Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Social security numbers"

    5 publications with a total of 16 open recommendations
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    5 open recommendations
    Recommendation: To improve the consistency and effectiveness of governmentwide efforts to reduce the unnecessary use of SSNs and thereby mitigate the risk of identity theft, the Director of OMB should specify elements that agency plans for reducing the unnecessary collection, use, and display of SSNs should contain and require all agencies to develop and maintain complete plans.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the consistency and effectiveness of governmentwide efforts to reduce the unnecessary use of SSNs and thereby mitigate the risk of identity theft, the Director of OMB should require agencies to modify their inventories of systems containing personally identifiable information to indicate which systems contain SSNs and use the inventories to monitor their reduction of unnecessary collection and use of SSNs.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the consistency and effectiveness of governmentwide efforts to reduce the unnecessary use of SSNs and thereby mitigate the risk of identity theft, the Director of OMB should provide criteria to agencies on how to determine unnecessary use of SSNs to facilitate consistent application across the federal government.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the consistency and effectiveness of governmentwide efforts to reduce the unnecessary use of SSNs and thereby mitigate the risk of identity theft, the Director of OMB should take steps to ensure that agencies provide up-to-date status reports on their progress in eliminating unnecessary SSN collection, use, and display in their annual Federal Information Security Modernization Act of 2014 reports.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the consistency and effectiveness of governmentwide efforts to reduce the unnecessary use of SSNs and thereby mitigate the risk of identity theft, the Director of OMB should establish performance measures to monitor agency progress in consistently and effectively implementing planned reduction efforts.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Lawrance Evans
    Phone: (202) 512-8678

    5 open recommendations
    Recommendation: In the event that Congress again requires an agency to provide affected individuals with identity theft insurance in response to a breach of sensitive personal data, Congress should consider permitting the agency to determine the appropriate level of that insurance.

    Agency: Congress
    Status: Open

    Comments: When we determine what steps the Congress has taken, we will provide updated information.
    Recommendation: The Director of the Office of Management and Budget should, to the extent feasible, conduct an analysis of the effectiveness of the various identity theft services relative to alternatives, and revise OMB's guidance to federal agencies in light of this analysis.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the Office of Management and Budget should explore options to address the risk of duplication in federal agencies' provision of identity theft services in response to data breaches, and take action if viable options are identified.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the Office of Personnel Management should incorporate criteria and procedures for determining whether to offer identity theft services into the agency's data-breach-response policy.

    Agency: Office of Personnel Management
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the Office of Personnel Management should implement procedures that provide reasonable assurance that significant decisions on the use of identity theft services are appropriately documented.

    Agency: Office of Personnel Management
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jessica Lucas-Judy
    Phone: (202) 512-9110

    3 open recommendations
    Recommendation: The Commissioner of Internal Revenue should develop and maintain an online dashboard to display customer service standards and performance information such that it is easily accessible and improves the transparency of its taxpayer service.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In April 2017, IRS reported that it is evaluating the data that it can make available online. IRS also indicated that it will include the service standards that taxpayers should expect when interacting with IRS. IRS expects to make this information available online by February 2018.
    Recommendation: The Commissioner of Internal Revenue should review its document retrieval and scanning processes to identify potential training or guidance needs or other potential efficiencies.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In April 2017, IRS reported that it issued guidance to employees in February 2017 reminding them to follow IRS procedures that require thorough research of information contained in IRS systems before requesting a hard copy of documents from file storage or archives. However, IRS has not completed a review of its document retrieval and scanning processes to identify potential efficiencies. Without this review, IRS is missing potential opportunities to retrieve and scan the documents that employees require in a timely manner.
    Recommendation: The Commissioner of Internal Revenue should revise IRS's notices to IDT refund fraud victims to include information such as (1) whether any dependents were claimed on the fraudulent return, (2) to the extent possible, if those dependents match any of those the taxpayer claimed the same tax year, and (3) how to request a redacted copy of the fraudulent return.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: In April 2017, IRS reported that it will revise its notices to victims of identity theft to include information that will advise them to protect the personally identifiable information of their dependents. The notice will also direct them to revised information and guidance on irs.gov. IRS expects to complete the revisions by July 2018.
    Director: Seto J. Bagdoyan
    Phone: (202) 512-6722

    2 open recommendations
    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should assess the cost and feasibility of addressing limitations in FEMA's control for identifying duplicate information in applications in high-risk data fields--such as SSN, bank-account information, address, and phone number--that may currently allow individuals or households to improperly receive multiple payments, and if determined to be costbeneficial take steps to address the system design limitation.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In April 2017, FEMA reported that the agency had reviewed its software system's controls for identifying duplicate SSNs, bank account, address, and phone information. FEMA reported that it would be cost effective and feasible to improve its software system's controls for identifying duplicate address information, and the agency expects to deploy these system changes in the summer of 2017. FEMA also reported that, based on its review of the cases GAO referred to FEMA, errors in SSN and bank account information were related to human casework processing rather than software system limitations. Consequently, FEMA reported that it was reviewing and updating its casework training, guidance, and quality control documentation. We will continue to monitor FEMA's efforts to implement this recommendation.
    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should collaborate with SSA to assess the cost and feasibility of checking recipient SSNs against the Enumeration Verification System and the full death file to more accurately identify recipients who used Social Security numbers (SSNs) that were ineligible or belonged to likely deceased individuals, document the results of this assessment, and if determined to be cost-beneficial take steps to implement a partnership to use SSA data.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In April 2017, FEMA reported that the agency completed a cost estimate for system changes needed to include a direct data exchange with SSA. FEMA further reported that the agency was continuing to explore alternative means of conducting a direct data exchange that would help FEMA verify if an SSN belongs to a deceased person. We will continue to monitor FEMA's progress in implementing this recommendation.
    Director: King, Kathleen M
    Phone: (202)512-5154

    1 open recommendations
    Recommendation: In order for CMS to implement an option for removing SSNs from Medicare cards, the Administrator of CMS should develop an accurate, well-documented cost estimate for such an option using standard cost-estimating procedures.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: The Medicare Access and CHIP Reauthorization Act of 2015, signed into law on April 16, 2015, required the Secretary of Health and Human Services, in consultation with the Commissioner of Social Security, to develop and implement an identifier for the Medicare card that is not related to or derived from a beneficiary's Social Security Number. As part of the President's fiscal year 2017 budget proposal, the Centers for Medicare & Medicaid Services (CMS) stated that it had begun the process of removing Social Security Numbers from Medicare cards and will replace them with randomly generated Medicare Beneficiary Identifiers. According to the CMS statement, in the course of initial planning efforts, the agency realized that it will need to re-evaluate the assumptions used to develop the cost estimate for replacing the old Medicare identification numbers, which were derived from Social Security Numbers. As of May 2016, HHS officials reported that they have not implemented this recommendation. GAO considers it to be open. Until CMS develops an accurate, well-developed cost estimate for implementing the Medicare Beneficiary Identifier using standard cost-estimating procedures, we will leave this recommendation open.