What We Looked AtThis report presents the results of our quality control review (QCR) of the management letter that KPMG issued on its audit, under contract with us, of the Federal Aviation Administration’s (FAA) consolidated financial statements for fiscal years 2023 and 2022. This management letter discusses internal control matters that KPMG was not required to include in its audit report. What We FoundOur QCR disclosed no instances in which KPMG did not comply, in all material respects, with U.S. generally accepted Government auditing standards. RecommendationsKPMG made eight recommendations to FAA in its management letter. FAA concurred with all eight recommendations.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
1 | Yes | $0 | $0 | ||
KPMG recommends that FAA management require privileged users on the Windows virtual machine environment to authenticate using MFA. If it is not technically feasible, then we recommend that Windows security settings are updated to require a minimum password length for privileged accounts to 16 characters and maximum password age to be updated to 60 days. | |||||
2 | Yes | $0 | $0 | ||
KPMG recommends that FAA management design and implement documented control activities to monitor the effective operation of its existing process controls related to: | |||||
3 | Yes | $0 | $0 | ||
KPMG recommends that FAA management take measures to ensure that FAA has sufficient control operator personnel available to support the annual recertification of FAA employees with system access within the reporting timeline prescribed by DOT. | |||||
4 | Yes | $0 | $0 | ||
KPMG recommends that FAA design and implement a procedure to identify and timely record contracting actions within the general ledger that were executed outside of the standard business process (i.e., CO authorizations documented outside of the procurement system). | |||||
5 | Yes | $0 | $0 | ||
KPMG recommends that FAA update its procurement policy to define the period of time permitted to document a contractor's oral agreement. | |||||
6 | Yes | $0 | $0 | ||
KPMG recommends that FAA reinforce existing controls, to review individual lease payment schedules upon lease commencement or modification to ensure that the schedules are consistent with the underlying terms of the lease. | |||||
7 | Yes | $0 | $0 | ||
KPMG recommends that FAA design and implement procedures within its existing PP&E Accrual to obtain a complete listing of trailing costs related to completed assets and accrue for such assets that have remaining CIP balances as of the period-end. | |||||
8 | Yes | $0 | $0 | ||
KPMG recommends that management design and implement procedures to verify the completeness and accuracy of the non-LOI accrual average billing cycle data input used in the estimate calculation. |