Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Information resources management"

    34 publications with a total of 143 open recommendations including 10 priority recommendations
    Director: Zina D. Merritt
    Phone: (202) 512-5257

    6 open recommendations
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the Defense Contract Management Agency (DCMA) and the military departments, should assess whether risk mitigation actions have been identified in the event of a loss of each task critical assets (TCA) facility in the defense industrial base and, based on this assessment, develop risk mitigation actions with associated implementation plans and time lines, and provide this information to congressional and DOD decision makers. (Recommendation 1)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should provide congressional and DOD decision makers with information on potential effects on defense capabilities in the event of a loss of each TCA facility in the defense industrial base. (Recommendation 2)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should provide congressional and DOD decision makers with information on DOD organic facilities that have been identified as TCAs, similar to the information provided previously on commercial facilities. This information also should include (1) the potential effects on defense capabilities in the event of a loss of the facility and (2) risk mitigation actions and associated implementation plans with time lines. (Recommendation 3)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should take steps to share information on risks identified through the annual Critical Asset Identification Process with relevant program managers or other designated service or program officials. At a minimum, relevant officials should receive information on the most critical facilities (such as TCAs) that produce parts supporting their programs. This information-sharing could occur through service-specific channels of communication or another method of internal communication deemed appropriate by DOD. (Recommendation 4)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the military departments, should develop a mechanism to ensure that program offices obtain information from contractors on single source of supply risks. (Recommendation 5)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the military departments, should issue department-wide DMSMS policy, such as an instruction, that clearly defines requirements of DMSMS management and details responsibilities and procedures to be followed by program offices to implement the policy. (Recommendation 6)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    4 open recommendations
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to identify performance metrics and associated targets for the goals and objectives in the department's IT strategic plans, including the Information Resources Management strategic plan and the Health Information Strategic Plan, as they relate to the delivery of health IT and the VHA mission.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation and described planned coordination with the Office of Information and Technology and the Veterans Health Administration to develop or revise and maintain performance metrics that support the strategic and health information technology goals and objectives. The department plans to revise performance metrics to align to new goals and objectives by June 2018.
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to ensure that the department-level investment review structure is implemented as planned and that guidance on the IT governance process is documented and identifies criteria for selecting new investments, and reselecting investments currently operational at VHA.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation and provided meeting minutes for its Portfolio Investment Management Board and a document describing the proposed alignment and interdependencies between the 11 governance boards. We will continue to monitor the implementation of the proposed relationships and review any additional guidance issued that further describes the process used by the governance boards for selecting and reselecting information technology investments.
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to identify additional performance metrics to align with VHA's core business functions, and then use these metrics to determine the extent to which the department's IT systems support performance of VHA's mission.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation. In addition, the department outlined steps it intends to take to address our recommendation. These steps include developing a set of core metrics to provide continuous input into investment portfolio decisions and establishing a methodology for ensuring that information technology investments are aligned to business needs and that expected outcomes are defined prior to making the investments. The department plans to complete this work by September 2018. We will continue to monitor VA's progress on these efforts.
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to ensure that unmet IT needs identified by key program areas--pharmacy benefits management, scheduling, and community care--are addressed appropriately and that related business functions are supported by IT systems to the extent required.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation. The department has described its intention to ensure that unmet information technology needs for the pharmacy benefits management, scheduling, and community care program areas are addressed appropriately during fiscal year 2018 budget formulation. We will follow-up with VA to ascertain what needs have been addressed, closed, or reprioritized for each program office during fiscal year 2018.
    Director: Nick Marinos
    Phone: (202) 512-9342

    1 open recommendations
    Recommendation: To help improve the corporation's implementation of its information security program, the Chairman of FDIC should direct the Chief Information Officer to update the procedure for granting access to the key financial application, to include responsibilities and steps for ensuring that the access privileges granted have been approved by the users' supervisor.

    Agency: Federal Deposit Insurance Corporation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Clark, Cheryl E
    Phone: (202)512-9377

    10 open recommendations
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to develop and implement a process to reasonably assure that IRS operating divisions and the information technology (IT) organization effectively coordinate with the Chief Financial Officer (CFO) organization when making programming changes to information systems affecting financial reporting.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by December 2017, the Information Technology (IT) organization, in collaboration with the Chief Financial Officer (CFO) organization, will develop and implement a process to reasonably assure that IRS operating divisions and the IT organization effectively coordinate with the CFO organization when making programming changes to information systems affecting financial reporting. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to research and determine the reason the IT organization did not follow IRS policy to thoroughly test programming changes related to the automation of specific penalty abatement procedures to reasonably assure that they worked as intended before implementation. Based on this determination, the IRS Commissioner should direct the appropriate IRS officials to establish a process to better ensure compliance with existing policies for testing programming changes, including the use and review of the Applications Development transmittal checklist when developing program changes and retention of test results.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by June 2018, the IT organization will research IRS policies and practices for testing programming changes to determine what modifications may be needed to reasonably assure programming changes work as intended before implementation. Based on this research, the IT organization will update the affected policies and implement any related process changes, as needed. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to strengthen the process for reasonably assuring that the Internal Revenue Manual (IRM) is reviewed annually to align with the current control procedures and guidance being implemented by agency personnel. This should include a mechanism for reasonably assuring that program owner directors (1) review their respective program control activities and related guidance annually and timely update the IRM as needed, (2) document their reviews, and (3) utilize interim guidance and supplemental guidance correctly for their intended purposes.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by March 2018, the Research, Applied Analytics and Statistics organization will strengthen the process to reasonably assure that all IRMs are reviewed annually to align with the current control procedures and guidance being implemented by IRS personnel. This will include a mechanism to reasonably assure that program owner directors (1) review their respective program control activities and related guidance annually, and update the IRM timely, if needed; (2) document their reviews; and (3) use interim guidance and supplemental guidance correctly for their intended purposes. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to ensure that the respective Agency-Wide Shared Services IRM and supplemental guidance related to the frequency of performing (1) emergency/alarm contact-list validation, (2) duress alarm inventory validation, and (3) federal security risk assessments are consistent.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation and considers it closed. IRS stated that in February 2017, the Agency-Wide Shared Services (AWSS) organization updated SOP-17-0002, Alarm Notification, Testing and Maintenance, to synchronize the frequency of performing (1) emergency/alarm contact-list validation; (2) duress alarm inventory validation; and (3) federal security risk assessments, with revised IRM 10.2.14.9, Methods of Providing Protection, Detection Equipment, and IRM 10.2.11.2.5 (3), Facility Security Risk Management. We will assess IRS's actions during our fiscal year 2017 financial statement audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to update the respective (1) Privacy, Governmental Liaison and Disclosure and (2) CFO IRM sections related to the definition of the tax gap to align with the current understanding followed by IRS personnel.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that in April 2017, the CFO organization updated IRM 1.34.1.2 (124) Revenue Accounting, Definitions and Acronyms, to align the tax gap definition with the current understanding followed by IRS personnel. Further, by February 2018, the Privacy, Governmental Liaison and Disclosure organization will remove the tax gap definition from IRM 11.4.1.3.1.2, Tax Gap Initiatives. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to revise the applicable IRM sections pertaining to manual refunds to require employees to verify the validity of the digital signatures on the manual refund request forms and the manual refund signature authorization forms.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by March 2018, the Wage and Investment (W&I) organization will revise the applicable IRM manual refund sections to require that employees validate the digital signatures on the manual refund request forms and the manual refund signature authorization forms. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to revise system access rights in Human Resources (HR) Connect to prevent HR assistants within the Employment Operations office from approving and releasing pay-related personnel actions to the National Finance Center (NFC).

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation and considers it closed. IRS stated that in February 2017, the Human Capital Office (HCO) revised system access rights in HR Connect to prevent the Employment Operations Office HR assistants from approving and releasing pay-related personnel actions to the National Finance Center (NFC). We will assess IRS's actions during our fiscal year 2017 financial statement audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to revise the HR Connect HR User Profiles Desk Guide to clearly indicate that HR assistants within the Employment Operations office should not be granted access to approve and release pay-related personnel actions to NFC.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation and considers it closed. IRS stated that in February 2017, HCO revised the HR Connect HR User Profiles Desk Guide to clearly indicate that the Employment Operations Office HR assistants should not be granted access to approve and release pay-related personnel actions to NFC. We will assess IRS's actions during our fiscal year 2017 financial statement audit.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to establish and implement procedures to periodically review the process for determining the intragovernmental costs and costs with the public for each major program reported in the notes to the financial statements to provide reasonable assurance that these amounts are reliable and fairly presented.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by February 2018, the CFO organization will establish and implement procedures to review periodically the process for determining intragovernmental and public costs for each major program reported in the notes to the financial statements, providing reasonable assurance that these amounts are reliable and presented fairly. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Recommendation: The IRS Commissioner should direct the appropriate IRS officials to provide clear guidelines as to what events constitute removal from IRS premises and the disposal date that should be recorded in its inventory system, either through an update of the IRM or other property and equipment-related desk guides.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with this recommendation. IRS stated that by December 2017, the AWSS organization will provide clear guidelines on events that constitute removal of trackable property and equipment assets from IRS premises, and the disposal date that should be recorded in its inventory system, either by updating the IRM or the property and equipment-related desk guides. We will follow-up during our audit of IRS's FY 2017 financial statements to determine the status of this recommendation.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: To promote transparency in the development and management of data standards for reporting federal spending, the Director of the Office of Management and Budget should ensure that the Data Standards Committee makes information about the topics of the committee's proceedings and any resulting outcomes available to the public.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: James McTigue
    Phone: (202) 512-9110

    5 open recommendations
    Recommendation: To ensure that Field Collection program case selection processes support IRS's and the Collection program's mission, including applying tax laws with integrity and fairness to all, the Commissioner of Internal Revenue should develop, document, and communicate Field Collection program and case selection objectives, including the role of fairness, in clear and measurable terms sufficient for use in internal control.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with the recommendation and described actions it will take to address it, to include that the Small Business/Self-Employed Division (SB/SE) will develop fiscal year 2017 program objectives that align with the mission of SB/SE and that the Collection program will develop and document specific Field Collection and case selection activities that will support SB/SE objectives. However, it is not clear how these efforts will be fully responsive our recommendation to establish Field Collection (not division-level) program and case selection objectives sufficient for use in internal control. IRS said it planned to complete actions on this recommendation by July 2017. We will update the status of IRS's implementation of the recommendation after we complete review of any documents IRS provides on actions taken.
    Recommendation: To ensure that Field Collection program case selection processes support IRS's and the Collection program's mission, including applying tax laws with integrity and fairness to all, the Commissioner of Internal Revenue should develop, document, and implement performance measures clearly linked to the Field Collection program and case selection objectives.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with the recommendation and outlined planned actions to address it. However, since it is not clear that IRS's planned actions to implement our first recommendation will result in Field Collection program and case selection objectives sufficient for internal control purposes, IRS's ability to address the related recommendation to establish performance measures may be limited. IRS said it planned to complete actions on this recommendation by August 2017. We will update the status of IRS's implementation of the recommendation after we complete review of any documents IRS provides on actions taken.
    Recommendation: To ensure that Field Collection program case selection processes support IRS's and the Collection program's mission, including applying tax laws with integrity and fairness to all, the Commissioner of Internal Revenue should incorporate program and case selection objectives into existing risk management systems or use other approaches to identify and analyze potential risks to achieving those objectives so that Field Collection can establish risk tolerances and appropriate control procedures to address risks.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with the recommendation and outlined planned actions to address it. However, since it is not clear that IRS's planned actions to implement our first recommendation will result in Field Collection program and case selection objectives sufficient for internal control purposes, IRS's ability to address the related recommendation to assess program risks may be limited. IRS said it planned to complete actions on this recommendation by July 2017. We will update the status of IRS's implementation of the recommendation after we complete review of any documents IRS provides on actions taken.
    Recommendation: To ensure that Field Collection program case selection processes support IRS's and the Collection program's mission, including applying tax laws with integrity and fairness to all, the Commissioner of Internal Revenue should develop, document, and communicate control procedures guidance for group managers to exercise professional judgment in the Field Collection program case selection process to achieve fairness and other program and collection case selection objectives.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with the recommendation and described actions it will take to address it, to include review of current procedures and guidance and making changes, if necessary. IRS said it planned to complete actions on this recommendation by July 2017. We will update the status of IRS's implementation of the recommendation after we complete review of any documents IRS provides on actions taken.
    Recommendation: To ensure that Field Collection program case selection processes support IRS's and the Collection program's mission, including applying tax laws with integrity and fairness to all, the Commissioner of Internal Revenue should develop, document, and implement procedures to periodically monitor and assess the design and operational effectiveness of both automated and manual control procedures for collection case selection to assure their continued effectiveness in achieving program objectives.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS agreed with the recommendation and outlined planned actions to address it. However, since it is not clear that IRS's planned actions to implement our first recommendation will result in Field Collection program and case selection objectives sufficient for internal control purposes, IRS's ability to address the related recommendation to monitor control procedures may be limited. IRS said it planned to complete actions on this recommendation by July 2017. We will update the status of implementation of the recommendation after we complete review of documents IRS provides on the actions taken.
    Director: Valerie Melvin
    Phone: (202) 512-6304

    2 open recommendations
    Recommendation: To provide greater transparency in the reporting of FOIA litigation costs, Congress could consider requiring Justice to provide a cost estimate for collecting and reporting information on costs incurred when defending lawsuits in which the plaintiffs prevailed.

    Agency: Congress
    Status: Open

    Comments: Congress has not yet considered if it plans to amend FOIA regarding the reporting of costs for defending lawsuits in which the plaintiffs prevailed.
    Recommendation: Congress could consider amending the act to require Justice to reflect in its Litigation and Compliance reports, changes in the award of attorneys' fees and costs resulting from the appeals process and settlement agreements between agencies and plaintiffs, if deemed to be cost-effective.

    Agency: Congress
    Status: Open

    Comments: Congress has not yet considered if it plans to amend FOIA to require Justice to make changes to its Litigation and Compliance reports.
    Director: Michelle Sager
    Phone: (202) 512-6806

    8 open recommendations
    including 1 priority recommendation
    Recommendation: The Commissioner of Internal Revenue should communicate more clearly the limitations of information not published in the IRB to taxpayers. Such action could include adding clarifying language to some pieces of information not published in the IRB, like FAQs, and amending policies and procedures, such as the Internal Revenue Manual (IRM), to clarify when IRS information should contain a statement regarding its legal authority and whether the item can be used or cited as precedent.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of May 2017, IRS has informed GAO that it has implemented the recommendation. GAO is in the process of verifying that the recommendation was successfully implemented.
    Recommendation: The Commissioner of Internal Revenue should amend current policies and procedures for drafting guidance to include factors to consider when deciding what type of guidance to issue and procedures for documenting those decisions internally.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of May 2017, IRS has informed GAO that it has implemented the recommendation. GAO is in the process of verifying that the recommendation was successfully implemented.
    Recommendation: The Commissioner of Internal Revenue should develop policies and procedures to help guidance-drafting teams assess whether non-regulatory guidance should be considered a rule for purposes of the Congressional Review Act (CRA) and in turn major, and document those assessments internally.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of May 2017, IRS has informed GAO that it has implemented the recommendation. GAO is in the process of verifying that the recommendation was successfully implemented.
    Recommendation: The Commissioner of Internal Revenue should take action to ensure that required steps are consistently documented during key phases of the non-regulatory guidance process, as defined in the Chief Counsel Directives Manual.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of May 2017, IRS has informed GAO that it has implemented the recommendation. GAO is in the process of verifying that the recommendation was successfully implemented.
    Recommendation: The Director of the Office of Management and Budget and the Secretary of the Treasury should examine the relevance of the long-standing agreement that exempts certain IRS regulations from executive order requirements and Office of Information and Regulatory Affairs (OIRA) oversight; and if relevant, make publicly available any reaffirmation of the agreement and the reasons for it.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: Treasury agreed with this recommendation. As of March 2017, Treasury stated that it has been reviewing IRS regulations in light of GAO's recommendations. Treasury also stated that Treasury and OMB have been assessing and discussing the relevance of the long-standing agreement that exempts certain IRS regulations from executive order requirements, but are waiting for key new appointees, including the OIRA administrator, to formalize the discussions.
    Recommendation: The Director of the Office of Management and Budget and the Secretary of the Treasury should examine the relevance of the long-standing agreement that exempts certain IRS regulations from executive order requirements and Office of Information and Regulatory Affairs (OIRA) oversight; and if relevant, make publicly available any reaffirmation of the agreement and the reasons for it.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: As of May 2017, OMB has not responded to GAO's request for information about any actions taken to implement this recommendation.
    Recommendation: The Director of Office of Management and Budget and the Secretary of the Treasury should develop a process to ensure that OIRA has the information necessary to determine whether IRS rules are major under CRA and significant under E.O.12866. Consideration should be given on ways to solicit public comments on the potential effects of proposed regulations and non-regulatory guidance, including measures of economic impacts, and on how to document internally the consideration of significant comments by both IRS and OIRA.

    Agency: Department of the Treasury
    Status: Open

    Comments: Treasury agreed with this recommendation. As of March 2017, Treasury stated that it has been reviewing IRS regulations in light of GAO's recommendations. Treasury also stated that Treasury and OMB have been assessing and discussing the relevance of the long-standing agreement that exempts certain IRS regulations from executive order requirements, but are waiting for key new appointees, including the OIRA administrator, to formalize the discussions.
    Recommendation: The Director of Office of Management and Budget and the Secretary of the Treasury should develop a process to ensure that OIRA has the information necessary to determine whether IRS rules are major under CRA and significant under E.O.12866. Consideration should be given on ways to solicit public comments on the potential effects of proposed regulations and non-regulatory guidance, including measures of economic impacts, and on how to document internally the consideration of significant comments by both IRS and OIRA.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: As of May 2017, OMB has not responded to GAO's request for information about any actions taken to implement this recommendation.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    3 open recommendations
    Recommendation: The Director of the Office of Management and Budget, in consultation with the Performance Improvement Council and General Services Administration, should ensure the information presented on Performance.gov consistently complies with GPRAMA public reporting requirements for the website's content.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2017, Office of Management and Budget (OMB) staff informed us that they will be partnering with a vendor to redesign Performance.gov, and that they plan to launch the new site in February 2018, concurrent with the President's Budget for fiscal year 2019. OMB staff also told us they will ensure that the redesigned site includes content that meets public reporting requirements, and anticipate releasing updated agency reporting guidance in the fall of 2017 to help ensure agencies are prepared to report required data. We will continue to monitor the status of actions to address this recommendation.
    Recommendation: The Director of the Office of Management and Budget, in consultation with the Performance Improvement Council and General Services Administration, should analyze and, where appropriate, implement usability test results to improve Performance.gov.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2017, Office of Management and Budget (OMB) staff informed us that they will be partnering with a vendor to redesign Performance.gov, and that they plan to launch the new site in February 2018, concurrent with the President's Budget for fiscal year 2019. According to OMB staff, results from previous usability tests of the website will be used to inform the redesign of the site to make it more user-friendly and accessible. We will continue to monitor the status of actions to address this recommendation.
    Recommendation: The Director of the Office of Management and Budget, in consultation with the Performance Improvement Council and General Services Administration, should develop a strategic plan for the future of Performance.gov. Among other things, this plan should include: (A) the goals, objectives, and resources needed to consistently meet Digitalgov.gov and GPRAMA requirements; (B) a customer outreach plan that considers how (1) OMB informs users of changes in Performance.gov, (2) OMB uses social media as a method of communication, and (3) users access Performance.gov so that OMB could, as appropriate, deploy mobile applications to communicate effectively; and (C) a strategy to manage and archive the content and data on Performance.gov in accordance with National Archives and Records Administration guidance.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2017, Office of Management and Budget (OMB) staff informed us that they will be partnering with a vendor to redesign Performance.gov, and that they plan to launch the new site in February 2018, concurrent with the President's Budget for fiscal year 2019. OMB and PIC staff stated that the vendor will help them develop a strategic plan for Performance.gov. According to OMB staff, once selected, the new vendor will also be charged with developing a stakeholder outreach plan that will encompass diverse groups including Congress, federal agency managers and staff, and other interested groups. We will continue to monitor the status of actions to address this recommendation.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    8 open recommendations
    Recommendation: To assist VA in sustaining an IT workforce with the necessary knowledge, skills, and abilities to execute its mission and goals, the Secretary of Veterans Affairs should direct the Chief Information Officer to track and review OI&T historical workforce data and projections related to leadership retirements.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that OI&T's Human Capital Management Office (HCM) had completed a succession planning project that encompassed all senior leadership and included data review and risk assessment for each position. VA also stated that OI&T tracks the gains and losses associated with its leadership positions and provided this information for fiscal year 2016. However, the department has not provided documentation that supports the assertion that historical and projected OI&T leadership retirement data was presented and discussed as part of the succession planning project and did not provide data on projected retirements for OI&T's leadership positions. Additionally, the department stated that OI&T HCM has the ability to project retirement eligibility but has not provided documentation to support this assertion. It is important that VA tracks and reviews its OI&T historical workforce data and forecasts its leadership retirements to avoid being unprepared to effectively respond to vacancies in key leadership positions.
    Recommendation: To assist VA in sustaining an IT workforce with the necessary knowledge, skills, and abilities to execute its mission and goals, the Secretary of Veterans Affairs should direct the Chief Information Officer to identify IT skills needed beyond the current fiscal year to assist in identifying future skills gaps.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that Information Technology Workforce Development (ITWD) will produce reports that identify skill gaps and will contain long-term recommendations that show the types of IT skills each organization needs to increase and which proficiency level targets need the most emphasis. As of July 2017, VA stated that ITWD reviewed, and updated where needed, the fiscal year 2017 competencies within each OI&T competency model role in order to align the models to the OI&T Transformation initiative. According to the department, the resulting updates support learning solutions that sustain and accelerate OI&T's transformation. Additionally, VA stated that 85 percent of OI&T staff completed a validated competency self-assessment and provided the OI&T fiscal year 2017 Training Gap Analysis Report which shows the strengths and gaps of OI&T by organization, trends between fiscal years 2016 and 2017, findings, next steps, and recommended actions for the next fiscal year. The department also stated that ITWD held meetings to review skill gap and learning solution reports. VA provided these reports and they present the top gaps and strengths, key findings, and next steps to address the skill gaps. While the department has taken these actions, its OI&T Training Gap Analysis Report does not identify IT skills needed beyond fiscal year 2017.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to project planning, to include (1) estimating the level of effort that will need to be expended for work products and tasks, and (2) making adjustments to the project plan to reconcile differences between estimated and available resources.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and stated that OI&T is documenting changes to processes related to project planning as it transitions from PMAS to the Veteran-Focused Integration Process (VIP). According to VA, the VIP processes will lead to better requirements elaboration and prioritization, increasing significantly the accuracy of estimates related to level of effort. Additionally, the department stated that by using short Agile sprints, the project team will be able adjust the project plan frequently to reconcile differences between estimated and available resources. As of July 2017, VA stated that all projects have transitioned to the VIP, which ensures they are incorporating the Agile methodology into the project lifecycle. According to the department, the latest version of its VIP Guide incorporates the use of daily scrum and weekly scrum of scrum meetings that can be used to frequently adjust the project plan to reconcile differences between estimated and available resources. VA stated that the project planning processes will continue to evolve beyond July and expects to complete its actions in response to this recommendation by the end of fiscal year 2017.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to requirements management, to include identifying changes to be made to plans and work products as a result of requirements baseline changes.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that OI&T is revising its documentation related to requirements management as part of the transition to the Veteran-Focused Integration Process (VIP). According to VA, requirements will be tracked using the IBM Rational Tools Suite, which will be able to provide a snapshot of the original baseline and all captured changes in the form of an audit trail that captures the history of requirement changes. As of July 2017, the department stated that all projects have transitioned to the VIP and requirements baselines and subsequent changes are tracked in the Rational Tools Suite. VA also reported that efforts in fiscal year 2017 to consolidate all mandatory architectural, design, and process methodologies into a single library of requirements were successful, which resulted in combining the full body of requirements. Additionally according to the department, versioning of the requirements will allow the office to trace specific versions of individual requirements and their evolution by time period and project inheritance. VA stated that it expects to complete its actions in response to this recommendation by the end of fiscal year 2017.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to risk management, to include (1) determining costs and benefits of implementing the risk mitigation plan for each risk and (2) collecting performance measures on risk handling activities.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that the IBM Rational Tools Suite will be used to manage risks and issues. According to VA, the tools suite will allow requirements to be linked to risks, which will provide traceability; teams will be able to track and report steps taken to mitigate risks; and an audit trail will show the history of changes made to each risk. The department also reported that the Office of Privacy and Risk will establish risk mitigation strategies for OI&T. As of July 2017, VA stated that risks data capture has been developed as a standardized process and that data on project and program risks in the Rational Tools Suite is aggregated and prepared for use to verify aggressive management, and will be included in enterprise reporting. The department stated that work is underway with the Performance Management Office and that OI&T expects to complete its actions in response to this recommendation by the end of fiscal year 2017.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to project monitoring and control, to include the 10 best practices that were missing from the guidance.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that implementation of the Veteran-Focused Integration Process (VIP) and Agile processes within OI&T will address eight of the ten best practices related to project monitoring and control that were missing from its guidance. In regard to monitoring the knowledge and skills of project staff, OI&T's IT Workforce Development (ITWD) group collects and analyzes competency assessment data, which is used in requirements gathering meetings with OI&T leaders. According to VA, during these meetings organizational needs and next steps are discussed in detail. Additionally, the department's latest version of its VIP Guide states that the product team should be cross-functional and include all skills needed to deliver a product. Further, the department reported that data management activities, issues, and impacts will be managed using VIP, Agile, and IBM Rational Tools Suite. According to its VIP Guide, OI&T expects that all products follow the Agile product management process and use the Rational Tools Suite to manage scheduled product sprints and backlog, product requirements, risks and issues, and product planning and engineering documentation, among others. Also, VA stated that Agile methodologies will require stakeholders to be involved in the daily scrum meetings, user acceptance testing, and acceptance of deliverables, which will address stakeholders being involved regularly and documenting the results of stakeholder involvement status reviews. According to the VIP Guide, the Agile development methodologies require development teams to meet often with stakeholders to ensure transparency and foster a collaborative work environment. Additionally, the department stated that critical decision events are using Rational based data assessments to report on level of satisfaction of project controls and process compliance requirements. Further, according to the VIP Guide, the Product Owner will have a key role in the decision-making process during the development of the product and will be able to regularly express concerns and/or approvals to best meet user satisfaction. The department stated that critical decision events are being held at the portfolio level, and action items from these events are being tracked. VA provided meeting minutes from critical decision events that were held in October and December 2016. The December 2016 meeting minutes identified action items and the status of those items. Although VA has taken actions to address the majority of best practices related to project monitoring and control, the department's new VIP process does not include two practices that call for (1) tracking expended effort and (2) monitoring the utilization of staff and resources. Until OI&T's documented processes for project monitoring and control fully reflect best practices, the office is at risk that its projects will not achieve expected results.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to process and product quality assurance, to include (1) documenting a description of the quality assurance reporting chain and defining how objectivity will be ensured, and (2) periodically reviewing open noncompliance issues and trends with management that is designated to receive and act on them.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that the implementation of the Veteran-Focused Integration Process (VIP), Agile processes, and the Rational Toolset within OI&T will address process and product quality assurance. According to VA, as a part of VIP, the Product Owner is engaged from intake through project completion, which will ensure that the quality of the product is maintained throughout the life cycle. Additionally the department reported that the process of periodically reviewing open non-compliance issues and trends with management that is designated to receive and act on them will be accomplished through CIOStat meetings held with OI&T senior leadership. VA also reported that the Rational Quality Manager tool is used to automate routine testing activities to identify non-compliance issues and trends. As of July 2017, the department stated that the Product Owner is beginning to have a stronger role on the project team, which enables them to assist in all types of issues, including quality assurance. VA also stated that Release Agents develop and distribute Release Readiness Reports, which provide a status of all release requirements and of traceability among requirements, deliverables, and test results. VA expects to complete its actions in response to this recommendation by the end of fiscal year 2017.
    Recommendation: To assist VA in establishing comprehensive and documented processes that reflect system development and acquisition best practices, the Secretary of Veterans Affairs should direct the Chief Information Officer to revise OI&T's documented processes related to project scheduling, to include the 9 best practices that were missing from the guidance and revise the documented processes where the guidance was contrary to best practices.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and reported that the implementation of VIP and Agile processes within OI&T will address five of the nine best practices related to project scheduling that are missing from its guidance. According to VA, business and compliance requirements will be captured during the planning phase and maintained in the IBM Rational Tools Suite to manage scheduled project/product builds and backlog which will allow the project to more accurately maintain the schedule baseline, capture all schedule changes, and provides an audit trail of all the changes. Additionally, the department reported that the IBM Rational Tools Suite connects requirements, change orders, test cases, and test results in order to have full traceability in a closed loop system. VA also noted that the use of short development builds within Agile increases the probability of successful adherence to the schedule; and Agile provides the flexibility to make schedule changes using the backlog to prioritize requirements. As of July 2017, VA stated that Project Build Planning sessions capture and prioritize all backlog items with high level activities captured in the VIP Dashboard; and that each project task receives an estimated duration. The department also stated that the project team commits to a high level scope for each build and then the scope is solidified and committed to in detail at each Sprint Plan. According to VA, at the end of each sprint the Product Owner accepts or rejects the product of what was committed to at Sprint Planning. The department also stated that there is a high-level commitment at the Critical Decision 1 meeting; that each build gets committed to at a more granular level; and that sprint planning includes establishing a firm commitment for exactly what will be completed during the sprint. The department further stated that part of the Agile process being used by OI&T removes rigid, mandatory constraints as long as project teams follow compliance epics. Additionally, the department reported that because of the use of Agile methodology, if a task is critical today, the project team can reprioritize and address the needs of the project immediately. According to VA, Agile supports both sustainment and development projects, by allowing changes to the project backlog to address high priority functionality. VA also stated that Agile allows flexibility to shift from one build to another based on priorities and to shift backlog items based on VIP Triad priorities. Additionally, according to the department, risks are managed in the Rational Tools Suite and impediments are raised and escalated during daily scrums and scrum of scrum calls. The VIP Guide indicates that product teams are required to make timely updates to the VIP Dashboard regarding schedule and that the Rational Tools Suite will be used to manage and administer source control and baselines; manage risks and issues; and manage scheduled product sprints and backlogs. However, the VIP Guide does not include practices to (1) document that each project task should receive a duration estimate; (2)require that the project schedule be traceable horizontally and vertically; (3) sequence all activities; and (4) confirm that the critical path is valid. Until OI&T's documented processes for developing schedules fully reflect best practices, the office is at risk that schedules created for its projects will not be reliable.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    9 open recommendations
    Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD Chief Information Officer (CIO), and other entities, as appropriate, to develop a detailed JIE scope statement that is verified by stakeholders and approved by the Executive Committee.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, the Department of Defense had made progress in implementing the recommendation. Specifically, the department developed a draft Joint Information Environment (JIE) scope statement that can provide the context and framework for reporting, tracking, and controlling JIE activities. According to written comments on the status of the recommendation provided by the department in July 2017, this scope statement will be presented to the JIE Executive Committee in August 2017 for approval. We will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to establish a plan for managing, documenting, and communicating scope.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, the Department of Defense had made progress in implementing the recommendation. Specifically, the department developed a draft JIE scope statement, which documents the scope of JIE and describes how updates to its scope will be periodically reviewed and approved. According to written comments on the status of the recommendation provided by the department in July 2017, the draft will be presented to the JIE Executive Committee in August 2017 for approval. We will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a reliable JIE cost estimate and baseline, consistent with the best practices described in this report.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, the Department of Defense had not implemented the recommendation. According to written comments on the status of the recommendation provided by the department, it developed cost baselines for two components of JIE. However, it did not develop cost estimates for the other JIE components. Specifically, the JIE Executive Committee approved the cost estimate for the Joint Regional Security Stacks in April 2017. In addition, the department's comments stated that the cost baseline for the Mission Partner Environment-Information System (MPE-IS) was included in the MPE-IS Business Case Analysis and presented to the department's Office of Cost Assessment and Program Evaluation in July 2016. We are in the process of reviewing the cost estimates for these components. The department further stated that as solutions for other JIE efforts are established, their cost baselines will be added as appropriate.
    Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a JIE schedule management plan and reliable schedule, consistent with practices described in this report.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, the department had not implemented the recommendation. We will continue to monitor the department's efforts to address this recommendation by periodically requesting and evaluating updated information.
    Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a JRSS schedule management plan and reliable JRSS schedule and schedule baseline, consistent with practices described in this report.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, the Department of Defense had not fully implemented this recommendation. In March 2017, the JIE Executive Committee approved a schedule baseline for the Non-secure Internet Protocol Router network component of JRSS. In addition, the Executive Committee memo approving this schedule baseline indicated that the Executive Committee planned to review and approve a schedule baseline for the Secure Internet Protocol Router network component of JRSS by the end of fiscal year 2017. However, the department has not demonstrated that it has a schedule management plan or that its schedule was developed consistent with the practices described in our report.
    Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to complete an assessment to determine the number of staff and the specific skills and abilities needed to effectively achieve JIE, consistent with the workforce planning practices described in this report.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, the Department of Defense had not implemented the recommendation. In its June 2016 written comments on a draft of our report, the department stated that the National Institute of Standards and Technology and the Office of Personnel Management were to publish a coding structure in response to the Federal Cybersecurity Workforce Assessment Act of 2015. DOD stated that this structure would inform steps DOD planned to take to identify the type of personnel and specific skills required to support enterprise operations and services and the government capabilities needed to effectively achieve JIE. However, as of July 2017, the department had not demonstrated that it has taken action to implement our recommendation.
    Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a strategy for conducting JIE security assessments that describes the resources needed to execute the strategy, responsible organizations, and a schedule to complete the assessments.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, the Department had not implemented the recommendation. We will continue to monitor the department's efforts to address this recommendation by periodically requesting and evaluating updated information.
    Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a strategy and schedule to transition JRSS to the Risk Management Framework, and develop the security plan required by the new framework.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, the Department of Defense had not implemented this recommendation. In January 2017, the Joint Regional Security Stacks (JRSS) program received a six-month provisional Risk Management Framework Authority to Operate. According to a July 2017 update from the department on the status of this recommendation, the JRSS program management office was in the process of requesting another six-month provisional authority to operate. However, the department has not developed a strategy and schedule to complete transition of JRSS to the Risk Management Framework or developed the security plan required by the framework.
    Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a reliable Joint Regional Security Stacks (JRSS) cost estimate and baseline, consistent with practices described in this report.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense had taken steps to address the recommendation and we are in the process of reviewing documentation the department provided in July 2017 to determine if it sufficiently addresses the recommendation. Specifically, in April 2017, the JRSS program office documented the methodology, ground rules, and assumptions, among other things, used to develop the cost estimate we reviewed in our report, and the JIE Executive Committee established the estimate as its JRSS cost baseline. We are in the process of reviewing the cost estimate documentation and will update this status after completing the review.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To enhance the monitoring of holding facilities, the Secretary of Homeland Security should direct Border Patrol and ICE to develop and implement a process to assess their time in custody data for all individuals in holding facilities, including: (1) identifying and addressing potential data quality issues; and (2) identifying cases where time in custody exceeded guidelines and assessing the factors impacting time in custody.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To strengthen the transparency of the complaints process, the Secretary of Homeland Security should direct CBP and ICE to develop and issue guidance on how and which complaint mechanisms should be communicated to individuals in custody at holding facilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate the tracking of holding facility complaints, the Secretary of Homeland Security should include a classification code in all complaint tracking systems related to DHS holding facilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide useful information for compliance monitoring, the Secretary of Homeland Security should direct CBP and ICE to develop and implement a process for analyzing trends related to holding facility complaints across their respective component.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Daniel Garcia-Diaz
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: In order to ensure sustained leadership commitment to and accountability for CFPB's efforts to promote a diverse, inclusive, and fair workplace, in coordination with representatives of CFPB's employee union, the Director should develop tools to collect more comprehensive employee feedback on the grievance complaint processes to understand and remedy factors that may reduce employee confidence in these processes.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: As of May 2017, CFPB had reached agreement with its employee union on a process to collect more comprehensive employee feedback on its grievance complaint processes, but CFPB had not yet implemented this new process. This new process will include a short survey that will be provided to employees who participate in the grievance process. A CFPB official said that CFPB will begin using this survey to collect feedback once it has determined the best point in the grievance process to distribute it.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    4 open recommendations
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to document artifacts that support recommendation closure consistent with SEC policy.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to document a comprehensive physical inventory of the systems and applications in the production environment.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to provide personnel appropriate access to continuous monitoring reports and tools to monitor, evaluate, and remedy identified weaknesses.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to institute a process and assign the necessary personnel to review information produced by the vulnerability scanning tools to monitor, evaluate, and remedy identified weaknesses.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Director: David Powner
    Phone: (202) 512-9286

    26 open recommendations
    including 1 priority recommendation
    Recommendation: To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings, the Secretaries of the Departments of the Interior, State, Transportation, and the Treasury; the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration and Small Business Administration; the Directors of the National Science Foundation and Office of Personnel Management; and the Chairman of the Nuclear Regulatory Commission should take action to address challenges in establishing, and to complete, planned data center cost savings and avoidance targets for fiscal years 2016 through 2018.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation (Transportation) agreed with our recommendation, and has taken initial steps to implement it. In April 2016, the department stated in correspondence to GAO that it's Office of the Chief Information Officer (OCIO) was actively engaging with the department's Operating Administrations and was reconciling its original cost savings and avoidance targets to develop and update a yearly calculation as part of Transportation's multi-year strategy to consolidate and optimize its data centers. The department added that periodic updates would be provided to OCIO leadership and the CIO Council, with reconciled cost savings and avoidance targets for fiscal years 2017 and 2018 expected to be updated by September 30, 2016. However, as of July 2017, Transportation has not updated its Data Center Optimization Strategic Plan to include planned cost savings and avoidances targets for fiscal years 2016 through 2018. We will continue to monitor and evaluate the department's progress in implementing this recommendation and update accordingly.
    Recommendation: To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings, the Secretaries of the Departments of the Interior, State, Transportation, and the Treasury; the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration and Small Business Administration; the Directors of the National Science Foundation and Office of Personnel Management; and the Chairman of the Nuclear Regulatory Commission should take action to address challenges in establishing, and to complete, planned data center cost savings and avoidance targets for fiscal years 2016 through 2018.

    Agency: Department of State
    Status: Open

    Comments: The Department of State agreed with our recommendation, and has taken initial steps to implement it. In June 2016, the department stated in correspondence to GAO that it was in the process of reviewing pending guidance on the Office of Management and Budget's Data Center Optimization Initiative (DCOI). The department further stated that once the DCOI guidance was issued, the department would update its targets and finalize a plan to more adequately address cost savings and avoidance targets for fiscal years 2016 through 2018. However, as of July 2017, the department has not updated its Data Center Optimization Strategic Plan to include planned cost savings and avoidances targets for fiscal years 2016 through 2018. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings, the Secretaries of the Departments of the Interior, State, Transportation, and the Treasury; the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration and Small Business Administration; the Directors of the National Science Foundation and Office of Personnel Management; and the Chairman of the Nuclear Regulatory Commission should take action to address challenges in establishing, and to complete, planned data center cost savings and avoidance targets for fiscal years 2016 through 2018.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency (EPA) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, EPA stated in correspondence to GAO that it planned to establish a single data center within each of several specific geographical areas. For each data center selected for retention, the agency stated that it planned to make upgrades to address any potential capacity or performance issues, but noted that the specific plans for each data center slated for consolidation were under development. EPA stated that the resulting total cost savings were under assessment and had not yet been determined. However, as of July 2017, EPA has not updated its Data Center Optimization Strategic plan to include planned cost and savings and avoidances targets for fiscal years 2016 through 2018. We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings, the Secretaries of the Departments of the Interior, State, Transportation, and the Treasury; the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration and Small Business Administration; the Directors of the National Science Foundation and Office of Personnel Management; and the Chairman of the Nuclear Regulatory Commission should take action to address challenges in establishing, and to complete, planned data center cost savings and avoidance targets for fiscal years 2016 through 2018.

    Agency: National Science Foundation
    Status: Open

    Comments: The National Science Foundation has not yet taken steps to implement our recommendation. As of July 2017, National Science Foundation has not updated its Data Center Optimization Strategic plan to included planned cost and savings and avoidances targets for fiscal years 2016 through 2018. We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings, the Secretaries of the Departments of the Interior, State, Transportation, and the Treasury; the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration and Small Business Administration; the Directors of the National Science Foundation and Office of Personnel Management; and the Chairman of the Nuclear Regulatory Commission should take action to address challenges in establishing, and to complete, planned data center cost savings and avoidance targets for fiscal years 2016 through 2018.

    Agency: Small Business Administration
    Status: Open

    Comments: The Small Business Administration agreed with our recommendation, but has not yet taken steps to implement it. As of July 2017, the Small Business Administration has not updated its Data Center Optimization Strategic plan to included planned cost and savings and avoidances targets for fiscal years 2016 through 2018. We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with our recommendation, and has taken initial steps to implement it. In April 2016, the department stated in correspondence to GAO that its Office of the Chief Information Officer (OCIO) developed a scorecard to track progress for each of the data center optimization areas. According the department's scorecard, the department reported meeting 3 of 10 optimization targets, but did not meet the remaining 7 targets. DHS's OCIO noted that they would update this scorecard quarterly in alignment with Federal Data Center Consolidation Initiative data collection. DHS's OCIO expected to complete implementation of this recommendation by November 30, 2016. However, as of July 2017, DHS reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not yet meet any of the five data center optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Department of Agriculture generally agreed with our recommendation, and has taken initial steps to implement it. Specifically, as of July 2017, the department reports on the Office of Management and Budget's (OMB) IT Dashboard that it meets one (server virtualization) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, the department also reports that it does not yet meet the remaining four targets (server utilization and monitoring, energy metering, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation, and has taken initial steps to implement it. In May 2016, the department stated in correspondence to GAO that it will work with its bureaus to develop and publish an annual strategic plan. The strategic plan will, among other things, describe a list of specific planned actions to improve data center optimization progress. For example, the department stated that, to increase facility utilization, the Bureau of Economic Analysis is co-locating computing resources within the Census Bureau's Bowie Computer Center. Further, Census planned to market the Bowie Computer Center as an opportunity for government-wide co-location. In addition, the department stated that the National Oceanic and Atmospheric Administration is building greater network capacity to National Weather Service forecast offices and will aim to reduce the number of local systems at forecast offices that are currently considered data centers (122 in total). However, as of July 2017, the Department of Commerce reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not yet meet any of the five data center optimization metric targets that OMB currently requires agencies to report against. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) agreed with our recommendation, and has taken initial steps to implement it. In June 2016, the department stated in correspondence to GAO that it is considering several actions to improve optimization progress in the areas that we reported as not meeting the Office of Management and Budget's (OMB) established targets. For example, DOD stated that it is moving toward on-premises and off-premises commercial cloud hosting services to enable migration of workloads to more efficient environments intended to improve the virtualization and density metrics. Further, the department stated that its Chief Information Officer is working directly with the services to reconcile the instances of multiple Installation Processing Nodes on individual bases, posts, camps, and stations. DOD also stated that all of these actions will enable the closure of additional data centers, increase efficiencies in all categories, and drive greater savings. However, as of July 2017, the Department of Defense reports on the OMB IT Dashboard that it does not yet meet any of the five data center optimization metric targets that OMB currently requires agencies to report against. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy (Energy) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, Energy stated in correspondence to GAO that it had established an enterprise-wide Data Center Working Group that is chartered to identify best practices in data center metering, optimization, consolidation and cloud migration (and to support these practices throughout the department). According to Energy, this working group is intended to serve as a focus group for communicating information related to the Federal Information Technology Acquisition Reform Act (FITARA), departmental strategy and implementation, and the Office of Management and Budget (OMB) requirements for data centers, as well as to provide summary data center performance status to all members. However, as of July 2017, Energy reports on OMB's IT Dashboard that it does not yet met any of the five data center optimization metric targets that OMB currently requires agencies to report against. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: The Department of Housing and Urban Development (HUD) agreed with our recommendation, and has taken steps to implement it. In May 2016, the department stated in correspondence to GAO that its ability to attain the Office of Management and Budget's (OMB) established target value for the three remaining optimization metrics would require the department to further consolidate data center resources and migrate from contractor-owned and operated data centers to multi-tenant, shared data centers. The department further stated that this effort would be accomplished under the HUD Enterprise and Architecture Transition initiative that was restructuring infrastructure services and was targeting data center migrations to be completed by July 2017. The department also stated that it expected to be able to provide fiscal year 2017 optimization metrics data that met or exceeded OMB's target values by February 2018. However, as of July 2017, the department states that, due to data center migration dependencies on two smaller infrastructure transition projects, the data center migration project schedule is delayed until the first quarter of fiscal year 2018. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services agreed with our recommendation, and has taken initial steps to implement it. In May 2016, the department stated in correspondence to GAO that it would work to improve the data center optimization metrics that did not meet the Office of Management and Budget's (OMB) established targets. The department further stated that it expected to have a more detailed approach available through a Data Center Strategy, which was expected before the end of fiscal year 2016 . However, as of July 2017, the department reports on OMB's IT Dashboard that it meets only one (power usage efficiency) of the five data center optimization metric targets OMB currently requires agencies to report against. The department further reports that it does not meet the remaining four targets (related to server utilization and monitoring, energy metering, server virtualization, and data center facility space). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Social Security Administration
    Status: Open

    Comments: The Social Security Administration agreed with our recommendation, and has taken initial steps to implement it. In April 2016, the agency stated in correspondence to GAO that it was in the process of transitioning to a new data center. While undergoing this transition, the agency stated that it was working to optimize its new data center and will have the capability to report on the Office of Management and Budget's optimization targets once the transition is complete. The agency expected to complete these steps by September 2016. As of July 2017, SSA reports on the Office of Management and Budget's (OMB) IT Dashboard that it meets three (energy metering, data center facility space and power usage efficiency) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, SSA reports that it does not meet the remaining two targets (related to server utilization and monitoring, and server virtualization). We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of the Interior
    Status: Open

    Comments: The Department of the Interior (Interior) agreed with our recommendation, and has taken initial steps to implement it. In April 2016, the department stated in correspondence to GAO that its Office of the Chief Information Officer (OCIO) was developing data center optimization metrics to measure bureau and office progress in meeting optimization targets. The department added that these metrics would become part of the 2016 OCIO Organizational Assessment, a scorecard used to measure bureau and office progress against predefined targets. However, as of July 2017, Interior reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not yet meet any of the five data center optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice (Justice) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, Justice stated in correspondence to GAO that it was developing plans to migrate the remaining non-core data centers to the department's three Core Enterprise Facilities (CEFs) and/or commercial cloud services by the end of fiscal year 2019. The department added that, as these migrations occur, its data center footprint and facility utilization should continue to improve and the percentage of servers and operating systems residing in the CEFs should significantly exceed federal data center consolidation targets. Justice also stated that it engaged with external representatives to perform an energy efficiency assessment at its core enterprise facility in Virginia, which resulted in significant improvements at the data center and improved the overall power usage efficiency across the department's core data centers. However, as of July 2017, Justice reported on the Office of Management and Budget's (OMB) IT Dashboard that it does not meet any of the five data optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation (Transportation) agreed with our recommendation, and has taken initial steps to implement it. In April 2016, Transportation stated in correspondence to GAO that it centralized its data center consolidation efforts in fiscal year 2015 and, in early fiscal year 2016, completed reconciliation of its actual and planned data centers closures, as well as related performance data. The department also stated that it planned to continue towards measuring and making improvements to meet the Office of Management and Budget's (OMB) data center optimization performance metric targets. Transportation noted that periodic updates provided to its Office of the Chief Information Officer leadership and the Chief Information Officer Council would identify challenges in meeting the Office of Management and Budget's optimization metric targets. However, as of July 2017, Transportation reports on OMB's IT Dashboard that it does not meet any of the five data optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor (Labor) agreed with this recommendation, and has taken initial steps to implement it. In April 2016, the department stated in correspondence to GAO that it had closed 23 percent of its data centers and, by the end of 2019, the department plans to close 61 percent of its data centers. Further, Labor stated that it has made significant progress in the development of a fully virtualized common operating environment. According to the department, these efforts are designed to improve optimization metrics performance. However, as of July 2017, the department reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not yet met any of the five data center optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury (Treasury) generally agreed with our recommendation, and has taken initial steps to implement it. However, as of July 2017, Treasury reports on the Office of Management and Budget's (OMB's) IT Dashboard that it does not met any of the five data optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Veterans Affairs
    Status: Open
    Priority recommendation

    Comments: The Department of Veterans Affairs (VA) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, the department stated in correspondence to GAO that it had not yet taken action to improve optimization progress in the areas that we reported as having weaknesses. Specifically, the department stated that the Office of Management and Budget (OMB) was in the process of changing the fiscal year 2016 through 2018 closure targets and data center optimization metrics under the Federal Information Technology Acquisition Reform Act, which it planned to complete by the end of July 2016. Upon receipt of the targets, VA stated that it needed to assess the impact on strategies already under way, which it planned to complete by mid-fiscal year 2017. As of July 2017, the department reports on OMB's IT Dashboard that it meets only one (power usage efficiency) of the five data center optimization metric targets that OMB currently requires agencies to report against. In addition, the department reports that it does not meet the remaining four targets (related to server utilization and monitoring, energy metering, server virtualization, and data center facility space). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of State
    Status: Open

    Comments: The Department of State agreed with our recommendation, and has taken initial steps to implement it. In June 2016, the department stated in correspondence to GAO that it planned to follow the Office of Management and Budget's (OMB) guidance on optimizing data centers and would take action to improve the defined areas that Data Center Optimization Initiative identifies. Specifically, as of July 2017, the department reports on OMB's IT Dashboard that it meets only one (power usage efficiency) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, the department reported that it does not meet the remaining four targets (related to server utilization and monitoring, energy metering, server virtualization, and data center facility space). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency agreed with our recommendation, and has taken initial steps to implement it. In May 2016, the agency stated in correspondence to GAO that it had directed data center stakeholders to place an emphasis on virtualizing physical servers and moving server-based applications to the cloud or a core data center. The agency added that the estimated increase for each optimization metric would be determined after data consolidation plans were finalized. As of July 2017, EPA reports on the Office of Management and Budget's (OMB) IT Dashboard that it meets three (energy metering, server virtualization, and power usage efficiency) of the five data center optimization metric targets OMB currently requires agencies to report against. However, EPA reports that it does not yet met the remaining two targets (related to server utilization and monitoring, and data center facility space). We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: General Services Administration
    Status: Open

    Comments: The General Services Administration (GSA) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, the agency stated in correspondence to GAO that it had developed an action plan to improve optimization progress. For example, GSA's action plan stated that the agency planned to create a new inventory of their data centers in order to establish a baseline to help in planning for data center closures, as well as collecting more accurate data for cost saving calculations. The agency also planned to create a new and better cost saving model and noted that it planned to refresh the cost model semi-annually. Finally, GSA intended to improve the required metrics set forth by the Office of Management and Budget (OMB) by eliminating physical machines and increasing virtualization whenever possible. As of July 2017, GSA reports on OMB's IT Dashboard that it meets one (server utilization and monitoring) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, GSA reports that it does not meet the remaining four targets (related to energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, NASA stated in correspondence to GAO that it planned to develop improvement strategies for each deficient metric and hold meetings with all of the data center owners to explain the improvement strategies and further educate the data center owners on how to create efficiencies. NASA added that the anticipated completion for this is July 2017. However, as of July 2017, NASA reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not meet any of the five data optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: The Nuclear Regulatory Commission (NRC) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, NRC stated in correspondence to GAO that it was pursuing development of a hybrid data center that will allow many data center functions to be performed in the cloud, allowing for more optimization, including the ability to better meet optimization targets (including those related to both cost savings and optimization) established by the Office of Management and Budget (OMB) through the Data Center Optimization Initiative. As of July 2017, NRC reports on OMB's IT Dashboard that it meets one (server virtualization) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, the agency reports that it does not meet the remaining four targets (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Office of Personnel Management
    Status: Open

    Comments: The Office of Personnel Management (OPM) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, OPM stated in correspondence to GAO that it was committed to meeting the targets associated with the agency's data center optimization efforts. The agency added that challenges would be addressed as plans evolved to meet current targets and within current funding. As of July 2017, OPM reports on the Office of Management and Budget's (OMB) IT Dashboard that it meets only one (server virtualization) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, the agency reports that it does not meet the remaining four targets (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the agency's progress in implementing this recommendation and update accordingly.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: United States Agency for International Development
    Status: Open

    Comments: The U.S. Agency for International Development (USAID) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, USAID stated in correspondence to GAO that it was planning to take action to improve progress in the remaining two areas that we reported as not meeting the Office of Management and Budget's (OMB) optimization targets, including addressing any identifying challenges. The agency noted that its target completion date for implementing our recommendation was February 2017. However, as of July 2017, USAID reports on OMB's IT Dashboard that it does not yet meet the server utilization and monitoring metric target, which is the only metric applicable to USAID. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Director: Jessica Lucas-Judy
    Phone: (202) 512-9110

    7 open recommendations
    including 1 priority recommendation
    Recommendation: The Commissioner of Internal Revenue should establish, document, and implement an organizational structure identifying responsibility for defining objectives with an appropriate line of reporting for measuring costs and results for information referrals.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of January 2017, IRS has taken some action to implement this recommendation. IRS told us it established a cross-functional team in February 2016 to conduct a comprehensive review of IRS's referral programs, including the information referral process. IRS completed its review and plan for the organizational structure in December 2016. The Wage and Investment division will retain the intake and screening responsibilities. The Small Business and Self-Employed division will be responsible for defining objectives and monitoring results for information referrals. We continue to monitor IRS implementation of the planned cost and results measurement and reporting.
    Recommendation: The Commissioner of Internal Revenue should ensure that the IRM has internal controls for processing information referrals by establishing, documenting, and implementing supervisory review and segregation of duties for inventory management reporting procedures.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of January 2017, IRS has taken some action on this recommendation. IRS told us it established a cross-functional team in February 2016 to conduct a comprehensive review of IRS's referral programs, including the information referral process. IRS completed its review and plan for the organizational structure in December 2016. Once IRS approves the organizational structure, IRS will document new and updated screening and routing procedures in the Internal Revenue Manual as well as guidance for the Image Control Team and other IRS units receiving information referrals. IRS plans to implement this recommendation by September 2017.
    Recommendation: The Commissioner of Internal Revenue should ensure that the IRM has internal controls for processing information referrals by establishing, documenting, and implementing ongoing monitoring of information referrals retained for destruction, including a mechanism for tracking the reasons referrals were retained prior to destruction.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of January 2017, IRS has taken some action to implement this recommendation. IRS told us it established a cross-functional team in February 2016 to conduct a comprehensive review of IRS's referral programs, including the information referral process. IRS completed its review and plan for the organizational structure in December 2016. Once IRS approves the organizational structure, IRS will establish and document Internal Revenue Manual procedures, including criteria for retaining information referrals for destruction. IRS plans to implement this recommendation by September 2017.
    Recommendation: The Commissioner of Internal Revenue should ensure that the IRM has internal controls for processing information referrals by establishing, documenting, and implementing procedures for each IRS operating unit receiving information referrals to provide feedback on the number and types of referrals misrouted and on their disposition, and a mechanism to analyze patterns of misroute errors.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of January 2017, IRS has taken some action to implement this recommendation. IRS told us it established a cross-functional team in February 2016 to conduct a comprehensive review of IRS's referral programs, including the information referral process. IRS completed its review and plan for the organizational structure in December 2016. Once IRS approves the organizational structure, IRS will establish and document Internal Revenue Manual procedures, including guidelines for IRS units receiving information referrals. IRS plans to implement this recommendation by September 2017.
    Recommendation: The Commissioner of Internal Revenue should establish a coordination mechanism to facilitate communication and information sharing across IRS referral programs on crosscutting tax issues and ways to improve efficiency in the mechanisms for public reporting of possible tax violations.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of March 2017, IRS had taken some action to establish a coordination mechanism to help IRS referral programs communicate and share information, as GAO recommended in its February 2016 report. IRS established a cross-functional team in February 2016 to comprehensively review IRS's referral programs. Among other things, this team is to explore aligning all IRS referral programs within an organizational structure to more efficiently coordinate, communicate, and share information across the referral programs by December 2017. As of March 2017, the Deputy Commissioner of Services and Enforcement directed the largest recipient of referrals to facilitate quarterly meetings in order to improve communication and information sharing across multiple IRS referral programs. The meetings are scheduled to begin by summer 2017.
    Recommendation: The Commissioner of Internal Revenue should direct the referral programs to establish a mechanism to coordinate on a plan and timeline for developing a consolidated, online referral submission in order to better position IRS to leverage specialized expertise while exploring options to further consolidate the initial screening operations.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open
    Priority recommendation

    Comments: As of March 2017, IRS had taken some action to establish a mechanism to coordinate on a plan and timeline for developing a consolidated, online referral submission, as GAO recommended in its February 2016 report. IRS established a cross-functional team in February 2016 to comprehensively review IRS's referral programs. Among other things, the team has explored options to consolidate the initial screening operations and determine the scope and complexity for moving the referral process to an online format. According to IRS, an electronic submission process is expected to provide better access to the program and reduce the burden associated with making a written report or referral. In November 2016, the cross-functional team requested information technology resources for fiscal year 2019 to develop an online system which could potentially replace four separate referral forms, filter out incomplete referrals, and electronically route referrals for further IRS action. IRS assessed options for consolidating all forms for the various referral programs and determined that consolidating them to a single form was not feasible due to the technical nature and complexity of the various referral types. As of March 2017, the cross-functional team has worked with IRS On Line Services to develop an online application prototype and is also considering the cost-effectiveness of a commercial off-the-shelf product. According to the IRS, the online application will make it easier for the public to report possible tax violations. Also, the online system will improve efficiency in coordination and provide reports that will be incorporated into the quarterly coordination meetings, to achieve a broader collaborative mechanism across the multiple referral programs. IRS has said it will consider further consolidating the referral programs once the online application is in place.
    Recommendation: The Commissioner of Internal Revenue should ensure that the Internal Revenue Manual (IRM) has internal controls for processing information referrals by establishing, documenting, and implementing procedures for maintaining and communicating the information referral screening and routing guidelines to the Image Control Team (ICT) and IRS units receiving information referrals as well as procedures for ICT screening and routing operations.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: As of January 2017, IRS has taken some action on this recommendation. IRS told us it established a cross-functional team in February 2016 to conduct a comprehensive review of IRS's referral programs, including the information referral process. IRS completed its review and plan for the organizational structure in December 2016. Once IRS approves the organizational structure, IRS will document new and updated screening and routing procedures in the Internal Revenue Manual as well as guidance for the Image Control Team and other IRS units receiving information referrals. IRS plans to implement this recommendation by September 2017.
    Director: J. Alfredo Gómez
    Phone: (202) 512-3841

    3 open recommendations
    including 1 priority recommendation
    Recommendation: As EPA and USDA continue to consider ways to track and promote water utilities' implementation of asset management, the Administrator of EPA should direct the Office of Groundwater and Drinking Water and Office of Wastewater Management to continue to include questions on water utilities' use of asset management in the clean water needs assessment and consider including questions about water utilities' use of asset management in future drinking water infrastructure needs assessment surveys.

    Agency: Environmental Protection Agency
    Status: Open
    Priority recommendation

    Comments: As of March 2017, EPA has convened a workgroup of 40 people representing states, technical advisers, EPA, and USDA. It will develop new asset management outreach tools directed towards local decision makers. The group will meet quarterly and plans to issue tools and resources by fall 2017.
    Recommendation: As EPA and USDA continue to consider ways to track and promote water utilities' implementation of asset management, the Administrator of EPA, and the Secretary of USDA, through the Rural Development Agency, should consider compiling into one document the existing cases and examples of the benefits and costs of asset management and widely share this information with water utilities.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of March 2017, EPA has convened a workgroup of 40 people representing states, technical advisers, EPA, and USDA. It will develop new asset management outreach tools directed towards local decision makers. The group will meet quarterly and plans to issue tools and resources by fall 2017.
    Recommendation: As EPA and USDA continue to consider ways to track and promote water utilities' implementation of asset management, the Administrator of EPA, and the Secretary of USDA, through the Rural Development Agency, should consider compiling into one document the existing cases and examples of the benefits and costs of asset management and widely share this information with water utilities.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In March 2017, EPA had convened a workgroup of 40 people representing states, technical advisers, EPA, and USDA. It will develop new asset management outreach tools directed towards local decision makers. The group will meet quarterly and plans to issue a best practices document by April 2017 and a webinar by May 2017.
    Director: Anne-Marie Fennell
    Phone: (202) 512-3841

    1 open recommendations
    Recommendation: To improve NMFS' ability to capitalize on its efforts to improve fisheries data collection for managing marine recreational fisheries, the Secretary of Commerce should direct the National Oceanic and Atmospheric Administration's Assistant Administrator for Fisheries to develop a comprehensive strategy to guide NMFS' implementation of its marine recreational fisheries data collection program efforts, including a means to measure progress in implementing this strategy and to communicate information to stakeholders. As part of this strategy, NMFS should clearly identify and communicate programmatic goals, determine the program activities and resources needed to accomplish the goals, and establish time frames and performance measures to track progress in implementing the strategy and accomplishing goals.

    Agency: Department of Commerce
    Status: Open

    Comments: In April 2017, a NOAA official stated that the agency expects to develop a strategy in accordance with our recommendation not later than July 2017.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    5 open recommendations
    including 1 priority recommendation
    Recommendation: To improve VA's efforts to effectively complete the development and implementation of VBMS, the Secretary of Veterans Affairs should direct the Under Secretary for Benefits and the Chief Information Officer to develop an updated plan for VBMS that includes (1) a schedule for when VBA intends to complete development and implementation of the system, including capabilities that fully support disability claims, pension claims, and appeals processing and (2) the estimated cost to complete development and implementation of the system.

    Agency: Department of Veterans Affairs
    Status: Open
    Priority recommendation

    Comments: The Department of Veterans Affairs (VA) concurred with our recommendation calling for an updated plan for the Veterans Benefits Management System. However, as of June 2017, the department had not developed a plan that included a schedule for when the Veterans Benefits Administration intends to complete development and implementation of the system, as well as the estimated cost of doing so. We will continue to monitor VA's actions in response to this recommendation.
    Recommendation: To improve VA's efforts to effectively complete the development and implementation of VBMS, the Secretary of Veterans Affairs should direct the Under Secretary for Benefits and the Chief Information Officer to establish goals for system response time and use the goals as a basis for periodically reporting actual system performance.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department of Veterans Affairs (VA) concurred with this recommendation and reported that the Veterans Benefits Management System (VBMS) program office has developed draft metrics for performance of the system. Specifically, VA stated that the office has established key performance indicators as a basis for monitoring the response times of the most commonly executed user transactions (or work events) within VBMS. According to the department, these indicators have been incorporated into the application's continuous monitoring tools for all service level agreements and these agreements are enforced by the VA Service Level Management Board. Nevertheless, as of June 2017, VA had not identified its goals for VBMS response times, nor had the department reported actual system response times. We will continue to monitor VA's actions toward addressing this recommendation.
    Recommendation: To improve VA's efforts to effectively complete the development and implementation of VBMS, the Secretary of Veterans Affairs should direct the Under Secretary for Benefits and the Chief Information Officer to reduce the incidence of high- and medium-priority level defects that are present at the time of future VBMS releases.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department of Veterans Affairs (VA) concurred with this recommendation and, in June 2017, reiterated its plans and procedures for decreasing the incidences of defects in each system release. However, the incidences of high- and medium-priority level defects at the time of recent VBMS releases (i.e., releases 10.1 and 11.0) had increased relative to the number of defects present at the time of the earlier release (i.e., release 8.1) that we described in our report. We will continue to monitor VA's actions and progress in response to this recommendation.
    Recommendation: To improve VA's efforts to effectively complete the development and implementation of VBMS, the Secretary of Veterans Affairs should direct the Under Secretary for Benefits and the Chief Information Officer to develop and administer a statistically valid survey of VBMS users to determine the effectiveness of steps taken to make improvements in users' satisfaction.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department of Veterans Affairs (VA) concurred with this recommendation and in January 2017, conducted a survey of VBMS users that was sent to over 16,000 claims processors at each of its 56 regional offices. Although 52 percent of respondents indicated that they were very satisfied or satisfied with VBMS, the department received only about 2500 responses to the survey for a 15 percent response rate. This low response rate raises concern about whether the survey results are statistically valid. We have requested additional information from VA to determine any actions the department has taken to ensure the statistical validity of its survey results and will assess any information that is provided.
    Recommendation: To improve VA's efforts to effectively complete the development and implementation of VBMS, the Secretary of Veterans Affairs should direct the Under Secretary for Benefits and the Chief Information Officer to establish goals that define customer satisfaction with VBMS and report on actual performance toward achieving the goals based on the results of GAO's survey of VBMS users and any future surveys VA conducts.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department of Veterans Affairs (VA) concurred with this recommendation and conducted a survey of VBMS users in January 2017. However, as of June 2017, the department had yet to develop customer satisfaction goals for VBMS that would provide users with an expectation of the system response times they should anticipate, and management with an indication of how well the system is performing relative to performance goals.
    Director: Mctigue Jr, James R
    Phone: (202) 512-9110

    2 open recommendations
    Recommendation: To better ensure the EO unit's adherence to the TE/GE division's mission of "applying the tax law with integrity and fairness to all" in selecting exempt organizations to review or examine, the Commissioner of Internal Revenue should direct EO to develop, document, and implement additional monitoring procedures in order to ensure case selection controls, including ensuring that procedures for obtaining required signatures and documenting explanations for selection decisions, are being followed.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: The Internal Revenue Service's Exempt Organizations (EO) unit issued a memo, in October 2015, to Area Managers requiring that they complete monthly sample reviews of closed and dismissed cases to ensure that proper managerial approvals are documented. EO also issued a memo, in April 2016, to examination staff and managers, emphasizing the importance of documenting justifications for examination dismissals. Additionally, operational reviews are conducted to ensure that the monitoring samples are being reviewed. In January 2017, EO's Exempt Organization Classification Area (EOCA) resumed quality reviews, which includes a review of documentation and EOCA database entries. As of May 2017, monitoring has not increased for EO referrals.
    Recommendation: In addition, the Commissioner of Internal Revenue should determine what additional controls may be needed to ensure that all closed examination files are tracked and maintained accurately.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In 2016, the Tax Exempt and Government Entities Unit (TE/GE) reviewed its internal processes and procedures and met with the Wage and investment (W&I) Files Unit to discuss procedures for requesting closed case files, according to Exempt Organizations Examinations (EOE) officials. TE/GE developed a desk guide for the Exempt Organizations Case Selection and Delivery Unit to document the procedures for requesting, tracking and monitoring closed case file requests. In addition, TE/GE provided recommendations to the W&I Files unit on modifications to the Internal Revenue Manual (IRM) that would facilitate coordination; as of June 2017, W&I has not implemented these recommendations. The EOE unit will also continue to expand electronic case management efficiencies.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To improve the effectiveness of OMB streamlining efforts and ensure agency CIOs are better able to carry out their responsibilities in managing IT, including implementing OMB's IT reform initiatives, the Director of OMB should direct the Federal CIO, in collaboration with agency CIOs, to ensure there is a common understanding with agency CIOs on the priority of the current reporting requirements and related IT reform initiatives. This should include addressing underlying reasons cited by CIOs regarding the usefulness of requirements, including when department priorities are reportedly different than OMB's and the burdensome and duplicative nature of requirements.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) neither agreed or disagreed with our recommendation. Subsequently, OMB has taken steps to address some aspects of our recommendation. Specifically, in January 2017, OMB worked with the Chief Information Officer (CIO) Council to issue a report entitled "State of Federal Information Technology (SOFIT)" which outlined current IT trends and their key challenges, and made recommendations to improve implementation efforts. Notably, the report also identified differences in priorities between OMB and agency CIOs on key IT reform initiatives and the need for improved reporting requirements. In addition, in June 2017, OMB staff reported that they met the CIO and head of each agency this past spring regarding their priorities and challenges. While these are positive steps toward ensuring a common understanding of these initiatives and reporting requirements, OMB still needs to take action to address the underlying reasons for these differences in priorities and reduce burdensome and duplicative requirements. Until OMB takes action in these areas, there is a risk that key IT reform initiatives may not fully succeed. We will continue to evaluate OMB's progress in addressing our recommendation.
    Director: David Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To improve the reliability and reporting of investment performance information and management of selected major investments, the Commissioner of the IRS should direct the Chief Technology Officer to modify reporting of the Affordable Care Act Administration testing status to senior management to include a comprehensive report on all impacted systems--including an explanation for why impacted systems were not tested at a particular level--and ensure this reporting is aligned with the manner in which testing is being performed.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: IRS disagreed with this recommendation at the time we made it stating that it followed a rigorous risk-based process for planning the tests of ACA-impacted systems, including the types and levels of testing, and that it had comprehensive reporting for the filing season 2015 release, which included ACA impacted systems. However, as noted in our report, our review of ACA Testing Review Checkpoint reports and filing season reports, which officials stated were used to provide comprehensive reports to senior managers, did not identify the status of testing for all systems impacted by ACA Releases 5.0 and 6.0. We therefore concluded that the recommendation was still valid. As of July 2017, IRS had not changed its position. We will be following up with the agency to discuss the recommendation.
    Director: Sullivan, Michael J
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help improve DOD's milestone decision process, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics in collaboration with the military service acquisition executives, program executive officers, and program managers to, as a longer-term effort, select several current or new major defense acquisition programs to pilot, on a broader scale, different approaches for streamlining the entire milestone decision process, with the results evaluated and reported for potential wider use. The pilot programs should consider the following: (1) Defining the appropriate information needed to support milestone decisions while still ensuring program accountability and oversight. The information should be based on the business case principles needed for well-informed milestone decisions including well defined requirements, reasonable life-cycle cost estimates, and a knowledge-based acquisition plan. (2) Developing an efficient process for providing this information to the milestone decision authority by (a) minimizing any reviews between the program office and the different functional staff offices within each chain of command level and (b) establishing frequent, regular interaction between the program office and milestone decision makers, in lieu of documentation reviews, to help expedite the process.

    Agency: Department of Defense
    Status: Open

    Comments: The Office of the Secretary of Defense issued a policy directive called Better Buying Power 3.0 in April 2015, which addresses this recommendation to pilot acquisition programs for streamlining. In September 2015, DOD designated one Navy program, the Next Generation Jammer, as a pilot program with streamlined oversight, processes, and documentation. The program manager believes that implementation of this model has allowed for more focus on improving program execution by significantly shortening decision cycle time and appropriately tailoring acquisition requirements. The Air Force and Army have not designated pilot programs at this time.
    Director: Melvin, Valerie C
    Phone: (202) 512-6304

    3 open recommendations
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to improve reporting of FOIA costs by including salaries, employee benefits, non-personnel direct costs, indirect costs, and costs for other offices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In responding to our recommendation, DHS said it has developed a spreadsheet that is to be used by its components to track FOIA costs. However, as of September 2017, DHS has not yet provided information containing such details as when its components will be required to use the spreadsheet and if the spreadsheet is to track all the categories of costs discussed in our report. We plan to update the status of this recommendation when DHS provides documentation that further explains, and confirms the department's use of, the spreadsheet.
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to direct USCIS and Coast Guard to fully implement the recommended FOIA processing system capabilities and the section 508 requirement.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS issued a memo to all of the department's FOIA officers in March 2015 which focused on ensuring that each component's FOIA processing systems are 508 compliant. However, as of September 2017, DHS has not yet provided us with evidence that the U.S. Citizenship and Immigration Services and the Coast Guard have implemented system capabilities that are 508 compliant. When DHS provides information concerning its actions taken to make the systems compliant, we will update the status of the recommendation.
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to determine the viability of re-establishing the service-level agreement between the U.S. Citizenship and Immigration Services (USCIS) and U.S. Immigration and Customs Enforcement to eliminate duplication in the processing of immigration files. If the benefits of doing so would exceed the costs, re-establish the agreement.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has stated that it is taking steps to determine if the U.S. Immigration and Customs Enforcement and the U.S. Citizenship and Immigration Services will re-establish the service-level agreement to process FOIA requests related to immigration files. In addition, the department has stated that duplication no longer exists in the processing of these type of requests. However, DHS has not yet provided evidence, such as a cost-benefit analysis, that could demonstrate the steps it is taking regarding the service-level agreement. Further, GAO has not yet received evidence from the department to support its assertion that duplication no longer exists in the processing of immigration files. We will update the status of this recommendation when DHS provides documentation.
    Director: David A. Powner
    Phone: (202) 512-9286

    10 open recommendations
    including 2 priority recommendations
    Recommendation: The Secretaries of HHS, the Interior, Justice, and Labor, and the Administrators of GSA and NASA should complete action plans for addressing their challenges in reporting cost savings, as discussed in this report.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services agreed with, and has taken initial steps to implement, our recommendation. In June 2015, the department reported that it had begun an effort to calculate the tangible cost savings and avoidances derived from closing over 50 data centers as part of its data center consolidation efforts. As of March 2017, the department reported that it had closed a total of 74 data centers and had identified $6.64 million in cost savings and avoidances, which is approximately $2.30 million more than what we reported in September 2014. However, the identified cost savings does not include any savings from fiscal years 2015 or 2016. Accordingly, we conclude the department has not yet completed efforts to address challenges in calculating cost savings and avoidances. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of HHS, the Interior, Justice, and Labor, and the Administrators of GSA and NASA should complete action plans for addressing their challenges in reporting cost savings, as discussed in this report.

    Agency: Department of the Interior
    Status: Open

    Comments: The Department of the Interior agreed with, and has taken initial steps to implement, our recommendation. Specifically, in December 2014, the Interior's Deputy Assistant Secretary for Policy, Management and Budget established a series of steps toward addressing our recommendation. The steps include, for example, consolidating and streamlining data center consolidation reporting processes, developing a template that all department bureaus and offices are required to use, and issuing a directive requiring consistent reporting for all data center cost savings and avoidances. In addition, the department submitted a Data Center Optimization Initiative strategic plan to the Office of Management and Budget (OMB) in September 2016. In the plan, the department reported closing 53 data centers and achieving $4.4 million in cost savings and avoidances in fiscal year 2016. However, the plan does not indicate how the department will address identified challenges nor does it indicate whether the department has successfully implemented its directive on consistent monitoring of cost savings and avoidances. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of HHS, the Interior, Justice, and Labor, and the Administrators of GSA and NASA should complete action plans for addressing their challenges in reporting cost savings, as discussed in this report.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor agreed with, and has taken initial steps to implement, our recommendation. In September 2015, the department stated that its Office of the Chief Information Officer was working to develop an enterprise data center inventory as part of the department-wide Data Center Consolidation Initiative Working Group. In September 2016, the department submitted its Data Center Optimization Initiative plan to the Office of Management and Budget. The plan reported that the department had closed 28 non-tiered data centers in fiscal year 2016 and indicated that the department had historical cost savings of $4.85 million to date. However, as of March 2017, the department had not yet reported any resulting cost savings or avoidances in its quarterly report to OMB. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of Agriculture, Commerce, Defense, Energy, the Interior, Transportation, the Treasury, and Department of Veterans Affairs; the Administrators of the Environmental Protection Agency and NASA; and the Director of the Office of Personnel Management should direct responsible officials to report all data center consolidation cost savings and avoidances to OMB in accordance with established guidance.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Department of Agriculture agreed with, and has taken initial steps to implement, our recommendation. In September 2014, we found that the department reported fiscal year 2012 through 2015 cost savings and avoidances of $244.17 million to GAO, but had only reported $71.20 million to the Office of Management and Budget (OMB)--a difference of approximately $172.97 million. Moreover, as of March 2017, the department still had not yet fully reported its savings to OMB, as we recommended. Specifically, the department had reported a total of about $25.07 million in cost savings and avoidances to OMB from fiscal years 2012 to 2016--an amount that is approximately $219.1 million short of the total savings and avoidances that the department had reported to GAO as of September 2014. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of Agriculture, Commerce, Defense, Energy, the Interior, Transportation, the Treasury, and Department of Veterans Affairs; the Administrators of the Environmental Protection Agency and NASA; and the Director of the Office of Personnel Management should direct responsible officials to report all data center consolidation cost savings and avoidances to OMB in accordance with established guidance.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: DOD concurred with, and has taken initial steps to implement, our priority recommendation. In March 2016, we determined that the department had identified a total of about $1.07 billion in data center consolidation cost savings from fiscal year 2012 through 2016. However, as of March 2017, the department had not yet fully reported its savings to the Office of Management and Budget, as we recommended. Specifically, as of June 2016, the department reported $859 million in savings to the Office of Management and Budget--an amount $211 million less than the $1.07 billion previously reported to us. However, as of March 2017, the department only reported $331 million to the Office of Management and Budget--a decrease of $528 million and $739 million less than what was previously reported to us. In light of the department's considerable planned savings, and the significant decrease in what is being reported, full and accurate reporting by the department is critical toward ensuring that the Office of Management and Budget and Congress have the ability to oversee DOD's progress against key data center consolidation initiative goals.
    Recommendation: The Secretaries of Agriculture, Commerce, Defense, Energy, the Interior, Transportation, the Treasury, and Department of Veterans Affairs; the Administrators of the Environmental Protection Agency and NASA; and the Director of the Office of Personnel Management should direct responsible officials to report all data center consolidation cost savings and avoidances to OMB in accordance with established guidance.

    Agency: Department of the Interior
    Status: Open

    Comments: The Department of the Interior agreed with, and has taken initial steps to implement, our recommendation. In September 2014, we found that the department had reported fiscal year 2012 to 2015 cost savings and avoidances of $84.42 million to GAO, but had only reported $13.59 million to OMB--a difference of approximately $70.83 million. Moreover, as of February 2017, the department had not yet fully reported its savings to OMB, as we recommended. Specifically, the department had reported a total of about $13.61 million in cost savings and avoidances to OMB from fiscal years 2012 to 2016--an amount that is approximately $70.81 million short of the total savings and avoidances that the department had reported to GAO as of September 2014. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of Agriculture, Commerce, Defense, Energy, the Interior, Transportation, the Treasury, and Department of Veterans Affairs; the Administrators of the Environmental Protection Agency and NASA; and the Director of the Office of Personnel Management should direct responsible officials to report all data center consolidation cost savings and avoidances to OMB in accordance with established guidance.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation agreed with our recommendation, but had not yet taken steps to implement it. In September 2014, we found that the department had reported fiscal year 2012 to 2015 cost savings and avoidances of $140.18 million to GAO, but had only reported $7.36 million to OMB--a difference of approximately $132.82 million. However, in February 2017, the department had still only reported a total of $4.89 million in data center consolidation savings and avoidance to OMB. We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of Agriculture, Commerce, Defense, Energy, the Interior, Transportation, the Treasury, and Department of Veterans Affairs; the Administrators of the Environmental Protection Agency and NASA; and the Director of the Office of Personnel Management should direct responsible officials to report all data center consolidation cost savings and avoidances to OMB in accordance with established guidance.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: Treasury did not comment on this recommendation and has not comprehensively reported cost savings and avoidances, as we recommended. For example, as of March 2017, Treasury had reported about $1.14 billion in data center consolidation-related cost avoidances in its quarterly report to OMB--an increase of about $734 million compared to a previous report. However, the department has not yet reported to OMB other cost avoidances totaling about $210 million that the department had previously reported to us. We will continue to monitor Treasury's progress against this recommendation.
    Recommendation: The Secretaries of Agriculture, Commerce, Defense, Energy, the Interior, Transportation, the Treasury, and Department of Veterans Affairs; the Administrators of the Environmental Protection Agency and NASA; and the Director of the Office of Personnel Management should direct responsible officials to report all data center consolidation cost savings and avoidances to OMB in accordance with established guidance.

    Agency: Office of Personnel Management
    Status: Open

    Comments: The Office of Personnel Management agreed with our recommendation, but has not yet taken steps to implement it. In September 2014, we found that the agency had reported fiscal year 2012 to 2015 cost savings and avoidances of $3.40 million to GAO, but had not reported any of its savings and avoidances to the Office of Management and Budget as required. As of March 2017, the agency had not yet reported any data center consolidation cost savings and avoidances to the Office of Management and Budget. We will continue to evaluate the agency's progress in implementing this recommendation.
    Recommendation: To better ensure that the Federal Data Center Consolidation Initiative (FDCCI) improves governmental efficiency and achieves cost savings, the Director of OMB should direct the Federal chief information officer (CIO) to utilize the existing PortfolioStat review sessions to assist the Department of Health and Human Services (HHS), Interior, Justice, Labor, the General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) in identifying data center consolidation cost savings opportunities.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) agreed with, and has taken initial steps to implement, our recommendation. Specifically, in June 2015, OMB issued a memorandum that discussed the fiscal year 2015 PortfolioStat requirements, including that agencies should hold PortfolioStat sessions on a quarterly basis (versus annually, as done previously) with OMB, the agency chief information officer, and other attendees. The memorandum also stated that, during these sessions, agencies are expected to discuss a strategy to reduce duplication and waste within the IT portfolio of the agency, identify projected cost savings resulting from such strategy, and identify ways to increase the efficiency and effectiveness of IT investments, among other things. However, as of March 2017, several agencies were still reporting limited savings from their consolidation efforts. For example, the Department of Transportation reported closing 146 data centers through February 2017, but had reported only $4.9 million in savings. As another example, the Department of Labor reported closing 25 data centers through February 2017, but reported no resulting cost savings. Until OMB assists these agencies with limited or no cost savings reported, they may not be able to identify the full extent of savings from their consolidation efforts. We will continue to evaluate OMB's progress in implementing this recommendation.
    Director: Charles Jeszeck
    Phone: (202) 512-7215

    6 open recommendations
    including 1 priority recommendation
    Recommendation: To better protect plan sponsors and participants who use managed account services, the Secretary of Labor should direct the Assistant Secretary for the Employee Benefits Security Administration (EBSA) to review provider practices related to additional managed account services offered to participants in or near retirement, with the aim of determining whether conflicts of interest exist and, if it determines it is necessary, taking the appropriate action to remedy the issue.

    Agency: Department of Labor
    Status: Open

    Comments: In 2014, DOL agreed to include these practices in its current review of investment advice conflicts of interest, noting that such conflicts continue to be a concern. In April 2015, a proposed regulation was published in the Federal Register on the definition of a "fiduciary" of an employee benefit plan under the Employee Retirement Income Security Act of 1974 (ERISA) as a result of giving investment advice to a plan or its participants or beneficiaries. The proposal would widen the array of advice relationships under which someone would be considered a fiduciary under ERISA more broadly than existing regulations. This would increase consumer protection for plan sponsors, fiduciaries, participants, beneficiaries and IRA owners. An initial comment period closed on July 21, 2015. DOL held a public hearing on August 10-13, 2015, and reopened the comment period until September 24. GAO will monitor the progress of this proposed rule.
    Recommendation: To better protect plan sponsors and participants who use managed account services, the Secretary of Labor should direct the Assistant Secretary for the EBSA to consider the fiduciary status of managed account providers when they offer services on an opt-in basis and, if necessary, make regulatory changes or provide guidance to address any issues.

    Agency: Department of Labor
    Status: Open
    Priority recommendation

    Comments: DOL concurred with this recommendation and agreed to review existing guidance and consider whether additional guidance is needed in light of the various business models we described. As of May 2017, DOL is continuing these efforts. To implement this recommendation, DOL should complete its efforts to consider managed account service provider practices and fiduciary roles and take any necessary action to address potential issues to ensure that sponsors and participants receive unconflicted managed account services from qualified managers.
    Recommendation: To help sponsors who offer managed account services or who are considering doing so better protect their 401(k) plan participants, the Secretary of Labor should direct the Assistant Secretary for EBSA to require plan sponsors to request from record keepers more than one managed account provider option, and notify the Department of Labor if record keepers fail to do so.

    Agency: Department of Labor
    Status: Open

    Comments: DOL agreed to consider this recommendation in connection with its current regulatory project on standards for brokerage windows in participant-directed individual account plans. The project has been moved to the long-term action category of DOL's regulatory agenda. DOL will also consider the extent of its legal authority to effectively require that plans have more than one managed account service provider or to require that record keepers offer more than one managed account provider as part of their service agreements. GAO believes requiring plan sponsors to ask for more than one choice of a provider -- which is slightly different than how DOL has characterized it--may be an effective method of broadening plan sponsors' choices of managed account providers. However, GAO also agrees that DOL should examine the scope of its existing authority in considering how it might implement this recommendation.
    Recommendation: To help sponsors and participants more effectively assess the performance of managed accounts, the Secretary of Labor should direct the Assistant Secretary for EBSA to amend participant disclosure regulations to require that sponsors furnish standardized performance and benchmarking information to participants. To accomplish this, EBSA could promulgate regulations that would require sponsors who offer managed account services to provide their participants with standardized performance and benchmarking information on managed accounts. For example, sponsors could periodically furnish each managed account participant with the aggregate performance of participants' managed account portfolios and returns for broad-based securities market indexes and applicable customized benchmarks, based on those benchmarks provided for the plan's designated investment alternatives.

    Agency: Department of Labor
    Status: Open

    Comments: DOL agreed to consider this recommendation in connection with (1) its regulatory project on standards for brokerage windows in participant directed individual account plans and (2) open proposed rulemaking project involving the qualified default investment alternative and participant-level fee disclosure regulations. These projects have been moved to the long-term action category of DOL's regulatory agenda.
    Recommendation: To help sponsors and participants more effectively assess the performance of managed accounts, the Secretary of Labor should direct the Assistant Secretary for EBSA to amend service provider disclosure regulations to require that providers furnish standardized performance and benchmarking information to sponsors. To accomplish this, EBSA could promulgate regulations that would require service providers to disclose to sponsors standardized performance and benchmarking information on managed accounts. For example, providers could, prior to selection and periodically thereafter, as applicable, furnish sponsors with aggregated returns for generalized conservative, moderate, and aggressive portfolios, actual managed account portfolio returns for each of the sponsor's participants, and returns for broad-based securities market indexes and applicable customized benchmarks, based on those benchmarks provided for the plan's designated investment alternatives.

    Agency: Department of Labor
    Status: Open

    Comments: DOL agreed to consider this recommendation in connection with (1) its regulatory project on standards for brokerage windows in participant directed individual account plans and (2) open proposed rulemaking project involving the qualified default investment alternative and participant-level fee disclosure regulations. These projects have been moved to the long-term action category of DOL's regulatory agenda.
    Recommendation: To help sponsors who offer managed account services or who are considering doing so better protect their 401(k) plan participants, the Secretary of Labor should direct the Assistant Secretary for EBSA to provide guidance to plan sponsors for selecting and overseeing managed account providers that addresses: (1) the importance of considering multiple providers when choosing a managed account provider, (2) factors to consider when offering managed accounts as a Qualified Default Investment Alternative or on an opt-in basis, and (3) approaches for evaluating the services of managed account providers.

    Agency: Department of Labor
    Status: Open

    Comments: DOL agreed to consider this recommendation in connection with its current regulatory project on standards for brokerage windows in participant-directed individual account plans. DOL intends for this project to address whether potential regulatory or other guidance for such arrangements may be appropriate. The project has been moved to the long-term action category of DOL's regulatory agenda.
    Director: Powner, David A
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretary of Health and Human Services should direct appropriate officials to assess whether it would be cost effective to consolidate the remaining functions of the Medicare coverage determination systems.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We contacted the department and are awaiting a response on its efforts to implement this recommendation.
    Director: Mihm, J Christopher
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: To improve implementation of GPRAMA and help address pressing governance issues, given the common, long-standing difficulties agencies continue to face in measuring the performance of various types of federal programs and activities--contracts, direct services, grants, regulations, research and development, and tax expenditures--the Director of OMB should work with the PIC to develop a detailed approach to examine these difficulties across agencies, including identifying and sharing any promising practices from agencies that have overcome difficulties in measuring the performance of these program types. This approach should include goals, planned actions, and deliverables along with specific time frames for their completion, as well as the identification of the parties responsible for each action and deliverable.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: As of August 2017, OMB and the PIC have taken some limited actions to address this recommendation. According to information provided by staff from OMB and the PIC in June 2015, they had taken some initial steps to address this recommendation in a few areas, such as acquisition management (contracts). In addition, the PIC formed a working group on performance measurement that, in part, is focusing on how to develop appropriate performance measures. However, OMB and the PIC have not yet developed a comprehensive and detailed approach to address these issues as recommended in our report. OMB staff told us in August 2017 that efforts related to the future implementation of the Program Management Improvement Accountability Act could help address this recommendation. We will continue to monitor progress.
    Director: Powner, David A
    Phone: (202)512-9286

    1 open recommendations
    Recommendation: The Commissioner of Internal Revenue should direct the appropriate officials to define and implement a process, including defined criteria, for reselecting ongoing projects.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: Since we made the recommendation, IRS has been working to redesign its investment management process. In June 2016, we reported that the agency had defined and implemented a repeatable process for selecting (and reselecting) operations support activities, though it had not fully documented the process, but did not have a similar process for its business systems modernization activities (GAO-16-545). We recommended that IRS document its process for operations support activities and establish, document, and implement policies and procedures for selecting new and reselecting ongoing business systems modernization activities. IRS agreed with our recommendations and, in January 2017, stated it expected to have an internal draft document of the operations support activities process completed by the end of February 2017 with a draft ready to share with GAO a month later. In addition, for the business systems modernization process, IRS noted several improvements underway and stated it would document the process as it improved by December 2017. We will continue to monitor IRS's efforts to define and implement processes, including criteria, for reselecting ongoing projects.
    Director: Grover, Jennifer A
    Phone: (202) 512-7141

    3 open recommendations
    including 1 priority recommendation
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should perform an internal control assessment of the TWIC program by (1) analyzing existing controls, (2) identifying related weaknesses and risks, and (3) determining cost-effective actions needed to correct or compensate for those weaknesses so that reasonable assurance of meeting TWIC program objectives can be achieved. This assessment should consider weaknesses we identified in this report among other things, and include: (1) strengthening the TWIC program's controls for preventing and detecting identity fraud, such as requiring certain biographic information from applicants and confirming the information to the extent needed to positively identify the individual, or implementing alternative mechanisms to positively identify individuals; (2) defining the term extensive criminal history for use in the adjudication process and ensuring that adjudicators follow a clearly defined and consistently applied process, with clear criteria, in considering the approval or denial of a TWIC for individuals with extensive criminal convictions not defined as permanent or interim disqualifying offenses; and (3) identifying mechanisms for detecting whether TWIC holders continue to meet TWIC disqualifying criminal offense and immigration-related eligibility requirements after TWIC issuance to prevent unqualified individuals from retaining and using authentic TWICs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that internal control weaknesses governing the enrollment, background checking, and use of TWIC potentially limit the program's ability to provide reasonable assurance that access to secure areas of MTSA-regulated facilities is restricted to qualified individuals. We further reported that TSA did not assess the internal controls designed and in place to determine whether they provided reasonable assurance that the program could meet defined mission needs for limiting access to only qualified individuals, and that internal control weaknesses in TWIC enrollment, background checking, and use could have contributed to the breach of selected MTSA-regulated facilities during covert tests conducted by our investigators. We recommended that DHS perform an internal control assessment of the TWIC program by (1) analyzing existing controls, (2) identifying related weaknesses and risks, and (3) determining cost-effective actions needed to correct or compensate for those weaknesses so that reasonable assurance of meeting TWIC program objectives can be achieved. In April 2013, DHS reported that it had taken a number of steps to address our recommendations. For example, it had refreshed and reissued fraudulent document detection training to enrollment personnel; created a mechanism for enrollment personnel to send detailed information of suspected fraud to adjudication personnel; benchmarked TWIC enrollment processes with passport enrollment processes; and defined guidance for adjudicators on the application of discretionary authority. As we reported in May 2013, to determine if the internal control weaknesses identified in our May 2011 report still exist, we conducted limited covert testing in late 2012. Our investigators again acquired an authentic TWIC through fraudulent means and were able to use this card and counterfeit TWIC cards to access areas of ports or port facilities requiring a TWIC for entry at four ports. In February 2014, TSA reported that it, in coordination with Coast Guard and DHS subject matter experts, had established an Executive Steering Committee to address recommendations from the May 2011 report on the TWIC program's internal controls (GAO-11-657). GAO recommended that the internal control assessment be the basis of the effectiveness assessment. In response, the Executive Steering Committee developed an internal control action plan that lists TWIC program control issues GAO identified, along with actions that TSA and the Coast Guard would or would not take to address them. However, based on our review of the internal control action plan and associated documents, and further discussing with TSA officials the methodology used to arrive at the internal control action plan, we determined that the internal control assessment we recommended has not been implemented. Specifically, there is no evidence of a detailed mapping of each policy and process in the program, their interrelationships, and clear linkage to show how actions in one step may enhance or reduce the effectiveness of the TWIC program achieving its stated mission needs. In January 2017 TSA awarded a contract for an internal control assessment of the TWIC program, including the TWIC program?s internal controls of the enrollment, background checking, and credential issuance processes. The assessment, however, is to exclude an assessment of Coast Guard?s role in TWIC enforcement. The project held a kickoff meeting in March of 2017 and is expected to produce final recommendations by August 2017. We believe that this is a positive step towards addressing our recommendation. However, the assessment does not include an evaluation of the use of TWIC, including Coast Guard's role in TWIC enforcement. We continue to believe that the internal control assessment inclusive of TWIC use and the interrelationship between acquiring a TWIC and using it in the maritime environment is needed. For the reasons noted above, this recommendation remains open.
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should conduct an effectiveness assessment that includes addressing internal control weaknesses and, at a minimum, evaluates whether use of TWIC in its present form and planned use with readers would enhance the posture of security beyond efforts already in place given costs and program risks.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: We reported that DHS had not assessed the program's effectiveness at enhancing security. We recommended that DHS conduct an effectiveness assessment that includes addressing internal control weaknesses and, at a minimum, evaluates whether use of TWIC in its present form and planned use with readers would enhance the posture of security beyond efforts already in place given costs and program risks. In March 2012, DHS reported that it agreed that the results and progress of the internal control actions should be used to further evaluate the effectiveness of the TWIC program. They further noted that as the different long term actions progress, DHS will develop specific plans to address this action. In May 2013 (see GAO-13-198), we reported that DHS had not addressed this recommendation. On January 17, 2014, the explanatory statement accompanying the Consolidated Appropriations Act, 2014, directed DHS to complete the assessment that we recommended within 90 days after enactment (April 17, 2014). In February 2014, TSA reported that it, in coordination with Coast Guard and DHS subject matter experts, had established an Executive Steering Committee to address recommendations from the May 2011 report on the TWIC program's internal controls (GAO-11-657). GAO recommended that the internal control assessment be the basis of the effectiveness assessment. In response, the Executive Steering Committee developed an internal control action plan that lists TWIC program control issues GAO identified, along with actions that TSA and the Coast Guard would or would not take to address them. However, based on our review of the internal control action plan and associated documents, and further discussing with TSA officials the methodology used to arrive at the internal control action plan, we determined that the internal control assessment we recommended has not been implemented. Specifically, there is no evidence of a detailed mapping of each policy and process in the program, their interrelationships, and clear linkage to show how actions in one step may enhance or reduce the effectiveness of the TWIC program achieving its stated mission needs. As of March 2017, the internal control assessment we recommended as the basis for initiating the effectiveness assessment had not been completed. However, on January 15, 2016, Coast Guard reported that it had completed its effectiveness assessment. Specifically, DHS completed an effectiveness assessment titled "Security Assessment of the Transportation Worker Identification Credential and Readers." However, the effectiveness assessment did not substantively address the risk concerns identified in our report. For example, the effectiveness assessment lacked the internal control assessment we deem to be the critical first step for fully understanding the TWIC program's controls, costs, and risks. Further, while the effectiveness assessment presented a comparison of alternative credentialing approaches, the assessment did not fully consider, as discussed in our 2011 and 2013 reports, an approach wherein federal security threat assessments could be leveraged in concert with site-specific credentials. The analysis did consider the benefits of updating the TWIC credential to new federal credentialing standards. However, absent from the analysis is a risk-informed basis for disallowing site-specific credentials. While TWIC credentials are developed based on standards aligned with those used by federal entities, each federal entity continues to use site-specific credentials that have varying appearances, rather than a single credential for granting access to all federal entities. This is important, especially because Coast Guard's risk assessment does not include an evaluation of the security benefits and shortfalls that a single credential used nation-wide provide. Absent effectiveness assessment that meets the intent of our recommendation, this recommendation remains open.
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should use the information from the internal control and effectiveness assessments as the basis for evaluating the costs, benefits, security risks, and corrective actions needed to implement the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks as part of conducting the regulatory analysis on implementing a new regulation on the use of TWIC with biometric card readers.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that prior to issuing the regulation on implementing the use of TWIC as a flashpass, DHS conducted a regulatory analysis, which asserted that TWIC would increase security. The analysis included an evaluation of the costs and benefits related to implementing TWIC. We further reported that as a proposed regulation on the use of TWIC with biometric card readers is under development, DHS is to issue a new regulatory analysis. Conducting a regulatory analysis using the information from the internal control and effectiveness assessments as the basis for evaluating the costs, benefits, security risks, and needed corrective actions could better inform and enhance the reliability of the new regulatory analysis. Moreover, these actions could help DHS identify and assess the full costs and benefits of implementing the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks, and help ensure that the TWIC program is more effective and cost-efficient than existing measures or alternatives at enhancing maritime security. We therefore recommended that DHS use the information from the internal control and effectiveness assessments we recommended as the basis for evaluating the costs, benefits, security risks, and corrective actions needed to implement the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks as part of conducting the regulatory analysis on implementing a new regulation on the use of TWIC with biometric card readers. In March 2012, DHS reported that upon completion of the internal control and effectiveness assessments, DHS will evaluate the results to determine any subsequent actions, and that any applicable data or risks will be communicated to the Coast Guard for consideration during their regulatory analysis. However, DHS has not implemented the internal control assessment we recommended, which is to be the basis for the effectiveness assessment and addressing this recommendation. Further, the January 15, 2016 effectiveness assessment titled "Security Assessment of the Transportation Worker Identification Credential and Readers" did not substantively address the risk concerns identified in our report. Given shortfalls that remain in addressing our internal control assessment and effectiveness assessment recommendations, this recommendation remains open pending DHS taking corrective actions. As of March 2017, no further action has been taken.
    Director: Goldstein, Mark L
    Phone: (202)512-6670

    1 open recommendations
    Recommendation: To facilitate the effective governmentwide management of federal spectrum use, and to ensure NTIA's previous efforts to develop a federal strategic plan are not diminished, the Assistant Secretary of Commerce for Communications and Information should develop an updated plan that includes key elements of a strategic plan, as well as information on how spectrum is being used across the federal government, opportunities to increase efficient use of federally allocated spectrum and infrastructure, an assessment of future spectrum needs, and plans to incorporate these needs in the frequency assignment, equipment certification, and review processes.

    Agency: Department of Commerce: National Telecommunications and Information Administration
    Status: Open

    Comments: When we confirm what actions the Department of Commerce has taken in response to this recommendation, we will provide updated information.
    Director: Stephenson, John B
    Phone: (202)512-6225

    2 open recommendations
    Recommendation: To ensure that EPA's library network continues to meet its users' needs, the Administrator of EPA should, in future assistance agreements, make explicit that EPA can include in the agency's public online database, without obtaining prior permission from the copyright holder, any documents produced under the agreements.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: EPA released its "Plan to Increase Access to Results of EPA-Funded Scientific Research" dated November 29, 2016. According to the plan, its purpose is to describe steps that EPA will take to increase the availability of the results of EPA-funded research to the scientific community, environmental policy makers, other stakeholders, and the public in order to accelerate scientific breakthroughs that support the agency's mission and policy making efforts. The plan notes that EPA will create a Forum on Increasing Public Access to EPA Research to implement the plan, and the forum should be established within 4 months after approval of the plan. The plan includes language stating that regulatory licenses for grants, contracts, and cooperative agreements allow the agency to provide the public with access. Upon full implementation, EPA plans to develop extramural award terms and provide guidance to future award recipients and contractors regarding public access to publications, including refraining from signing any agreements with publishers that purport to restrict EPA?s license rights, according to EPA.
    Recommendation: To ensure that EPA's library network continues to meet its users' needs, and for future assistance agreements where EPA cannot make such an arrangement, EPA should digitize documents produced under the agreements and make them available to federal employees and other authorized users for federal government purposes.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: EPA released its "Plan to Increase Access to Results of EPA-Funded Scientific Research" dated November 29, 2016. According to the plan, its purpose is to describe steps that EPA will take to increase the availability of the results of EPA-funded research to the scientific community, environmental policy makers, other stakeholders, and the public in order to accelerate scientific breakthroughs that support the agency's mission and policy making efforts. The plan notes that within 4 months of the approval of the plan, EPA will begin developing additional processes, infrastructure, language, and training needed to increase public access to EPA-funded extramural research publications and data. Once adopted, implementation will begin prospectively with 2018 funded extramural requests for applications for grants, contracts, and cooperative/assistance agreements, according to the plan.
    Director: Khan, Asif A
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: The Secretary of Defense should direct the military department Chief Management Officers, in consultation with the Under Secretary of Defense (Comptroller) and the Under Secretary of Defense for Acquisition, Technology, and Logistics, as appropriate, after defining the cost accounting requirements, to utilize the requirements as input to the ERPs to help ensure that the ERPs will provide the capability to identify and aggregate cost information for the department's assets in accordance with DOD's defined requirements.

    Agency: Department of Defense
    Status: Open

    Comments: DOD's military departments are in the process of implementing Enterprise Resource Planning (ERPs). At least one of these ERPs does not currently include cost accumulation and reporting for military equipment assets. DOD's FIAR plan efforts, which, according to officials, include systems enhancements are still on-going to address this recommendation. The status of this recommendation is open.
    Director: Goldenkoff, Robert N
    Phone: (202)512-2757

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To improve the Bureau's use of its master schedule to manage the 2020 decennial census, the Secretary of Commerce should require the Director of the U.S. Census Bureau to include estimates of the resources, such as labor, materials, and overhead costs, in the 2020 integrated schedule for each activity as the schedule is built, and prepare to carry out other steps as necessary to conduct systematic schedule risk analyses on the 2020 schedule.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: Commerce neither agreed nor disagreed with this recommendation. The Bureau continues to refine its 2020 Census master schedule, which it recently announced it completed in July 2016. Bureau officials have periodically described their intent to link resources to activities within their schedules, but as of July 2016 had confirmed that it had not yet done so. The Bureau has provided us with copies of its schedule, but not yet satisfactory evidence of having completed such an analysis. We are beginning an audit of the Bureau's scheduling practices this summer and will review actions the Bureau may have taken to address this recommendation. As of July 2017, we have received initial documents as we begin this review.