Audit Reports

Finalize the policies and procedures that specify the number of days within which property identified for disposal should be retired and recorded in the general ledger.

Provide training to the various regions and property owners once the policies and procedures noted in recommendations 1 above are finalized and implemented.

Perform alternative procedures to assess the materiality of depreciation expense and loss on retirements for assets that were retired in prior years; but, have not been recorded in the general ledger until the current year.

KPMG recommends that FAA complete a more detailed review of manual journal entries to verify the entry was made in accordance with the appropriate USSGL transaction code.

KPMG recommends that FAA identify all procedures previously provided by Bureau of Fiscal Services (BFS) to account for the activities of the AATF and incorporate those procedures into the FAA's financial reporting process.

Develop and implement a process to formally identify, assess, and document the impact of errors, misclassifications and departures from GAAP in the financial statements and accompanying notes, including an assessment as to whether the errors are material in relation to the financial statements as a whole, both in current and future periods.  The assessment should be reviewed by an appropriate level of management.

KPMG recommends FAA develop and implement monitoring controls to ensure costs and revenues are mapped to the appropriate strategic priority.

KPMG recommends FAA enhance policies and procedures related to the review of journal vouchers to include a requirement that the initial review of journal vouchers occur before the journal voucher is posted to the general ledger.

KPMG recommends FAA revise policies and procedures to clarify or remove the second-level review requirement.

KPMG recommends FAA continue to emphasize the timely de-obligation of inactive UDOs through training and communication to the various lines of business.

KPMG recommends FAA continue to perform quarterly obligation reviews to monitor the validity of inactive UDOs.

KPMG recommends FAA correct the set-up of the vendor-trading partner in the vendor table.

KPMG recommends FAA develop and implement policies and procedures to accumulate a listing of new sites identified during the Environmental Site Cleanup Report (ESCR) preparation period and to assess the impact of the new sites to the Environmental Remediation (ER) liability.

KPMG recommends FAA develop and implement policies and procedures to specify the number of days within which the checklists related to new sites should be reviewed.

Enhance their policies and procedures to include the nature and extent of monitoring procedures to be performed by the Regional Office/Airport District Office during their quarterly review of payments made by sponsors with a nominal risk level.

Enhance monitoring procedures to ensure that expenses are recorded in the proper period and accruals are complete.

KPMG recommends that the FAA Oklahoma City Enterprise Center enhance its monitoring controls to ensure that someone other that the Human Resource Specialist who prepares the SF50 (Notification of Personnel Action) review the SF50 to verify the information from the employee election form is properly recorded.

KPMG recommends FAA design and implement procedures to validate the completeness and accuracy of key inputs provided by other organizations within FAA, including a periodic review of the key assumptions.

KPMG recommends FAA fully research and document its conclusions on the proper treatment of the sick leave buyback provisions in accordance with SFFAS No. 5.

Ensure that all security weaknesses identified during reviews performed by or on behalf of the agency, including Government Accountability Office audits, financial audits, system status reports, and critical infrastructure vulnerability assessments are included in the Cyber Security Assessment Manager  POA&M tracker for LIS.

KPMG recommends that FAA strengthen password complexity configurations for LIS and SOAR, in accordance with the DOT Cyber Security Compendium.

KPMG recommends FAA obtain a waiver from the DOT Chief Information Officer to relieve FAA of the implementation requirements within the DOT Cyber Security Compendium.

KPMG recommends that FAA update the LIS SSP to reflect the current security audit log mechanisms in place, and develop and implement procedures requiring periodic reviews of LIS audit logs. The procedures should include the items being reviewed and the frequency within which the reviews should occur.

Perform semi-annual reviews of all privileged user accounts, and their associated access levels, in accordance with the DOT Cyber Security Compendium, and include documented approval(s).

KPMG recommends that FAA develop and implement procedures for granting physical access to the data center.

KPMG recommends that FAA develop and implement procedures for retaining authorizing documents for those individuals that are granted access.

KPMG recommends that FAA develop and implement procedures for performing periodic reviews of access rights for existing data center users.

KPMG recommend that the FAA management develop and implement procedures that require the timely notification of LIS administrator(s) when LIS users are terminated and/or it is determined that a user's access to LIS is no longer required.