As part of transparency efforts at one of the government’s most secretive organizations, the National Security Agency’s inspector general on Monday released an unclassified version of an audit of employee travel expenses that found a concerning number to be improper.

The agency “did not adequately monitor cardholder activities, which may have permitted improper cash advances and other misuse of individually billed travel cards,” wrote the auditors led by IG Robert Storch, after a review of transactions over a nine-month period from January through September 2017.

The report described “ineffective management of a program that in fiscal year 2017 processed 43,579 claims totaling $69.4 million dollars.” NSA travel cardholders spent some $900,000 on “questionable transactions, of which at least $285,000 was determined by the OIG to be inappropriate,” the report said. “Travel systems are outdated, repetitive and disparate,” auditors wrote.

The watchdog referred an undisclosed number of the flagged transactions involving use of purchase cards for personal items to its Investigations Division, “which substantiated misuse and referred the employees involved to the agency for possible disciplinary action.”

The report did not provide details on individual abuse of the system.

Specific problems, however, include the fact that NSA’s centrally billed travel charge card account was not reconciled in a timely fashion, creating a balance owed of more than $130,000,” the report said. Also, the agency does not require travel charge card training for travelers, managers, or authorizing officials, and its travel management information systems “are in need of modernization.”

Many of the lapses in closing accounts involved former agency military affiliates’ travel charge cards. “Six former military affiliates who have subsequently become agency contractors and one military affiliate who was reassigned still have open travel charge card accounts,” the report said.

Poor documentation means that the government ends up paying for travel that was planned but didn’t take place. “Our testing found that in one year, the agency paid 13 of 76, or 17 percent, of individuals who traveled after flights were canceled a total of over $12,000 based on the submission of itineraries that were not used,” the IG found.

Another system issue is the allowing of employees to make purchases using third-parties, such as Amazon or PayPal. This practice circumvents any merchant category code blocking and disguises purchase descriptions, leading to a lack of control monitoring,” the auditors wrote after reviewing made 162 such purchases totaling $80,884, for such needs as lodging or conference attendance. The Government Travel Charge Card program office does not review or block these purchases and considers them “unavoidable.”

The IG made 10 recommendations, including more centralized monitoring, more rapid reconciliation of accounts, modernized software and better training.

The NSA managers are implementing all 10.

Storch said the report’s release “marks a significant step in the OIG’s effort to increase the transparency of its oversight work at this critically important federal agency.”