Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Federal Agency: "United States Securities and Exchange Commission"

    13 publications with a total of 26 open recommendations
    Director: Carol C. Harris
    Phone: (202) 512-4456

    4 open recommendations
    Recommendation: The Chairman of the Securities and Exchange Commission should ensure that the Commission's Chief Information Officer identifies the agency's future telecommunications needs, areas for optimization, and the costs and benefits of new technology; completes a strategic analysis of the commission's telecommunications requirements; and incorporates the identified requirements into transition planning. (Recommendation 12)

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Chairman of the Securities and Exchange Commission should ensure that the Commission's Chief Information Officer identifies roles and responsibilities related to the management of assets and human capital and legal expertise for the transition; includes key local and regional officials in SEC's transition communications plan; and completes efforts to use configuration and change management processes in the transition. (Recommendation 13)

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Chairman of the Securities and Exchange Commission should ensure that the Commission's Chief Information Officer identifies the resources needed for the full transition, justifies requests for transition resources, identifies staff resources needed for the full transition, and completes efforts to analyze training needs for staff assisting with the transition. (Recommendation 14)

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Chairman of the Securities and Exchange Commission should ensure that the Commission's Chief Information Officer completes efforts to demonstrate that the commission's transition goals and measures align with its mission, identifies transition risks related to critical systems and continuity of operations, and identifies mission-critical priorities in SEC's transition timeline. (Recommendation 15)

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    2 open recommendations
    Recommendation: To effectively manage its information security program, the Chairman of the SEC should maintain up-to-date network diagrams and asset inventories in the system security plans for General Support System and a key financial system to accurately and completely reflect the current operating environment.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To effectively manage its information security program, the Chairman of the SEC should perform continuous monitoring using automated configuration and vulnerability scanning on the operating systems, databases, and network devices.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Yvonne Jones
    Phone: (202) 512-6806

    2 open recommendations
    Recommendation: To support the consistent application of agency telework policy throughout the agency, the Secretaries of the Departments of Education and Labor and the Chair of the Securities and Exchange Commission should implement controls to verify that supervisors have completed telework training prior to entering into telework agreements with their employees and that completion of this training is documented.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In a letter dated May 19, 2017, the Chairman of the SEC stated that SEC agrees with the recommendation. The letter states that previously, SEC required all supervisors to complete telework training within 90 days of hire or promotion to a supervisory position. However, in March 2017, SEC reduced the timeframe and now requires new supervisors to complete telework training within two weeks. The SEC will continue to document completion of this training in its electronic system. When we confirm that SEC has completed these actions, we will provide updated information.
    Recommendation: To help ensure that telework agreements accurately reflect telework participation, and to further ensure the accuracy of telework data reported internally and externally, the Secretary of the Department of Labor, the Administrator of the General Services Administration, and the Chair of the Securities and Exchange Commission should require documentation of regular or periodic reviews of all telework agreements in agency telework policies.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In a letter dated May 19, 2017, the Chairman of the SEC stated that SEC agrees with the recommendation and that SEC is upgrading its telework program system to require annual review and recertification of all telework agreements. SEC expects this change to be completed in 2017. When we confirm that SEC has completed these actions, we will provide updated information.
    Director: Michael E. Clements
    Phone: (202) 512-8678

    2 open recommendations
    Recommendation: To help SEC address identified personnel management challenges, the Chair should enhance or expand the responsibilities and authority of the COO or other official or office so they can help ensure that improvements to communication and collaboration across SEC are made. For instance, if the duties of the COO were expanded, the COO could establish liaisons in each mission-critical office and division for SEC employees to contact or develop procedures to help facilitate communication and collaboration among the mission-critical office and divisions.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help SEC address identified personnel management challenges, the Chair should develop and implement training for hiring specialists that is informed by a skills gap analysis.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Susan Irving
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: To ensure that the reserve target SEC set for PCAOB safeguards against realistic risks and probable contingencies, including potential unforeseen funding delays, the SEC Chair, in exercising the commission's authority to oversee PCAOB, should analyze--and document the analysis of--program needs and probable contingencies, in consultation with PCAOB as appropriate.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: The Securities and Exchange Commission (SEC) reported in January 2017 that it will coordinate further with Public Company Accounting Oversight Board (PCAOB) staff as the PCAOB analyzes, with review by the SEC, their program costs and risks to ensure that the operating reserve reflects current needs and probable contingencies and that the analysis is documented.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    4 open recommendations
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to document artifacts that support recommendation closure consistent with SEC policy.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to document a comprehensive physical inventory of the systems and applications in the production environment.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to provide personnel appropriate access to continuous monitoring reports and tools to monitor, evaluate, and remedy identified weaknesses.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To more effectively manage its information security program, the Chair should direct the Chief Information Officer to institute a process and assign the necessary personnel to review information produced by the vulnerability scanning tools to monitor, evaluate, and remedy identified weaknesses.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In its response to our draft report, SEC concurred with the recommendation. However, SEC has not yet provided sufficient evidence that it has implemented the recommendation.
    Director: Mathew J. Scirè
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To enhance the effectiveness of their preparations for conducting a retrospective review of the QRM regulations, the agencies responsible for the QRM regulations--Federal Deposit Insurance Corporation, Federal Housing Finance Agency, Board of Governors of the Federal Reserve System, HUD, Office of the Comptroller of the Currency, and Securities and Exchange Commission--should develop a plan that identifies the metrics, baselines, and analytical methods to be used and specify the roles and responsibilities of each agency in the review process. Furthermore, to account for and help mitigate limitations of existing data and the uncertain availability of enhanced datasets, the six agencies should include in their plan alternate metrics, baselines, and analytical methods that could be used if data were to remain unavailable.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In January 2017, SEC staff stated that they had developed a preliminary review plan for the qualified residential mortgage (QRM) rule in December 2016. SEC staff noted that although the review plan describes several proposed analytical approaches, the precise analytical approach to review the mortgage market conditions and the definition of QRM will depend on future data availability, future mortgage market conditions, and the role of Fannie Mae, Freddie Mac, and other participants in those markets at that time. To prepare for this review, SEC staff noted that they intend to meet on a periodic basis with the staff of the other agencies to share the results of the analyses discussed above, understand the analyses being performed by the other agencies, and discuss what additional data or analyses may be helpful. As part of these discussions, SEC staff stated that the agencies will likely divide responsibilities for conducting the review according to agency expertise and resources, consistent with each agency's statutory authority and role.
    Director: A. Nicole Clowers
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To improve SEC's FINRA oversight program, the SEC Chair should direct the appropriate offices and divisions to incorporate additional risk-management practices by taking several actions, including: (1) establishing specific performance goals for the program and performance measures and related targets to assess Market Oversight's progress in meeting those goals; (2) formalizing documentation of procedures, including procedures for making changes to the annual planned oversight activities and decision-making rationales; and (3) modifying existing risk-assessment procedures to require an assessment of internal risks to successfully meeting the FINRA oversight program's goals and objectives.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: On August 26, 2016, SEC staff said that they had put together proposals to address the recommendation shortly after the report was issued and was awaiting management approval. However, in the meantime, SEC reorganized its examination staff and created a dedicated FINRA oversight group. The reorganization was expected to be complete by October 2016. SEC staff planned to incorporate, for management's approval, the elements in the proposals into the new policies and procedures for the FINRA oversight group. Subsequently, on February 13, 2017, SEC staff said that SEC now has new management in place that are learning about the risk management framework, and are assessing how best to incorporate GAO's recommendations into the framework.
    Director: Dalkin, James R
    Phone: (202) 512-3133

    1 open recommendations
    Recommendation: The U.S. Securities and Exchange Commission should direct the COO and CFO to implement controls, such as periodic reviews of asset dispositions, to help reasonably assure that SEC's procedures for the preparation and maintenance of documentation related to the disposition of assets are consistently implemented and that any deviations from established procedures are documented.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: SEC Officials are still working on corrective actions as of the end of fiscal year 2016. We will follow up on this recommendation during our fiscal year 2017 SEC financial statement audit.
    Director: Clowers, Angela N
    Phone: (202) 512-8678

    4 open recommendations
    Recommendation: To help SEC address identified personnel management challenges, and to enhance SEC's ability to strategically hire and retain the appropriate number of staff with the requisite skill sets for today and in the future, the Chairman of SEC should direct the Office of the Chief Operating Officer (COO) and Office of Human Resources (OHR) to prioritize efforts to expeditiously develop a comprehensive workforce plan, including a succession plan, and establish time frames for implementation and mechanisms to help ensure that the plans are regularly updated.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: While SEC plans to conduct a competency assessment for the remaining occupations not included in its July 2016 workforce plan, until the assessment and resulting workforce plan for fiscal year 2019+ is completed and we have reviewed it, this recommendation remains open. However, a comprehensive assessment of occupations should always be part of the workforce planning cycle to identify the resources needed to meet mission requirements. SEC should be doing a yearly review of needs to include attrition modeling, budget costs, and staffing (i.e., staff distribution across all locations, promotion needs, hiring requirements for all areas (mission and mission support)).
    Recommendation: To help SEC address identified personnel management challenges, and to enhance SEC's ability to strategically hire and retain the appropriate number of staff with the requisite skill sets for today and in the future, the Chairman of SEC should direct the Office of the COO and OHR to incorporate OPM guidance as it develops its workforce and succession plans, by developing a formal action plan to identify and close competency gaps, and fill supervisory positions; and institute a fair and transparent process for identifying high-potential leaders from within the agency.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: While SEC plans to conduct a succession needs survey that will be used as part of its holistic gap analysis and used to inform the next workforce plan for fiscal year 2019+, until the needs survey and resulting workforce plan is completed and we have reviewed it, this recommendation remains open. However, as part of succession planning, division managers should already know, or should have been provided, retirement eligibility information, attrition estimates, and knowledge of their staff skill sets. They need this information for succession planning purposes to determine if they need to hire, or use promotions as a way to fill potential staff losses.
    Recommendation: To help SEC address identified personnel management challenges, and to help enhance the credibility of its performance management system, the Chairman of SEC should direct the COO and OHR to conduct periodic validations (with staff input) of the performance management system and make changes, as appropriate, based on these validations.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: SEC has yet to conduct a validation of its performance management system for its entire staff. In fiscal year (FY) 2016, SEC introduced a new pilot performance management program and engaged OPM to assess the effectiveness of it, but this new program was only initiated with non-bargaining staff. This assessment included OPM facilitated focus groups and an OPM survey soliciting anonymous participant feedback. According to SEC, stakeholders were engaged in the development and implementation phases of the pilot program. Additionally, OPM hosted a training session at the midpoint of the FY 2016 pilot for supervisors to help them communicate performance expectations and feedback. In 2017, SEC expanded the pilot performance management program to bargaining unit staff. SEC has briefed the National Treasury Employees Union (NTEU) prior to each phase in the performance management process and incorporated feedback into the program. The Office of Human Resources (OHR) has provided program-specific training to both employees and supervisors for each phase of the performance cycle and has collaborated with NTEU on all messaging to employees. SEC is now working with OPM to determine the best approach to assess the effectiveness of the FY 2017 pilot. According to SEC, subsequent to OPM's assessment of the FY 2017 pilot, SEC will work with NTEU to determine how to proceed with the program. OHR has also agreed in advance to share the FY 2017 performance rating data with NTEU so they may use it in their own assessment of the 2017 pilot.
    Recommendation: To help SEC address identified personnel management challenges, and to build on SEC's efforts to enhance intra-agency communication and collaboration, the Chairman should direct the COO to explore communication and collaboration best practices and implement those that could benefit SEC.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: As of November 2017, SEC had not demonstrated the use of best practices to improve communication and collaboration within and across SEC divisions and offices. In June 2017, SEC commenced the new Operations Steering Committee, which consists of the Acting Chief Operating Officer (COO) as the Chair, and the Managing Executives of the mission critical divisions and Office of Compliance Inspections and Examinations (OCIE). This group meets on a monthly basis. During the September 2017 meeting, the Acting COO presented two proposed approaches, based on best practices, to address GAO's findings to improve communication and collaboration: 1. Emphasize communication and collaboration, and associated initiatives, within the new Strategic Plan. 2. Work with the Labor Management Forum - NTEU. Until we see how SEC operationalizes these proposed approaches, this recommendation remains open.
    Director: Clowers, Angela N
    Phone: (202) 512-8678

    2 open recommendations
    Recommendation: As SEC works to enhance its oversight of FINRA, the SEC Chairman should encourage FINRA to conduct retrospective reviews of its rules and establish a process for examining FINRA's reviews.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As SEC works to enhance its oversight of FINRA, the SEC Chairman should direct Office of Compliance Inspections and Examinations (OCIE) to follow all elements of a risk-management framework as it develops plans for an enhanced risk-based approach to FINRA oversight, such as developing plans for how it will prioritize risks related to oversight of FINRA and assessing the effectiveness of its risk-based model.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Clowers, Angela N
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To enhance interagency coordination on regulations issued pursuant to the Dodd-Frank Act, the FSOC should work with the federal financial regulatory agencies to establish formal coordination policies that clarify issues such as when coordination should occur, the process that will be used to solicit and address comments, and what role FSOC should play in facilitating coordination.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: In May 2015, FSOC created the Regulations and Resolutions Committee to identify potential gaps in regulation that could pose risks to the U.S. financial stability. The committee's duties include serving as a forum for information sharing and coordination among the FSOC staff, member agencies and other federal and state agencies, as appropriate, regarding domestic financial services policy development, and consulting, as appropriate, on the development of regulations to implement the Dodd-Frank Act's orderly liquidation authority. While the committee's duties should help promote greater collaboration, they do not constitute a formal rulemaking coordination policy addressing, for example, when coordination should occur, processes for soliciting and addressing comments, and FSOC role in facilitating coordination among and between the financial regulators. In its 2010 comment letter, FSOC noted that it provides a forum for interagency collaboration and consultation, in part through its committees, and has not indicated any plans to develop a formal rulemaking coordination policy as we recommended, in part because of its need to preserve the independence of the regulators. Therefore, the recommendation remains open.
    Director: Williams, Orice M
    Phone: (202)512-5837

    1 open recommendations
    Recommendation: To address the current information gap in Regulation SHO for prime brokerage arrangements and mitigate the impact of any unintended consequences caused by SEC rules, as well as ensure consistent implementation of SEC rules by the industry, the Chairman of the Securities and Exchange Commission should finalize, in an expedited manner upon finalization of the temporary rule, the revised 1994 Prime Broker Letter.

    Agency: United States Securities and Exchange Commission
    Status: Open

    Comments: As of 7/18/13, the revised Prime Broker letter has not been finalized.