The DoD OIG newsletter summarizes the reports and investigations released by the Department of Defense Office of Inspector General in the previous month and those we anticipate releasing in the coming month. I encourage you to read these reports and to access our website, which lists reports and investigations by year, subject, and DoD component. You'll also find our project announcements and additional news releases highlighting investigations conducted by the Defense Criminal Investigative Service. Thank you for subscribing to our newsletter.
Significant reports expected to be issued within the next 30 days include:
Audit of the Navy and Marine Corps’ Backup Aircraft and Depot Maintenance Float for Ground Combat and Tactical Vehicles
This audit determines whether the quantities of backup aircraft and depot maintenance float allowance for ground combat and tactical vehicles impact Navy and Marine Corps unit readiness. The Navy and Marine Corps provide operational units with replacement aircraft or vehicles, known as backup aircraft and depot maintenance float allowance, to maintain readiness levels when a unit’s aircraft or vehicles undergo depot maintenance, modification, or repair.
Interagency Coordination Group of Inspectors General for Guam Realignment Annual Report
This report provides a detailed statement of obligations, expenditures, and revenues associated with military construction on Guam in response to the FY 2010 National Defense Authorization Act. Section 2835 of the Act established the Interagency Coordination Group of Inspectors General for Guam Realignment. It requires the group to submit an annual report summarizing, for the preceding calendar year, the activities under programs and operations funded with amounts appropriated, or otherwise made available for military construction on Guam.
System Review Report for the External Peer Review of the National Guard Bureau Internal Review Office
This review determines whether the National Guard Bureau's Internal Review Office system of quality control for audits, in effect for February 28, 2018, provided reasonable assurance that the office conformed to Government auditing standards. The National Guard Bureau Internal Review Office is responsible for establishing and maintaining a system of quality control that provides reasonable assurance that its audit organization complies with professional standards, and applicable legal and regulatory requirements in all material respects.
RECENTLY ISSUED REPORTS OF INTEREST (to view report, if available, please click on title)
DoD Management of Software Applications
This audit determined that Marine Corps divisions, and Navy and Air Force commands, reviewed by the DoD OIG, did not consistently rationalize their software applications. Software application rationalization is the process of improving an enterprise’s information technology portfolio. Although Marine Corps divisions and Navy commands had a process in place to prevent the purchase of duplicate software applications, the Air Force did not. In addition, the U.S. Fleet Forces Command was the only command reviewed that had a process in place for eliminating duplicative or obsolete software applications it owned. None of the commands or divisions reviewed maintained accurate software inventories. As a result, the DoD OIG determined that the DoD and its components are exposing the DoD Information Network to unnecessary cybersecurity risks because they lack visibility over software application inventories. In addition, they are unable to identify the extent of existing vulnerabilities associated with their software applications. Moreover, the DoD is not realizing the cost savings associated with the elimination of duplicate and obsolete software applications that it has already procured and is paying to maintain.
Security Controls at DoD Facilities for Protecting Ballistic Missile Defense System Technical Information
This audit determined that DoD Components did not consistently implement security controls and processes at DoD facilities to protect ballistic missile defense system technical information on classified networks from insider and external cyber threats. In addition, facility security officers did not consistently implement physical security controls to limit unauthorized access to facilities that managed ballistic missile defense system technical information. As a result, these deficiencies could allow U.S. adversaries to circumvent ballistic missile defense system capabilities leaving the U.S. vulnerable to missile attacks.
Understanding the Results of the Audit of the DoD FY 2018 Financial Statements
On November 15, 2018, the DoD OIG issued a disclaimer of opinion on the FY 2018 Agency‑Wide Basic Financial Statements, meaning an overall opinion could not be expressed on the financial statements under audit. Audit opinions, by their nature are technical, follow a prescribed format, and may not be easy to understand without a background in accounting. The DoD OIG issued this report to explain the results of the FY 2018 audit report in clear and understandable terms for the Congress and the public. The report includes a description of background on the DoD financial statements audits; the contents of the DoD financial report; the importance of the DoD financial statement audits to DoD operations and financial management; and the overall findings of the financial statement audits.
Summary of Reports Issued Regarding Department of Defense Cybersecurity From July 1, 2017, Through June 30, 2018
This audit summarizes unclassified and classified reports in cybersecurity issues in the DoD that were issued by the DoD OIG, other DoD oversight entities, and the Government Accountability Office issued between July 1, 2017, and June 30, 2018. The report also identifies cybersecurity risks areas for DoD management to address based on the functions of the National Institute of Standards and Technology Cybersecurity Framework, and open DoD cybersecurity recommendations.
U.S. Army Corps of Engineers Oversight of Temporary Emergency Power Contracts Awarded for Hurricanes Harvey and Irma
This audit determined that the U.S. Army Corps of Engineers oversight personnel did not properly monitor and assess contractor performance on three service contracts for temporary emergency power, valued at $19 million, for disaster recovery in response to Hurricanes Harvey and Irma. As a result, Army Corps of Engineers did not know whether the contractors complied with contract requirements and whether the Government received for services it paid $19 million for from August to December 2017.
DoD Civilian Pay Budgeting Process
This audit determined that the Office of the Under Secretary of Defense (Comptroller) provided guidance for developing budgets and reviewed and analyzed the Military Services’ civilian pay budgets for compliance with the Office of Management and Budget and DoD policies. However, the Services deviated from Office of Management and Budget and DoD policy when preparing their civilian pay budgets. For example, Army budget officials inappropriately adjusted their basic compensation calculation for employees’ within-grade increases, which inflated the Army’s FY 2017 and 2018 civilian pay budget requests. In addition, neither the Air Force nor the Marine Corps determined their civilian pay funding requirements from full-time equivalents, as required by the Office of Management and Budget. As a result, the services’ budget request did not always accurately represent the actual cost of their workforce.
Reporting of Improper Payments for the Defense Finance and Accounting Service Commercial Pay Program
This audit determined that the DoD produced an incomplete and inaccurate improper payment estimate for the Defense Finance and Accounting Service (DFAS) Commercial Pay Program for the period July through December 2017. The DFAS Commercial Pay Program includes commercial payments made by military departments, defense agencies, and field activities such as payments for transportation bills, government purchase card purchases, and purchases of goods and services from contractors. In addition, DFAS Enterprise Solutions and Standards personnel did not have sufficient controls in place to validate the accuracy and completeness of the universe of commercial payments transactions used for developing the DFAS improper payment estimate. As a result, the DoD did not comply with the statutory requirements to test a sample of program payments for improper payments and then project the results to the entire program, and it will continue to produce unreliable estimates of improper payments if it does not improve its internal control system. The DFAS Commercial Pay program may also miss the opportunity to promptly detect, prevent, and recover improper payments of Federal funds.
Followup on Delinquent Medical Service Account Audits
This audit determined that medical treatment facilities implemented actions to correct problems identified in six prior DoD Office of Inspector General reports related to the collection of outstanding balances for medical service accounts. Specifically, the military services implemented corrective actions for 40 of 47 prior audit report recommendations. However, two of the corrective actions taken to address the recommendations related to updating Army regulations and coordination efforts to address Medicare beneficiary difficulties getting claims reimbursed were not fully implemented. As a result, the military services were unable to determine the total number and dollar value of delinquent accounts and have not fully pursued opportunities to collect a potential $80.1 million in delinquent accounts and accounts not billed.
Defense Hotline Allegations Concerning the MQ-9 Block 5 Reaper Unmanned Aerial System
This audit determined that the Air Force was appropriately charged for the MQ‑9 Block 5 aircraft repairs prior to accepting the aircraft and using MQ‑9 Block 5 aircraft for operational missions. However, the MQ‑9 Program Management Office procured an available inventory of 5,456 MQ‑9 Block 5 aircraft spare parts that included excess spare parts. As a result, the MQ‑9 Program Management Office procured 3,746 excess spare parts, valued at $30.9 million.
System Review Report on the Defense Commissary Agency Internal Review
This review determined that the system of quality control for the Defense Commissary Agency Internal Review, in effect for audits projects ending January 31, 2018, was not suitably designed and did not provide the Defense Commissary Agency Internal Review with reasonable assurance of performing and reporting in conformity with applicable auditing professional standards in all material respects. This resulted in the Defense Commissary Agency Internal Review receiving an opinion rating of fail.
Quality Control Review of the Grant Thornton LLP FY 2017 Single Audit of Concurrent Technologies Corporation
This review determined that Grant Thornton generally complied with auditing standards and single audit Uniform Guidance requirements when performing the FY 2017 single audit of Concurrent Technologies Corporation. However, Grant Thornton’s review of the Reporting and Cash Management compliance requirements was not adequate to achieve the audit objectives identified in the Office of Management and Budget’s audit guide for performing single audits.
DEFENSE CRIMINAL INVESTIGATIVE SERVICE HIGHLIGHTS (to view DOJ press release, if available, please click on title)
Former Owner of Sleep Study Businesses Sentenced for Fraud
On December 7, 2018, Young Yi was sentenced to seven years in prison for health care fraud and tax violations related to a sleep study clinic she operated in Northern Virginia. According to court documents, Yi defrauded Medicare, TRICARE, private insurance companies, and the Internal Revenue Service (IRS) out of more than $10 million. Yi directed the clinic’s employees to solicit patients who were referred to her clinic for legitimate sleep studies for supplemental but medically unnecessary studies. Yi instructed employees to withhold the results of the fraudulent studies from the patients' doctors, lied to patients by telling them that they did not have to pay co-pays or co-insurance, and used various entities to bill insurance companies to receive out-of-network payments for in-network services. According to the evidence presented at trial, Yi used her business bank accounts to purchase personal luxury goods and real estate that she reported as business expenses. For example, Yi used the proceeds of her crimes to purchase five condominiums, worth more than $2.8 million, in Northern Virginia, Chicago, and Honolulu. This was a joint investigation with the Defense Criminal Investigative Service (DCIS), the Federal Bureau of Investigation (FBI), IRS-Criminal Investigation (IRS–CI), the Office of Personnel Management Office of Inspector General (OIG), and the Department of Health and Human Services (HHS) OIG.
Four South Florida Residents and Jet Link, Inc. Charged with Aircraft Parts Fraud
On December 13, 2018, the Department of Justice (DOJ) announced that Robert Cantone, Alex Cantone, Brenda Snelgrove, Ronald Burns, and Jet Link, Inc. were indicted for aircraft parts fraud and conspiracy to commit aircraft parts fraud. According to the indictment, R. Cantone, A. Cantone, Snelgrove, and Burns fraudulently won contracts to supply military aircraft parts to the Defense Logistics Agency. In order to win the contracts, they allegedly provided false certifications to the Defense Logistics Agency, which certified that Jet Link possessed the parts necessary to fulfill the contracts. According to the indictment, the company did not acquire the parts until after the contracts were awarded. Jet Link often provided the Defense Logistics Agency parts that were non-conforming or substandard parts. This was a joint investigation with DCIS, the Air Force Office of Special Investigations, the Army Criminal Investigation Command (Army CID) Major Procurement Fraud Unit (MPFU), and Homeland Security Investigations.
Owner and Four Former Employees of New England Compounding Center Convicted Following Trial
On December 13, 2018, a former owner of the New England Compounding Center (NECC), Greg Conigliaro, and four former employees, Gene Svirskiy, Christopher Leary, Sharon Carter, and Alla Stepanets, were convicted for their roles at NECC, the company that caused the 2012 nationwide fungal meningitis outbreak. Eleven former NECC owners, executives and employees have been convicted of Federal criminal charges. The Government has identified 793 patients that were harmed, including more than 100 patients that died, after receiving a contaminated drug manufactured by NECC. According to the evidence at trial, NECC's pharmacists, including Svirskiy and Leary, knowingly manufactured drugs in unsafe manners and unsanitary conditions. NECC shielded its business practices from the Food and Drug Administration by claiming to be a pharmacy that dispensed drugs for individual patients, but NECC routinely dispensed drugs in bulk without valid prescriptions. Despite this practice, Conigliaro repeatedly misrepresented to the Food and Drug Administration and the Massachusetts Board of Pharmacy that NECC was only dispensing drugs pursuant to patient-specific prescriptions. Carter, NECC's director of operations, directed employees to engage in a number of fraudulent prescription schemes to deceive regulators by creating the appearance that NECC had prescriptions for the drugs it was selling. For example, Stepanets, one of NECC's verification pharmacists, approved shipments of drugs for patients with names such as Wonder Woman, Fat Albert, Bud Weiser, Samuel Adams, Hindsight Man, Betty Ford, Jimmy Carter, Bill Clinton, Donald Trump, Calvin Klein, and Jennifer Lopez. This was a joint investigation with DCIS, the FBI, the Veteran’s Affairs OIG, and the U.S. Postal Inspection Service.
Palm Beach Sales Representative Sentenced to Prison for Money Laundering Scheme Involving Alcohol and Drug Addiction Treatment Centers and Clinical Laboratories
On December 19, 2018, Lanny Fried was sentenced to 57 months in prison and ordered to pay $81,163 in fines for his participation in a money laundering conspiracy that involved addiction treatment centers and clinical laboratories. According to an information filed in the Southern District of Florida, Smart Lab was a company that performed confirmatory urinalysis testing. Fried, a Smart Lab sales representative, had an agreement with Smart Lab to receive commissions of approximately 50 percent of the insurance reimbursements for the substance abuse treatment facilities he referred to Smart Lab. These payments were classified as commissions when they were actually kickbacks for the referral of excessive, medically unnecessary, fraudulent, and duplicative confirmatory drug testing. Fried also recruited friends and business associates to engage in similar activities. These individuals signed employment agreements with Smart Lab that purported to make them "sales representatives." These agreements were used to make it appear that monies paid to Fried and others were for services rendered. Fried and the other conspirators did not perform actual services for Smart Lab, and they were paid "commissions" from the proceeds of health care fraud. This was a joint investigation with DCIS, the FBI, IRS–CI, the Florida Division of Investigative and Forensic Services, the Amtrak OIG, the Department of Labor Employee Benefits Security Administration, and the National Insurance Crime Bureau.
Vancouver, Washington Toxicology Testing Lab Settles Allegations it Paid Kickbacks for Government Program Business
On December 19, 2018, the DOJ announced that Molecular Testing Labs had agreed to pay up to $1,777,738 to settle allegations that it violated the False Claims Act. Between August 2014 and July 2015, Molecular Testing Labs allegedly violated the Anti-Kickback Statute by paying local laboratories for Medicare and TRICARE patient referrals. Molecular Testing Labs allegedly violated the False Claims Act by utilizing the illegal referrals to submit claims for payment to Medicare and TRICARE. This was a joint investigation with DCIS, the HHS OIG, the Defense Health Agency, and the FBI.
Two Chinese Hackers Associated With the Ministry Of State Security Charged With Global Computer Intrusion Campaigns Targeting Intellectual Property and Confidential Business Information
On December 20, 2018, the DOJ announced the unsealing of an indictment charging two Chinese nationals, Zhu Hua and Zhang Shilong, with conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft. According to the indictment, Zhu and Zhang were members of a hacking group operating in China known as Advanced Persistent Threat 10. Through their involvement with the Advanced Persistent Threat 10, from about 2006 to about 2018, Zhu and Zhang conducted global campaigns of computer intrusions. Zhu and Zhang primarily targeted intellectual property and confidential technological information that was stored by third-party information technology companies. Advanced Persistent Threat 10 targeted a wide range of commercial activities, industries, and technologies. This was a joint investigation with DCIS, the FBI, and the Naval Criminal Investigative Service.
ANNOUNCED PROJECTS (to view the announcement letters, if available, please click on the title)
Audit of the DoD Agency-Wide Basic Financial Statements for Fiscal Years Ending September 30, 2017 and September 30, 2018
This annual audit of the DoD’s financial statements, conducted by the DoD OIG. The objective of this audit is to determine whether the DoD Agency-Wide Basic Financial Statements, as of September 30, 2019 and September 30, 2018 (taken as a whole) were presented fairly in all material respects, and in conformity with accounting principles generally accepted in the U.S. The DoD Agency-Wide Basic Financial Statements provide the financial status of the entire Department. The DoD OIG is the principal auditor for the DoD Agency-Wide Basic Financial Statements.
Audit of DoD's Implementation of the Cybersecurity Information Sharing Act of 2015
The objective of this audit is to assess the DoD’s actions in carrying out the Cybersecurity Information Sharing Act (CISA) requirements during 2017 and 2018. CISA requires the Inspectors General of seven Federal entities, the Departments of Commerce, Defense, Energy, Homeland Security, Justice, Treasury, and the Office of the Director of National Intelligence to jointly report to Congress every two years on the actions of the executive branch of the U.S. Government in carrying out the CISA requirements.
Audit of DoD Compliance With the Digital Accountability and Transparency Act of 2014
The objectives of this audit, required by Public Law 113-101 “Digital Accountability and Transparency Act of 2014 (DATA Act),” are to assess the completeness, timeliness, quality, and accuracy of the first quarter FY 2019 funding data and detail level financial data, such as contract or grant data, submitted by DoD for publication on USAspending.gov. The audit also assesses the DoD’s implementation and use of the Government-wide financial data standards established by the Office of Management and Budget and the U.S. Treasury. The DATA Act improves the quality of data submitted to USASpending.gov by holding Federal agencies accountable for the completeness and accuracy of the data submitted.
External Peer Review of the United States Special Operations Command, Office of the Inspector General, Audit Division
The objective of this review is to determine whether the quality control program for the U.S. Special Operations Command, Office of the Inspector General, Audit Division is designed to provide reasonable assurance that the policies and procedures related to the system of audit quality are suitably designed, operating effectively, and complied with in practice.