Image

Open Recommendations

Management Report: Improvements Needed in FDIC's Internal Control over Contract-Payment Review Processes

GAO-21-420R
May 13, 2021
Show
2 Open Recommendations
Agency Affected Recommendation Status
Federal Deposit Insurance Corporation The Chief Financial Officer and the Chief Operating Officer should direct oversight managers and processing approvers to review and follow FDIC's existing policies and procedures for contract-payment review processes, to reasonably assure FDIC sufficiently documents and properly supports contract payments. (Recommendation 1)
Open
In commenting on our draft report, FDIC concurred with this recommendation and stated that the Chief Operating Officer and the Chief Financial Officer will communicate to all oversight managers and contract payment processing approvers the importance of following FDIC's existing policies and procedures for contract payment review processes, emphasizing that contract payment decisions should be sufficiently documented and properly supported before making payments.
Federal Deposit Insurance Corporation The Chief Risk Officer should establish a process to coordinate with the Division of Administration and the Division of Finance, as appropriate, to periodically train, monitor, and ensure that oversight managers and processing approvers sufficiently and accurately follow FDIC's existing policies and procedures for contract payments. (Recommendation 2)
Open
In commenting on our draft report, FDIC concurred with this recommendation and stated that the Chief Risk Officer convened an interdivisional working group of key stakeholders to strengthen the FDIC's contract oversight management. FDIC noted that the effort would improve the effectiveness, independence, and professionalism of the oversight manager program. Further, intended actions include enhancing oversight manager training with a focus on how to improve the review and approval of invoices for payment. Additionally, FDIC stated that it will begin conducting independent periodic reviews of contract payment transactions to monitor oversight manager and invoice processor compliance with existing policies and procedures and make recommendation, as appropriate, to address any issues identified.

Management Report: Internal Revenue Service Needs to Improve Financial Reporting and Information System Controls

GAO-21-401R
May 04, 2021
Show
1 Open Recommendations
Agency Affected Recommendation Status
Internal Revenue Service The Commissioner of the Internal Revenue Service should reasonably assure that reviews of external third parties' systems reference current documentation that supports IRS assessments of risk. (Recommendation 1)
Open
In commenting on our draft report, IRS concurred with this recommendation and stated that the Chief Financial Officer will update and implement the external third parties' systems review procedures to reasonably assure that the reviews reference current documentation that supports IRS's assessments of risk.

Financial Audit: Bureau of the Fiscal Service's FY 2020 Schedules of the General Fund

GAO-21-362
Apr 15, 2021
Show
3 Open Recommendations
Agency Affected Recommendation Status
Other The Commissioner of Fiscal Service should design and implement procedures to periodically review and maintain documentation to support account attributes for all active TASs to reasonably assure that activity recorded to each account is properly recognized in the Schedules of the General Fund. (Recommendation 1)
Open
In commenting on our draft report, Fiscal Service concurred with the results of our audit and agreed that new processes and procedures will enhance controls and will factor the correction actions into the audit remediation plan.
Other The Commissioner of Fiscal Service should design and implement procedures to reasonably assure that federal agencies reconcile their account balances per their internal records to CARS at the appropriate detailed level to provide for accurate reporting of line items on the Schedules of the General Fund. (Recommendation 2)
Open
In commenting on our draft report, Fiscal Service concurred with the results of our audit and agreed that new processes and procedures will enhance controls and will factor the correction actions into the audit remediation plan.
Other The Commissioner of Fiscal Service should establish controls to restrict access to each TAS to only those federal agencies to which the account belongs. (Recommendation 3)
Open
In commenting on our draft report, Fiscal Service concurred with the results of our audit and agreed that new processes and procedures will enhance controls and will factor the correction actions into the audit remediation plan.

DOD Financial Management: Continued Efforts Needed to Correct Material Weaknesses Identified in Financial Statement Audits

GAO-21-157
Oct 13, 2020
Show
4 Open Recommendations
Agency Affected Recommendation Status
Department of Defense ODCFO should update the NFR Database with a field to record the year deficiencies are first identified. (Recommendation 2)
Open
DOD concurred with this recommendation and stated that a single data field to record the year the deficiency was first identified will be added to the Notice of Findings and Recommendations (NFR) Database during 2020. In March 2021, DOD demonstrated that within the NFR Database, the "Year First Identified" data field had been populated for DOD's fiscal year 2020 NFRs only. DOD stated that the "Year First Identified" data field would be populated for all prior year NFRs later in 2021. We will continue to monitor DOD's progress in this area.
Department of Defense ODCFO should incorporate appropriate steps to improve its CAP review process, including ensuring that (1) data elements not included in CAPs are appropriately identified and communicated to components and resolved, (2) NFRs are appropriately linked to the correct CAPs to address them, and (3) components document their rationale for accepting the risk associated with certain deficiencies and appropriately identify such instances in the NFR Database. (Recommendation 3)
Open
DOD partially concurred with this recommendation and stated that it ensures that a Notice of Findings and Recommendations (NFR) is appropriately linked to the correct Corrective Action Plan (CAP) and that data elements missing from CAPs are identified and communicated to components through its CAP quality and monthly data control review processes. However, this process did not always identify data elements that were not included in the CAPs it reviewed and its CAP review checklist does not have questions specifically related to whether the CAPs were linked to the correct NFRs in the database. DOD also stated that the CAP quality review process ensures that components document their rationale for accepting risk, risk response, and risk identification for deferring remediation activity associated with low-impact deficiencies. However, we continue to believe that including appropriate steps in the CAP review process, such as reviewing the components' risk acceptance rationale for reasonableness and appropriateness, are needed and that our recommendation is valid. In March 2021, DOD informed us that a monthly control to improve the CAP review process had been developed and would be effective as part of the April 2021 monthly controls. We also reviewed risk acceptance guidance and noted that it had been revised. We will continue to monitor DOD's progress in this area.
Department of Defense ODCFO should update DOD guidance to instruct DOD and components to document root-cause analysis when needed to address deficiencies auditors identified. (Recommendation 4)
Open
DOD concurred with this recommendation and stated that it will update the appropriate DOD guidance to specifically instruct that a Corrective Action Plan include documented evidence that a root-cause analysis was conducted and an explanation as to how it was conducted. In March 2021, DOD informed us that they held training in January 2021 centered on the importance of conducting and documenting root cause analysis. We also noted that DOD had revised the CAP template presented in January 2021 so that included root cause analysis steps. However, DOD had not updated their Internal Controls over Financial Reporting Guide to explicitly state that DOD and its components document root cause analyses. We will continue to monitor DOD's progress in this area.
Department of Defense ODCFO should include appropriate steps in its monthly NFR Database review process to evaluate and follow-up on previously identified exceptions to ensure that they are resolved timely. (Recommendation 5)
Open
DOD did not concur with this recommendation and stated that this action is already being performed. However, DOD's process does not include steps to determine how long exceptions have existed, and as a result, DOD lacks important information regarding the timeliness of efforts to resolve them. As of May 2021, we continue to monitor DOD's progress in this area.
GAO Contacts