Audit Reports

-A A +A
skip-to-content

Quality Control Review of the Management Letter for the Audit of Fiscal Years 2016 and 2015 Financial Statements of the Department of Transportation (DOT)

Required by the Chief Financial Officers Act
Project ID: 
QC2017025

We conducted a quality control review of the management letter related to DOT’s financial statements for fiscal years 2016 and 2015. KPMG, LLP, under contract to our office, issued a management letter identifying internal control matters that KPMG was not required to report in its independent audit report on DOT’s financial statements for the period. Our review disclosed no instances in which KPMG did not comply, in all material respects, with generally accepted Government auditing standards.

Recommendations

Open

Closed

Closed on 06.08.2018
No. 1 to FTA

KPMG recommends that FTA revise its policies and procedures for monitoring obligations in order to more timely identify and de-obligate stale obligations by periodically monitoring grants that become inactive during the current fiscal year.

Closed on 06.08.2018
No. 2 to OST

KPMG recommends that DOT develop and implement guidance to formally document its assessments and recognition decisions, in accordance with Statements of Federal Financial Accounting Concepts (SFFAC) No. 5 Definitions of Element and Basic Recognition Criteria for Accrual-Basis Financial Statements , as it relates to liabilities of exchange transactions, specifically those decisions to depart from GAAP based on materiality.

Closed on 06.08.2018
No. 3 to FTA

KPMG recommends that FTA and ESC management revise procedures to ensure manual JVs are reviewed, by the designated FTA approver, within the timeframe established by existing policies.

Closed on 06.08.2018
No. 4 to FHWA

KPMG recommends that FHWA management develop and implement procedures and processes that require periodic reviews of the audit logs generated by the application. In accordance with the DOT Cybersecurity Compendium requirements, the procedures should include the items being reviewed and the frequency within which the reviews should occur.

Closed on 06.08.2018
No. 5 to FHWA

KPMG recommends that FHWA management update the System Security Plan to reflect the new requirements for audit log reporting and reviews.

Closed on 06.08.2018
No. 6 to FHWA

KPMG recommends that FHWA management configure the system to send automated activity alerts that would notify the appropriate individuals and allow them to track suspicious activities within the system. Identify alerts that need to be generated by the system application, and develop mechanisms to generate automated alerts to notify the appropriate individuals to perform actions if an alert is generated.

No. 7 to FHWA

KPMG recommendes that FHWA strengthen policies and procedures to ensure that terminated users' access is removed timely, in accordance with the DOT Cybersecurity Compendium guidelines.

Closed on 06.08.2018
No. 8 to FHWA

KPMG recommends that FHWA update policies and procedures to restrict programmer's access from production libraries and datasets to ensure appropriate segregation of duties

Closed on 06.08.2018
No. 9 to OST

KPMG recommends that OST management develop and implement privileged service account review procedures to ensure that privileged service accounts are reviewed, at least semi-annually, for continued appropriateness, based on the principle of least privileged.

Closed on 06.08.2018
No. 10 to OST

KPMG recommends that the ITSS enhance data center review policy and procedures to ensure all access is reviewed for appropriateness timely, in accordance with DOT Cybersecurity Compendium guidelines.