The Investigative Journal compiles each Monday a roundup of notable public records released over the prior week — federal audits, inspector general findings, state and municipal investigations, and consequential FOIA disclosures. This week’s docket is dominated by a Government Accountability Office finding that cleared defense contractors logged 815 classified-data violations in a single fiscal year, alongside a North Carolina state audit that referred a flagship public university for criminal investigation over $5 million in improperly steered student aid.
Federal Audits: GAO Flags Industrial Security, FEMA Communications, Spending Transparency
815 classified-data violations, 1,032 open vulnerabilities at cleared contractor sites
The most consequential federal audit of the week, GAO-26-107861, published April 24, examines the Defense Counterintelligence and Security Agency (DCSA), the Pentagon component responsible for vetting and inspecting an estimated 90 to 95 percent of all federal classified contracts. Auditors found that in fiscal year 2025, DCSA conducted more than 4,600 security reviews, documented 815 security violations and identified more than 1,000 open vulnerabilities at cleared contractor facilities. The dominant violation category was data spills — classified information appearing on unclassified systems — accounting for 58.9 percent of all incidents, followed by improper storage at 11.5 percent, unauthorized disclosure at 6.5 percent, physical loss at 6.3 percent and improper transfer at 5.6 percent.
GAO’s broader concern, records suggest, is structural: DCSA conducts fewer than 40 percent of its required inspections at contractor sites, and the agency’s risk-assessment tools, workforce planning and an oversight center under reorganization were all flagged as deficient. The report recommends improved risk management and stakeholder engagement, and notes that a long-running data-system replacement has proceeded without meaningful input from the personnel who use it. Coverage by Bloomberg and analysis by K4I place the findings in context of repeated GAO warnings about industrial-security oversight gaps.
FEMA: $3 billion delivered, but survivors face “long wait times” and communication breakdowns
In GAO-26-108154, released April 22, auditors document that FEMA disbursed more than $3 billion in disaster assistance to over one million survivors of recent disasters. Records indicate, however, that recipients faced significant challenges navigating the agency’s Individuals and Households Program, including long wait times when calling the FEMA helpline and inconsistent guidance on documentation requirements. The report does not allege fraud on the part of survivors, but identifies process gaps that delayed payments and contributed to repeat denials of legitimate claims.
The findings arrive as Congress and the agency continue to refine the post-2023 reforms to disaster assistance eligibility. For TIJ readers tracking accountability in disaster recovery spending, the FEMA report is essential reading: it isolates the operational bottlenecks that determine whether appropriated funds actually reach survivors. The full report is available through GAO’s reports portal.
Federal spending transparency: $186 billion in improper payments and “impossibly large” records on USAspending.gov
GAO’s GAO-26-109034, on Federal Information Transparency, finds that improper payments across 64 federal programs totaled approximately $186 billion in fiscal year 2025. Auditors flagged structural problems with the public spending database USAspending.gov, including missing sub-award data, “impossibly large” dollar figures and duplicate records. As Federal News Network summarized, transparency has improved on paper while integrity gaps persist in the underlying data feeds.
For investigative reporters, the practical implication is this: federal spending data downloaded from USAspending.gov should be treated as an indicator, not a record of truth, until cross-referenced with agency-level obligations data. GAO recommends improvements to sub-award reporting and validation routines.
FHFA workforce reductions surface internal control weakness
In its annual financial-statement audit of the Federal Housing Finance Agency, GAO-26-108895 (April 23) identified a deficiency in internal controls during the 2025 audit cycle. Filings indicate the agency executed major workforce reductions during the year, but voluntary separation incentive payments and similar costs were not initially reported in their proper accounting category. FHFA management agreed with the finding and has committed to remediation. The audit does not allege misuse of funds; the issue is one of presentation and control rather than loss.
Federal real property: 8,100 buildings, persistent funding gap
Released the same week, GAO-26-109007 examines GSA’s Federal Buildings Fund, which as of March 2026 supports approximately 8,100 buildings — about 1,500 government-owned and 6,600 leased. The report outlines options for addressing chronic underfunding of building maintenance and modernization, a long-standing structural risk in federal real-property management.
Federal Inspectors General: NASA, HHS, DOJ, State Department
NASA OIG: Artemis spacesuit unlikely to be ready in time
The NASA Office of Inspector General’s audit of the Exploration Extravehicular Activity Services contract, released this month and reported by Talk of Titusville, concludes that the Axiom Extravehicular Mobility Unit (AxEMU) is unlikely to be delivered before the planned 2028 Artemis III crewed lunar landing or before the International Space Station’s planned 2030 deorbit. The IG found that a firm-fixed-price, service-based acquisition was a poor structural fit for a developmental system with no pre-existing commercial market.
The finding is significant because it tests a procurement philosophy NASA has increasingly adopted across exploration programs: paying contractors for services rather than systems. The IG’s conclusion is not that the philosophy is wrong, but that it was misapplied in this case. NASA management’s response is included in the published report.
HHS OIG: limited CMS oversight of compounded drugs in Medicare Part D
In its April 20 report, “CMS Has Limited Oversight of Selected Compounded Drugs Prescribed to Medicare Part D Enrollees,” the HHS Office of Inspector General found that the Centers for Medicare & Medicaid Services lacks routine data sufficient to ensure program integrity for compounded drugs reimbursed under Part D. The OIG noted that the FDA does not approve compounded drugs and does not verify their safety, effectiveness or quality before they are marketed, leaving CMS reliant on data submitted by Part D sponsors.
OIG records indicate the office has participated in an increasing number of fraud investigations involving compounded drugs in recent years. The agency recommends CMS expand the data it routinely collects from sponsors and use that data to target program-integrity reviews. The full report is posted to the OIG website.
DOJ OIG: state-level victim-assistance grant audits
The Department of Justice Office of the Inspector General released a series of state-level audits in April examining Office of Justice Programs Victim Assistance Funds. According to records on the DOJ OIG reports page, the office issued a Risk Assessment of the Nebraska Commission on Law Enforcement and Criminal Justice Subrecipient Monitoring Activities (April 15), an audit of OJP Victim Assistance Funds subawarded by the Virginia Department of Criminal Justice Services (April 9), and an audit involving the Alabama Department of Economic and Community Affairs and One Place Family Justice Center (April 7). The audits collectively examine how federal victim-assistance dollars are tracked and monitored once they pass to state and local subrecipients.
State Department OIG: emergency preparedness gaps at Foreign Affairs Training Center
State Department OIG released Management Assistance Report AUD-SIP-26-09, identifying emergency preparedness improvement areas at the National Foreign Affairs Training Center. The report’s findings are technical but meaningful: the training facility is the principal U.S. site for preparing diplomatic personnel for overseas postings, and its emergency-response posture is itself a national-security indicator. Full text is available via the State OIG reports portal.
State Records: North Carolina Refers Flagship University for Criminal Investigation
NC A&T: $5 million in improperly directed student aid, criminal referral to SBI
The single most aggressive state-level finding of the week came from North Carolina State Auditor Dave Boliek’s office. The Investigative Special Report, released April 23, concludes that North Carolina Agricultural and Technical State University improperly directed approximately $5 million in Administrative Recovery Funds to students as financial assistance, without documented evidence of merit- or need-based criteria.
Records reviewed by the state auditor indicate that more than $780,000 was directed to students who were either A&T employees, family members of university employees, or had personal or professional connections to the institution. In one example detailed in the report, the son of a former Associate Vice Provost was permitted to remain enrolled in apparent contravention of standing university policy and received a $10,000 scholarship — five times the budgeted maximum for that award — following a discussion between the parent administrator and the former Director of Financial Aid Operations. The Office of the State Auditor has made a criminal referral to the State Bureau of Investigation. NC A&T agreed with the audit findings and committed to corrective action. Coverage from WRAL and WFAE contains additional detail.
New York State Comptroller: separation payments and procurement gaps
New York State Comptroller Thomas P. DiNapoli announced a fresh batch of municipal and school audits on April 14. Among the headline findings: in one municipality, officials did not ensure the accuracy of employee separation payments, with three employees receiving questionable or unsupported payments totaling $15,766. In another, auditors identified 24 purchases totaling roughly $760,000 that did not comply with the entity’s procurement policy and were made without proper oversight. Individual audit reports are linked from the comptroller’s release.
Municipal Records: Forensic Findings in Virginia, Accounting Errors in California
Martinsville, Virginia: $15,000 in unexplained credit-card charges by former city manager
A forensic audit by Brown Edwards, reported by Cardinal News on April 21, found that the former Martinsville city manager logged more than $15,000 in city-issued credit-card charges for which auditors could identify no business purpose. The audit also reviewed the city’s budget-amendment process and hiring practices. The report does not, on its own, establish criminal conduct, and the matter remains a finding rather than an adjudicated conclusion. Local prosecutors have not announced charges.
Fullerton, California: $2.9 million accounting error triggers special audit
The City of Fullerton initiated a special fiscal audit, conducted by Grant Thornton, after the discovery of a $2.9 million accounting error stemming from a 2022 misallocation between the General Fund and the Successor Agency fund. The error went undetected until 2025. Findings were presented to the City Council on April 21. The case is a textbook illustration of why municipal financial controls — and timely external review — matter.
Colorado Springs: city auditor reviews mayoral use of city resources
The Colorado Springs City Auditor reviewed the use of city resources by an elected official and, as covered by KRDO, found five instances in 2025 in which the official was accompanied by a member of their security detail on what the audit characterized as personal stops. Auditors concluded the personal stops were incidental to official travel and did not find evidence the security detail performed standalone administrative or personal errands. The Audit Committee strongly recommended the administration establish a written policy governing elected officials’ use of police detail and city vehicles — a control gap the audit identified as the underlying issue.
FOIA and Transparency: ODNI Reading Room Scrubbed
According to Bloomberg’s April 24 reporting, the Office of the Director of National Intelligence has removed documents from its FOIA reading room, with hundreds of intelligence-related records previously released to the public no longer visible on the agency’s site. The Freedom of the Press Foundation’s Lauren Harper, after litigating an ODNI request, obtained an intelligence assessment from a unit of the office on the Tren de Aragua organization. Records suggest more than a dozen pages of internal emails were among the materials produced under the suit.
The story is significant on its own terms — the public should expect previously released records to remain available — but it also raises a methodological problem for accountability journalism. Reporters and researchers who built citation chains on URLs from the ODNI reading room should anticipate broken links and consider mirroring critical documents. TIJ will continue to monitor whether the removed records are restored or remain offline.
Records Warranting Deeper TIJ Investigation
Three releases this week stand out as candidates for follow-up reporting. First, the DCSA industrial-security audit raises a question GAO does not fully resolve: which contractors accounted for the bulk of the 815 violations, and how did data spills propagate across unclassified systems? Second, the NC A&T audit documents one institution’s misallocation of student aid; the broader question is whether other state university systems use Administrative Recovery Funds in similarly opaque ways, and what oversight, if any, applies to comparable accounts. Third, the HHS OIG compounded-drug report identifies a known fraud vector at the intersection of FDA non-approval and CMS data limitations; targeted analysis of Part D claims data could surface anomalous prescribing patterns warranting referral.
The Investigative Journal welcomes tips and document submissions related to any of the records discussed above. All submissions are treated confidentially.