Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Inspectors general"

    21 publications with a total of 94 open recommendations including 3 priority recommendations
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    7 open recommendations
    Recommendation: The DOD Inspector General should assess the feasibility of collecting additional workload data, such as the amount of direct and indirect labor hours associated with each case, and including such data in future personnel requirements assessments, as appropriate. (Recommendation 1)

    Agency: Department of Defense: Office of the Inspector General
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The DOD Inspector General should report regularly to Congress on the timeliness of civilian and contractor investigations, including those contractor and subcontractor cases exceeding the 180-day timeliness requirement. (Recommendation 2)

    Agency: Department of Defense: Office of the Inspector General
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The DOD Inspector General should implement a process to document employee recusals and impairments to independence and incorporate such information into an aggregate-level evaluation of threats to DODIG's independence. (Recommendation 3)

    Agency: Department of Defense: Office of the Inspector General
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The DOD Inspector General should establish and clearly communicate a declination policy for nondiscretionary cases in the AI Investigations Manual or other guidance, and align this policy with the intake policy. (Recommendation 4)

    Agency: Department of Defense: Office of the Inspector General
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The DOD Inspector General should revise the existing internal controls checklist to include all key case-file documentation and required investigative events. (Recommendation 5)

    Agency: Department of Defense: Office of the Inspector General
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The DOD Inspector General should work in coordination with the Secretary of Defense, the Under Secretary of Defense for Intelligence, and the inspectors general of the defense intelligence components to establish a process to fully implement the requirements of Directive-Type Memorandum 13-008 so that DODIG (1) receives notifications of all allegations received by the components, (2) reviews all component determinations to not investigate allegations, and (3) reviews all investigations conducted by the components. (Recommendation 6)

    Agency: Department of Defense: Office of the Inspector General
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The DOD Inspector General should develop quality performance measures and enhance existing timeliness performance measures to reflect key attributes of successful performance measures. At minimum, these measures should be clear, quantifiable, and objective, and they should include a baseline assessment of current performance. (Recommendation 7)

    Agency: Department of Defense: Office of the Inspector General
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    1 open recommendations
    Recommendation: The Director of the Office of Management and Budget, in consultation with the Secretary of Homeland Security, and the Chief Information Officers Council, should evaluate whether the full implementation of the capability maturity model developed by the Council of the Inspectors General on Integrity and Efficiency ensures that consistent and comparable results are achieved across all federal agencies. (Recommendation 1)

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Beryl H. Davis
    Phone: (202) 512-2623

    2 open recommendations
    Recommendation: To help ensure that government-wide compliance under IPERA is consistently determined and reported, the Director of OMB should coordinate with CIGIE to develop and issue guidance, either jointly or independently, to specify what procedures should be conducted as part of the IGs' IPERA compliance determinations.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: OMB had no comments on the report or the recommendation to coordinate with CIGIE to develop guidance. Although this recommendation was not directed to CIGIE, the CIGIE Chairperson stated that CIGIE would coordinate with OMB as needed and provide feedback on any draft OMB guidance.
    Recommendation: To help fulfill USDA's requirements under IPERA and OMB guidance--that agencies submit proposals to Congress when a program reaches 3 or more consecutive years of noncompliance with IPERA criteria--the Secretary of Agriculture should submit a letter to Congress detailing proposals for reauthorization or statutory changes in response to 3 consecutive years of noncompliance as of fiscal year 2015 for its Farm Security and Rural Investment Act Program. To the extent that reauthorization or statutory changes are not considered necessary to bring a program into compliance, the Secretary or designee should state so in the letter.

    Agency: Department of Agriculture
    Status: Open

    Comments: USDA's Acting Deputy Secretary concurred with this recommendation.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: To promote transparency in the development and management of data standards for reporting federal spending, the Director of the Office of Management and Budget should ensure that the Data Standards Committee makes information about the topics of the committee's proceedings and any resulting outcomes available to the public.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Paula M. Rascona
    Phone: (202) 512-9816

    2 open recommendations
    including 2 priority recommendations
    Recommendation: The Director of OMB and the Secretary of the Treasury should establish mechanisms to assess the results of independent audits and reviews of agencies' compliance with the DATA Act requirements, including those of agency OIGs, to help inform full implementation of the act's requirements across government.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: Treasury stated it will establish mechanisms to assess the results of independent audits and reviews of agencies' compliance with the DATA Act requirements, including those of agency OIGs. Treasury also stated these mechanisms will inform Treasury's efforts on whether and how to tailor its future outreach efforts to help agencies meet their DATA Act requirements. We will continue to assess Treasury's efforts to address this recommendation as IGs plan to issue their required reports in November 2017.
    Recommendation: The Director of OMB and the Secretary of the Treasury should establish mechanisms to assess the results of independent audits and reviews of agencies' compliance with the DATA Act requirements, including those of agency OIGs, to help inform full implementation of the act's requirements across government.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: OMB stated that it reviewed available IG readiness review reports in its assessment of agency implementation efforts, and it also relied on other, more up-to-date sources of information from agencies including data obtained from one-on-one meetings and agency self-assessments. We will continue to assess OMB's efforts to address this recommendation as IGs plan to issue their required reports in November 2017.
    Director: John Neumann
    Phone: (202) 512-3841

    8 open recommendations
    Recommendation: To help improve agencies' implementation of the fraud, waste, and abuse prevention requirements in the policy directives, the Administrator of SBA should confirm that each SBIR and STTR agency is implementing the minimum fraud, waste, and abuse prevention requirements in the policy directives, by, for example, requesting documentation from agencies.

    Agency: Small Business Administration
    Status: Open

    Comments: In its comments on the draft report, SBA concurred with this recommendation. In its June 2017 letter on plans for implementing the recommendation, SBA stated that it will request that each participating agency confirm their implementation of its minimum fraud, waste, and Abuse prevention requirements by forwarding an email to each agency requesting confirmation of their compliance. We will review SBA's actions to address this recommendation once those actions are complete.
    Recommendation: To help improve agencies' implementation of the fraud, waste, and abuse prevention requirements in the policy directives, the Administrator of SBA should request input from the participating agencies regarding the clarity of the requirements; review all of the SBIR and STTR minimum fraud, waste, and abuse prevention requirements, including the agency requirement to post information about successful SBIR or STTR fraud prosecutions; determine whether any additional guidance is needed; and revise the policy directives accordingly.

    Agency: Small Business Administration
    Status: Open

    Comments: In its comments on the draft report, SBA concurred with this recommendation. In its June 2017 letter on plans for implementing the recommendation, SBA stated that it plans to discuss the issue with program managers at an upcoming meeting and will also contact all agencies in writing to inquire if additional clarity is needed regarding any of the FWA requirements. SBA said that additional guidance will be provided, if necessary. We will review SBA's actions to address this recommendation once those actions are complete.
    Recommendation: To help improve agencies' implementation of the fraud, waste, and abuse prevention requirements in the policy directives, the Administrator of SBA should revise the fraud, waste, and abuse provisions in the policy directives to reflect the definition of essentially equivalent work used elsewhere in the policy directives and require participating agencies to check for essentially equivalent work that they fund as well as such work funded by other agencies.

    Agency: Small Business Administration
    Status: Open

    Comments: In its comments on the draft report, SBA concurred with this recommendation. In its June 2017 letter on plans for implementing the recommendation, SBA stated that it will revise the SBIR and STTR Policy Directives to reflect the definition of essentially equivalent work as noted in section 3 of the policy directives. SBA also stated that it will work with all parties to determine how to best address the issue of duplication, noting that this is an important issue and a high priority for all parties involved. We will review SBA's actions to address this recommendation once those actions are complete.
    Recommendation: To help improve agencies' implementation of the fraud, waste, and abuse prevention requirements in the policy directives, the Administrator of SBA should evaluate SBIR and STTR agencies' fraud, waste, and abuse outcomes to ensure the fraud, waste, and abuse prevention requirements are appropriate and meet their intended purpose for the SBIR and STTR programs.

    Agency: Small Business Administration
    Status: Open

    Comments: In its comments on the draft report, SBA concurred with this recommendation. In its June 2017 letter on plans for implementing the recommendation, SBA stated that it will survey the participating agencies regarding whether the requirements are necessary and meeting their intended purposes, are placing undue burdens on the agencies, or need to be revised, updated, or eliminated. We will review SBA's actions to address this recommendation once those actions are complete.
    Recommendation: To help improve the implementation of the fraud, waste, and abuse prevention requirements, the Secretary of Health and Human Services (HHS) should direct the HHS SBIR and STTR program offices to collect copies of the self-certification forms from its SBIR and STTR awardees.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In its comments on a draft of the report, HHS did not concur with our recommendation. In its June 2017 letter on plans for implementing the recommendation, HHS stated that the National Institutes of Health will collect life cycle certifications from SBIR and STTR program recipients through its electronic reporting system, which will allow other HHS components that use that system to also collect the forms. The National Institutes of Health plans to begin collecting the life cycle certification forms in fiscal year 2018. We will review the actions to address this recommendation once they are complete.
    Recommendation: To help ensure that DOD is implementing the fraud, waste, and abuse prevention requirements to the OIGs, the Inspectors General of the Army, Navy, and Air Force should implement the requirements themselves or delegate the implementation of the requirements to the investigative services.

    Agency: Department of Defense: Department of the Air Force: Office of the Inspector General
    Status: Open

    Comments: DOD concurred with the recommendation in its comments on the draft report and confirmed its concurrence in its May 2017 letter on the final report.
    Recommendation: To help ensure that DOD is implementing the fraud, waste, and abuse prevention requirements to the OIGs, the Inspectors General of the Army, Navy, and Air Force should implement the requirements themselves or delegate the implementation of the requirements to the investigative services.

    Agency: Department of Defense: Department of the Navy: Naval Inspector General
    Status: Open

    Comments: DOD concurred with the recommendation in its comments on the draft report and confirmed its concurrence in its May 2017 letter on the final report.
    Recommendation: To help ensure that DOD is implementing the fraud, waste, and abuse prevention requirements to the OIGs, the Inspectors General of the Army, Navy, and Air Force should implement the requirements themselves or delegate the implementation of the requirements to the investigative services.

    Agency: Department of Defense: Department of the Army: Office of the Inspector General
    Status: Open

    Comments: DOD concurred with the recommendation in its comments on the draft report and confirmed its concurrence in its May 2017 letter on the final report.
    Director: Beryl H. Davis
    Phone: (202) 512-2623

    2 open recommendations
    Recommendation: To provide increased oversight of AOC and to keep the Architect and the Congress fully and currently informed, the AOC OIG should revise and implement policies and procedures to provide audit reports that are based on planning that includes an assessment of risk and the assignment of priorities, consistent with requirements in CIGIE's Quality Standards for Federal Offices of Inspector General.

    Agency: Architect of the Capitol
    Status: Open

    Comments: The AOC OIG has met the intent of GAO recommendation related to "revising" policies and procedures. We have verified that AOC OIG's policies (dated February 2017) have been revised and now require an assessment of risk and the assignment of priorities, consistent with requirements in CIGIE's Quality Standards for Federal Offices of Inspector General. However, we do not believe AOC OIG has met the intent of GAO recommendation related to "implementing" policies and procedures. In June 2017, the AOC OIG informed us that it plans to complete a risk assessment in August 2017 and use the results from the risk assessment to aid in developing the AOC OIG fiscal year 2018 audit plan, which AOC OIG plans to complete by October 1, 2017. To fully implement the recommendation, we believe AOC OIG still needs to (1) complete the risk assessment and (2) show how it used the results of the risk assessment to improve the scope of what needs to be audited. We will continue to monitor AOC OIG's actions to address this recommendation.
    Recommendation: To reduce the risk that fraud, waste, and abuse and criminal activities are not detected or fully addressed, the AOC OIG should (1) work with CIGIE to obtain a peer review from another federal OIG of the AOC OIG's overall investigative operations, including consideration of the OIG's reliance on investigations performed by other entities, and (2) make any needed changes in its operating procedures based on the results of the review to help ensure that investigations of AOC are conducted in accordance with CIGIE standards for investigations and AOC Inspector General Act of 1978 (IG Act) requirements.

    Agency: Architect of the Capitol
    Status: Open

    Comments: On April 27, 2017, the OIG informed us that it has scheduled with CIGIE an external peer review of AOC investigative operations. The Federal Housing Finance Agency OIG is scheduled to perform this review in August 2017. This external review will also include assessing the AOC OIG's reliance on other OIGs and the U.S. Capitol Police to complete certain investigations. Further, AOC OIG indicated that after they receive the results of this peer review, they will make needed changes in operating procedures consistent with the GAO recommendation. We will continue to monitor AOC OIG's actions to address this recommendation.
    Director: Beryl Davis
    Phone: (202) 512-2623

    2 open recommendations
    Recommendation: To help fulfill the IPERA and OMB requirements to submit proposals to Congress when agencies reach 3 or more consecutive years of noncompliance with IPERA criteria, the Secretary of Agriculture or a designee should submit a letter to Congress detailing proposals for reauthorization or statutory changes in response to 3 consecutive years of noncompliance as of fiscal year 2014 for its (1) Child and Adult Care Food Program; (2) School Breakfast Program; (3) National School Lunch Program; and (4) Special Supplemental Nutrition Program for Women, Infants, and Children. To the extent that reauthorization or statutory changes are not considered necessary to bring a program into compliance, the Secretary or designee should state so in the letter.

    Agency: Department of Agriculture
    Status: Open

    Comments: We provided a draft of this report to OMB, the IG offices of the 24 CFO Act agencies, and the CFO offices of those agencies with programs that were determined to be noncompliant with IPERA criteria for 3 consecutive years as of fiscal year 2014. In their e-mailed response, officials from the CFO office at USDA neither concurred nor disagreed with our recommendations. We will continue to monitor the status of this recommendation.
    Recommendation: To help fulfill the IPERA and OMB requirements to submit proposals to Congress when agencies reach 3 or more consecutive years of noncompliance with IPERA criteria, the Secretary of Defense or a designee should submit a letter to Congress detailing proposals for reauthorization or statutory changes in response to 3 consecutive years of noncompliance as of fiscal year 2014 for its Department of Defense Travel Pay program. To the extent that reauthorization or statutory changes are not considered necessary to bring the program into compliance, the Secretary or designee should state so in the letter.

    Agency: Department of Defense
    Status: Open

    Comments: We provided a draft of this report to OMB, the IG offices of the 24 CFO Act agencies, and the CFO offices of those agencies with programs that were determined to be noncompliant with IPERA criteria for 3 consecutive years as of fiscal year 2014. In their written comments, the offices of the DOD CFO and DOD IG concurred with our recommendations. The DOD CFO office noted that it does not consider reauthorization or statutory change necessary for its Travel Pay program, but will submit a letter to Congress containing planned actions for improvement by August 30, 2016. As of June 2, 2017, no updated information has been provided by the Department of Defense. We will continue to monitor the status of this recommendation.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    13 open recommendations
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Agriculture should describe the Department of Agriculture's (USDA) major management challenges and include performance goals, performance measures, milestones and an agency official responsible for resolving each of its major management challenges as part of USDA's agency performance plan.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of August 2017, USDA had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Commerce should describe the Department of Commerce's major management challenges and include performance goals, performance measures, milestones and an agency official responsible for resolving each of its major management challenges as part of the Department of Commerce's agency performance plan.

    Agency: Department of Commerce
    Status: Open

    Comments: According to the Department of Commerce' action plan to address GAO's recommendations, it will begin including a description of the Department's major management challenges, as well as related performance goals, performance milestones and an agency official responsible for resolving each of its major management challenges, in the Department's annual performance plan reporting, starting with the report to be issued concurrent with final fiscal year 2018 Congressional Budget Justifications (CBJ). As of August 2017, Commerce has not taken action to implement our recommendation. Our review of the Department of Commerce's 2018 CBJ found that it did not include recommended information. When the 2019 CBJ is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Defense should include planned actions for each of the Department of Defense's (DOD) major management challenges and ensure that required information about its major management challenges, currently in DOD's Agency Strategic Plan for Fiscal Years 2015-2018, be included in its agency performance plan so that progress toward resolving each of its major management challenges is transparent and reported annually.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, the Department of Defense had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Energy should describe the Department of Energy's major management challenges and include performance goals, performance measures, milestones and an agency official responsible for resolving each of its major management challenges as part of the Department of Energy's agency performance plan.

    Agency: Department of Energy
    Status: Open

    Comments: As of August 2017, the Department of Energy had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Attorney General should describe the Department of Justice's major management challenges and include performance goals, performance measures, milestones, planned actions and an agency official responsible for resolving each of its major management challenges as part of the Department of Justice's agency performance plan.

    Agency: Department of Justice
    Status: Open

    Comments: According to the Department of Justice's action plan to address GAO's recommendations, it will report the Office of Inspector General Top Management Challenges in both the Annual Financial Report (AFR) and the Annual Performance Report(APR)/Annual Performance Plan(APP). For the APR/APP, the Department of Justice will also include the appropriate performance goals, performance measures, milestones, planned actions addressing the challenges and the name(s) of agency official(s) responsible for resolving each of its major management challenges. As of August 2017, however, the Department of Justice had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Labor should describe the Department of Labor's major management challenges and include performance goals, performance measures, milestones, planned actions, and an agency official responsible for resolving each of its major management challenges as part of the Department of Labor's agency performance plan.

    Agency: Department of Labor
    Status: Open

    Comments: According to the Department of Labor's action plan to address GAO's recommendations, it will comply with the updated Circular A-11 guidance to report on major management challenges in its next Annual Performance Report (APR), published with the FY 2018 Congressional Budget Justification. In its most recent APR, the Department of Labor took steps to implement this recommendation by including planned actions and an agency official responsible for each of the three issues it identified as a major management challenge. Further action is needed to establish performance goals, performance measures, and milestones. When the Fiscal Year 2017 APR is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Transportation should describe the Department of Transportation's major management challenges and include performance goals, performance measures, milestones, planned actions and an agency official responsible for resolving major management challenges as part of the Department of Transportation's agency performance plan.

    Agency: Department of Transportation
    Status: Open

    Comments: As of August 2017, the Department of Transportation had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of the Treasury should include performance goals, performance measures, milestones, and an agency official responsible for resolving major management challenges as part of the Department of the Treasury's agency performance plan.

    Agency: Department of the Treasury
    Status: Open

    Comments: As of August 2017, Treasury had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Administrator of the Environmental Protection Agency (EPA) should include performance goals, performance measures, milestones, planned actions and an agency official responsible for resolving each of its major management challenges as part of EPA's agency performance plan.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its Fiscal Year 2018 APP, EPA took steps to implement this recommendation by clearly identifying its major management challenges and including planned actions for resolving them. Further action is needed to establish performance goals, performance measures, milestones, and identify an agency official responsible for resolving the challenge. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Administrator of the General Services Administration (GSA) should describe GSA's major management challenges and include performance goals, performance measures, milestones and an agency official responsible for resolving each of its major management challenges as part of GSA's agency performance plan.

    Agency: General Services Administration
    Status: Open

    Comments: In its Fiscal Year 2018 APP, GSA took steps to implement this recommendation by clearly identifying three major management challenges and including planned actions, performance measures, milestones, and an agency official responsible for resolving them. Further action is needed to establish performance goals. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Health and Human Services (HHS) should include performance goals, milestones and an agency official responsible for resolving each of HHS's major management challenges as part of HHS's agency performance plan.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: According to its website, for fiscal year 2018, HHS is meeting its performance reporting requirements as designated in the GPRA Modernization Act of 2010 and OMB Circular A-11 through the program performance information provided in the FY 2018 HHS Budget Justifications to Congress. As of August 2017, however, HHS has not taken action to implement our recommendation. Our review of HHS' 2018 Congressional Budget Justification found that it did not include recommended information. When the 2019 CBJ is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of the Interior should describe the Department of Interior's major management challenges and include performance goals, performance measures, planned actions, milestones and an agency official responsible for resolving each of its major management challenges as part of the Department of the Interior's agency performance plan.

    Agency: Department of the Interior
    Status: Open

    Comments: As of August 2017, the Department of Interior had not taken any actions to implement our recommendation. It is unclear in the APP what Interior considers to be its major management challenges and, if there are such issues, which performance information aligns with resolving those issues. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Director of the National Science Foundation (NSF) should describe NSF's major management challenges and identify performance goals, performance measures, milestones, and an agency official responsible for resolving each of its major management challenges as part of NSF's agency performance plan.

    Agency: National Science Foundation
    Status: Open

    Comments: In its Fiscal Year 2018 APP, NSF took steps to implement this recommendation by clearly identifying its major management challenges and including planned actions for resolving them. Further action is needed to establish performance goals, performance measures, milestones, and identify an agency official responsible for resolving the challenge. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Director: Frank Rusco
    Phone: (202) 512-3841

    8 open recommendations
    Recommendation: To enhance its ability to effectively oversee offshore oil and gas development, the Secretary of the Interior should direct the Director of the Bureau of Safety and Environmental Enforcement to continue to implement its restructuring effort. To address risks to the effectiveness of its investigations, environmental compliance, and enforcement capabilities, BSEE should complete policies outlining the responsibilities of its the Safety and Incident Investigations Division (SIID), Environmental Compliance Division, and Safety Enforcement Division and update and develop procedures to guide them.

    Agency: Department of the Interior
    Status: Open

    Comments: According to BSEE documentation, SIID, the Environmental Compliance Division, and the Safety Enforcement Division continue work to complete foundational policies for their respective areas. The target date has been extended to June 30, 2018, due to the need to align policy development with BSEE's new Directives System outlined in Bureau Manual Chapter 380.1, signed on May 18, 2017.
    Recommendation: To enhance its ability to effectively oversee offshore oil and gas development, the Secretary of the Interior should direct the Director of the Bureau of Safety and Environmental Enforcement to continue to implement its restructuring effort. To enhance its investigative capabilities, BSEE should establish a capability to review investigation policy and collect and analyze incidents to identify trends in safety and environmental hazards.

    Agency: Department of the Interior
    Status: Open

    Comments: According to BSEE documentation, the Safety and Incident Investigations Division (SIID) is working closely with the Office of Policy and Analysis and the Records, Delegations, and Directives Team to implement the requirements specified in the BSEE Directives System Manual Chapter and to convert a number of Bureau Interim Directives into Bureau Manual Chapters. An internal control review was initiated in fiscal year 2017 to assess compliance with the tiering process outlined in the National Investigations Handbook. SIID staff are currently reviewing the Handbook to assess the need for updates and are working with District staff to review District level investigations to determine what needs to be included in the narrative portion of District Form 2010. We anticipate completion of these actions by December 31, 2017.
    Recommendation: To enhance its ability to effectively oversee offshore oil and gas development, the Secretary of the Interior should direct the Director of the Bureau of Safety and Environmental Enforcement to continue to implement its restructuring effort. To enhance its investigative capabilities, BSEE should clearly communicate the purpose of the Investigations and Review Unit, as it will be assumed by the SIID, to industry operators.

    Agency: Department of the Interior
    Status: Open

    Comments: According to BSEE documentation, SIID, the Office of Public Affairs, the Office of Policy and Analysis, and regional offices will consult with the new BSEE Director to solicit input and discuss potential mechanisms for communicating the purpose of SIID to industry operators. Actions to implement this recommendation are expected to be completed by December 31, 2017.
    Recommendation: To enhance its ability to effectively oversee offshore oil and gas development, the Secretary of the Interior should direct the Director of the Bureau of Safety and Environmental Enforcement to continue to implement its restructuring effort. To enhance its investigative capabilities, BSEE should clarify policies and procedures for assigning panel investigation membership and referring cases of suspected criminal wrongdoing to the Interior's Office of Inspector General.

    Agency: Department of the Interior
    Status: Open

    Comments: In March 2016, BSEE issued two Bureau Interim Directives (BID) regarding the assignment of panel investigation membership and referral to Interior's Office of the Inspector General. However, the BID regarding panel investigation membership is not clear regarding how disagreements between regional management and headquarters investigation management are to be adjudicated. According to BSEE documentation, BID No. 2016-003N (Designation of Panel Chair and Panel Members) is being revised to clarify how disagreements between regional management and headquarters investigation management will be adjudicated. BSEE did not provide a time frame for completion.
    Recommendation: To enhance its ability to effectively oversee offshore oil and gas development, the Secretary of the Interior should direct the Director of the Bureau of Safety and Environmental Enforcement to continue to implement its restructuring effort. To enhance its environmental compliance capabilities, BSEE should conduct and document a risk analysis of the regional-based reporting structure of the Environmental Compliance Division, including actions to mitigate any identified risk.

    Agency: Department of the Interior
    Status: Open

    Comments: According to BSEE documentation, a risk analysis of the regional-based reporting structure of the Environmental Compliance Division was initiated in fiscal year 2017 using the Department of Interior's Integrated Risk Rating Tool (IRRT). The results of the analysis are currently being reviewed to assess whether the IRRT's design and methodology actually addressed the intent of the recommendation. BSEE did not provide a time frame for completion.
    Recommendation: To enhance its ability to effectively oversee offshore oil and gas development, the Secretary of the Interior should direct the Director of the Bureau of Safety and Environmental Enforcement to continue to implement its restructuring effort. To enhance its environmental compliance capabilities, BSEE should coordinate with the Administrator of the Environmental Protection Agency to consider the relevance of existing interagency agreements for monitoring operator compliance with National Pollutant Discharge Elimination System permits on the Outer Continental Shelf and, if necessary, update them to reflect current oversight needs.

    Agency: Department of the Interior
    Status: Open

    Comments: According to BSEE documentation, BSEE, in coordination with EPA, has been reviewing the agreements. Given new leadership in both agencies, this effort has been delayed. BSEE did not provide a time frame for completion.
    Recommendation: To enhance its ability to effectively oversee offshore oil and gas development, the Secretary of the Interior should direct the Director of the Bureau of Safety and Environmental Enforcement to continue to implement its restructuring effort. To enhance its environmental compliance capabilities, BSEE should develop a plan to address documented environmental oversight staffing needs.

    Agency: Department of the Interior
    Status: Open

    Comments: According to BSEE documentation, the BSEE Director has ordered an assessment. In the meantime, inspectors are being trained to assist with environmental oversight responsibilities as appropriate. BSEE did not provide a time frame for completion.
    Recommendation: To enhance its ability to effectively oversee offshore oil and gas development, the Secretary of the Interior should direct the Director of the Bureau of Safety and Environmental Enforcement to continue to implement its restructuring effort. To enhance its enforcement capabilities, BSEE should develop a mechanism to ensure that it reviews the maximum daily civil penalty and adjust it to reflect increases in the Consumer Price Index within the time frame as directed by statute.

    Agency: Department of the Interior
    Status: Open

    Comments: In April 2016, BSEE issued a bureau manual chapter regarding the review and adjustment of civil penalty amounts but has not developed business practices to implement it. According to BSEE documentation, a Bureau Interim Directive, aligned with OMB guidance on Implementation of the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015, is currently being drafted to define business practices that include specific bureau roles, responsibilities, and timelines. This action is expected to be completed by December 31, 2017.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    12 open recommendations
    Recommendation: To enhance and to promote more consistent oversight of efforts within the department to address the incidence of hazing, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to regularly monitor the implementation of DOD's hazing policy by the military services.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance and to promote more consistent oversight of efforts within the department to address the incidence of hazing, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to require that the Secretaries of the military departments regularly monitor implementation of the hazing policies within each military service.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the ability of servicemembers to implement DOD and service hazing policies, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to establish a requirement for the Secretaries of the military departments to provide additional clarification to servicemembers to better inform them as to how to determine what is or is not hazing. This could take the form of revised training or additional communications to provide further guidance on hazing policies.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the military services' collection of data on reported hazing incidents and the methods used to track them, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in coordination with the Secretaries of the military departments, to issue DOD-level guidance on the prevention of hazing that specifies data collection and tracking requirements, including the scope of data to be collected and maintained by the military services on reported incidents of hazing.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the military services' collection of data on reported hazing incidents and the methods used to track them, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in coordination with the Secretaries of the military departments, to issue DOD-level guidance on the prevention of hazing that specifies data collection and tracking requirements, including a standard list of data elements that each service should collect on reported hazing incidents.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the military services' collection of data on reported hazing incidents and the methods used to track them, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in coordination with the Secretaries of the military departments, to issue DOD-level guidance on the prevention of hazing that specifies data collection and tracking requirements, including definitions of the data elements to be collected to help ensure that incidents are tracked consistently within and across the services.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater visibility over the extent of hazing in DOD to better inform DOD and military service actions to address hazing, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in collaboration with the Secretaries of the Military Departments, to evaluate prevalence of hazing in the military services.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance and to promote more consistent oversight of the Coast Guard's efforts to address the incidence of hazing, the Commandant of the Coast Guard should regularly monitor hazing policy implementation.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including the scope of the data to be collected and maintained on reported incidents of hazing.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including a standard list of data elements to be collected on reported hazing incidents.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including definitions of the data elements to be collected to help ensure that incidents are tracked consistently within the Coast Guard.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater visibility over the extent of hazing in the Coast Guard to better inform actions to address hazing, the Commandant of the Coast Guard should evaluate the prevalence of hazing in the Coast Guard.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Seto Bagdoyan
    Phone: (202) 512-6722

    1 open recommendations
    Recommendation: To help preserve a proven resource supporting the oversight community's analytic capabilities, Congress may wish to consider directing CIGIE to develop a legislative proposal to reconstitute the essential capabilities of the ROC to help ensure federal spending accountability. The proposal should identify a range of options at varying scales for the cost of analytic tools, personnel, and necessary funding, as well as any additional authority CIGIE may need to ensure such enduring, robust analytical and investigative capability for the oversight community.

    Agency: Congress
    Status: Open

    Comments: When we determine what steps Congress has taken, we will provide updated information.
    Director: Beryl H. Davis
    Phone: (202) 512-2623

    2 open recommendations
    Recommendation: To provide increased performance audit coverage of Commerce's bureaus and offices, the Commerce IG should augment the OIG's risk-based audit planning process to consider (1) a rotation of performance audit coverage among the smaller bureaus and offices to help ensure that the economy, efficiency, and effectiveness of their programs are periodically reviewed and (2) all applicable high-risk areas identified by GAO.

    Agency: Department of Commerce: Office of the Inspector General
    Status: Open

    Comments: The Department of Commerce's Office of Inspector General (OIG) has taken actions to augment its annual risk assessment to consider (I) a rotation of performance audit coverage among the smaller bureaus and offices and (2) all applicable high-risk areas identified by GAO. For example, OIG's fiscal year (FY) 2016 audit plan included performance audits of Bureau of Industry and Security, Economic Development Administration, and Economic Development Administration, which are three of Commerce's smaller bureaus. It also included a performance audit of federal real property, a high-risk area identified by GAO. Further, OIG indicated completion of its FY 2017 risk assessment in June, and will be completing its FY 2017 audit plan in September - which will include performance audits of several of the Commerce's smaller bureaus, as well as consider the following high-risk areas identified by GAO in its 2015 report that could be applicable to Commerce. We believe OIG met the intent of GAO recommendation with regards to augmenting its annual risk assessment to consider (1) a rotation of performance audit coverage among the smaller bureaus and offices and (2) all applicable high-risk areas identified by GAO. We base our conclusion given that OIG has either conducted or scheduled to conduct performance audits to cover smaller bureaus and high-risk areas identified by GAO, which we verified on the OIG's website. However, we believe the intent of GAO's recommendation is for these audits to be performed in subsequent years going forward and not just in FY 2017. OIG was not able to provide us support to show it has formal procedures or policies in place to ensure these performance audits will be performed in future years on a rotational and periodic basis. As a result, we don't believe DOC OIG has fully met the intent of the recommendation. We will continue to monitor the agency's actions to address this recommendation.
    Recommendation: To provide reasonable assurance that written hotline policies and procedures are consistently followed and complaints are handled effectively, the Commerce IG should enhance the existing internal control activities for the OIG's hotline operations through monitoring, including self-assessment evaluations conducted by the hotline unit of itself, periodic reviews of control design, and direct testing of internal controls.

    Agency: Department of Commerce: Office of the Inspector General
    Status: Open

    Comments: The Department of Commerce's Office of Inspector General (OIG) stated that it conducted a self-assessment of its hotline operations in fiscal year 2016, updated its complaint management policy, and is securing independent quality control reviews. We have reviewed OIG quality assessment memorandum dated 11/3/15 and verified it shows that OIG performed a self-assessment of its hotline operations, which included (1) evaluating proper handling of complaints; (2) assignment of disposition codes; and (3) time frames for processing complaints. In addition, we have reviewed OIG's updated complaint management policy and verified it contains detailed policies and procedures over its hotline operations. Therefore, we believe OIG met the intent of the recommendation with regards to conducting a self-assessment evaluation. However, we did not see where OIG met the intent of GAO recommendation with regards to having in place control activities for conducting periodic reviews of control design and direct testing of internal controls. We will continue to monitor the agency's actions to address this recommendation.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    1 open recommendations
    Recommendation: To improve the military whistleblower reprisal investigation process and oversight of such investigations, the Secretary of Defense should work in coordination with the Department of Defense Inspector General (DODIG) to direct the services to follow standardized investigation stages and issue guidance clarifying how the stages are defined.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2016, this recommendation remains open. Officials from DOD Inspector General, Whistleblower Reprisal Investigations Directorate provided GAO with an update to this recommendation August 11, 2016. Although DOD concurred with this recommendation in the draft and final report, they stated that DODIG is not empowered in its oversight capacity to direct the services to follow standardized stages. However, these same officials noted that they are currently working with the military services through an established working group to standardize investigation stages and develop guidance for its implementation across the services by the end of 2016. If completed, we believe that these actions will meet the intent of our recommendation by helping to DODIG to better ensure consistent program implementation and equal treatment of all servicemember complaints.
    Director: Andrew Sherrill
    Phone: (202) 512-7215

    1 open recommendations
    Recommendation: To enhance communication with contractors about Job Corps program changes, the Secretary of Labor should direct the Assistant Secretary for Employment and Training to review the sufficiency of ETA's guidance for internal notices--including Program Instruction Notices, Policy and Requirements Handbook Change Notices, and Information Notices--to ensure that contractors are provided with adequate notification of program changes before they are expected to be implemented, and an adequate level of information to assist them in carrying out their responsibilities.

    Agency: Department of Labor
    Status: Open

    Comments: DOL concurred with this recommendation, acknowledging the importance of ensuring that Job Corps contractors are provided adequate notification of program changes before their expected implementation. To address this, DOL stated that it would review the sufficiency of Job Corps guidance for internal notices, and execute and distribute any contractual actions, such as modifications, in a timely manner. In FY16, DOL reported that ETA implemented a procedure for developing policy guidance that includes establishing an effective date for program changes that takes into consideration an appropriate amount of time for implementation. The agency referred to Change Notice 15-09 (dated February 4, 2016) and Information Notice 15-34, which extends the implementation date of this change from May 1 to June 1, 2016. GAO requested the written procedure ETA used to develop its policy guidance, but ETA officials were unable to provide it. The officials stated that they would review its response to this recommendation after the beginning of FY17.
    Director: John Neumann
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: To improve internal control and promote transparency and to ensure consistency with OMB's guidance for internal control assessment, DNFSB should clearly document each step of its control assessment activities; maintain that documentation to provide evidence that assessment and control activities are being performed; and ensure that key responsibilities, such as reviewing control assessments, should be segregated among different people to help ensure that control activities are being accurately performed.

    Agency: Defense Nuclear Facilities Safety Board
    Status: Open

    Comments: According to DNFSB officials, DNFSB has updated its policies to maintain paper and electronic documentation of its internal control activities and ensure that key responsibilities, such as reviewing internal control assessments, are segregated among different staff. In addition, DNFSB has contracted for an independent evaluation of its internal control policies. We will continue to monitor actions to address this recommendation.
    Recommendation: To improve internal control and promote transparency and to promote public transparency and openness, DNFSB should clearly distinguish in Federal Register notices and during the proceedings between (1) public hearings held pursuant to DNFSB's statutory authority and (2) meetings as defined by the Sunshine Act, required to be open to the public.

    Agency: Defense Nuclear Facilities Safety Board
    Status: Open

    Comments: According to DNFSB officials, as of October 2016, the agency has taken no action in response to this recommendation. We will continue to monitor actions to address this recommendation.
    Director: Beryl H. Davis
    Phone: (202) 512-2623

    1 open recommendations
    Recommendation: In order to ensure that the Commission receives effective oversight of its major programs and operations, the Commission IG, or the individual or entity that ultimately assumes IG oversight responsibilities for the Commission under an alternate structure, should conduct inspections that are fully in accordance with CIGIE's Quality Standards for Inspection and Evaluation and the OIG's policies and procedures.

    Agency: Denali Commission
    Status: Open

    Comments: The Denali Commissions' office's directives include policies and procedures to address planning for, conduct of, and reporting on inspections and include a section on annual planning, risk assessments, and internal and external quality control processes and procedures. In March 2017, the Denali Commission's Inspector General (IG) provided us a template, which will be used to ensure that inspections are conducted in accordance with the Council of Inspectors General on Integrity and Efficiency's (CIGIE) Quality Standards for Inspection and Evaluation and the Office of Inspector General's (OIG) policies and procedures. We have reviewed this template and concluded that it meets the intent of our recommendation. However, this template was not available in time for use during the last inspection, which was performed in 2016 and issued in March 2017. We will obtain a copy of the next inspection report once issued to ensure this latest template was used before we consider closing our recommendation. We will continue to monitor the agency's actions to address this recommendation.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    16 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Energy should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test plan is developed.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. However, DOE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when DOE informs us that it has satisfactorily implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Energy should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. However, DOE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when DOE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Energy should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, test results are reviewed by agency officials.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. However, DOE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when DOE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, security and privacy requirements are communicated to contractors.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has satisfactorily implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, an independent assessor is selected to assess the system.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, test results are reviewed by agency officials.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, plans of action and milestones with estimated completion dates and resources assigned for resolution are maintained.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, security and privacy requirements are communicated to contractors.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has satisfactorily implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, test results are reviewed by agency officials.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, plans of action and milestones with estimated completion dates and resources assigned to resolution are maintained.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Administrator of the Environmental Protection Agency should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: EPA concurred with our recommendation. However, EPA has not yet provided evidence that it has implemented the recommendation. We plan to validate the department's actions when EPA informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Administrator of the Environmental Protection Agency should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, plans of action and milestones with estimated completion dates and resources assigned for resolution are maintained.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: EPA concurred with our recommendation. However, EPA has not yet provided evidence that it has implemented the recommendation. We plan to validate the department's actions when EPA informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Director of the Office of Personnel Management should develop, document, and implement oversight procedures for ensuring that a system test is fully executed for each contractor-operated system.

    Agency: Office of Personnel Management
    Status: Open
    Priority recommendation

    Comments: OPM concurred with our recommendation. However, as of April 2017, OPM had not implemented the recommendation to develop, document and implement oversight procedures to ensure that a system test is fully executed for each contractor-operated system. We will monitor OPM's efforts and validate OPM actions when evidence discloses that the recommendation has been implemented.
    Recommendation: To be able to effectively assist agencies with their contractor oversight programs, the Director of the Office of Management and Budget, in collaboration with the Secretary of Homeland Security, should develop and clarify reporting guidance to agencies for annually reporting the number of contractor-operated systems.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We requested comments on a draft of this report from the Office of Management and Budget, but none were provided. In June 2017, OMB stated that its and DHS's annual reporting requirements now contain an expanded list of criteria for contractor-operated systems, including definitions in related guidance from the National Institute of Standards and Technology. However, although the reporting requirements call for agencies to report on their total number of contractor-operated systems, neither the requirements or related guidance clarify which agency systems that have contractor relationships should be categorized as contractor-operated. The lack of clear instructions may continue to result in incomplete information regarding the number of contractor-operated systems within the government.
    Director: Moran, Revae E
    Phone: (202) 512-7215

    8 open recommendations
    Recommendation: To provide for independent audit and investigative oversight of NMB, Congress should consider authorizing an appropriate federal agency's Office of Inspector General to provide such oversight.

    Agency: Congress
    Status: Open

    Comments: The Subcommittee on Financial and Contracting Oversight of the Senate Committee on Homeland Security and Governmental Affairs held a hearing in April 2014 to (1) review the processes and mechanisms by which small agencies and other federal entities without statutory inspectors general receive oversight, and (2) examine potential legislative actions to improve the oversight of small agencies. In advance of the hearing, the committee circulated draft legislation that would, among other things, assign the Inspector General of the National Labor Relations Board the responsibility of providing oversight of the National Mediation Board. However, this legislation was not formally introduced. No related legislation has been enacted since that time.
    Recommendation: In order to improve NMB's planning and make the most effective use of its limited resources, the Chairman of the National Mediation Board should develop a formal strategic planning process to fully implement key required elements of strategic planning, including a formal process to obtain congressional and stakeholder input.

    Agency: National Mediation Board
    Status: Open

    Comments: In April 2016, NMB indicated that it had reviewed strategic planning material from GAO and OMB, and would produce a formal planning process to guide future strategic plan development. It anticipated that the formal planning guide would be in place by the end of fiscal year 2016. In February 2017, GAO began another review of NMB. The status of this recommendation will be updated at the conclusion of that review, estimated for 2018.
    Recommendation: In order to improve NMB's planning and make the most effective use of its limited resources, the Chairman of the National Mediation Board should develop, and include in its performance plan, performance goals and measures that contain required elements to demonstrate results.

    Agency: National Mediation Board
    Status: Open

    Comments: In April 2016, NMB indicated it had been in contact with other federal labor agencies (Federal Mediation and Conciliation Service and Federal Labor Relations Authority) to discuss measurable performance goals that may be adapted to NMB's mission areas. It also indicated that it would review OPM guidance when developing updated performance goals. It anticipated that new performance metrics would be included in the fiscal year 2017 strategic plan update. In February 2017, GAO began another review of NMB. The status of this recommendation will be updated at the conclusion of that review, estimated for 2018.
    Recommendation: In order to improve NMB's planning and make the most effective use of its limited resources, the Chairman of the National Mediation Board should develop and implement a formal mechanism to ensure the prompt resolution of findings and recommendations by independent auditors, including clearly assigning responsibility for this follow-up to agency management.

    Agency: National Mediation Board
    Status: Open

    Comments: In April 2016, NMB indicated it would develop standard procedures to address all program audits. It anticipated that the new updated and new procedures would be in place before the next round of program audits in fiscal year 2017. In February 2017, GAO began another review of NMB. The status of this recommendation will be updated at the conclusion of that review, estimated for 2018.
    Recommendation: In order to improve NMB's planning and make the most effective use of its limited resources, the Chairman of the National Mediation Board should develop and fully implement key components of an information security program in accordance with the Federal Information Security Management Act of 2002.

    Agency: National Mediation Board
    Status: Open

    Comments: In April 2016, NMB indicated that it was reviewing the security certificates of the agencies with which it contacts for services and working with them to determine how to review their security audits in an efficient manner. In February 2017, GAO began another review of NMB. The status of this recommendation will be updated at the conclusion of that review, estimated for 2018.
    Recommendation: In order to improve NMB's planning and make the most effective use of its limited resources, the Chairman of the National Mediation Board should establish a privacy program that includes conducting privacy impact assessments and issuing system of record notices for systems that contain personally identifiable information.

    Agency: National Mediation Board
    Status: Open

    Comments: In April 2016, NMB indicated it is conducting a review of its record management program to assess the status of agency records and documents held in its cloud-based records management program. It indicated that this review would be completed before the end of fiscal year 2016 and would be used to assess any impact on privacy and issue any appropriate notices. In February 2017, GAO began another review of NMB. The status of this recommendation will be updated at the conclusion of that review, estimated for 2018.
    Recommendation: In order to improve NMB's planning and make the most effective use of its limited resources, the Chairman of the National Mediation Board should develop a strategic workforce plan that (1) involves input from top management, employees, and other stakeholders; (2) identifies critical skills and competencies needed by NMB; (3) identifies strategies, such as training, to address any gaps; and (4) provides for cost-effective evaluations of these strategic workforce planning efforts. This plan should also address succession for the significant proportion of NMB staff and senior managers who are eligible to retire in the next few years.

    Agency: National Mediation Board
    Status: Open

    Comments: In April 2016, NMB indicated that it would develop a formal process to elicit stakeholder input as it updates the current strategic workforce plan. In February 2017, GAO began another review of NMB. The status of this recommendation will be updated at the conclusion of that review, estimated for 2018.
    Recommendation: In order to improve NMB's planning and make the most effective use of its limited resources and to better inform its decisions about managing the rail grievance arbitration process, including addressing the backlog of cases, NMB should collect and analyze data on the types of grievances filed, and their disposition. NMB should use these data to improve the efficiency of the arbitration process and consider, as part of this effort, whether to establish fees for arbitration services. If NMB determines that the establishment of fees would improve the efficiency of the arbitration process, it should impose such fees or seek legislative authority to do so, as necessary.

    Agency: National Mediation Board
    Status: Open

    Comments: In April 2016, NMB indicated that data on rail grievance arbitration cases are being collected and that it anticipated presenting analysis of those data in the agency's fiscal year 2016 annual report. In February 2017, GAO began another review of NMB. The status of this recommendation will be updated at the conclusion of that review, estimated for 2018.
    Director: Mihm, J Christopher
    Phone: (202) 512-6806

    2 open recommendations
    Recommendation: When such revisions are made, the Director of OMB should work with the Performance Improvement Council to test and implement these provisions.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: According to information provided by Office of Management and Budget (OMB) and Performance Improvement Council (PIC) staff in June 2015, although OMB revised its guidance as we recommended, it did not work with the PIC to test implementation of these provisions. Instead, they told us that both PIC and OMB staff ensure agencies are implementing these provisions of their guidance when reviewing agencies' agency priority goals (APG) quarterly update submissions. However, our analysis of agencies' APG updates in October 2016 found implementation of these provisions continues to be mixed. We will continue to monitor progress.
    Recommendation: In addition, as OMB works with agencies to enhance Performance.gov to include additional information about APGs, the Director of OMB should ensure that agencies adhere to OMB's guidance for website updates by providing a description of how input from congressional consultations was incorporated into each APG.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In June 2015, OMB staff stated that they would focus agency attention on congressional consultations and publishing relevant input from those consultations during the development of the 2016-2017 agency priority goals (APG). OMB and agencies published information about the 2016-2017 APGs on Performance.gov in October 2015. However, our analysis of relevant sections of Performance.gov in October 2016 generally found that either agencies did not include information about congressional input or they had not updated Performance.gov to reflect the most recent round of stakeholder engagement. We will continue to monitor progress.
    Director: Melito, Thomas
    Phone: (202)512-9601

    2 open recommendations
    Recommendation: To enhance U.S. efforts to promote international religious freedom, the Secretary of State and the Chair of USCIRF should jointly define how State and USCIRF should interact in their efforts to promote international religious freedom, paying particular attention to defining the ex-officio role of the Ambassador-at-Large for International Religious Freedom as a nonvoting USCIRF member.

    Agency: United States Commission on International Religious Freedom
    Status: Open

    Comments: In March 2015, officials from the Bureau of Democracy, Human Rights & Labor (DRL) said that the DRL Front Office and senior management have yet to approve a joint letter between State's Office of International Religious Freedom and the US Commission for International Religious Freedom (USCIRF) that addresses GAO's recommendation. According to the officials, the DRL front office wanted to revisit the letter given the recent appointment of a new Ambassador-at-Large. According to the Ambassador, he met with USCIRF and wanted to provide input to the joint letter, but as of March 2015, the letter had not been approved by State. We followed up again in both August 2015 and August 2016 and were told that no progress on the letter or a joint understanding had been made. In July 2017, the President announced his nominee to be the new Ambassador at Large for International Religious Freedom. As of August 15, 2017, the nomination is pending. State and USCIRF have not reached agreement on a letter responding to our recommendation.
    Recommendation: To enhance U.S. efforts to promote international religious freedom, the Secretary of State and the Chair of USCIRF should jointly define how State and USCIRF should interact in their efforts to promote international religious freedom, paying particular attention to defining the ex-officio role of the Ambassador-at-Large for International Religious Freedom as a nonvoting USCIRF member.

    Agency: Department of State
    Status: Open

    Comments: After the report was issued, in a letter dated May 28, 2013, the State Department said it has met with the U.S. Commission on International Religious Freedom (USCIRF) to discuss a plan for better systematizing the interactions between the entities, including by more clearly defining the ex-officio role of the Ambassador-at-Large. In October 2013 and again in March 2014, State said it continued to discuss this plan with USCIRF. In October 2014, State said it had drafted a joint letter with USCIRF in response to our recommendation, but that it was awaiting a Front Office signature. In March 2015, officials from the Bureau of Democracy, Human Rights & Labor (DRL) said that the DRL Front Office and senior management have yet to approve a joint letter between State's Office of International Religious Freedom and the US Commission for International Religious Freedom (USCIRF) that addresses GAO's recommendation. According to the officials, the DRL front office wanted to revisit the letter given the recent appointment of a new Ambassador-at-Large. According to the Ambassador, he met with USCIRF and wanted to provide input to the joint letter, but as of March 2015, the letter had not been approved by State. We followed up again in both August 2015 and August 2016 and were told that no progress on the letter or a joint understanding had been made. In July 2017, the President announced his nominee to be the new Ambassador at Large for International Religious Freedom. As of August 15, 2017, the nomination is pending. State and USCIRF have not reached agreement on a letter responding to our recommendation.