Skip to main content
Date Issued
Submitting OIG
Department of Transportation OIG
Other Participating OIGs
Department of Transportation OIG
Agencies Reviewed/Investigated
Department of Transportation
Components
Office of the Special Trustee for American Indians
Office of the Secretary of Transportation
Report Number
QC2023016
Report Description

What We Looked AtThis report presents the results of our quality control review (QCR) of KPMG LLP’s management letter for its audit, conducted under contract with us, of the Department of Transportation’s (DOT) consolidated financial statements for fiscal years 2022 and 2021. The management letter discusses six internal control matters that KPMG was not required to include in its audit report. What We FoundOur QCR of the management letter disclosed no instances in which KPMG did not comply, in all material respects, with U.S. generally accepted Government auditing standards. Our RecommendationsKPMG made 12 recommendations in its management letter. DOT concurred with all 12 recommendations.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
0
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 4 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 Yes $0 $0

KPMG recommends that DOT OCIO management revise the website containing the policy documentation to ensure all documents are consistent and contain the same listing of required controls for moderate-impact systems.

2 Yes $0 $0

KPMG recommends that DOT OCIO management should document any Department-wide tailoring decisions within the appropriate security documentation, as required by NIST.

3 Yes $0 $0

KPMG recommends that DOT OCIO management should define and document control tailoring requirements for the Department and its Operating Administrations.

5 Yes $0 $0

KPMG recommends that ESC management create monitoring procedures over the existing management review of the JV control logs monthly reconciliation to ensure the consistent operation of the control, as defined within policy.

Department of Transportation OIG

United States