Open Recommendations

We recommend that the Department of Health and Human Services fulfill the remaining seven covered agency responsibilities established in GDA section 759(a).

We recommend that the Department of Health and Human Services ensure that the HHS Office of the Chief Data Officer oversees, coordinates, and facilitates HHS's implementation of geospatial-related requirements, policies, and activities.

We recommend that the Department of Health and Human Services develop and maintain an inventory of all geospatial data assets in accordance with section 759(b) of the GDA.

We recommend that the Department of Health and Human Services prepare the required annual reports regarding the achievements of the covered agency in preparing and implementing the strategic plan for the National Spatial Data Infrastructure (section 759(a)(1)) and complying with the other requirements in section 759(a).

Revise USMS Policy Directive 17.11 to reflect the accurate statutory language for the USMS's Title 18 law enforcement authority.

Update its policy for reporting CSO misconduct to establish stronger controls that better ensure both USMS OPR and the DOJ OIG receive relevant and appropriate information.

Evaluate and update its guidance to the USMS on special deputations to clarify requirements for Department review and approval of special deputation requests.

In consultation with the Department, update policies and procedures to reduce the risks of providing special deputation authority to ineligible or inappropriate applicants and ensure that USMS special deputations are only granted for allowable Title 18 purposes. These updates should clarify requirements and strengthen controls to better ensure reasonable and appropriate sponsorships, justifications, law enforcement authorities, eligibility, and timeframes for special deputations.

Implement formal training for the Special Deputation Program (SDP) to effectively oversee the special deputation process and appropriately grant Title 18 law enforcement authority.

Improve program oversight and accountability by formalizing processes to routinely evaluate and ensure special deputations comply with policies, procedures, and guidance, as well as by implementing controls that ensure any exceptions are appropriate and documented consistently.

Develop and implement policy and procedures for documenting the reason for the lapse and the decision regarding TFO participation or restrictions on participation on USMS operational activities.

Improve current processes and implement controls within the USMS's case management system to consistently identify TFO investigative activity and ensure accountability and oversight of deputized TFOs.

Enhance its management of TFO misconduct allegations by: (a) reinforcing the policy requirement for reporting misconduct allegations to the USMS Office of Professional Responsibility (OPR) and OIG; (b) developing and implementing a policy regarding the utilization of a TFO who has an active misconduct allegation; and (c) implementing a process to document and track the status and outcome of all TFO misconduct investigations, when appropriate, to support decisions regarding a TFO's retention of special deputation authority.

Develop policies, procedures, and controls to manage court security officer (CSO) special deputations. During the development of this framework, the USMS should ensure the Judicial Security Division (JSD) takes into consideration relevant USMS requirements and processes for all other special deputations, including any updates that are made as a result of this audit.

Determine whether NNSA owes Skookum for depreciation costs on Contract 89233119CNA000027.

Evaluate procedures over contract documentation and communications to ensure contract files are complete and historical contract knowledge is maintained.

We recommend the Secretary direct the Office of Strategy, Policy, and Plans to ensure the timely development and updates of Department and component strategic guidance.

We recommend the Under Secretary for Strategy, Policy, and Plans:• conduct an inventory of all required Department and component strategic guidance documents and mandated updates; and• implement and track the updates to all strategic guidance documents, and ensure they remain current.

Begin appropriate enforcement actions, starting with notice issuance, on the population of nonfilers with gambling winnings for TYs 2018 through 2020, prioritizing high-income nonfilers, including the top 100 nonfiler cases identified by TIGTA.

Review the population of nonfilers with gambling winnings for TYs 2018 through 2020 that were not identified by the IMF CCNIP and begin appropriate enforcement actions as warranted.

The Commissioner, SB/SE Division, should expand the wager codes to specifically include sports betting and use the wager code as a tool to identify potential noncompliance of excise taxes.

The Commissioner, SB/SE Division, should conduct an environment scan of the current and potential future conditions of the sports betting and online gambling industries, the industries’ risks, and the impact on tax compliance, and develop a process to identify and address Form 730 nonfilers and underreporter noncompliance.

The Chief, Taxpayer Services, should at the start of each filing season, determine if any Free File Program partners have been identified or sanctioned for an unauthorized disclosure of taxpayer information and document actions taken to mitigate the potential risk to the Program.

The Chief, Taxpayer Services, should identify IRS personnel with the appropriate technical expertise to review the participating partners’ privacy disclosures and taxpayer consents each filing season to evaluate whether the format and content of written consents complies with Treas. Reg. 301.7216-3 and other IRS guidance.

The Chief, Taxpayer Services, should evaluate the feasibility of using additional avenues (such as letters, text messaging, and e-mails) to reach eligible Free File Program taxpayers. This should include determining if any of these avenues can be associated with increased participation.

The Chief, Taxpayer Services, should identify and incorporate appropriate qualitative and quantitative measures into the Free File Program communication plan that allow for evaluating the effectiveness of outreach efforts.

The Chief, Taxpayer Services, should develop a comprehensive MOU provision testing plan that ensures that all sections of the MOU (and addendums, as applicable) are being addressed each filing season. This should include noting which provisions cannot be reviewed along with an explanation why.

District leaders and the Corona, Temecula, Kauai, and Western Oahu Vet Center Directors determine reasons for noncompliance with completing four hours of external clinical consultation for clinically complex cases per month, ensure a process is implemented, and monitor compliance.

District leaders and the Corona, Temecula, and Kauai Vet Center Directors determine reasons for noncompliance with having an automated external defibrillator located on-site and ensure compliance with the requirement.

Develop a formal work planning process that incorporatesthe selection criteria from the Handbook and requires thatACO teams clearly document the criteria used to selecteach agency in the inspection plans and reports.

Revise Standard Operating Procedure 2.2, section 12, toexplicitly require the inspection teams to document theanalyses they conduct to support their findings andrecommendations.

Develop a standard documentation template that ACOstaff can use to clearly document the deficienciesidentified during an inspection.

Migrate the existing program data from CARS to asupported in-house tool to better manage the data whilethe team completes the market research for a newprogram management information system.

Develop relevant internal controls (policies, procedures,and/or guidance) to ensure data entry is integrated intoACO’s daily workflow.

Complete the enterprise-wide data inventory.

Document and implement a standard operating procedureto maintain the enterprise-wide data inventory as new datacollections are created and old data collections are retired.

Collaborate with NARA’s Chief Information Officer todocument and implement a standardized process tomonitor service level agreements with cloud-based serviceproviders. The process should include the monitoringresponsibilities of the Contracting Officer’sRepresentatives and actions NARA should take if acontractor does not meet the defined service levels.

Document and implement a process to incorporate theCloud Service Provider's Quality Assurance SurveillancePlan as part of future cloud service contracts. Whereincorporation of a Cloud Service Provider QualityAssurance Surveillance Plan is not anticipated, NARAshould incorporate its own Quality Assurance SurveillancePlan and service level agreements at the solicitationphase, these should align with commercial best practices.

Implement a documented process requiring the assignment of aQuality Assurance Evaluator for future relocation of records project(s).

Ensure a Quality Assurance Surveillance Plan is developed andimplemented requiring onsite supervision to provide proper oversight and compliancewith the PWS.

In collaboration with applicable parties, ensure PWS requirementsare developed to reflect the procedures necessary to protect and account for therelocation of archival records that should include:a. Implementing a documented process requiring the assignment of a QualityAssurance Evaluator for future relocation of records project(s).

In collaboration with applicable parties, ensure PWS requirementsare developed to reflect the procedures necessary to protect and account for therelocation of archival records that should include:Ensuring a Quality Assurance Surveillance Plan is developed, approved, andimplemented requiring onsite supervision to provide proper oversight andcompliance with the PWS.

Develop and implement standard operating procedures to ensurethat Research Services personnel comply with the PWS requirements.

Develop and implement standard operating procedures tocommunicate final PWS requirements to all responsible parties before the contract isawarded.

We recommend that GSA’s Chief Information Officer implement controls to ensure that the Inventory of Owned and Leased Properties (IOLP) and Federal Real Property Profile Management System (FRPP MS) datasets contain accurate latitude and longitude coordinates based on each property’s physical location except for those properties with a clear exemption for national security.

Rec. 1: The DoD OIG recommended that the Under Secretary of Defense for Policy and the Defense Security Cooperation Agency Director conduct a review of the challenges identified during the use of barcode scanners for enhanced end-use monitoring inventories and develop and implement a plan of action and milestones to correct those challenges before making any decisions on whether to use barcode scanners to conduct enhanced end?use monitoring inventories on a broader scale.

FAA's Air Traffic Organization System Owners and National Airspace System (NAS) Cyber Operations to implement procedures to perform near real-time cyber monitoring activities on the remaining 62 NAS systems in accordance with DOT and FAA cybersecurity requirements and provide a timeline for completion.

OCIO to implement a process to verify that DOT's operating systems comply with applicable Departmental and Defense Information Systems Agency Security Technical Implementation Guides configuration settings.

OCIO to remediate vulnerabilities or develop other compensating controls in systems supporting DOT's Continuous Diagnostic and Mitigation program, tools, and network endpoints in accordance with the timeframes set forth in Cybersecurity and Infrastructure Security Agency's managed catalog of known exploited vulnerabilities.

FAA's System Strategy & Performance Service division to develop and implement software asset management policies, including a software inventory for reconciliation process.