As inspectors general continue to conduct aggressive, independent oversight of the more than $2.4 trillion in emergency coronavirus response spending, the Pandemic Response Accountability Committee (PRAC) announced the release of its first report on June 17 titled “Top Challenges Facing Federal Agencies: COVID-19 Emergency Relief and Response Efforts.”
In March and April 2020, Congress passed four funding bills to address the public health and economic crises caused by the Coronavirus Disease 2019 (COVID-19) pandemic:
The Coronavirus Preparedness and Response Supplemental Appropriations Act, 2020, enacted March 4, 2020, provided $8.3 billion in emergency funding for public health measures.
The Families First Coronavirus Response Act, enacted March 18, 2020, enhanced unemployment benefits and required many employers to provide emergency paid sick and family leave, among other measures.
The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), enacted March 27, 2020, provided $2.2 trillion in federal funding, including expanded unemployment benefits; $150 billion in direct aid and grants for state and local governments; $349 billion of forgivable loans for small businesses through the Small Business Administration (SBA) Paycheck Protection Program (PPP); an additional $500 billion as loan guarantees and equity investments into Federal Reserve Lending Facilities to support lending to businesses, states, and local governments; and Economic Impact Payments of up to $1,200 for eligible taxpayers.
The Paycheck Protection Program and Health Care Enhancement Act, enacted April 24, 2020, increased funding for the PPP by an additional $321 billion and provided supplemental funding for health care providers and COVID-19 testing.
The report identified common areas of concern among agencies of different sizes and with different missions: financial management of CARES Act and other funds, grant and guaranteed loan management, information technology security and management, and protecting health and safety.
The CARES Act and related legislation require reporting by agencies to help ensure transparency and accountability in government spending. Even before the pandemic, OIGs reported that the ability of agencies to track and report financial data was insufficient to meet agency needs and was a top management and performance challenge. These insufficiencies were based on weaknesses in agency internal controls, as well as outdated financial management systems that failed to meet federally mandated modernization requirements and lacked the capability to track and report financial data reliably. OIGs have identified these same factors as challenges in their reporting and oversight of CARES Act and other pandemic related spending. For example, the General Services Administration (GSA) OIG cited control weaknesses as a potential impediment to accurately reporting CARES Act spending, referencing a November 2019 audit that found errors in how GSA reports certain data to USASpending.gov. According to the GSA OIG, GSA will need to address these errors to ensure that its CARES Act reporting is accurate. Similarly, the U.S. Department of Homeland Security (DHS) OIG reported that key DHS financial systems do not comply with federal requirements, and that this potentially will impact financial planning, payments, and internal controls related to CARES Act funding. Barriers to reporting accurate spending data impact the government’s ability to reduce improper payments. For example, the OIG for the National Reconnaissance Office (NRO) has cited CARES Act provisions that govern reimbursement of government contractors, explaining that they create a significant opportunity for “double dipping” by companies if funds are not accurately tracked across the government.
Although closely related to financial management, several OIGs identified grant management as a separate performance and management challenge for their agencies even before the pandemic, citing the increasing number, size, and complexity of grants. According to these OIGs, these factors make it more difficult for agencies to ensure grantees use funds solely for authorized purposes and maintain documentation to support their spending, as well as to measure grant performance. Like the challenges in financial management, the substantial increases in funding for grants under the CARES Act and related legislation heighten the existing challenges agencies face in processing and monitoring these payments, and in assessing their success.
On March 16, 2020, the Office of Personnel Management (OPM) announced a maximum telework operating status for federal agencies in response to the COVID-19 pandemic. While full-time telework has allowed federal agencies to continue operations, it has created additional challenges for agency IT staff and strained agency networks. For example, the OPM OIG stated that IT personnel initially were concerned about the ability of OPM’s aging infrastructure to absorb the sudden workload increase in remote access to its virtual private network (VPN) and network connections. This required OPM to manage network capacity by focusing on mission critical systems and people and reducing unnecessary functions, such as streaming services, and to closely monitor VPN usage and network performance. However, the shift to telework also highlighted OPM’s lack of teleconferencing software and shortcomings in its ability to remotely administer its systems. Other agencies have identified similar issues.
Cyberattacks and insider threats pose a continuing threat to federal IT security, requiring that agencies focus on ensuring that government systems are secure and that sensitive data is protected. Given the amount and type of information that is collected and used by the government, breaches in government systems may expose individuals’ personal information and compromise national security. In the past, OIGs have reported that agencies face deficiencies in their ability to protect the confidentiality and integrity of their systems. These challenges are exacerbated by the pandemic. Various OIGs have reported that the use of maximum telework strains their ability to support operations efficiently and securely and creates additional vulnerabilities.
Other OIGs reported that the federal government’s efforts to provide financial aid to small businesses and individuals impacted by the pandemic provide additional targets for cyberattacks and fraud. In particular, the Treasury Inspector General for Tax Administration (TIGTA) reported that it expects to see a surge in investigative activity as bad actors attempt to steal Economic Impact Payments from taxpayers by attacking Internal Revenue Service (IRS) systems— including the IRS web portals used by taxpayers to check on the status of their payments and update their banking information—and targeting taxpayers with phishing emails, impersonation phone calls, and stolen or counterfeit checks. Similarly, the Federal Deposit Insurance Corporation OIG expressed concerns about the increased risk of cybercrimes, such as phishing, email fraud, and cyberattacks on third-party technology service providers, as consumers use mobile and online banking during the pandemic.
Not all work can be performed remotely, and several OIGs identified the need to protect federal employees and facilities during the COVID 19 pandemic as a significant challenge for their agencies, particularly for essential employees who are not eligible for telework and interact with others in the course of their work. Concerns ranged from difficulty procuring adequate personal protective equipment (PPE) and hand sanitizer for employees who work in public-facing jobs, to allowing public access to federal lands, to protecting employees who work in countries with inadequate local health care systems.
DHS OIG stated that tens of thousands of immigration detainees are in short- and long-term custody in CBP and ICE facilities. These detainees, along with the federal employees and contractors who work in these facilities, face increased risks of virus exposure. According to the DHS OIG, numerous reports and studies establish that DHS struggled to ensure proper medical and mental health care in immigration detention centers even before the pandemic. DHS OIG stated that the agency’s decentralized system of contractors used to manage and staff detention facilities, lack of standardized procedures, and deficiencies in the agency’s pandemic preparedness increased the likelihood that detainees and staff might not have sufficient PPE or access to effective treatment to minimize the spread of the virus.
The PRAC report also contains individual summaries from 37 Offices of Inspector General identifying the top pandemic-related challenges for the agencies they oversee.