Management Advisory Comments Identified in an Audit of the Consolidated Financial Statements for the Year Ended September 30, 2024

View Report

Date Issued

Wednesday, December 18, 2024

Submitting OIG

Department of Labor OIG

Agencies Reviewed/Investigated

Department of Labor

Report Number

22-25-003-13-001

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

External Link

https://www.oig.dol.gov/audit-reports-results.htm?s=&y=2024&a=all

Open Recommendations

This report has 12 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
001	Yes	$0	$0
We recommend the Director of the Office of Workers’ Compensation Programs develop policies and procedures for the monthly quality control review, provide training to the control operators, and monitor that the reviews are performed in accordance with such policies and procedures.
002	Yes	$0	$0
We recommend the Deputy Chief Financial Officer develop policies and procedures to ensure all non-GAAP policies are identified and reported to the Division of Financial Reporting timely.
003	Yes	$0	$0
We recommend the Director of the Division of Federal Employees’, Longshore and Harbor Workers’ Compensation design and implement monitoring procedures to periodically review control activities for effectiveness and develop action steps as appropriate based on such results.
004	Yes	$0	$0
We recommend the Assistant Secretary for ETA design and implement monitoring controls to ensure Federal Project Officer responses are obtained and reviewed for all delinquent cost reports.
005	Yes	$0	$0
We recommend the Assistant Secretary for ETA design and implement monitoring controls to enforce current policies and procedures for Federal Project Officers to timely review cost reports.
006	Yes	$0	$0
We recommend the Acting Chief Information Officer perform an analysis of the other operating system servers within the U.S. Department of Labor environment to determine if other servers were incorrectly configured.
007	Yes	$0	$0
We recommend the Acting Chief Information Officer implement the proper configurations for the impacted operating system servers.
008	Yes	$0	$0
We recommend the Acting Chief Information Officer configure the systems to adhere to the password requirements from the U.S. Department of Labor Cybersecurity Policy Portfolio.
009	Yes	$0	$0
We recommend the Acting Chief Information Officer implement monitoring controls to periodically assess security configurations in the systems to determine adherence to the U.S. Department of Labor Cybersecurity Policy Portfolio.
010	Yes	$0	$0
We recommend the Assistance Secretary for Administrations and Management and the Acting Chief Information Officer perform risk assessments in order to design and implement procedures for effective internal communication over access provisioning controls.
011	Yes	$0	$0
We recommend the Assistance Secretary for Administrations and Management and the Acting Chief Information Officer design and implement controls to ensure the completeness and accuracy of the users and user roles used in the semi-annual privileged access reviews and reauthorizations.
012	Yes	$0	$0
We recommend the Assistance Secretary for Administrations and Management and the Acting Chief Information Officer design and implement controls to monitor the deprovisioning of system users access to ensure such access is removed in accordance with DOL policies, and enforce adherence to DOL’s policies over the timely removal of inactive accounts.