Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Federal law"

    27 publications with a total of 92 open recommendations including 12 priority recommendations
    Director: Zina Merritt
    Phone: (202) 512-5257

    4 open recommendations
    Recommendation: To enhance the department's transfer of its excess controlled property, and to strengthen LESO program internal controls for the application and enrollment of federal agencies, the Under Secretary of Defense for Acquisition, Technology and Logistics should direct the Director of DLA to review and revise policy or procedures for verifying and approving federal agency applications and enrollment. For example, such steps could include LESO supervisory approval for all federal agency applications; confirmation of the application with designated points of contact at the headquarters of participating federal agencies; or visiting the location of the applying federal law enforcement agency.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance the department's transfer of its excess controlled property, and to help ensure controlled property is picked up by authorized individuals, the Under Secretary of Defense for Acquisition, Technology and Logistics should direct the Director of DLA to ensure compliance that on-site officials responsible for the transfer of items at Disposition Services' sites request and verify valid identification of the individual(s) authorized to pick up allocated property from the LESO program.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance the department's transfer of its excess controlled property, and to help ensure the accurate quantity of approved items is transferred, the Under Secretary of Defense for Acquisition, Technology and Logistics should direct the Director of DLA to issue guidance that requires DLA Disposition Services on-site officials to verify the type and quantity of approved items against the actual items being transferred prior to removal from the sites.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance the department's transfer of its excess controlled property, and to strengthen LESO program internal controls, the Undersecretary of Defense for Acquisition, Technology, and Logistics should direct the Director of DLA to conduct a fraud risk assessment to design and implement a strategy with specific internal control activities to mitigate assessed fraud risks for all stages relating to LESO's transfer of excess controlled property to law enforcement agencies, consistent with leading practices provided in GAO's Fraud Risk Framework.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Gretta L. Goodwin
    Phone: (202) 512-8777

    2 open recommendations
    Recommendation: To help ensure that DOJ is contributing to efforts to improve data collection and service provision to Native Americans, the Director of OVW should require grantees to report the number of human trafficking victims served using grant funding, and, as appropriate, the Native American status of those victims.

    Agency: Department of Justice: Office of Justice Programs: Violence Against Women Office
    Status: Open

    Comments: In responding to a draft of our report, DOJ agreed to require their grantees to report the number of human trafficking victims served, but did not agree to require them to track Native American status of those victims as appropriate, citing victim confidentiality and other reasons. In June 2017, following our report's publication, DOJ provided a status update, reporting that OVW already collects consolidated data on the number of American Indian and Alaska Native victims served who are victims of all crimes and it is in the process of revising grantee forms to collect information on the number of people served who are victims of sex trafficking. We continue to believe that collecting grantee information on both the number and Native American status of victims served is important and will continue to monitor implementation.
    Recommendation: To help ensure that DOJ is contributing to efforts to improve data collection and service provision to Native Americans, the Assistant Attorney General for the Office of Justice Programs should direct OVC and OJJDP to require their grantees to report the number of human trafficking victims served using grant funding, and, as appropriate, the Native American status of those victims.

    Agency: Department of Justice: Office of Justice Programs
    Status: Open

    Comments: In responding to a draft of our report, DOJ agreed to require its grantees to report the number of human trafficking victims served, but did not agree to require them to track Native American status of those victims as appropriate, citing victim confidentiality and other reasons. In June 2017, following our report's publication, DOJ provided a status update, reporting that OJJDP human trafficking grantees will be required to report the number of human trafficking victims served, beginning with progress reports ending December 31, 2017, and that OJJDP will update applicable solicitations beginning in fiscal year 2018 to reflect this new measure. DOJ reported no new efforts from OVC, and maintained that it will not require grantees to report on the Native American status of their victims served using grant funding because of the concerns it cited initially. We continue to believe that collecting grantee information on both the number and Native American status of victims served is important and will continue to monitor implementation.
    Director: Charles Jeszeck
    Phone: (202) 512-7215

    6 open recommendations
    Recommendation: To ensure that current vesting policies appropriately balance plans' needs and interests with the needs of workers to have employment mobility while also saving for retirement, Treasury should evaluate the appropriateness of existing maximum vesting policies for account-based plans, considering today's mobile labor force, and seek legislative action to revise vesting schedules, if deemed necessary. The Department of Labor could provide assistance with such an evaluation.

    Agency: Department of the Treasury
    Status: Open

    Comments: Treasury did not provide formal comments for this recommendation. The Department of Labor's comments noted that Treasury and IRS will consult with them on subjects of joint interest and Labor will provide assistance as requested. We will monitor the agency's progress.
    Recommendation: To help participants better understand eligibility and vesting policies, the Department of Labor (DOL) should develop guidance for plan sponsors that identifies best practices for communicating information about eligibility and vesting policies in a clear manner in summary plan descriptions. For example, DOL could discourage plans from including in documents information about employer contributions or other provisions that are not actually being used by the plan sponsor.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor disagreed with this recommendation stating that it would not be appropriate at this time to reallocate resources from its existing priority projects to a new project to identify "best practices" for communicating information about eligibility and vesting policies in a clear manner in the summary plan descriptions. The agency noted that in FY17, it will review its existing outreach material on plan administration and compliance for opportunities to highlight the issues and recommendations in our report. It will also consider this recommendation in its ongoing development and prioritization of EBSA's agenda for regulations and sub-regulatory guidance.
    Recommendation: To help increase plan participation and individuals' retirement savings, Congress should consider updating ERISA's 401(k) plan eligibility provisions to extend plan eligibility to otherwise eligible workers at an age earlier than 21.

    Agency: Congress
    Status: Open

    Comments: As of August 2017, Congress has not yet taken action on this matter.
    Recommendation: To help increase plan participation and individuals' retirement savings, Congress should consider updating ERISA's 401(k) plan eligibility provisions to amend the definition of "year of service," given the prevalence of part-time workers in today's workforce.

    Agency: Congress
    Status: Open

    Comments: When we obtain information on actions taken by the Congress, we will a update.
    Recommendation: Congress should consider whether ERISA's provisions related to the timing of employer matching contributions need to be adjusted to reflect today's mobile workforce and workplace plans, which are predominantly 401(k) plans offering matching employer contributions.

    Agency: Congress
    Status: Open

    Comments: When we obtain information on actions taken by the Congress, we will a update.
    Recommendation: Congress should consider whether ERISA's provisions related to last day policies need to be adjusted to reflect today's mobile workforce and workplace plans, which are predominantly 401(k) plans offering matching employer contributions.

    Agency: Congress
    Status: Open

    Comments: When we obtain information on actions taken by the Congress, we will a update.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    22 open recommendations
    Recommendation: To assist CISOs in carrying out their responsibilities, the Director of OMB should issue guidance for agencies' implementation of the FISMA 2014 requirements to ensure that (1) senior agency officials carry out information security responsibilities and (2) agency personnel are held accountable for complying with the agency-wide information security program. This guidance should clarify the role of the agency CISO with respect to these requirements, as well as implementing the other elements of an agency-wide information security program, taking into account the challenges identified in this report.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) partially concurred with this recommendation, but does not intend to directly issue guidance as recommended. Instead, we are reviewing the relevant OMB memoranda that officials believe address the intent of the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with the FISMA 2014, the Secretary of Commerce should define the CISO's role in department policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce concurred with the recommendation, stating that the department's policy documents are expected to be updated by the end of the 4th Quarter in 2017. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the senior information security officer (SISO) is defined in department policy in accordance with FISMA 2014, the Secretary of Defense should define the SISO's role in department policy for ensuring that information security policies and procedures are developed and maintained.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) did not concur with our recommendation, nor has it provided evidence that it has implemented the recommendations.
    Recommendation: To ensure that the role of the SISO is defined in department policy in accordance with FISMA 2014, the Secretary of Defense should define the SISO's role in department policy for ensuring that the department has procedures for incident detection, response, and reporting.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) partially concurred with our recommendation, but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the SISO is defined in department policy in accordance with FISMA 2014, the Secretary of Defense should define the SISO's role in department policy for oversight of security for information systems that are operated by contractors on the department's behalf.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) partially concurred with our recommendation, but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy for ensuring that subordinate security plans are documented for the department's information systems.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy for ensuring that all users receive information security awareness training.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy for ensuring that the department has a process for planning implementing, evaluating, and documenting remedial actions.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy for oversight of security for information systems that are operated by contractors on the department's behalf.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy in the periodic authorization of the department's information systems.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain Departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Health and Human Services should define the CISO's role in department policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services concurs with our recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Attorney General should define the CISO's role in department policy for ensuring that information security policies and procedures are developed and maintained.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurs with our recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Attorney General should define the CISO's role in department policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurs with our recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of State should define the CISO's role in department policy for ensuring that the department has procedures for incident detection, response, and reporting.

    Agency: Department of State
    Status: Open

    Comments: The Department of State (State) concurred with this recommendation. We are currently reviewing the evidence provided by State to determine whether the role of the CISO has been defined in its policy to for ensuring that State has procedures for incident detection, response, and reporting.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Transportation should define the CISO's role in department policy for ensuring that subordinate security plans are documented for the department's information systems.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation concurred with the recommendation and is currently updating its Cybersecurity Policy. The Department plans to be complete by June 29, 2018. However, the department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Transportation should define the CISO's role in department policy for ensuring that security controls are tested periodically.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation concurred with the recommendation and is currently updating its Cybersecurity Policy. The Department plans to be complete by June 29, 2018. However, the department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the senior agency information security officer (SAISO) is defined in agency policy in accordance with FISMA 2014, the Administrator of the Environment Protection Agency should define the SAISO's role in agency policy for ensuring that subordinate security plans are documented for the department's information systems.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency (EPA) concurred with our recommendation. We are currently reviewing the evidence provided by EPA to determine whether the role of the SAISO has been defined in its policy to for ensuring that subordinate security plans are documented for the agency's information systems.
    Recommendation: To ensure that the role of the SAISO is defined in agency policy in accordance with FISMA 2014, the Administrator of the Environment Protection Agency should define the SAISO's role in agency policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency (EPA) concurred with our recommendation. We are currently reviewing the evidence provided by EPA to determine whether the role of the SAISO has been defined in its policy to ensure recovery and continued operations of the agency's information systems in the event of a disruption.
    Recommendation: To ensure that the role of the SAISO is defined in agency policy in accordance with FISMA 2014, the Administrator of the Environment Protection Agency should define the SAISO's role in agency policy in the periodic authorization of the department's information systems.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency (EPA) concurred with our recommendation. We are currently reviewing the evidence provided by EPA to determine whether the role of the SAISO has been defined in agency policy for the periodic authorization of the department's information systems.
    Recommendation: To ensure that the role of the SAISO is defined in agency policy in accordance with FISMA 2014, the Administrator of the National Aeronautics and Space Administration should define the SAISO's role in agency policy for oversight of security for information systems that are operated by contractors on the agency's behalf.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) concurred with our recommendation. We are currently reviewing the evidence provided by NASA to determine whether the role of the SAISO has been defined in agency policy for oversight of security for information systems that are operated by contractors on NASA's behalf.
    Recommendation: To ensure that the role of the CISO is defined in agency policy in accordance with FISMA 2014, the Administrator of the Small Business Administration should define the CISO's role in agency policy for ensuring that personnel with significant security responsibilities receive appropriate training.

    Agency: Small Business Administration
    Status: Open

    Comments: The Small Business administration (SBA) concurs with our recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Director: Gretta L. Goodwin
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To help the NICS Section achieve its mission to enhance national security and public safety by providing the timely and accurate determination of a person's eligibility to possess firearms, the Director of the FBI should monitor NICS check outcomes for specific categories of prohibited individuals to assess timeliness and provide this information to other DOJ entities for use in establishing priorities and tools to assist states in submitting more complete records for use during NICS checks.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Diana C. Maurer
    Phone: (202) 512-9627

    4 open recommendations
    Recommendation: To help determine if pretrial diversion programs and practices are effectively contributing to the achievement of department goals and enhance DOJ's ability to better manage and encourage the use of such programs and practices, the Attorney General should identify, obtain, and track data on the outcomes and costs of pretrial diversion programs.

    Agency: Department of Justice
    Status: Open

    Comments: In providing comments on this report, DOJ concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Recommendation: To help determine if pretrial diversion programs and practices are effectively contributing to the achievement of department goals and enhance DOJ's ability to better manage and encourage the use of such programs and practices, the Attorney General should develop performance measures by which to help assess program outcomes.

    Agency: Department of Justice
    Status: Open

    Comments: In providing comments on this report, DOJ concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Recommendation: To determine how the use of RRCs and home confinement contribute to its goal of helping inmates successfully reenter society, and to better enable BOP to adjust its policies and procedures for the optimal use of these alternatives, as necessary and within statutory requirements, the Director of BOP should identify, obtain, and track data on the outcomes of the programs.

    Agency: Department of Justice: Bureau of Prisons
    Status: Open

    Comments: In providing comments on this report, DOJ concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Recommendation: To determine how the use of RRCs and home confinement contribute to its goal of helping inmates successfully reenter society, and to better enable BOP to adjust its policies and procedures for the optimal use of these alternatives, as necessary and within statutory requirements, the Director of BOP should develop performance measures by which to help assess program outcomes.

    Agency: Department of Justice: Bureau of Prisons
    Status: Open

    Comments: In providing comments on this report, DOJ concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Director: Diana C. Maurer
    Phone: (202) 512-9627

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To allow for more efficient use of data on missing and unidentified persons contained in the NCIC's Missing Persons and Unidentified Persons files and NamUs, the Directors of the FBI and NIJ should evaluate the feasibility of sharing certain information among authorized users, document the results of this evaluation, and incorporate, as appropriate, legally and technically feasible options for sharing the information.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In commenting on GAO's June 2016 report, DOJ disagreed with our recommendation, because DOJ believes it does not have the legal authority to fulfill the corrective action as described in the proposed recommendation. Specifically, DOJ stated that the National Missing and Unidentified Persons System (NamUs) does not qualify, under federal law, for access to the National Crime Information Center (NCIC) and is not an authorized user to receive NCIC data. Therefore, DOJ does not believe there is value in evaluating the technical feasibility of integrating these two databases. In March 2017, DOJ reiterated its position that any such sharing was prohibited by law. We understand the legal framework placed on NCIC and that it may be restricted from fully integrating with a public database. However, this statutory restriction does not preclude DOJ from exploring options to more efficiently share information within the confines of the current legal framework. Until DOJ studies whether such feasible mechanisms exist, it will be unable to make this determination, risking continued inefficiencies through fragmentation and overlap.
    Recommendation: To allow for more efficient use of data on missing and unidentified persons contained in the NCIC's Missing Persons and Unidentified Persons files and NamUs, the Directors of the FBI and NIJ should evaluate the feasibility of sharing certain information among authorized users, document the results of this evaluation, and incorporate, as appropriate, legally and technically feasible options for sharing the information.

    Agency: Department of Justice: Office of Justice Programs: National Institute of Justice
    Status: Open
    Priority recommendation

    Comments: In commenting on GAO's June 2016 report, DOJ disagreed with our recommendation, because DOJ believes it does not have the legal authority to fulfill the corrective action as described in the proposed recommendation. Specifically, DOJ stated that the National Missing and Unidentified Persons System (NamUs) does not qualify, under federal law, for access to the National Crime Information Center (NCIC) and is not an authorized user to receive NCIC data. Therefore, DOJ does not believe there is value in evaluating the technical feasibility of integrating these two databases. In March 2017, DOJ reiterated its position that any such sharing was prohibited by law. We understand the legal framework placed on NCIC and that it may be restricted from fully integrating with a public database. However, this statutory restriction does not preclude DOJ from exploring options to more efficiently share information within the confines of the current legal framework. Until DOJ studies whether such feasible mechanisms exist, it will be unable to make this determination, risking continued inefficiencies through fragmentation and overlap.
    Director: Melissa Emrey-Arras
    Phone: (617) 788-0534

    7 open recommendations
    Recommendation: To help foster and unaccompanied homeless youth better navigate the college admissions and federal student aid processes, the Secretaries of Education and HHS should jointly study potential options for encouraging and enabling child welfare caseworkers, McKinney-Vento homeless youth liaisons, and other adults who work with these youth to more actively assist them with college planning.

    Agency: Department of Education
    Status: Open

    Comments: Education, working with the Department of Health and Human Services, issued a Foster Youth Transition Toolkit in May 2016 which addresses both financial aid and college admissions processes. The toolkit was written for youth in or formerly in foster care rather than for professionals who serve these youth. Education noted that it had also posted a Homeless Youth Fact sheet for teachers and other professionals on its website in July. Education said that it will continue to work with HHS and the National Association for the Education of Homeless Children and Youth about college admissions and federal student aid processes for foster and unaccompanied homeless youth. Education also plans to conduct a technical assistance webinar for McKinney-Vento homeless youth liaisons and to provide technical assistance for other programs. Making such information available on Education's website is an encouraging step, as are plans to conduct webinars for professionals who work with homeless youth. We look forward to the implementation of these plans. However, we continue to believe that HHS and Education should consider ways to encourage more active college planning efforts among professionals who work with homeless and foster youth that consider professional staff's competing goals and priorities and multiple responsibilities.
    Recommendation: To help foster and unaccompanied homeless youth better navigate the college admissions and federal student aid processes, the Secretaries of Education and HHS should jointly study potential options for encouraging and enabling child welfare caseworkers, McKinney-Vento homeless youth liaisons, and other adults who work with these youth to more actively assist them with college planning.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: HHS, working with the Department of Education, issued a Foster Youth Transition Toolkit in May 2016 which encourages current and former foster youth to pursue college and addresses both financial aid and college admissions processes. The toolkit was written for youth in or formerly in foster care, and HHS considers it a resource for unaccompanied homeless youth as well as for the adults who serve these youth. Making such information available through this joint publication is an encouraging step. However, child welfare caseworkers, school homelessness liaisons, and other professionals who work with homeless and foster youth have competing goals and priorities and multiple responsibilities. To encourage and facilitate college planning and admissions efforts, Education and HHS would need to carefully consider professional staff's workloads, responsibilities, and training needs, among other issues, and develop some options for encouraging college planning efforts among professionals in these programs who work with homeless and foster youth.
    Recommendation: To help foster and unaccompanied homeless youth, as well as adults who assist these youth, better navigate the federal student aid process and obtain information about college resources, the Secretary of Education, in consultation with the Secretary of HHS, should create webpages directed to homeless and foster youth so they can more easily find tailored and centralized information about available federal and other resources, such as Pell Grants, Chafee Education and Training Voucher Program (Chafee ETV Vouchers), and waivers for college admission tests.

    Agency: Department of Education
    Status: Open

    Comments: In addition to having a webpage about foster youth, Education noted that in April 2016 it had created a new webpage with resources for homeless children and youth. In July 2016, Education developed and posted online a Foster Care Transition Toolkit and a Fact Sheet on federal student aid for homeless youth that is available through its resources webpage. The development and posting of these materials on the agency's website offers helpful resources to foster and homeless youth; however, Education should also make it easier for these youth, who often lack adult support, to find these documents easily--such as by referring to them on the page that says who is eligible for federal student aid--without lengthy searching of the Website.
    Recommendation: To help college financial aid administrators more effectively implement eligibility rules for unaccompanied homeless youth, the Secretary of Education should make available an optional worksheet or form that college financial aid administrators can voluntarily use to document unaccompanied homeless youth status or encourage the use of existing forms that are available.

    Agency: Department of Education
    Status: Open

    Comments: Education agreed that it would be helpful to make forms developed by outside organizations knowledgeable about homelessness issues available for financial aid administrators to use for documenting the status of unaccompanied homeless youth. Education also said that it plans to highlight the availability of these forms and provide guidance at its annual conference and in updates to the Federal Student Aid Handbook. Education noted that it will not endorse the use of a specific form but that it will highlight forms that already exist that may be useful to financial aid administrators. We look forward to Education making such forms available for college financial aid administrators so that they can more effectively implement eligibility rules for unaccompanied homeless youth.
    Recommendation: To help homeless youth more easily access federal student aid, the Secretary of Education should clarify its guidance to financial aid administrators and students about whether financial aid administrators should accept any unaccompanied homeless youth determination provided by McKinney-Vento homeless liaisons or other authorized officials even if a student is not in high school or receiving program services.

    Agency: Department of Education
    Status: Open

    Comments: In June 2016, Education posted questions and answers about federal student for homeless youth on its website and in July, the agency posted a fact sheet about Homeless Youth on its webpage for teachers and other professional staff. However, neither document states whether financial aid administrators should accept any unaccompanied homeless youth determination provided by McKinney-Vento liaisons or authorized officials even if a student is not in high school or receiving program services. In July 2016, Education issued guidance for the McKinney-Vento program specifying that a local liaison may continue to provide verification of a youth's homelessness status for federal student aid purposes for as long as the liaison has access to the information necessary to make such a determination for a particular youth. The guidance also stated that local homelessness liaisons should ensure that all homeless high school students receive information and counseling on college-related issues. Education said that it will also hold a technical assistance webinar for McKinney-Vento Education for Homeless Children and Youths Program liaisons. In July 2016, Education said that it will issue the most-up-to-date guidance clarifying that financial aid administrators should accept any unaccompanied homeless youth determination provided by McKinney-Vento liaisons or authorized officials even if a student is not in high school or receiving program services. In addition to updating its guidance for financial aid administrators, the agency should also update the question and answer factsheet on federal student aid for homeless students and the factsheet for professionals so that the information on unaccompanied homeless youth determinations is presented consistently in these key documents.
    Recommendation: To enhance access to federal student aid for unaccompanied homeless youth, the Secretary of Education should consider developing a legislative proposal for congressional action to simplify the application process so that once a student has received an initial determination as an unaccompanied homeless youth, the student will not be required to have that status re-verified in subsequent years but attest to their current status on the Free Application for Federal Student Aid, unless a financial aid administrator has conflicting information.

    Agency: Department of Education
    Status: Open

    Comments: In July 2016, Education said that the department had proposed further simplification of the FAFSA in its fiscal year 2017 budget proposal. Education stated that it will also consider the feasibility of a legislative proposal to not require re-verification of homelessness after a student has received an initial determination. Such a legislative proposal would enhance access to federal student aid for unaccompanied homeless youth.
    Recommendation: To simplify program rules for Chafee ETV vouchers and improve access to these vouchers for former foster youth ages 21 and 22, the Secretary of HHS should consider developing a legislative proposal for congressional action to allow foster youth to be eligible for the Chafee ETV voucher until age 23 without also requiring that they start using the voucher before they turn 21.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: HHS's budget request for fiscal year 2018 does not contain a legislative proposal to improve access to Chafee vouchers for former foster youth ages 21 and 22. In July 2016, HHS noted that it had made a proposal for mandatory programs to improve foster youth's access to vouchers for title IV-E Chafee programs in the Administration for Children and Families' fiscal year 2017 budget request. However, the agency explained that the proposal's purpose is to extend eligibility for Chafee Foster Care Independence Program (CFCIP) services to youth up to age 23 in jurisdictions that have extended foster care to age 21. According to HHS, the budgetary proposal does not affect the Chafee Vouchers. A legislative proposal to simplify program rules for Chafee ETV vouchers would support improving access to these vouchers for former foster youth ages 21 and 22.
    Director: Diana Maurer
    Phone: (202) 512-9627

    6 open recommendations
    including 6 priority recommendations
    Recommendation: To improve transparency and better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Attorney General should assess the PIA development process to determine why PIAs were not published prior to using or updating face recognition capabilities, and implement corrective actions to ensure the timely development, updating, and publishing of PIAs before using or making changes to a system.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: DOJ officials did not concur with this recommendation, and stated that the FBI has established practices that protect privacy and civil liberties beyond the requirements of the law. DOJ officials stated that it will internally evaluate the PIA process as part of the Department's overall commitment to improving its processes, not in response to our recommendation. In March 2017, we followed up with DOJ to obtain its current position on our recommendation. DOJ continues to believe that its approach in designing the NGI system was sufficient to meet legal privacy requirements and that our recommendation represents a "checkbox approach" to privacy. We disagree with DOJ's characterization of our recommendation. We continue to believe that the timely development and publishing of future PIAs would increase transparency of the department's systems. We recognize the steps the agency took to consider privacy protection during the development of the NGI system. We also stand by our position that notifying the public of these actions is important and provides the public with greater assurance that DOJ components are evaluating risks to privacy when implementing systems. As a result, the recommendation remains open and unimplemented.
    Recommendation: To improve transparency and better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Attorney General should assess the SORN development process to determine why a SORN was not published that addressed the collection and maintenance of photos accessed and used through NGI for the FBI's face recognition capabilities prior to using NGI-IPS, and implement corrective actions to ensure SORNs are published before systems become operational.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: DOJ agreed, in part, with our recommendation and submitted the SORN for publication to the Federal Register on April 21, 2016, and it was published on May 5, 2016. DOJ did not agree that the publication of a SORN is required by law. We disagree with DOJ's interpretation regarding the legal requirements of a SORN. The Privacy Act of 1974 requires that when agencies establish or make changes to a system of records, they must notify the public through a SORN published in the Federal Register. DOJ's comments on our draft report acknowledge that the automated nature of face recognition technology and the sheer number of photos now available for searching raise important privacy and civil liberties considerations. DOJ officials also stated that the FBI's face recognition capabilities do not represent new collection, use, or sharing of personal information. We disagree. We believe that the ability to perform automated searches of millions of photos is fundamentally different in nature and scope than manual review of individual photos, and the potential impact on privacy is equally fundamentally different. By assessing the SORN development process and taking corrective actions to ensure timely development of future SORNs, the public would have a better understanding of how personal information is being used and protected by DOJ components. As a result, the recommendation remains open and unimplemented.
    Recommendation: To better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Director of the Federal Bureau of Investigation should conduct audits to determine the extent to which users of NGI-IPS and biometric images specialists in FACE Services are conducting face image searches in accordance with Criminal Justice Information Services Division policy requirements.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In March 2017, DOJ provided us with the audit plan the CJIS Audit Unit developed in June 2016 for NGI-IPS users. In addition, DOJ reported that the CJIS Audit Unit began assessing NGI-IPS requirements at participating states in conjunction with its triennial National Identity Services audit and that, as of February 2017, the unit had conducted NGI-IPS audits of four states. Further, DOJ officials said CJIS developed an audit plan of the FACE Services Unit to coincide with the existing triennial FBI internal audit for 2018. However, DOJ did not provide the audit plan for the FACE Services Unit. DOJ officials said the methodology would be the same as the audit plan for NGI-IPS, but that methodology does not describe oversight on use of information obtained from external systems accessed by FACE Services employees. Therefore, we believe DOJ is making progress towards meeting the recommendation, but has not fully implemented our recommendation.
    Recommendation: To better ensure that face recognition systems are sufficiently accurate, the Director of the Federal Bureau of Investigation should conduct tests of NGI-IPS to verify that the system is sufficiently accurate for all allowable candidate list sizes, and ensure that the detection and false positive rate used in the tests are identified.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In comments on our draft report in 2016, and reiterated during recommendation follow-up, as of March 2017, DOJ did not concur with this recommendation. DOJ officials stated that the FBI has performed accuracy testing to validate that the system meets the requirements for the detection rate, which fully satisfies requirements for the investigative lead service provided by NGI-IPS. We disagree with DOJ. A key focus of our recommendation is the need to ensure that NGI-IPS is sufficiently accurate for all allowable candidate list sizes. Although the FBI has tested the detection rate for a candidate list of 50 photos, NGI-IPS users are able to request smaller candidate lists (between 2 and 50 photos). FBI officials stated that they do not know, and have not tested, the detection rate for other candidate list sizes. According to these officials, a smaller candidate list would likely lower the detection rate because a smaller candidate list may not contain a likely match that would be present in a larger candidate list. However, according to the FBI Information Technology Life Cycle Management Directive, testing needs to confirm the system meets all user requirements. Because the accuracy of NGI-IPS's face recognition searches when returning fewer than 50 photos in a candidate list is unknown, the FBI is limited in understanding whether the results are accurate enough to meet NGI-IPS users' needs. DOJ officials also stated that searches of NGI-IPS produce a gallery of likely candidates to be used as investigative leads, not for positive identification. As a result, according to DOJ officials, NGI-IPS cannot produce false positives and there is no false positive rate for the system. We disagree with DOJ. The detection rate and the false positive rate are both necessary to assess the accuracy of a face recognition system. Generally, face recognition systems can be configured to allow for a greater or lesser number of matches. A greater number of matches would generally increase the detection rate, but would also increase the false positive rate. Similarly, a lesser number of matches would decrease the false positive rate, but would also decrease the detection rate. Reporting a detection rate of 86 percent without reporting the accompanying false positive rate presents an incomplete view of the system's accuracy. As a result, the recommendation remains open and unimplemented.
    Recommendation: To better ensure that face recognition systems are sufficiently accurate, the Director of the Federal Bureau of Investigation should conduct an operational review of NGI-IPS at least annually that includes an assessment of the accuracy of face recognition searches to determine if it is meeting federal, state, and local law enforcement needs and take actions, as necessary, to improve the system.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: As of March 2017, FBI officials stated they implemented the recommendation by submitting a paper to solicit feedback from users through the Fall 2016 Advisory Policy Board Process. Specifically, officials said the paper requested feedback on whether the face recognition searches of the NGI-IPS are meeting their needs, and input regarding search accuracy. According to FBI officials, no users expressed concern with any aspect of the NGI-IPS meeting their needs, including accuracy. Although FBI's action of providing working groups with a paper presenting GAO's recommendation is a step, the FBI's actions do not fully meet the recommendation. The FBI's paper was presented as informational, and did not result in any formal responses from users. We disagree with the FBI's conclusion that receiving no responses on the informational paper fulfills the operational review recommendation, which includes determining that NGI-IPS is meeting user's needs. As such, we continue to recommend the FBI conduct an operational review of NGI-IPS at least annually.
    Recommendation: To better ensure that face recognition systems are sufficiently accurate, the Director of the Federal Bureau of Investigation should take steps to determine whether each external face recognition system used by FACE Services is sufficiently accurate for the FBI's use and whether results from those systems should be used to support FBI investigations.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In comments on our draft report in 2016, and reiterated during recommendation follow-up in 2017, DOJ officials did not concur with this recommendation and had no plans to implement it. DOJ officials stated that the FBI has no authority to set or enforce accuracy standards of face recognition technology operated by external agencies. In addition, DOJ officials stated that the FBI has implemented multiple layers of manual review that mitigate risks associated with the use of automated face recognition technology. Further, DOJ officials stated there is value in searching all available external databases, regardless of their level of accuracy. We disagree with the DOJ position. We continue to believe that the FBI should assess the quality of the data it is using from state and federal partners. We acknowledge that the FBI cannot and should not set accuracy standards for the face recognition systems used by external partners. We also do not dispute that the use of external face recognition systems by the FACE Services Unit could add value to FBI investigations. However, we disagree with FBI's assertion that no assessment of the quality of the data from state and federal partners is necessary. We also disagree with the DOJ assertion that manual review of automated search results is sufficient. Even with a manual review process, the FBI could miss investigative leads if a partner does not have a sufficiently accurate system. By relying on its external partners' face recognition systems, the FBI is using these systems as a component of its routine operations and is therefore responsible for ensuring the systems will help meet FBI's mission, goals and objectives. The recommendation remains open and unimplemented.
    Director: Jessica Farb
    Phone: (202) 512-6991

    1 open recommendations
    Recommendation: To ensure effective implementation of the strategic objective of the Weapons Chapter of the Strategy, the ONDCP Director should establish a more comprehensive indicator, or set of indicators, that more accurately reflects progress made by ATF and ICE in meeting the strategic objective.

    Agency: Office of National Drug Control Policy
    Status: Open

    Comments: As part of ONDCP's comments on our draft report, the agency concurred with our recommendation to establish a more comprehensive set of indicators for the Weapons Chapter of the National Southwest Border Counternarcotic Strategy. ONDCP indicated that it would work with ICE and ATF to develop additional indicators to evaluate their progress. ONDCP agreed that the indicators developed through this collaborative process would be used in future iterations of the Strategy. However, in its July 26, 2017 letter to the relevant congressional committees leadership ONDCP explained that a decision has not been made on whether a new iteration of Strategy will be released, or if the current Administration will take different approach to address this issue. We will need to wait until an update of the Strategy is available for us to review to determine if our recommendation has been implemented.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: The Attorney General should direct ODAG to document a plan specifying DOJ's process for monitoring the effects of marijuana legalization under state law, in accordance with DOJ's 2013 marijuana enforcement policy guidance, to include the identification of the various data ODAG will use and their potential limitations for monitoring the effects of state marijuana legalization, and how ODAG will use the information sources in its monitoring efforts to help inform decisions on whether state systems are effectively protecting federal marijuana enforcement priorities.

    Agency: Department of Justice
    Status: Open

    Comments: The agency concurred with the recommendation and reported plans to implement it. Subsequent to the agency stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: The Attorney General should direct ODAG to use existing mechanisms to share DOJ's monitoring plan with appropriate officials from DOJ components responsible for providing information DOJ reports using regarding the effects of state legalization to ODAG, obtain feedback, and incorporate the feedback into its plan.

    Agency: Department of Justice
    Status: Open

    Comments: The agency concurred with the recommendation and reported plans to implement it. Subsequent to the agency stating that it has taken action, we plan to verify whether implementation has occurred.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    2 open recommendations
    Recommendation: To improve the oversight of states' marketplace IT projects, the Secretary of Health and Human Services should direct the Administrator of the Centers for Medicare & Medicaid Services to ensure that all CMS senior executives from IT and business units who are involved in the establishment of state marketplace IT projects review and approve funding decisions for these projects.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In 2015, Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) concurred with the recommendation. The department, in its agency comments, stated that it already included senior executives in its funding decisions for these projects. However, as noted in our report, CMS did not provide evidence that key senior executives from CCIIO, CMCS, and OTS were involved in various funding decisions associated with the states' IT projects. For example, CMS did not demonstrate that senior-level executives from all relevant business and IT units were involved in the initial approval of grant awards or the release of restricted IT funds from marketplace grants as states progressed with their projects. In addition, CMS did not provide evidence of senior executive involvement in the approval of Medicaid funds for marketplace IT projects. Furthermore, as of March 10, 2017, CMS still had not provided evidence that it had taken such actions to support the implementation of this recommendation. By ensuring such executive involvement, CMS would increase accountability for decisions to fund states' IT projects and ensure that these decisions are well informed in order to make efficient use of federal funds.
    Recommendation: To improve the oversight of states' marketplace IT projects, the Secretary of Health and Human Services should direct the Administrator of the Centers for Medicare & Medicaid Services to ensure that states have completed all testing of marketplace system functions prior to releasing them into operation.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In 2015, Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) concurred with the recommendation. The department noted that it would continue to follow its guidelines to determine if state marketplace system functions are ready for release. The department added that it would work closely with state-based marketplaces to improve their systems and verify that system requirements are met and fully tested before approving them for release into production. While CMS drafted guidance to update its process in June 2016, which required states to submit certain testing reports and supporting documentation, as of March 10, 2017, the agency had not provided evidence that it had determined that state systems had been sufficiently tested for release into operations.
    Director: James Cosgrove
    Phone: (202) 512-7114

    4 open recommendations
    Recommendation: To improve its oversight of network adequacy in MA, the Administrator of CMS should augment MA network adequacy criteria to address provider availability.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: HHS concurred with this recommendation, and noted in a January 2016 update that CMS will review how to augment the MA network adequacy criteria to address provider availability in future years. As of September 2016, agency officials have not implemented this recommendation.
    Recommendation: To improve its oversight of network adequacy in MA, the Administrator of CMS should verify provider information submitted by MAOs to ensure validity of the Health Services Delivery data.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: HHS concurred with this recommendation, and noted in a January 2016 update that the agency is working to standardize existing protocols to ensure the validity of the Health Services Delivery data submitted by MAOs with regards to exceptions requests and partial county justifications. However, unless CMS verifies provider information submitted by MAOs, the agency cannot be confident that MAOs are meeting network adequacy criteria. As of September 2016, agency officials have not implemented this recommendation.
    Recommendation: To improve its oversight of network adequacy in MA, the Administrator of CMS should expand network adequacy reviews by requiring that all MAOs periodically submit their networks for assessment against current Medicare requirements.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: HHS concurred with this recommendation. In a January 2016 update, the agency noted that CMS has expanded its reviews to include both existing and new service areas for network adequacy when MAOs apply for a service area expansion, However, unless CMS periodically requires evidence of compliance of all existing MAO networks, the agency cannot be confident that MAOs are meeting network adequacy criteria. As of September 2016, agency officials have not implemented this recommendation.
    Recommendation: To improve its oversight of network adequacy in MA, the Administrator of CMS should set minimum requirements for MAO letters notifying enrollees of provider terminations and require MAOs to submit sample letters to CMS for review.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: HHS concurred with this recommendation. In a January 2016 update, the agency noted that the Medicare Marketing Guidelines contain best practice suggestions of what should be included in the written termination notice; however, we note in our report those practices are not required, nor are the letters regularly reviewed. The agency also noted that it was considering rulemaking to require that MAOs submit sample written notices of termination to HHS for review and approval. As of September 2016, agency officials have not implemented this recommendation.
    Director: Kimberly Gianopoulos
    Phone: (202)512-8612

    1 open recommendations
    Recommendation: To strengthen agency performance measurement related to deterring child smuggling, the Secretary of Homeland Security should instruct DHS's U.S. Immigration and Customs Enforcement to establish annual performance targets associated with the performance measures it has established for its Transnational Criminal Investigative Units.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In its comments on the report in July 2015, the Department of Homeland Security stated that it concurred with this recommendation, and that it would work with host nation partners to establish goals to measure these units' investigative activities and capacity development. In September 2015, DHS noted that it planned to use law enforcement data to measure TCIU success rates and inform efforts going forward. GAO has followed up with DHS--most recently in June 2017--on the status of its efforts to establish performance targets, but has not yet received a response.
    Director: Melissa Emrey-Arras
    Phone: (617) 788-0534

    3 open recommendations
    Recommendation: The Secretary of Education should develop a risk-based, cost-effective strategy to verify that states are implementing a process for assessing whether any teacher preparation programs are low-performing.

    Agency: Department of Education
    Status: Open

    Comments: Education reported adding additional questions about states' processes for identifying low-performing and at-risk programs to its annual state data collection form. The Department reported that this revised data collection form was submitted to OMB in April 2016 and was still undergoing OMB review as of September 2017. In the meantime, Education reported that it is conducting a temporary risk-based monitoring approach to determine how states report information on low-performing teacher preparation programs. GAO will monitor Education's efforts to finalize and implement these initiatives.
    Recommendation: The Secretary of Education should study the usefulness of Title II data elements for policymakers and practitioners, and, if warranted, develop a proposal for Congress to eliminate or revise any statutorily-required elements that are not providing meaningful information.

    Agency: Department of Education
    Status: Open

    Comments: Education reported that its regulations published in October 2016 included new Title II data elements related to program quality. However, this action is distinct from our recommendation to assess whether existing fields required by law should be eliminated or revised. During our review, Education officials noted that such data elements could only be eliminated or revised through legislation, rather than regulation. Therefore, we continue to believe that it would be valuable for Education to review the existing data elements required by law and submit a proposal to Congress to eliminate or revise any of these fields, if warranted.
    Recommendation: The Secretary of Education should develop and implement mechanisms to systematically share information about teacher preparation program quality with relevant Department of Education program offices and states (including state Independent Standards Boards).

    Agency: Department of Education
    Status: Open

    Comments: Education reported that, subject to available staff resources, the agency would be designing an internal work group to increase information-sharing about teacher preparation program quality within and outside the Department. As of August 2017, ED reported that actions on this recommendation were pending. GAO will monitor Education's continued steps to design and implement this working group.
    Director: Seto Bagdoyan
    Phone: (202) 512-6722

    4 open recommendations
    including 2 priority recommendations
    Recommendation: To improve SSA's ability to detect, prevent, and recover potential DI benefit overpayments due to the concurrent receipt of FECA benefits, the Commissioner of Social Security should review the potential DI overpayments resulting from FECA benefits identified in our case studies, as well as any indicators of fraudulent activity related to FECA benefits that were not self-reported by DI beneficiaries, and establish debt-collection efforts and fraud-related penalties, as appropriate.

    Agency: Social Security Administration
    Status: Open

    Comments: As of January 2017, SSA stated that it will continue reviewing the potential DI overpayments resulting from FECA benefits identified in GAO's case studies, as GAO recommended in July 2015, and that actions are due to be completed by the end of April 2017. GAO will continue to monitor SSA's efforts in this area.
    Recommendation: To improve SSA's ability to detect, prevent, and recover potential DI benefit overpayments due to the concurrent receipt of FECA benefits, the Commissioner of Social Security should review the instances described in our report in which SSA staff did not obtain proof of FECA benefits that were reported by DI beneficiaries and (1) determine the reasons for these occurrences and whether this is a pervasive problem; and (2) if necessary, design appropriate controls or make other efforts, such as staff training, to help ensure SSA staff obtain proof of workers' compensation payments, as required by SSA policy.

    Agency: Social Security Administration
    Status: Open

    Comments: As of February 2017, SSA stated that it will continue reviewing the instances described in GAO's report in which SSA staff did not obtain proof of FECA benefits that DI beneficiaries reported nor took follow-up actions as needed, as GAO recommended in July 2015. SSA expected to complete its analysis by the end of April 2017. SSA also stated that it has published an administrative message to remind staff of correct development and processing procedures for FECA claims. GAO will continue to monitor SSA's efforts in this area.
    Recommendation: To improve SSA's ability to detect, prevent, and recover potential DI benefit overpayments due to the concurrent receipt of FECA benefits, the Commissioner of Social Security should, in accordance with OMB guidance, compare the costs and benefits of alternatives to SSA's current approach for reducing the potential for overpayments that result from the concurrent receipt of FECA benefits, which relies on beneficiaries to self-report any FECA benefits they receive. These alternatives could include, among others, routinely matching DOL's FECA program data with DI program data to detect potential DI overpayments.

    Agency: Social Security Administration
    Status: Open
    Priority recommendation

    Comments: SSA has taken steps to address this recommendation, but it has not completed its efforts. Specifically, in February 2017, SSA told GAO that the agency continues to discuss with DOL a data-matching agreement to obtain FECA payment data for offsetting DI benefits in accordance with federal law, as GAO recommended in July 2015. SSA also stated that it has reviewed its internal controls, policies, and workflow processes related to DI beneficiaries who receive concurrent FECA payments. Because SSA has not completed its work in this area, it is too early to determine whether these actions will address the problems GAO identified. GAO will continue to monitor SSA's work in this area.
    Recommendation: To improve SSA's ability to detect, prevent, and recover potential DI benefit overpayments due to the concurrent receipt of FECA benefits, the Commissioner of Social Security should strengthen internal controls designed to prevent DI overpayments due to the concurrent receipt of FECA benefits by implementing the alternative that provides the greatest net benefits.

    Agency: Social Security Administration
    Status: Open
    Priority recommendation

    Comments: SSA has taken steps to address this recommendation, but it has not completed its efforts. Specifically, in February 2017, SSA told GAO that the agency was negotiating with DOL to enter into a data matching agreement to obtain FECA payment data for offsetting DI benefits in accordance with federal law, as GAO recommended in July 2015. SSA also stated that it was reviewing its internal controls related to DI beneficiaries who receive concurrent FECA payments and is in the process of considering the best options for strengthening these internal controls. SSA further stated that in August 2016, it issued reminders to technicians regarding developing and processing DI cases when an individual is concurrently receiving FECA benefits. Because SSA has not completed its work in this area, it is too early to determine whether these actions will address the problems GAO identified. GAO will continue to monitor SSA's work in this area.
    Director: Katherine M. Iritani
    Phone: (202) 512-7114

    3 open recommendations
    including 2 priority recommendations
    Recommendation: To improve CMS's oversight of Medicaid payments, the Administrator of CMS should take steps to ensure that states report accurate provider-specific payment data that include accurate unique national provider identifiers (NPI).

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: HHS concurred with GAO's recommendation. As of September 2016, CMS has not provided additional information showing that the recommendation has been implemented. GAO considers it to be open. We will update the status of this recommendation when we receive additional information.
    Recommendation: To improve CMS's oversight of Medicaid payments, the Administrator of CMS should develop a policy establishing criteria for when such payments at the provider level are economical and efficient.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open
    Priority recommendation

    Comments: HHS concurred with GAO's recommendation and as of October 2016 was evaluating ways to improve its oversight, including gathering information from states to better inform future policies. In November 2016, CMS plans to publish a proposed rule for public comment to improve the oversight of supplemental payments made to individual providers. Supplemental payments are large lump sum payments that most states make to certain providers and are not based on claims for services provided. According to CMS, the proposed rule will establish criteria for determining the economy and efficiency of Medicaid payments made to individual providers.
    Recommendation: To improve CMS's oversight of Medicaid payments, the Administrator of CMS should, once criteria are developed, develop a process for identifying and reviewing payments to individual providers in order to determine whether they are economical and efficient.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open
    Priority recommendation

    Comments: HHS concurred with GAO's recommendation and as of October 2016 was evaluating ways to improve its oversight, including gathering information from states to better inform future policies. In November 2016, CMS plans to publish a proposed rule for public comment to improve the oversight of supplemental payments made to individual providers. According to CMS, the proposed rule will establish a process for identifying and reviewing payments to individual providers to determine if these payments meet the criteria of economy and efficiency established by the rule.
    Director: Susan Fleming
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To improve stewardship over the nation's highways and bridges, the Secretary of Transportation should direct the FHWA Administrator to conduct a study on state oversize- and overweight-permitting practices, including automated vehicle routing and escort driver certification, to identify areas of best practice and share the results with states.

    Agency: Department of Transportation
    Status: Open

    Comments: The Federal Highway Administration (FHWA) concurred with this recommendation. According to an FHWA letter, they will conduct a review of permitting practices, which will include findings from several recent and ongoing research projects related to oversize and overweight permitting. FHWA plans to complete this review by September 30, 2017, and share the results with states through peer exchanges and forums.
    Director: Andrew Sherrill
    Phone: (202) 512-7215

    3 open recommendations
    Recommendation: To promote effective operation of the U.S. Commission on Civil Rights, Congress may wish to consider amending the commission's authorizing statute to clearly specify the roles and responsibilities of the commission chairperson, commissioners, and staff director, such as who has the authority to develop and implement commission operating policies and procedures, to manage commission staff, and to represent commission decisions and views, including those views expressed on commission letterhead.

    Agency: Congress
    Status: Open

    Comments: A Senate Committee on Appropriations report released on June 16, 2015, which accompanied a bill that provided for the Commission's FY 2016 appropriations, included a provision that directed the Commission to address one of the issues highlighted in our recommendation. Specifically, the report calls for the Commission to limit the use of letterhead to items that reflect the views of the entire Commission.
    Recommendation: To more fully inform congressional consideration of the commission's fiscal year 2016 budget submission, the commission should develop and submit to the appropriate congressional committees a comprehensive workforce plan that assesses skills needed and the appropriate distribution of commission staff to fulfill the agency's mission and statutory responsibilities. This plan should incorporate relevant information from the report that Congress recently directed the commission to provide.

    Agency: Commission on Civil Rights
    Status: Open

    Comments: The Commission on Civil Rights stated that the Commissioners will work closely with the incoming Staff Director, once the President makes an appointment, to develop a comprehensive workforce plan. The agency stressed the importance of involving the new Staff Director in this process. We recognize the importance of involving the Staff Director - the agency's chief administrative official - in an analysis of the Commission's workforce and look forward to the results of this analysis.
    Recommendation: To enhance the commission's consideration of State Advisory Committee work in planning its National Office projects, the commission should increase the visibility of SAC work at commission meetings. For example, the commission could invite SACs to present the results of their work during monthly commission business meetings.

    Agency: Commission on Civil Rights
    Status: Open

    Comments: The Commission on Civil Rights highlighted several initiatives that it plans to consider, pending resource availability, to better highlight and consider the work of its state advisory committees (SAC). First, the agency stated that it would like to re-introduce an annual conference where SAC chairs from around the country can meet and share information. Second, the agency stated that it is looking to leverage technology, such as video conferencing and live streaming, to allow the general public and stakeholders to view SAC meetings. Lastly, the agency stated that the Commission's Chair is planning to develop a list-serve for SAC chairs, send out monthly updates to SACs, and institute quarterly conference calls between the Chair, Vice Chair, and SAC Chairs. We are encouraged by the Commission's efforts to explore ways to better engage with SACs and look forward to the implementation of these planned actions.
    Director: Seto J. Bagdoyan
    Phone: (202) 512-6722

    2 open recommendations
    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should assess the cost and feasibility of addressing limitations in FEMA's control for identifying duplicate information in applications in high-risk data fields--such as SSN, bank-account information, address, and phone number--that may currently allow individuals or households to improperly receive multiple payments, and if determined to be costbeneficial take steps to address the system design limitation.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In April 2017, FEMA reported that the agency had reviewed its software system's controls for identifying duplicate SSNs, bank account, address, and phone information. FEMA reported that it would be cost effective and feasible to improve its software system's controls for identifying duplicate address information, and the agency expects to deploy these system changes in the summer of 2017. FEMA also reported that, based on its review of the cases GAO referred to FEMA, errors in SSN and bank account information were related to human casework processing rather than software system limitations. Consequently, FEMA reported that it was reviewing and updating its casework training, guidance, and quality control documentation. We will continue to monitor FEMA's efforts to implement this recommendation.
    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should collaborate with SSA to assess the cost and feasibility of checking recipient SSNs against the Enumeration Verification System and the full death file to more accurately identify recipients who used Social Security numbers (SSNs) that were ineligible or belonged to likely deceased individuals, document the results of this assessment, and if determined to be cost-beneficial take steps to implement a partnership to use SSA data.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In April 2017, FEMA reported that the agency completed a cost estimate for system changes needed to include a direct data exchange with SSA. FEMA further reported that the agency was continuing to explore alternative means of conducting a direct data exchange that would help FEMA verify if an SSN belongs to a deceased person. We will continue to monitor FEMA's progress in implementing this recommendation.
    Director: Charles Michael Johnson, Jr.
    Phone: (202) 512-7331

    1 open recommendations
    Recommendation: For elements identified in the Countering Iran in the Western Hemisphere Act of 2012 that were not fully addressed in the strategy, the Secretary of State should provide the relevant congressional committees with information that would fully address these elements. In the absence of such information, State should explain to the congressional committees why it was not included in the strategy.

    Agency: Department of State
    Status: Open

    Comments: In a letter dated December 23, 2014, the Department of State (State) noted that the elements identified in the GAO report as not being adequately addressed by State were matters where the consensus of the intelligence community was that there was not an identifiable threat to counter. GAO's report assessed that State did not address four specific elements identified in the Countering Iran in the Western Hemisphere Act of 2012. State's December 2014 letter provided explanations for these four elements, including the availability of information on existing agency websites, briefings provided to Congress, and State's lack of finding that foreign governments showed clear threats. We continue to maintain that the strategy did not include all of the elements that the law stated should be included, and State did not demonstrate that it provided relevant congressional committees with information that would fully address these elements. In December 2015, State noted that it remains in close contact with the relevant congressional committees across a range of security, economic and political with regard to the Western Hemisphere on a regular and continuing basis. State further noted that it provided an oral briefing along with its original submission of the report to Congress and answered questions posed by Congress. State officials said that they stand ready to provide further information in the appropriate setting should it be requested. However, State did not provide GAO with information about whether it had provided information to Congress specifically for the elements identified in the Countering Iran in the Western Hemisphere Act of 2012 that were not fully addressed in the strategy, nor provide additional information about whether State explained to the congressional committees why any absence of such information was not included in the strategy. Furthermore, GAO learned from the House Foreign Affairs Committee staff that State and the Office of the Director for National Intelligence provided a briefing to the committee regarding Iranian activities in Latin America on February 25, 2016. As of August 2016, GAO did not receive any documents related to the briefings because, according to State, the talking points document was considered deliberative and therefore could not be shared. According to State officials, they continue to monitor the issue and brief Congress as appropriate. As of June 2017, State noted that its position regarding this recommendation and the deliberative nature of the talking points document remains unchanged.
    Director: Kay E. Brown
    Phone: (202) 512-7215

    2 open recommendations
    Recommendation: The Secretary of Agriculture should direct the Administrator of FNS to establish additional guidance to help states analyze SNAP transaction data to better identify SNAP recipient households receiving replacement cards that are potentially engaging in trafficking, and assess whether the use of replacement card benefit periods may better focus this analysis on high-risk households potentially engaged in trafficking.

    Agency: Department of Agriculture
    Status: Open

    Comments: FNS officials reported that, in September 2013, they awarded a contract to provide expert business consultation and technical assistance in the area of recipient fraud prevention and detection to 7 states. The purpose of the contract was to improve how effectively recipients suspected of trafficking SNAP benefits were identified and investigated, including the use of predictive analytics involving transaction and replacement card data to uncover potential recipient trafficking. As of August 2017, FNS officials reported that they have completed studies in 10 states, helping the states build predictive analytics models that incorporate use of replacement card data to better identify SNAP recipient trafficking. FNS officials report that the models have demonstrated a significant improvement in state effectiveness. FNS officials also report that, in the fourth quarter of fiscal year 2016, the agency conducted a training program for state technical staff to teach them how to build predictive models that incorporate the use of replacement card data. In addition, FNS officials report that the agency is currently developing a SNAP Fraud Framework to provide guidance to states on improving fraud prevention and detection, including the use of excessive card replacements and other data sources, as potential indicators of fraud. FNS tentatively anticipates releasing the framework by the end of calendar year 2017. GAO will monitor these efforts and await information, including related technical assistance materials and documentation, on how these activities are used to guide states' efforts to use transaction and replacement card data to better focus on high-risk households for potential investigation.
    Recommendation: The Secretary of Agriculture should direct the Administrator of FNS to reassess the effectiveness of the current guidance and tools recommended to states for monitoring e-commerce and social media websites, and use this information to enhance the effectiveness of the current guidance and tools.

    Agency: Department of Agriculture
    Status: Open

    Comments: FNS officials reported that, in 2016, the agency conducted additional analysis to evaluate states' current use of social media in their detection of SNAP trafficking and develop a proof of concept for the use of market-leading tools to assist states in more efficient monitoring. Based on the information gained through this analysis, FNS officials reported in August 2017 that a draft of the social media guidance is currently in FNS clearance and is expected to be released by the end of the calendar year. GAO will await the issuance of this guidance.
    Director: Brown, Kay E
    Phone: (202) 512-7215

    2 open recommendations
    Recommendation: In order to help inform federal, state, and local initiatives to prevent and respond to child sexual abuse by school personnel, the Secretary of Education should lead an effort, in collaboration with the Secretary of HHS and the Attorney General, to leverage resources, expertise, and capacities across the departments to determine the most cost-effective way to disseminate federal information so that relevant state and local educational agencies, child welfare agencies, and criminal justice entities are aware of and have access to it.

    Agency: Department of Education
    Status: Open

    Comments: In May 2016, the Department of Education reported that on November 16, 2015, the Office of Safe and Healthy Students within the Office of Elementary and Secondary Education convened a meeting with federal partners to explore ways in which the agencies can better support states and to devise dissemination strategies for sharing information and providing technical assistance in the most cost- effective ways to state and local educational agencies and child welfare agencies, and ensure that resources are accessible to the various stakeholders. It noted several next steps including creating and implementing a Federal dissemination plan for the new adult sexual misconduct guidance, repository of federal resources, and for information on all state-level mandates and policies addressing adult sexual misconduct in schools. GAO will consider this recommendation closed when the department provides timelines for the completion of these activities and documentation of their completion.
    Recommendation: In order to help inform federal, state, and local initiatives to prevent and respond to child sexual abuse by school personnel, the Secretary of Education should lead an effort, in collaboration with the Secretary of HHS and the Attorney General, to leverage resources, expertise, and capacities across the departments to identify mechanisms to better track and analyze the prevalence of child sexual abuse by school personnel through existing federal data collection systems, such as the School Survey on Crime and Safety, the National Child Abuse and Neglect Data System, and the National Crime Victimization Survey.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education reported that experts within the National Center for Education Statistics (NCES) consulted with research partners in the Department of Justice and academic research experts to determine if an effective item or item set about this important issue could be derived. After review of extant sources and consultation with item development experts, a clear question that would result in meaningful information from school administrator respondents could not be developed. They also noted that they understand there is continuing interest on this issue and will continue studying item possibilities for the next School Survey on Crime and Safety (SSOCS) provided the collection is funded. As of May 2016, NCES does not have funds to field SSOCS after 2016, but there is a request in the 2016 budget to support a 2018 collection. GAO will consider this recommendation closed when the department has taken the above mentioned action to continue studying item possibilities for the next SSOCS if the collection is funded.
    Director: Woods, William T
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To make guidance for contract consolidation consistent with current law, the Secretary of Defense and the Administrator of General Services should act expeditiously to update or establish agency guidance for consolidated contracts after the Small Business Administration rulemaking is completed.

    Agency: Department of Defense
    Status: Open

    Comments: In commenting on the report, DOD concurred with the recommendation and said it plans to update its acquisition regulation for consolidated contracts after the Small Business Administration (SBA) rule is finalized and changes to the Federal Acquisition Regulation (FAR) are complete. The SBA's final rule was issued in October 2013. This change was incorporated in the FAR in September 2016. As of August 2017, DOD had not provided an update on actions taken to update the defense acquisition regulation.
    Director: Cackley, Alicia P
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: Congress should consider strengthening the current consumer privacy framework to reflect the effects of changes in technology and the marketplace--particularly in relation to consumer data used for marketing purposes--while also ensuring that any limitations on data collection and sharing do not unduly inhibit the economic and other benefits to industry and consumers that data sharing can accord. Among the issues that should be considered are: (1) the adequacy of consumers' ability to access, correct, and control their personal information in circumstances beyond those currently accorded under FCRA; (2) whether there should be additional controls on the types of personal or sensitive information that may or may not be collected and shared; (3) changes needed, if any, in the permitted sources and methods for data collection; and (4) privacy controls related to new technologies, such as web tracking and mobile devices.

    Agency: Congress
    Status: Open

    Comments: As of April 2017, Congress has not taken action on this matter.
    Director: King, Kathleen M
    Phone: (202) 512-7114

    4 open recommendations
    Recommendation: In order to ensure an equitable allocation of CHS program funds, the Congress should consider requiring IHS to develop and use a new method to allocate all CHS program funds to account for variations across areas that would replace the existing base funding, annual adjustment, and program increase methodologies, notwithstanding any restrictions currently in federal law.

    Agency: Congress
    Status: Open

    Comments: As of January 2017, Congress has not acted on this recommendation. We will update the status of this recommendation if Congress takes action.
    Recommendation: To make IHS's allocation of CHS program funds more equitable, the Secretary of Health and Human Services should direct the Director of the Indian Health Service to require IHS to use actual counts of CHS users, rather than all IHS users, in any formula for allocating CHS funds that relies on the number of active users.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: As of January 2017, we are awaiting an update from HHS on the status of this recommendation. We will update the status of this recommendation when we receive additional information.
    Recommendation: To make IHS's allocation of CHS program funds more equitable, the Secretary of Health and Human Services should direct the Director of the Indian Health Service to require IHS to use variations in levels of available hospital services, rather than just the existence of a qualifying hospital, in any formula for allocating CHS funds that contains a hospital access component.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: As of January 2017, we are awaiting an update from HHS on the status of this recommendation. We will update the status of this recommendation when we receive additional information.
    Recommendation: To make IHS's allocation of CHS program funds more equitable, the Secretary of Health and Human Services should direct the Director of the Indian Health Service to develop written policies and procedures to require area offices to notify IHS when changes are made to the allocations of funds to CHS programs.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: As of January 2017, we are awaiting an update from HHS on the status of this recommendation. We will update the status of this recommendation when we receive additional information.
    Director: Clark, Cheryl E
    Phone: (202)512-9521

    1 open recommendations
    Recommendation: The Commissioner of IRS should direct the appropriate IRS officials to, once IRS identifies the control weaknesses that result in inaccuracies or errors that affect the financial reporting of unpaid tax assessments, implement control procedures to routinely prevent, or to detect and correct, such errors.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS created a long-term corrective action plan that contains specific actions to improve control procedures to prevent or detect errors. While IRS completed some actions during fiscal year 2016, it has not completed most of the actions in the plan or documented milestones or target completion dates for these remaining actions. In addition, during fiscal year 2016, GAO and IRS continued to identify misclassified unpaid assessments that resulted from inaccuracies or errors in taxpayer accounts. Thus, IRS's actions to date have not been effective at fully addressing the issues that continue to cause a lack of transaction traceability and material inaccuracies produced by the subsidiary ledger. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.