Expands the main menu

Breadcrumb

Audit Reports

  • Image
Dec
28
2017
Report Number:
HR-AR-18-001
Report Type:
Audit Reports
Category: Human Resources

Facility Security at Network Distribution Centers

Objective

Our objective was to determine whether the U.S. Postal Service effectively addressed security deficiencies at Network Distribution Centers (NDC) to enhance the safety and security of the work environment.

NDCs are highly mechanized Postal Service mail processing plants that distribute standard mail and provide package services. There are currently 21 NDCs nationwide and Inspection Service and Postal Service personnel are responsible for security at those locations. The Vulnerability Risk Assessment Tool (VRAT) is the application employees use to identify security risks and vulnerabilities at these facilities.

What the OIG Found

The Postal Service and Postal Inspection Service did not always effectively address and monitor security deficiencies at the 11 NDCs we assessed. Specifically:

  • Security officials did not always timely address security deficiencies identified during VRAT assessments.
  • Installation heads did not always monitor the status of identified deficiencies, to include tracking the progress of corrective actions taken and closing out deficiencies when resolved.
  • Installation heads did not always provide deficiency status updates to security officials.

There were 139 security deficiencies identified on the VRAT assessments at the 11 NDCs we reviewed. Deficiencies included obstructed, damaged, or inoperable gates, fences, doors, locks, and closed circuit television systems.

In addition, security officials did not always conduct VRAT assessments at the prescribed frequencies. Further, the security assessment policy has not been updated to reflect the use of the VRAT assessment tool, which replaced the annual security survey in fiscal year 2012.

These conditions occurred because internal controls were not sufficient to ensure responsible security and area officials effectively addressed, monitored, and communicated security deficiencies or conducted VRAT assessments, as required.

When security deficiencies are not timely addressed or VRAT assessments are not conducted as required, there is an increased risk to the safety and security of Postal Service employees, customers, the mail, and other assets.

What the OIG Recommended

We recommended management establish standard operating procedures, to include timeframes, to address, monitor, and communicate identified security deficiencies. We also recommended management establish an oversight mechanism to promote accountability and ensure compliance with VRAT requirements and update policy to reference the VRAT assessment.

Report Recommendations

# Recommendation Status Value Management Response OIG Response USPS Proposed Resolution
1

R - 1 -- Establish standard operating procedures detailing steps and timeframes for Network Distribution Center and area personnel to address, monitor, and communicate identified security deficiencies.

Closed $0 Agree
2

R - 2 -- Establish an oversight mechanism to promote accountability and help ensure compliance with the Vulnerability Risk Assessment Tool requirements.

Closed $0 Agree
3

R - 3 -- Update the Administrative Support Manual to reflect the requirements to conduct Vulnerability Risk Assessment Tool assessments.

Closed $0 Agree