The audit objective was to determine whether the U.S. AbilityOne Commission’s (Commission) enterprise risk management (ERM) process is effective and used to make risk-based decisions.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
CFO-2025-01 | No | $0 | $0 | ||
Ensure the appropriate individuals are trained through a structured ERM program training to increase knowledge and understanding throughout the organization and share key takeaways and materials with employees at all levels to effectively contribute to the organization’s program success. | |||||
CFO-2025-02 | No | $0 | $0 | ||
Assess and update the Commission’s existing policies and procedures to ensure compliance with federal requirements and that the policies and procedures reflect the processes that it wants to adopt. | |||||
CFO-2025-03 | No | $0 | $0 | ||
Research and adopt an appropriate ERM maturity model. | |||||
CFO-2025-04 | No | $0 | $0 | ||
Develop and implement effective key controls that identify risks and assign the Commission’s risk tolerances by aligning each control objective with the appropriate control activity and completing an updated entity-level control and results assessment. | |||||
CFO-2025-05 | No | $0 | $0 | ||
Include a process in the ERM program to include documenting management’s determination of key process decisions for its other process considerations. | |||||
CFO-2025-06 | No | $0 | $0 | ||
Develop and implement a process for tracking the consolidation of risks. |