This report presents the results of our self-initiated audit of Deposit by Mail (DBM) Controls at the U.S. Postal Service’s [redacted] (Project Number 22-234). The [redacted] is in the Lakeshores division of the Western Processing region of the Postal Service. This audit was designed to provide Postal Service management with timely information on potential financial and security risks related to DBM service at the [redacted].
In February 2015, the Postal Service and a bank initiated the DBM service to allow cash and high-value mailings to be sent to the bank from retail customers through the Postal Service Priority Mail system. The bank has [redacted] retail customers that participate in the DBM service. The Postal Service receives only the revenue from postage paid on the Priority Mail pieces as high-value DBM mail is handled and processed like any other Priority Mail. DBM mail is processed at [redacted] —for delivery to the bank. The U.S. Postal Inspection Service and Postal Service personnel are responsible for security at these [redacted]. Our review focused on DBM mail service routed through the [redacted].
This is a follow-up to our Deposit by Mail Controls at Selected Mail Processing Facilities audit (Report Number NO-AR-19-007, dated September 12, 2019). In that audit, we found the Postal Service did not properly address the 10 high-risk security deficiencies the Postal Inspection Service identified for the [redacted]. We recommended management:
Establish standard operating procedures (SOP) for DBM service, including the use of security cameras, secured doors and staged mail, and adequate rewrap procedures.
Instruct plant management to properly address security deficiencies identified by the Postal Inspection Service in a timely manner.
Management agreed with and implemented the recommendations. Specifically, in January 2020, they developed a DBM SOP outlining sortation and rewrap procedures and coordinated with the U.S. Postal Service Office of Inspector General (OIG) Office of Investigations (OI) to relocate security cameras. Postal Service management also conducted service talks with employees that noted personal items were prohibited on the workroom floor and installed new exterior building doors in February 2020 for enhanced security.
Since that audit, the Postal Inspection Service conducted a vulnerability and risk assessment at the [redacted] and identified four high-risk security deficiencies. Further, in October 2021, the OIG OI conducted a follow-up review and found that management did not sufficiently address the 10 high-risk security deficiencies found in our prior audit (see Table 1).
The [redacted] processed about [redacted] DBM mailpieces for the bank, generating [redacted] in postage revenue. We estimate business customers mailed over [redacted] in cash to the bank through the DBM service in the last year.
USPS Proposed Resolution
Properly address all remaining security deficiencies identified by the Postal Inspection Service within 30 working days of identification, as required by Postal Service policy.
Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.