Evaluation of Architect of the Capitol's Supply Chain Risk Management

Date Issued

Thursday, September 4, 2025

Submitting OIG

Architect of the Capitol OIG

Agencies Reviewed/Investigated

Architect of the Capitol

Report Number

2024-0003-IE-P

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
Recommendation 1a We recommend the Architect of the Capitol perform an independent risk assessment to identify and evaluate potential risks within the agency’s supply chain, including risks related to cybersecurity, geopolitical factors, vendor reliability, and compliance with regulatory requirements. This assessment will allow the agency to determine whether a formal Supply Chain Risk Management program is necessary based on the agency’s unique risk profile. Recommendation 1b If deemed necessary based on the outcomes of the assessment performed, develop and implement a Supply Chain Risk Management program tailored to the identified risks. This may include implementing or enhancing appropriate controls, vendor risk management processes, continuous monitoring, and integration of risk considerations into procurement and operation decision-making.
2	No	$0	$0
Recommendation 2 We recommend that the agency work with the offices and jurisdictions to define, document, and implement risk management processes for offices and jurisdictions to consistently identify, track, and manage risks applicable to them.
3	No	$0	$0
Recommendation 3 We recommend that the agency work with the offices and jurisdictions to develop and document risk tolerance thresholds for strategic objectives.