Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Federal Agency: "United States Securities and Exchange Commission"

    13 publications with a total of 28 open recommendations
    Director: Carol C. Harris
    Phone: (202) 512-4456

    4 open recommendations
    Recommendation: The Chairman of the Securities and Exchange Commission should ensure that the Commission's Chief Information Officer identifies the agency's future telecommunications needs, areas for optimization, and the costs and benefits of new technology; completes a strategic analysis of the commission's telecommunications requirements; and incorporates the identified requirements into transition planning. (Recommendation 12)

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Chairman of the Securities and Exchange Commission should ensure that the Commission's Chief Information Officer identifies roles and responsibilities related to the management of assets and human capital and legal expertise for the transition; includes key local and regional officials in SEC's transition communications plan; and completes efforts to use configuration and change management processes in the transition. (Recommendation 13)

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Chairman of the Securities and Exchange Commission should ensure that the Commission's Chief Information Officer identifies the resources needed for the full transition, justifies requests for transition resources, identifies staff resources needed for the full transition, and completes efforts to analyze training needs for staff assisting with the transition. (Recommendation 14)

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Chairman of the Securities and Exchange Commission should ensure that the Commission's Chief Information Officer completes efforts to demonstrate that the commission's transition goals and measures align with its mission, identifies transition risks related to critical systems and continuity of operations, and identifies mission-critical priorities in SEC's transition timeline. (Recommendation 15)

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    2 open recommendations
    Recommendation: To effectively manage its information security program, the Chairman of the SEC should maintain up-to-date network diagrams and asset inventories in the system security plans for General Support System and a key financial system to accurately and completely reflect the current operating environment.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To effectively manage its information security program, the Chairman of the SEC should perform continuous monitoring using automated configuration and vulnerability scanning on the operating systems, databases, and network devices.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Yvonne Jones
    Phone: (202) 512-6806

    2 open recommendations
    Recommendation: To support the consistent application of agency telework policy throughout the agency, the Secretaries of the Departments of Education and Labor and the Chair of the Securities and Exchange Commission should implement controls to verify that supervisors have completed telework training prior to entering into telework agreements with their employees and that completion of this training is documented.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In a letter dated May 19, 2017, the Chairman of the SEC stated that SEC agrees with the recommendation. The letter states that previously, SEC required all supervisors to complete telework training within 90 days of hire or promotion to a supervisory position. However, in March 2017, SEC reduced the timeframe and now requires new supervisors to complete telework training within two weeks. The SEC will continue to document completion of this training in its electronic system. When we confirm that SEC has completed these actions, we will provide updated information.
    Recommendation: To help ensure that telework agreements accurately reflect telework participation, and to further ensure the accuracy of telework data reported internally and externally, the Secretary of the Department of Labor, the Administrator of the General Services Administration, and the Chair of the Securities and Exchange Commission should require documentation of regular or periodic reviews of all telework agreements in agency telework policies.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In a letter dated May 19, 2017, the Chairman of the SEC stated that SEC agrees with the recommendation and that SEC is upgrading its telework program system to require annual review and recertification of all telework agreements. SEC expects this change to be completed in 2017. When we confirm that SEC has completed these actions, we will provide updated information.
    Director: Michael E. Clements
    Phone: (202) 512-8678

    2 open recommendations
    Recommendation: To help SEC address identified personnel management challenges, the Chair should enhance or expand the responsibilities and authority of the COO or other official or office so they can help ensure that improvements to communication and collaboration across SEC are made. For instance, if the duties of the COO were expanded, the COO could establish liaisons in each mission-critical office and division for SEC employees to contact or develop procedures to help facilitate communication and collaboration among the mission-critical office and divisions.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help SEC address identified personnel management challenges, the Chair should develop and implement training for hiring specialists that is informed by a skills gap analysis.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Susan Irving
    Phone: (202) 512-6806

    2 open recommendations
    Recommendation: To ensure that the reserve target SEC set for PCAOB safeguards against realistic risks and probable contingencies, including potential unforeseen funding delays, the SEC Chair, in exercising the commission's authority to oversee PCAOB, should analyze--and document the analysis of--program needs and probable contingencies, in consultation with PCAOB as appropriate.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure that timely information is available to facilitate congressional oversight, promote transparency, and foster public accountability, the SEC Chair, in exercising the commission's authority to oversee PCAOB, should establish a deadline for PCAOB's required annual report, including its audited financial statements.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    4 open recommendations
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to document artifacts that support recommendation closure consistent with SEC policy.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to document a comprehensive physical inventory of the systems and applications in the production environment.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to provide personnel appropriate access to continuous monitoring reports and tools to monitor, evaluate, and remedy identified weaknesses.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to institute a process and assign the necessary personnel to review information produced by the vulnerability scanning tools to monitor, evaluate, and remedy identified weaknesses.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Director: Mathew J. Scirè
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To enhance the effectiveness of their preparations for conducting a retrospective review of the QRM regulations, the agencies responsible for the QRM regulations--Federal Deposit Insurance Corporation, Federal Housing Finance Agency, Board of Governors of the Federal Reserve System, HUD, Office of the Comptroller of the Currency, and Securities and Exchange Commission--should develop a plan that identifies the metrics, baselines, and analytical methods to be used and specify the roles and responsibilities of each agency in the review process. Furthermore, to account for and help mitigate limitations of existing data and the uncertain availability of enhanced datasets, the six agencies should include in their plan alternate metrics, baselines, and analytical methods that could be used if data were to remain unavailable.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In January 2017, SEC staff stated that they had developed a preliminary review plan for the QRM rule in December 2016. SEC staff noted that although the review plan describes several proposed analytical approaches, the precise analytical approach to review the mortgage market conditions and the definition of QRM will depend on future data availability, future mortgage market conditions, and the role of Fannie Mae, Freddie Mac, and other participants in those markets at that time. To prepare for this review, SEC staff noted that they intend to meet on a periodic basis with the staff of the other agencies to share the results of the analyses discussed above, understand the analyses being performed by the other agencies, and discuss what additional data or analyses may be helpful. As part of these discussions, SEC staff stated that the agencies will likely divide responsibilities for conducting the review according to agency expertise and resources, consistent with each agency's statutory authority and role.
    Director: A. Nicole Clowers
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To improve SEC's FINRA oversight program, the SEC Chair should direct the appropriate offices and divisions to incorporate additional risk-management practices by taking several actions, including: (1) establishing specific performance goals for the program and performance measures and related targets to assess Market Oversight's progress in meeting those goals; (2) formalizing documentation of procedures, including procedures for making changes to the annual planned oversight activities and decision-making rationales; and (3) modifying existing risk-assessment procedures to require an assessment of internal risks to successfully meeting the FINRA oversight program's goals and objectives.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: On August 26, 2016, SEC staff said that they had put together proposals to address the recommendation shortly after the report was issued and was awaiting management approval. However, in the meantime, SEC reorganized its examination staff and created a dedicated FINRA oversight group. The reorganization was expected to be complete by October 2016. SEC staff planned to incorporate, for management's approval, the elements in the proposals into the new policies and procedures for the FINRA oversight group. Subsequently, on February 13, 2017, SEC staff said that SEC now has new management in place that are learning about the risk management framework, and are assessing how best to incorporate GAO's recommendations into the framework.
    Director: Dalkin, James R
    Phone: (202) 512-3133

    1 open recommendations
    Recommendation: The U.S. Securities and Exchange Commission should direct the COO and CFO to implement controls, such as periodic reviews of asset dispositions, to help reasonably assure that SEC's procedures for the preparation and maintenance of documentation related to the disposition of assets are consistently implemented and that any deviations from established procedures are documented.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: SEC Officials are still working on corrective actions as of the end of fiscal year 2016. We will follow up on this recommendation during our fiscal year 2017 SEC financial statement audit.
    Director: Clowers, Angela N
    Phone: (202) 512-8678

    5 open recommendations
    Recommendation: To help SEC address identified personnel management challenges, and to enhance SEC's ability to strategically hire and retain the appropriate number of staff with the requisite skill sets for today and in the future, the Chairman of SEC should direct the Office of the Chief Operating Officer (COO) and Office of Human Resources (OHR) to prioritize efforts to expeditiously develop a comprehensive workforce plan, including a succession plan, and establish time frames for implementation and mechanisms to help ensure that the plans are regularly updated.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In July 2016, SEC created a workforce and succession plan consistent with Office of Personnel Management (OPM) guidance, but they do not include some key components of strategic workforce and succession planning identified by OPM and our previous work. For example, the plan lacks a comprehensive skills gap analysis, does not inform decision making about the structure of the workforce, and is not clearly linkd to its budget formulation.
    Recommendation: To help SEC address identified personnel management challenges, and to enhance SEC's ability to strategically hire and retain the appropriate number of staff with the requisite skill sets for today and in the future, the Chairman of SEC should direct the Office of the COO and OHR to incorporate OPM guidance as it develops its workforce and succession plans, by developing a formal action plan to identify and close competency gaps, and fill supervisory positions; and institute a fair and transparent process for identifying high-potential leaders from within the agency.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: SEC's workforce and succession plan finalized in July 2016 is consistent with some Office of Personnel Management (OPM) guidance, but lacks some key components of strategic workforce and succession planning. SEC's workforce plan is aligned with its strategic plans, references the goals outlined in those plans, and includes performance measures to monitor and evaluate SEC's progress towards its goals. SEC's workforce planing also involves relevant stakeholders, including division and office leadership, SEC University (SEC's lead office for training), and focus groups of SEC employees. However, SEC's workforce plan lacks a comprehensive skills gap analysis. For example, SEC's workforce plan did not include an assessment of the competency of 33 percent of its workforce, including mission-support staff, such as staff in the Office of Human Resources, and supervisors. Further, SEC's workforce plan does not inform decision making about the structure of the workforce and is not clearly linked to budget formulation. For example, the workforce plan does not identify the personnel costs of the current workforce, nor does it identify the number of employees SEC intends to hire and their associated costs. Finally, SEC's succession planning lacks information on workforce attrition and lacks a process for identifying future leaders.
    Recommendation: To help SEC address identified personnel management challenges, and to help enhance the credibility of its performance management system, the Chairman of SEC should direct the COO and OHR to conduct periodic validations (with staff input) of the performance management system and make changes, as appropriate, based on these validations.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In 2014, SEC decided to redesign its performance management system without formally assessing it. While SEC's policies state that the Office of Human Resources (OHR) is to perform an assessment of the system on an annual basis, OHR officials told us that SEC has not conducted a formal assessment of the performance management system because the agency is in the process of developing a new system. Since our 2013 report (GAO-13-621), SEC has not reviewed the effectiveness of its existing system and has had limited stakeholder involvement in the development of the new performance management system. In developing this new system, SEC did not assess the existing system to understand if the issues raised by employees were related to the system's design or its implementation.
    Recommendation: To help SEC address identified personnel management challenges, and to build on SEC's efforts to enhance intra-agency communication and collaboration, the Chairman should direct the COO to identify and implement incentives for all staff to support an environment of open communication and collaboration, such as setting formal expectations for its supervisors to foster such an environment, and recognizing and awarding exceptional teamwork efforts.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: While SEC has created some incentives to support communication and collaboration across divisions, as of December 2016, barriers to cross-divisional communication and collaboration still remain. For example, SEC has implemented some incentives and procedures for staff to communicate and collaborate, such as an annual agency-wide awards program that recognizes outstanding teams and a tracking system that facilitates collaboration on interdivisional memorandums. In addition, one division (the Division of Economic and Risk Analysis) created an electronic system that allows other divisions to request data it collects and another division (the Division of Enforcement) created formal liaisons that other divisions and offices can contact. However, incentives for staff to support an environment of open communication and collaboration are not present for all staff across SEC. SEC has added performance expectations for 53 percent of supervisors to encourage communication and collaboration, including promoting and maintaining an environment of cooperation and proactively sharing relevant information. But these expectations were not present for the remaining 47 percent of supervisors across divisions and occupations.
    Recommendation: To help SEC address identified personnel management challenges, and to build on SEC's efforts to enhance intra-agency communication and collaboration, the Chairman should direct the COO to explore communication and collaboration best practices and implement those that could benefit SEC.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: As of December 2016, SEC has not demonstrated the use of best practices to improve communication and collaboration within and across SEC divisions and offices. SEC officials told us that they reached out to officials at the Federal Deposit Insurance Corporation (FDIC) to discuss how FDIC had obtained high survey scores related to communication and collaboration. This outreach resulted in the creation of SEC's "All Invested" initiative, which SEC described as an initiative to encourage collaboration and communication to help the agency achieve its mission and make SEC the best place in government to work. However, many of the supervisors and staff we spoke with told us that the "All Invested" initiative was more of a marketing campaign than a substantive change. In addition, SEC has established a number of working groups to improve communication and collaboration, but these working groups are often focused on specific topics and do not provide a means for divisions and offices to collaborate on the full range of their day-to-day work activities.
    Director: Clowers, Angela N
    Phone: (202) 512-8678

    2 open recommendations
    Recommendation: As SEC works to enhance its oversight of FINRA, the SEC Chairman should encourage FINRA to conduct retrospective reviews of its rules and establish a process for examining FINRA's reviews.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As SEC works to enhance its oversight of FINRA, the SEC Chairman should direct Office of Compliance Inspections and Examinations (OCIE) to follow all elements of a risk-management framework as it develops plans for an enhanced risk-based approach to FINRA oversight, such as developing plans for how it will prioritize risks related to oversight of FINRA and assessing the effectiveness of its risk-based model.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Clowers, Angela N
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To enhance interagency coordination on regulations issued pursuant to the Dodd-Frank Act, the FSOC should work with the federal financial regulatory agencies to establish formal coordination policies that clarify issues such as when coordination should occur, the process that will be used to solicit and address comments, and what role FSOC should play in facilitating coordination.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In May 2015, FSOC created the Regulations and Resolutions Committee to identify potential gaps in regulation that could pose risks to the U.S. financial stability. The committee's duties include serving as a forum for information sharing and coordination among the FSOC staff, member agencies and other federal and state agencies, as appropriate, regarding domestic financial services policy development, and consulting, as appropriate, on the development of regulations to implement the Dodd-Frank Act's orderly liquidation authority. While the committee's duties should help promote greater collaboration, they do not constitute a formal rulemaking coordination policy addressing, for example, when coordination should occur, processes for soliciting and addressing comments, and FSOC role in facilitating coordination among and between the financial regulators. In its 2010 comment letter, FSOC noted that it provides a forum for interagency collaboration and consultation, in part through its committees, and has not indicated any plans to develop a formal rulemaking coordination policy as we recommended, in part because of its need to preserve the independence of the regulators. Therefore, the recommendation remains open.
    Director: Williams, Orice M
    Phone: (202)512-5837

    1 open recommendations
    Recommendation: To address the current information gap in Regulation SHO for prime brokerage arrangements and mitigate the impact of any unintended consequences caused by SEC rules, as well as ensure consistent implementation of SEC rules by the industry, the Chairman of the Securities and Exchange Commission should finalize, in an expedited manner upon finalization of the temporary rule, the revised 1994 Prime Broker Letter.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: As of 7/18/13, the revised Prime Broker letter has not been finalized.