Quality Control Review of the Independent Auditors' Report on the Department of Transportation's Audited Consolidated Financial Statements for Fiscal Years 2024 and 2023

Date Issued

Friday, November 15, 2024

Submitting OIG

Department of Transportation OIG

Agencies Reviewed/Investigated

Department of Transportation

Components

Office of the Secretary of Transportation

Report Number

QC2025010

Report Description

Our Objective(s)To perform a quality control review (QCR) of KPMG LLP's audit of the Department of Transportation's consolidated financial statements as of and for the fiscal years ended September 30, 2024, and September 30, 2023. We reviewed KPMG's report, dated November 12, 2024, and related documentation.
About This ReportWe contracted with the independent public accounting firm KPMG LLP to audit DOT's consolidated financial statements, provide an opinion on those financial statements, report on internal control over financial reporting, and report on compliance with laws and other matters.
What We FoundThe independent auditor, KPMG, found one significant deficiency in DOT's IT internal controls over financial reporting.

KPMG found general information technology control deficiencies within various systems at the Federal Highway Administration and the Federal Aviation Administration.

Our QCR disclosed no instances in which KPMG did not comply, in all material respects, with U.S. generally accepted Government auditing standards.
RecommendationsWe agree with KPMG's three recommendations to help strengthen DOT's General Information Technology Controls.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

External Link

https://www.oig.dot.gov/library-item/46520

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	Yes	$0	$0
KPMG recommends that DOT management implement processes to perform administrative functions without the use of shared accounts.
2	Yes	$0	$0
KPMG recommends that DOT management design and implement controls over privileged access to certain systems, including provisioning new or modified access and periodic recertification of accounts.
3	Yes	$0	$0
KPMG recommends that DOT management re-enforce requirements for controls to consistently approve and document new or modified user account, user termination, and recertification requests as required by internal policy and standards for effective internal control systems.