2023 007 OIG recommends that the PBS Region 4 Regional Commissioner review the performance of PBS personnel involved in the award and administration of the Bootle Building HVAC modernization contract, including their supervisory chains of command, and take appropriate action to address deficiencies identified in this report. Original due date: 08/30/2024 Current due date: 08/30/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 001 OIG recommends that GSA's Chief Information Officer (GSA CIO) assess the feasibility of implementing an application whitelist to prevent users from using unauthorized applications on Agency mobile devices, as outlined in NIST SP 800- 167. Original due date: 08/30/2024 Current due date: 08/30/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 003 OIG recommends that GSA's Chief Information Officer (GSA CIO) update CIO-IT Security-12-67 to address instant messaging applications on GSA mobile devices, to include specifying which applications are authorized and implementing applicable security controls to limit cybersecurity risks associated with unauthorized applications. Original due date: 08/30/2024 Current due date: 08/30/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 004 OIG recommends that GSA's Chief Information Officer (GSA CIO) update the GSA Blacklisted Mobile Apps list to prohibit applications categorized as spyware (location tracking, remote monitoring, or child monitoring software) to better protect sensitive data and the safety of GSA employees and contractors. Original due date: 08/30/2024 Current due date: 08/30/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 005 OIG recommends that GSA's Chief Information Officer (GSA CIO) add MaaS360 rule sets to automatically identify devices that are not compliant with CIO 2100. 1N, CIO-IT Security-12-67, and CIO IDTI-15-01. Original due date: 05/31/2024 Current due date: 05/31/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 006 OIG recommends that GSA's Chief Information Officer (GSA CIO) use MaaS360's automated enforcement options to better ensure compliance, as recommended by the IBM MaaS360 Enterprise Mobile Management Policies Best Practices Guide. Original due date: 08/30/2024 Current due date: 08/30/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 007 OIG recommends that GSA's Chief Information Officer (GSA CIO) ensure that all MaaS360 settings require and enforce all required applications, including MaaS360, Cisco Umbrella, and Lookout for Work, to be installed and updated on GSA mobile devices, as required in CIO-IT Security-12-67. Original due date: 07/31/2024 Current due date: 07/31/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 008 OIG recommends that GSA's Chief Information Officer (GSA CIO) implement controls to prevent mobile device access to websites over unsecure protocols (e.g., HTTP). Original due date: 05/31/2024 Current due date: 05/31/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 009 OIG recommends that GSA's Chief Information Officer (GSA CIO) change the mobile device security settings to the recommended MaaS360 and Google MDM settings in Appendix B, Figures 3 and 5, to improve GSA mobile device security. Original due date: 08/30/2024 Current due date: 08/30/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 011 OIG recommends that GSA's Chief Information Officer (GSA CIO) update CIO-IT Security-12-67 to require that discoverable mode is disabled after pairing is completed, Bluetooth is disabled when not in use, and Bluetooth connections are disconnected within 23 hours, as required by CIO 2100.1N. Original due date: 08/30/2024 Current due date: 08/30/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 012 OIG recommends that GSA's Chief Information Officer (GSA CIO) update CIO-IT Security-12- 67 to prevent devices from joining unencrypted networks by prohibiting the use of unsecure Wi- Fi networks, as recommended by NIST SP 800-124, Revision 1. Original due date: 08/30/2024 Current due date: 08/30/2024 A220055ITF23004 Audit of Security Controls for Mobile Technologies Used by GSA 09/29/2023 013 OIG recommends that GSA's Chief Information Officer (GSA CIO) update CIO-IT Security-12-67 to prevent users from connecting removable storage devices, such as thumb drives, to Agency mobile devices, as recommended by NIST SP 800-124, Revision 1. Original due date: 08/30/2024 Current due date: 08/30/2024 A210057B5F24001 GSA's Robotic Process Automation Program Lacks Evidence to Support Claimed Savings. 11/30/2023 001 OIG recommends that the GSA Chief Financial Officer performance evaluation process for its bots to ensure they are performing as intended and that the RPA program is achieving its goals. As part of this effort, the OCFO should develop objective and auditable measures and metrics that support the work hours saved by bots, as described in the RPA Program Playbook. Original due date: 09/30/2024 Current due date: 09/30/2024 A230021P9R24001 Audit of PBS's Lease Award and Administration for the Bureau of Land Management Field Office in Baker City, Oregon 12/08/2023 001A OIG recommends that the PBS Regional Commissioner for the PBS Northwest/Arctic Region assess the actions taken in response to the IAQ issues at the BLM field office in Baker City, Oregon. Based on this assessment, the PBS Regional Commissioner should develop and implement a management control process that promptly responds to IAQ complaints. Original due date: 06/28/2024 Current due date: 06/28/2024 A230021P9R24001 Audit of PBS's Lease Award and Administration for the Bureau of Land Management Field Office in Baker City, Oregon 12/08/2023 002 OIG recommends that the PBS Regional Commissioner for the PBS Northwest/Arctic Region improve LAM communication with tenants during the annual lease inspection to ensure that PBS is aware of all tenant staff concerns, particularly those related to safety and security issues, and that all issues are documented in the GSA 500, Lease Inspection Form. Original due date: 06/28/2024 Current due date: 06/28/2024 A230021P9R24001 Audit of PBS's Lease Award and Administration for the Bureau of Land Management Field Office in Baker City, Oregon 12/08/2023 003 OIG recommends that the PBS Regional Commissioner for the PBS Northwest/Arctic Region ensure LAMs take proactive actions to resolve long-standing issues by issuing Deficiency Identified Letters in a timely manner and holding lessors accountable for noncompliance. Original due date: 08/30/2024 Current due date: 08/30/2024 A230021P9R24001 Audit of PBS's Lease Award and Administration for the Bureau of Land Management Field Office in Baker City, Oregon 12/08/2023 004 OIG recommends that the PBS Regional Commissioner for the PBS Northwest/Arctic Region enforce the BLM field office lease terms requiring onsite or locally available maintenance personnel, and recover rent paid to the lessor equivalent to the period that the maintenance personnel were not provided since November 2019. Original due date: 11/29/2024 Current due date: 11/29/2024 Audit Responses Awaiting OIG Feedback Audit Report Number and Title of Report Issue Date of Report Recommendation Number Cited Recommendation All of the pages with the same type of information follow the same format - JE21-002 OIG EVALUATION REPORT: Evaluation of the General Services Administration's Use of an Ad Hoc Appraisal Process for an Executive 09/14/2021 001 The GSA Administrator should take appropriate action to remedy the harm caused by a tainted performance review process that resulted in an unsatisfactory rating and in their removal from the Associate Administrator position, as well as the loss of any opportunity for a FY 2017 performance period pay increase or bonus. JE21-002 OIG EVALUATION REPORT: Evaluation of the General Services Administration's Use of an Ad Hoc Appraisal Process for an Executive 09/14/2021 002 OIG recommends that the GSA General Counsel and Chief Human Capital Officer should review current processes and procedures to ensure sufficient oversight of employee misconduct and disciplinary reviews, including timely referral to the OIG. A220070A6F24002 GSA Purchased Chinese-Manufactured Videoconference Cameras and Justified It Using Misleading Market Research 01/23/2024 001 OIG recommends that the GSA Administrator ensure that GSA no longer purchases TAA- noncompliant cameras if there are TAA- compliant cameras that meet the Agency's requirements. A220070A6F24002 GSA Purchased Chinese-Manufactured Videoconference Cameras and Justified It Using Misleading Market Research 01/23/2024 002 OIG recommends that the GSA Administrator return, or otherwise dispose of, previously purchased TAA-noncompliant cameras. A220070A6F24002 GSA Purchased Chinese-Manufactured Videoconference Cameras and Justified It Using Misleading Market Research 01/23/2024 003A OIG recommends that the GSA Administrator strengthen controls to ensure that TAA-compliant products are prioritized during future procurements. A220070A6F24002 GSA Purchased Chinese-Manufactured Videoconference Cameras and Justified It Using Misleading Market Research 01/23/2024 003B OIG recommends that the GSA Administrator strengthen controls to ensure that TAA contracting officer determinations are adequately reviewed prior to approval, including any comparisons or market research performed. A220070A6F24002 GSA Purchased Chinese-Manufactured Videoconference Cameras and Justified It Using Misleading Market Research 01/23/2024 003C OIG recommends that the GSA Administrator strengthen controls to ensure that head of contracting activity non-availability determinations are obtained prior to procuring TAA-noncompliant products. A220070A6F24002 GSA Purchased Chinese-Manufactured Videoconference Cameras and Justified It Using Misleading Market Research 01/23/2024 003D OIG recommends that the GSA Administrator strengthen controls to ensure that IT equipment is being updated in a timely manner to reduce the risk of overlooking identified vulnerabilities. A220070A6F24002 GSA Purchased Chinese-Manufactured Videoconference Cameras and Justified It Using Misleading Market Research 01/23/2024 004 OIG recommends that the GSA Administrator take appropriate action against GSA IT and GSA IDT personnel to address the misleading information provided to the contracting officer for the purchase of TAA-noncompliant cameras. Audit Responses in Development Audit Report Number and Title of Report Issue Date of Report Recommendation Number Cited Recommendation All of the pages with the same type of information follow the same format - A220077P6R24002 PBS Is Not Assessing High-Risk Uses of Space by Federal Law Enforcement Agencies, Raising Safety and Security Issues (This Report Contains CUI) 02/14/2024 001A OIG recommends that the PBS Commissioner address the specific safety and security risks we identified by ensuring, in coordination with the federal law enforcement agencies, that detainees are transported through secure pathways to minimize safety and security threats to building tenants and visitors. A220077P6R24002 PBS Is Not Assessing High-Risk Uses of Space by Federal Law Enforcement Agencies, Raising Safety and Security Issues (This Report Contains CUI) 02/14/2024 001B OIG recommends that the PBS Commissioner address the specific safety and security risks we identified by ensuring, in coordination with the federal law enforcement agencies, that seized drugs are stored in an area that prevents the drug particles from becoming airborne. A220077P6R24002 PBS Is Not Assessing High-Risk Uses of Space by Federal Law Enforcement Agencies, Raising Safety and Security Issues (This Report Contains CUI) 02/14/2024 001C OIG recommends that the PBS Commissioner address the specific safety and security risks we identified by ensuring, in coordination with the federal law enforcement agencies, that roles and responsibilities are established for notifying emergency responders of the location of armories during emergencies. A220077P6R24002 PBS Is Not Assessing High-Risk Uses of Space by Federal Law Enforcement Agencies, Raising Safety and Security Issues (This Report Contains CUI) 02/14/2024 002 OIG recommends that the PBS Commissioner conduct a comprehensive assessment to identify and expedite actions to mitigate safety and security risks at each GSA-controlled space that federal law enforcement agencies occupy. A220077P6R24002 PBS Is Not Assessing High-Risk Uses of Space by Federal Law Enforcement Agencies, Raising Safety and Security Issues (This Report Contains CUI) 02/14/2024 003 OIG recommends that the PBS Commissioner expand GSA Order PBS 1000.4B, High Risk Operations, to identify, assess, and mitigate risks associated with transporting detainees, storing seized drugs, and storing ammunition in GSA-controlled space. Glossary The following definitions, based on the Inspector General Act Amendment of 1978, apply to terms used in this Semiannual Management Report: Questioned Costs Costs questioned by the OIG as a result of: • an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds; • a finding that, at the time of an audit, such cost is not supported by adequate documentation; • a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable Disallowed Cost Questioned costs that GSA management in a management decision sustained or agreed should not be charged to the Government. Recommendation that Funds be Put to Better Use A recommendation by the GSA OIG that funds could be used more efficiently if management took action to implement and complete the recommendations, including: • reductions in outlays; • de-obligation of funds from programs or operations; • withdrawal of interest subsidy costs on loans or loan guarantees, insurance, or bonds; • costs not incurred by implementing recommended improvements related to the operations of the establishment, a contractor, or grantee; • avoidance of unnecessary expenditures noted in pre-award reviews of contract or grant agreements; • any other savings that are identified specifically. Management Decision The evaluation by management of the findings and recommendations included in an audit report and the issuance of a final decision by management and concurrence by the OIG concerning its response to such findings and recommendations, including planned corrective actions to remedy weaknesses identified in the report. Final Action The completions of all actions that GSA management concluded in its management decision were necessary with respect to the findings and recommendations included in the audit report. If GSA concluded no action was necessary, final action occurred when the management decision was made. Management Actions - Questioned Costs The following are the different management actions used by GSA management to resolve questioned costs in an audit report. • Audit reports on which management decisions made during the period: Data pertaining to the number of audit reports on which management decisions made during the period and the associated amount of disallowed costs furnished by GSA OIG • Write-offs: For the purposes of this report, write-offs represent a management decision not to recover the disallowed cost cited by the OIG report. Management Actions - Better Use Funds The following is a list of the different management actions used by GSA management to resolve the "better use" of funds in an audit report. • Better Use Funds: The figure represents amounts cited as "cost avoidance" and "funds to be put to better use," as agreed to by GSA management and the OIG. Prior to April 1990, no funds were identified by the OIG specifically as "funds to be put to better use," and no management decisions were issued based on the consideration of "better use" of funds. • Budget Impact Funds: Funds identified as "budget impact" involve the obligation process. Audit-related savings of these funds, depending on the fund involved, may be available for another use. • No Budget Impact Funds: Funds identified as "no budget impact" are composed of estimated and actual amounts, and do not involve obligated monies, and, therefore, cannot be construed as having a material effect on GSA''s appropriated funds. • Audit reports on which management decisions were made during the period: Data pertaining to the number of audit reports on which management decisions were made during the period and the associated dollar amounts agreed to by management were furnished by the OIG. • Value of recommendations that management concluded should not or could not be calculable: Management was unable to determine the award amounts and "better use funds" implemented since the amount is included in the overall award to the prime contractor and savings could not be determined. Appendix April 2, 2024 MEMORANDUM FOR EVAN FARLEY DIRECTOR OFFICE OF AUDIT MANAGEMENT AND ACCOUNTABILITY (BA) FROM: LISA L. BLANCHARD [Digitally signed by Lisa L. Blanchard by Date: 024.04.02 14:11:28-04'00'] DIRECTOR AUDIT PLANNING, POLICY, AND OPERATIONS STAFF (JAO) SUBJECT: Semiannual Report to the Congress on the Number of Management Decisions This memo is intended to relate the total management decisions for the period October 1, 2023 through March 31, 2024. The totals are based on BA/JA Data Match Report, dated April 2, 2024 and JA’s AMIS database. The OIG’s management decision statistics are, as follows: Type of Audit Number of Audits Amount of Better Use Funds Amount of Disallowed Costs Preaward 14 $ 105,229,969 $ 50,007 Postaward 2 $ 0 $ 11,441 Internal 4 $ 0 $ 22,000 Totals 20 $ 105,229,969 $ 83,448 Please acknowledge your agreement of the statistics by signing below and returning to JAO as soon as possible. ______________________ Name Title Date EVAN FARLEY Director, Audit Management and Accountability [Digitally signed by EVAN FARLEY Date: 2024.04.03 09:31:54 -04'00'] Back Cover The GSA Star Logo U.S. General Services Administration 1800 F Street NW, Washington, DC 20405