Laws & Regulations

Report: Significant Data Quality Deficiencies Impede EPA’s Ability to Ensure Companies Can Pay for Cleanups

Report #16-P-0126, March 31, 2016. Management Alert. Environmental and extensive financial risks exist from the EPA's failure to have accurate and complete data to monitor and ensure compliance with RCRA and CERCLA financial assurance requirements.

Report: EPA’s Tracking and Reporting of Its Conference Costs Need Improvement

Report #16-P-0081, January 7, 2016. Accurate data on conference costs will provide the EPA with the information it needs to be more efficient in how funds are spent.

Report: The EPA Could Improve Its Review of Drinking Water State Revolving Fund Programs to Help States Assist Disadvantaged Communities

[Paste Description here]

Report: The EPA’s Vulnerability Tracking and Remediation and Information Technology Procedures Review Processes Are Implemented Inconsistently

[Paste Description here]

Report: Report of Investigation: Katherine A. Lemos, Former Chairperson and Chief Executive Officer, U.S. Chemical Safety and Hazard Investigation Board

[Paste Description here]

Report: Pesticide Registration Fee, Vulnerability Mitigation and Database Security Controls for EPA’s FIFRA and PRIA Systems Need Improvement

Report #19-P-0195, June 21, 2019. Proper vulnerability testing, fee registration and database controls are essential to the security of the EPA's FIFRA and PRIA systems.

Report: EPA Complied with Improper Payments Legislation but Stronger Internal Controls Are Needed

Report #19-P-0163, May 31, 2019. Improvements to processes for preventing and detecting improper payments will result in better use of funds for environmental and supporting programs.

Report: Audit of Financial Statements for EPA’s Hazardous Waste Electronic Manifest System Fund From Inception (October 5, 2012) to September 30, 2014

Report #16-F-0251, August 1, 2016. We found the fund’s financial statements to be fairly presented and free of material misstatement.

Report: EPA's Financial Oversight of Superfund State Contracts Needs Improvement

Report #16-P-0217, June 27, 2016. With improved financial oversight, the EPA may manage SSCs more effectively, report results more accurately, and increase the availability of funds for cleanups protecting public health.

Report: EPA Must Improve Oversight of State Enforcement

Report #12-P-0113, December 9, 2011. EPA does not administer a consistent national enforcement program.

Report: CSB's Information Security Program Is Defined, but Improvements Needed in Risk Management, Identity and Access Management, and Incident Response

Report #20-P-0077, February 12, 2020. The CSB lacks documented procedures to address information technology risks and threats from cybersecurity incidents.

Report: EPA Adequately Managed Hurricane Harvey Funding Received from FEMA

Report #20-P-0010, October 23, 2019. The EPA had policies and procedures in place for efficient and effective management of over $11 million in FEMA Disaster Relieve Funding for the Hurricane Harvey response.

Report: Region 4 Quickly Assessed Water Systems After Hurricane Irma but Can Improve Emergency Preparedness

Report #20-P-0001, October 7, 2019. EPA staff training with state partners and development of standard operating procedures could improve emergency response.

Report: EPA Region 6 Quickly Assessed Water Infrastructure after Hurricane Harvey but Can Improve Emergency Outreach to Disadvantaged Communities

Report #19-P-0236, July 16, 2019. Enhancements to environmental justice outreach efforts during emergencies could improve the public health protections of communities impacted by hurricanes or other disasters.

Report: Insufficient Practices for Managing Known Security Weaknesses and System Settings Weaken EPA's Ability to Combat Cyber Threats

Report #19-P-0158, May 21, 2019. Missing POA&M data and incorrect security settings limit the EPA's ability to manage enterprise risk and strengthen its security procedures.

Report: CSB Still Needs to Improve Its 'Incident Response' and 'Identity and Access Management' Information Security Functions

Report #19-P-0147, May 9, 2019. The CSB lacks established procedures for automated processes and authentication technologies, which could permit unauthorized access to agency systems.

Report: EPA Consistently Implements Processes Within Its Information Security Program, but Opportunities for Improvement Exist

Report #19-P-0058, January 30, 2019. Further improvements are needed to strengthen internal processes to better protect human health and environmental data from cybersecurity threats.

Report: EPA’s Information Security Program Is Established, but Improvements Are Needed to Strengthen Its Processes

Report #18-P-0031, October 30, 2017. Although the EPA has an effective information security program, management emphasis is needed to achieve a higher level of maturity for the agency’s information security program.

Report: Drinking Water Contamination in Flint, Michigan, Demonstrates a Need to Clarify EPA Authority to Issue Emergency Orders to Protect the Public

Report #17-P-0004, Oct 20, 2016. To avoid future public health harm through drinking water contamination, the EPA needs to clarify for its employees how its emergency authority can and should be used to intervene in a public health threat.

Report: EPA Has Developed Guidance for Disaster Debris but Has Limited Knowledge of State Preparedness

Report #16-P-0219, June 29, 2016. The EPA can reduce the risk of future unsafe debris disposal practices by improving its understanding and awareness of the quality and completeness of state disaster debris management plans.