Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Federal Agency: "Department of Justice"

    30 publications with a total of 49 open recommendations including 7 priority recommendations
    Director: Timothy J. DiNapoli
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To enhance management attention to closing out contracts, the Attorney General should direct the Senior Procurement Executive to ensure the development of a means to track data on the number and type of contracts eligible for closeout and where the contracts are in the closeout process, as well as a means to assess--at the agency or component level--progress by establishing goals and performance measures for closing contracts. (Recommendation 4)

    Agency: Department of Justice
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretaries of Agriculture, Commerce, Defense, Homeland Security, Energy, HHS, Interior, Labor, State, Transportation, Treasury, and VA; the Attorney General of the United States; the Administrators of EPA, GSA, and SBA; the Director of OPM; and the Chairman of NRC should take action to, within existing OMB reporting mechanisms, complete plans describing how the agency will achieve OMB's requirement to implement automated monitoring tools at all agency-owned data centers by the end of fiscal year 2018.

    Agency: Department of Justice
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice has not yet taken action to implement our recommendation. We will continue to monitor the department's efforts to address the recommendation.
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    2 open recommendations
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Justice
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Justice
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Attorney General should instruct the Director of the Marshals Service to ensure that the improvements being made to the Marshals Service's information on the security concerns of individual buildings allow the Marshals Service to understand the concerns across the portfolio.

    Agency: Department of Justice
    Status: Open

    Comments: When we confirm what actions the Marshalls Service has taken in response to this recommendation, we will provide updated information.
    Director: Kimberly Gianopoulos
    Phone: (202) 512-8612

    1 open recommendations
    Recommendation: To provide a basis for comparing actual results with intended results that can generate more meaningful performance information, the Secretaries of the Interior and State and the Attorney General of the United States should jointly work with the Task Force to develop performance targets related to the National Strategy for Combating Wildlife Trafficking Implementation Plan.

    Agency: Department of Justice
    Status: Open

    Comments: Agency agreed with recommendation and plans to implement it
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    2 open recommendations
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Attorney General should define the CISO's role in department policy for ensuring that information security policies and procedures are developed and maintained.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurs with our recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Attorney General should define the CISO's role in department policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurs with our recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Director: Gretta L. Goodwin
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To enhance the clarity and transparency of sexual violence data that is reported to the public, the Secretary of Education should direct the Assistant Secretary for the Office of Postsecondary Education, the Secretary of Health and Human Services should direct the Director of Centers for Disease Control and Prevention, and the Attorney General should direct the Director of the Bureau of Justice Statistics to make information on the acts of sexual violence and contextual factors that are included in their measurements of sexual violence publicly available. This effort could entail revising their definitions of key terms used to describe sexual violence so that the definitions match the measurements of sexual violence.

    Agency: Department of Justice
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Marcia Crosse
    Phone: (202) 512-7114

    2 open recommendations
    Recommendation: To make the best use of federal resources directed toward combating FGM/C in the United States, the Attorney General and the Secretaries of Education, Health and Human Services, Homeland Security, and State should each develop a written plan that describes the agency's approach for conducting education and outreach to key stakeholders in the United States regarding FGM/C.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice (DOJ) concurred with this recommendation, and noted in a September 2016 update that the Human Rights and Special Prosecutions Section of its Criminal Division is taking the lead on developing a written plan on its FGM/C outreach and awareness efforts. As of August 2017, DOJ has not yet developed a written plan.
    Recommendation: To make the best use of federal resources directed toward combating FGM/C in the United States, the Attorney General and the Secretaries of Education, Health and Human Services, Homeland Security, and State should each communicate the plan with other relevant federal agencies and stakeholder groups, as appropriate.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice (DOJ) concurred with this recommendation, and noted in a September 2016 update that the Human Rights and Special Prosecutions Section of its Criminal Division is taking the lead on developing a written plan on its FGM/C outreach and awareness efforts. DOJ also noted that it would communicate its written plan with other relevant federal agencies and stakeholder groups, as appropriate. As of August 2017, DOJ has not yet disseminated a written plan.
    Director: Diana C. Maurer
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To help determine if pretrial diversion programs and practices are effectively contributing to the achievement of department goals and enhance DOJ's ability to better manage and encourage the use of such programs and practices, the Attorney General should identify, obtain, and track data on the outcomes and costs of pretrial diversion programs.

    Agency: Department of Justice
    Status: Open

    Comments: In providing comments on this report, DOJ concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Recommendation: To help determine if pretrial diversion programs and practices are effectively contributing to the achievement of department goals and enhance DOJ's ability to better manage and encourage the use of such programs and practices, the Attorney General should develop performance measures by which to help assess program outcomes.

    Agency: Department of Justice
    Status: Open

    Comments: In providing comments on this report, DOJ concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Attorney General should describe the Department of Justice's major management challenges and include performance goals, performance measures, milestones, planned actions and an agency official responsible for resolving each of its major management challenges as part of the Department of Justice's agency performance plan.

    Agency: Department of Justice
    Status: Open

    Comments: According to the Department of Justice's action plan to address GAO's recommendations, it will report the Office of Inspector General Top Management Challenges in both the Annual Financial Report (AFR) and the Annual Performance Report(APR)/Annual Performance Plan(APP). For the APR/APP, the Department of Justice will also include the appropriate performance goals, performance measures, milestones, planned actions addressing the challenges and the name(s) of agency official(s) responsible for resolving each of its major management challenges. As of August 2017, however, the Department of Justice had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Justice
    Status: Open

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it was completing the initial steps of an assessment to provide a qualitative and definitive list of systems which meet criteria for retirement and/or decommission. This assessment is to review the complexity of work per system, and provide a rough order of magnitude cost estimate on a system-by-system basis. Further, VA is in the process of decommissioning the BDN and PAID systems mentioned in our report. The decommissioning of BDN is in the planning stage and the agency estimates the project to cost $100 million to complete. The replacement of PAID has been occurring in incremental phases, but the agency did not provide an estimated date of retirement. We will continue to monitor the implementation of this recommendation.
    Director: Diana Maurer
    Phone: (202) 512-9627

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To improve transparency and better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Attorney General should assess the PIA development process to determine why PIAs were not published prior to using or updating face recognition capabilities, and implement corrective actions to ensure the timely development, updating, and publishing of PIAs before using or making changes to a system.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: DOJ officials did not concur with this recommendation, and stated that the FBI has established practices that protect privacy and civil liberties beyond the requirements of the law. DOJ officials stated that it will internally evaluate the PIA process as part of the Department's overall commitment to improving its processes, not in response to our recommendation. In March 2017, we followed up with DOJ to obtain its current position on our recommendation. DOJ continues to believe that its approach in designing the NGI system was sufficient to meet legal privacy requirements and that our recommendation represents a "checkbox approach" to privacy. We disagree with DOJ's characterization of our recommendation. We continue to believe that the timely development and publishing of future PIAs would increase transparency of the department's systems. We recognize the steps the agency took to consider privacy protection during the development of the NGI system. We also stand by our position that notifying the public of these actions is important and provides the public with greater assurance that DOJ components are evaluating risks to privacy when implementing systems. As a result, the recommendation remains open and unimplemented.
    Recommendation: To improve transparency and better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Attorney General should assess the SORN development process to determine why a SORN was not published that addressed the collection and maintenance of photos accessed and used through NGI for the FBI's face recognition capabilities prior to using NGI-IPS, and implement corrective actions to ensure SORNs are published before systems become operational.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: DOJ agreed, in part, with our recommendation and submitted the SORN for publication to the Federal Register on April 21, 2016, and it was published on May 5, 2016. DOJ did not agree that the publication of a SORN is required by law. We disagree with DOJ's interpretation regarding the legal requirements of a SORN. The Privacy Act of 1974 requires that when agencies establish or make changes to a system of records, they must notify the public through a SORN published in the Federal Register. DOJ's comments on our draft report acknowledge that the automated nature of face recognition technology and the sheer number of photos now available for searching raise important privacy and civil liberties considerations. DOJ officials also stated that the FBI's face recognition capabilities do not represent new collection, use, or sharing of personal information. We disagree. We believe that the ability to perform automated searches of millions of photos is fundamentally different in nature and scope than manual review of individual photos, and the potential impact on privacy is equally fundamentally different. By assessing the SORN development process and taking corrective actions to ensure timely development of future SORNs, the public would have a better understanding of how personal information is being used and protected by DOJ components. As a result, the recommendation remains open and unimplemented.
    Director: Jacqueline M. Nowicki
    Phone: (617) 788-0580

    1 open recommendations
    Recommendation: The Attorney General of the United States should direct the Department of Justice's Civil Rights Division to systematically track key summary information across its portfolio of open desegregation cases and use this data to inform its monitoring of these cases. Such information could include, for example, dates significant actions were taken or reports received.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurred with this recommendation and believes its procedures for tracking case-related data are adequate. Justice reported in 2016 that it is currently developing an electronic document management system that may allow more case-related information to be stored in electronic format. The agency has already taken substantial steps to increase its case monitoring activities in desegregation cases, and intends to continue those efforts. However, Justice did not provide any details on what these steps are or if these steps are in line with our recommendation. GAO is encouraged that the agency sees a need to increase case monitoring. We will consider closing this recommendation when the agency provides specific information on its systematic tracking of information on open cases and using this information to enhance enforcement.
    Director: David Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice (Justice) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, Justice stated in correspondence to GAO that it was developing plans to migrate the remaining non-core data centers to the department's three Core Enterprise Facilities (CEFs) and/or commercial cloud services by the end of fiscal year 2019. The department added that, as these migrations occur, its data center footprint and facility utilization should continue to improve and the percentage of servers and operating systems residing in the CEFs should significantly exceed federal data center consolidation targets. Justice also stated that it engaged with external representatives to perform an energy efficiency assessment at its core enterprise facility in Virginia, which resulted in significant improvements at the data center and improved the overall power usage efficiency across the department's core data centers. However, as of July 2017, Justice reported on the Office of Management and Budget's (OMB) IT Dashboard that it does not meet any of the five data optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to evaluate the department's progress in implementing this recommendation.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: The Attorney General should direct ODAG to document a plan specifying DOJ's process for monitoring the effects of marijuana legalization under state law, in accordance with DOJ's 2013 marijuana enforcement policy guidance, to include the identification of the various data ODAG will use and their potential limitations for monitoring the effects of state marijuana legalization, and how ODAG will use the information sources in its monitoring efforts to help inform decisions on whether state systems are effectively protecting federal marijuana enforcement priorities.

    Agency: Department of Justice
    Status: Open

    Comments: The agency concurred with the recommendation and reported plans to implement it. Subsequent to the agency stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: The Attorney General should direct ODAG to use existing mechanisms to share DOJ's monitoring plan with appropriate officials from DOJ components responsible for providing information DOJ reports using regarding the effects of state legalization to ODAG, obtain feedback, and incorporate the feedback into its plan.

    Agency: Department of Justice
    Status: Open

    Comments: The agency concurred with the recommendation and reported plans to implement it. Subsequent to the agency stating that it has taken action, we plan to verify whether implementation has occurred.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To provide reasonable assurance that EOIR's fraud prevention controls are adequate, the Attorney General should direct EOIR to conduct regular fraud risk assessments across asylum claims in the immigration courts.

    Agency: Department of Justice
    Status: Open

    Comments: In April 2017, the Executive Office for Immigration Review (EOIR) reported that it is taking several steps toward implementing this recommendation. First, EOIR undertook a review of all asylum fraud complaints that the office received since 2007. Second, EOIR reported that, beginning in June 2016, it conducted a series of trainings and in-person "listening sessions" to discuss issues related to asylum fraud with immigration judges and court staff. Third, EOIR reported that it is in the process of creating a written assessment for all personnel at immigration courts and the Board of Immigration Appeals to determine the magnitude of asylum fraud issues at each respective location. Fourth, EOIR reported that it is designing a statistical analysis of asylum fraud. On the basis of these actions, EOIR reported that it will subsequently to move to the next phases of the fraud risk assessment, consistent with GAO's Fraud Risk Management Framework. To fully address this recommendation, EOIR should conduct regular fraud risk assessments across asylum claims in immigration courts.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure that the Department of Justice effectively measures its efforts to address incarceration challenges, the Attorney General should explore additional data collection opportunities and modify its Smart on Crime indicators to incorporate key elements of successful performance measurement systems.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: In August 2015, DOJ reported that it has taken steps to obtain new, more granular data elements that it hoped to incorporate into its indicators. However, DOJ also stated that it did not believe that measureable targets were appropriate for its Smart on Crime indicators because prosecutors need to make case by case decisions without regard to targets or concerns for any other incentive. As of October 2016, DOJ had not provided any updates on its progress addressing this recommendation to enhance performance measurement. Until DOJ provides this information, we cannot determine whether its efforts resulted in indicators that incorporate key elements of successful performance measurement systems. In March, 2017, DOJ noted that, due to a change in administration, the consequences of the Smart on Crime initiative are uncertain, and did not provide any further updates on its progress addressing our recommendation.
    Recommendation: To ensure that the Department of Justice effectively measures its efforts to address incarceration challenges, the Attorney General should direct the Office of the Pardon Attorney, in conjunction with the Office of the Deputy Attorney General, to (1) track how long it takes, on average, for commutation of sentence petitions to clear each step in the review process under DOJ's control, and (2) identify and address, to the extent possible, any processes that may contribute to unnecessary delays.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: In August 2015, DOJ reported that tracking the steps of its review would not provide meaningful data because the Department prioritizes those cases for review that appear likely to meet the Clemency Initiative factors announced in April 2014. Nevertheless, DOJ stated that it agreed that identifying and addressing unnecessary delays in the review process is important, and that it has been regularly working to identify and address such delays. As of October 2016, DOJ had not provided any updates on its progress addressing this recommendation to better track and address any unnecessary delays. Until it does so, we cannot determine whether it is meeting the key goal of the new Clemency Initiative--to expeditiously identify and review especially meritorious petitions. In March 2017, DOJ noted that due to the accelerated clemency review process implemented in 2015, it currently has no standard process to evaluate, and did not provide any further updates on its progress in addressing our recommendation.
    Director: Frank Rusco
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: To help ensure that agencies have sufficient information on the effects of changing circumstances on the performance of their ESPC portfolios, the Secretaries of Defense, Energy, and Veterans Affairs; the Attorney General; and the Administrator of the General Services Administration should establish a process to systematically evaluate their ESPC projects--including baseline assumptions about facilities' energy use, utility prices, and interest rates--to determine how their ESPC portfolios are performing and the extent to which they are achieving expected savings. Agencies could consider conducting such evaluations either after a certain number of years, or in response to events, such as changes in utility prices or market interest rates, or appropriations becoming available that could be used for modifications or terminations.

    Agency: Department of Justice
    Status: Open

    Comments: In comments on a draft of this report, the Department of Justice agreed with the recommendation. As of December 2016, we were working with Department of Justice officials to confirm the status of their actions to implement the recommendation.
    Recommendation: To help ensure that agencies have sufficient information on ESPC performance to oversee whether future and current contracts are achieving their expected savings, the Secretaries of Defense, Energy, and Veterans Affairs; the Attorney General; and the Administrator of the General Services Administration should work with contractors to determine the best way to obtain estimates of cost and energy savings that are not achieved because of agency actions in order to include these estimates in future measurement and verification reports for existing contracts, in accordance with DOE guidance, and where economically feasible.

    Agency: Department of Justice
    Status: Open

    Comments: In comments on a draft of this report, the Department of Justice agreed with the recommendation. As of December 2016, we were working with Department of Justice officials to confirm the status of their actions to implement the recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    1 open recommendations
    Recommendation: To help the department effectively manage spending on mobile devices and services, the Attorney General should ensure procedures to monitor and control spending are established department-wide. Specifically, ensure that (1) procedures include assessing devices for zero, under, and over usage; (2) personnel with authority and responsibility for performing the procedures are identified; and (3) the specific steps to be taken to perform the process are documented.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice has taken steps to implement this recommendation. Specifically, in response to our findings, the department's Chief Information Officer issued a memo that required components to establish procedures for regular reviews of invoices for wireless services to identify unused and underused devices or services, as well as any over-usage charges to service plans. However, as of August 2017, the department had not demonstrated that its components had implemented the requirements. We will continue to monitor the department's progress.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To help ensure the efficient use of resources for the Three Percent Fund, the Attorney General should develop a policy and implement procedures to regularly analyze unobligated balances and develop collection estimates in order to determine an appropriate reserve amount and inform estimates of future funding needs.

    Agency: Department of Justice
    Status: Open

    Comments: In February 2015, we found that the Department of Justice (DOJ) Collection Resource Allocation Board (CRAB) had taken steps to manage the Three Percent Fund, but it had not conducted analyses that would help DOJ better manage the fund, such as developing reserve estimates aligned with DOJ priorities or projecting future collections. GAO has identified leading practices among federal agencies when evaluating balances in federal accounts. Such practices emphasize the importance of regularly analyzing balances by, for example, estimating collections and determining reserve needs. Doing so helps agencies more effectively anticipate program needs and ensure the most efficient use of resources. As a result, we recommended that DOJ develop a policy and implement procedures to regularly analyze unobligated balances collection estimates in the Three Percent Fund. DOJ partially concurred with this recommendation. In response, DOJ provided us with a policy it began implementing in January 2016 to help them analyze the Three Percent Fund's unobligated balance and develop an appropriate reserve amount. For example, DOJ's policy for developing the reserve estimate now relies on more robust requests for information of DOJ debt collection activities, including government personnel, contract support, and automated litigation service requirements. By developing and implementing this policy, DOJ is better positioned to ensure the continuity of operations funded through the Three Percent Fund and to make future resource allocations. However, DOJ stated in its response to the report that it does not believe it is appropriate to estimate incoming collections for the following year. For example, DOJ does not ask litigating components for the number of cases that will be settled because the agency does not want to be perceived as inappropriately encouraging larger government civil collections. Additionally, DOJ does not calculate such estimates due to the high level of variability in the civil debt litigation cases that make it difficult to use historical information to estimate reserves. We noted in our report DOJ's concerns for developing collection estimates. However, we continue to believe that developing a policy for considering collection estimates is important. The Three Percent Fund is self-sustaining and does not receive annual appropriations. Therefore, any volatility should be managed with the best information and estimates the department can provide. Without developing collection estimates, DOJ is at risk of committing too much or too few budgetary resources from the Three Percent Fund. A lack of such a policy may lead to Three Percent balances either falling too low to efficiently manage operations or rise to unnecessarily high levels. As we have previously reported, one method DOJ could consider instead of a specific dollar estimate is to develop a range between the potential lowest and highest collection amounts based on historical trends and current collection activities. By estimating future collections, DOJ could better ensure it is able to efficiently fund as many programs as possible and best support the fund's priorities. Therefore, we consider this recommendation only partially implemented and will keep it open until DOJ develops collection estimates to aid managing the Three Percent Fund.
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To better ensure that FBI whistleblowers have access to recourse under DOJ's regulations should the individuals experience retaliation, and to minimize the possibility of discouraging future potential whistleblowers, the Attorney General should clarify in all current relevant DOJ guidance and communications, including FBI guidance and communications, to whom FBI employees may make protected disclosures and, further, explicitly state that employees will not have access to recourse if they experience retaliation for reporting alleged wrongdoing to someone not designated in DOJ's regulations.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: As of March 1, 2017, the Department of Justice (DOJ) has not responded to GAO requests for information on any efforts DOJ has taken to address this recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    6 open recommendations
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Justice
    Status: Open

    Comments: In its June 2015 statement of actions to address our recommendations, the Department of Justice reported that it was pursuing a number of initiatives focused on improving Software License management. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Justice
    Status: Open

    Comments: The Department reported in June 2015 that it has taken initial steps to address our recommendations. For example, it reported using technology tools to pull software data being used within the infrastructure and to identify what software is not being used. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Justice
    Status: Open

    Comments: The Department in June 2015 reported that it has initiated steps to establish a comprehensive inventory of software licenses by using automated tools. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Justice
    Status: Open

    Comments: The Department has taken initial steps to regularly track and maintain a comprehensive inventory of software licenses. For example, the Department reported in June 2015, that it is managing a comprehensive inventory for major suppliers and exploring enterprise agreements with key suppliers to ensure compliance. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Justice
    Status: Open

    Comments: The Department reported in June 2015 that it has taken initial steps to analyze agency-wide software license data by providing better governance of software utilization to derive cost savings and by developing Enterprise License Agreements to achieve savings from processes across the components. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Justice
    Status: Open

    Comments: The Department reported in June 2015 that it has taken initial steps to provide training to appropriate agency personnel. For example, in the department's Vendor Management Calls they provide training on processes and the use of tools, including contract terms, negotiations, laws and regulations, acquisition, security planning and configuration management. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.
    Director: Gregory C.Wilshusen
    Phone: (202) 512-6244

    4 open recommendations
    Recommendation: To improve the effectiveness of cyber incident response activities, the Attorney General of the United States should revise policies for incident response by including requirements for defining the incident response team's level of authority, and prioritizing the severity ratings of incidents for unclassified systems, based on impact.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurred with the recommendation and as of April 2017 has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To improve the effectiveness of cyber incident response activities, the Attorney General of the United States should revise the department's incident response plan to include quantifiable metrics for measuring the incident response capability and its effectiveness.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurred with the recommendation and as of April 2017 has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To improve the effectiveness of cyber incident response activities, the Attorney General of the United States should develop incident response procedures that provide instructions for prioritizing the handling of incidents by impact.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurred with the recommendation and as of April 2017 has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To improve the effectiveness of cyber incident response activities, the Attorney General of the United States should ensure that all components test their incident response capability.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurred with the recommendation and as of April 2017 has not yet provided sufficient evidence that it has implemented the recommendation.
    Director: Dinapoli, Timothy J
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Department of Justice
    Status: Open

    Comments: In its letter to OMB and the Congress, the agency concurred with this recommendation but has not yet taken the actions necessary to implement it.
    Director: Powner, David A
    Phone: (202)512-9286

    2 open recommendations
    Recommendation: To improve the department's implementation of PortfolioStat, the Attorney General should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

    Agency: Department of Justice
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Justice stated that it had updated its enterprise architecture to include 100 percent of the information technology investments. However, it did not provide evidence of this action.We will follow up with the department to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Attorney General should direct the CIO to fully describe the following PortfolioStat action plan element: establish targets for commodity IT spending reductions and deadlines for meeting those targets.

    Agency: Department of Justice
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Justice (DOJ) stated that its Email and Collaboration Working Group established consolidation targets, and began Phase One of its email consolidation effort. In addition, DOJ provided information on the status of its efforts to establish additional targets. We are reviewing the information provided, as well as DOJ's reporting to OMB, to determine the extent to which this recommendation has been addressed.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To promote coordination as a practice to help avoid overlap, the Secretary of Homeland Security, the Attorney General, and the Director of ONDCP should work through the Information Sharing and Access Interagency Policy Committee (ISA IPC) or otherwise collaborate to develop a mechanism, such as performance metrics related to coordination, that will allow them to hold field-based information-sharing entities accountable for coordinating with each other and monitor and evaluate the coordination results achieved.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: The Department of Justice (DOJ), in coordination with the Department of Homeland Security (DHS) and the Office of National Drug Control Policy (ONDCP), has made progress toward addressing GAO's April 2013 recommendation but has not included all of the relevant field-based information sharing entities in its efforts. Through their involvement in an interagency policy committee within the Executive Office of the President, DHS, DOJ, and ONDCP have developed a mechanism to hold state and urban area fusion centers, Regional Information Sharing System (RISS) centers, and High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers accountable for coordinating their analytical and investigative activities. However, the agencies have not fully addressed the action because DOJ's Federal Bureau of Investigation's (FBI) Joint Terrorism Task Forces (JTTF) and Field Intelligence Groups (FIG), two of the five field-based entities included in GAO's April 2013 report, have not participated in the assessment on which the mechanism is based. In December 2015, DHS developed a field-based partners report in which DHS, DOJ and ONDCP reported data for state and urban area fusion centers, RISS centers, and HIDTA Investigative Support Centers. These data were focused on field-based collaboration, including governance, colocation, and other information sharing, analytic, and deconfliction-focused topics. However, the report did not include data for DOJ's JTTFs or FIGs. DOJ has noted that JTTFs and FIGs are different from the other entities because JTTFs are operational law enforcement investigative entities and FIGs provide intelligence support to FBI Field Offices. However, GAO's April 2013 report identified areas in which the missions and activities of JTTFs and FIGs overlapped with those of the other entities and that coordination with other field based entities was important to prevent unnecessary overlap and potential duplication. Considering the exclusion of two of the five entities, the agencies do not have a collective mechanism that can hold FIGS and JTTFs accountable for coordinating with the other field-based information sharing entities and allow the agencies to monitor progress and evaluate results across entities. Such a mechanism can help entities maintain effective relationships when new leadership is assigned and avoid unnecessary overlap in activities, which in turn can help entities to leverage scarce resources. As of March 2017, DOJ had provided no new updates. GAO will continue to monitor DOJ's progress in this area.
    Recommendation: To help identify where agencies and the field-based entities they support could apply coordination mechanisms to enhance information sharing and reduce inefficiencies resulting from overlap, the Secretary of Homeland Security, the Attorney General, and the Director of ONDCP should work through the ISA IPC or otherwise collaborate to identify characteristics of entities and assess specific geographic areas in which practices that could enhance coordination and reduce unnecessary overlap, such as cross-entity participation on governance boards and colocation of entities, could be further applied. The results of this assessment could be used by the agencies to provide recommendations or guidance to the entities to create coordinated governance boards or colocate entities, which can result in increased efficiencies through shared facilities and resources and reduced overlap through coordinated or collaborative products, activities, and services.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: The Department of Justice (DOJ), in coordination with the Department of Homeland Security (DHS) and the Office of National Drug Control Policy (ONDCP), has made progress toward addressing GAO's April 2013 recommendation but has not included all of the relevant field-based information sharing entities in its efforts. The three agencies have taken the necessary steps to assess the extent to which practices that can enhance coordination are being implemented at state and urban area fusion centers, Regional Information Sharing System (RISS) centers, and High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers through their involvement in an interagency policy committee within the Executive Office of the President. However, the assessment did not include DOJ's Federal Bureau of Investigation's (FBI) Joint Terrorism Task Forces (JTTF) or Field Intelligence Groups (FIG), two of the five field-based entities included in GAO's April 2013 report. In December 2015, DHS, DOJ, and ONDCP developed a field-based partners report in which DOJ and ONDCP collected and reported data elements for RISS centers and HIDTA Investigative Support Centers similar to those DHS uses in its annual fusion center assessment. These data were focused on field-based collaboration, including governance, colocation, and other information sharing, analytic, and deconfliction-focused topics. However, the report did not include data for DOJ's FBI JTTFs or FIGs. A collaborative assessment of where practices that enhance coordination can be applied to reduce overlap, collaborate, and leverage resources for all five field-based information-sharing entities would allow the agencies to provide recommendations or guidance to the entities on implementing these practices. As of March 2017, DOJ had provided no new updates. GAO will continue to monitor DOJ's progress in this area.
    Director: Cha, Carol
    Phone: (202) 512-3000

    2 open recommendations
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should fully establish an approach for measuring enterprise architecture outcomes, including a documented method (i.e., steps to be followed) and metrics that are measurable, meaningful, repeatable, consistent, actionable, and aligned with the agency's enterprise architecture's strategic goals and intended purpose.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice has not taken sufficient steps to implement our recommendation. In June 2014, the department established metrics associated with the department's enterprise architecture (e.g., cost savings/avoidance gained through consolidated systems). However, as of August 2017, the department had not provided evidence that it had documented a method for measuring the metrics, or that it plans to do so. We will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To enhance federal agencies' ability to realize enterprise architecture benefits, the Secretaries of the Departments of Agriculture, the Air Force, the Army, Commerce, Defense, Education, Energy, Homeland Security, the Interior, Labor, the Navy, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and Small Business Administration; the Commissioners of the Nuclear Regulatory Commission and Social Security Administration; and the Directors of the National Science Foundation and the Office of Personnel Management should periodically measure and report enterprise architecture outcomes and benefits to top agency officials (i.e., executives with authority to commit resources or make changes to the program) and to OMB.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice has not sufficiently implemented our recommendation. Although the department reported cost savings through use of its enterprise architecture, as of August 2017, it has not provided documentation to support that the cost savings have been reliably measured.
    Director: Martin, Belva M
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To better inform management and resource allocation decisions, effectively manage limited export control enforcement resources, and improve the license determination process, the Secretary of Homeland Security and the Attorney General, as they implement efforts to track resources expended on export control enforcement activities, should use such data to make resource allocation decisions.

    Agency: Department of Justice
    Status: Open

    Comments: DOJ had identified plans to make continual improvements to the investigative and prosecutorial data to allow better tracking and refined resource allocation decisions going forward. However, we have not been able to obtain status information from Justice despite our attempts.
    Director: Goldstein, Mark L
    Phone: (202)512-6670

    1 open recommendations
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Justice
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.