Open Recommendations

Establish and implement a process to visually confirm that hard drives are removed before surplussing the laptop shells.

The Chief IRS Human Capital Officer should coordinate with Treasury to determine the expectations for the quarterly monitoring of telework use.

The Chief IRS Human Capital Officer should finalize the processes and procedures for the quarterly monitoring of telework use.

Update the CSIRT Framework and Procedures. Include detailed procedures for the following areas:
a. Handling specific incident types during the Detection and Analysis phase.
b. Incident containment strategies for incident types.
c. Incident eradication activities.

Ensure that Triage Coordinators fully document key information in the incident ticket, including (1) the determination of whether or not the event is a computer security incident and (2) the steps taken for incident containment, eradication, and recovery.

Ensure tickets identified in Tables 1 and 2 are correctly categorized as “Computer Security Incident” or reclassified as “problem” tickets in the service ticketing system.

FHFA's DER Deputy Director should update the DER OPB, Sampling Practices for Examination Activity Testing, to establish key attributes of the sample population that should be documented, to include the complete or targeted population size.

FHFA's DER Deputy Director should ensure supervisors and examiners implement updates to the DER OPB, Sampling Practices for Examination Activity Testing, to include documenting key population attributes.

Rec. 1.b: The DoD OIG recommended that the Commander of the Naval Special Warfare Command develop a plan of action with milestones to implement and address all five potential solutions identified in the Operational Deficiency Report or identify and explain alternative solutions if the five potential solutions do not resolve the identified deficiencies.

FHFA’s OHRM Director should determine the allowability of the questioned reimbursement and stipend costs totaling $65,690 and take appropriate action including recoupment of funds.

FHFA’s OHRM Director should strengthen compliance with applicable policies and procedures over reimbursements and stipends through targeted training of OHRM staff responsible for initiating, reviewing, and approving payments. Training on the requirements of Policy 113, the Duty Station Policy, and other applicable guidance should reinforce the following:
a. Reimbursements must be supported by verifiable documentation of an employee’s eligible job-related expenses with required, supporting documentation;
b. Payments must not exceed reimbursement and stipend thresholds and must be accurate;
c. Stipends should be issued exclusively to employees who meet eligibility criteria; and
d. Agreements and other certifications must be properly executed…

FHFA’s OHRM Director should develop and implement standardized controls to systematically review and verify the accuracy of out-stationed employee stipend payments for consistency across the Agency.

FHFA’s OHRM Director should conduct periodic testing of controls over reimbursements and stipends to ensure payments are made in accordance with Policy 113 and other applicable guidance.

FHFA’s DBR Director should reinforce controls governing out-stationed employee stipends through periodic reminders and targeted training of officials responsible to ensure recipient eligibility, accurate payment through coordination with OHRM, as necessary, and maintenance of properly executed duty station agreements.

FHFA’s DBR Director should train DBR staff responsible for initiating, reviewing, processing, and approving stipends on the requirements of Policy 113, 2021-DBR-OPB-04, the Duty Station Policy, and any procedural updates.

FHFA’s OHRM Director should develop a centralized recordkeeping system for managing reimbursement and stipend records that allows timely and accurate retrieval of supporting documentation.

FHFA’s OHRM Director should perform periodic checks of reimbursement and stipend documents to verify that they are accurate, complete, and have been retained for the required period of time.

FHFA’s OHRM Director should provide supplemental, as-needed training to FHFA staff responsible for initiating, reviewing, and approving reimbursements and stipends on the requirements of FHFA’s Records and Information Management Policy; FHFA’s Comprehensive Records Schedule; and the National Archives and Records Administration’s General Records Schedules when retaining information and documentation created under Policy 113 and any corresponding updates. This training should complement, not replace, other mandatory training.

We recommend that FWS require the Department to implement a standardized process to address the payroll report backlog so that payroll costs can be properly allocated and WSFR grant drawdowns can occur timely.

We recommend that FWS require the Department to develop a process to ensure all invoices impacting WSFR grants are tracked and paid timely.

We recommend that FWS require the Department to develop and implement written procedures, clear job responsibilities, and a process for supervisory review for all key aspects of the financial management and oversight of the Department's WSFR grants, including drawdown preparation that ensures accurate reporting and allocation of grant costs.

We recommend that FWS require the Department to provide project managers, division leaders, and other key stakeholders in the WSFR grant management process with timely access and cross training on all areas needed to perform effective administration of the grants, including budget execution to manage grant projects effectively.

We recommend that FWS require the Department to develop a strategy to enhance communication within the Department to ensure that both headquarters and field personnel receive prompt and adequate support to accomplish their WSFR grant missions effectively.

The Chief, Taxpayer Services, should regularly provide training to tax examiners covering credit eligibility requirements and appropriate account actions to take for ITIN holders based on the applicable tax year.

The Chief, Taxpayer Services, should review the 1,769 tax returns where the IRS allowed credits for ITIN holders
who were potentially ineligible and make associated corrections, as necessary.

The Chief, Taxpayer Services, should update PATH Act implementation guidance in Notice 2016-48 to define the issuance date of an ITIN as either the original issuance date or the renewed issuance date, if applicable, for those ITINs that have expired.

The Chief, Taxpayer Services, should update the ITIN Policy Section guidelines to require on-site reviews of high-risk CAAs to be completed periodically to ensure adequate oversight.

The Chief, Taxpayer Services, should establish a process for the ITIN Unit to regularly share its observations of potentially questionable CAA activities or patterns with the ITIN Policy Section.

The Chief, Taxpayer Services, should establish a process for the ITIN Policy Section to review and consider the ITIN Unit’s potentially questionable CAA referrals when selecting CAAs for compliance reviews and processing applications.

Evaluate the pre-award documents for the 13 contracts that had missing documents, which have an overall award value of more than $48.2 million in unsupported costs, and document conclusions reached, as applicable.

Establish and implement oversight controls to ensure that contract file documentation is complete and fully complies with Federal laws and regulations.

Restricted due to sensitive information.

Restricted due to sensitive information.

Restricted due to sensitive information.

Restricted due to sensitive information.

Update the relevant handbook, to incorporate a procedure on identified physical security threats.

The Chief Information Officer should evaluate the current data restoration process and streamline processes, as needed, to ensure that data recovery timelines are met.

The Chief Information Officer should develop a single document to serve as its Information Resources Management Strategic Plan and ensure that the plan includes all required components as outlined in OMB Circular A-130.

Rec. 1.a: The DoD OIG recommended that the Commander, Naval Supply Systems Command Weapon Systems Support review inventory items with no demand for 5 years or more to determine whether the inventory items are still needed to sustain weapon systems and, if the inventory items are not needed, the Commander, Naval Supply Systems Command Weapon Systems Support, should dispose of the unneeded inventory items.

Rec. 1.b: The DoD OIG recommended that the Commander, Naval Supply Systems Command Weapon Systems Support update the economic retention model to include past storage costs when determining whether it is more economical to retain the inventory item than dispose of it and potentially repurchase the item.

Rec. 1.c: The DoD OIG recommended that the Commander, Naval Supply Systems Command Weapon Systems Support update the procedures for their semiannual disposal review to proactively coordinate with the Naval Air Systems Command and the Naval Sea Systems Command to identify inventory items with no demand for 5 years or more that are not needed to sustain weapon systems and take action to dispose of those inventory items.

We recommend the GSA Administrator enforce internal procedures to ensure that the Office of Mission Assurance and Office of Facilities Management perform their required facility security responsibilities.

We recommend the GSA Administrator in conjunction with FPS: a) conduct a nationwide assessment of outstanding deficient security fixtures; b) develop and implement a plan to repair, replace, or install security fixtures identified through the nationwide assessment; c) redacted due to sensitive information related to federal building security; and d) if GSA cannot secure funding to repair, replace, or install security fixtures, work with the Office of Management and Budget to establish a consistent funding stream to address current and future security fixture deficiencies.

OIG recommends that the Bureau of European and Eurasian Affairs develop and implement internal controls to ensure baseline measures and targets are established for each performance indicator when awarding grants and cooperative agreements, in accordance with the Federal Assistance Directive.

OIG recommends that the Bureau of International Narcotics and Law Enforcement Affairs develop and implement internal controls to ensure baseline measures and targets are established for each performance indicator when awarding International Organization Letters of Agreement, in accordance with its Agreement Officer Representative Handbook.

OIG recommends that the Bureau of Global Acquisitions update the Federal Assistance Directive to outline the circumstances in which bureaus should assess and revise targets for performance indicators when issuing cost amendments.

OIG recommends that the Bureau of European and Eurasian Affairs establish targets for performance indicators for its war crimes accountability award in Ukraine with the International Criminal Justice Initiative.

OIG recommends that the Bureau of European and Eurasian Affairs revise its monitoring plan for its war crimes accountability award in Ukraine with the International Criminal Justice Initiative to include detailed monitoring activities to be conducted and timelines for conducting those activities, as required by the Federal Assistance Directive.

OIG recommends that the Bureau of International Narcotics and Law Enforcement Affairs establish and implement internal controls to ensure that quarterly progress reports are completed and documented in accordance with the Federal Assistance Directive and the bureau's Agreement Officer Representative Handbook.

OIG recommends that, following the implementation of Recommendation 5, the Bureau of European and Eurasian Affairs evaluate the feasibility of conducting virtual desk audits or site visits to Ukraine to monitor the implementation of the war crimes accountability award with the International Criminal Justice Initiative.