The Investigative Journal’s weekly survey of newly released federal audits, inspector general findings, FOIA disclosures, and state and municipal records that deserve closer attention. All findings are sourced to public records.
Federal audits and inspector general findings
1. GAO flags five new internal-control weaknesses at the IRS, mostly in IT
The U.S. Government Accountability Office issued its annual financial audit of the Internal Revenue Service this month, concluding that the agency’s fiscal year 2025 financial statements were fairly presented but that auditors had identified five new deficiencies in internal control over financial reporting. According to the GAO, four of those deficiencies are sensitive in nature and tied to information systems, including three access-control weaknesses and one security-management deficiency.
The auditors said the new and continuing IT-related deficiencies “increase the risk of unauthorized access to and modification of data and programs, disclosure of sensitive data, and disruption of critical operations.” The IRS closed 14 of 30 prior open recommendations during FY 2025, but a long-standing significant deficiency in the way the agency accounts for federal taxes receivable and other unpaid assessments remains unresolved. Records of the audit are available in GAO-26-107977 and the related controls report GAO-26-108898.
2. GAO update: CBP public-private partnerships at U.S. ports of entry keep growing
The GAO publicly released an update on May 7 documenting the continued expansion of two Customs and Border Protection programs that allow private-sector and local-government partners to fund CBP operations. According to the report, more than 1 million people and over 88,000 truck, rail, and sea containers crossed into the United States daily through 328 ports of entry in fiscal 2024.
The Reimbursable Services Program has grown to 639 partnerships since FY 2013, with 241 added since the prior 2024 review, while the Donations Acceptance Program now includes 70 partnerships, a gain of 24, the GAO said. The agency catalogues both arrangements as tools to relieve strain on federal staffing, but the report’s data also raises a quieter accountability question for Congress: how dependent has frontline border processing become on payments from outside CBP’s appropriations? The full document is available as GAO-26-108751.
3. DOJ inspector general questions $86,000 in a $2 million Purdue AI reentry grant
The Department of Justice Office of the Inspector General released audit report 26-051 on May 7, examining a $1,999,779 cooperative agreement awarded by the National Institute of Justice in September 2019 to Purdue University to develop an artificial-intelligence intervention designed to help formerly incarcerated people reenter their communities. The OIG concluded that “neither Purdue nor NIJ implemented effective procedures or controls to ensure adequate, appropriate cooperative agreement administration and oversight.”
The audit identified $86,036 in questioned costs tied to disallowed work and unused supplies, and it found that Purdue had stockpiled 128 smartwatches and 52 smartphones, originally purchased for $33,667, that were never deployed because the project failed to recruit the intended number of participants. As of February 2026, the OIG said, those devices were still sitting in inventory with no plan from NIJ on what to do with them. The audit memo is posted at oig.justice.gov.
4. Federal Reserve OIG: 677 laptops worth $1.4 million sat unaccounted-for in storage
An audit by the Federal Reserve Board’s Office of Inspector General — formally numbered 2026-FMIC-B-005 and titled “The Board Should More Effectively Manage and Secure Its Inventory of Unassigned Laptops and Hard Drives Ready for Disposal” — drew renewed attention this past week as outside outlets revisited its findings. The OIG reported that 677 new laptops valued at more than $1.4 million sat in storage for roughly eight months without being inventoried, exposed to what auditors described as “significant risk of theft or loss” because none had been tagged with the standard tracking barcodes.
The OIG also said it could not determine how many devices may already be missing because the Board’s underlying inventory records were unreliable. The full audit is published on the OIG’s reports portal at oig.federalreserve.gov. For a federal entity that handles sensitive monetary-policy and supervisory data, weak hardware accountability is the kind of basic control failure that compounds the more serious cyber risks regulators routinely warn private banks about.
FOIA releases and declassified documents
5. Pentagon launches PURSUE portal with 162 declassified UAP files
The Department of War (formerly the Department of Defense) on May 8 launched the Presidential Unsealing and Reporting System for UAP Encounters — branded PURSUE — and released the first tranche of 162 declassified documents related to unidentified anomalous phenomena. According to the agency’s release, the initial batch comprises 120 PDFs, 28 videos, and 14 images drawn from records held by the Department of War, the FBI, NASA, and the State Department. The materials reportedly span 1948 through 2026 and include Apollo-era imagery and astronaut transcripts referencing UFO sightings, alongside law-enforcement reports of unusual aerial objects.
Officials said the documents do not, on their face, confirm extraterrestrial origin for any phenomenon and emphasized that the release is the start of a rolling disclosure process, with additional tranches to be posted as records are reviewed and declassified. The portal sits at war.gov/ufo and requires no security clearance to access. The official release announcement is available at war.gov. For investigative reporters, the more useful entry points may be the chain-of-custody and routing metadata on each document rather than the headline videos.
State auditor and municipal records
6. North Carolina indicts former Pilot Mountain town manager after state auditor probe
The North Carolina Office of the State Auditor on May 11 announced that a Surry County grand jury had indicted Michael Boaz, the former town manager of Pilot Mountain, on a Class F felony embezzlement charge. Auditors reviewed 793 town-issued credit-card transactions totaling $317,604 between January 2022 and November 2024 and reported finding personal purchases that included food, alcohol, electronics, ammunition, transportation services, gift cards, and personal travel.
The OSA report indicates Boaz spent more than $14,000 on food and alcohol-related purchases on the town card and roughly $2,300 on gift cards, and that he used a signature stamp bearing the mayor’s signature to sign checks — a practice that, according to the report, bypassed required oversight. Auditors also noted evidence that the former manager may have used town time and resources to perform outside consulting work. The indictment is an allegation; Boaz is presumed innocent unless proven guilty. The full report is at auditor.nc.gov.
7. Village of Cuba, New Mexico, releases special-audit findings
The Village of Cuba in Sandoval County, New Mexico, posted notice on May 11 that the New Mexico Office of the State Auditor’s special-audit findings for the village had been formally released. The village’s notice directs members of the public to the New Mexico OSA’s portal for the full findings document and indicates that printed copies can be reviewed in person at the village administrative offices and the local public library. A formal public presentation of the audit was noticed for May 8. Records of the release are at cubanm.gov.
Special audits in small New Mexico jurisdictions historically surface weaknesses in cash handling, procurement, and grant administration; whether those patterns recur in Cuba will become clearer once the OSA report itself is parsed. TIJ will track follow-on enforcement.
8. Kentucky state auditor expands probe of Fayette County Public Schools
Kentucky Auditor of Public Accounts Allison Ball provided a public update on May 8 indicating that her office’s special examination into the finances of Fayette County Public Schools — one of the largest school districts in the commonwealth — has been broadened. Ball’s office has not yet published a full findings report, and the underlying allegations remain under examination rather than adjudicated. Coverage of the auditor’s update is available via WKYT; readers should monitor the auditor’s official site at auditor.ky.gov for the eventual report.
Government data releases
9. CMS expands public Medicare datasets and previews fraud-transparency rule
The Centers for Medicare & Medicaid Services in late April formally noticed the release of additional public data assets under the Open, Public, Electronic, and Necessary (OPEN) Government Data Act. According to the Federal Register notice, the newly available files cover Original Medicare Physician & Other Practitioners data, Inpatient and Outpatient Hospitals data, Medicare Part D Prescribers data, and Durable Medical Equipment, Devices and Supplies (DMEPOS) data — all in machine-readable form intended to support outside fraud-detection and accountability work.
CMS also indicated, as part of its CRUSH (Comprehensive Regulations to Uncover Suspicious Healthcare) initiative, that it will begin publishing the National Provider Identifiers and revocation reasons for providers and suppliers whose Medicare participation has been terminated. The Federal Register notice is at federalregister.gov, and the underlying datasets are accessible via data.cms.gov.
Records that warrant deeper TIJ investigation
Three threads from this week’s releases warrant follow-up reporting. First, the GAO’s identification of three access-control deficiencies and one security-management weakness inside the IRS — sensitive enough that the agency redacted specifics — is a recurring story line that has now persisted across multiple administrations and deserves an end-to-end accounting of which prior recommendations remain open and why.
Second, the DOJ OIG’s Purdue audit illustrates a broader question the inspector-general community has raised quietly for years: whether the National Institute of Justice’s cooperative-agreement oversight mechanisms are robust enough to prevent multimillion-dollar awards from drifting into incomplete deliverables and idle inventory. A cross-agency look at NIJ’s award-monitoring track record is overdue.
Third, the CBP partnership update shows that a growing share of port-of-entry capacity is funded through reimbursable agreements and donations rather than direct appropriations. That is a legitimate policy choice — but the public record on who pays, what they receive in return, and how CBP guards against the appearance of preferential treatment remains thinner than the program’s scale would justify. TIJ intends to file targeted FOIA requests for the underlying memoranda of agreement.
Tips on documents readers want examined more closely can be sent to the editorial desk via the contact form at tij.news. The Investigative Journal’s records-tracking work continues weekly.