Skip to main content

Recommendations Database

Jump To:

As of May 1, 2024, there are 5087 open recommendations that still need to be addressed. 413 of these are priority recommendations, those that we believe warrant priority attention. Learn more about our priority designation on our Recommendations page.

Search for open recommendations by agency, topic, subject, or keyword/phrase below, or view all open recommendations by agency.

Clear All Filters
41 - 60 of 413 Recommendations

Disaster Recovery: Better Information Is Needed on the Progress of Block Grant Funds

GAO-23-105295
Dan Garcia-Diaz
Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Department of Housing and Urban Development
Priority Rec.
The Assistant Secretary for Community Planning and Development should, in the event of future CDBG-DR funding, require recipients to collect and analyze data on critical milestones needed to monitor the timeliness of their housing activities and inform corrective actions, consistent with leading project management practices. (Recommendation 2)
Open

On February 21, 2024, HUD said it was evaluating how best to require grantees to develop milestones to identify program delivery bottlenecks and modify recovery programs to ensure the needs of disaster survivors are met in a timely manner. The agency was also evaluating whether incorporating milestones would require new language in a Federal Register notice or revising its monitoring handbook.

Thrifty Food Plan: Better Planning and Accountability Could Help Ensure Quality of Future Reevaluations

GAO-23-105450
Kathy Larin
Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Department of Agriculture
Priority Rec.
The Secretary of Agriculture should establish specific quality assurance guidelines for TFP reevaluations that will ensure methodological decisions meet key quality standards for an analysis that will affect public policy and inform policy makers. These guidelines should summarize applicable USDA and other federal quality standards and should describe how such standards will be embedded in future TFPs. These guidelines should ensure that future TFP reports have:

  • clear rationales linked to the objective and scope of the analysis;
  • consideration of alternatives based in evidence, including important economic effects;
  • underlying analysis of economic effects associated with decisions; where important economic effects cannot be quantified, the analysis explains how they affect the comparison of alternatives;
  • transparent description of analytical choices, assumptions and data, including explanation of key limitations in the data and methods used; and
  • adequate documentation included in the analysis; the analysis should document that it complies with a robust quality assurance process.
    • (Recommendation 6)
Open

USDA did not explicitly agree or disagree with this recommendation. In February 2024, the Food and Nutrition Service (FNS) stated that the agency would follow the same quality assurance guidelines for the 2026 reevaluation as it did for the "Thrifty Food Plan Cost Estimates for Alaska and Hawaii" report. For example, the report included information on the objectives of the analyses, alternatives considered, and sensitivity analyses. In addition, FNS published an "Initial Study Plan: Thrifty Food Plan, 2026." This document outlines several quality assurance commitments for the 2026 reevaluation

Paid Tax Return Preparers: IRS Efforts to Oversee Refundable Credits Help Protect Taxpayers but Additional Actions and Authority Are Needed

GAO-23-105217
James (Jay) R. McTigue, Jr
Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Internal Revenue Service
Priority Rec.
The Commissioner of Internal Revenue should finalize the Service-wide Return Preparer Strategy and identify the resources needed to implement it. (Recommendation 6)
Open

IRS agreed with this recommendation. As of March 2024, IRS reported it had aligned the Service-wide Return Preparer Strategy's strategic goals with the objectives and initiatives of the Inflation Reduction Act Strategic Operating Plan and developed a crosswalk to demonstrate how those goals were aligned. However, IRS has not yet provided this documentation. To implement this recommendation, IRS needs to capitalize on the plans it has and identify any remaining steps necessary to operationalize a more coordinated approach to paid preparer compliance. A strategic, IRS-wide approach to paid

Social Security Administration: Remote Service Delivery Increased during COVID-19, but More Could Be Done to Assist Vulnerable Populations

GAO-23-104650
Elizabeth Curda
Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Social Security Administration
Priority Rec.
The Commissioner of SSA should develop a plan—with clear steps, goals, metrics, and timelines—for enabling claimants to apply for Supplemental Security Income (SSI) benefits online. (Recommendation 2)
Open

SSA agreed with this recommendation. In May 2023, SSA reported that its multi-year SSI Simplification Initiative, which includes the SSI Online project, aims to simplify and reduce delays in the SSI application process. Agency officials expect the Initiative to improve on-line service for claimants and employees, and produce a simple, secure on-line gateway to capture data; verify and determine eligibility; and notify claimants as their applications are being processed. As of April 2024, SSA continues to work on this recommendation. We will monitor the agency's progress on these efforts.

Disaster Recovery: Actions Needed to Improve the Federal Approach

GAO-23-104956
Christopher P. Currie
Show
3 Open Recommendations
3 Priority
Agency Recommendation Status
Federal Emergency Management Agency
Priority Rec.
The FEMA Administrator should, in consultation with the Recovery Support Function Leadership Group, identify and take steps to better manage fragmentation between its disaster recovery programs and other federal programs, including consideration of the options identified in this report. If FEMA determines that it needs authority for actions that it seeks to implement, it should request that authority from Congress. (Recommendation 1)
Open

DHS agreed with this recommendation. As of February 2024, FEMA officials stated that they were continuing to work with the White House and senior executives across the federal government through an Interagency Policy Committee and the Recovery Support Function Leadership Group (RSFLG) to consider options to improve disaster recovery, including those identified by GAO. For example, FEMA has worked with SBA, HUD, OMB and other interagency partners to explore the viability of a single disaster assistance application, aligned with one of the options identified by GAO. As of February 2024, FEMA
Department of Housing and Urban Development
Priority Rec.
The Secretary of Housing and Urban Development should, in consultation with the Recovery Support Function Leadership Group, identify and take steps to better manage fragmentation between its disaster recovery programs and other federal programs, including consideration of the options identified in this report. If HUD determines that it needs authority for actions that it seeks to implement, it should request that authority from Congress. (Recommendation 2)
Open

The Department of Housing and Urban Development agreed with this recommendation. In March 2024, HUD officials stated they were continuing to coordinate with Federal partners through its role in the National Disaster Recovery Framework. HUD officials told us that HUD, FEMA and other partners are coordinating to share data to inform program and funding decisions for disaster survivor assistance. HUD anticipates completion of the data-sharing efforts to conclude in 2024. HUD officials also told us that HUD and FEMA completed the first round of a Disaster Housing Pilot to help communities assess
Federal Emergency Management Agency
Priority Rec.
The FEMA Administrator should identify and take steps to better manage fragmentation across its disaster recovery programs, including consideration of the options identified in this report. If FEMA determines that it needs authority for actions that it seeks to implement, it should request that authority from Congress. (Recommendation 4)
Open – Partially Addressed

DHS agreed with this recommendation. In response, FEMA has taken steps to streamline applications for its Individual Assistance and Public Assistance programs to reduce the complexity and time it takes to apply. According to FEMA documentation, as of February 2024, FEMA had begun implementing some of these changes, such as streamlining the online disaster survivor registration intake process in fall 2023. FEMA officials explained that they were in the process of revising their Public Assistance intake forms to eliminate duplicate requests for information by pre-populating answers the applicant

Northern Triangle: DOD and State Need Improved Policies to Address Equipment Misuse

GAO-23-105856
Chelsa L. Kenney
Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Department of Defense
Priority Rec.
The Secretary of Defense, in consultation with the Secretary of State, should evaluate DOD's Golden Sentry program to identify whether the program provides reasonable assurance, to the extent practicable, that DOD-provided equipment is only used for its intended purpose and develop a plan to address any deficiencies identified in the evaluation. (Recommendation 4)
Open

DOD concurred with this recommendation. As of September 2023, DOD officials said that they are collaborating with the Department of State to evaluate the Golden Sentry program. If they identify deficiencies, they will work with State to develop a corrective action plan to address them.

Offshore Oil and Gas: Strategy Urgently Needed to Address Cybersecurity Risks to Infrastructure

GAO-23-105789
Frank Rusco, Marisol Cruz Cain
Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Bureau of Safety and Environmental Enforcement
Priority Rec.
The BSEE Director should immediately develop and implement a strategy to guide the development of its most recent cybersecurity initiative; such a strategy should include (1) a risk assessment; (2) objectives, activities, and performance measures; (3) roles, responsibilities, and coordination; and (4) identification of needed resources and investments. (Recommendation 1)
Open

In an October 2022 email response to our draft report, we were informed that Interior generally concurred with our findings and recommendation. In March 2023, Interior indicated that BSEE was developing a cybersecurity strategy that encompassed (1) a risk assessment, (2) objectives, activities, and performance measures, (3) roles, responsibilities, and coordination, and (4) identification of needed resources and investments. As of April 2024, BSEE completed a cybersecurity strategy and began initial actions to implement it, including by initiating hiring for a cybersecurity program manager and

Information Technology: Education Needs to Address Student Aid Modernization Weaknesses

GAO-23-105333
Marisol Cruz Cain
Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Office of Federal Student Aid
Priority Rec.
The Chief Operating Officer of FSA should update FSA's cost estimation guidance for its acquisition programs to incorporate the best practices called for in GAO Cost Estimating and Assessment Guide. (Recommendation 2)
Open

FSA generally agreed with this recommendation. In April 2023, the office reported that the FSA Chief Operating Officer directed the senior leadership team to establish a working group to identify potential improvements to its project management guidance and practices. The office also reported that this new group's initial work was focused on project management training, project tracking, and shared templates. Further, the office said this working group will continue to identify approaches that FSA may be able to implement to align with this recommendation, as the office's available resources

Small Business Research Programs: Reporting on Award Timeliness Could Be Enhanced

GAO-23-105591
Candice N. Wright
Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Small Business Administration
Priority Rec.
The Administrator of the Small Business Administration should develop, document, and execute a plan to (1) identify actions that could improve timely publication of its annual report to Congress, and (2) implement the actions identified. (Recommendation 1)
Open

SBA concurred with this recommendation. In August 2023, SBA described some steps taken to implement it including timely collection of agency award data, efforts to review all parts of the process, and convening an annual meeting with agency representatives to discuss opportunities to streamline the annual report. As of March 2024, according to SBA, it had assessed its annual report processes and was working to publish all SBIR/STTR annual reports, including the fiscal year 2023 report by September 30, 2024. We will reassess the status of this recommendation when SBA provides additional

Federal Real Property: GSA Should Leverage Lessons Learned from New Sale and Transfer Process

GAO-23-104815
Jill Naamane
Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
General Services Administration
Priority Rec.
The Administrator of the GSA, in consultation with relevant stakeholders, should develop a process to collect, share, and apply lessons learned from the implementation of FASTA to improve the final 2024 round and future disposal efforts, including reporting any lessons learned through this process, to Congress. (Recommendation 1)
Open – Partially Addressed

In February 2024, GSA officials provided additional information on ongoing collaboration with stakeholders and how FASTA lessons learned were being used to identify strategies for disposing of unneeded government properties, which could result in cost savings. To fully implement this recommendation, GSA needs to develop a documented process to work with relevant stakeholders to identify and implement solutions to address numerous setbacks encountered throughout the FASTA process. This action could leverage stakeholders' knowledge and experiences with FASTA to make and agree upon necessary

Nuclear Waste Cleanup: Actions Needed to Determine Whether DOE's New Contracting Approach is Achieving Desired Results

GAO-22-105417
Nathan Anderson
Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Department of Energy
Priority Rec.
The Assistant Secretary of DOE's Office of Environmental Management should develop and document specific performance goals for the ESCM and measures to track progress toward achieving them. EM should use this performance information to improve the ESCM and better ensure that it is achieving desired results. (Recommendation 3)
Open

As of February 2024, DOE is working to address this recommendation. For example, DOE's Office of Environmental Management (EM) has taken steps to require each task order associated with End State Contracting Model contracts to document key metrics for use in assessing performance. In addition, EM officials told us they are in the process of developing new guidance that will require the consistent use of specific metrics to assess the performance of individual contracts and associated task orders, as well as the End State Contracting Model initiative as a whole. Until EM implements measurable

Privacy: Dedicated Leadership Can Improve Programs and Address Challenges

GAO-22-105065
Jennifer Franks, Marisol Cruz Cain
Show
7 Open Recommendations
7 Priority
Agency Recommendation Status
Department of Commerce
Priority Rec.
The Secretary of Commerce should ensure that its organization-wide risk management strategy includes key elements, including a determination of privacy risk tolerance. (Recommendation 9)
Open

The Department of Commerce agreed with our recommendation and stated that it planned to develop a formal action plan. As of March 2024, Commerce officials stated that they planned to develop a privacy risk management strategy by the fourth quarter of fiscal year 2024 . Once the department states that it has taken action, we plan to verify whether implementation has occurred.
Department of Defense
Priority Rec.
The Secretary of Defense should establish a time frame for fully defining a process to ensure that the senior agency official for privacy or other designated senior privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy, and document this process. (Recommendation 10)
Open

The Department of Defense concurred with our recommendation and stated that it would take steps to address it by the end of April 2024. Once the department states that it has taken action, we plan to verify if implementation has occurred.
Department of Education
Priority Rec.
The Secretary of Education should establish a time frame for updating the department's policies for creating, reviewing, and publishing system of records notices, and make these updates. (Recommendation 13)
Open

The Department of Education concurred with our recommendation and described plans under way to address it. As of March 2024, Education reported that it has begun updating existing privacy policies, including those establishing and administering the privacy program, and plans to complete this effort by the end of July 2026. Once the department states that it has taken action, we plan to verify whether implementation has occurred.
Department of Energy
Priority Rec.
The Secretary of Energy should establish a time frame for fully defining the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages, and document these roles. (Recommendation 16)
Open

The Department of Energy concurred with our recommendation and described planned actions to implement it. In April 2024, DOE stated that it had taken action to address this recommendation, pending internal review. Once the department states that it has taken action, we plan to verify whether implementation has occurred.
Department of Health and Human Services
Priority Rec.
The Secretary of Health and Human Services should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 17)
Open

The Department of Health and Human Services concurred with our recommendation and described actions planned to address it. Specifically, the department stated that it planned to more fully define and document the responsibility and process of the senior agency official for privacy in the next iteration of its Policy for Information Security and Privacy Protection. As of February 2024, HHS stated that it was actively working to implement the recommendation but did not provide further details or an estimated completion date. Once the department states that it has taken action, we plan to verify
Department of Housing and Urban Development
Priority Rec.
The Secretary of Housing and Urban Development should incorporate privacy into an organization-wide risk management strategy that includes a determination of risk tolerance. (Recommendation 22)
Open

The Department of Housing and Urban Development did not concur with this recommendation, stating that privacy risks at the enterprise level are addressed through the department's Risk Management Council. However, while a dedicated risk management council can be an important tool for managing agency risks, it does not replace the need for a documented risk management strategy in which the agency explicitly frames its approach to privacy risk. We intend to follow up with HUD, and once the department states that it has taken action, we plan to verify whether implementation has occurred.
Department of Justice
Priority Rec.
The Attorney General should incorporate privacy into an organizationwide risk management strategy that includes a determination of risk tolerance. (Recommendation 25)
Open

The Department of Justice did not concur with this recommendation, stating that its existing strategy documents address how it manages privacy risk, including a determination of risk tolerance. As of March 2024, DOJ had provided documents outlining its approach to managing privacy risks. However, they did not include key details such as a discussion of the department's approach to determining privacy risk tolerance, including, for example, factors to be considered and acceptable amounts of risk. According to DOJ officials, while discussions regarding risk thresholds, or the acceptable level of
Note: the list of open recommendations for the last report may continue on the next page.

Have a Question about a Recommendation?

For questions about a specific recommendation, contact the person or office listed with the recommendation. For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.