Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 9 | No | $0 | $0 | ||
| Grant Thornton recommends that OPM perform a comprehensive periodic review of the appropriateness of personnel with access to systems. | |||||
| 12 | No | $0 | $0 | ||
| Grant Thornton recommends that OPM document access rights to systems to include roles, role descriptions, and privileges or activities associated with each role or activity assignments that may cause a segregation of duties conflict. | |||||
| 13 | No | $0 | $0 | ||
| Grant Thornton recommends that OPM ensure policies and procedures governing the provisioning and de-provisioning of access to information systems are followed in a timely manner and documentation of completion of these processes is maintained. | |||||
| 15 | No | $0 | $0 | ||
| Grant Thornton recommends that OPM establish a means of documenting all users who have access to system. | |||||
| 17 | No | $0 | $0 | ||
| Grant Thornton recommends that OPM establish a methodology to systematically track all configuration items that are migrated to production and be able to produce a complete and accurate listing of all configuration items for both internal and external audit purposes, which will in turn support closer monitoring and management of the configuration management process. | |||||
