Recommendations Database

Jump To:

As of January 31, 2023, there are 4842 open recommendations that still need to be addressed. 473 of these are priority recommendations, those that we believe warrant priority attention. Learn more about our priority designation on our Recommendations page.

Search for open recommendations by agency, topic, subject, or keyword/phrase below, or view all open recommendations by agency.

Skip to main search results
Clear All Filters
1 - 20 of 60 Recommendations, including 13 Priority Recommendations
Want to download a list of recommendations that includes agency with subgroups?

Information Management: Agencies Need to Streamline Electronic Services

Show
1 Open Recommendations
Agency Recommendation Status
Office of Personnel Management The Director of the Office of Personnel Management should establish a reasonable time frame for when the agency will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the agency's privacy program website. (Recommendation 11)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Federal Employees Health Benefits Program: Additional Monitoring Mechanisms and Fraud Risk Assessment Needed to Better Ensure Member Eligibility

Show
4 Open Recommendations
Agency Recommendation Status
Office of Personnel Management The Director of OPM should implement a monitoring mechanism to ensure employing offices and carriers are verifying family member eligibility as required by OPM's 2021 guidance. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Personnel Management The Director of OPM should implement a monitoring mechanism to identify and remove ineligible family members from the FEHB program. (Recommendation 2)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Personnel Management The Director of OPM should assess the likelihood and impact of the fraud risk related to ineligible FEHB members. (Recommendation 3)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Personnel Management The Director of OPM should document its assessment of the fraud risk related to ineligible members in its fraud risk profile for the FEHB program. (Recommendation 4)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cybersecurity Workforce: Actions Needed to Improve Cybercorps Scholarship for Service Program

Show
2 Open Recommendations
Agency Recommendation Status
Office of Personnel Management The Director of the Office of Personnel Management, in coordination with the Director of the National Science Foundation, should establish a time frame for implementing a process to ensure that all CyberCorps® Scholarship for Service Program scholarship recipients provide their institutions of higher education and the Office of Personnel Management (in coordination with the National Science Foundation) with annual verifiable documentation of post-award employment and up-to-date contact information for a period of at least through the end of their work service obligation. (Recommendation 4)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Personnel Management The Director of the Office of Personnel Management, in coordination with the Director of the National Science Foundation, should ensure the collection of complete and consistent data that relate to the fulfillment of all post-award obligations or requirements pursuant to the CyberCorps® Scholarship for Service Program. (Recommendation 5)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Privacy: Dedicated Leadership Can Improve Programs and Address Challenges

Show
6 Open Recommendations
Agency Recommendation Status
Office of Personnel Management The Director of OPM should establish a time frame for updating the agency's policy for creating, reviewing, and publishing system of records notices, and make these updates. (Recommendation 52)
Open

The Office of Personnel Management partially concurred with this recommendation, noting that it has a process for system of records notices (SORN) while adding it plans to review and update any outdated SORN guidance. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.

Office of Personnel Management The Director of OPM should define and document procedures for coordination between privacy and information security functions. (Recommendation 53)
Open

The Office of Personnel Management partially concurred with this recommendation, noting that it has processes in place for such coordination, while stated that it will evaluate the need for increased documentation of coordination between its privacy and security functions. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.

Office of Personnel Management The Director of OPM should fully define and document a policy and process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 54)
Open

The Office of Personnel Management did not concur with this recommendation, noting that it has processes in place for the senior agency official for privacy's involvement in workforce planning. In particular, the agency described steps it has taken in this area, including developing a memo in 2020 outlining strategic workforce needs for the Office of Privacy and Information Management. However, OPM has not formalized the role of the SAOP in addressing hiring, training, and professional development needs with respect to privacy, helping to insure the privacy program's ability to advocate for

Office of Personnel Management The Director of OPM should incorporate privacy into an organizationwide risk management strategy that includes a determination of risk tolerance. (Recommendation 55)
Open

The Office of Personnel Management did not concur with this recommendation, stating that its senior agency official for privacy is a member of the OPM Risk Management Council, which identifies, evaluates, and works to mitigate enterprise-wide risk. However, the agency did not develop a documented risk management strategy in which the agency explicitly frames its approach to privacy risk. Accordingly, we continue to believe our recommendation is warranted. When the agency states that it has taken action, we plan to verify whether implementation has occurred.

Office of Personnel Management The Director of OPM should establish a time frame for fully defining the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages, and document these roles. (Recommendation 56)
Open

The Office of Personnel Management stated that it partially concurred with this recommendation, stating that its privacy team is involved in various activities related to this process and its privacy and security teams are currently examining roles and responsibilities with respect to the controls and their selection and evaluation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.

Office of Personnel Management The Director of OPM should fully develop and document a privacy continuous monitoring strategy. (Recommendation 57)
Open

The Office of Personnel Management partially concurred with this recommendation, stating that it will further evaluate its approach to privacy continuous monitoring and review the need for more comprehensive documentation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.

Information Technology: OPM Needs to Adopt Key Practices in Modernizing Legacy Financial System

Show
5 Open Recommendations
Agency Recommendation Status
Office of Personnel Management The Director of OPM should direct the CFO to ensure that the FFS-R project conducts a comprehensive M3 risk assessment and defines and meets exit criteria for the Migration phase Release 1 and Release 2 tollgates before proceeding to the next phase of the modernization. (Recommendation 1)
Open

OPM partially concurred with this recommendation. In September 2022, OPM noted it conducts activities identified in the M3 risk assessment as part of the ongoing and comprehensive project management activities,. In addition, OPM stated it will define and meet exit criteria before continuing to the next phase of the FFS Modernization. We will continue to monitor OPM's implementation of this recommendation.

Office of Personnel Management The Director of OPM should direct the CFO to ensure that the TFM program develops cost estimates using best practices described in GAO's Cost Estimating and Assessment Guide. (Recommendation 2)
Open

OPM partially concurred with this recommendation. In September 2022, OPM stated that it will use the leading practices in the GAO cost guide for the FFS-R project and its releases, while noting that the agency would only use the guide as appropriate for the TFM program. We will continue to monitor OPM's implementation of this recommendation.

Office of Personnel Management The Director of OPM should direct the CFO to ensure that the TFM program updates the TFM schedule using best practices described in GAO's Schedule Assessment Guide, in particular, by addressing those schedule characteristics that were not substantially or fully met. (Recommendation 3)
Open

OPM concurred with this recommendation. In September 2022, OPM officials stated that the Technology Modernization Fund program schedule has been updated to address our recommendation. However, no supporting documentation was provided. In addition, OPM noted it intends to continue improving its schedule estimates by implementing policies that align with leading practices. We will continue to monitor OPM's implementation of this recommendation.

Office of Personnel Management The Director of OPM should direct the CFO to ensure that interagency agreements, including service level agreements, identify how security requirements will be conducted and the level of services, including cybersecurity, that will be provided. (Recommendation 4)
Open

OPM concurred with this recommendation. In September 2022, OPM noted that the interagency agreements for its operational support will identify the necessary service levels including cybersecurity requirements. In addition, OPM noted subsequent agreements such as service level and operations and management, will include cybersecurity requirements and follow industry practices. We will continue to monitor OPM's implementation of this recommendation.

Office of Personnel Management The Director of OPM should direct the CFO to ensure that the OCIO and TFM Program Management Office have identified and acquired sufficient systems and cybersecurity experts to adequately staff the TFM program, including the FFS-R project. (Recommendation 5)
Open

OPM did not concur with this recommendation. In September 2022, OPM stated that its CFO, TFM program manager, and the OCIO were involved in ensuring cybersecurity expertise and system support were identified and provided. In addition, OPM noted that the cybersecurity experts identified by the OCIO are responsible for verifying connectivity and ensuring system access standards comply with current cybersecurity standards, among other things and regular meetings were held with the CIO, Deputy CIO, and OCIO point of contact to discuss program status and security-related activities. However, as

Personnel Mobility Program: Improved Guidance Could Help Federal Agencies Address Skills Gaps and Maximize Other Benefits

Show
1 Open Recommendations
Agency Recommendation Status
Office of Personnel Management The Director of OPM should establish a process and update its guidance to obtain complete and accurate data about the number of non-federal mobility program participants on detail to federal agencies. (Recommendation 2)
Open

OPM disagreed with this recommendation, in part because they said it would create a reporting burden for agencies. However, this data could be used to determine where there are opportunities for agencies to more fully leverage the mobility program to address critical skills and occupation gaps, which has been a government-wide high risk area since 2001. Therefore, we continue to believe that establishing a process and updating its guidance to collect these data are essential for informing the customer service and assistance OPM provides to federal agencies, and encourage OPM to explore

Federal Hiring: OPM Should Collect and Share COVID-19 Lessons Learned to Inform Hiring During Future Emergencies

Show
1 Open Recommendations
Agency Recommendation Status
Office of Personnel Management The Director of OPM, in conjunction with the Chief Human Capital Officers Council, should develop and implement a process for collecting and sharing comprehensive government-wide information on the lessons learned associated with agencies' use of different hiring authorities in response to the COVID-19 pandemic. (Recommendation 1)
Open

OPM concurred with the recommendation. As of May 2022, OPM stated that it is conducting a review of the hiring flexibilities authorized to aid agencies in their COVID-19 response and mission. According to OPM, part of this review will evaluate the extent to which agencies used flexibilities and to what extent any of these flexibilities were effective in assisting agencies during the pandemic. Additionally, OPM stated that upon completion of the review, OPM will analyze results to determine what, if any, lessons were learned, as well as best practices that may be leveraged for future

Note: the list of open recommendations for the last report may continue on the next page.

Have a Question about a Recommendation?

For questions about a specific recommendation, contact the person or office listed with the recommendation. For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.