Laws & Regulations

Report: Results of Technical Network Vulnerability Assessment: Region 8

Report #09-P-0187, June 30, 2009. Vulnerability testing conducted in April 2009 of EPA’s Region 8 network identified Internet Protocol addresses with numerous high-risk vulnerabilities.

Report: Results of Technical Network Vulnerability Assessment: EPA’s Great Lakes National Program Office

Report #09-P-0185, June 30, 2009. Vulnerability testing conducted in May 2009 of EPA’s Great Lakes National Program Office network identified Internet Protocol addresses with several high-risk vulnerabilities associated with one device.

Report: Results of Technical Network Vulnerability Assessment: EPA’s Potomac Yard Buildings

Report #09-P-0188, June 30, 2009. Vulnerability testing of EPA’s Potomac Yard buildings network conducted during April 2009 indicated several high-risk vulnerabilities.

Report: Results of Technical Network Vulnerability Assessment: EPA’s National Computer Center

Report #09-P-0055, December 9, 2008. Vulnerability testing of EPA’s National Computer Center network identified Internet Protocol addresses with high-risk and medium-risk vulnerabilities.

Report: Walker River Paiute Tribe Needs to Improve Its Internal Controls to Comply With Federal Regulations

Report #15-2-0165, June 11, 2015. The Walker River Paiute Tribe did not comply with federal regulations, resulting in $994,963 of questioned costs.

Report: Improvements Needed in EPA’s Network Traffic Management Practices

Report #11-P-0159, March 14, 2011. OEI does not have consistent, repeatable intrusion detection system monitoring practices in place, which inhibits EPA’s ability to monitor unusual network activity and thus protect Agency systems and associated data.

Report: Results of Technical Network Vulnerability Assessment: EPA’s National Health & Environment Effects Research Laboratory, Western Ecology Division

Report #11-P-0429, August 3, 2011. Vulnerability testing of EPA’s NHEERL Western Ecology Division network conducted in March 2011 identified Internet Protocol addresses with numerous high-risk and medium-risk vulnerabilities.

Report: EPA’s Emergency Response Systems at Risk of Having Inadequate Security Controls

Report #21-E-0226, September 13, 2021. If the availability and integrity of emergency response system data are jeopardized, it could harm the EPA’s ability to coordinate response efforts to protect the public from environmental disasters.

Report: The EPA’s Fiscal Years 2020 and 2019 Toxic Substances Control Act Service Fee Fund Financial Statements

Report #23-F-0005, December 29, 2022. We found the fund’s financial statements, except for expenses and income from other appropriations, to be fairly presented.

Report: EPA Has Reduced Its Backlog of State Implementation Plans Submitted Prior to 2013 but Continues to Face Challenges in Taking Timely Final Actions on Submitted Plans

Report #21-E-0163, June 14, 2021. Delays in EPA SIP actions increase the risk that state or local air agencies are not implementing plans sufficient to achieve or maintain the NAAQS.

Report: The EPA’s Fiscal Years 2021 and 2020 (Restated) Hazardous Waste Electronic Manifest System Fund Financial Statements

Report #22-F-0062, September 30, 2022. We found the fund’s financial statements, except for accounts receivable and earned revenue, to be fairly presented.

Report: EPA’s Fiscal Years 2020 and 2019 (Restated) Financial Statements for the Pesticides Reregistration and Expedited Processing Fund

Report #21-F-0012, December 21, 2021. We found the fund’s financial statements to be fairly presented and free of material misstatement.

Report: Audit of EPA’s Fiscal Years 2015 and 2014 Consolidated Financial Statements

Report #16-F-0040, November 16, 2015. We found the EPA’s financial statements to be fairly presented and free of material misstatement.

Report: EPA's Fiscal Year 2019 First Quarter Compliance with the Digital Accountability and Transparency Act of 2014

Report #20-P-0026, November 8, 2019. The DATA Act requires the EPA to report accurate financial and award data on USAspending.gov.

Report: The EPA Failed to Complete Corrective Actions as Certified to Address OIG Recommendations

Report #22-N-0061, September 30, 2022. We conducted this review to provide considerations for the EPA to strengthen its corrective action certification process. When the Agency certifies to the completion of corrective actions that have not been completed,

Report: Awards Made by EPA’s Office of the Chief Financial Officer Raise Questions

Report #16-P-0048, November 30, 2015. OCFO’s unprecedented award of $9,000 in bonuses to a Director less than 3 months after being hired raises questions about the reasonableness of the awards and how the OCFO uses the awards process.

Report: U.S. Chemical Safety and Hazard Investigation Board Should Determine the Cost Effectiveness of Performing Improper Payment Recovery Audits

Report #12-P-0312, March 1, 2012. The CSB was not fully compliant with the reporting requirements of IPERA.

Report: Audit of the U.S. Chemical Safety and Hazard Investigation Board's Fiscal Years 2019 and 2018 Financial Statements

Report #20-F-0032, November 19, 2019. The CSB received an unmodified opinion on its fiscal years 2019 and 2018 financial statements.

Report: EPA's Fiscal Years 2019 and 2018 (Restated) Consolidated Financial Statements

Report #20-F-0033, November 19, 2019. We found the EPA's financial statements to be fairly presented and free of material misstatement.

Report: Hotline: EPA Is Taking Steps to Update Its Federal Radiation Guidance

Report #22-E-0016, January 6, 2022.