Audit of the U.S. Office of Personnel Management's Fiscal Year 2019 Consolidated Financial Statements

View Report

Date Issued

Monday, November 18, 2019

Submitting OIG

Office of Personnel Management OIG

Other Participating OIGs

Office of Personnel Management OIG

Agencies Reviewed/Investigated

Office of Personnel Management

Report Number

4A-CF-00-19-022

Report Type

Audit

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 5 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
6	No	$0	$0
Grant Thornton recommends that the Office of the Chief Information Officer (OCIO), in coordination with system owners, enforce and monitor the implementation of corrective actions to: Ensure policies and procedures governing the provisioning and de-provisioning of access to information systems are followed in a timely manner and documentation of completion of these processes is maintained.
7	No	$0	$0
Grant Thornton recommends that the Office of the Chief Information Officer (OCIO), in coordination with system owners, enforce and monitor the implementation of corrective actions to: Perform a comprehensive periodic review of the appropriateness of personnel with access to systems.
9	No	$0	$0
Grant Thornton recommends that the Office of the Chief Information Officer (OCIO), in coordination with system owners, enforce and monitor the implementation of corrective actions to: Document access rights to systems to include roles, role descriptions and privileges or activities associated with each role and role or activity assignments that may cause a segregation of duties conflict.
11	No	$0	$0
Grant Thornton recommends that the Office of the Chief Information Officer (OCIO), in coordination with system owners, enforce and monitor the implementation of corrective actions to: Establish a means of documenting all users who have access to systems, and all users who had their systems access revoked.
14	No	$0	$0
Grant Thornton recommends that the Office of the Chief Information Officer (OCIO), in coordination with system owners, enforce and monitor the implementation of corrective actions to: Establish a methodology to systematically track all configuration items that are migrated to production and be able to produce a complete and accurate listing of all configuration items for both internal and external audit purposes, which will in turn support closer monitoring and management of the configuration management process.