This is the accessible text file for GAO report number OIG-12-4 
entitled 'Semiannual Report: October 1, 2011, through March 31, 2012' 
which was released on June 22, 2012. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Office of the Inspector General: 
United States Government Accountability Office: 

May 2012: 

Semiannual Report: October 1, 2011, through March 31, 2012: 

OIG-12-4: 

United States Government Accountability Office: 
Office of the Inspector General: 

Memorandum: 

Date: May 24, 2012: 

To: Comptroller General Gene L. Dodaro: 

From: [Signed by] Inspector General Frances Garcia: 

Subject: Semiannual Report--October 1, 2011, through March 31, 2012: 

In accordance with Section 5 of the Government Accountability Office 
Act of 2008 (GAO Act), I am pleased to submit the Office of the 
Inspector General (OIG) semiannual report for the 6-month period 
ending March 31, 2012, for your comments and its transmission to the 
Congress. 

During this period, we have continued in our efforts to meet our 
statutory mandate to promote economy, efficiency, and effectiveness at 
GAO. For example, the OIG continued to provide reasonable assurance 
that our quality control framework of policies and procedures related 
to generally accepted government auditing standards and the Council of 
the Inspectors General on Integrity and Efficiency (CIGIE) standards 
are suitably designed and operating effectively. Further, the OIG 
completed an internal inspection of the OIG's system of quality 
control for the work completed during the fiscal year that ended 
September 30, 2010. In addition, we completed a review of the closed 
investigations case files for fiscal years 2010 and 2011 in an effort 
to determine the level of conformity with the standards adopted in the 
Council of the Inspectors General on Integrity and Efficiency Quality 
Standards for Investigations.[Footnote 1] The results of the internal 
inspection and review concluded that, for the periods indicated, the 
OIG generally complied with prescribed quality standards for audit, 
inspection, and investigative work performed during fiscal years 2010 
and 2011. 

We have continued our efforts to strengthen our quality control system 
through a number of actions taken or in progress in response to 
recommendations resulting from the internal inspection and review. Due 
to the increasing number and nature of complaints, we hired a criminal 
investigator to fill a new Assistant Inspector General for 
Investigations (AIGI) position. The AIGI is responsible for overseeing 
the OIG hotline complaint process and independently planning and 
conducting investigations of allegations of fraud, abuse, and other 
deficiencies relating to GAO. In addition, the AIGI is responsible for 
continuing our efforts to strengthen our system of quality control for 
investigations. Actions planned and taken by the AIGI regarding OIG 
hotline and investigative functions include reviewing and revising the 
policies and procedures manual for investigations to help ensure 
compliance with applicable CIGIE standards; establishing investigative 
and case-specific goals, objectives, and priorities; and exploring 
shared services options for implementing an automated case management 
system for records and evidence management. 

Activities of the Office of the Inspector General: 

Audits: 

On March 30, 2012, the OIG reported on GAO's voluntary compliance with 
the Federal Information Security Management Act of 2002 and other 
federal security requirements.[Footnote 2] The Federal Information 
Security Management Act of 2002 (FISMA) requires that each federal 
agency in the executive branch establish an agencywide information 
security management program for the information systems that support 
the agency's operations and assets. GAO is not obligated by law to 
comply with FISMA or executive branch information policies but has 
adopted them to help ensure physical and information system security. 
Our evaluation showed that GAO has established an overall information 
security program that is generally consistent with the requirements of 
FISMA, Office of Management and Budget implementing guidance, and 
standards and guidance issued by the National Institute of Standards 
and Technology. However, using FISMA reporting metrics for federal 
inspectors general, we identified opportunities to improve specific 
elements of this program that concern: 

* addressing information security risk from an overall agency 
perspective through a comprehensive governance structure and 
organization-wide risk management strategy, 

* remediating security weaknesses identified for agency information 
systems in a timely manner, 

* building out GAO's Alternative Computing Facility to fully support 
the agency's mission-essential functions in the event of an emergency 
or disaster, and: 

* developing accurate statistics for employees and contractors 
completing annual security awareness and role-based training. 

We recommended that GAO (1) establish a comprehensive governance 
structure and organization-wide risk management strategy for the 
security of its information systems; (2) enhance accountability for, 
and management of, the agency's information security weakness 
remediation process; (3) provide senior management with adequate 
information to consider and prioritize building out the capabilities 
of the agency's Alternative Computing Facility; and (4) develop and 
implement procedures for capturing data that accurately reflect agency 
compliance with security training requirements as of the end of each 
fiscal year. GAO concurred with these recommendations. Actions taken 
in response to the recommendations are expected to be reported to the 
OIG within 60 days of the report issuance date. 

In addition, we updated our audit risk assessment of GAO programs and 
operations to aid in our development of risk-based audit work plan for 
fiscal year 2012. Based on the risk assessment and our work plan, we 
have ongoing work involving hiring and retention incentives and 
Contracting Officer Representative training.[Footnote 3] We also 
participated in the activities of the broader inspector general 
community, including the CIGIE and the quarterly meetings of the 
Legislative Branch Inspectors General.[Footnote 4] 

Investigations: 

For this reporting period, the OIG received, reviewed, and 
investigated complaints or information concerning the possible 
existence of activities constituting a violation of any law, rule, 
regulation, or mismanagement or gross waste of funds. The OIG's 
hotline continues to be our primary source of complaints or 
information for identifying suspected fraud and other serious 
problems, abuses, and deficiencies relating to the administration of 
GAO's programs and operations.[Footnote 5] Of the complaints received, 
some resulted in the opening of investigations; others were referred 
to GAO offices, units, or other law enforcement offices for 
consideration; and some were closed and not accepted for investigation 
or referral. 

As shown in table 1, we had a total of 191 hotline complaints during 
this 6-month reporting period--189 received during the period and 2 
that were open at the start of the period. Eight complaints were 
closed with a referral to the appropriate GAO office because they 
involved matters such as personnel or security. Sixty-four complaints 
were closed with a referral to FraudNet[Footnote 6] because they 
involved matters related to the receipt, disbursement, and use of 
public money outside of GAO. Seventy one were closed due to 
insufficient factual information that would warrant further 
investigation; 16 others were closed with a referral to the 
appropriate agency Office of the Inspector General or law enforcement 
offices because they concerned matters related to other federal 
agencies programs, operations, or employees. Regarding the 10 other 
complaints, we converted them to full investigations. At the end of 
the reporting period, 22 complaints remained open. 

Table 1: Summary OIG Hotline Complaint Activities, October 1, 2011, 
through March 31, 2012A: 

Complaints open at start of this reporting period: 2. 

New complaints received this reporting period: 189. 

Total complaints: 191. 

Disposition of Complaints Received: 

Complaints closed (referred to other units within GAO): 8. 

Complaints closed (referred to FraudNet): 64. 

Complaints closed (insufficient information/no basis): 71. 

Complaints closed (no jurisdiction and referred to appropriate agency 
OIG or other law enforcement offices): 16. 

Complaints closed (converted to full investigations): 10. 

Total complaints still open at the end of the reporting period: 22. 

Source: OIG. 

[A] Complaints include inquiries and allegations received by the OIG. 

[End of table] 

As shown in table 2, we had 12 investigations initiated during the 
reporting period, 2 of which were open at the start of this 6-month 
reporting period; the remaining 10 were initiated during the report 
period and included allegations related to possible contract fraud and 
possible travel and telework policy violations. Six of the 
investigations were closed due to insufficient factual information or 
referred to the appropriate GAO office for review and action. At the 
end of the reporting period, 6 cases remained opened, one of which is 
a joint investigation being led by the Federal Bureau of Investigation. 

Table 2: Summary of OIG Investigative Activities, October 1, 2011, 
through March 31, 2012: 

Investigations open at the start of this reporting period: 2. 

Investigations initiated during this reporting period: 10. 

Total investigations: 12. 

Investigations closed this reporting period (no basis or referred to 
other GAO units for review and action): 6. 

Total investigations open at the end of this reporting period: 6. 

Source: OIG. 

[End of table] 

Other Activities: 

In addition to our audit and investigative activities, the OIG was 
involved in a number of outreach and liaison activities, including 
oversight of the Commission on Civil Rights, active participation in 
the community of federal inspectors general, monitoring GAO's 
management challenges, and tracking the status of open recommendations 
to GAO for corrective actions to address identified problems. 
Following are highlights of these activities. 

OIG Commission on Civil Rights Oversight: 

During this reporting period, we performed the duties and 
responsibilities of the IG of the United States Commission on Civil 
Rights (Commission). The Commission's IG was created by the 
Consolidated and Further Continuing Appropriations Act of 2012. 
[Footnote 7] The duties, responsibilities, and authorities of the 
Commission's Inspector General are specified in the Inspector General 
Act of 1978, as amended.[Footnote 8] The act further designated that 
the IG of GAO also holds the position of IG of the Commission and 
directed that personnel of GAO's OIG be utilized to perform the duties 
of the Inspector General for the Commission. The IG shall conduct 
audits and investigations relating to programs and operations 
administered or financed by the Commission and keep the Commissioners 
and the Congress fully informed concerning fraud or other serious 
problems, abuses, and deficiencies identified. 

Council of the Inspectors General on Integrity and Efficiency and 
Legislative Branch Inspectors General: 

During this 6-month reporting period, the OIG participated in the 
activities of the broader inspector general community. For example, 
the OIG served as a member of the Council of the Inspectors General on 
Integrity and Efficiency (Council), as provided under the Inspector 
General Reform Act of 2008.[Footnote 9] As a member, the OIG 
participated in the plans, programs, and projects of the Council and 
adhered to professional standards established by the Council. The OIG 
also participated in the Legislative Branch Inspectors General 
quarterly meetings. 

Inspector General's View of GAO's Management Challenges: 

For this reporting period, we completed a review of GAO's assessment 
of its management challenges before publication of GAO's fiscal year 
2011 Performance and Accountability Report.[Footnote 10] The Inspector 
General cited this assessment in an October 27, 2011, memorandum to 
the Comptroller General, which was published in GAO's fiscal year 2011 
performance report. In our memorandum, we agreed with management's 
assessment and decision to remove physical security and information 
security and to retain human capital management as management 
challenges for fiscal year 2011. The OIG agreed that while 
improvements have been made in GAO's human capital management, this 
area continues to present a management challenge for the agency as it 
strives to maintain an agile and effective workforce. In 2011, GAO 
identified "engagement efficiency" as a new management challenge in 
recognition of its need to find ways to improve its efficiency in 
producing quality work in support of the Congress within a declining 
resource environment. We concurred with GAO's decision to recognize 
the importance of these efforts by designating engagement efficiency 
as a management challenge. 

GAO Actions on Recommendations Made in Prior OIG Reports: 

Timely resolution of outstanding audit recommendations continues to be 
a priority for both our office and the agency. During the semiannual 
reporting period, we tracked the overall status of all reports and 
recommendations issued by the OIG, and actions planned and taken by 
GAO in response to OIG recommendations. For this reporting period, GAO 
undertook or continued actions to respond to 15 recommendations in six 
previous OIG reports. For the purposes of this report, a 
recommendation is considered open when an action (1) has not been 
taken but may be taken, (2) is in the planning stage, or (3) has been 
taken on only part of the recommendation. In addition, a 
recommendation is considered implemented and closed when an action has 
been taken that essentially meets the recommendation's intent. Table 3 
provides a brief summary of the recommendations. 

Table 3: Agency Actions on Recommendations Made in Prior OIG Reports, 
October 1, 2011, through March 31, 2012: 

OIG audit and other reports: Suspension and debarment procedures; 
(Sept. 30, 2010); 
Recommendation: 1. Consider developing and adopting suspension and 
debarment procedures; 
Status of actions planned and taken by GAO in response to the 
recommendation: Recommendation closed. GAO implemented the 
recommendation. A policy statement was published in the Federal 
Register on February 13, 2012, 77 F.R. 7579-81, effective immediately. 

OIG audit and other reports: Information Security: Evaluation of GAO's 
Program and Practices for Fiscal Year 2010, OIG-11-3; (Mar. 4, 2011); 

Recommendation: 2. Incorporate procedures within its annual systems 
inventory process that require inventory changes to be documented and 
formally approved by the Chief Information Officer and that system 
interfaces be identified between GAO systems and those operated by 
other agencies and contractors; 
Status of actions planned and taken by GAO in response to the 
recommendation: Recommendation closed; GAO implemented the 
recommendations; GAO established a process to document and formally 
approve inventory changes. 

Recommendation: 3. Identify and pursue additional options for 
obtaining assurances that certain contractor systems meet federal 
information security requirements; 
Status of actions planned and taken by GAO in response to the 
recommendation: Recommendation closed; GAO completed a security 
assessment of certain contractor systems to ensure the systems met 
federal information security requirements. 

Recommendation: 4. Continue efforts to complete and document required 
information security processes and procedures for all GAO-operated 
systems; 
Status of actions planned and taken by GAO in response to the 
recommendation: Recommendation closed; GAO completed and documented 
required information security processes and procedures for all GAO 
operated systems. 

Recommendation: 5. Proceed with plans to establish a security 
configuration scanning capability for GAO notebook computers and 
workstations; 
Status of actions planned and taken by GAO in response to the 
recommendation: Recommendation closed; GAO scanned computers for 
compliance with security configuration. 

Recommendation: 6. Incorporate changes to the configuration management 
process that remediate specific open configuration-related 
vulnerabilities; 
Status of actions planned and taken by GAO in response to the 
recommendation: Recommendation closed; GAO incorporated changes that 
addressed specific open configuration-related vulnerabilities. 

Recommendation: 7. Ensure that access to annual role-based information 
security training or its equivalent is provided for all contractor 
staff required to take this training; 
Status of actions planned and taken by GAO in response to the 
recommendation: Recommendation closed; GAO implemented new mandatory 
role-based training for all contractors with significant information 
security responsibilities. 

OIG audit and other reports: GAO management challenges and performance 
measures; (Oct. 28, 2010); 
Recommendation: 8. Re-examine management challenges to determine 
whether (1) significant actions had been taken in the areas of 
physical security, information security, or human capital to justify 
removal of any of these management challenges and (2) other risks have 
emerged that may warrant designation as GAO management challenges; 
Status of actions planned and taken by GAO in response to the 
recommendation: Recommendation closed; GAO implemented the 
recommendation. GAO's assessment led to a decision to remove physical 
security and information security and to retain human capital 
management as management challenges for fiscal year 2011. GAO 
identified "engagement efficiency" as a new management challenge in 
recognition of its need to find ways to improve its efficiency in 
producing quality work in support of the Congress within a declining 
resource environment. 

OIG audit and other reports: Information Security: Evaluation of GAO's 
Information Security Program and Practices for Fiscal Year 2009, OIG-
10-3; (Jan. 4, 2010); 
Recommendation: 9-10. Continue efforts to implement additional 
requirements for the agency's privacy program; 
Status of actions planned and taken by GAO in response to the 
recommendation: Recommendations open; GAO plans to implement 
additional requirements after a privacy rule and order are finalized. 

OIG audit and other reports: Matter for management consideration 
regarding Tiny Findings Inc; (Mar. 24, 2011); 
Recommendation: 11. Consider the desirability and feasibility of 
expanding oversight of Tiny Findings Inc. in a manner similar to the 
oversight provided by the General Services Administration for child-
care facilities in other federal office buildings; 
Status of actions planned and taken by GAO in response to the 
recommendation: Recommendation open; GAO plans to provide 
documentation of agreements and new memorandums of agreement. GAO also 
plans to provide an update on efforts to be accredited by the National 
Association for the Education of Young Children. 

OIG audit and other reports: Internal controls regarding telework, 
official duty station, and transit benefits; (July 18, 2011); 
Recommendation: 12-15. Improve monitoring of the telework program; 
Status of actions planned and taken by GAO in response to the 
recommendation: 
Recommendation closed: GAO developed and implemented procedures to 
monitor transit benefits; 
Recommendations open: GAO developed and implemented a telework 
communications strategy to explain and/or remind staff of the telework 
policy and available program resources. On January 31, 2012, GAO 
published in GAO Notices an announcement of a proposed change 
regarding its telework order. The period for comments by GAO employees 
closed on March 2, 2012. 

Source: OIG. 

[End of table] 

I provided GAO with a draft of this report for review and comment. The 
agency provided technical comments that we incorporated, as 
appropriate. 

I want to thank GAO's Executive Committee, managers, and staff for 
their cooperation during our reviews. The OIG's team of dedicated 
professionals remains committed to helping GAO improve the services it 
provides American taxpayers; the accomplishments reported in this 
letter are the direct results of their efforts. 

cc: 
Patricia A. Dalton, Chief Operating Officer, GAO:
Lynn H. Gibson, General Counsel, GAO:
David M. Fisher, Chief Administrative Officer/Chief Financial Officer, 
GAO:
GAO's Audit Advisory Committee: 

[End of section] 

Footnotes: 

[1] The Quality Standards for Investigations contain three general 
standards (qualification, independence, and due professional care) and 
four qualitative standards (planning, execution, reporting, and 
information management). 

[2] GAO, Office of the Inspector General, Information Security: 
Evaluation of GAO's Program and Practices for Fiscal Year 2011, 
[hyperlink, http://www.gao.gov/products/OIG-12-2] (Washington, D.C.: 
Mar. 30, 2012). 

[3] While our engagements are generally focused on areas identified in 
our work plan, adjustments to our work plan are made, as needed, in an 
effort to ensure we are in tune with changing conditions or emerging 
issues and are able to respond appropriately. 

[4] The six legislative branch IGs are (1) the Government 
Accountability Office, (2) the Architect of the Capitol, (3) the 
Government Printing Office, (4) the Library of Congress, (5) the 
Capitol Police, and (6) the House of Representatives. 

[5] OIG has a toll-free Hotline number that is staffed by a contractor 
24 hours a day, 7 days a week. The toll-free number is (866) 680-7963. 

[6] FraudNet is a governmentwide hotline operated by GAO staff that 
receives complaints of fraud, waste, and abuse of federal funds. 

[7] Pub. L. No. 122-55. 125 Stat. 552, 628 (Nov. 18, 2011). 

[8] Pub. L. No. 95-452, 92 Stat. 1101 (Oct. 12, 1978), codified as 
amended at 5 U.S.C. App. 

[9] 5 U.S.C. App. � 11 (b) (1) (I). 

[10] GAO, Performance and Accountability Report--Fiscal Year 2011, 
[hyperlink, http://www.gao.gov/products/GAO-12-4SP] (Washington, D.C.: 
Nov. 15, 2011). 

[End of section] 

Reporting Fraud, Waste, and Abuse in GAO�s Internal Operations: 

To report fraud, waste, and abuse in GAO�s internal operations, do one 
of the following. (You may do so anonymously.) 

* Call toll-free (866) 680-7963 to speak with a hotline specialist,
available 24 hours a day, 7 days a week. 

* Online at: [hyperlink, https://OIG.alertline.com]. 

Obtaining Copies of OIG Reports and Testimony: 

To obtain copies of OIG reports and testimony, go to GAO�s Web site: 
[hyperlink, http://www.gao.gov/about/workforce/ig.html]. 

Congressional Relations: 

Katherine Siggerud, Managing Director, siggerudk@gao.gov,
(202) 512-4400, U.S. Government Accountability Office, 441 G Street
NW, Room 7125, Washington, DC 20548. 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149,
Washington, DC 20548.