Skip to main content
U.S. flag

An official website of the United States government

Audit Reports


Quality Control Review of the Management Letter for the Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2023 and 2022

Requested By
Required by Chief Financial Officers Act of 1990
Project ID
File Attachment
What We Looked At
This report presents the results of our quality control review of KPMG LLP’s management letter for its audit, conducted under contract with us, of the Department of Transportation’s (DOT) consolidated financial statements for fiscal years 2023 and 2022. The management letter discusses four internal control matters that KPMG was not required to include in its audit report.
What We Found
Our quality control review of the management letter disclosed no instances in which KPMG did not comply, in all material respects, with U.S. generally accepted Government auditing standards.
Our Recommendations
KPMG made seven recommendations in its management letter. DOT concurred with all seven recommendations.


No. 1 to OST
KPMG recommends that DOT OCIO management revise the website containing the policy documentation to ensure all documents are consistent and contain the same listing of required controls for moderate-impact systems.
No. 2 to OST
KPMG recommends that DOT OCIO management should document any Departmentwide tailoring decisions within the appropriate security documentation, as required by NIST.
No. 3 to OST
KPMG recommends that DOT OCIO management should define and document control tailoring requirements for the Department and Operating Administrations.
No. 4 to FAA
KPMG recommends that ESC management enforce its existing policy and provide additional training to personnel involved in the manual journal voucher process, specifically the appropriate timing and documentation related to segregation of duties in addition to reviewing each journal voucher to ensure its completeness and consistency with the supporting documentation.
No. 5 to FAA
KPMG recommends that ESC management review and update the journal voucher control log reconciliation process to ensure it is properly designed to identify all potential deviations from policy throughout the fiscal year.
No. 6 to FAA
KPMG recommends that ESC management create monitoring procedures over the journal voucher control log to ensure complete and accurate documentation over manual journal vouchers is maintained.
No. 7 to MARAD
KPMG recommends that MARAD management, in conjunction with their accounting service provider, ESC, develop a PP&E roll forward control that contains all activity within the relevant PP&E accounts by disclosure category, including additions, annual cost adjustments, year to date depreciation, capitalizations from construction in progress to other categories, and retirements.