Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Federal contractors"

    10 publications with a total of 54 open recommendations including 4 priority recommendations
    Director: Timothy J. DiNapoli
    Phone: (202) 512-4841

    7 open recommendations
    Recommendation: To enhance management attention to closing out contracts, the Secretary of Defense should develop a means for department-wide oversight into components' progress in meeting their goals on closing contracts and the status of contracts eligible for closeout. (Recommendation 1)

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance management attention to closing out contracts, the Secretary of Health and Human Services should develop a means for department-wide oversight into components' progress in meeting their goals on closing contracts and the status of contracts eligible for closeout. (Recommendation 2)

    Agency: Department of Health and Human Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance management attention to closing out contracts, the Secretary of Homeland Security should develop a means, either at the agency or the component level, to track where the contracts are in the closeout process, and establish goals and performance measures for closing contracts. (Recommendation 3)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance management attention to closing out contracts, the Attorney General should direct the Senior Procurement Executive to ensure the development of a means to track data on the number and type of contracts eligible for closeout and where the contracts are in the closeout process, as well as a means to assess--at the agency or component level--progress by establishing goals and performance measures for closing contracts. (Recommendation 4)

    Agency: Department of Justice
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance management attention to closing out contracts, the Secretary of State should develop a means at the agency level to track data on the entirety of the number and type of contracts eligible for closeout, where the contracts are in the closeout process, and establish goals and performance measures for closing contracts. (Recommendation 5)

    Agency: Department of State
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To manage its incurred cost inventory, the Director, DCAA should assess and implement options for reducing the length of time to begin incurred cost audit work and establish related performance measures. (Recommendation 6)

    Agency: Department of Defense: Defense Contract Audit Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To manage its incurred cost inventory, the Director, DCAA should comprehensively assess the use and effect of multi-year audits on both DCAA and contractors and establish related performance measures. (Recommendation 7)

    Agency: Department of Defense: Defense Contract Audit Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Cary Russell
    Phone: (202) 512-5431

    6 open recommendations
    Recommendation: To enable the department to enhance its visibility over contractor personnel for whom it may become responsible in the event of contingency and other applicable operations, the Secretary of Defense should, in coordination with the Chairman of the Joint Chiefs of Staff, update accountability guidance clarifying the types of contractor personnel that are to be accounted for in a steady-state environment.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enable PACOM to consistently account for contractor personnel in its area of responsibility, the Secretary of Defense should direct the PACOM Commander to clarify contractor personnel accountability guidance for the collection of all contractor personnel data in a steady-state environment and specify a system of record, such as SPOT, for the collection of this information.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure that combatant commands are not contracting with entities that may be connected to or supporting prohibited organizations, the Secretary of Defense should, in coordination with the Chairman of the Joint Chiefs of Staff, develop and issue guidance that clarifies the foreign-vendor vetting steps or process that should be established at each combatant command, including the operational conditions under which a foreign-vendor vetting cell should be established.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure that PACOM is not contracting with entities that may be connected to or supporting prohibited organizations, while awaiting DOD guidance on vendor vetting, the Secretary of Defense should direct the PACOM commander to consider developing vendor vetting guidance as other combatant commands have done, to prepare for the event that PACOM becomes actively engaged in hostilities.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enable OCS to be fully embedded in the command structure at the command and continue to build upon the progress of integrating OCS into the command, as PACOM updates OCS guidance, the Secretary of Defense should direct the PACOM Commander to consider ways to ensure all joint staff functions beyond the logistics area are fully integrated into its OCS organizational structure and OCS Integration Cell.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enable PACOM to better identify OCS requirements and incorporate those requirements into Annex Ws and their appendixes, the Secretary of Defense should direct the PACOM Commander to develop guidance that clarifies roles and responsibilities and the process that should be followed for OCS requirements development.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David C. Trimble
    Phone: (202) 512-3841

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To help provide a roadmap to effectively guide NNSA's effort to integrate and improve its financial management, the NNSA Administrator should direct the Program Director of Financial Integration to develop a plan for producing cost information that fully incorporates leading practices.

    Agency: Department of Energy: National Nuclear Security Administration
    Status: Open
    Priority recommendation

    Comments: NNSA agreed with the recommendation. In its written responses to our report, NNSA stated that it will address the items we identified in its annual update to Congress on its financial integration initiative.
    Director: Brown Barnes, Cindy S
    Phone: (202) 512-7215

    6 open recommendations
    Recommendation: To ensure that federal contractors are complying with equal employment opportunity requirements, the Secretary of Labor should direct the Director of OFCCP to make changes to the contractor scheduling list development process so that compliance efforts focus on those contractors with the greatest risk of not following equal employment opportunity and affirmative action requirements.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor (DOL) agreed with this recommendation and is taking steps to address it. DOL noted its past work to improve its ability to identify federal contractor establishments under its jurisdiction. The agency is also committed to improving the scheduling process and using its resources more efficiently. DOL noted that its recently proposed EEO-1 pay data collection will provide more detailed information on federal contractor compensation disparity patterns, which they believe will strengthen the selection process. Finally, the agency reported that it is committed to improving its ability to focus on contractors with the greatest risk of noncompliance.
    Recommendation: To ensure that federal contractors are complying with equal employment opportunity requirements, the Secretary of Labor should direct the Director of OFCCP to develop a mechanism to monitor AAPs from covered federal contractors on a regular basis. Such a mechanism could include electronically collecting AAPs and contractor certification of annual updates.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor agreed with this recommendation and reported that it will fully explore the operational implications and funding requirements.
    Recommendation: To ensure that federal contractors are complying with equal employment opportunity requirements, the Secretary of Labor should direct the Director of OFCCP to make changes to the current scheduling list distribution process so that it addresses changes in human capital and does not rely exclusively on geographic location.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor (DOL) agreed with this recommendation. DOL reported that it will explore the logistics of non-geographically based compliance evaluations in its review of contractors with Functional Affirmative Action Programs. The agency will also explore establishment based cross-regional case transfers, and continue to implement improved case distribution approaches in future scheduling lists.
    Recommendation: To ensure that federal contractors are complying with equal employment opportunity requirements, the Secretary of Labor should direct the Director of OFCCP to provide timely and uniform training to new staff, as well as provide continuing training opportunities to assist compliance officers in maintaining a level of competence to help ensure quality and consistency of evaluations across regions and district offices.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor agreed with this recommendation and noted past and future efforts to address it. To date, the agency has conducted many webinars to build staff knowledge and skills; implemented a Front Line Manager Leadership Development Program to enhance leadership and technical skills; hosted an all-staff regional training in FY16 to hone the staff's technical skills; developed a training plan in FY16 to assess employee training needs and address the needs of compliance officers at various stages of their careers; and conducted a training needs assessment in FY16 to identify the performance requirements and competencies needed by agency staff. Based on the results of the needs assessment, the agency plans to develop the "Compliance Officer Continuous Education Success Program," a three-year program to ensure that compliance officers receive timely and consistent instruction. They will also formalize its use of training-related work groups to ensure training is responsive to employer needs, and leverage different instructional methods, such as classroom and web-based training.
    Recommendation: To ensure that federal contractors are complying with equal employment opportunity requirements, the Secretary of Labor should direct the Director of OFCCP to review outreach and compliance assistance efforts and identify options for improving information provided to federal contractors and workers to enhance their understanding of nondiscrimination and affirmative action requirements to ensure equal employment opportunities for protected workers.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor (DOL) agreed with this recommendation and is taking steps to address it. The agency plans to expand stakeholder engagement practices, such as consultations with federal contractors, to determine what additional guidance is needed to support contractor compliance with OFCCP regulations and increase contractor awareness of resources, such as its Help Desk and EEO Tabulation. OFCCP will also build on prior outreach that has included live and virtual events (e.g., focus groups, round tables) and explore ways to disseminate promising practices.
    Recommendation: To ensure that federal contractors are complying with equal employment opportunity requirements, the Secretary of Labor should direct the Director of OFCCP to assess existing contractor guidance for clarity to ensure that contractors have information that helps them better understand their responsibilities regarding nondiscrimination and affirmative action requirements to ensure equal employment opportunities for protected workers.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor agreed with this recommendation. The agency noted past efforts demonstrating its commitment to quality guidance, such as by increasing online resources and tools available to stakeholders, and revising outdated regulations and guidance with input from stakeholders.
    Director: David Trimble
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: To strengthen acquisition planning for M&O contract acquisitions, the Secretary of Energy should direct the Office of Acquisition Management, Office of Policy to require that acquisition planning documents for M&O contracts discuss alternatives beyond extending the M&O contract or conducting a competition for essentially the same scope of work.

    Agency: Department of Energy
    Status: Open

    Comments: In November 2016, DOE officials stated that the Office of Acquisition Management will amend existing or issue new policy or guidance, as appropriate, with an estimated completion date of January 2017.
    Recommendation: To strengthen acquisition planning for M&O contract acquisitions, the Secretary of Energy should direct the Office of Acquisition Management, Office of Policy to establish a process to periodically analyze DOE's experience with alternatives to the single M&O contract approach to identify and apply lessons learned during acquisition planning for M&O contracts.

    Agency: Department of Energy
    Status: Open

    Comments: In November 2016, DOE officials stated that the Office of Acquisition Management will amend existing or issue new policy or guidance, as appropriate, to require programs to periodically analyze their experiences with alternatives. Officials provided an estimated completion date of July 2017.
    Director: David C. Trimble
    Phone: (202) 512-3841

    6 open recommendations
    including 1 priority recommendation
    Recommendation: To improve DOE's ability to evaluate and monitor the effectiveness of policies that call for all organizations, including contractors, to embrace a strong safety culture and create a work environment that encourages a questioning attitude by all employees, the Secretary of Energy should develop and implement an independent evaluation process for routinely and accurately measuring contractor employees' willingness to raise safety and other concerns without fear of retaliation. This process should ensure that an independent third party develops, conducts, and consistently applies the evaluation methodology--which should include safeguards that protect anonymity. The process should also enable DOE to oversee and ensure that appropriate corrective actions are taken in response to evaluation results.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. In December 2016, the Office of Enterprise Assessments formed a working group to address our recommendations. According to DOE, as of March 2017 the working group developed a strategy and plan to independently analyze data associated with willingness to raise concerns within contractor organizations at DOE sites with high hazard nuclear facilities. We will continue to monitor DOE's efforts to implement this recommendation.
    Recommendation: To help ensure that the organizational placement and practices of DOE- and contractor- provided Employee Concerns Programs (ECP) do not inhibit contractor employees from raising safety and other concerns, the Secretary of Energy should revise DOE's ECP order and guidance to (1) require that the organizational placement and practices of contractor ECP's do not compromise or impair their independence, (2) clarify the circumstances under which DOE's ECP is permitted to transfer and refer concerns to contractors, and notify or require approval of the contractor employee raising the concern, and (3) provide criteria for overseeing and evaluating the effectiveness and independence of contractor-provided ECPs.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. To address this recommendation, DOE planned to update DOE Order 442.1A, Department of Energy Employee Concerns Program, to (1) address the potential for conflicts of interest that could affect the independence of contractor ECPs, (2) clarify the circumstances under which an employee concern can be referred or transferred from a DOE ECP to a contractor ECP, and (3) specify that the processes already identified in DOE Order 226.1B, Implementation of Department of Energy Oversight Policy, be used as part of the oversight processes for contractor-provided ECPs, to include evaluation of their effectiveness and independence. According to DOE, the draft order was affected by a Presidential Memorandum issued in January 2017, which put a temporary stop to the DOE directives process. We will continue to monitor the status of DOE's implementation of this recommendation.
    Recommendation: To help ensure that Congress has the information it needs as it considers whether or not to make permanent the enhanced whistleblower pilot program and that DOE has assurance that contractor employees have an effective mechanism to seek remedy for unlawful retaliation, the Secretary of Energy should fully evaluate the extent to which the pilot program has been implemented and whether its provisions will mitigate challenges associated with DOE's 708 program. This evaluation should include, at a minimum, an assessment of (1) contractors that have adopted the pilot program and the date they did so; (2) contractors that have not adopted the pilot program and an explanation of why not; (3) cases filed under the pilot program, if any; and (4) the pilot program's potential for mitigating challenges associated with the 708 program.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred in principle with the recommendation. In response to this recommendation, the Office of Hearings and Appeals conducted a review of the Part 708 program that, according to DOE, evaluated each of the areas of concern and compared current part 708 regulations with the pilot program. We will update the status of this recommendation after we review the resulting report.
    Recommendation: To help improve DOE's ability to take enforcement action against unlawful retaliation when appropriate and take action against contractors that create a chilled work environment, the Secretary of Energy should expedite the department's time frames for codifying in regulatory language its policy that retaliation for nuclear safety-related disclosures is a nuclear safety violation and develop a specific schedule for issuing the proposed and final rules.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation and planned to amend its regulations to clarify which DOE regulations constitute DOE Nuclear Safety Requirements. DOD planned to expedite the schedule for this rulemaking. We will update the status of this recommendation after we confirm DOE's actions
    Recommendation: To help improve DOE's ability to take enforcement action against unlawful retaliation when appropriate and take action against contractors that create a chilled work environment, the Secretary of Energy should direct DOE's Office of Enforcement to routinely collect information from the Department of Labor and other sources regarding substantiated cases of retaliation and take appropriate enforcement action.

    Agency: Department of Energy
    Status: Open

    Comments: According to DOE, the Office of Enforcement has revised its internal implementing procedure to require that a review of DOE Office of Hearings and Appeals whistleblower cases, Department of Labor complaints submitted under the Energy Reorganization Act, and an online legal research service (for court decisions) be conducted each quarter to identify cases wherein a DOE contractor may have retaliated against an employee for reporting a safety concern and evaluate the information for potential enforcement action. We will update the status of this recommendation after we review the updated procedure.
    Recommendation: To help improve DOE's ability to take enforcement action against unlawful retaliation when appropriate and take action against contractors that create a chilled work environment, the Secretary of Energy should revise DOE's Integrated Safety Management policy and guidance to clarify what constitutes evidence of a chilled work environment and define the appropriate steps DOE should take to hold contractors accountable for creating a chilled work environment.

    Agency: Department of Energy
    Status: Open
    Priority recommendation

    Comments: DOE concurred with the recommendation. DOE officials said that the department was revising the Integrated Safety Management policy but the revisions are currently on hold indefinitely along with all other actions to publish new, or update existing departmental directives in response to two Presidential Executive Orders issued in January and February 2017 that directed federal agencies to, among other things, reduce and reform agency regulations.
    Director: Cary Russell
    Phone: (202) 512-5431

    6 open recommendations
    including 1 priority recommendation
    Recommendation: To enable AFRICOM's component commands to better plan, advise, and coordinate for OCS, the AFRICOM Commander, as part of AFRICOM's ongoing efforts to update related guidance and emphasize the importance of OCS integration at the subordinate command level, should direct the service components to designate elements within their respective staffs to be responsible for coordinating OCS, and consider the establishment of an OCS Integration Cell or similar structure with these dedicated OCS personnel, as needed.

    Agency: Department of Defense: U.S. Africa Command
    Status: Open

    Comments: In July 2016, AFRICOM officials stated that there are clear advantages and benefits to establishing an OCSIC at Service-component level. USAFRICOM, as a geographic combatant command, assigns operational missions to subordinate commands for execution, including operational contract support (OCS) tasks. Joint Pub 4-10, as augmented by AFRICOM Command Instruction (ACI) 4800.01 A, specifies the tasks and functions in support of OCS that Service Components must execute. Service Components determine the most appropriate organizational structure best suited to meet its assigned mission. i.e. establishment of an OCSlC as deemed necessary. However, service components have indicated that guidance clarifying the circumstances under which they should establish OCSICs would be helpful. As such, this recommendation will remain open at this time.
    Recommendation: To enable AFRICOM's component commands to better plan, advise, and coordinate for OCS, the AFRICOM Commander, as part of AFRICOM's ongoing efforts to update related guidance and emphasize the importance of OCS integration at the subordinate command level, should clarify under what conditions a subordinate joint force command, such as Combined Joint Task Force-Horn of Africa, should establish an OCS Integration Cell.

    Agency: Department of Defense: U.S. Africa Command
    Status: Open

    Comments: AFRICOM officials told us that USAFRICOM J4 conducted a staff assistance visit (SA V) at CJTF-HOA from 16-19 August 2015. It was recommended that ClTF-HOA establish an OCS Working Group (OCSWG) that is owned b) the ClTF-HOA J4. The OCSWG is a doctrinal working group and would contain designated cross-functional staff members to enable OCS planning and policy generation as well as Oversee contractor management issues. Other OCS recommendations were made to the CJTF-HOA J4 that included adding permanent OCS billets to the J4 and executing OCSIC tasks. This recommendation will remain open at this time.
    Recommendation: To enable AFRICOM to better identify, address, and mitigate OCS readiness gaps at its component commands before inaccurate information is incorporated into formal defense readiness reporting systems, the AFRICOM Commander should clarify the scorecard process, including assessment standards, for OCS Readiness Scorecards to ensure that evaluators can accurately assess subordinate commands' OCS capabilities.

    Agency: Department of Defense: U.S. Africa Command
    Status: Open

    Comments: In July 2016, AFRICOM officials stated that while the OCS score card may be considered a best practice in the OCS execution in the AFRICOM AOR, it is not a replacement for the Defense Readiness Reporting System (DRRS) to report OCS. This recommendation will remain open at this time.
    Recommendation: To enable AFRICOM to comprehensively and consistently account for contractor personnel in Africa, the Secretary of Defense, in coordination with the Chairman of the Joint Chiefs of Staff, should direct Joint Staff to clarify what types of contractor personnel should be accounted for in its guidance on personnel status reports.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has taken steps to clarify what types of contractor personnel should be accounted for in its guidance on personnel status reports, but revision of that guidance is ongoing. According to Joint Staff officials in August 2016, USAFRICOM has not yet incorporated its local policies and standards into the CJCSM 3150.13C as the manual is up for review by the Joint Staff and is projected to be completed by Spring 2017. Additionally, in February 2016, a class deviation became effective for the USAFRICOM area of responsibility (AOR). This deviation superseded Class Deviations 2014-O0005, and 2015-O0003. The deviation stated that contracting officers shall incorporate clause 252.225-7980, Contractor Personnel Performing in the United States Africa Command Area of Responsibility, in lieu of the clause at DFARS 252.225-7040, Contractor Personnel Supporting U.S. Armed Forces Deployed Outside the United States, in all solicitations and contracts, including solicitations and contracts using FAR part 12 procedures for the acquisition of commercial items that will require contractor personnel to perform in the United States Africa Command (USAFRICOM) area of responsibility. In addition, to the extent practicable, contracting officers shall modify current, active contracts with performance in the USAFRICOM AOR to include the clause 252.225-7980. The USAFRICOM Commander has identified a need to utilize the Synchronized Pre-deployment and Operational Tracker for all contracts performed in the AOR during all operational phases (including Phase 0), not limited to declared contingency operations. However, until guidance clarifying what types of contractor personnel is finalized, this recommendation will remain open.
    Recommendation: To enable AFRICOM to comprehensively and consistently account for contractor personnel in Africa, the AFRICOM Commander should develop area of responsibility-wide contractor personnel accountability guidance on or before December 2015, when the current guidance expires, that clarifies which types of contractor personnel should be accounted for using SPOT, and when SPOT accountability requirements should be incorporated into contracts.

    Agency: Department of Defense: U.S. Africa Command
    Status: Open

    Comments: In July 2016, AFRICOM officials told us Defense Federal Acquisition Regulation Supplement (DFARS) 252.225-7980 (Class Deviation 2016-00008), Contractor Personnel Performing in the United States Africa Command Area of Responsibility was published in June 2016. This clause requires the use of the Synchronized Pre-Deployment and Operational Tracker (SPOT) to account for all Contractor Authorized to Accompany the Force (CAAF), United States and third-country national contractors (TCNs), all private security contractors. and all other contractor personnel authorized to carry weapons when performing in the AFRICOM AOR on all DoD contracts, regardless of the contract amount or period of performance. Furthermore. the DoD contractor is required to submit to the cognizant contracting officer for SPOT reporting and aggregate count of all local national employees performing in the AFRICOM AOR. by country of performance, for 30 days or longer under a contract valued at or above $150.000. This recommendation will remain open at this time.
    Recommendation: To ensure that combatant commands are not contracting with entities that may be connected to or supporting prohibited organizations, the Secretary of Defense, in coordination with the Chairman of the Joint Chiefs of Staff, should develop guidance that clarifies the conditions under which combatant commands should have a foreign vendor vetting process or cell in place to determine whether potential vendors actively support any terrorist, criminal, or other sanctioned organizations, including clarifying when combatant commands should develop procedures for transmitting the names of any vendors identified through this process for inclusion in prohibited entities lists in the appropriate federal contracting databases, such as the System for Award Management.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: As of October 2016, DOD has taken steps to develop foreign vendor vetting guidance, but that guidance is in the process of being drafted. According to Joint Staff officials in August 2016, as required by NDAA for FY2015, Section 841(d)(1), the Director, Defense Procurement & Acquisition Policy, issued Class Deviation 2015-O0016, Prohibition on Providing Funds to the Enemy and Authorization of Additional Access to Records, effective September 15, 2015. Also, Joint Staff has drafted a Directive Type Memorandum (DTM)on foreign vendor vetting. When issued, the DTM will assign responsibility to each of the Combatant Commanders to establish a foreign vendor program in their respective Areas of Responsibility in accordance with NDAA for FY2015, Sections 841, 842 and 843. However, until the DTM is issued, this recommendation will remain open.
    Director: Michael Courts
    Phone: (202) 512-8980

    1 open recommendations
    Recommendation: The Secretary of State should direct State's Office of the Procurement Executive to incorporate leading practices into any future single insurer solicitations by determining whether existing guidance could be used, or by developing guidance based on leading practices in federal and State Department acquisition regulations and State internal control standards.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with the recommendation and said it would incorporate leading practices into any future single insurer solicitation if a determination is made to pursue a single insurer program. However, as of September 2017 State had not made a determination to pursue a single insurer program. GAO will continue to monitor State's effort to implement the recommendation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should assess the extent to which ICE has appropriate internal controls for tracking and managing detention facility costs and develop additional controls as necessary.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of December 2016, no additional information had been provided on the status of ICE efforts to address this recommendation. In February 2015, the Department of Homeland Security (DHS) reported that Immigration and Customs Enforcement (ICE) had created a spend plan tool to help track costs for each detention facility. In addition, DHS reported that ICE headquarters and field offices were coordinating to determine the resources needed to track and manage detention facilities costs. To fully address this recommendation, ICE should assess the extent to which the spend plan tool is an appropriate internal control for tracking and managing detention facilities costs and whether additional controls are necessary.
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should document the reasons facilities cannot be transitioned to the most recent standards.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: The Department of Homeland Security (DHS) did not concur with this recommendation. As of December 2016, no additional information had been provided on the status of Immigration and Customs Enforcement (ICE) efforts to address this recommendation. To fully address this recommendation, ICE should document the reasons detention facilities cannot be transition to the most recent national detention standards.
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should take additional steps to help ensure that personnel responsible for reviewing and paying facility detention invoices follow internal control procedures to ensure proper payments.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of December 2016, no additional information had been provided on the status of ICE efforts to address this recommendation. In October 2014, the Department of Homeland Security (DHS) reported that Immigration and Customs Enforcement (ICE) had issued a new "Receipt & Acceptance" policy applicable to all program offices and would assess if additional internal controls are required and implement any needed ones, as appropriate. In February 2015, DHS reported that ICE had not finalized an impact assessment of the new policy for fiscal year 2014 to determine if additional controls would be required. To fully address this recommendation, ICE should complete an impact assessment of the new policy to determine if additional controls are needed to ensure proper payment of facility detention invoices.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    16 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Energy should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test plan is developed.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. However, DOE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when DOE informs us that it has satisfactorily implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Energy should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. However, DOE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when DOE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Energy should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, test results are reviewed by agency officials.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. However, DOE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when DOE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, security and privacy requirements are communicated to contractors.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has satisfactorily implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, an independent assessor is selected to assess the system.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, test results are reviewed by agency officials.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, plans of action and milestones with estimated completion dates and resources assigned for resolution are maintained.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, security and privacy requirements are communicated to contractors.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has satisfactorily implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, test results are reviewed by agency officials.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, plans of action and milestones with estimated completion dates and resources assigned to resolution are maintained.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Administrator of the Environmental Protection Agency should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: EPA concurred with our recommendation. However, EPA has not yet provided evidence that it has implemented the recommendation. We plan to validate the department's actions when EPA informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Administrator of the Environmental Protection Agency should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, plans of action and milestones with estimated completion dates and resources assigned for resolution are maintained.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: EPA concurred with our recommendation. However, EPA has not yet provided evidence that it has implemented the recommendation. We plan to validate the department's actions when EPA informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Director of the Office of Personnel Management should develop, document, and implement oversight procedures for ensuring that a system test is fully executed for each contractor-operated system.

    Agency: Office of Personnel Management
    Status: Open
    Priority recommendation

    Comments: OPM concurred with our recommendation. However, as of April 2017, OPM had not implemented the recommendation to develop, document and implement oversight procedures to ensure that a system test is fully executed for each contractor-operated system. We will monitor OPM's efforts and validate OPM actions when evidence discloses that the recommendation has been implemented.
    Recommendation: To be able to effectively assist agencies with their contractor oversight programs, the Director of the Office of Management and Budget, in collaboration with the Secretary of Homeland Security, should develop and clarify reporting guidance to agencies for annually reporting the number of contractor-operated systems.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We requested comments on a draft of this report from the Office of Management and Budget, but none were provided. In June 2017, OMB stated that its and DHS's annual reporting requirements now contain an expanded list of criteria for contractor-operated systems, including definitions in related guidance from the National Institute of Standards and Technology. However, although the reporting requirements call for agencies to report on their total number of contractor-operated systems, neither the requirements or related guidance clarify which agency systems that have contractor relationships should be categorized as contractor-operated. The lack of clear instructions may continue to result in incomplete information regarding the number of contractor-operated systems within the government.