Recommendations Database

GAO’s recommendations database contains report recommendations that still need to be addressed. GAO’s priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. Below you can search only priority recommendations, or search all recommendations.

Our recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Moreover, when implemented, some of our priority recommendations can save large amounts of money, help Congress make decisions on major issues, and substantially improve or transform major government programs or agencies, among other benefits.

As of December 1, 2021, there are 4659 open recommendations, of which 482 are priority recommendations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented.

Search Open Recommendations

1 - 4 of 4 Recommendations
Download CSV Download XLS

Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges

Show
2 Open Recommendations
2 Priority
Agency Recommendation Status
Department of Justice
Priority Rec.
This is a priority recommendation.
The Attorney General should develop a cybersecurity risk management strategy that includes the key elements identified in this report. (Recommendation 21)
Open

In its comments on our draft report, the Department of Justice did not state whether it concurred with this recommendation. As of March 2021, the department reported that it had an integrated strategy for identifying, prioritizing, assessing, responding to, monitoring, and reporting on cybersecurity risks, but had not yet provided sufficient evidence to demonstrate that its strategy addresses the key elements identified in our report. Once the department states that it has taken action, we plan to verify whether implementation has occurred.

Department of Justice
Priority Rec.
This is a priority recommendation.
The Attorney General should fully establish and document a process for coordination between cybersecurity risk management and enterprise risk management functions. (Recommendation 22)
Open

In its comments on our draft report, the Department of Justice did not state whether or not it concurred with this recommendation. As of March 2021, the department had stated that it is developing an ongoing mechanism to institutionalize coordination between its cybersecurity and ERM functions, but it had not provided sufficient documentation of this process. Once the department states that it has taken action, we plan to verify whether implementation has occurred.

Improper Payments: Selected Agencies Need Improvements in Their Assessments to Better Determine and Document Risk Susceptibility

Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Department of Justice
Priority Rec.
This is a priority recommendation.
The Attorney General should revise DOJ's process for conducting improper payment risk assessments for Law Enforcement to help ensure that it results in a reliable assessment of whether the program is susceptible to significant improper payments. This should include preparing sufficient documentation to support DOJ's risk assessments. (Recommendation 4)
Open

The Department of Justice (DOJ) did not concur with this recommendation. In February 2021, DOJ reiterated that it continues to not concur with the recommendation and has not reconsidered its previously stated position. Previously, DOJ stated that its risk assessment methodology provides DOJ management with a reasonable basis for determining whether the law enforcement program, as well as DOJ's other four mission-aligned programs, are susceptible to significant improper payments. In addition, DOJ reiterated that it continues to not concur with GAO's conclusion that DOJ's risk assessment

Whistleblower Protection: Additional Actions Needed to Improve DOJ's Handling of FBI Retaliation Complaints

Show
1 Open Recommendations
1 Priority
Agency Recommendation Status
Department of Justice
Priority Rec.
This is a priority recommendation.
To better ensure that FBI whistleblowers have access to recourse under DOJ's regulations should the individuals experience retaliation, and to minimize the possibility of discouraging future potential whistleblowers, the Attorney General should clarify in all current relevant DOJ guidance and communications, including FBI guidance and communications, to whom FBI employees may make protected disclosures and, further, explicitly state that employees will not have access to recourse if they experience retaliation for reporting alleged wrongdoing to someone not designated in DOJ's regulations.
Open

In response to our report, in December 2016, Congress passed and the President signed the FBI Whistleblower Protection Enhancement Act of 2016, Pub. L. No. 114-302, which, among other things, provides a means for FBI employees to obtain corrective action for retaliation for disclosures of wrongdoing made to supervisors and others in the employees' chain of command. Following this, the FBI worked closely with the Department of Justice's Office of Inspector General (DOJ-OIG) to develop a training that clearly identifies to whom FBI employees may make protected disclosures. In addition, the FBI

Have a Question about a Recommendation?

For questions about a specific recommendation, contact the person or office listed with the recommendation. For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.