Audit of the U.S. AbilityOne Commission’s Enterprise Risk Management (ERM) program

View Report

Date Issued

Friday, December 20, 2024

Submitting OIG

U.S. AbilityOne Commission OIG

Agencies Reviewed/Investigated

Committee for Purchase From People Who Are Blind or Severely Disabled (AbilityOne Program)

Report Number

OA-2024-01

Report Description

The audit objective was to determine whether the U.S. AbilityOne Commission’s (Commission) enterprise risk management (ERM) process is effective and used to make risk-based decisions.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 6 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
CFO-2025-01	No	$0	$0
Ensure the appropriate individuals are trained through a structured ERM program training to increase knowledge and understanding throughout the organization and share key takeaways and materials with employees at all levels to effectively contribute to the organization’s program success.
CFO-2025-02	No	$0	$0
Assess and update the Commission’s existing policies and procedures to ensure compliance with federal requirements and that the policies and procedures reflect the processes that it wants to adopt.
CFO-2025-03	No	$0	$0
Research and adopt an appropriate ERM maturity model.
CFO-2025-04	No	$0	$0
Develop and implement effective key controls that identify risks and assign the Commission’s risk tolerances by aligning each control objective with the appropriate control activity and completing an updated entity-level control and results assessment.
CFO-2025-05	No	$0	$0
Include a process in the ERM program to include documenting management’s determination of key process decisions for its other process considerations.
CFO-2025-06	No	$0	$0
Develop and implement a process for tracking the consolidation of risks.