Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Database management systems"

    21 publications with a total of 82 open recommendations including 17 priority recommendations
    Director: Joseph W. Kirschbaum
    Phone: (202) 512-9971

    6 open recommendations
    Recommendation: To enhance enterprise-wide biometric strategic planning, the Under Secretary of Defense for Acquisition, Technology, and Logistics should publish an updated biometric strategic plan to identify enterprise goals and objectives.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance enterprise-wide biometric strategic planning, the Under Secretary of Defense for Acquisition, Technology, and Logistics should publish a supporting biometric implementation plan that includes intended outcomes, measures of effectiveness, and responsibilities, among other things.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate more effective and efficient acquisition management of DOD's biometric and forensic enterprises, the Secretary of the Army, in coordination with the Under Secretary of Defense for Acquisition, Technology, and Logistics, should assign a milestone decision authority to oversee the Near Real Time Identity Operations solution.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate more effective and efficient acquisition management of DOD's biometric and forensic enterprises, the Secretary of the Army, in coordination with the Under Secretary of Defense for Acquisition, Technology, and Logistics, should complete a disposition analysis for the Near Real Time Identity Operations solution before the solution reaches operation and sustainment.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate more effective and efficient acquisition management of DOD's biometric and forensic enterprises, the Secretary of the Army, in coordination with the Under Secretary of Defense for Acquisition, Technology, and Logistics, should consider including geographic dispersal as part of the selection criteria for the DOD Automated Biometric Information System (ABIS) follow-on system.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate more effective and efficient acquisition management of DOD's biometric and forensic enterprises, the Secretary of the Army, in coordination with the Under Secretary of Defense for Acquisition, Technology, and Logistics, should use tradeoff selection criteria, rather than lowest-price technically acceptable criteria, for determining contractor support for DOD ABIS mission-critical functions when it is practicable to do so.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Wilshusen, Gregory C
    Phone: (202) 512-6244

    10 open recommendations
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should implement the audit plans for the 12 systems and applications that we reviewed in the production computing environment.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should ensure that system administrators and security operations analysts are alerted in the event of audit processing failures.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should update information contingency plan test procedures to include updating contingency plans to reflect changes to the current operating environment.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should ensure that approved risk-based decisions pertaining to database configurations are based on suitable justification.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should develop, document, and implement the use of detailed procedures to facilitate the periodic review and analysis of audit records for its financial systems.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should develop an enterprise-wide system owner procedural document to control critical mainframe operating system commands.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should regularly update configuration standards and guidelines for network devices to incorporate recommendations from industry leaders, security agencies, and key practices from IRS partners to address known vulnerabilities applicable to IRS's environment.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should implement a compliance verification application, or other appropriate process, to ensure configuration policies are comprehensively tested on the mainframe.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should ensure that all known significant audit findings and recommendations related to financial reporting, which includes those in GAO's public and limited official use only reports, that directly relate to the objective of A-123 internal control tests are reviewed and monitored.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help strengthen information security controls over key financial and tax processing systems, and to more effectively implement security-related policies and plans, the Commissioner of Internal Revenue, in addition to addressing previously made but still unresolved recommendations from our prior audits, should identify and review service organizations' listing of user controls that are deemed relevant and test those controls to appropriately draw conclusions about the operating effectiveness of controls.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    3 open recommendations
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to, in coordination with the Director, USMEPCOM, and the military services develop a clear process with defined roles and responsibilities to ensure that complete Existed Prior to Service (EPTS) separation medical records for enlistees who separated within 180 days of service from the military services' basic training sites are provided to USMEPCOM.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to, in coordination with the Director, USMEPCOM, establish a schedule to repair the internal EPTS database so that USMEPCOM can provide more regular and specific feedback to MEPS chief medical officers.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to, in coordination with the Under Secretary of Defense for Acquisition, Technology, and Logistics and the DOD Healthcare Management Systems Program Executive Office, develop a schedule of actions for deploying its new electronic health record system, MHS GENESIS, within USMEPCOM that includes key activities such as the major actions required to accomplish this effort, completion dates for all actions leading up to these events, and dates for the system's deployment to MEPS locations.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Seto Bagdoyan
    Phone: (202) 512-6722

    7 open recommendations
    Recommendation: To address control weaknesses and related program-integrity risks we identified in Lifeline, the Chairman of FCC should require Commissioners to review and approve, as appropriate, spending above the budget in a timely manner.

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To address control weaknesses and related program-integrity risks we identified in Lifeline, the Chairman of FCC should maintain and disseminate an updated list of state eligibility databases available to Lifeline providers that includes the qualifying programs those databases access to confirm eligibility; this step would help ensure Lifeline providers are aware of state eligibility databases and could also help ensure USAC audits of Lifeline providers can verify that available state databases are being utilized to verify subscriber eligibility.

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To address control weaknesses and related program-integrity risks we identified in Lifeline, the Chairman of FCC should establish time frames to evaluate compliance plans and develop instructions with criteria for FCC reviewers how to evaluate these plans to meet Lifeline's program goals.

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To address control weaknesses and related program-integrity risks we identified in Lifeline, the Chairman of FCC should develop an enforcement strategy that details what violations lead to penalties and apply this as consistently as possible to all Lifeline providers to ensure consistent enforcement of program violations; the strategy should include a rationale and method for resource prioritization to help maximize the effectiveness of enforcement activities.

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To address our findings regarding the USF, the Chairman of FCC should take action to ensure that the preliminary plans to transfer the USF funds from the private bank to the U.S. Treasury are finalized and implemented as expeditiously as possible.

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To address our findings regarding the USF, the Chairman of FCC should take action to require a review of customer bills as part of the contribution audit to include an assessment of whether the charges, including USF fees, meet FCC Truth-in-Billing rules with regard to labeling, so customer bills are transparent, and appropriately labeled and described, to help consumers detect and prevent unauthorized charges.

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To address our findings regarding the USF, the Chairman of FCC should take action to respond to USAC requests for guidance and address pending requests concerning USF contribution requirements to ensure the contribution factor is based on complete information and that USF pass-through charges are equitable.

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Justice
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Justice
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Director: David J. Wise
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To improve the reliability of FRPP disposal data, the Administrator of GSA should implement a data validation procedure to prevent reporting the same building disposal multiple times.

    Agency: General Services Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the accuracy of reporting on progress in reducing the inventory of federal buildings, the Director of OMB, in coordination with the GSA Administrator, should establish a procedure to verify that the OMB's reports include the intended data, such as, reporting individual buildings only once and reporting only federally owned buildings.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David Wise
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Administrator of the General Services Administration should determine whether the beneficial owner of high-security space that GSA leases is a foreign entity and, if so, share that information with the tenant agencies so they can adequately assess and mitigate any security risks.

    Agency: General Services Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Beryl H. Davis
    Phone: (202) 512-2623

    9 open recommendations
    including 4 priority recommendations
    Recommendation: To provide agencies access to SSA's more complete set of death data, Congress should consider amending the Social Security Act to explicitly allow SSA to share its full death file with Treasury for use through the DNP working system.

    Agency: Congress
    Status: Open

    Comments: When we confirm what actions have been taken we will update. As of August 3, 2017, no updated information has been provided.
    Recommendation: To reasonably assure that additional relevant databases are identified and evaluated for inclusion in the DNP working system, the Director of OMB should develop, document, and communicate a formal process that user agencies can use to identify, suggest, and receive feedback on additional databases to be evaluated for inclusion in the DNP working system.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We provided a draft of this report to OMB and Treasury and other agencies we reviewed for comment. In its written comments, OMB agreed with this recommendation and cited plans to implement it. As of August 3, 2017, no updated information has been provided by the OMB. We will continue to monitor the status of this recommendation.
    Recommendation: To reasonably assure that the DNP working system is used effectively and consistently, the Director of OMB should develop guidance that clarifies whether the use of DNP's payment integration functionality is required and--if required--the circumstances and process in which agencies may obtain an exemption from this requirement.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: We provided a draft of this report to OMB and Treasury and other agencies we reviewed for comment. In its written comments, OMB agreed with this recommendation and cited plans to implement it. As of August 3, 2017, no updated information has been provided by the OMB. We will continue to monitor the status of this recommendation.
    Recommendation: To reasonably assure that agencies use the DNP working system effectively, the Director of OMB should develop a strategy--and communicate its strategy through guidance--for how agencies should use the DNP working system to complement existing data matching processes and whether and how agencies should consider using the DNP working system to streamline existing data matching. Such guidance may cover how agencies should demonstrate that their data matching processes meet the requirements in the Improper Payments Elimination and Recovery Improvement Act of 2012, whether agencies can decide on their own which specific databases to use, and how agencies should use the functionalities available through the DNP working system.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: We provided a draft of this report to OMB and Treasury and other agencies we reviewed for comment. In its written comments, OMB stated that it generally agreed with the concept of developing a strategy for how agencies should use the Do Not Pay (DNP) working system to complement existing data matching processes and would explore the concept further. As of August 3, 2017, no updated information has been provided by the OMB. We will continue to monitor the status of this recommendation.
    Recommendation: To reasonably assure that agencies develop consistent policies and procedures to verify DNP matches, the Director of OMB should provide additional guidance that outlines when and how agencies should verify DNP matches against a secondary source and provide individuals an opportunity to contest before taking adverse actions as a result of DNP matches.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: We provided a draft of this report to OMB and Treasury and other agencies we reviewed for comment. In its written comments, OMB stated that it agreed with the of consistent policies and procedures and will work with agencies so that their policies and procedures for verifying Do Not Pay (DNP) matches are developed consistently. As of August 3, 2017, no updated information has been provided by the OMB. We will continue to monitor the status of this recommendation.
    Recommendation: To better monitor agency use of the DNP working system once a strategy has been developed, the Director of OMB should develop and implement monitoring mechanisms--such as goals, benchmarks, and performance measures--to evaluate agency use of the DNP working system.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: We provided a draft of this report to OMB and Treasury and other agencies we reviewed for comment. In its written comments, OMB stated that it agreed with the concept of monitoring mechanisms and will continue to work with agencies to reduce improper payments and encourage agencies to establish goals to improve payment accuracy that will be monitored and evaluated by OMB. As of August 3, 2017, no updated information has been provided by the OMB. We will continue to monitor the status of this recommendation.
    Recommendation: To reasonably assure that agency-reported information on use of the DNP working system is reliable, the Director of OMB should develop a process for comparing agency reporting on the use of the DNP working system to available sources, such as OMB guidance and DNP working system adjudication reports.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We provided a draft of this report to OMB and Treasury and other agencies we reviewed for comment. In its written comments, OMB stated that it agreed with the concept of ensuring that data are reliable and will consider the feasibility of a process to compare agency submissions to available sources to reasonably assure that agency-reported information on use of the Do Not Pay (DNP) working system is reliable. As of August 3, 2017, no updated information has been provided by the OMB. We will continue to monitor the status of this recommendation.
    Recommendation: To reasonably assure that agency-reported information on use of the DNP working system is complete, the Director of OMB should revise its guidance to clarify whether agencies should report on their uses of all of the functionalities of the DNP working system in their agency financial reports.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We provided a draft of this report to OMB and Treasury and other agencies we reviewed for comment. In its written comments, OMB stated that it agreed with ensuring the completeness of data and will continue to work with agencies and the Chief Financial Officer community to ensure that agency-reported information on the use of the Do Not Pay (DNP) working system is complete. As of August 3, 2017, no updated information has been provided by the OMB. We will continue to monitor the status of this recommendation.
    Recommendation: The Secretary of the Treasury should modify the DNP working system to track adjudication of matches obtained through all functionalities.

    Agency: Department of the Treasury
    Status: Open

    Comments: In a memo dated April 13, 2017, the Department of Treasury (Treasury) stated that it is in the process of evaluating potential solutions to capture information on the impact of Portal functionalities (online single search, continuous monitoring, and batch matching), and has developed a plan with timeframes to assess the technical feasibility as well as user willingness to provide information. However, Treasury stated that it cannot be certain that this evaluation will identify viable solutions, and therefore cannot commit to making any modifications to the working system. Treasury explained, for instance, it may not be possible to design an effective and user-friendly strategy to capture agency decisions to remove an excluded party identified in a continuous monitoring file from a list of approved vendors. Further, Treasury explained that even if it can capture those decisions, it may be even more difficult to assign a dollar value to that decision as there would be no payment pending in this example. Nevertheless, Treasury stated that it is committed to thoroughly evaluating whether a solution is possible, and--if a solution proves feasibly--its goal is to complete a development plan for the implementation of any identified solutions by September 30, 2018.
    Director: Nancy Kingsbury
    Phone: (202) 512-2700

    5 open recommendations
    including 2 priority recommendations
    Recommendation: To support its strategic and open data goals, the Director of OPM should improve the availability of the EHRI payroll data--for example, by preparing the data for analytics, making them available through online tools such as FedScope, and including them among the EHRI data sources on the OPM website and Data.gov.

    Agency: Office of Personnel Management
    Status: Open
    Priority recommendation

    Comments: On 4/21/2017 OPM provided a status update based on our inclusion of this rec in the priority rec letter. "As communicated in our December 6, 2017, letter to the Comptroller General, OPM is developing a comprehensive strategy to improve the availability of EHRI payroll data for analytics. We have started an effort to standardize payroll data elements by engaging with the payroll subject matter experts through the shared service providers. We will keep GAO informed as we make additional progress."
    Recommendation: To improve internal controls for data quality, the Director of OPM should update EHRI payroll database documentation to be consistent with current field definitions and requirements, including the Guide to Human Resources Reporting and the Guide to Data Standards, Part B.

    Agency: Office of Personnel Management
    Status: Open

    Comments: No specific updates on this rec, but it would be addressed in the "comprehensive strategy to improve the availability of EHRI payroll data for analytics" that is noted in OPM's response to the priority recommendation.
    Recommendation: To improve internal controls for data quality, the Director of OPM should consistently monitor system-generated error and edit check reports and ensure that timely action is taken to address identified issues.

    Agency: Office of Personnel Management
    Status: Open
    Priority recommendation

    Comments: On 4/21/17 OPM provided an update to their 60 day letter in response to our inclusion of this rec in the priority letter to OPM. Very soon, we will begin implementing follow-up activities with shared service centers and agencies regarding issues identified with the payroll data they submit to EHRI. We are also evaluating the feasibility of incorporating automated methods to validate agency data, to the extent possible. We will keep GAO informed as we make additional progress.
    Recommendation: To integrate the payroll data into the larger suite of EHRI databases, the Director of OPM should develop a schedule for executing these plans.

    Agency: Office of Personnel Management
    Status: Open

    Comments: No specific updates on this rec, but it would be addressed in the "comprehensive strategy to improve the availability of EHRI payroll data for analytics" that is noted in OPM's response to the priority recommendation.
    Recommendation: To integrate the payroll data into the larger suite of EHRI databases, the Director of OPM should evaluate existing internal control activities and develop new control activities for EHRI payroll data, such as implementing transactional edit checks that leverage the information in the other EHRI datasets.

    Agency: Office of Personnel Management
    Status: Open

    Comments: No specific updates on this rec, but it would be addressed in the "comprehensive strategy to improve the availability of EHRI payroll data for analytics" that is noted in OPM's response to the priority recommendation.
    Director: J. Alfredo Gómez
    Phone: (202) 512-3841

    6 open recommendations
    Recommendation: The EPA Administrator should direct the Office of Grants and Debarment (OGD) and program and regional offices, as appropriate, as part of EPA's ongoing streamlining initiatives and the development of a grantee portal, to incorporate expanded search capability features, such as keyword searches, into its proposed web-based portal for collecting and accessing performance reports to improve their accessibility.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its 60 day response, EPA reiterated its agreement with this recommendation. EPA also stated that its vision for grants management includes having grant recipients submit performance reports and other information to the agency through a web-based portal. The portal would incorporate capabilities such as key word searches to allow for easier access to performance report information. However, the portal is a long-term initiative, subject to the agency's budget process, and dependent on the completion of the Next Generation Grants System, which the EPA expects to fully deploy in Fiscal Year 2018.
    Recommendation: The EPA Administrator should direct OGD and program and regional offices, as appropriate, as part of EPA's ongoing streamlining initiatives and the development of a grantee portal, to identify grant programs where existing program-specific data reporting can meet EPA's performance reporting requirements for grants management purposes to reduce duplicative reporting by grantees.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its 60 day response, EPA reiterated its general agreement with this recommendation and stated it will work with recipient partners to identify where duplicative reporting can be reduced. However, EPA also noted that program-specific data cannot be relied upon to meet all grants management requirements, and performance reports often contain other information that allows Project Officers to monitor a recipient's progress. Further, EPA will need to consider the feasibility of expanding Project Officer access to certain program databases to enhance grant performance monitoring. EPA anticipates completing the process for identifying where duplicative reporting can be reduced by the end of FY 2017.
    Recommendation: The EPA Administrator should direct OGD and program and regional offices, as appropriate, as part of EPA's ongoing streamlining initiatives and the development of a grantee portal, once EPA's new performance system is in place, to ensure that the Office of Water adopts software tools, as appropriate, to electronically transfer relevant data on program results from program-specific databases to EPA's national performance system.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its 60 day response, the EPA reiterated its general agreement with this recommendation and stated that it will apply it, where appropriate and cost effective, to program-specific databases, not only the Office of Water databases. EPA noted that not all data from program-specific databases may be appropriate for direct electronic transfer to the national performance system; some individual grant data may need to be analyzed before being rolled up into national data. Additionally, implementation of this recommendation will depend upon the agency's program offices modifying their databases to interface with the new performance system. Further, implementation of this recommendation is dependent upon completion of EPA's new performance system, currently under development; anticipated deployment is in FY 2017.
    Recommendation: The EPA Administrator should direct OGD and program and regional offices, as appropriate, as part of EPA's ongoing streamlining initiatives and the development of a grantee portal, to clarify the factors project officers should consider when determining whether performance reports are consistent with EPA's environmental results directive.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its 60 day response, EPA reiterated its agreement with this recommendation and stated that it will make conforming changes to the implementation guidance for the Environmental Results Order (Directive) in FY 2017.
    Recommendation: The EPA Administrator should direct OGD and program and regional offices, as appropriate, as part of EPA's ongoing streamlining initiatives and the development of a grantee portal, to expand aspects of EPA's policy for certain categorical grants, specifically, the call for an explicit reference to the planned results in grantees' work plans and their projected time frames for completion, to all grants.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its 60 day response, EPA reiterated its agreement with this recommendation and stated that it will make conforming changes to existing policy in FY 2017.
    Recommendation: The EPA Administrator should direct OGD and program and regional offices, as appropriate, as part of EPA's ongoing streamlining initiatives and the development of a grantee portal, to incorporate built-in data quality controls for performance reports into the planned web-based portal based on EPA's environmental results directive.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its 60 day response, EPA reiterated its general agreement with this recommendation. However, EPA emphasized that identifying and deploying appropriate data quality controls is a long-term effort subject to budgetary considerations, completion of the Next Generation Grants System, and extensive collaboration with internal and external stakeholders. Specifically, the report's vision for built-in data quality controls involves the use of electronic templates and reduced reliance on manual data entry--which would require standardized work plan and performance report formats subject to clearance by the Office of Management and Budget. Further, EPA noted that both grant recipients and EPA program offices generally have not supported standardizing the format of work plan and progress reports in the past. Accordingly, as a first step, EPA will seek feedback from the recipient and program office community. The agency will initiate that process in FY 2017.
    Director: Anne-Marie Fennell
    Phone: (202) 512-3841

    6 open recommendations
    Recommendation: To improve the effectiveness of BLM's efforts to track and deter unauthorized grazing, the Secretary of the Interior should direct the Director of BLM to amend the regulations on unauthorized grazing use--43 C.F.R. Subpart 4150 (2005)--to establish a procedure for the informal resolution of violations at the local level, or follow the existing regulations by sending a notice of unauthorized use for each potential violation as provided by 43 C.F.R. 4150.2(a) (2005).

    Agency: Department of the Interior
    Status: Open

    Comments: As of November 2016, GAO is awaiting action by the agency to implement this recommendation.
    Recommendation: To improve the effectiveness of BLM's efforts to track and deter unauthorized grazing, the Secretary of the Interior should direct the Director of BLM to record all incidents of unauthorized grazing, including those resolved informally.

    Agency: Department of the Interior
    Status: Open

    Comments: As of November 2016, GAO is awaiting action by the agency to implement this recommendation.
    Recommendation: To improve the effectiveness of BLM's efforts to track and deter unauthorized grazing, the Secretary of the Interior should direct the Director of BLM to revise the agency's Unauthorized Grazing Use Handbook to make it consistent with 43 C.F.R. pt. 4100 (2005).

    Agency: Department of the Interior
    Status: Open

    Comments: As of November 2016, GAO is awaiting action by the agency to implement this recommendation.
    Recommendation: To improve the effectiveness of the Forest Service's efforts to track and deter unauthorized grazing, the Secretary of Agriculture should direct the Chief of the Forest Service to amend the regulations on range management--36 C.F.R. pt. 222--to provide for nonmonetary settlement when the unauthorized or excess grazing is non-willful and incidental, or follow the existing regulations by determining and charging a grazing use penalty for all unauthorized and excess use when it is identified as provided by 36 C.F.R. 222.50(a) and (h).

    Agency: Department of Agriculture
    Status: Open

    Comments: As of November 2016, GAO is awaiting action by the agency to implement this recommendation.
    Recommendation: To improve the effectiveness of the Forest Service's efforts to track and deter unauthorized grazing, the Secretary of Agriculture should direct the Chief of the Forest Service to record all incidents of unauthorized grazing, including those resolved informally.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of November 2016, GAO is awaiting action by the agency to implement this recommendation.
    Recommendation: To improve the effectiveness of the Forest Service's efforts to track and deter unauthorized grazing, the Secretary of Agriculture should direct the Chief of the Forest Service to adopt an unauthorized grazing penalty structure that is based, similar to BLM's, on the current commercial value of forage.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of November 2016, GAO is awaiting action by the agency to implement this recommendation.
    Director: Brian J. Lepore
    Phone: (202) 512-4523

    1 open recommendations
    Recommendation: To improve the Office of the Secretary of Defense's (OSD) oversight of the services' progress in implementing the standardized process for assessing facility conditions and recording facility condition ratings based on that process, the Assistant Secretary of Defense for Energy, Installations, and Environment should revise its guidance to clarify how--either in DOD's Real Property Assets Database or by some other mechanism--the services are to indicate when a facility condition rating recorded in DOD's Real Property Assets Database is based on the standardized process.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics: Office of the Assistant Secretary of Defense for Energy, Installations, and Environment
    Status: Open

    Comments: DOD partially concurred with our recommendation that the Assistant Secretary of Defense for Energy, Installations, and Environment revise its guidance to clarify how--either in DOD's Real Property Assets Database or by some other mechanism--the services are to indicate when a facility condition rating recorded in DOD's Real Property Assets Database is based on the standardized process. As of October 2016, DOD has not completed any actions to implement this recommendation.
    Director: Diana Maurer
    Phone: (202) 512-9627

    6 open recommendations
    including 6 priority recommendations
    Recommendation: To improve transparency and better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Attorney General should assess the PIA development process to determine why PIAs were not published prior to using or updating face recognition capabilities, and implement corrective actions to ensure the timely development, updating, and publishing of PIAs before using or making changes to a system.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: DOJ officials did not concur with this recommendation, and stated that the FBI has established practices that protect privacy and civil liberties beyond the requirements of the law. DOJ officials stated that it will internally evaluate the PIA process as part of the Department's overall commitment to improving its processes, not in response to our recommendation. In March 2017, we followed up with DOJ to obtain its current position on our recommendation. DOJ continues to believe that its approach in designing the NGI system was sufficient to meet legal privacy requirements and that our recommendation represents a "checkbox approach" to privacy. We disagree with DOJ's characterization of our recommendation. We continue to believe that the timely development and publishing of future PIAs would increase transparency of the department's systems. We recognize the steps the agency took to consider privacy protection during the development of the NGI system. We also stand by our position that notifying the public of these actions is important and provides the public with greater assurance that DOJ components are evaluating risks to privacy when implementing systems. As a result, the recommendation remains open and unimplemented.
    Recommendation: To improve transparency and better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Attorney General should assess the SORN development process to determine why a SORN was not published that addressed the collection and maintenance of photos accessed and used through NGI for the FBI's face recognition capabilities prior to using NGI-IPS, and implement corrective actions to ensure SORNs are published before systems become operational.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: DOJ agreed, in part, with our recommendation and submitted the SORN for publication to the Federal Register on April 21, 2016, and it was published on May 5, 2016. DOJ did not agree that the publication of a SORN is required by law. We disagree with DOJ's interpretation regarding the legal requirements of a SORN. The Privacy Act of 1974 requires that when agencies establish or make changes to a system of records, they must notify the public through a SORN published in the Federal Register. DOJ's comments on our draft report acknowledge that the automated nature of face recognition technology and the sheer number of photos now available for searching raise important privacy and civil liberties considerations. DOJ officials also stated that the FBI's face recognition capabilities do not represent new collection, use, or sharing of personal information. We disagree. We believe that the ability to perform automated searches of millions of photos is fundamentally different in nature and scope than manual review of individual photos, and the potential impact on privacy is equally fundamentally different. By assessing the SORN development process and taking corrective actions to ensure timely development of future SORNs, the public would have a better understanding of how personal information is being used and protected by DOJ components. As a result, the recommendation remains open and unimplemented.
    Recommendation: To better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Director of the Federal Bureau of Investigation should conduct audits to determine the extent to which users of NGI-IPS and biometric images specialists in FACE Services are conducting face image searches in accordance with Criminal Justice Information Services Division policy requirements.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In March 2017, DOJ provided us with the audit plan the CJIS Audit Unit developed in June 2016 for NGI-IPS users. In addition, DOJ reported that the CJIS Audit Unit began assessing NGI-IPS requirements at participating states in conjunction with its triennial National Identity Services audit and that, as of February 2017, the unit had conducted NGI-IPS audits of four states. Further, DOJ officials said CJIS developed an audit plan of the FACE Services Unit to coincide with the existing triennial FBI internal audit for 2018. However, DOJ did not provide the audit plan for the FACE Services Unit. DOJ officials said the methodology would be the same as the audit plan for NGI-IPS, but that methodology does not describe oversight on use of information obtained from external systems accessed by FACE Services employees. Therefore, we believe DOJ is making progress towards meeting the recommendation, but has not fully implemented our recommendation.
    Recommendation: To better ensure that face recognition systems are sufficiently accurate, the Director of the Federal Bureau of Investigation should conduct tests of NGI-IPS to verify that the system is sufficiently accurate for all allowable candidate list sizes, and ensure that the detection and false positive rate used in the tests are identified.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In comments on our draft report in 2016, and reiterated during recommendation follow-up, as of March 2017, DOJ did not concur with this recommendation. DOJ officials stated that the FBI has performed accuracy testing to validate that the system meets the requirements for the detection rate, which fully satisfies requirements for the investigative lead service provided by NGI-IPS. We disagree with DOJ. A key focus of our recommendation is the need to ensure that NGI-IPS is sufficiently accurate for all allowable candidate list sizes. Although the FBI has tested the detection rate for a candidate list of 50 photos, NGI-IPS users are able to request smaller candidate lists (between 2 and 50 photos). FBI officials stated that they do not know, and have not tested, the detection rate for other candidate list sizes. According to these officials, a smaller candidate list would likely lower the detection rate because a smaller candidate list may not contain a likely match that would be present in a larger candidate list. However, according to the FBI Information Technology Life Cycle Management Directive, testing needs to confirm the system meets all user requirements. Because the accuracy of NGI-IPS's face recognition searches when returning fewer than 50 photos in a candidate list is unknown, the FBI is limited in understanding whether the results are accurate enough to meet NGI-IPS users' needs. DOJ officials also stated that searches of NGI-IPS produce a gallery of likely candidates to be used as investigative leads, not for positive identification. As a result, according to DOJ officials, NGI-IPS cannot produce false positives and there is no false positive rate for the system. We disagree with DOJ. The detection rate and the false positive rate are both necessary to assess the accuracy of a face recognition system. Generally, face recognition systems can be configured to allow for a greater or lesser number of matches. A greater number of matches would generally increase the detection rate, but would also increase the false positive rate. Similarly, a lesser number of matches would decrease the false positive rate, but would also decrease the detection rate. Reporting a detection rate of 86 percent without reporting the accompanying false positive rate presents an incomplete view of the system's accuracy. As a result, the recommendation remains open and unimplemented.
    Recommendation: To better ensure that face recognition systems are sufficiently accurate, the Director of the Federal Bureau of Investigation should conduct an operational review of NGI-IPS at least annually that includes an assessment of the accuracy of face recognition searches to determine if it is meeting federal, state, and local law enforcement needs and take actions, as necessary, to improve the system.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: As of March 2017, FBI officials stated they implemented the recommendation by submitting a paper to solicit feedback from users through the Fall 2016 Advisory Policy Board Process. Specifically, officials said the paper requested feedback on whether the face recognition searches of the NGI-IPS are meeting their needs, and input regarding search accuracy. According to FBI officials, no users expressed concern with any aspect of the NGI-IPS meeting their needs, including accuracy. Although FBI's action of providing working groups with a paper presenting GAO's recommendation is a step, the FBI's actions do not fully meet the recommendation. The FBI's paper was presented as informational, and did not result in any formal responses from users. We disagree with the FBI's conclusion that receiving no responses on the informational paper fulfills the operational review recommendation, which includes determining that NGI-IPS is meeting user's needs. As such, we continue to recommend the FBI conduct an operational review of NGI-IPS at least annually.
    Recommendation: To better ensure that face recognition systems are sufficiently accurate, the Director of the Federal Bureau of Investigation should take steps to determine whether each external face recognition system used by FACE Services is sufficiently accurate for the FBI's use and whether results from those systems should be used to support FBI investigations.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In comments on our draft report in 2016, and reiterated during recommendation follow-up in 2017, DOJ officials did not concur with this recommendation and had no plans to implement it. DOJ officials stated that the FBI has no authority to set or enforce accuracy standards of face recognition technology operated by external agencies. In addition, DOJ officials stated that the FBI has implemented multiple layers of manual review that mitigate risks associated with the use of automated face recognition technology. Further, DOJ officials stated there is value in searching all available external databases, regardless of their level of accuracy. We disagree with the DOJ position. We continue to believe that the FBI should assess the quality of the data it is using from state and federal partners. We acknowledge that the FBI cannot and should not set accuracy standards for the face recognition systems used by external partners. We also do not dispute that the use of external face recognition systems by the FACE Services Unit could add value to FBI investigations. However, we disagree with FBI's assertion that no assessment of the quality of the data from state and federal partners is necessary. We also disagree with the DOJ assertion that manual review of automated search results is sufficient. Even with a manual review process, the FBI could miss investigative leads if a partner does not have a sufficiently accurate system. By relying on its external partners' face recognition systems, the FBI is using these systems as a component of its routine operations and is therefore responsible for ensuring the systems will help meet FBI's mission, goals and objectives. The recommendation remains open and unimplemented.
    Director: Michael J. Courts
    Phone: (202) 512-8980

    2 open recommendations
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should specify time frames for working with VWP countries to institute the additional VWP security requirements, including the requirement that the countries fully implement agreements to share information about known or suspected terrorists through the countries' Homeland Security Presidential Directive 6 arrangements and Preventing and Combating Serious Crime agreements with the United States.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS reported that nearly all VWP countries have begun sharing information on known or suspected terrorists through Homeland Security Presidential Directive 6 arrangements and that DHS also made progress in fully implementing Preventing and Combating Serious Crime agreements. According to DHS, all VWP countries were informed of the new VWP requirements in July 2016. In its initial response, DHS stated that it planned to conduct a comprehensive assessment of VWP countries' compliance with the new VWP requirements and establish a time frame for each VWP country to reach full compliance as part of each country's next formal review. However, as of April 2017, DHS needs to provide documentation to GAO to support all of these actions. GAO will continue to monitor DHS efforts to fully address this recommendation.
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should take steps to improve DHS's timeliness in reporting to Congress, within the statutory time frame, the department's determination of whether each VWP country should continue participating in the program and any effects of the country's participation on U.S. law enforcement and security interests.

    Agency: Department of Homeland Security
    Status: Open

    Comments: Since 2016, DHS has issued several reports on VWP countries to Congress that have addressed several of the overdue reports identified in 2016, but some gaps remain. As of April 2017, DHS reported plans to deliver additional reports in 2017 to address these gaps. In its initial response, DHS reported that the department had taken steps to ensure timely reporting to Congress and committed to providing Congress with advance notification of any delays in delivering future reports. To fully address this recommendation, DHS needs to issue reports to Congress on VWP countries that have not been covered within the last two years. GAO will continue to monitor DHS efforts.
    Director: Carolyn L. Yocom
    Phone: (202) 512-7114

    3 open recommendations
    including 2 priority recommendations
    Recommendation: To improve the effectiveness of states' and plans' Medicaid managed care (MMC) plan provider screening efforts, the Acting Administrator of CMS should consider which additional databases that states and MMC plans use to screen providers could be helpful in improving the effectiveness of these efforts and determine whether any of these databases should be added to the list of databases identified by CMS for screening purposes.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open
    Priority recommendation

    Comments: HHS concurred with this recommendation. CMS analyzed 22 databases that were reported to GAO as being used by Medicaid managed care plans to screen providers. It determined that several were already in use by CMS and mentioned in its guidance, several required more study by CMS, and others were not reliable. In April 2017, we reviewed CMS's analysis. For 8 of the databases, CMS noted that more information is needed, including the availability of the data and whether CMS would need an identifier to link providers to the data. CMS has requested additional information for these databases and has not yet concluded whether the databases should be added to the list of databases it has identified for screening purposes. To close the recommendation, CMS will need to determine whether the remaining databases it has studied should be added to the CMS list of databases to be used for provider screening and take the appropriate action.
    Recommendation: To improve the effectiveness of states' and plans' MMC plan provider screening efforts, the Acting Administrator of CMS should collaborate with SSA to facilitate sharing CMS's Death Master File subscription with state Medicaid programs.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open
    Priority recommendation

    Comments: HHS concurred with this recommendation. CMS has signed an Interagency Agreement that provides for the states' ability to access the SSA Death Master File. CMS said that it will provide Death Master File information to specific individuals within each state in the near future. To close the recommendation, CMS will need to begin to provide the states with access to Death Master File data and provide us with documentation that it has done so.
    Recommendation: To improve the effectiveness of states' and plans' MMC plan provider screening efforts, the Acting Administrator of CMS should coordinate with other federal agencies, as necessary, to explore the use of an identifier that is relevant for the screening of MMC plan providers and common across databases used to screen MMC plan providers.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: HHS concurred with the recommendation. We will update the status of this recommendation when we receive additional information.
    Director: Mctigue Jr, James R
    Phone: (202) 512-7968

    4 open recommendations
    including 2 priority recommendations
    Recommendation: Congress should consider expanding the mandate for partnerships and corporations to electronically file their tax returns to cover a greater share of filed returns.

    Agency: Congress
    Status: Open

    Comments: No legislation enacted as of March 2017. Current law requires entities that file more than 250 returns during a year or partnerships with more than 100 partners to file electronically. A bill has been introduced in Congress, S. 3178, which would gradually lower the threshold to 20 returns. Requiring greater digitization of tax return information, as GAO suggested in May 2014, would help the Internal Revenue Service identify which partnership and S corporation tax returns would be most productive to examine. Improving IRS's selection of partnership and S corporation returns to examine would also benefit compliant taxpayers whose returns may otherwise be selected for examination. Further, expanded e-filing would reduce IRS's tax return processing costs.
    Recommendation: The Commissioner of Internal Revenue should develop and implement a strategy to better estimate (1) the extent and nature of partnership misreporting, and (2) the effectiveness of partnership examinations in detecting this misreporting.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open
    Priority recommendation

    Comments: As of April 2017, IRS had initiated the Partnership Research Study (PRS). PRS is a smaller scale version of IRS's originally planed National Research Program (NRP) study for partnerships. IRS decided to conduct the smaller scale study because of resource constraints (the NRP study would have required IRS to audit 10,000 partnership tax returns, which is more than all the partnership returns that IRS normally audits in the course of a year; through PRS IRS plans to audit about 2,000 returns). PRS will be similar to an NRP study in that there are mandatory issues that will be audited, and stringent requirements for surveying (dismissing) examinations. IRS has started auditing 1,750 returns and will begin auditing 500 more returns starting in November. IRS is hopeful that PRS will allow it to determine (1) whether the differences in examination rates across different types of business entities are justified, and (2) whether an improved tool for selecting partnerships for examination, such as an updated partnership discriminant function, should be developed.
    Recommendation: The Commissioner of Internal Revenue should use the better information on noncompliance and program effectiveness to determine (1) whether the differences in examination rates across different types of business entities are justified, and (2) whether an improved tool for selecting partnerships for examination, such as an updated partnership discriminant function, should be developed.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open
    Priority recommendation

    Comments: As of April 2017, IRS had initiated the Partnership Research Study (PRS). PRS is a smaller scale version of IRS's originally planed National Research Program (NRP) study for partnerships. IRS decided to conduct the smaller scale study because of resource constraints (the NRP study would have required IRS to audit 10,000 partnership tax returns, which is more than all the partnership returns that IRS normally audits in the course of a year; through PRS IRS plans to audit about 2,000 returns). PRS will be similar to an NRP study in that there are mandatory issues that will be audited, and stringent requirements for surveying (dismissing) examinations. IRS has started auditing 1,750 returns and will begin auditing 500 more returns starting in November. IRS is hopeful that PRS will allow it to determine (1) whether the differences in examination rates across different types of business entities are justified, and (2) whether an improved tool for selecting partnerships for examination, such as an updated partnership discriminant function, should be developed.
    Recommendation: While IRS works to improve the quality of its Schedule K-1 data, the Commissioner of Internal Revenue should develop a plan for conducting testing or other analysis to determine whether the improved Schedule K-1 data, perhaps combined with other IRS information about businesses and taxpayers, could be used more effectively to ensure compliance with the reporting of flow-through income.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS stated that it understands the objective of this recommendation and, at such time that resources are available to enhance capabilities, it would consider the proposed methodology of advanced testing. However, based on current and anticipated budget constraints, it does not expect its plans to change in the near future.
    Director: Marcia Crosse
    Phone: (202) 512-7114

    1 open recommendations
    Recommendation: To enhance its oversight of drug shortages, particularly as the agency fine-tunes the manner in which it gathers data on shortages and transitions from its database to a more robust system, the Commissioner of FDA should conduct periodic analyses using the existing drug shortages database (and, eventually, the new drug shortages information system) to routinely and systematically assess drug shortage information, and use this information proactively to identify risk factors for potential drug shortages early, thereby potentially helping FDA to recognize trends, clarify causes, and resolve problems before drugs go into short supply.

    Agency: Department of Health and Human Services: Food and Drug Administration
    Status: Open

    Comments: In August 2017, FDA reported that it had not conducted any rigorous analysis of predictors of drug shortages nor have new drug risk factors been identified. Although FDA adopted a new, commercially developed data system, the "Shortage Tracker" to track drug shortages in March 2016, it is used to help the Drug Shortage Staff manage their workload. FDA reported that this system has now been fully operational for over a year. However, no trend analysis relating to drug shortages has been conducted and the agency has no plans to conduct such analyses at this time.
    Director: Grover, Jennifer A
    Phone: (202) 512-7141

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To help ensure that security-related funding is directed to programs that have demonstrated their effectiveness, the Secretary of Homeland Security should direct the TSA Administrator to limit future funding support for the agency's behavior detection activities until TSA can provide scientifically validated evidence that demonstrates that behavioral indicators can be used to identify passengers who may pose a threat to aviation security.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security (DHS) did not concur with GAO's November 2013 recommendation to the TSA Administrator to limit future funding support for the agency's behavior detection activities until TSA can provide scientifically validated evidence that demonstrates that behavioral indicators can be used to identify passengers who may pose a threat to aviation security. However, as of July 2017, DHS has reduced funding for its behavior detection activities and taken some steps toward identifying additional evidence to support its use of behavioral indicators. TSA officials stated that GAO's recommendation contributed to DHS's decision to reduce the number of behavior detection officers (BDO) from 3,131 full-time equivalents in fiscal year 2013 to 2,393 full-time equivalents employed in fiscal year 2016. Further, in the summer of 2016 and consistent with the Aviation Security Act of 2016, the agency began assigning BDOs to other positions at passenger screening checkpoints where they are able to observe passengers while performing screening duties. According to TSA officials, all BDOs have now been converted into transportation security officers with behavior detection capabilities, which is expected to reduce the cost of the agency's behavior detection activities. As of August 2017, TSA does not yet have an estimate of any associated cost reductions. Since GAO's 2013 report, TSA has revised its list of behavioral indicators and taken some steps to identify evidence that these indicators can be used to identify passengers who may pose a threat to aviation security. Specifically, TSA hired a contractor to search available literature for sources supporting its revised list of 36 behavioral indicators. However, in 2017, GAO reviewed all 178 sources TSA identified and found that 98 percent (175 of 178) did not provide valid evidence for specific behavioral indicators in its revised list and that the remaining 3 sources could be used as valid evidence to support 8 of the 36 indicators. GAO reported that TSA should continue to limit funding for the agency's behavior detection activities until TSA can provide valid evidence demonstrating that behavioral indicators can be used to identify passengers who may pose a threat to aviation security, consistent with the recommendation in its November 2013 report.
    Director: Wise, David J
    Phone: (202)512-5731

    1 open recommendations
    Recommendation: To improve NTD data collection for ADA paratransit,the Secretary of Transportation should direct the FTA Administrator to provide guidance to transit agencies on how to accurately complete existing ADA paratransit fields.

    Agency: Department of Transportation: Federal Transit Administration
    Status: Open

    Comments: The Federal Register final notice on April 7, 2015, shows that FTA is eliminating the collection of certain ADA paratransit data (trips and expenses) from the NTD. This clarification instructs respondents on how to exclude data for demand-responsive services that are not ADA paratransit. We are reviewing the documentation and will make a decision regarding closing this recommendation as implemented at the conclusion of our review.
    Director: Lepore, Brian J
    Phone: (202)512-4523

    3 open recommendations
    Recommendation: To enable DOD to achieve cost savings and efficiencies and to track its progress toward achieving these goals, the Secretary of Defense should direct the Deputy Under Secretary of Defense (Installations and Environment) to develop and implement a plan that provides measurable goals linked to achieving savings and efficiencies at the joint bases and provide guidance to the joint bases that directs them to identify opportunities for cost savings and efficiencies. DOD should at a minimum consider the items identified in its recommendation to the 2005 BRAC Commission as areas for possible savings and efficiencies, including (1) paring unnecessary management personnel, (2) consolidating and optimizing contract requirements, (3) establishing a single space management authority to achieve greater utilization of facilities, and (4) reducing the number of base support vehicles and equipment.

    Agency: Department of Defense
    Status: Open

    Comments: DOD did not concur with this recommendation. The department stated that its "patient" approach to cost savings is working, and that the senior joint base working group decided against savings targets because of the complexity involved in setting up the bases. As of June 2016, there had been no further action on this recommendation, according to an official of the Office of the Secretary of Defense's joint basing office.
    Recommendation: To improve DOD's ability to provide a common framework for the management and planning of support services at the joint bases, the Secretary of Defense should direct the Deputy Under Secretary of Defense (Installations and Environment) to direct the joint bases to compile a list of those common standards in all functional areas needing clarification and the reasons why they need to be clarified, including those standards still being provided or reported on according to service-specific standards rather than the common standard.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with this recommendation. It stated that the department already has a quarterly process to review its joint base common standards, and that reviewing all the standards simultaneously does not allow for the depth of analysis required to make sound decisions. An official from the joint basing office of the Office of the Secretary of Defense stated that DOD believes its current review and update process for the joint base common standards is effective and does not need to be changed. As of June 2016, there had been no further action on this recommendation, according to an official of the joint basing office.
    Recommendation: To improve DOD's ability to provide a common framework for the management and planning of support services at the joint bases, the Secretary of Defense should direct the Deputy Under Secretary of Defense (Installations and Environment) to amend the OSD joint standards review process to prioritize review and revision of those standards most in need of clarification within this list.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with his recommendation. The department stated that it already has a quarterly joint base common standards review process, and that reviewing all the standards simultaneously does not allow for the depth of analysis required to make sound decisions. In addition, it noted that the current process incorporates input from the Joint Base commanders, Intermediate Command Summit, and service headquarters. An official from the joint basing office of the Office of the Secretary of Defense stated that DOD believes its current review and update process for the joint base common standards is effective and does not need to be changed. As of June 2016, there had been no further action on this recommendation, according to an official of the Office of the Secretary of Defense's joint basing office.
    Director: Caldwell, Stephen L
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To strengthen the Coast Guard's efforts to ensure the security of OCS facilities and deepwater ports, the Commandant of the Coast Guard should make improvements to the Marine Information for Safety and Law Enforcement (MISLE) database or MISLE guidance to better ensure that all OCS facilities, both fixed and floating, are accurately and consistently identified and that the results of security inspections are consistently recorded to allow for better data analyses and management of the security inspections process.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2015, the Coast Guard updated its Marine Information for Safety and Law Enforcement (MISLE) Facilities User Guide to reflect an added feature to MISLE that allows users to identify if a vessel or facility is an OCS facility regulated under the Maritime Transportation Security Act (MTSA), 33 CFR 106. To ensure that this added feature is used in a consistent manner to accurately classify facilities that are regulated under 33 CFR 106, the Coast Guard is in the process of updating Navigation and Vessel Inspection Circular 05-03. In mid-November 2016, the Coast Guard liaison noted that the Coast Guard expects to issue the updated circular and complete related activities by the end of October 2017. On March 24, 2017, the Coast Guard liaison sent an email to notify GAO that the Coast Guard is still awaiting final decision on deployment of Homeport 2.0, prior to finalizing NVIC 5-03 and that the MISLE User Guide remains under development, with the estimated completion date (ECD) remaining as 10/31/17.