What We Looked AtThis report presents the results of our quality control review (QCR) of an audit of the Department of Transportation's (DOT) information security program and practices. The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to develop, implement, and document agencywide information security programs and practices. The act also requires agencies to have annual independent reviews to determine the effectiveness of their programs, and report the results of these reviews to the Office of Management and Budget (OMB). To meet this requirement, we contracted with CliftonLarsonAllen LLP (CLA) to conduct this audit subject to our oversight. The audit objective was to determine the effectiveness of DOT's information security program and practices in five function areas--Identify, Protect, Detect, Respond, and Recover.What We FoundWe performed a QCR of CLA's report and related documentation. Our QCR disclosed no instances in which CLA did not comply, in all material respects, with generally accepted Government auditing standards.RecommendationsDOT concurs with 1 of CLA's 14 recommendations and partially concurs with the remaining 13 recommendations. ClA considers recommendations 1, 2, 4, 8, 9, 10, 11, and 12 resolved but open pending completion of planned actions. CLA considers recommendations 3, 5, 6, 7, 13, and 14 open and unresolved.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Department of Transportation | Quality Control Review of the Independent Auditor's Report on DOT's Information Security Program and Practices | Audit | Agency-Wide | View Report | |
| Government Accountability Office | Semiannual Report to Congress - April 1, 2019 through September 30, 2019 | Semiannual Report | Agency-Wide | View Report | |
| Millennium Challenge Corporation | Financial Audit of MCC Resources Manged by Millennium Challenge Account Liberia, Under the Compact Agreement Audit Report for the Period Audited, April 1, 2017 to September 30, 2017 | Other |
|
View Report | |
| U.S. Agency for International Development | Fund Accountability Statement Closeout Audit of Local Cost Incurred by Peres Center for Peace and Innovation, under Youth Agribusiness Partnerships Project in West Bank & Gaza Sub-Award NEF 01-20140214-SO1, Prime Near East Foundation Cooperative Agreement | Other |
|
View Report | |
| U.S. Agency for International Development | Closeout Examination of Juzoor for Health and Social Development's Compliance With Terms and Conditions of Subaward Under Chemonics International Prime Award 294-C-13-00006, in West Bank and Gaza, September 1, 2016 to February 28, 2017 | Other |
|
View Report | |
| U.S. Agency for International Development | Closeout Audit of the Cost Representation Statement of Development Alternative, Inc. Under the Effective Governance Program in West Bank & Gaza, Contract AID-294-C-13-00003, April 1 to September 30, 2015 | Other |
|
View Report | |
| U.S. Agency for International Development | Fund Accountability Statement Audit of Association Institute for Youth Development KULT Under Multiple Awards in Bosnia and Herzegovina, for the Year Ended December 31, 2015 | Other |
|
View Report | |
| U.S. Agency for International Development | Financial Audit of USAID Resources Managed by Amref Health Africa in Kenya Under Multiple Awards, January 1 to December 31, 2018 | Other |
|
View Report | |
| U.S. Agency for International Development | Independent Audit Report on Limited Scope Follow-Up on DAI Global, LLC's Disclosure Statement, Revisions 3 and 4 | Other |
|
View Report | |
| U.S. Agency for International Development | Independent Audit on Tetra Tech Engineering and Architectural Services' Proposed Amounts on Unsettled Flexibly Priced Contracts for Fiscal Years 2016, and 2017 | Other |
|
View Report | |
