skip-to-content
OIG’s Office of Auditing and Evaluation makes recommendations to the Department of Transportation and a few independent transportation entities to correct deficiencies and encourage improvements in the safety, economy, efficiency, and management of their programs and operations. Our audit report findings and conclusions explain the basis for the specific corrective actions we recommend. This Recommendation Dashboard provides more information than ever before about the current status of OIG recommendations, which we plan to update on a weekly basis. For more information, see answers to frequently asked questions.
PHMSA’s Safety Culture Efforts
2021
No. 1 to PHMSA
Describe the responsibilities and tasks necessary to develop and continuously promote a positive safety culture at PHMSA, such as a training plan on safety culture. Then clearly assign those responsibilities to leadership.
2021
No. 2 to PHMSA
Establish a method to track and monitor the status of initiatives related to safety culture.
DOT Needs To Strengthen Travel Card Program Internal Controls To Minimize Misuse
2020
No. 1 to OST
Notify all travel card program participants that advance written approval must be obtained prior to incurring any travel expenses.
2020
No. 2 to OST
Develop and implement a plan for Agency/Organization Program Coordinator to identify travel authorizations that were not submitted or approved prior to the incurrence of official travel-related expenses. The plan should include follow-up with cardholders and approvers on instances where noncompliance is identified.
2020
No. 3 to OST
Update DOT's travel card management policy, DOT Order 15006.b, and DOT travel card training to include guidance on how cardholders should recover travel card account overpayments.
2020
No. 4 to OST
Develop and implement a control that will allow the Department to identify questionable travel card transactions outside of the delinquency report review that is performed by the operating administrations.
2020
No. 5 to OST
Expand existing training for managers and Approving Officials to incorporate a proper voucher review.
2020
No. 6 to OST
Notify all travel cardholders that cash withdrawals must not occur more than 3 days prior to an authorized trip.
2020
No. 7 to OST
Strengthen current cash-advance controls to test cardholder compliance with cash advances and require follow-up with cardholders when instances are detected.
2020
No. 8 to OST
Design and implement a control to test that cardholders are using the travel card to pay only for official travel expenses as required. The control should include follow-up with cardholders when charges unrelated to official travel are detected.
2020
No. 9 to OST
Modify training materials to emphasize the required use of the travel card for all expenses related to official travel.
2020
No. 10 to OST
Develop and implement controls to require that refresher training is administered timely in electronic learning management system, and require that cardholders complete refresher training in a timely manner.
2020
No. 11 to OST
Modify the current travel card application process to include a manager certification as required by the DOT travel card management policy.
Weaknesses in FAA’s Supplemental Passenger Restraint System Authorization Process Hinder Improvements to Open-Door Helicopter Operations
2020
No. 1 to FAA
Issue a Notice of Proposed Rulemaking and a final rule, if found to be in the public interest, that address operations using supplemental passenger restraint systems.
2020
No. 2 to FAA
Require all supplemental passenger restraint system applications to be reviewed using a standardized evaluation checklist that defines which information must be included on the request form for authorization.
2020
No. 3 to FAA
Define minimum certification standards that meet aviation-specific load factors for supplemental passenger restraint systems.
2020
No. 4 to FAA
Revise the supplemental passenger restraint system authorization procedures so applications are routed through local oversight offices to notify inspectors which operators are requesting and subsequently authorized for supplemental restraint use.
2020
No. 5 to FAA
Develop and incorporate supplemental passenger restraint inspection criteriaâ"such as frequency of inspections, review of harness authorization documentation, and maintenance of harnesses into inspector guidance for both Part 135 and Part 91 surveillance.
Summary Report on Significant Single Audit Findings Impacting DOT Programs for the 3-Month Period Ending September 30, 2020
2020
No. 1 to OST
We recommend that DOT coordinate with the impacted OAs to develop a corrective action plan to resolve and close the findings identified in this report.
2020
No. 2 to OST
We recommend that DOT determine the allowability of the questioned transactions and recover $25,838, if applicable.
Quality Control Review of the Independent Auditor’s Report on the Assessment of DOT’s Information Security Program and Practices
2020
No. 1 to OST
Require OST to either start utilizing the CSAM tool for its security control assessments or develop its own risk assessment policies and procedures as required by DOT's Cybersecurity Compendium.
2020
No. 2 to OST
Work with OAs to update privacy risk management procedures to ensure the completion, tracking, review, and approval of privacy plans and compliance documentation prior to system authorization or reauthorization. Components should engage the Departmental Chief Privacy Officer as appropriate.
2020
No. 3 to OST
Work with the Departmental Chief Privacy Officer to establish processes and procedures to notify Component Privacy Officers of systems scheduled for reauthorization so that required privacy risk management plans may be completed as required by policy.
2020
No. 4 to OST
Work with the Departmental Chief Privacy Officer to establish processes and procedures to determine Component compliance with Departmental policy requiring Privacy Risk Management plans be established prior to system authorization or reauthorization.
2020
No. 5 to OST
Coordinate with appropriate offices within the Office of Secretary to develop and implement a strategy and solution(s) to ensure that supervisors, contracting officers, and contracting officer representatives enforce personnel onboarding and off boarding procedures, completion of the DOT Rules of Behavior and other IT requirements prior to being granted access to DOT networks, systems, and information, or have existing access revoked upon separation, in accordance with DOT policy.
2020
No. 6 to OST
Strengthen its oversight of the configuration management processes performed by OAs to ensure configuration management plans are developed, kept up-to-date, and document requirements for each system.
2020
No. 7 to OST
Work with the FAA CIO to complete the revision of FAA Order 1800.66, Configuration Management Policy.
2020
No. 8 to OST
Work with OAs to implement oversight to address configuration change weaknesses and to ensure configuration changes to the information systems are properly documented and tracked through implementation, and undergo a post-implementation review to verify procedures are followed.
2020
No. 9 to OST
Ensure that baseline configuration deviations are monitored and deviations are approved to ensure that baseline compliance reports demonstrate a consistent and accurate application of baseline standards.
2020
No. 10 to OST
Consolidate to the enterprise Tenable Nessus system to ensure accessibility of baseline compliance and/or vulnerability assessment capabilities.
2020
No. 11 to OST
Ensure that missing security patches are either applied in accordance with DOT policy or that vulnerable software is otherwise remediated on the affected endpoints. In addition, ensure that missing security patches attributable to specific mission/business requirements are identified, control weaknesses are appropriately documented in POA&Ms, and that the authorizing official is aware of and has accepted risk for the associated weaknesses.
2020
No. 12 to OST
Document and implement a process to identify software end of life dates and require the development of implementation plans to eliminate unsupported software.
2020
No. 13 to OST
Work with FAA to secure a reliable funding stream for background reinvestigations.
2020
No. 14 to OST
DOT should devise strategies, consistent with Federal policies and guidance, to overcome the logistical challenges of fingerprinting during a pandemic or other events and circumstances which prevent the timely completion of background reinvestigations.
2020
No. 15 to OST
Work with the FAA CIO to review all systems listed in Appendix B of the FAA Air Traffic Operations (ATO) Information Security Continuous Monitoring (ISCM) Plan for NAS and Mission Support (MS) Systems to ensure the FAA ISCM plan is complete and accurate, making updates as needed.
2020
No. 16 to OST
Work with the OST IT Director to ensure an alternate processing site (including necessary agreements) is more clearly described within the contingency plan to permit the transfer and resumption of information system operations for essential missions/business functions consistent with recovery time objectives when the primary processing capabilities are unavailable, for those systems in accordance with the requirements of the Cybersecurity Compendium and NIST guidance.
2020
No. 17 to OST
Work with the PHMSA CIO to ensure an alternate storage site (including necessary agreements) is described within contingency plans to permit the transfer and resumption of information system operations for essential missions/business functions consistent with recovery time objectives when the primary processing capabilities are unavailable, for those systems in accordance with the requirements of the Cybersecurity Compendium and NIST guidance.
2020
No. 18 to OST
Strengthen its oversight of the contingency planning processes performed by FMCSA, OST COE, OST VOLPE, FAA, FRA, and MARAD to ensure contingency planning documentation is developed, updated and tested in a timely manner, in accordance with policy.
DOT Is Making Progress Toward Fulfilling the Requirements of the Geospatial Data Act of 2018
2020
No. 1 to OST
Update the National Geospatial Data Asset (NGDA) Theme plan with the processes to identify, assess, and develop NGDA standards based on the Act.
2020
No. 2 to OST
Develop and implement a process to track the financial resources necessary to manage the National Geospatial Data Asset (NGDA) Transportation data theme.
2020
No. 3 to OST
Develop, publish and implement DOT's strategy for geospatial data-related activities as defined in its Geospatial Information System Strategic Plan.
2020
No. 4 to OST
Work with the Chief Data Officer to verify that all Operating Administrations (OAs) designate an appropriate individual as a geospatial information officer.
2020
No. 5 to OST
Work with Operating Administration (OA) records officers to verify that FAA, FTA, MARAD, NHTSA, OST, and PHMSA allocate appropriate resources to complete file plans and record schedules development activities through submission to the DOT Records Management Office.
2020
No. 6 to OST
Track and monitor FRA's, MARAD's, NHTSA's and PHMSA's allocated resources to meet the responsibilities of effective geospatial data collection, production, and stewardship.
2020
No. 7 to OST
Develop, disseminate, and implement a uniform process for all Operating Administrations to perform a quality review of geospatial data to verify compliance with Department of Transportation's (DOT) information quality guidelines. This process should include a method of ensuring recipients of DOT funds for geospatial data collection meet appropriate quality standards, as well as an assessment of stakeholder and peer reviews in order to validate the quality of all disseminated information.
2020
No. 8 to OST
Update, disseminate and implement Department ofTransportation's internal data inventory policy to address how the Operating Administrations should verify that geospatial data and metadata does not inappropriately disclose personally identified information to external parties and include guidelines on tracking and maintaining geospatial data asset inventory and validating that inventories are complete.
2020
No. 9 to OST
Develop a process to verify that the Operating Administrations are aware of and apply the Department of Transportation Privacy Risk Management Policy, requiring privacy risk management activities to be completed for geospatial information systems prior to next system reauthorization.
2020
No. 10 to OST
Develop and implement a procedure that documents and tracks all responsibilities outlined in the Geospatial Policy on Reducing Duplication are implemented to include Department of Transportation and Operating Administrations' implementation of geospatial clearinghouse searches to validate no duplication of funds.
2020
No. 11 to OST
Develop and maintain a process to verify that all geospatial metadata meets quality standards that strengthen the internal control process to improve the quality of metadata reported on DOT's enterprise data inventory.
2020
No. 12 to OST
Establish, document and implement a process for ongoing monitoring of its strategy for advancing geospatial information and related geospatial data and activities appropriate to its mission in accordance with requirements of the Federal Internal Control Standards.
2020
No. 13 to OST
Working with the Operating Administrations, require that all geospatial information systems maintain authorization status in accordance with departmental cybersecurity policies.
FRA Lacks Sufficient Oversight Controls To Consistently Assess Conductor Certification Compliance
2020
No. 1 to FRA
Develop and implement a procedure for reviewing and tracking new and updated railroad conductor certification programs.
2020
No. 2 to FRA
Finalize the Operating Practices Compliance Manual chapter on conductor certification compliance and enforcement and distribute it to inspectors; include a process an inspector can use to notify FRA Headquarters about a problem with a railroad's conductor certification program.
2020
No. 3 to FRA
Develop and implement a plan for systematically conducting Part 242 compliance audits of all railroads to which the regulations apply.
2020
No. 4 to FRA
Modify the Railroad Inspection System for Personal Computers (RISPC) to capture data that specifies the types of Part 242 oversight activities inspectors are recording.
2020
No. 5 to FRA
Develop and issue instructions on the proper entry of Part 242 activity codes in RISPC.
Quality Control Review of an Independent Auditor’s Report on the Surface Transportation Board’s Information Security Program and Practices
2020
No. 1 to STB
Implement documented processes for granting and removing user access in a consistent manner, as required by STB policies and procedures.
2020
No. 2 to STB
Implement processes for conducting, documenting, and maintaining Position Risk Designations in a consistent manner, as required by STB policies and procedures.
2020
No. 3 to STB
Develop a process for ensuring that the completion of rolebased training is tracked and maintained.
2020
No. 4 to STB
Consistently implement the process to ensure all new users complete the mandatory security awareness training requirements prior to being granted access to STB systems.
2020
No. 5 to STB
Fully develop the ISCM Strategy and all information system ISCM plans to include the required criteria documented in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-137 such as: a. Considerations at the organization/business process level; b. Considerations at the information system level; and c. Processes to review and update the ISCM program and strategy.
2020
No. 6 to STB
Define the process to ensure the timely collection of established metrics across its operational systems and reporting evaluation process to assist ISCM Stakeholders to make informed decisions.
Report on the Quality Control Review of the Independent Auditor’s Report on DOT’s Enterprise Services Center
2020
No. 1 to OST
Sensitive information redacted
2020
No. 2 to OST
Sensitive information redacted
2020
No. 3 to OST
Sensitive information redacted
FAA’s Process for Updating Its Aircraft Evacuation Standards Lacks Data Collection and Analysis on Current Evacuation Risks
2020
No. 1 to FAA
Develop and implement a systematic process to regularly collect and analyze data on emergency evacuations to determine whether evacuation standards need to be revised or updated based upon current risks.
2020
No. 2 to FAA
Develop a policy or procedures to maintain and analyze a record of critical data from aircraft manufacturers' evacuation demonstrations and analyses to identify risks and ensure data used in analyses and computer modeling are accurate and up to date.
FAA Issued New Medical Requirements for Small Aircraft Pilots but Lacks Procedures and Data To Oversee the Program
2020
No. 1 to FAA
Conduct a risk assessment of the issues related to valid driver's licenses and use of State-licensed physicians noted in this report, and implement processes to mitigate any identified risks. Include the results of this risk-assessment in the required report on the safety impact of BasicMed to Congress.
2020
No. 2 to FAA
Develop and implement a process to collect pilot flight hours, or an alternative process that allows a meaningful assessment of the safety impact of pilots operating under BasicMed compared with pilots operating with a medical certificate.
FAA and Its Partner Agencies Have Begun Work on the Aviation Cyber Initiative and Are Implementing Priorities
2020
No. 1 to FAA
In consultation with its ACI partners, identify the resources needed to meet the current schedule for achieving ACI's remaining priorities, and how they should be allocated. Revise the current schedule as necessary to reflect the resources that are available.
Summary Report on Significant Single Audit Findings Impacting DOT Programs for the 3-Month Period Ending June 30, 2020
2020
No. 1 to OST
Coordinate with impacted Operating Administrations (OA) to develop a corrective action plan to resolve and close the findings highlighted in this report.
2020
No. 2 to OST
Determine the allowability of the questioned transactions and recover $3,440,165, if applicable.
FAA Has Begun To Update ERAM but Faces Challenges Realizing Full Benefits for Airspace Users
2020
No. 1 to FAA
Develop an action plan with schedule milestones for completing the assessment, test, and mitigation of the new security requirements for ERAM to successfully meet a high impact system categorization.
FAA Is Not Remediating STARS Security Weaknesses in a Timely Manner and Contingency Planning Is Insufficient
2020
No. 1 to FAA
Develop and implement a plan with a timeline that identifies when critical, high, and medium vulnerabilities in STARS will be mitigated and implemented at the 11 largest TRACON facilities and includes a patch management program to ensure that the security patches for all operating systems, software, and applications are up to date; and timeline when FAA will implement security-relevant software updates for critical, high, and medium vulnerabilities, in accordance with requirements.
2020
No. 2 to FAA
Sensitive information redacted
2020
No. 3 to FAA
Sensitive information redacted
2020
No. 4 to FAA
Sensitive information redacted
2020
No. 5 to FAA
Sensitive information redacted
2020
No. 6 to FAA
Direct STARS officials to prioritize mitigation efforts to resolve the security weaknesses for the 27 security controls identified in this report; develop a Plan of Action and Milestones that realistically reflects resources and timeframes for the completion of these actions; and report on these actions in the Department's Cybersecurity Assessment and Management monitoring system.
2020
No. 7 to FAA
Update the STARS incident response policy to include the missing elements from the National Institute of Standards and Technology.
2020
No. 8 to FAA
Sensitive information redacted
2020
No. 9 to FAA
Develop and implement an internal control that ensures that Agency staff follow requirements for access control in accordance with the STARS Security Handbook.
2020
No. 10 to FAA
Sensitive information redacted
2020
No. 11 to FAA
Sensitive information redacted
MARAD’s Policy and Procedures for the Title XI Program’s Application Review Process Do Not Ensure Full Compliance with Requirements
2020
No. 1 to MARAD
Update the 2012 policy manual to address all statutory and regulatory requirements.
2020
No. 2 to MARAD
Develop and implement procedures that direct MARAD to obtain and document all application related materials required by statute and regulation.
2020
No. 3 to MARAD
Develop and implement procedures that require program staff to adhere to MARAD's program policy and statutory and regulatory requirements.
Changes in Airline Service Differ Significantly for Smaller Communities, but Limited Data on Ancillary Fees Hinders Further Analysis
2020
No. 1 to OST
The Bureau of Transportation Statistics issue a Reporting Directive clarifying that air carriers are to include booking fees, along with any/all fees required to board the aircraft, in the fare line item reported to the Office of Airline Information's Origin and Destination Survey.
2020
No. 2 to OST
The Office of Aviation Analysis develop a process to regularly collect, maintain, and use information from airlines' website disclosures of all fees charged for optional or ancillary services as a screening mechanism for significant changes in these fees. For each mainline carrier and posted fee, this information should include—but not necessarily be limited to—identification of the type of each service and its price (or price range).
2020
No. 3 to OST
The Secretary request a Revenue Ruling or policy statement from the Department of Treasury regarding the taxation of airline booking fees and, if appropriate, that the Department of Treasury take action to assess the relevant tax. If the Department of Treasury finds that these fees are taxable—and assuming no change in the conditions underlying our calculation of their impact on the Airport and Airway Trust Fund in 2019—this could conservatively result in $60.6 million in funds put to better use in every year following the determination.
Gaps in FHWA’s Guidance and the Florida Division’s Process for Risk-Based Project Involvement May Limit Their Effectiveness
2020
No. 1 to FHWA
Update and implement FHWA's guidance for risk-based project involvement to clarify the requirements for its project risk-assessment process, including expectations for conducting and documenting the risk assessment and criteria to guide the reevaluation of project risks.
2020
No. 2 to FHWA
Identify and notify Divisions about sources of information that can inform the project risk-assessment process, such as the quarterly reports required by the grant agreement for the Florida International University project.
2020
No. 3 to FHWA
Update and issue a procedure within the Florida Division for conducting and documenting complete project risk assessments in accordance with FHWA's national guidance.
2020
No. 4 to FHWA
Update and implement FHWA's guidance for risk-based project involvement to clarify how the link between elevated risks and associated oversight activities, changes to oversight actions, and the results of its risk-based involvement should be documented in project oversight plans.
2020
No. 5 to FHWA
Develop and implement guidance for documenting, in risk-based project oversight plans and associated materials, the scope of FHWA's risk-based involvement, such as through the use of checklists or standardized forms.
2020
No. 6 to FHWA
Develop and implement guidance that establishes criteria for the content of risk-based project oversight plans to maintain consistency and avoid creating multiple redundant plans. Include examples of complete project oversight plans that can be used as a reference, and clarify the role and purpose of the oversight plan for major projects.
2020
No. 7 to FHWA
Update and issue a procedure within the Florida Division for documenting complete risk-based project oversight plans in accordance with FHWA's national guidance.
2020
No. 8 to FHWA
Develop and implement a process to routinely monitor the implementation and evaluate the effectiveness of FHWA's risk-based project involvement.
Summary Report on Significant Single Audit Findings Impacting DOT Programs for the 3-Month Period Ending March 31, 2020
2020
No. 1 to OST
Coordinate with impacted Operating Administrations (OA) to develop a corrective action plan to resolve and close the findings highlighted in this report.
2020
No. 2 to OST
Determine the allowability of the questioned transactions and recover $2,227,535, if applicable.
Oversight Weaknesses Limit FRA’s Review, Approval, and Enforcement of Railroads’ Drug and Alcohol Testing Programs
2020
No. 1 to FRA
Develop and implement written procedures for reviewing and approving railroads' Part 219 compliance plans, to include an oversight control, such as a supervisory or second-level review, to validate results.
2020
No. 2 to FRA
Develop and implement a formal written process for tracking all Part 219 audits.
2020
No. 3 to FRA
Develop and implement a written process for tracking and following up on all action items issued from Part 219 compliance audits to verify that railroads have taken corrective actions.
2020
No. 4 to FRA
Update Drug and Alcohol program guidance for both railroads and inspectors to reflect the 2017 Maintenance-of-Way requirements.
PHMSA Has Incomplete Guidance for Evaluating the Siting of Proposed Liquefied Natural Gas Facilities and Monitoring State Pipeline Safety Programs
2020
No. 1 to PHMSA
Update and implement the Agency's procedures for reviewing the siting of proposed LNG facilities by adding steps to verify the accuracy and completeness of reviews conducted by Agency or subcontractor engineers and to document the verification.
2020
No. 2 to PHMSA
Update and implement the Agency's procedures for conducting evaluations of State natural gas programs, including how to (a) incorporate random sampling into the selection of operators and facilities for testing and (b) identify the records or other evidence that are needed to support the evaluation.
2020
No. 3 to PHMSA
Update guidelines to States to require at least one inspection team member to have completed all required training for lead inspectors.
DOT’s Fiscal Year 2019 IPERA Compliance Review
2020
No. 1 to OST
Implement procedures to require Federal Highway Administration to review about $28,000 identified as improper payments and recover as appropriate.
2020
No. 2 to OST
Implement procedures to require that Federal Highway Administration develop a process to: a. detect grantees that have not reduced improper payments for 3 consecutive fiscal years or over the 3-year risk assessment cycle, and b. review those grantees' root causes to implement robust/individual corrective actions. Implementation of this recommendation could put approximately $169 million in funds to better use.
FAA Lacks Sufficient Security Controls and Contingency Planning for Its DroneZone System
2020
No. 1 to FAA
Perform a comprehensive assessment of DroneZone and LAANC's security controls that at a minimum provides the correct implementation status for system specific, common, and hybrid controls, and issue a new Authorization to Operate decision for DroneZone and its interconnected system LAANC.
2020
No. 2 to FAA
Update the security assessment documents for DroneZone and LAANC to reflect the results of all security controls (e.g., common, hybrid, and system-specific) for selection, implementation, and assessing, per DOT requirements.
2020
No. 3 to FAA
Establish and implement controls for monitoring, updating, and remediating open security weaknesses as well as the accepted risk in DOT repository for managing security weaknesses, per the DOT Security Weakness Management Guide.
2020
No. 4 to FAA
Implement procedures to validate that Security Officials responsible for DroneZone and LAANC are trained on NIST and DOT policy for assessing security controls, and require them to follow the guidance.
2020
No. 5 to FAA
Develop Standard Operating Procedures for the use of common and hybrid controls to include at a minimum: a.) System owners must review the cloud provider Control Implementation Summary report to verify and document what controls are the customer's versus the cloud provider's. b.) System owners must review monthly cloud provider POA&Ms and develop a risk mitigation strategy or compensating controls to address any identified vulnerabilities that may impact its system cybersecurity posture. c.) System owners must coordinate with FAA common/hybrid control providers to verify the controls' actual implementation status and document them accurately in the appropriate security document.
2020
No. 6 to FAA
Verify and validate that all external information systems providing cloud services to DroneZone and LAANC are FedRAMP-authorized; if not, obtain a departmental waiver approving their use.
2020
No. 7 to FAA
Develop and implement a process clearly defining how privacy controls are identified, assessed, and documented, and work with the departmental Chief Privacy Officer in developing and implementing the process.
2020
No. 8 to FAA
Complete modification to LAANC Memorandums of Agreement with UAS Service Suppliers to enhance data security and transparency and direct the Authorizing Official to verify and validate that all UAS Service Suppliers are adhering to security requirements outlined in the Memorandum of Agreement.
2020
No. 9 to FAA
Develop and implement a process for testing DroneZone information systems for contingency planning, to include business impact analysis continuity of operations plans, business continuity plans, disaster recovery plans, and Information System Contingency Planning (ISCP).
2020
No. 10 to FAA
Develop a process to annually document FAA security officials communicating all contingency planning development, planning, and recovery activities to all stakeholders and executive management prior to authorizing officials making risk-based decisions.
2020
No. 11 to FAA
Complete an appropriate ISCP test for DroneZone with its contractor and cloud service provider to ensure the ISCP strategies can be implemented successfully.
2020
No. 12 to FAA
Provide and verify that the required DroneZone personnel listed in the ISCP receive annual contingency planning training.
2020
No. 13 to FAA
Develop, test and implement an alternative back-up solution verifying that DroneZone data can be backed-up and available to transport to alternate sites in the event the cloud service provider availability zone is unavailable
Quality Control Review of the Management Letter for FAA’s Audited Consolidated Financial Statements for Fiscal Years 2019 and 2018
2020
No. 1 to FAA
KPMG recommends that FAA management consider adjusting the EC&D liability for any significant changes in factors impacting the EC&D liability that can be reasonably estimated (i.e., inflation) as of and for the year ended September 30, 2019.
2020
No. 2 to FAA
KPMG recommends that FAA management develop an information processing guide to assist in the effective operation of the HQ Journal Entry Control Log Reconciliation to ensure the reconciliation is consistently utilizing complete and accurate information, including all entries posted by usernames with HQ journal entry posting responsibility.
2020
No. 3 to FAA
KPMG recommends that FAA management revise policies and procedures to ensure that the review of grant invoices includes the review and validation of compliance with terms and conditions per the applicable grant agreement.
2020
No. 4 to FAA
KPMG recommends that FAA management enforce the policy that monthly audits are conducted by ESC-EDC personnel, as required by TOPS policy, to ensure that the bi-weekly log reviews are completed as required. In addition, FAA should ensure that the required monthly audits are tracked via checklist and certified by ESC-EDC personnel who conducted the audit. If ESC-EDC personnel determine that the bi-weekly reviews have not been properly completed, the ESC-EDC personnel should follow-up with the DBA to ensure that incomplete reviews are remediated and future bi-weekly log reviews are completed timely, as required by TOPS policy.
2020
No. 5 to FAA
KPMG recommends that FAA management update the purchase request application system's SSP to reflect the design and implementation of the formalized procedures for performance of the periodic user recertification.
2020
No. 6 to FAA
KPMG recommends that FAA management design and implement a process in coordination with Human Resources, to ensure that the contractor and the environmental cleanup tracking application system owner remove terminated users within a defined period of time subsequent to the individuals' termination date.
2020
No. 7 to FAA
KPMG recommends that FAA management implement a change control procedure which includes: change control documents, change control board approval, configuration change testing, and development team approval prior to preceding with implementing changes into production.
2020
No. 8 to FAA
KPGM recommends that FAA management continue to perform its existing monitoring procedures over excise tax revenue allocations by the IRS. In addition, KPMG recommends that FAA management communicate instances where allocations and certifications of excise tax revenue are materially inconsistent with expectations to Department of Transportation leadership and to the Department of Transportation's Office of the Inspector General to facilitate the timely allocation and certification of excise tax revenues by the IRS.
Quality Control Review of the Management Letter for DOT’s Audited Consolidated Financial Statements for Fiscal Years 2019 and 2018
2020
No. 1 to FTA
KPMG recommends that FTA management design and implement a process to ensure that a complete population of received FFRs are considered in the retrospective review.
2020
No. 2 to FTA
KPMG recommends that FTA management document the revised FFR submission policy in their grant methodology to consider the potential impact on the retrospective review process.
2020
No. 3 to FRA
KPMG recommends that FRA management implement policies and procedures to establish a formal process to assess applicable third-party service organization reports that includes reviewing the SOC-1 report, reviewing and comparing reporting updates year-over-year, and reviewing findings and their impact on the grants management system.
2020
No. 4 to FRA
KPMG recommends that FRA management implement policies and procedures to establish a formal process to assess applicable third-party service organization reports that includes implementing the service provider's recommended Complementary User Entity Controls (CUECs) and monitoring these controls for proper implementation and operating effectiveness.
2020
No. 5 to FHWA
KPMG recommends that FHWA develop and implement a process to notify appropriate authoritative personnel in the event that the division sponsor has not completed its user reviews timely ensuring that monthly reviews of user access within the application are completed by all divisions in accordance with the Fiscal Management Information System Standard Operating Procedures (SOP).
2020
No. 6 to FHWA
KPMG recommends that FHWA Management revise its currentbi-weekly review process in coordination with Human Resources to ensure thatthe grants management application system owners remove terminated users withina defined time period of their termination date and that the User AccessRemoval SOP be updated to reflect the Human Resource coordination and thedefined time period.
2020
No. 7 to FHWA
KPMG recommends that the FHWA determine the appropriate role for the grant management application user based on job function, and revoke user access to the incompatible role.
2020
No. 8 to FHWA
KPMG recommends that the FHWA ensure that access policies and procedures regarding segregation of duties are enforced when granting users access to the grants management application via Role Based Access Control procedures as defined in the Manage Accounts SOP.
2020
No. 9 to FHWA
KPMG recommends that the FHWA develop and implement a periodic review of access for the Database Administrators and Developers for the grants management application.
2020
No. 10 to FHWA
KPMG recommends FHWA management update the SOP, to clearlydefine the UPACS audit log environment, log mechanisms, and frequency anddocumentation of the log reviews.
2020
No. 11 to FHWA
KPMG recommends FHWA management enforce the Manage Log Review Files SOP or similar procedure that requires the Windows System Administrator to review Grant Management Application/UPACS operating system logs on a daily basis and digitally certify the reviews on a weekly basis.
2020
No. 12 to FHWA
KPMG recommends F HWA management ensure that System Administrators (SA) or Database Administrators (DBA) review past Grant Management Application/UPACS operating system log records for completion. If SAs or DBAs determine that the Windows Weekly log records, are not completed as required, SAs and DBAs should follow-up with the Windows System Administrator to ensure that incomplete reviews are remediated and future weekly log reviews are completed timely.
2020
No. 13 to FHWA
KPMGrecommends FHWA management enforce the Manage Log Review Files SOP or similarprocedure that requires the System Administrators to review Grant ManagementApplication/ UPACS logs on a daily basis and digitally certify the reviews on aweekly basis.
2020
No. 14 to FHWA
KPMG recommends FHWA management ensure that System Administrators (SA) or Database Administrators (DBA) review past Grant Management Application/UPACS log records for completion. If SAs or DBAs determine that the UNIX/Oracle log records, are not completed as required, SAs and DBAs should follow-up with the UNIX/Oracle System Administrators to ensure that incomplete reviews are remediated and future weekly log reviews are completed timely.
Quality Control Review of the Management Letter for NTSB’s Audited Financial Statements for Fiscal Years 2019 and 2018
2020
No. 1 to NTSB
Enhance existing policies and procedures to ensure that the account balances, line items, and all corresponding balances reported in the agency's trial balance are complete, accurate, and classified according to their economic substance.
2020
No. 2 to NTSB
Enhance existing policies and procedures to ensure that the account balances and line items reported in the financial statement footnotes agree with the agency's adjusted trial balance for the corresponding reporting period.
2020
No. 3 to NTSB
Enforce existing policies and procedures regarding the review and approval of manual journal vouchers to ensure that all required levels of review are completed and the process is properly documented.
DOT Needs To Enhance Oversight of Its Purchase Card Program To Mitigate Internal Control Weaknesses
2020
No. 1 to OST
Develop procedures to ensure purchase card files are complete. At a minimum, ensure cardholders verify that: a. supervisory and/or program office approval has been obtained prior to making purchases; b. funds availability has been confirmed prior to making purchases; c. required supporting documentation is on file; d. items purchased have been received and services have been accepted; and e. sales tax has not been charged.
2020
No. 2 to OST
Implement procedures to ensure cardholders retain records in accordance with the National Archives and Records Administration's general records schedule.
2020
No. 3 to OST
Update purchase card guidance to include appropriate language that states that purchase cards cannot be used to pay for unauthorized commitments without appropriate documentation showing that the unauthorized commitment has been ratified in accordance with FAR 1.602-3.
2020
No. 4 to FAA
Develop procedures to ensure purchase card files are complete. At a minimum, ensure cardholders verify that: a. supervisory and/or program office approval has been obtained prior to making purchases; b. funds availability has been confirmed prior to making purchases; c. required supporting documentation is on file; d. payment amounts match to invoices; e. items purchased have been received and services have been accepted; and f. sales tax has not been charged.
2020
No. 5 to FAA
Implement procedures to ensure cardholders retain records in accordance with the National Archives and Records Administration's general records schedule.
2020
No. 6 to FAA
Update purchase card guidance to include appropriate language that states that purchase cards cannot be used to pay for unauthorized commitments without appropriate documentation showing that the unauthorized commitment has been ratified.
2020
No. 7 to FAA
Develop and implement controls to ensure that all trainings are administered timely in FAA's electronic learning management system, and ensure cardholders complete refresher training in a timely manner.
2020
No. 8 to FAA
Establish procedures to enforce the suspension of purchasing authority for cardholders that do not satisfy the refresher training requirement.
2020
No. 9 to FAA
Reiterate the importance of following the employee close out and clearance process to Purchase Cardholders, Approving Officials and Agency Program Coordinators, when a cardholder separates from the agency or the purchase card program.
2020
No. 10 to FAA
Develop and implement a process to monitor purchase transactions that involve credits to ensure the follow-up is performed and credits are received timely.
2020
No. 11 to OST
Update TAM Chapter 1213, Appendix A to include appropriate language that indicates that purchase cards cannot be used to pay for unauthorized commitments without appropriate documentation showing that the unauthorized commitment has been ratified in accordance with FAR 1.602-3.
2020
No. 12 to OST
Update Departmental policy and procedures to require all OAs (excluding FAA) to include a requirement to obtain supervisory and/or program office approval before purchases are made.
2020
No. 13 to OST
Update the TAM to require OAs (excluding FAA) to certify individual purchase card program manuals to comply with TAM requirements.
FAA’s Competitive Award Practices Expose Its Major Program Contracts to Cost and Performance Risks
2020
No. 1 to FAA
Revise the Acquisition Management System (AMS) and/or FAA's Contract Pricing Handbook to address challenges around conducting appropriate price and cost analyses in order to reliably assert and support a fair and reasonable price determination for a major program contract award. This should include techniques and scenarios to address specific issues that could arise during the award process, such as establishment of a contract ceiling amount at award that includes pricing for all contract work (including option years) using a sound source or basis
2020
No. 2 to FAA
Revise AMS to require acquisition planning for both competitive and noncompetitive major program contracts to allow adequate time and the possibility for achieving competition of option years and follow-on contracts.
2020
No. 3 to FAA
Strengthen internal controls to verify that all independent government cost estimates (IGCE) are completed in compliance with Agency requirements prior to the award of a major program contract. Implementing this recommendation could put up to $4.9 billion in Federal funds to better use by improving FAA's ability to establish contract pricing that is fair, reasonable, and realistic.
2020
No. 4 to FAA
Revise AMS to clarify requirements around what actions the Program Office must take prior to the award of a major program contract when an IGCE varies by more than 15 percent from the proposed offer, and strengthen internal controls to verify these requirements are followed.
2020
No. 5 to FAA
Strengthen internal controls to hold acquisition and program officials accountable for providing timely signatures on packages for any major program contract procurement action—such as increasing the ceiling or definitizing a contract line item number—to be submitted for Chief Financial Officer approval, per Agency requirements.
2020
No. 6 to FAA
Strengthen internal controls to ensure a sound rationale is documented to support each noncompetitive major program contract, per Agency requirements, before the award is made. Implementing this recommendation could put up to $17.3 million to better use by allowing FAA to realize the benefits of competition and make more efficient use of these Federal funds.
2020
No. 7 to FAA
Strengthen internal controls to verify compliance with Agency requirements for conflict of interest agreements to be completed by all officials involved in a major program contract source selection process before they perform any of their responsibilities.
2020
No. 8 to FAA
Strengthen internal controls to verify compliance with Agency requirements regarding completion and approval of source selection evaluation plans for major program contracts.
2020
No. 9 to FAA
Strengthen internal controls to verify compliance with Agency requirements to use code names in lieu of contractor names in all source selection and evaluation communication and documentation for major program contracts.
2020
No. 10 to FAA
Strengthen internal controls to verify compliance with Agency requirements for maintaining centralized files for major program contracts—including a complete record of the acquisition history and decisions—and for archiving and destroying documentation.
FAA Has Not Effectively Overseen Southwest Airlines’ Systems for Managing Safety Risks
2020
No. 1 to FAA
Ensure Southwest Airlines complies with regulatory requirements to provide accurate weight and balance information to pilots, or grant an exemption that justifies the non-compliance being in the public interest.
2020
No. 2 to FAA
Retrain inspectors at the local oversight office for Southwest Airlines on the purpose and proper use of the Voluntary Disclosure Reporting Program.
2020
No. 3 to FAA
Train managers and inspectors of the local oversight office on their roles and responsibilities to work with Southwest Airlines for root cause analysis.
2020
No. 4 to FAA
Enhance management controls to ensure designated airworthiness representatives comply with established procedures to verify that aircraft conform to U.S. airworthiness standards.
2020
No. 5 to FAA
Develop a management control to ensure that designated airworthiness representatives verify the completeness and accuracy of maintenance records, and do not rely on air carrier provided summary data to make airworthiness determinations.
2020
No. 6 to FAA
Complete a compliance review of other certificates issued by the designated airworthiness representatives used by Southwest Airlines.
2020
No. 7 to FAA
Ensure Southwest Airlines complies with regulatory requirements that the 88 previously owned aircraft conform to U.S. aviation standards.
2020
No. 8 to FAA
Train inspectors on FAA's process to provide feedback on designated airworthiness representatives when corrective actions are needed, and provide inspectors access to the system used to provide feedback.
2020
No. 9 to FAA
Develop and implement a management control to ensure air carriers and inspectors do not use Safety Management Systems as a substitute for regulatory compliance.
2020
No. 10 to FAA
Develop and implement guidance on how to evaluate air carrier safety risk assessments to ensure the carrier has performed a comprehensive analysis, identified root causes, and established appropriate corrective actions.
2020
No. 11 to FAA
Develop and implement inspector guidance on how to evaluate air carrier safety culture and how it should be factored into oversight decisions.
Summary Report on Significant Single Audit Findings Impacting DOT Programs for the 4-Month Period Ending December 31, 2019
2020
No. 1 to OST
Coordinate with impacted Operating Administrations (OA) to develop a corrective action plan to resolve and close the findings highlighted in this report.
2020
No. 2 to OST
Determine the allowability of the questioned transactions and recover $1,135,453, if applicable.
Improved FRA Decision Making and Financial Oversight Processes Could Have Reduced Federal Risks from the California High-Speed Rail Project
2020
No. 1 to FRA
Revise and implement policies and procedures for when to escalate grant noncompliance issues within FRA. At a minimum, these procedures should include criteria for when to escalate noncompliance issues beyond FRA's grants management division, and documentation of FRA's decisions and rationale.
2020
No. 2 to FRA
Revise and implement policies and procedures for defining FRA's tolerance for the risk of grantee noncompliance with specific deliverable requirements, periodically assessing those risks, and documenting the resulting risk-based agency decisions on the depth of review to conduct of deliverables.
2020
No. 3 to FRA
Define a framework for determining the minimum acceptable standards of what an interim use plan for new infrastructure funded by FRA grants should provide, and procedures for evaluating these plans.
2020
No. 4 to FRA
Revise and implement guidance for FRA staff to conduct detailed assessments of grantees' procedures for complying with Federal expenditure requirements. This guidance should include steps for when and how FRA staff are to test grantees' implementation of their procedures through sampling and in-depth reviews of selected expenditures.
NextGen Equipage: ADS-B Out Equipage Rates Are Increasing, but FAA Must Address Airspace Access Issues
2019
No. 1 to FAA
Complete publication of the FAA advisory circular that formalizes interim guidance regarding the Service Availability Prediction Tool.
2019
No. 2 to FAA
Analyze the feasibility of developing automated systems toprovide operators with more timely information regarding GPS issues, such asoutages and degradations, and if feasible, implement them.
2019
No. 3 to FAA
Identify remaining steps and target action dates forcompleting the ADS-B Deviation Authorization Pre-Flight Tool system, as well ascontingencies if the system is not operational by the 2020 deadline.
FAA Needs To Improve Its Oversight To Address Maintenance Issues Impacting Safety at Allegiant Air
2019
No. 1 to FAA
Develop and implement a management control to require managers to review and validate that known risks documented in the Safety Assurance System Certificate Holder Assessment Tool are tracked until mitigated.
2019
No. 2 to FAA
Develop and implement policies and procedures to monitor inspector compliance with Safety Assurance System training requirements.
2019
No. 3 to FAA
Revise its inspector guidance to require Certificate Holder Evaluation Process teams to report inspection results to the local inspection office, including a determination on whether the carrier is operating at the highest possible degree of safety in the public interest and how the team reached that conclusion.
2019
No. 4 to FAA
Revise its Compliance and Enforcement guidance and its Inspector guidance to include the severity of outcomes as a factor in considering whether inspectors should initiate compliance or enforcement actions.
2019
No. 5 to FAA
Develop and implement a resolution process to ensure disagreements in handling non-compliances are dealt with consistently, using the most appropriate processes and all relevant information.
2019
No. 6 to FAA
Revise its inspector guidance to clarify how inspectors address recurring non-compliances as a factor in considering whether they should initiate compliance or enforcement actions.
2019
No. 7 to FAA
Revise its inspector guidance to require inspectors to determine that corrective actions taken by air carriers are implemented and have addressed known discrepancies prior to closing compliance actions.
2019
No. 8 to FAA
Perform a comprehensive review of FAA's root cause analysis training to ensure it meets Agency expectations. Modify training, as appropriate, based on the review and require inspectors to complete the course(s) or offer inspectors access to industry-based training programs.
2019
No. 9 to FAA
Develop and implement a process to incorporate historical compliance actions in SAS for inspectors to track current and historical compliance actions.
FAA Needs To Improve Oversight and Enhance Transparency in Its Franchise Fund
2019
No. 1 to FAA
Engage an auditor to perform an independent audit of the Franchise Fund's financial statements in accordance with generally accepted Government auditing standards and the Government Accountability Office's Financial Audit Manual and that includes an opinion on the Fund's internal controls.
2019
No. 2 to FAA
Develop and implement a process directing the Logistics Center to maintain detailed records of the age and costs of inventory items as a way to identify obsolete items and prevent unnecessary storage and maintenance costs or purchase of assets already on hand.
2019
No. 3 to FAA
Revise the accounting treatment for imputed costs to avoid the appearance of overstating losses.
2019
No. 4 to FAA
Assign the unassigned balance of $6.9 million in unfilled customer orders identified in this report to the appropriate Franchise Fund service organization(s).
2019
No. 5 to FAA
Review the $2.6 million in unused unfilled customer orders identified in this report, and return the unexpended balances as appropriate.
2019
No. 6 to FAA
Develop and implement a plan to improve oversight of the Franchise Fund's unfilled customer orders balance, such as tracking performance to ensure unexpended funds are returned timely as required. Implementing this recommendation could potentially put $26 million in funds to better use.
2019
No. 7 to FAA
Revise the Franchise Fund's policies on agreements to include dealing with delinquent agreements, and require service organizations to adhere to applicable DOT and FAA policies. Implementing this recommendation could potentially put $39 million in funds to better use.
2019
No. 8 to FAA
Implement the requirement that service organizations collect advance payments before they provide products or services, in accordance with Public Law 104-205.
2019
No. 9 to FAA
Develop and implement a process that requires Franchise Fund service organizations to respond promptly to customer questions about agreements and price changes before the period of performance begins.
2019
No. 10 to FAA
Develop and implement formal, documented procedures that require service organizations to include a business case when they submit a capital reserve project to the Franchise Fund Management Council for approval to ensure the project represents the best value.
2019
No. 11 to FAA
Implement the Major Business Investment and Expenditures Policy requirement to document formal approval of capital reserve projects.
2019
No. 12 to FAA
Develop a plan that clearly describes the Franchise Fund Management Council's vision, goals and expected outcomes for the services provided to its customers. The plan should include what initiatives or specificactions the Council will take to provide the additional oversight and transparency needed.
2019
No. 13 to FAA
Develop Franchise Fund process and procedures that require (a) customers to document bona fide needs for new projects before agreements are written and funds obligated and advanced and (b) service organizations to accept year-end funding only for projects that clearly represent a bona fide need.
Quality Control Review of the Independent Auditor’s Report on the Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2019 and 2018
2019
No. 1 to FAA
KPMG recommends that FAA management design and implement procedures to consistently perform and document application log reviews as required by existing internal policies.
2019
No. 2 to FAA
KPMG recommends that FAA management design and implement procedures to consistently perform and document database layer audit log reviews as required by existing internal policies.
2019
No. 3 to FAA
KPMG recommends that FAA management design and implement procedures to consistently perform and document operation system layer log reviews as required by existing internal policies.
2019
No. 4 to FAA
KPMG recommends that FAA management design and implement procedures to consistently perform and document application level user account access reviews as required by existing internal policies.
2019
No. 5 to FAA
KPMG recommends that FAA management design and implement procedures to consistently perform and document operating system administrative account access reviews as required by existing internal policies.
2019
No. 6 to OST
KPMG recommends that Office of the Secretary management design controls which are sufficiently precise to ensure that each of the data inputs which are key to the cash flow projections are defined (including for loans expected to reach the substantial disbursement threshold); control procedures are sufficiently designed and documented to ensure that the inputs are validated against source documents; and the inputs are accurate prior to the annual subsidy re-estimation in September.
2019
No. 7 to FRA
KPMG recommends that FRA management develop an accrual methodology for incurred but not submitted grantee expenses at year-end.
2019
No. 8 to FRA
KPMG recommends that FRA management develop a process to improve communications between the Grant Office and Office of Financial Services to ensure all available expense information is recorded in the proper reporting period.
Quality Control Review of the Independent Auditor’s Report on the Surface Transportation Board’s Audited Financial Statements for Fiscal Years 2019 and 2018
2019
No. 1 to STB
LSC recommends STB ensure that year-end schedules are updated to allow sufficient timeframes to accomplish STB established internal control processes in an effective manner.
2019
No. 2 to STB
LSC recommends STB require the accounting service provider to provide to STB evidence of quality control reviews signed and approved by supervisory personnel prior to accepting receipt of these documents.
2019
No. 3 to STB
LSC recommends STB reject financial statements and related supporting documentation when the accounting service provider submits incomplete or inaccurate data.
Quality Control Review of the Independent Auditor’s Report on the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2019 and 2018
2019
No. 1 to FAA
KPMG recommends that Management design and implement procedures to consistently perform and document the following, as required by existing internal policies: Application log reviews.
2019
No. 2 to FAA
KPMG recommends that Management design and implement procedures to consistently perform and document the following, as required by existing internal policies: Database layer audit log reviews.
2019
No. 3 to FAA
KPMG recommends that Management design and implement procedures to consistently perform and document the following, as required by existing internal policies: Operating System layer log reviews.
2019
No. 4 to FAA
KPMG recommends that Management design and implement procedures to consistently perform and document the following, as required by existing internal policies: Application level user account access reviews.
2019
No. 5 to FAA
KPMG recommends that Management design and implement procedures to consistently perform and document the following, as required by existing internal policies: Operating system administrative account access reviews.
2019
No. 6 to FAA
KPMG recommends that management design and implement review and approval control activities specific to the setup of a new donated inventory part in LCSS to ensure the established unit cost and related attributes are based on supportable and accurate information.
2019
No. 7 to FAA
KPMG recommends that management r edesign policies and procedures unique to LCSS and the receipting scenarios that are acceptable for the MISC and F&E purchase order receipt process which support the accuracy of inputs. Further, management should design and implement review and approval control activities surrounding the creation of MISC and F&E purchase orders in LCSS to ensure the unit cost and other attributes which are critical for the appropriate valuation, are valid and accurate.
Gaps in Internal Controls Impede the Department’s Management of Working Capital Fund Laptops
2019
No. 1 to OST
Update DOT DASH 2016-01 to specifically state that FAA Strategic Sourcing for the Acquisition of Various Equipment & Supplies (SAVES) is not an approved vehicle under Office of Management and Budget (OMB) requirements.
2019
No. 2 to OST
Document the revised IT Spend Plan process to verify OAs meet OMB requirements when procuring laptop computers.
2019
No. 3 to OST
Implement enhanced physical security controls for the Information Technology Shared Services (ITSS) asset room where Working Capital Fund (WCF)-funded laptops are stored.
2019
No. 4 to OST
Develop and implement supplemental guidance that defines responsibilities for the Office of Facilities, Information, and Asset Management (OFIAM) and ITSS with respect to receipt, inspection, and acceptance, and inventory management processes and procedures for WCF-purchased laptops.
2019
No. 5 to OST
Update DOT Order 4410.4 to include: a. Defining roles and responsibilities of DOT offices and personnel with respect to management of WCF laptop computers. b. Requiring hand receipts or a similar form whenever an accountable property asset (e.g., laptop) is assigned or unassigned to/from a user. c. Requiring record retention of records from hand receipts or a similar control with the appropriate property official. d. Establishing a timeframe for submitting Reports of Survey to OFIAM.
2019
No. 6 to OST
Establish a Board of Survey to review instances of lost or damaged WCF equipment as required by DOT Order 4410.4.
2019
No. 7 to OST
Develop and implement a process for verifying the timely and accurate entry of laptop computer data into OFIAM's official personal property system of record, to include establishing data entry timeframes, key fields (e.g., procurement and delivery dates), and quality control checks.
2019
No. 8 to OST
Develop and implement procedures for conducting the annual property inventory to include obtaining missing hand receipts or similar control and timely resolution of discrepancies for WCF laptops. Implementation of this recommendation could result in $2.9 million in funds put to better use.
FTA’s Limited Oversight of Grantees’ Compliance With Insurance Requirements Puts Federal Funds and Hurricane Sandy Insurance Proceeds at Risk
2019
No. 1 to FTA
Reduce permanently NYC DOT's Hurricane Sandy total damage assessment by $2.125 million to remove the ineligible expenses.
2019
No. 2 to FTA
Assess the necessary data to affirm that Hurricane Sandy recovery grantees carried flood insurance that complied with the Flood Disaster Protection Act (FDPA). For any Hurricane Sandy recovery grantee that FTA determines had uninsured buildings, contents, or both that should have been insured in compliance with the FDPA, permanently reduce the grantee's total Hurricane Sandy damage assessment by the aggregate amount of the maximum available National Flood Insurance Program (NFIP) insurance or the amount of the Federal investment in the property prior to the storm (whichever is less).
2019
No. 3 to FTA
Develop and implement procedures within FTA's Triennial and State Management Reviews to assess the necessary data to affirm that each grantee undergoing a comprehensive review carries flood insurance that complies with the FDPA. FTA's suggested corrective actions for any grantee deficiency in this area should include, at a minimum, requiring the grantee to submit to FTA documentation showing proof of flood insurance in the aggregate amount of the maximum available NFIP insurance or the amount of the Federal investment (whichever is less) for all structures required to have it.
2019
No. 4 to FTA
Revise FTA’s Emergency Relief Program (ERP) guidance to include a timeframe within which grantees must apply insurance proceeds to support the policy described in its ERP Final Rule.
2019
No. 5 to FTA
Require the Hurricane Sandy Recovery grantees to apply their insurance proceeds in accordance with the timeframe established in the revised ERP guidance and in support of the policy described in its ERP Final Rule. Implementation of this recommendation could put over $982.8 million in funds to better use. This is the amount of transit-related insurance proceeds that grantees have received but have not yet spent on eligible transit recovery projects.
2019
No. 6 to FTA
Require MTA to apply the full amount of its transit-related insurance proceeds to eligible transit projects. Implementation of this recommendation could put up to $180.7 million in funds to better use.
2019
No. 7 to FTA
Develop procedures to track grantee allocation plan implementation for expenditures solely funded with insurance proceeds.
2019
No. 8 to FTA
Revise the ERP Toolkit checklist to include a step for FTA Regional staff to crosscheck against the approved insurance allocation plan when reviewing Hurricane Sandy grant applications and awarding Hurricane Sandy grants.
Quality Control Review of the Independent Auditor’s Review of DOT’s DATA Act Implementation
2019
No. 1 to OST
Implement and document a formal quarterly review process to ensure that any non-fatal warnings at the Operating Administration level are investigated, and actions to address the warnings are clearly documented.
2019
No. 2 to OST
Implement and document a formal quarterly review process to ensure that any variances identified between File A and the DOT's GTAS SF-133, and File B and OMB Circular No. A-11 and President's budget are clearly explained and documented.
2019
No. 3 to OST
Implement and document an internal oversight review process for financial assistance awards to ensure that controls are in place to verify recipients are registered in SAM at the time of financial assistance award.
2019
No. 4 to OST
Develop processes to evaluate future reporting of those data elements identified as being inconsistent with DAIMS guidance.
Quality Control Review of the Independent Auditor’s Report on DOT’s Information Security Program and Practices
2019
No. 1 to OST
Perform a review of all Plans of Action and Milestone (POA&M) items closed during the audit period to include supporting documentation and re-approve their closure.
2019
No. 2 to OST
Revise current security weakness management policies and procedures (documenting within a revision history table) to require documented evidence such as calendar appointments, meeting minutes, etc. in support of POA&M closure decisions to be uploaded into CSAM.
2019
No. 3 to OST
Work with the OA CIOs to review current assessment and authorization processes and implement a validation process to ensure updated security plans, ATOs and risk assessments are reviewed and updated to reflect all system (including privacy) controls, vulnerabilities, and that current risks are clearly presented to the authorizing officials.
2019
No. 4 to OST
Work with the OA CIOs to develop mechanisms to ensure updated system security plans and assessments of security controls (that were previously assessed as not satisfied or partially satisfied) reflect current operational environments, including an accurate status of the implementation of system security controls, and all applicable security controls are properly evaluated.
2019
No. 5 to OST
Document OA subnets and OA responsibilities for devices and systems operating on the Common Operating Environment.
2019
No. 6 to OST
Document and implement network segmentation to reduce the attack surface or susceptibility of vulnerable and sensitive OA assets in the Common Operating Environment.
2019
No. 7 to OST
Work with OAs to remediate outstanding identity and access management weaknesses through implementation and closure of POA&Ms and control assessments to determine whether these risks were addressed.
2019
No. 8 to OST
Work with Component Privacy Officers (POs) to develop and implement procedures then verify the completion, review, tracking and approval through review of updated PTAs, PIAs and SORNs.
2019
No. 9 to OST
Document and implement a process to ensure incident response procedures related to the timely notification, reporting, updating, and resolution of security incidents are followed in accordance with policy.
2019
No. 10 to OST
Review and update the OCIO Cyber Security Incident Response Plan, documenting evidence of review and revisions within a history log.
2019
No. 11 to OST
Resolve any inconsistencies with respect to Departmental policies and procedures, which prescribe conflicting directions on whether DOT components are required to provide, develop and update incident response plans, documenting evidence of review and revisions within a history log.
2019
No. 12 to OST
Implement a process to ensure incident response plans are developed for all OAs and updated on at least an annual basis.
2019
No. 13 to OST
Work with the OST's Office of Intelligence, Security and Emergency Response to ensure the DOT COOP is reviewed and updated (noting evidence of the review within a history/revision log).
2019
No. 14 to OST
Work with the OA CIOs to remediate identified weaknesses in contingency plans and BIAs, such as missing information, lack of timely review, and inadequate approvals, demonstrated by updated contingency plans and BIAs.
Summary Report on Significant Single Audit Findings Impacting DOT Programs for the 3-Month Period Ending August 31, 2019
2019
No. 1 to OST
Coordinate with impacted Operating Administrations (OA) to develop a corrective action plan to resolve and close the findings highlighted in this report.
2019
No. 2 to OST
Determine the allowability of the questioned transactions and recover $1,005,222.00, if applicable.
DOT Needs To Strengthen Its Oversight of IAAs With Volpe
2019
No. 1 to OST
Implement requirements for documenting the rationale forentering into intra-agency agreements (IAA) with the John A. Volpe NationalTransportation Systems Center (Volpe), including why the proposed agreement isin the OA's best interest.
2019
No. 2 to OST
Implement a process to ensure OAs' spend plans, or an alternative mechanism, include descriptions of current and planned Volpe IAA projects, as well as the projects' current and future funding needs.
2019
No. 3 to OST
Implement oversight procedures in compliance with section 1.4.3 of DOT Order 1200.9 to verify use of required forms and the inclusion of required elements when executing Volpe IAAs, including but not limited to buyer obligation numbers, lines of accounting to be charged, and Treasury Appropriation Fund Symbols.
2019
No. 4 to OST
Implement procedures to verify compliance with departmental requirements for conducting IAA financial completion processes and returning unused funds after the period of performance ends.
2019
No. 5 to OST
Comply with DOT Order 1200.9's financial completion and IAA closeout process requirements for the IAAs identified in table 3 of this report, and determine whether to close them and deobligate the appropriate portions of the $5,966,933 we identified. Implementing this recommendation across the 854 IAAs in our audit universe could potentially put up to $33.3 million in funds to better use.
2019
No. 6 to OST
Develop and implement procedures to communicate with and train relevant OA staff (e.g., Program Office, Acquisitions/Procurement Office, and Budget/Finance Office staff) about DOT's current IAA-related requirements and guidance.
2019
No. 7 to OST
Develop and implement procedures for reviewing current and future OA-issued IAA guidance to confirm alignment with DOT policy.
2019
No. 8 to OST
Develop and implement procedures to verify OA compliance with departmental requirements for financially managing IAAs with Volpe, including conducting and documenting monthly and quarterly reconciliations, and year-end reviews.
2019
No. 9 to OST
Develop and implement a mechanism for the OAs to document and share their performance evaluation data regarding Volpe IAAs.
Report on a Quality Control Review of the Independent Service Auditor’s Report on DOT’s Enterprise Services Center
2019
No. 1 to OST
Sensitive information redacted
2019
No. 2 to OST
Sensitive information redacted
2019
No. 3 to OST
Sensitive information redacted
FMCSA’s Plan Addresses Recommendations on Prioritizing Safety Interventions but Lacks Implementation Details
2019
No. 1 to FMCSA
For the fifth NAS recommendation, provide (a) cost estimates that account forstaffing, enforcement, and data collection; and (b) benchmarks for completion.
2019
No. 2 to FMCSA
For the fourth and sixth NAS recommendations, provide (a)cost estimates that account for staffing, enforcement, and data collection; (b)benchmarks for completion; and (c) potential programmatic reforms, revisions toregulations, or proposals for legislation.
Report on a Single Audit of the Los Angeles County Metropolitan Transportation Authority, Los Angeles, CA
2019
No. 1 to FTA
Ensures that the Authority complies with the subrecipient monitoring requirements.
Report on a Single Audit of the State of Nebraska, Lincoln, NE
2019
No. 1 to FTA
Ensures the State complies with the allowable costs/cost principles and subrecipient monitoring requirements.
2019
No. 2 to FTA
Recovers $232,750 (2018-067) from the State, if applicable.
2019
No. 3 to FTA
Recovers $71,167 (2018-068) from the State, if applicable.
2019
No. 4 to NHTSA
Ensures the State complies with the allowable costs/cost principles and subrecipient monitoring requirements, resulting in questioned costs of $11,745.
2019
No. 5 to NHTSA
Recovers $11,745 from the State, if applicable.
Report on a Single Audit of the Terre Haute Regional Airport Authority, Terre Haute, IN
2019
No. 1 to FAA
Ensures that the Authority complies with the special tests and provisions requirements
2019
No. 2 to FAA
Ensure that the Authority complies with the allowable costs/cost principles and reporting requirements.
Report on a Single Audit of the Commonwealth of Pennsylvania, Harrisburg, PA
2019
No. 1 to FHWA
Ensures that the Commonwealth complies with the subrecipient monitoring requirements.
Report on a Single Audit of the City of Birmingham, Birmingham, AL
2019
No. 1 to OST
Ensures the City complies with the procurement and suspension and debarment requirements.
2019
No. 2 to OST
Recovers $381,190 from the City, if applicable.
Report on a Single Audit of the Puerto Rico Metropolitan Bus Authority, San Juan, PR
2019
No. 1 to FTA
Ensures that the Authority complies with the equipment and real property management requirements.
DOT’s Updated Anti-Harassment Policy Meets EEOC Requirements, but Program Compliance Hinges on Procedure Implementation and Data Usage
2019
No. 1 to OST
Collect and review each OA's anti-harassment program procedures, and require revisions, as necessary, to bring them into compliance with DOT's policy and EEOC requirements.
Report on a Single Audit of the Puerto Rico Highways and Transportation Authority, San Juan, PR
2019
No. 1 to FTA
Ensures that the Authority complies with the subrecipient monitoring requirements.
2019
No. 2 to FHWA
Ensures that the Authority complies with the matching requirements.
Report on a Single Audit of the State of Connecticut, Hartford, CT
2019
No. 1 to FHWA
Ensures that the State complies with the allowable costs/cost principles requirements.
2019
No. 2 to FHWA
Recovers $1,023,224 from the State, if applicable.
Report on a Single Audit of the Association of Village Council Presidents, Bethel, AK
2019
No. 1 to FHWA
Ensures that the Council complies with the procurement and suspension and debarment requirements.
2019
No. 2 to FHWA
Ensures that the Council complies with the reporting requirements.
2019
No. 3 to FHWA
Ensures that the Council complies with the special tests and provisions requirements.
Report on a Single Audit of the Commonwealth of Virginia, Richmond, VA
2019
No. 1 to PHMSA
Ensures that the Commonwealth complies with the allowable costs/cost principles requirements.
2019
No. 2 to PHMSA
Recovers $150,203 from the Commonwealth, if applicable.
Report on a Single Audit of the State of Indiana, Indianapolis, IN
2019
No. 1 to FHWA
Ensures that the State complies with the special tests and provisions requirements.
Report on a Single Audit of the State of Vermont, Montpelier, VT
2019
No. 1 to NHTSA
Ensures that the State complies with the level of effort requirements.
Report on a Single Audit of the Crooked Creek Traditional Council, Crooked Creek, AK
2019
No. 1 to FHWA
Ensures that the Council complies with the activities allowed or unallowed requirements.
2019
No. 2 to FHWA
Recovers $194,821 from the Council, if applicable.
FTA Has an Opportunity To Improve the Integrity Monitor Program for Hurricane Sandy Grantees
2019
No. 1 to FTA
Develop and implement procedures for consistently reviewing,approving and periodically updating grantee integrity monitor plans.
2019
No. 2 to FTA
Develop and implement guidance for determining threats and impediments to independence. The guidance should address criteria for independence, including the use of internal grantee staff and actions required if independence issues cannot be resolved.
2019
No. 3 to FTA
Develop and implement procedures requiring all participants in grantee integrity monitoring activities to promptly notify the grantee and FTA when they have knowledge of current or prospective legal matters relating to FTA-funded Hurricane Sandy projects that may affect the Federal Government, including defaults, breaches, major disputes, or litigation; and promptly notify the grantee, FTA, and DOT-OIG if they have knowledge about potential fraud, waste, or abuse occurring on FTA-funded projects, including knowledge of a criminal or civil investigation; by a Federal, State, or local law enforcement or other investigative agency, a criminal indictment or civil complaint; probable cause that could support a criminal indictment; or any other credible information.
2019
No. 4 to FTA
Recover the estimated $1.1 million that represents FTA's share of the settlement funds paid to PANYNJ-OIG.
2019
No. 5 to FTA
Provide guidance or training on Master Agreement notification requirements for grantees and integrity monitors, such as defining what is meant by providing prompt notification.
2019
No. 6 to FTA
Develop and implement procedures for periodically assessingwhether integrity monitors are meeting plan expectations, and for takingappropriate corrective actions when integrity monitors are not meetingexpectations.
2019
No. 7 to FTA
Inform integrity monitors about best practices for targetingnew risk areas, such as procedures for contractor responsibilitydeterminations, and updating plans accordingly.
2019
No. 8 to FTA
Develop and implement procedures for grantee oversight of integrity monitors that include a review of quarterly reports that, at a minimum contain information about integrity monitor activities, findings, and recommendations, as well as descriptions of the grantee's response to the recommendations and estimated completion dates for corrective actions, where appropriate.
FRA Collects Reliable Grade Crossing Incident Data but Needs To Update Its Accident Prediction Model and Improve Guidance for Using the Data To Focus Inspections
2019
No. 1 to FRA
Establish and implement a procedure for determining when to evaluate and, if necessary, adjust the normalizing constants for the accident prediction formula in U.S. DOT's Accident Prediction and Severity Model to reflect current accident and grade crossing inventory data.
2019
No. 2 to FRA
Prepare and implement a comprehensive compliance manual for the grade crossing discipline that includes procedures for using grade crossing data to focus inspections and outreach.
FAA Has Made Progress in Implementing Its Metroplex Program, but Benefits for Airspace Users Have Fallen Short of Expectations
2019
No. 1 to FAA
Implement a procedure for assessing online and facility-level Performance Based Navigation (PBN) training provided to controllers for effectiveness. This procedure should include reporting the results of the assessments on a continuous basis to FAA management in the PBN policy office, and take corrective action as needed.
2019
No. 2 to FAA
Implement a process in the PBN policy office to track andevaluate whether actions taken to address identified obstacles have beeneffective in mitigating them, including the areas of phraseology, training,designing and amending procedures, and automation tools.
2019
No. 3 to FAA
Identify the corrective actions needed to mitigate the 10 obstacles from the NextGen Advisory Committee that FAA did not include in its action plan, and if feasible, establish milestones for implementing them.
2019
No. 4 to FAA
Display the same benefits numbers on FAA's NextGen website as those that are reported in post-implementation analysis reports for completed Metroplex sites or declare any differences in the data being reported.
2019
No. 5 to FAA
Document the methodology used to estimate PBN benefits for each Metroplex site.
Report on a Single Audit of the Municipality of Anchorage, Anchorage, AK
2019
No. 1 to FAA
Ensures that the Municipality complies with the special tests and provisions requirements.
2019
No. 2 to FTA
Ensures that the Municipality complies with the activities allowed or unallowed requirements.
2019
No. 3 to FTA
Recovers $151 from the Municipality, if applicable.
2019
No. 4 to FTA
Ensures that the Municipality complies with the equipment and real property management requirements.
2019
No. 5 to FTA
Recovers $64,220 from the Municipality, if applicable.
Report on a Single Audit of the City and County of Honolulu, Honolulu, HI
2019
No. 1 to FTA
Ensures that the City and County complies with the reporting requirements.
Report on a Single Audit of the Highways Division, Department of Transportation, State of Hawaii, Honolulu, HI
2019
No. 1 to FHWA
Ensures that the State complies with the cash management requirements.
2019
No. 2 to NHTSA
Ensures that the State complies with the cash management requirements.
Report on a Single Audit of the State of Louisiana, Baton Rouge, LA
2019
No. 1 to NHTSA
Ensures that the State complies with the allowable costs/cost principles requirements.
2019
No. 2 to NHTSA
Recovers $155,937 from the State, if applicable.
2019
No. 3 to NHTSA
Ensures that the State complies with cash management requirements.
2019
No. 4 to NHTSA
Recovers $9,204 from the State, if applicable.
The Maritime Administration’s Information Technology Infrastructure Is at Risk for Compromise
2019
No. 1 to MARAD
Change the password for the compromised server management device account to a strong password that meets DOT's Cybersecurity Compendium requirements and NIST guidelines.
2019
No. 2 to MARAD
Configure alerts on server management devices to notify staff of unusual activity and when the system reboots.
2019
No. 3 to MARAD
Change the password for the compromised MARAD service account.
2019
No. 4 to MARAD
In coordination with DOT CIO develop and implement a training program for administrators to adequately protect passwords that includes the DOT Policy requirement to not record passwords in electronic form.
2019
No. 5 to MARAD
Encrypt PII data on personal and network drives in accordance with DOT Chief Information Officer Departmental Privacy Risk Management Policy.
2019
No. 6 to MARAD
Sensitive information redacted
2019
No. 7 to MARAD
Develop a plan and address identified high and medium vulnerabilities on any remaining legacy websites and verify that new websites are being assessed for vulnerabilities.
2019
No. 8 to MARAD
In coordination with DOT CIO develop and implement a training program for MARAD personnel who provided credentials during the phishing test on security awareness, with a focus on phishing attacks.
2019
No. 9 to OST
Update the departmental annual security awareness training to include information on encryption using approved technological methods.
2019
No. 10 to OST
Change the passwords for OST's compromised social media accounts.
2019
No. 11 to OST
Change the passwords for MARAD's compromised social media accounts managed by OST.
2019
No. 12 to OST
Change the temporary passwords for the executives and staff that joined the Department during the change in the Presidential Administration.
2019
No. 13 to OST
Encrypt PII data on personal and network drives in accordance with DOT Chief Information Officer Departmental Privacy Risk Management Policy.
2019
No. 14 to OST
Examine service account permissions and remove unnecessary rights using the principle of least privilege so that service accounts have access to intended resources.
2019
No. 15 to OST
Develop a plan and address identified critical and high vulnerabilities on MARAD workstations managed by OST that are older than June 19, 2017 (1 year prior to the ending of our scanning period).
2019
No. 16 to OST
Update fiscal year 2019 Department of Transportation Security Awareness Training to include spear phishing and phishing examples and scenarios.
2019
No. 17 to OST
Sensitive information redacted
2019
No. 18 to OST
Sensitive information redacted
2019
No. 19 to OST
Sensitive information redacted
Opportunities Exist To Improve FRA and Volpe’s Acquisition and Use of Oversight Contractors
2019
No. 1 to OST
Update and implement procedures to ensure Volpe's staff follow Volpe and departmental requirements and guidance when preparing and documenting independent government cost estimates.
2019
No. 2 to OST
Update Volpe's procedures to require the use of risk-mitigation controls if the contractor's accounting system cannot be evaluated with current audit information prior to award of a cost-reimbursement contract, and document the contract file.
2019
No. 3 to OST
Develop and provide refresher training for Volpe's contracting personnel on the Federal Acquisition Regulation, Transportation Acquisition Manual, and Volpe's requirements and guidance for establishing contract and task order files that provide complete and accurate records of all actions.
2019
No. 4 to OST
Obtain incurred cost audits for its Monitoring and Technical Assistance Contractor (MTAC) cost-reimbursable contracts or document the rationale for not obtaining these audits in the contract file.
2019
No. 5 to OST
Update the Volpe April 2018 invoice review policy to require contracting officials to verify that the appropriate indirect rates have been charged.
2019
No. 6 to FRA
Develop, finalize, and implement procedures for FRA and the MTACs to use for all phases of project design oversight reviews and Rail Traffic Controller modeling simulation results.
2019
No. 7 to FRA
Develop and implement a risk-based oversight process for non-safety field inspections to include criteria to determine which prospective projects could benefit at key project phases.
2019
No. 8 to FRA
Revise the Monitoring Procedures to better align with FRA's financial assistance programs and strengthen the MTACs' role in the oversight of FRA financial assistance programs.
2019
No. 9 to FRA
Develop and implement policies and procedures that require the MTACs to follow a consistent process for conducting oversight reviews and documenting deliverables in a manner appropriately scaled for the size, complexity, and type of project.
2019
No. 10 to FRA
Develop and implement procedures that (a) direct the MTACs to describe each recommendation in terms of impact, such as safety or cost; (b) clearly state whether the recommendation is required or optional; and (c) track MTAC recommendations to resolution.
2019
No. 11 to FRA
Develop and implement a process that ensures that completed MTAC oversight reports are uploaded and maintained at regular intervals in FRA's Program Management Tracker database.
FAA Needs To Adopt a Risk-Based, Data-Driven Scheduling Process To Improve the Effectiveness of Its Drug Abatement Inspection Program
2019
No. 1 to FAA
Develop and implement a data-driven, risk-based inspection scheduling program in accordance with FAA's Safety Risk Management Policy. The program should include: a. Procedures for re-inspecting companies with identified non-compliances to ensure corrective actions have been implemented and are effective, and b. Procedures for selecting substitute companies in the event of inspection cancellations.
2019
No. 2 to FAA
Develop and implement a process to coordinate and verify the accuracy of aviation company data, including coordinating with FAA Flight Standards, prior to finalizing the inspection schedule.
DOT’s Fiscal Year 2018 IPERA Compliance Review
2019
No. 1 to OST
Implement procedures to ensure FHWA provides additional guidance to State and local agencies that receive Highway Planning and Construction funds on the importance of eliminating administrative or process errors and maintaining adequate documentation to support payments requests.
Inadequate Data and Guidance Hinder FHWA Force Account Oversight
2019
No. 1 to FHWA
Develop and implement a process for periodically assessing force account risk. Based on the risk assessment, develop and implement procedures for overseeing compliance with Federal force account regulations.
2019
No. 2 to FHWA
Revise force account guidance for the States to clarify when cost-effectiveness determinations are required.
2019
No. 3 to FHWA
Develop an action plan to collect and review the cost-effectiveness determinations for the 18 projects related to the $22.3 million in unsupported costs. Recover funds associated with projects where force account was not the most cost-effective approach for executing that project.
2019
No. 4 to FHWA
Develop and implement a process for determining when force account can be used for work performed outside the Federal highway right-of-way without complying with Federal requirements.
FAA Plans To Modernize Its Outdated Civil Aviation Registry Systems, but Key Decisions and Challenges Remain
2019
No. 1 to FAA
Develop and implement a timeline for making key decisions regarding the Civil Aviation Registry Electronic Services (CARES), such as defining requirements, one system vs. two systems, cloud vs. server architecture, risk-based policies, and what processes FAA could automate.
2019
No. 2 to FAA
Define what desired capabilities are technologically feasible within the Registry’s desired timeframes and include in its requirements, in consultation with FAA’s Office of Information Technology (AIT).
2019
No. 3 to FAA
Develop and implement a procedure to obtain feedback on CARES from internal and external stakeholders to better ensure that CARES meets the needs of the users of the system.
2019
No. 4 to FAA
Develop and implement a plan for maintaining real-time access to aircraft registration data prior to any potential closure of the Public Documents Room (PDR).
Stronger Guidance and Internal Controls Would Enhance DOT’s Management of Highway and Vehicle Safety R&D Agreements
2019
No. 1 to FHWA
Update financial assistance policies and procedures to address what administrative requirements apply to agreements with for-profitand foreign entities.
2019
No. 2 to FHWA
Finalize and issue policies for signing and administering CRADAs.
2019
No. 3 to FHWA
Update policies and procedures to determine when it is appropriate to require approval of recipient subcontracts or subawards and communicate this requirement to recipients; review the $12,400 in unapproved subcontractor costs identified in this report; and recover any costs deemed unreasonable. Implementing this recommendation could result in $1.6 million in funds being put to better use.
2019
No. 4 to FHWA
Update the checklist for agreement files that describes whatpre- and post-award documentation is required under current DOT and FHWApolicies.
2019
No. 5 to NHTSA
Update financial assistance policies and procedures to address what administrative requirements apply to agreements with for-profit and foreign entities.
2019
No. 6 to NHTSA
Update financial assistance policies and procedures to specify what level of review is required to approve a justification for making a financial assistance award without using full and open competitive procedures.
2019
No. 7 to NHTSA
Update financial assistance policies and procedures to specifically address agreements using a work-order structure, including procedures to reduce the risk of using these agreements to circumvent the general requirement to award financial assistance using full and open competitive procedures.
2019
No. 8 to NHTSA
Update the checklist for agreement files that describes what pre- and post-award documentation is required under current DOT and NHTSA policies.
2019
No. 9 to OST
Provide guidance to OAs to reinforce a common definition of R&D for use when determining whether a financial assistance award needs to be identified as R&D.
2019
No. 10 to OST
Develop and implement a risk-based methodology for reviewing a number of grantee reimbursement requests in detail on a regular basis.
2019
No. 11 to OST
Recover $1,900 in unallowable costs and take appropriate action to determine whether $8,000 in computer equipment costs was reasonable,and if not, seek recovery of these funds as well.
2019
No. 12 to OST
Update the checklist for agreement files that describes what pre- and post-award documentation is required under current DOT and OST-R policies.
2019
No. 13 to OST
Revise DOT financial assistance policies to require that OAsdefine what administrative requirements apply to agreements with for-profit andforeign recipients.
2019
No. 14 to OST
Revise DOT financial assistance policies to specify what officials are authorized to approve justifications for awarding financial assistance without full and open competition.
2019
No. 15 to OST
Develop and issue guidance to OAs for clearly identifying awards as R&D.
FAA Has Taken Steps To Advance the SENSR Program, but Opportunities and Risks Remain
2019
No. 1 to FAA
Develop and implement an integrated Schedule, Budget, and Organizational Chart that incorporates all the partner agencies for the SENSR program.
2019
No. 2 to FAA
Develop and implement a plan to identify and mitigate risks associated with the integration of SENSR into NextGen programs as well as into systems throughout the NAS.
Several Factors Limit DOT’s Ability To Efficiently Utilize Its Office Space
2019
No. 1 to OST
Develop, document, and implement a supplemental guide to DOT's Office Space Design Standard Policy (Policy) to provide the Department and its Operating Administrations (OA) guidance for applying the Agency's utilization standard to existing office space—including those spaces that DOT continues to occupy under new agreements—and clarify those terms related to the application of the standard, as identified in this report—i.e., new acquisitions
2019
No. 2 to OST
Develop, document, and implement an internal control process to apply when an OA is planning to acquire or continue to occupy an office space that exceeds the Agency's utilization standard. At a minimum, the process should require the OA to justify with documented evidence that it has implemented a different standard based on mission requirements or that applying the Department's standard will not be cost-effective or a best value option. Implementing this recommendation could potentially put $2.1 million in funds to better use by preventing DOT from paying for unneeded space that exceeds the Agency's utilization standard.
2019
No. 3 to OST
Develop, document, and implement a supplemental guide to DOT's Policy to provide OAs guidance on how to determine peak occupancy and accurately calculate the utilization rates for DOT office spaces in compliance with the methodology prescribed in the Policy.
2019
No. 4 to OST
Develop and implement a process for tracking DOT office spaces and their utilization rates. At a minimum, this process should include the ability to track staff counts and a requirement for the OAs to regularly maintain and report up-to-date data.
2019
No. 5 to OST
Develop, document, and implement departmentwide guidance on how all OAs are to conduct regular reviews of their office spaces to identify and execute cost-efficiency opportunities.
FTA has an Opportunity To Further Promote Lessons Learned To Enhance the Protection of Rolling Stock at Transit Agencies
2019
No. 1 to FTA
Supplement FTA's existing guidance by developing and implementing additional procedures to promote lessons learned.
2019
No. 2 to FTA
Provide transit agencies with a centralized source for lessons learned and encourage them to regularly refer to it when updating their processes to protect rolling stock.
Independent Auditors’ Management Letter on the Saint Lawrence Seaway Development Corporation’s Audited Financial Statements for Fiscal Years 2018 and 2017
2019
No. 1 to SLSDC
Provide training to warehouse staff to reinforce the proper procedures for processing and recording inventory transactions.
2019
No. 2 to SLSDC
Continue to work with the service provider to correct system deficiencies that are causing processing errors for returned items.
Report on a Single Audit of the Southern California Regional Rail Authority, Los Angeles, CA
2019
No. 1 to FTA
Ensures that the Authority complies with the equipment and real property management requirements.
Report on a Single Audit of the City of Wolf Point, Wolf Point, MT
2019
No. 1 to FAA
Ensure that the City complies with the procurement and suspension and debarment requirements.
Report on a Single Audit of the Medallion Foundation, Inc., Anchorage, AK
2019
No. 1 to FAA
Ensures that the Foundation complies with the reporting requirements.
Report on a Single Audit of the St. Joseph County Airport Authority, South Bend, IN
2019
No. 1 to FAA
Ensures that the Authority complies with the special tests and provisions requirements.
Report on a Single Audit of the Native Village Kluti-Kaah, Copper Center, AK
2019
No. 1 to FHWA
Ensures that the Native Village complies with the reporting requirements.
Report on a Single Audit of the City of Bangor, Bangor, ME
2019
No. 1 to FTA
Ensures that the City complies with procurement and suspension and debarment requirements.
2019
No. 2 to FTA
Recovers $81,888 from the City, if applicable.
Quality Control Review of the Management Letter for the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2018 and 2017
2019
No. 1 to FAA
KPMG recommends that FAA perform a review of the accounts payable accrual, including the procurement samples selected and their fiscal year allocation, at a level of precision to identify errors in order to prevent a potential misstatement.
2019
No. 2 to FAA
KPMG recommends that FAA develop and implement policies and procedures to ensure that all assets that meet the criteria for the EC&D liability are included in the facility quantities report and that any converted assets are properly removed and re-included in the report under the new facility contraction.
2019
No. 3 to FAA
KPMG recommends that FAA develop and implement policies and procedures to ensure that all assets are recorded with the appropriate useful life based on the asset dictionary.
2019
No. 4 to FAA
KPMG recommends that FAA develop and implement policies and procedures to ensure accurate accounting for internal use software assets in accordance with SFFAS 10.
Report on a Single Audit of the State of West Virginia, Charleston, WV
2019
No. 1 to FHWA
Ensures that the State complies with period of performance requirements.
2019
No. 2 to FHWA
Recovers $3,644,218 from the State, if applicable.
2019
No. 3 to FHWA
Ensures that the State complies with the special tests and provisions requirements.
2019
No. 4 to FHWA
Recovers $2,877,461 from the State, if applicable.
Report on a Single Audit of the Metro Regional Transit Authority, Akron, OH
2019
No. 1 to FTA
Ensure that the Metro Regional Transit Authority complies with the special tests and provisions requirements.
Report on a Single Audit of the Worcester Regional Transit Authority, Worcester, MA
2019
No. 1 to FTA
Ensures that the Authority complies with the cash management requirements.
Report on a Single Audit of the Puerto Rico Highways and Transportation Authority, San Juan, PR
2019
No. 1 to FTA
Ensures that the Authority complies with the subrecipient monitoring requirements.
2019
No. 2 to FHWA
Ensures that the Authority complies with the activities allowed or unallowed requirements.
2019
No. 3 to FHWA
Recover $74,746 from the Authority, if applicable.
Report on a Single Audit of the City of Phoenix, Phoenix, AZ
2019
No. 1 to FTA
Ensures that the City complies with the subrecipient monitoring requirements.
Report on a Single Audit of the New Mexico Department of Transportation, Santa Fe, NM
2019
No. 1 to FHWA
Ensures that the Department complies with the subrecipient monitoring requirements.
Report on a Single Audit of Macon-Bibb County, Macon, GA
2019
No. 1 to OST
Ensures that the County complies with the reporting requirements.
Report on a Single Audit of the City of Long Beach, Long Beach, NY
2019
No. 1 to FTA
Ensures that the City complies with the allowable costs/cost principles requirements.
2019
No. 2 to FTA
Recovers $1,656 from the City, if applicable.
Report on a Single Audit of the Greater New Haven Transit District, Hamden, CT
2019
No. 1 to FTA
Ensures that the District complies with the activities allowed or unallowed requirements.
2019
No. 2 to FTA
Recovers $221,551 from the District, if applicable.
Report on a Single Audit of White County, Monticello, IN (2017)
2019
No. 1 to FAA
Ensures that the County complies with the Reporting requirements.
Report on a Single Audit of the City of Columbus, Columbus, IN (2016)
2019
No. 1 to FTA
Ensure that the City comply with the Allowable Costs/Cost Principles requirement.
2019
No. 2 to FTA
Recover $83,547 from the City, if applicable.
2019
No. 3 to FTA
Ensure that the City comply with the Allowable Costs/Cost Principles requirements.
2019
No. 4 to FTA
Recover $30,335 from the City, if applicable.
2019
No. 5 to FTA
Ensure that the City comply with cash management requirements.
2019
No. 6 to FTA
Recover $13,465 from the City, if applicable.
Report on a Single Audit of White County, Monticello, IN (2016)
2019
No. 1 to FAA
Ensures that the County complies with the Reporting requirements.
Report on a Single Audit of the Frankfort Airport Authority, Frankfort, IN
2019
No. 1 to FAA
Ensures that the Authority complies with the internal control requirements.
Report on a Single Audit of the City of Columbus, Columbus, IN (2017)
2019
No. 1 to FTA
Ensure that the City complies with the activities allowed or unallowed requirements.
2019
No. 2 to FTA
Recover $41,733 from the City, if applicable.
2019
No. 3 to FTA
Ensure that the City complies with the allowable costs/cost principles requirements.
2019
No. 4 to FTA
Recover $107,181 from the City, if applicable.
2019
No. 5 to FTA
Ensure that the City complies with the matching, level of effort, earmarking requirements.
2019
No. 6 to FTA
Recover $8,067 from the City, if applicable.
Report on a Single Audit of the Massachusetts Bay Transit Authority, Boston, MA
2019
No. 1 to FTA
Ensures that the Authority complies with the equipment and real property management requirements.
2019
No. 2 to FTA
Ensures that the Authority complies with the reporting requirements.
2019
No. 3 to OST
Ensures that the Authority complies with the reporting requirements.
FAA Has Made Progress But Additional Actions Remain To Implement Congressionally Mandated Cyber Initiatives
2019
No. 1 to FAA
Develop a plan with target dates to address the Working Group's four deferred recommendations to enhance aircraft systems cybersecurity.
2019
No. 2 to FAA
Develop a plan with target dates to finalize the application of CyRM to the mission support and research and development areas, and determine when full application of CyRM will occur.
2019
No. 3 to FAA
Establish priorities for FAA-led research and development activities and incorporate these priorities into the budget process.
FISMA 2018: DOT’s Information Security Program and Practices
2019
No. 1 to OST
Develop policy and procedures to verify and validate theaccuracy and completeness of the Department's key FISMA information repositoryand tool, currently the Cyber Security Assessment and Management tool (CSAM).
2019
No. 2 to OST
Direct OCIO to follow policy and conduct annual cybersecurity performance analysis reviews of OAs' cybersecurity programs, and submit reports to OAs with recommendations to address cybersecurity weaknesses.
2019
No. 3 to OST
Develop a process and policy where applicable to ensure the Department develops and maintain a comprehensive and accurate inventory of cloud systems, contractor systems, and websites that the public can access.
2019
No. 4 to OST
Direct OST to prioritize and resolve COE security weaknesses identified by assessor, and develop POA&Ms that realistically reflect resources and timeframes for completions of these actions.
2019
No. 5 to OST
Direct OST to establish MOUs that delineate the responsibilities for COE common controls with each of the following OAs: FHWA, FMCSA, FRA, FTA, OIG, MARAD, SLSDC, and NHTSA.
2019
No. 6 to OST
Direct OAs (FAA, FHWA, FMCSA, FRA, FTA, OST, PHMSA, MARAD, and NHTSA) with weaknesses in data protection and privacy to update the status and develop POA&Ms to address the weaknesses.
2019
No. 7 to OST
Update specialized training guidance in DOT Cybersecurity Action Memos policy and DOT Cybersecurity Compendium policy to clearly define requirements.
2019
No. 8 to OST
Enhance security awareness training policy to define processes to tailor this training to DOT's unique environment and use feedback to enhance its program.
2019
No. 9 to OST
Develop and define a taxonomy that describes the content of the hardware and software inventory and the process to assemble, verify and maintain adequate support for the inventory data as well as the related information reported to OMB and other external parties.
2019
No. 10 to OST
Develop a process to define its performance measures--that consider DOT's business environment--to assess the effectiveness of DOT's information security program, including its ISCM program.
2019
No. 11 to OST
Using NIST guidance, test and authorize CDM applications (such as BigFix) that have been placed into operation on DOT's networks without proper security control assessments.
2019
No. 12 to OST
Provide enterprise wide specialized training on contingencyplanning and testing on a periodic basis to appropriate security officials andstakeholders. Training should reinforcecrucial role contingency planning and testing plays in an effective informationsecurity program.
Quality Control Review of the Management Letter for the Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2018 and 2017
2019
No. 1 to FAA
KPMG recommends that ESC develop, implement, and document a timeline for journal vouchers to be approved and posted.
2019
No. 2 to FAA
KPMG recommends that ESC establish a review control, with the appropriate level of precision, to ensure journal vouchers are posted in a timely manner and in accordance with the above policy.
2019
No. 3 to FHWA
KPMG recommends that FHWA management develop and implement a process to require documentation of the UPACS audit log review to be maintained to include documentation of the date reviewed, person who reviewed the log, and any follow-up actions required.
2019
No. 4 to FHWA
KPMG recommends that FHWA management update the UPACS standard operating procedures or other appropriate documentation to reflect the new audit log review process.
2019
No. 5 to FHWA
KPMG recommends that FHWA management develop a process to ensure the review of FMIS5 application access is completed by all divisions.
2019
No. 6 to FHWA
KPMG recommends that FHWA management update the FMIS5 standard operating procedures or other appropriate documentation to reflect the new review process.
2019
No. 7 to FHWA
KPMG recommends that FHWA management strengthen policies and procedures that require terminated user accounts to be removed from UPACS in a timely manner.
2019
No. 8 to FHWA
KPMG recommends that FHWA management update the UPACS standard operating procedures documents to reflect the new requirements.
FHWA Lacks Adequate Oversight and Guidance for Engineer’s Estimates
2019
No. 1 to FHWA
Develop and implement an action plan that establishes target action dates and assigns responsibility for following up on the key recommendations from the 2015 National Review of State Cost Estimation Practice.
2019
No. 2 to FHWA
Update FHWA's Guidelines on Preparing Engineer's Estimate, Bid Reviews, and Evaluation (2004 Guidance) to include: a. Estimating guidance for more recent project delivery methods, such as design-build and construction manager/general contractor and, b. Guidelines to account for contingencies and inflation when developing Engineer's Estimates.
2019
No. 3 to FHWA
Assess the validity and applicability of the threshold in FHWA's 2004 Guidance that is used to measure the accuracy of Engineer's Estimates.
2019
No. 4 to FHWA
Develop and implement an oversight process for Engineer's Estimates that assesses whether States are following FHWA's guidance and thresholds.
FHWA Needs To Clarify Roles and Processes for Approving and Monitoring Public-Private Partnerships
2019
No. 1 to FHWA
Require FHWA Headquarters and Division Offices to follow established procedures for reviewing and approving initial financial plans to ensure they include an assessment of the appropriateness of a P3 for project delivery.
2019
No. 2 to FHWA
Revise and issue guidance to communicate to FHWA staff and stakeholders the processes FHWA will use to take Federal stewardship considerations into account in approving P3 projects. This guidance should address FHWA's role, if any, in the assessment of traffic and revenue assumptions.
2019
No. 3 to FHWA
Develop and issue Agencywide guidance identifying risks specific to P3 projects that Division Offices should consider in their risk assessments of State and local transportation agencies' Federal-aid construction programs.
2019
No. 4 to FHWA
Consult with the Build America Bureau to define FHWA's and the Bureau's roles and responsibilities during the Operations and Maintenance phase for P3 projects.
2019
No. 5 to FHWA
Develop and issue guidance to internal and external stakeholders communicating the processes FHWA will use to oversee P3 projects, including during the Operations and Maintenance phase for P3 projects that remain funded by Federal loans.
Report on a Single Audit of the Kiowa Tribe of Oklahoma, Carnegie, OK
2019
No. 1 to FHWA
Ensures that the Tribe complies with the procurement and suspension and debarment requirements.
2019
No. 2 to FHWA
We recommend that FHWA recovers $1,531,442 from the Tribe, if applicable.
Most Public Agencies Comply With Passenger Facility Charge Program Requirements, But FAA Can Improve the Use of Its Oversight Tools
2018
No. 1 to FAA
Establish specific timeframes for issuing audit reports and verify that public agencies' independent audits are performed annually.
2018
No. 2 to FAA
Update FAA's policy and procedures to require Airport District Offices (ADO) to obtain and review complete audit reports and ensure all required audit opinions are included.
2018
No. 3 to FAA
Develop and implement procedures to ensure PFC expenditures at the Gary, IN, airport are independently audited, including the $18.3 million identified in our report.
2018
No. 4 to FAA
Develop and implement policies and procedures for verifying that public agencies report accurate PFC collection and expenditure information to FAA.
2018
No. 5 to FAA
Develop and implement policies and procedures that require ADO staff to consistently record certain items in the System of Airport Reporting database to enhance its oversight of the PFC program, such as the receipt of independent audit reports, PFC-related findings reported by independent auditors, follow-up actions and comments discussed with the public agency, status of audit findings, and whether the findings are repeated from prior years.
2018
No. 6 to FAA
Develop a methodology to review completed PFC projects that determines whether they are achieving intended program goals, and identifies best practices and opportunities for improvement.
DOT Has Not Met Federal Targets for Implementing Components of Its Information Security Continuous Monitoring Program
2018
No. 1 to OST
To improve the DOT's information security continuous monitoring program, DOT Chief Information Officer needs to update the department's federal information security modernization act standard operating procedures to include steps for verifying the accuracyand completeness of the Federal Aviation Administration's (FAA) CrossAgency Priority (CAP) goal metrics.
2018
No. 2 to FAA
To improve the accuracy and completeness of the data FAA uses to report on its CAP goal metrics, the Federal Aviation Administrator needs to implement procedures that: define the requirements for selecting the operating systems to be monitored; criteria for determining which tools should be used to collect data for the CAP goal metrics; and verify the accuracy and completeness of the CAP goal metrics.
2018
No. 3 to FAA
To improve the accuracy and completeness of the data FAA uses to report on its CAP goal metrics, the Federal Aviation Administrator needs to develop and implement controls for verifying, validating, and retainingdata used to report on CAP performance-based goal metrics.
FAA Remains Several Years Away From a Standardized Controller Scheduling Tool
2018
No. 1 to FAA
Develop an implementation plan for deploying a scheduling system for controllers that includes schedule milestones, system requirements, risk assessment and mitigation, and funding requirements.
2018
No. 2 to FAA
Assess and quantify the expected benefits of a customized controller scheduling tool.
Quality Control Review of the Independent Auditor’s Report on the Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2018 and 2017
2018
No. 1 to FAA
KPMG recommends that DOT management develop sufficient procedures and controls to address the identified GITC control deficiencies.
2018
No. 2 to FAA
KPMG recommends that DOT management monitor progress to ensure that the GITC procedures and controls are implemented and operating effectively.
2018
No. 3 to FHWA
KPMG recommends that DOT Management perform a thorough and detailed review of the overall TIFIA cashflow model functionality and implementation to ensure that all assumptions areproperly applied in the execution of the cash flow projections.
2018
No. 4 to FHWA
KPMG recommends that DOT consider automating the calculations that are performed manually to reduce risk of misapplication of assumptions due to human error.
Quality Control Review of the Independent Auditor’s Report on the Surface Transportation Board’s Audited Financial Statements for Fiscal Years 2018 and 2017
2018
No. 1 to STB
LSC recommends STB discuss with ESC officials the need to substantially strengthen its system of review over financial information processed for the STB.
2018
No. 2 to STB
LSC recommends STB require ESC to determine the cause(s) for the instances of incorrect and/or improper accounting and financial reporting of STB data, and to take appropriate corrective actions to address these continuing problems.
2018
No. 3 to STB
LSC recommends STB ensure that the proper accounting procedures are in place and operating effectively for year-end financial statements when posting the costs incurred by contractors with advances.
2018
No. 4 to STB
LSC recommends STB develop a STB policy that: 1) implementsthe BFS guidance relating to interagency agreements; 2) identifies theresponsibilities for the STB and its service provider; and 3) establishes astandard set of processes that support the recording, reporting,reconciliation, and measurement of intergovernmental activity and anyidentified differences.
2018
No. 5 to STB
LSC recommends STB ensure that actions are taken prior to the end of the fiscal year to address the differences identified in the FY 2018 report.
Quality Control Review of the Independent Auditor’s Report on the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2018 and 2017
2018
No. 1 to FAA
KPMG recommends that FAA management develop sufficient procedures and controls to address the identified GITC control deficiencies.
2018
No. 2 to FAA
KPMG recommends that FAA management monitor progress to ensure that the GITC procedures and controls are implemented and operating effectively.
2018
No. 3 to FAA
KPMG recommends that FAA management design and document policies, procedures, and controls related to the review of inventory shop orders that include standardized reports, an appropriate precision threshold for required analysis or follow-up, and evidence of review.
2018
No. 4 to FAA
KPMG recommends that FAA management design and implement policies and procedures to conduct a held for repair unit cost calculation review, including approvals of adjustments due to unique circumstances.
2018
No. 5 to FAA
KPMG recommends that FAA management revise its existing policy of expensing all projects initiated via RE&D funding, to include projects that have progressed beyond the preliminary design stage, and design and implement controls at the appropriate level of precision to determine whether projects should be expensed or capitalized, in accordance with the applicable accounting standards.
Independent Auditors’ Report on the St. Lawrence Seaway Development Corporation’s Financial Statements for Fiscal Years 2018 and 2017
2018
No. 1 to SLSDC
Retrain responsible property custodians on the proper procedures for retiring and disposing of assets in a timely manner.
2018
No. 2 to SLSDC
Strengthen policies and controls to assess construction in progress projects to expense costs that are no longer capitalizable.
2018
No. 3 to SLSDC
Perform a review of the net book values for recorded PP&E assets to ensure no other anomalies for converted assets or conversion errors occurred and make adjustments to correct asset values if needed.
Quality Control Review of the Independent Auditor’s Report on the National Transportation Safety Board’s Financial Statements for Fiscal Years 2018 and 2017
2018
No. 1 to NTSB
Allmond recommends that NTSB management redesign itsprovisioning process to require that when access is modified a new systemaccess request form is completed to reflect this change.
2018
No. 2 to NTSB
Allmond recommends NTSB require the completion andsubmission of an Oracle Federal Financial (OFF) User Access Form to the serviceprovider immediately upon separation of an OFF user from the agency and monitoragency separations on a weekly basis to align with user access terminationpolicies in place for other agency information systems.
Opportunities Exist for FAA To Strengthen Its Review and Oversight Processes for Unmanned Aircraft System Waivers
2018
No. 1 to FAA
Conduct a workforce assessment of the staff assigned to review airspace waiver and authorization requests to determine if Air Traffic Organization (ATO) staffing is adequate, and take appropriate action based on the results.
2018
No. 2 to FAA
Assess performance statistics for ATO's non-automated airspace waiver request process to determine if establishing volume and timeliness goals would enhance the process and if so, develop and implement these goals.
2018
No. 3 to FAA
Use performance metrics for Low Altitude Authorization and Notification Capability (LAANC) to evaluate the system's effect on application processing volume and timeliness and take appropriate action based on the results.
2018
No. 4 to FAA
Develop and implement internal controls to improve consistency in the use of standard template responses when corresponding with applicants regarding requests for information.
2018
No. 5 to FAA
Update National Flight Standards Work Program Guidelines to require field offices perform inspections on a sample of commercial UAS operators in their area for a 2-year period, which will increase available inspection data for creating a risk profile of UAS.
2018
No. 6 to FAA
Using available inspection and risk data, develop a baseline risk assessment profile of small commercial UAS operators, including those operators with waivers and airspace authorizations, to inform inspector surveillance planning decisions, as well as procedures to periodically update this risk assessment profile using future inspection data.
2018
No. 7 to FAA
Issue guidance to field offices regarding where and how to obtain Agency information on waiver and/or authorization-holding UAS operators, to help inform their inspection planning.
2018
No. 8 to FAA
Provide clarifying guidance to UAS operators on FAA's website or by other means regarding the small UAS rule provision relating to operations "over people."
FAA Has Taken Steps To Address ERAM Outages, but Some Vulnerabilities Remain
2018
No. 1 to FAA
Develop and implement contingency plan testing to validatethe effectiveness of techniques and procedures to react to and recover from ERAM outages, with air traffic controllers' and maintenance technicians' participation.
2018
No. 2 to FAA
Evaluate, develop, and implement training, consistent with NIST guidelines, for maintenance technicians and air traffic control staff for responding to ERAM in degraded system conditions and outages.
2018
No. 3 to FAA
Upon completion of the safety review regarding removing ERAM's current backup system, determine what backup capability is required for ERAM and then develop and implement that capability.
Quality Control Review of an Independent Auditor’s Report on the Surface Transportation Board’s Information Security Program and Practices
2018
No. 1 to STB
Fully develop and implement a risk management strategy and the supporting procedures for maintaining an accurate system inventory.
2018
No. 2 to STB
Develop a configuration management plan with supporting policies and procedures and ensure that the existing Change Management Charter aligns with the plan.
2018
No. 3 to STB
Develop an ICAM strategy to guide its ICAM process and activities, and modify existing identity and access management policies and procedures to adequately address: a. Processes to request, modify, and revoke privileged and non-privileged access; and b. Processes to ensure separation of duties within the organization.
2018
No. 4 to STB
Fully implement the use of PIV cards for personnel to access STB's facilities.
2018
No. 5 to STB
Develop a privacy program, including related plans, policies and procedures, for the protection of personally identifiable information that is collected used, maintained, shared and disposed of by STB's information systems. Furthermore, identify roles and responsibilities for data exfiltration exercises.
2018
No. 6 to STB
Develop an Incident Response plan in accordance with NIST 800-61, rev. 2.
2018
No. 7 to STB
Modify incident response policies and procedures to incorporate the most recent incident attack vectors taxonomy in accordance with US-CERT.
Quality Control Review of the Independent Service Auditor’s Report on DOT’s Enterprise Services Center
2018
No. 1 to OST
Sensitive information redacted
2018
No. 2 to OST
Sensitive information redacted
2018
No. 3 to OST
Ensure that Access Control Officers complete the quarterly access reviews over the current active user accounts and associated roles within Delphi Financial Application, including iSupplier, to help ensure access is authorized and commensurate with job responsibilities.
2018
No. 4 to OST
Sensitive information redacted
2018
No. 5 to OST
Sensitive information redacted
2018
No. 6 to OST
Sensitive information redacted
2018
No. 7 to OST
Sensitive information redacted
2018
No. 8 to OST
Sensitive information redacted
2018
No. 9 to OST
Sensitive information redacted
2018
No. 10 to OST
Sensitive information redacted
2018
No. 11 to OST
Sensitive information redacted
Improvements Are Needed To Strengthen FAA’s Oversight of eInvoicing and AIP Grant Payments
2018
No. 1 to FAA
Develop and implement controls for periodically verifying that RO/ADO program managers are implementing FAA's policy for (a) assigning and monitoring grantee risk ratings, as required; (b) performing manual approvals, when required; and (c) performing quarterly reviews and, when applicable, modifying grantee risk ratings according to FAA guidance.
2018
No. 2 to FAA
Formally request that OST Delphi system managers modify the wording of the warning message to AIP grantees to specifically state when documentation has not been attached to payment requests and that such documentation is required by FAA policy and the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERA).
2018
No. 3 to FAA
Formally request that OST Delphi system managers implement a function that denies AIP payments to grantees that do not provide the required supporting documentation at the time of the payment request.
2018
No. 4 to FAA
Update FAA policy to include the availability of existing Delphi eInvoicing training and communicate the policy revision to all AIP grantees.
2018
No. 5 to FAA
Develop and implement a plan to recover the $102,323 in questioned and unsupported costs identified in this report.
2018
No. 6 to FAA
Communicate to AIP grantees FAA's policy requirement for maintaining all original documentation that supports grant payments and confirm that all grantees have acknowledged this requirement.
2018
No. 7 to FAA
Update AIP payment policy to include a specific requirement that grantees submit payment requests on invoiced costs incurred up to the allowable Federal share, and communicate the revision to all AIP grantees.
2018
No. 8 to FAA
Improve existing training for RO/ADO program managers to follow the AIP Handbook requirements for amending grant agreements when expanding project descriptions.
Report on a Single Audit of the Territory of American Samoa, Pago Pago, AS
2018
No. 1 to FAA
Ensures that the Territory complies with the equipment and real property requirements.
2018
No. 2 to FAA
Ensures that the Territory complies with the special tests and provisions requirements.
2018
No. 3 to FAA
Recovers $264,077 from the Territory, if applicable.
Report on a Single Audit of the Navajo Nation, Window Rock, AZ
2018
No. 1 to FHWA
We recommend that FHWA ensures that the Navajo Nation complies with the equipment and real property requirements.
Report on a Single Audit of the National Railroad Passenger Corporation and Subsidiaries (Amtrak), Washington, DC
2018
No. 1 to FRA
Ensures that AMTRAK complies with the equipment and real property management requirements.
Report on a Single Audit of the Republic of Palau, Koror, PW
2018
No. 1 to FAA
Ensures that the Republic complies with the equipment and real property management requirements.
Report on a Single Audit of the Middletown Transit District, Middletown, CT
2018
No. 1 to FTA
Ensures that the District complies with the procurement and suspension and debarment requirements.
Report on a Single Audit of the Mississippi Coast Transportation Authority, Gulfport, MS
2018
No. 1 to FTA
Ensures that the Authority complies with the matching requirements.
2018
No. 2 to FTA
Recovers $2,787 from the Authority, if applicable.
Report on a Single Audit of the Commonwealth of the Northern Mariana Islands, Saipan, MP
2018
No. 1 to FHWA
Ensures that the Commonwealth complies with the equipment and real property management requirements.
Report on a Single Audit of the South Carolina Department of Transportation, Columbia, SC
2018
No. 1 to FHWA
Ensures that the SC DOT complies with proper accounting requirements for accounts receivable and accounts payable.
Report on a Single Audit of Rutgers University, Piscataway, NJ
2018
No. 1 to OST
Ensures that the University complies with the allowable costs/cost principles requirements.
2018
No. 2 to OST
Recovers $8,954 from the University, if applicable.
2018
No. 3 to FTA
Ensures that the University complies with the allowable costs/cost principles requirements.
2018
No. 4 to FTA
Recovers $9,377 from the University, if applicable.
Report on a Single Audit of the State of Vermont, Montpelier, VT
2018
No. 1 to NHTSA
Ensures that the State complies with the reporting requirements.
2018
No. 2 to NHTSA
Ensures that the State complies with the matching, level of effort, earmarking requirements.
Report on a Single Audit of the Metropolitan Transit Authority of Harris County, Houston, TX
2018
No. 1 to FTA
Ensures that the Authority complies with the subrecipient monitoring requirements.
Report on a Single Audit of the Chicago Transit Authority, Chicago, IL
2018
No. 1 to FTA
Ensures that the Authority complies with the reporting requirements.
Report on a Single Audit of the State of Michigan, Lansing, MI
2018
No. 1 to NHTSA
Ensures that the State complies with the matching, level of effort, earmarking requirements.
Report on a Single Audit of the Confederated Tribes of the Colville Reservation, Nespelem, WA
2018
No. 1 to FHWA
Ensures that the Confederated Tribes complies with the reporting requirements.
Report on a Single Audit of the State of Montana, Helena, MT
2018
No. 1 to FHWA
Ensures that the State complies with the cash management requirements.
2018
No. 2 to FHWA
Ensures that the State complies with the subrecipient monitoring requirements.
2018
No. 3 to FHWA
Ensures that the State complies with the activities allowed or unallowed requirements.
2018
No. 4 to FHWA
Recovers $900,000 from the State, if applicable.
2018
No. 5 to FHWA
Recovers $143,000 from the State, if applicable.
2018
No. 6 to FHWA
Ensures that the State complies with the special tests and provisions requirements.
2018
No. 7 to FTA
Ensures that the State complies with the reporting requirements.
Report on a Single Audit of the Crow Tribe of Indians, Crow Agency, MT
2018
No. 1 to FHWA
Ensures that the Tribe complies with the cash management requirements.
2018
No. 2 to FHWA
Recovers $3,077,574 from the Tribe, if applicable.
2018
No. 3 to FHWA
Ensures that the Tribe complies with the activities allowed/allowable costs and cost principles requirements.
2018
No. 4 to FHWA
Recovers $22,691 from the Tribe, if applicable.
2018
No. 5 to FHWA
Ensures that the Tribe complies with the equipment and real property requirements.
2018
No. 6 to FHWA
Ensures that the Tribe complies with the period of performance requirements.
2018
No. 7 to FHWA
Ensures that the Tribe complies with the special tests and provisions requirements.
Report on a Single Audit of the City and County of Honolulu, Honolulu, HI
2018
No. 1 to FTA
Ensures that the City and County complies with the activities allowed or unallowed and allowable costs/cost principles requirements.
2018
No. 2 to FTA
Recovers $24,080,771 from the City and County, if applicable.
2018
No. 3 to FTA
Ensures that the City and County complies with the reporting requirements.
Report on a Single Audit of the State of Louisiana, Baton Rouge, LA
2018
No. 1 to FTA
Ensures that the State complies with the subrecipient monitoring requirements.
2018
No. 2 to FTA
Recovers $106,181 from the State, if applicable.
Report on a Single Audit of the Massachusetts Bay Transportation Authority, Boston, MA
2018
No. 1 to FTA
Ensures that the Authority complies with the equipment and real property management requirements.
2018
No. 2 to OST
Ensures that the Authority complies with the equipment and real property management requirements.
Report on a Single Audit of the Capital Area Transit Authority, Lansing, MI
2018
No. 1 to FTA
Ensures that the Authority complies with the cash management requirements.
2018
No. 2 to FTA
We recommend FTA recovers $30,641 from the Authority, if applicable.
Report on a Single Audit of the City of Union City, Union City, CA
2018
No. 1 to FTA
Ensures that the City complies with the subrecipient monitoring requirements.
2018
No. 2 to FTA
Recovers $2,780,059 from the City, if applicable.
Report on a Single Audit of the City of Atlanta, Atlanta, GA
2018
No. 1 to OST
Ensures that the City complies with reporting requirements.
2018
No. 2 to OST
Ensures that the City complies with subrecipient monitoring requirements.
DOT Operating Administrations Can Better Enable Referral of Potentially Criminal Activity to OIG
2018
No. 1 to OST
Update DOT Orders 8000.8 and 8000.5A and make them available to DOT employees.
2018
No. 2 to OST
Require that Operating Administrations align any criminal referral procedures with updated DOT Orders.
2018
No. 3 to OST
Implement an annual mandatory training requirement on DOT employees' responsibility to report fraud, waste, and abuse to the OIG and requirements in DOT Orders 8000.8 and 8000.5A.
Report on a Single Audit of the Metropolitan Council of the Twin Cities Area, St. Paul, MN
2018
No. 1 to FTA
Ensures that the Council complies with the special tests and provisions requirements.
Report on a Single Audit of the Utah Transit Authority, Salt Lake City, UT
2018
No. 1 to FTA
Ensures that the Authority complies with the equipment and real property management requirements.
Report on a Single Audit of the State of Nebraska, Lincoln, NE
2018
No. 1 to FTA
Ensures that the State complies with the subrecipient monitoring requirements.
2018
No. 2 to FTA
We recommend FTA recovers $99,226 from the State, if applicable.
Report on a Single Audit of the Government of Guam, Hagatna, GU
2018
No. 1 to FHWA
Ensures that Guam complies with the equipment and real property management requirements.
Report on a Single Audit of the State of North Carolina, Raleigh, NC
2018
No. 1 to FHWA
Ensures that the State complies with the special tests and provisions requirements.
Report on a Single Audit of the San Francisco Municipal Transportation Agency, San Francisco, CA
2018
No. 1 to FTA
Ensures that the Agency complies with the procurement and suspension and debarment requirements.
2018
No. 2 to FTA
Recovers $214,494 from the Agency, if applicable.
Report on a Single Audit of the North Coast Railroad Authority, Ukiah, CA
2018
No. 1 to OST
Ensures that the Authority complies with the reporting requirements.
Report on a Single Audit of the Puerto Rico Highways and Transportation Authority, San Juan, PR
2018
No. 1 to FTA
Ensures that the Authority complies with subrecipient monitoring requirements.
2018
No. 2 to FHWA
Ensures that the Authority complies with special tests and provisions requirements.
2018
No. 3 to FHWA
Ensures that the Authority complies with the matching requirements.
Report on a Single Audit of the State of Rhode Island and Providence Plantations, Providence, RI
2018
No. 1 to FHWA
Ensures that the State complies with the special tests and provisions requirements.
2018
No. 2 to FHWA
Recovers $214,516 from the State, if applicable.
Report on a Single Audit of the State of Indiana, Indianapolis, IN
2018
No. 1 to FHWA
Ensures that the State complies with the special tests and provisions requirements.
Report on a Single Audit of the Wyoming Department of Transportation, Cheyenne, WY
2018
No. 1 to FHWA
Ensures that the Wyoming DOT complies with the reporting requirements.
Report on a Single Audit of the Commonwealth of Pennsylvania, Harrisburg, PA
2018
No. 1 to FHWA
Ensures that the Commonwealth complies with the subrecipient monitoring requirements.
NHTSA’s Management of Light Passenger Vehicle Recalls Lacks Adequate Processes and Oversight
2018
No. 1 to NHTSA
Develop and implement a risk-based process to monitor manufacturers' reporting of recall remedy, scope, and risk information. The process should include taking appropriate steps with manufacturers that are not in compliance, including enforcement actions when necessary, as well as verifying information submitted by manufacturers, and identifying and addressing potential inadequacies of recall remedies and scope.
2018
No. 2 to NHTSA
Develop and implement a risk-based processwith specific timelinesthat provides guidance for Office of Defects Investigation staff on identifying recalls with missing communications (e.g., dealer notifications, technical service bulletins), taking appropriate action to resolve the deficiency, and documenting the outcomes in an official recordkeeping system.
2018
No. 3 to NHTSA
In accordance with the Government Accountability Office's Standards for Internal Control in the Federal Government and NHTSA's procedures, develop, implement, and document management controls, including a supervisory review process, for monitoring recall remedies, scope, and risk reporting and oversight of recall implementation.
2018
No. 4 to NHTSA
Develop a training curriculum on staff responsibilities for updated recall monitoring and oversight processes, and provide this training to Office of Defects Investigation and Office of Vehicle Safety Compliance staff.
2018
No. 5 to NHTSA
Update the recall reporting portal and issue written guidance to identify all recall scope, risk, and completion rate information that regulations require manufacturers to submit.
2018
No. 6 to NHTSA
Document lessons learned from the Takata recalls, and develop and implement a plan for applying those lessons to help manufacturers improve completion rates of other recalls.
FAA Has Not Fully Addressed Safety Concerns Regarding the American Airlines Flight Test Program
2018
No. 1 to FAA
Conduct an independent review of FAA's oversight of American Airlines' flight operations to determine whether controls are in place and effective in preventing single points of failure; develop and implement corrective actions, if necessary.
2018
No. 2 to FAA
Modify the existing tool used to evaluate the objectivity of inspectors to incorporate risk factors such as non-routine operations and the length of time inspectors oversee the same air carrier.
2018
No. 3 to FAA
Develop and implement controls requiring oversight office staff to resolve complaints and follow key policy requirements such as directly contacting complainants and documenting investigations.
2018
No. 4 to FAA
Establish and implement criteria for evaluating correspondence to ensure safety complaints are routed to FAA's Office of Audit and Evaluation.
2018
No. 5 to FAA
Develop and implement inspector guidance on FAA's oversight requirements for flight test operations.
2018
No. 6 to FAA
Provide the Allied Pilots Association with a revised response to its complaint based on results from the October 2017 independent assessment of the American Airlines flight test program.
2018
No. 7 to FAA
Develop and implement a corrective action plan to address the recommendations made by the October 2017 independent assessment of the American Airlines flight test program.
Opportunities Exist To Further Strengthen the Security Controls of FAA’s Data Communications Program
2018
No. 1 to FAA
Update and remediate the completion dates in the plans of action and milestones for SI-02.A and CM07.A.2 to ensure that the confidentiality, integrity, and availability of the system are not at risk.
Underlying Data Quality Issues Hinder the Staffing and Placement of FAA’s Maintenance Technicians
2018
No. 1 to FAA
Determine the impact of new hire training and certification time and fatigue mitigation requirements on technician staffing and incorporate into the maintenance technician staffing process.
2018
No. 2 to FAA
Determine the impact of equipment age on workload and maintenance technician staffing needs and incorporate this factor into the staffing model, if found to be statistically significant.
2018
No. 3 to FAA
Review and update the Facility, Service, and Equipment Profile policy to require user training and recurring data-validation reviews at the Support Center and national levels at defined intervals prior to running the staffing model.
2018
No. 4 to FAA
Develop and implement a process to reduce and standardize codes in the Labor Distribution Reporting (LDR) system to improve accounting for direct maintenance workload.
2018
No. 5 to FAA
Determine if the newly standardized LDR data are reliable for direct maintenance workloads in the Technical Operations Staffing Model, and if so, develop and implement an action plan with milestones to replace the workload assessments with LDR data.
2018
No. 6 to FAA
Revise the current standard operating procedure, Tier 1/2/3 Staffing Allocations and Tier 1 Watch Coverage Requirements to: a. Define the job series and clarify whether system specialists and System Support Center coordinators are included in the Tier 1, 2, and 3 staffing targets;and b. Require annual review, validation, and updating of staffing allocation targets.
FAA Faces Challenges in Implementing and Measuring the Effectiveness of Its 2015 Runway Safety Call to Action Initiatives
2018
No. 1 to FAA
Update the target delivery dates for initiatives that are still in progress, including those without target delivery dates, and implement procedures for continually updating delivery dates and descriptions of initiatives as changes are made.
2018
No. 2 to FAA
Develop and include in the monitoring plan quantifiable metrics or other indicators that can measure the effectiveness of the initiatives.
2018
No. 3 to FAA
Consolidate duplicate initiatives within the monitoring plan.
PHMSA Has an Opportunity To Refine Its Guidance and Performance Reporting for the Pipeline Safety Research and Development Program
2018
No. 1 to PHMSA
Develop and issue comprehensive policy and procedures for the Pipeline Safety Research and Development Program that includes guidance for: a. notifying a wider spectrum of stakeholder representatives about future Research and Development forums, in order to increase their participation; b. addressing how the results of Research and Development forums are incorporated into the program plan; c. conducting all steps in the conflict-of-interest process; and d. following up with researchers on benefits and uses.
2018
No. 2 to PHMSA
Complete upgrades to the conflict-of-interest portion of the Research and Development Management Information System.
2018
No. 3 to PHMSA
Use Performance Improvement Council best practices to update future biennial Update Reports to Congress, to include additional context, such as analyses of current performance metrics and an evaluation of program success, trends, and anomalies.
DOT’s Fiscal Year 2017 IPERA Compliance Review
2018
No. 1 to OST
Implement procedures to ensure the Federal Transit Administration distributes guidance to selected grantee recipients on the importance of accurate submission and proper review of timesheets to improve proper allocation of labor efforts and the identification and retention of required documentation to support a payment as proper in the Emergency Relief Program-Disaster Relief Appropriations Act program.
2018
No. 2 to OST
Work with the Office of Inspector General (OIG) to ensure it provides additional, clear, and precise travel guidance to employees and approving officials on the preparation and proper review of travel vouchers to improve the allocation of travel expenses in OIG-DRAA fund activity.
2018
No. 3 to OST
Work with OIG to ensure it updates its travel guidance to add instructions on how to split or allocate DRAA-related travel expenses to the appropriate accounting codes including codes for indirect costs and trains employees how to use this guidance.
Report on Single Audit of the Naknek Native Village Council, Naknek, AK
2018
No. 1 to FHWA
Ensures that the Council complies with the cash management requirements.
2018
No. 2 to FHWA
Recovers $666,482 from the Council, if necessary.
Report on Single Audit of the State of Ohio, Columbus, OH
2018
No. 1 to FHWA
Ensures the State complies with the period of performance requirements.
2018
No. 2 to FHWA
Determine the allowability of the $5,824 transaction, then review all construction projects to ensure that expenditures were properly paid within the period of performance, and recover any additional questioned costs, if applicable.
Report on Single Audit of the City of Portland, Portland, ME