Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
001 | Yes | $0 | $0 | ||
We recommend the Director of the Office of Workers’ Compensation Programs develop policies and procedures for the monthly quality control review, provide training to the control operators, and monitor that the reviews are performed in accordance with such policies and procedures. | |||||
002 | Yes | $0 | $0 | ||
We recommend the Deputy Chief Financial Officer develop policies and procedures to ensure all non-GAAP policies are identified and reported to the Division of Financial Reporting timely. | |||||
003 | Yes | $0 | $0 | ||
We recommend the Director of the Division of Federal Employees’, Longshore and Harbor Workers’ Compensation design and implement monitoring procedures to periodically review control activities for effectiveness and develop action steps as appropriate based on such results. | |||||
004 | Yes | $0 | $0 | ||
We recommend the Assistant Secretary for ETA design and implement monitoring controls to ensure Federal Project Officer responses are obtained and reviewed for all delinquent cost reports. | |||||
005 | Yes | $0 | $0 | ||
We recommend the Assistant Secretary for ETA design and implement monitoring controls to enforce current policies and procedures for Federal Project Officers to timely review cost reports. | |||||
006 | Yes | $0 | $0 | ||
We recommend the Acting Chief Information Officer perform an analysis of the other operating system servers within the U.S. Department of Labor environment to determine if other servers were incorrectly configured. | |||||
007 | Yes | $0 | $0 | ||
We recommend the Acting Chief Information Officer implement the proper configurations for the impacted operating system servers. | |||||
008 | Yes | $0 | $0 | ||
We recommend the Acting Chief Information Officer configure the systems to adhere to the password requirements from the U.S. Department of Labor Cybersecurity Policy Portfolio. | |||||
009 | Yes | $0 | $0 | ||
We recommend the Acting Chief Information Officer implement monitoring controls to periodically assess security configurations in the systems to determine adherence to the U.S. Department of Labor Cybersecurity Policy Portfolio. | |||||
010 | Yes | $0 | $0 | ||
We recommend the Assistance Secretary for Administrations and Management and the Acting Chief Information Officer perform risk assessments in order to design and implement procedures for effective internal communication over access provisioning controls. | |||||
011 | Yes | $0 | $0 | ||
We recommend the Assistance Secretary for Administrations and Management and the Acting Chief Information Officer design and implement controls to ensure the completeness and accuracy of the users and user roles used in the semi-annual privileged access reviews and reauthorizations. | |||||
012 | Yes | $0 | $0 | ||
We recommend the Assistance Secretary for Administrations and Management and the Acting Chief Information Officer design and implement controls to monitor the deprovisioning of system users access to ensure such access is removed in accordance with DOL policies, and enforce adherence to DOL’s policies over the timely removal of inactive accounts. |