GAO’s recommendations database contains report recommendations that still need to be addressed.
GAO’s priority recommendations are those that we believe warrant priority attention.
We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues.
Below you can search only priority recommendations, or search all recommendations.
Our recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations.
Moreover, when implemented, some of our priority recommendations can save large amounts of money, help Congress make decisions on major issues, and substantially improve or transform major government programs or agencies, among other benefits.
As of June 17, 2020, there are 4969 open recommendations, of which 518 are priority recommendations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented.
Browse or Search Open Recommendations
Have a Question about a Recommendation?
For questions about a specific recommendation, contact the person or office listed with the recommendation.
For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or firstname.lastname@example.org.
Recommendation: The Commissioner of Internal Revenue should develop a governance structure or other form of centralized leadership, such as a steering committee, to coordinate all aspects of IRS's efforts to protect taxpayer information while at third-party providers. (Recommendation 1)
Agency: Department of the Treasury: Internal Revenue Service Status: Open Priority recommendation
Comments: In its initial response to our draft report, IRS disagreed with this recommendation. In November 2019, IRS said that it agreed with the intent of the recommendation, but did not agree to implement it, citing the need for additional explicit authority to establish security requirements for the information systems of paid preparers and others who electronically file. IRS reported that to effectively establish data safeguarding policies and implement strategies enforcing compliance with those policies, a centralized leadership structure requires the statutory authority that clearly communicates the authority of the IRS to do so. Without such authority, implementing the recommendation would be an inefficient, ineffective, and costly use of resources, according to IRS. We disagree that convening a governance structure or other centralized form of leadership would require additional statutory authority or be inefficient, ineffective, and costly. As discussed in the report, IRS has seven different offices across the agency working on information security-related activities that could benefit from centralized oversight and coordination, such as updating existing standards, monitoring Authorized e-file Provider program compliance, and tracking security incident reports.
Recommendation: The Administrator of the Centers for Medicare and Medicaid Services should develop processes and procedures to ensure that qualified entities and researchers have implemented information security controls effectively throughout their agreements with CMS. (Recommendation 3)
Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services Status: Open Priority recommendation
Comments: HHS previously stated that they will be engaging a contractor to review the current data security framework and make recommendations on specific controls and implementation requirements that would be appropriate for those entities. The agency did not provide a timeframe for when this review would be complete. As of May 2019, HHS had not provided any further information in response to our inquiries.
Recommendation: To improve care for women veterans, the Secretary of Veterans Affairs should direct the Under Secretary for Health to monitor women veterans' access to key sex-specific care services--mammography, maternity care, and gynecology--under current and future community care contracts. For those key services, monitoring should include an examination of appointment scheduling and completion times, driving times to appointments, and reasons appointments could not be scheduled with community providers.
Agency: Department of Veterans Affairs Status: Open Priority recommendation
Comments: As of June 2017, VHA still lacks data and performance measures for the availability under Choice of sex-specific care, such as mammograms, maternity care, or gynecology. In contrast, for another VA care in the community program, PC3 (a program that the Choice third party administrators also administer) VHA collects data and has performance measures to evaluate women veterans' access to mammography and maternity care. To fully implement this recommendation, VHA needs to extend the collection of data to include care delivered through the Choice Program and other community care programs and establish related performance measures. VA is in the process of letting contracts for its new community care program and is expected to have contracts in place for all regions of the country in fiscal year 2019