Image

Open Recommendations

Management Report: Improvements Needed in FDIC's Internal Control over Contract-Payment Review Processes

GAO-21-420R
May 13, 2021
Show
2 Open Recommendations
Agency Affected Recommendation Status
Federal Deposit Insurance Corporation The Chief Financial Officer and the Chief Operating Officer should direct oversight managers and processing approvers to review and follow FDIC's existing policies and procedures for contract-payment review processes, to reasonably assure FDIC sufficiently documents and properly supports contract payments. (Recommendation 1)
Open
In commenting on our draft report, FDIC concurred with this recommendation and stated that the Chief Operating Officer and the Chief Financial Officer will communicate to all oversight managers and contract payment processing approvers the importance of following FDIC's existing policies and procedures for contract payment review processes, emphasizing that contract payment decisions should be sufficiently documented and properly supported before making payments.
Federal Deposit Insurance Corporation The Chief Risk Officer should establish a process to coordinate with the Division of Administration and the Division of Finance, as appropriate, to periodically train, monitor, and ensure that oversight managers and processing approvers sufficiently and accurately follow FDIC's existing policies and procedures for contract payments. (Recommendation 2)
Open
In commenting on our draft report, FDIC concurred with this recommendation and stated that the Chief Risk Officer convened an interdivisional working group of key stakeholders to strengthen the FDIC's contract oversight management. FDIC noted that the effort would improve the effectiveness, independence, and professionalism of the oversight manager program. Further, intended actions include enhancing oversight manager training with a focus on how to improve the review and approval of invoices for payment. Additionally, FDIC stated that it will begin conducting independent periodic reviews of contract payment transactions to monitor oversight manager and invoice processor compliance with existing policies and procedures and make recommendation, as appropriate, to address any issues identified.

Management Report: Internal Revenue Service Needs to Improve Financial Reporting and Information System Controls

GAO-21-401R
May 04, 2021
Show
1 Open Recommendations
Agency Affected Recommendation Status
Internal Revenue Service The Commissioner of the Internal Revenue Service should reasonably assure that reviews of external third parties' systems reference current documentation that supports IRS assessments of risk. (Recommendation 1)
Open
In commenting on our draft report, IRS concurred with this recommendation and stated that the Chief Financial Officer will update and implement the external third parties' systems review procedures to reasonably assure that the reviews reference current documentation that supports IRS's assessments of risk.

Financial Audit: Bureau of the Fiscal Service's FY 2020 Schedules of the General Fund

GAO-21-362
Apr 15, 2021
Show
3 Open Recommendations
Agency Affected Recommendation Status
Other The Commissioner of Fiscal Service should design and implement procedures to periodically review and maintain documentation to support account attributes for all active TASs to reasonably assure that activity recorded to each account is properly recognized in the Schedules of the General Fund. (Recommendation 1)
Open
In commenting on our draft report, Fiscal Service concurred with the results of our audit and agreed that new processes and procedures will enhance controls and will factor the correction actions into the audit remediation plan.
Other The Commissioner of Fiscal Service should design and implement procedures to reasonably assure that federal agencies reconcile their account balances per their internal records to CARS at the appropriate detailed level to provide for accurate reporting of line items on the Schedules of the General Fund. (Recommendation 2)
Open
In commenting on our draft report, Fiscal Service concurred with the results of our audit and agreed that new processes and procedures will enhance controls and will factor the correction actions into the audit remediation plan.
Other The Commissioner of Fiscal Service should establish controls to restrict access to each TAS to only those federal agencies to which the account belongs. (Recommendation 3)
Open
In commenting on our draft report, Fiscal Service concurred with the results of our audit and agreed that new processes and procedures will enhance controls and will factor the correction actions into the audit remediation plan.

DOD Financial Management: Continued Efforts Needed to Correct Material Weaknesses Identified in Financial Statement Audits

GAO-21-157
Oct 13, 2020
Show
4 Open Recommendations
2 Priority
Agency Affected Recommendation Status
Department of Defense ODCFO should update the NFR Database with a field to record the year deficiencies are first identified. (Recommendation 2)
Open
DOD concurred with this recommendation and stated that a single data field to record the year the deficiency was first identified will be added to the Notice of Findings and Recommendations (NFR) Database during 2020. In March 2021, DOD demonstrated that within the NFR Database, the "Year First Identified" data field had been populated for DOD's fiscal year 2020 NFRs only. DOD stated that the "Year First Identified" data field would be populated for all prior year NFRs later in 2021. We will continue to monitor DOD's progress in this area.
Department of Defense
Priority Rec.
This is a priority recommendation.
ODCFO should incorporate appropriate steps to improve its CAP review process, including ensuring that (1) data elements not included in CAPs are appropriately identified and communicated to components and resolved, (2) NFRs are appropriately linked to the correct CAPs to address them, and (3) components document their rationale for accepting the risk associated with certain deficiencies and appropriately identify such instances in the NFR Database. (Recommendation 3)
Open
DOD partially concurred with this recommendation and stated that it ensures that a Notice of Findings and Recommendations (NFR) is appropriately linked to the right Corrective Action Plan (CAP) and that data elements missing from CAPs are identified and communicated to components through its CAP quality and monthly data control review processes. However, based on our testing of CAPs associated with NFRs included in a generalizable sample, we found that NFRs were not always linked to the correct CAP in the NFR Database. For example, one NFR we reviewed was linked to three CAPs-one that was not related to the NFR, another that had been superseded, and another that actually addressed the NFR. We also found that the CAPs for more than half of these NFRs were missing at least one of the data elements defined in the Implementation Guide for OMB Circular A-123. Further, DOD stated that its quality review process ensures that components document their rationale for accepting risk, risk response, and risk identification for deferring remediation activity associated low-impact deficiencies. However, we found that DOD components did not prepare CAPs for 16 of the 98 NFRs in our sample because they accepted the risks associated with the deficiencies the auditors identified. However, the components did not document their rationale for accepting such risks and a clear risk-mitigation strategy for 3 of these 16 NFRs. To fully implement this recommendation, DOD's Chief Financial Officer needs to improve DOD's review process to ensure that CAPs include all data elements defined in the Implementation Guide for OMB Circular A-123; update its review checklist to include questions specifically related to whether CAPs were linked to the right audit findings in the NFR Database; and review the components' risk acceptance rationale for reasonableness and appropriateness. We will continue to monitor DOD's efforts to address this recommendation.
Department of Defense
Priority Rec.
This is a priority recommendation.
ODCFO should update DOD guidance to instruct DOD and components to document root-cause analysis when needed to address deficiencies auditors identified. (Recommendation 4)
Open
DOD concurred with this recommendation and stated that it will update the appropriate DOD guidance to specifically instruct that a Corrective Action Plan (CAP) include documented evidence that a root-cause analysis was conducted and an explanation as to how it was conducted. To fully implement the second recommendation, DOD needs to update the Department of Defense Internal Control Over Financial Reporting Guide, which was last issued in May 2018, to instruct DOD and its components to document root-cause analysis when needed. We will continue to monitor DOD's progress. We will continue to monitor DOD's progress in this area.
Department of Defense ODCFO should include appropriate steps in its monthly NFR Database review process to evaluate and follow-up on previously identified exceptions to ensure that they are resolved timely. (Recommendation 5)
Open
DOD did not concur with this recommendation and stated that this action is already being performed. However, DOD's process does not include steps to determine how long exceptions have existed, and as a result, DOD lacks important information regarding the timeliness of efforts to resolve them. As of May 2021, we continue to monitor DOD's progress in this area.
GAO Contacts