Inspector General Open Recommendations
09/28/2017 - Railroad Retirement Board Railroad Retirement Board Must Take Further Action to be Compliant with Federal Records Management Directives Audit - Open Recommendations
The Bureau of Information Services should develop and implement records management policies and procedures required for separating employees, including the detailed roles and responsibilities of the separating employee and other Railroad Retirement Board officials. Work with the Office of Administration in implementing the policies and procedures agencywide.
The Bureau of Information Services should develop and implement policies and procedures requiring records management training for new and existing employees and contractors, as well as employees with specialized records management roles and responsibilities. Ensure training for existing employees and contractors is administered annually.
09/28/2017 - Department of Housing and Urban Development The New Brunswick Housing Authority, NJ, Did Not Always Administer Its Operating and Capital Funds in Accordance With HUD Requirements Audit - Open Recommendations
09/28/2017 - Overseas Private Investment Corporation OPIC Implemented Controls in Support of FISMA for Fiscal Year 2017 but Improvements Are Needed Audit - Open Recommendations
09/27/2017 - Department of State Audit of the Department of State’s Information Technology Configuration Control Board Open Recommendations
OIG recommends that the Bureau of Information Resource Management develop and implement a formal process to periodically gather, assess, and report on its change request review process timeliness metrics and to make those results available to its stakeholders and customers in addition to appropriate bureau officials.
OIG recommends that the Bureau of Information Resource Management develop and implement policies and procedures to hold officials accountable for failure to meet established deadlines in the Information Technology Configuration Control Board change request process. Once completed, the policies, procedures, and supplemental guidance discussed in Recommendation 12 should be updated.
OIG recommends that the Bureau of Information Resource Management develop and implement required, periodic, training for Information Technology Configuration Control Board management and personnel, Bureau Sponsors, Technical Reviewers, Voters, and change request submitters involved in the Information Technology Configuration Control Board process.
OIG recommends that the Bureau of Information Resource Management develop and implement complete and consistent policies and procedures and supplemental guidance, such as a Submitter’s Guide, for the Information Technology Configuration Control Board process. The policies, procedures, and guidance should, at a minimum, include guidance on roles and responsibilities, detailed procedure steps for submitters, minimum testing requirements, instructions on how Technical Reviewers and Voters should conduct their review, the appropriate use of “stops,” and established timelines for the process.
OIG recommends that the Bureau of Information Resource Management define the roles, responsibilities, and technical skillsets for each technical review and voting area and develop and implement a vetting process to verify Technical Reviewers and Voters have the knowledge, skills, and abilities to perform their assigned duties related to the Information Technology Configuration Control Board process.
OIG recommends that the Bureau of Information Resource Management develop and implement guidance for change requests to require and include: (a) minimum testing standards for change requests, (b) instructions that testing be performed in advance of the change request being submitted and that the testing documentation be submitted as part of the change request process, and (c) a clearly defined technical review of the testing documentation that is submitted to verify the documentation complies with minimum standards.
09/27/2017 - Federal Housing Finance Agency FHFA Failed to Complete Non-MRA Supervisory Activities Related to Cybersecurity Risks at Fannie Mae Planned for the 2016 Examination Cycle Audit - Open Recommendations
FHFA should reinforce, through training and supervision of DER personnel, the requirements established by FHFA, and reinforced by DER guidance, for the risk assessment and supervisory planning process. Specifically: a. Ensure that the annual supervisory strategy identifies significant risks and supervisory concerns and explains how the planned supervisory activities to be conducted during the examination cycle address the most significant risks in the operational risk assessment. (Applies to AUD-2017-010 and AUD-2017-011) b. Ensure that supervisory activities planned during an examination cycle to address the most significant risks in the operational risk assessment are completed within the examination cycle. (Applies to AUD-2017-010)
FHFA should assess whether the Division of Enterprise Regulation (DER) has a sufficient complement of qualified examiners to conduct and complete those examinations rated by DER to be of high-priority within each supervisory cycle and address the resource constraints that have adversely affected DER’s ability to carry out its risk-based supervisory plans.
09/27/2017 - National Archives and Records Administration Audit of NARA's Freedom of Information Act Program Audit - Open Recommendations
09/26/2017 - Department of Transportation OSDBU Lacks Effective Processes for Establishing, Overseeing, and Managing Its Small Business Transportation Resource Centers Open Recommendations
09/26/2017 - Majestic Management, LLC, St. Louis, MO, a Management Agent for the East St. Louis Housing Authority, Mismanaged Its Public Housing Program Open Recommendations