Recommendation Dashboard

skip-to-content
-A A +A

OIG’s Office of Auditing and Evaluation makes recommendations to the Department of Transportation and a few independent transportation entities to correct deficiencies and encourage improvements in the safety, economy, efficiency, and management of their programs and operations. Our audit report findings and conclusions explain the basis for the specific corrective actions we recommend. This Recommendation Dashboard provides more information than ever before about the current status of OIG recommendations, which we plan to update on a weekly basis. For more information, see answers to frequently asked questions.

 

Open Recommendations by Agency

As of: The Recommendation Dashboard does not include data on many of our older audits for which all recommendations were closed prior to July 1, 2016.

 
 
Audit Report: ZA2020006 issued on 11.04.2019
Gaps in Internal Controls Impede the Department’s Management of Working Capital Fund Laptops
No. 1 to OST

Update DOT DASH 2016-01 to specifically state that FAA Strategic Sourcing for the Acquisition of Various Equipment & Supplies (SAVES) is not an approved vehicle under Office of Management and Budget (OMB) requirements.

No. 2 to OST

Document the revised IT Spend Plan process to verify OAs meet OMB requirements when procuring laptop computers.

No. 3 to OST

Implement enhanced physical security controls for the Information Technology Shared Services (ITSS) asset room where Working Capital Fund (WCF)-funded laptops are stored.

No. 4 to OST

Develop and implement supplemental guidance that defines responsibilities for the Office of Facilities, Information, and Asset Management (OFIAM) and ITSS with respect to receipt, inspection, and acceptance, and inventory management processes and procedures for WCF-purchased laptops.

No. 5 to OST

Update DOT Order 4410.4 to include: a. Defining roles and responsibilities of DOT offices and personnel with respect to management of WCF laptop computers. b. Requiring hand receipts or a similar form whenever an accountable property asset (e.g., laptop) is assigned or unassigned to/from a user. c. Requiring record retention of records from hand receipts or a similar control with the appropriate property official. d. Establishing a timeframe for submitting Reports of Survey to OFIAM.

No. 6 to OST

Establish a Board of Survey to review instances of lost or damaged WCF equipment as required by DOT Order 4410.4.

No. 7 to OST

Develop and implement a process for verifying the timely and accurate entry of laptop computer data into OFIAM's official personal property system of record, to include establishing data entry timeframes, key fields (e.g., procurement and delivery dates), and quality control checks.

$2,900,000
No. 8 to OST

Develop and implement procedures for conducting the annual property inventory to include obtaining missing hand receipts or similar control and timely resolution of discrepancies for WCF laptops. Implementation of this recommendation could result in $2.9 million in funds put to better use.

Audit Report: ST2020005 issued on 10.30.2019
FTA’s Limited Oversight of Grantees’ Compliance With Insurance Requirements Puts Federal Funds and Hurricane Sandy Insurance Proceeds at Risk
$2,125,000
No. 1 to FTA

Reduce permanently NYC DOT's Hurricane Sandy total damage assessment by $2.125 million to remove the ineligible expenses.

No. 2 to FTA

Assess the necessary data to affirm that Hurricane Sandy recovery grantees carried flood insurance that complied with the Flood Disaster Protection Act (FDPA). For any Hurricane Sandy recovery grantee that FTA determines had uninsured buildings, contents, or both that should have been insured in compliance with the FDPA, permanently reduce the grantee's total Hurricane Sandy damage assessment by the aggregate amount of the maximum available National Flood Insurance Program (NFIP) insurance or the amount of the Federal investment in the property prior to the storm (whichever is less).

No. 3 to FTA

Develop and implement procedures within FTA's Triennial and State Management Reviews to assess the necessary data to affirm that each grantee undergoing a comprehensive review carries flood insurance that complies with the FDPA. FTA's suggested corrective actions for any grantee deficiency in this area should include, at a minimum, requiring the grantee to submit to FTA documentation showing proof of flood insurance in the aggregate amount of the maximum available NFIP insurance or the amount of the Federal investment (whichever is less) for all structures required to have it.

No. 4 to FTA

Revise FTA's Emergency Relief Program (ERP) guidance to include a timeframe within which grantees must apply insurance proceeds to support the policy described in its ERP Final Rule.

$982,855,757
No. 5 to FTA

Require the Hurricane Sandy Recovery grantees to apply their insurance proceeds in accordance with the timeframe established in the revised ERP guidance and in support of the policy described in its ERP Final Rule. Implementation of this recommendation could put over $982.8 million in funds to better use. This is the amount of transit-related insurance proceeds that grantees have received but have not yet spent on eligible transit recovery projects.

$180,700,000
No. 6 to FTA

Require MTA to apply the full amount of its transit-related insurance proceeds to eligible transit projects. Implementation of this recommendation could put up to $180.7 million in funds to better use.

No. 7 to FTA

Develop procedures to track grantee allocation plan implementation for expenditures solely funded with insurance proceeds.

No. 8 to FTA

Revise the ERP Toolkit checklist to include a step for FTA Regional staff to crosscheck against the approved insurance allocation plan when reviewing Hurricane Sandy grant applications and awarding Hurricane Sandy grants.

Audit Report: QC2020004 issued on 10.29.2019
Quality Control Review of the Independent Auditor’s Review of DOT’s DATA Act Implementation
No. 1 to OST

Implement and document a formal quarterly review process to ensure that any non-fatal warnings at the Operating Administration level are investigated, and actions to address the warnings are clearly documented.

No. 2 to OST

Implement and document a formal quarterly review process to ensure that any variances identified between File A and the DOT's GTAS SF-133, and File B and OMB Circular No. A-11 and President's budget are clearly explained and documented.

No. 3 to OST

Implement and document an internal oversight review process for financial assistance awards to ensure that controls are in place to verify recipients are registered in SAM at the time of financial assistance award.

No. 4 to OST

Develop processes to evaluate future reporting of those data elements identified as being inconsistent with DAIMS guidance.

Audit Report: QC2020002 issued on 10.23.2019
Quality Control Review of the Independent Auditor's Report on the Assessment of DOT's Information Security Program and Practices
No. 1 to OST

Perform a review of all Plans of Action and Milestone (POA&M) items closed during the audit period to include supporting documentation and re-approve their closure.

No. 2 to OST

Revise current security weakness management policies and procedures (documenting within a revision history table) to require documented evidence such as calendar appointments, meeting minutes, etc. in support of POA&M closure decisions to be uploaded into CSAM.

No. 3 to OST

Work with the OA CIOs to review current assessment and authorization processes and implement a validation process to ensure updated security plans, ATOs and risk assessments are reviewed and updated to reflect all system (including privacy) controls, vulnerabilities, and that current risks are clearly presented to the authorizing officials.

No. 4 to OST

Work with the OA CIOs to develop mechanisms to ensure updated system security plans and assessments of security controls (that were previously assessed as not satisfied or partially satisfied) reflect current operational environments, including an accurate status of the implementation of system security controls, and all applicable security controls are properly evaluated.

No. 5 to OST

Document OA subnets and OA responsibilities for devices and systems operating on the Common Operating Environment.

No. 6 to OST

Document and implement network segmentation to reduce the attack surface or susceptibility of vulnerable and sensitive OA assets in the Common Operating Environment.

No. 7 to OST

Work with OAs to remediate outstanding identity and access management weaknesses through implementation and closure of POA&Ms and control assessments to determine whether these risks were addressed.

No. 8 to OST

Work with Component Privacy Officers (POs) to develop and implement procedures then verify the completion, review, tracking and approval through review of updated PTAs, PIAs and SORNs.

No. 9 to OST

Document and implement a process to ensure incident response procedures related to the timely notification, reporting, updating, and resolution of security incidents are followed in accordance with policy.

No. 10 to OST

Review and update the OCIO Cyber Security Incident Response Plan, documenting evidence of review and revisions within a history log.

No. 11 to OST

Resolve any inconsistencies with respect to Departmental policies and procedures, which prescribe conflicting directions on whether DOT components are required to provide, develop and update incident response plans, documenting evidence of review and revisions within a history log.

No. 12 to OST

Implement a process to ensure incident response plans are developed for all OAs and updated on at least an annual basis.

No. 13 to OST

Work with the OST's Office of Intelligence, Security and Emergency Response to ensure the DOT COOP is reviewed and updated (noting evidence of the review within a history/revision log).

No. 14 to OST

Work with the OA CIOs to remediate identified weaknesses in contingency plans and BIAs, such as missing information, lack of timely review, and inadequate approvals, demonstrated by updated contingency plans and BIAs.

Audit Report: SA2020001 issued on 10.16.2019
Summary Report on Significant Single Audit Findings Impacting DOT Programs for the 3-Month Period Ending August 31, 2019
No. 1 to OST

Coordinate with impacted Operating Administrations (OA) to develop a corrective action plan to resolve and close the findings highlighted in this report.

$1,005,222
No. 2 to OST

Determine the allowability of the questioned transactions and recover $1,005,222.00, if applicable.

Audit Report: ZA2019087 issued on 09.30.2019
DOT Needs To Strengthen Its Oversight of IAAs With Volpe
No. 1 to OST

Implement requirements for documenting the rationale forentering into intra-agency agreements (IAA) with the John A. Volpe NationalTransportation Systems Center (Volpe), including why the proposed agreement isin the OA's best interest.

No. 2 to OST

Implement a process to ensure OAs' spend plans, or an alternative mechanism, include descriptions of current and planned Volpe IAA projects, as well as the projects' current and future funding needs.

No. 3 to OST

Implement oversight procedures in compliance with section 1.4.3 of DOT Order 1200.9 to verify use of required forms and the inclusion of required elements when executing Volpe IAAs, including but not limited to buyer obligation numbers, lines of accounting to be charged, and Treasury Appropriation Fund Symbols.

No. 4 to OST

Implement procedures to verify compliance with departmental requirements for conducting IAA financial completion processes and returning unused funds after the period of performance ends.

$33,300,000
No. 5 to OST

Comply with DOT Order 1200.9's financial completion and IAA closeout process requirements for the IAAs identified in table 3 of this report, and determine whether to close them and deobligate the appropriate portions of the $5,966,933 we identified. Implementing this recommendation across the 854 IAAs in our audit universe could potentially put up to $33.3 million in funds to better use.

No. 6 to OST

Develop and implement procedures to communicate with and train relevant OA staff (e.g., Program Office, Acquisitions/Procurement Office, and Budget/Finance Office staff) about DOT's current IAA-related requirements and guidance.

No. 7 to OST

Develop and implement procedures for reviewing current and future OA-issued IAA guidance to confirm alignment with DOT policy.

No. 8 to OST

Develop and implement procedures to verify OA compliance with departmental requirements for financially managing IAAs with Volpe, including conducting and documenting monthly and quarterly reconciliations, and year-end reviews.

No. 9 to OST

Develop and implement a mechanism for the OAs to document and share their performance evaluation data regarding Volpe IAAs.

Audit Report: QC2019086 issued on 09.30.2019
Report on a Quality Control Review of the Independent Service Auditor’s Report on DOT’s Enterprise Services Center
Closed on 11.07.2019
Sensitive
No. 1 to OST

Sensitive information redacted

Closed on 11.07.2019
Sensitive
No. 2 to OST

Sensitive information redacted

Closed on 11.07.2019
Sensitive
No. 3 to OST

Sensitive information redacted

Audit Report: ST2019084 issued on 09.25.2019
FMCSA’s Plan Addresses Recommendations on Prioritizing Safety Interventions but Lacks Implementation Details
No. 1 to FMCSA

Forthe fifth NAS recommendation, provide (a) cost estimates that account forstaffing, enforcement, and data collection; and (b) benchmarks for completion.

No. 2 to FMCSA

For the fourth and sixth NAS recommendations, provide (a)cost estimates that account for staffing, enforcement, and data collection; (b)benchmarks for completion; and (c) potential programmatic reforms, revisions toregulations, or proposals for legislation.

Audit Report: SA2019080 issued on 09.18.2019
Report on a Single Audit of the State of Nebraska, Lincoln, NE
No. 1 to FTA

Ensures the State complies with the allowable costs/cost principles and subrecipient monitoring requirements.

$232,750
No. 2 to FTA

Recovers $232,750 (2018-067) from the State, if applicable.

$71,167
No. 3 to FTA

Recovers $71,167 (2018-068) from the State, if applicable.

No. 4 to NHTSA

Ensures the State complies with the allowable costs/cost principles and subrecipient monitoring requirements, resulting in questioned costs of $11,745.

$11,745
No. 5 to NHTSA

Recovers $11,745 from the State, if applicable.

Audit Report: SA2019081 issued on 09.18.2019
Report on a Single Audit of the Terre Haute Regional Airport Authority, Terre Haute, IN
No. 1 to FAA

Ensures that the Authority complies with the special tests and provisions requirements

No. 2 to FAA

Ensure that the Authority complies with the allowable costs/cost principles and reporting requirements.

Audit Report: SA2019079 issued on 09.18.2019
Report on a Single Audit of the Los Angeles County Metropolitan Transportation Authority, Los Angeles, CA
No. 1 to FTA

Ensures that the Authority complies with the subrecipient monitoring requirements.

Audit Report: SA2019076 issued on 09.17.2019
Report on a Single Audit of the Commonwealth of Pennsylvania, Harrisburg, PA
No. 1 to FHWA

Ensures that the Commonwealth complies with the subrecipient monitoring requirements.

Audit Report: SA2019077 issued on 09.17.2019
Report on a Single Audit of the City of Birmingham, Birmingham, AL
No. 1 to OST

Ensures the City complies with the procurement and suspension and debarment requirements.

$381,190
No. 2 to OST

Recovers $381,190 from the City, if applicable.

Audit Report: SA2019078 issued on 09.17.2019
Report on a Single Audit of the Puerto Rico Metropolitan Bus Authority, San Juan, PR
No. 1 to FTA

Ensures that the Authority complies with the equipment and real property management requirements.

Audit Report: ST2019072 issued on 09.11.2019
DOT’s Updated Anti-Harassment Policy Meets EEOC Requirements, but Program Compliance Hinges on Procedure Implementation and Data Usage
No. 1 to OST

Collect and review each OA's anti-harassment program procedures, and require revisions, as necessary, to bring them into compliance with DOT's policy and EEOC requirements.

Audit Report: SA2019069 issued on 09.10.2019
Report on a Single Audit of the Puerto Rico Highways and Transportation Authority, San Juan, PR
No. 1 to FTA

Ensures that the Authority complies with the subrecipient monitoring requirements.

No. 2 to FHWA

Ensures that the Authority complies with the matching requirements.

Audit Report: SA2019070 issued on 09.10.2019
Report on a Single Audit of the State of Connecticut, Hartford, CT
No. 1 to FHWA

Ensures that the State complies with the allowable costs/cost principles requirements.

$1,023,224
No. 2 to FHWA

Recovers $1,023,224 from the State, if applicable.

Audit Report: SA2019071 issued on 09.10.2019
Report on a Single Audit of the Association of Village Council Presidents, Bethel, AK
No. 1 to FHWA

Ensures that the Council complies with the procurement and suspension and debarment requirements.

No. 2 to FHWA

Ensures that the Council complies with the reporting requirements.

No. 3 to FHWA

Ensures that the Council complies with the special tests and provisions requirements.

Audit Report: SA2019065 issued on 09.10.2019
Report on a Single Audit of the Commonwealth of Virginia, Richmond, VA
No. 1 to PHMSA

Ensures that the Commonwealth complies with the allowable costs/cost principles requirements.

$150,203
No. 2 to PHMSA

Recovers $150,203 from the Commonwealth, if applicable.

Audit Report: SA2019066 issued on 09.10.2019
Report on a Single Audit of the State of Indiana, Indianapolis, IN
No. 1 to FHWA

Ensures that the State complies with the special tests and provisions requirements.

Audit Report: SA2019067 issued on 09.10.2019
Report on a Single Audit of the State of Vermont, Montpelier, VT
No. 1 to NHTSA

Ensures that the State complies with the level of effort requirements.

Audit Report: SA2019068 issued on 09.10.2019
Report on a Single Audit of the Crooked Creek Traditional Council, Crooked Creek, AK
No. 1 to FHWA

Ensures that the Council complies with the activities allowed or unallowed requirements.

$194,821
No. 2 to FHWA

Recovers $194,821 from the Council, if applicable.

Audit Report: ZA2019064 issued on 09.09.2019
FTA Has an Opportunity To Improve the Integrity Monitor Program for Hurricane Sandy Grantees
No. 1 to FTA

Develop and implement procedures for consistently reviewing,approving and periodically updating grantee integrity monitor plans.

No. 2 to FTA

Develop and implement guidance for determining threats and impediments to independence. The guidance should address criteria for independence, including the use of internal grantee staff and actions required if independence issues cannot be resolved.

No. 3 to FTA

Develop and implement procedures requiring all participants in grantee integrity monitoring activities to promptly notify the grantee and FTA when they have knowledge of current or prospective legal matters relating to FTA-funded Hurricane Sandy projects that may affect the Federal Government, including defaults, breaches, major disputes, or litigation; and promptly notify the grantee, FTA, and DOT-OIG if they have knowledge about potential fraud, waste, or abuse occurring on FTA-funded projects, including knowledge of a criminal or civil investigation; by a Federal, State, or local law enforcement or other investigative agency, a criminal indictment or civil complaint; probable cause that could support a criminal indictment; or any other credible information.

Closed on 10.22.2019
$1,100,000
No. 4 to FTA

Recover the estimated $1.1 million that represents FTA's share of the settlement funds paid to PANYNJ-OIG.

No. 5 to FTA

Provide guidance or training on Master Agreement notification requirements for grantees and integrity monitors, such as defining what is meant by providing prompt notification.

No. 6 to FTA

Develop and implement procedures for periodically assessingwhether integrity monitors are meeting plan expectations, and for takingappropriate corrective actions when integrity monitors are not meetingexpectations.

No. 7 to FTA

Inform integrity monitors about best practices for targetingnew risk areas, such as procedures for contractor responsibilitydeterminations, and updating plans accordingly.

No. 8 to FTA

Develop and implement procedures for grantee oversight of integrity monitors that include a review of quarterly reports that, at a minimum contain information about integrity monitor activities, findings, and recommendations, as well as descriptions of the grantee's response to the recommendations and estimated completion dates for corrective actions, where appropriate.

Audit Report: ST2019063 issued on 09.04.2019
FRA Collects Reliable Grade Crossing Incident Data but Needs To Update Its Accident Prediction Model and Improve Guidance for Using the Data To Focus Inspections
No. 1 to FRA

Establish and implement a procedure for determining when to evaluate and, if necessary, adjust the normalizing constants for the accident prediction formula in U.S. DOT's Accident Prediction and Severity Model to reflect current accident and grade crossing inventory data.

No. 2 to FRA

Prepare and implement a comprehensive compliance manual for the grade crossing discipline that includes procedures for using grade crossing data to focus inspections and outreach.

Audit Report: AV2019062 issued on 08.27.2019
FAA Has Made Progress in Implementing Its Metroplex Program, but Benefits for Airspace Users Have Fallen Short of Expectations
No. 1 to FAA

Implement a procedure for assessing online and facility-level Performance Based Navigation (PBN) training provided to controllers for effectiveness. This procedure should include reporting the results of the assessments on a continuous basis to FAA management in the PBN policy office, and take corrective action as needed.

No. 2 to FAA

Implement a process in the PBN policy office to track andevaluate whether actions taken to address identified obstacles have beeneffective in mitigating them, including the areas of phraseology, training,designing and amending procedures, and automation tools.

No. 3 to FAA

Identify the corrective actions needed to mitigate the 10 obstacles from the NextGen Advisory Committee that FAA did not include in its action plan, and if feasible, establish milestones for implementing them.

No. 4 to FAA

Display the same benefits numbers on FAA's NextGen website as those that are reported in post-implementation analysis reports for completed Metroplex sites or declare any differences in the data being reported.

Closed on 10.30.2019
No. 5 to FAA

Document the methodology used to estimate PBN benefits for each Metroplex site.

Audit Report: SA2019060 issued on 07.31.2019
Report on a Single Audit of the State of Louisiana, Baton Rouge, LA
No. 1 to NHTSA

Ensures that the State complies with the allowable costs/cost principles requirements.

$155,937
No. 2 to NHTSA

Recovers $155,937 from the State, if applicable.

No. 3 to NHTSA

Ensures that the State complies with cash management requirements.

$9,204
No. 4 to NHTSA

Recovers $9,204 from the State, if applicable.

Audit Report: SA2019061 issued on 07.31.2019
Report on a Single Audit of the Municipality of Anchorage, Anchorage, AK
No. 1 to FAA

Ensures that the Municipality complies with the special tests and provisions requirements.

No. 2 to FTA

Ensures that the Municipality complies with the activities allowed or unallowed requirements.

$151
No. 3 to FTA

Recovers $151 from the Municipality, if applicable.

No. 4 to FTA

Ensures that the Municipality complies with the equipment and real property management requirements.

$64,220
No. 5 to FTA

Recovers $64,220 from the Municipality, if applicable.

Audit Report: SA2019058 issued on 07.31.2019
Report on a Single Audit of the City and County of Honolulu, Honolulu, HI
No. 1 to FTA

Ensures that the City and County complies with the reporting requirements.

Audit Report: SA2019059 issued on 07.31.2019
Report on a Single Audit of the Highways Division, Department of Transportation, State of Hawaii, Honolulu, HI
No. 1 to FHWA

Ensures that the State complies with the cash management requirements.

No. 2 to NHTSA

Ensures that the State complies with the cash management requirements.

Audit Report: FI2019057 issued on 07.24.2019
The Maritime Administration’s Information Technology Infrastructure Is at Risk for Compromise
No. 1 to MARAD

Change the password for the compromised server management device account to a strong password that meets DOT's Cybersecurity Compendium requirements and NIST guidelines.

No. 2 to MARAD

Configure alerts on server management devices to notify staff of unusual activity and when the system reboots.

No. 3 to MARAD

Change the password for the compromised MARAD service account.

No. 4 to MARAD

In coordination with DOT CIO develop and implement a training program for administrators to adequately protect passwords that includes the DOT Policy requirement to not record passwords in electronic form.

No. 5 to MARAD

Encrypt PII data on personal and network drives in accordance with DOT Chief Information Officer Departmental Privacy Risk Management Policy.

Sensitive
No. 6 to MARAD

Sensitive information redacted

No. 7 to MARAD

Develop a plan and address identified high and medium vulnerabilities on any remaining legacy websites and verify that new websites are being assessed for vulnerabilities.

No. 8 to MARAD

In coordination with DOT CIO develop and implement a training program for MARAD personnel who provided credentials during the phishing test on security awareness, with a focus on phishing attacks.

No. 9 to OST

Update the departmental annual security awareness training to include information on encryption using approved technological methods.

No. 10 to OST

Change the passwords for OST's compromised social media accounts.

No. 11 to OST

Change the passwords for MARAD's compromised social media accounts managed by OST.

No. 12 to OST

Change the temporary passwords for the executives and staff that joined the Department during the change in the Presidential Administration.

No. 13 to OST

Encrypt PII data on personal and network drives in accordance with DOT Chief Information Officer Departmental Privacy Risk Management Policy.

No. 14 to OST

Examine service account permissions and remove unnecessary rights using the principle of least privilege so that service accounts have access to intended resources.

No. 15 to OST

Develop a plan and address identified critical and high vulnerabilities on MARAD workstations managed by OST that are older than June 19, 2017 (1 year prior to the ending of our scanning period).

No. 16 to OST

Update fiscal year 2019 Department of Transportation Security Awareness Training to include spear phishing and phishing examples and scenarios.

Sensitive
No. 17 to OST

Sensitive information redacted

Sensitive
No. 18 to OST

Sensitive information redacted

Sensitive
No. 19 to OST

Sensitive information redacted

Audit Report: ZA2019056 issued on 07.10.2019
Opportunities Exist To Improve FRA and Volpe’s Acquisition and Use of Oversight Contractors
No. 1 to OST

Update and implement procedures to ensure Volpe's staff follow Volpe and departmental requirements and guidance when preparing and documenting independent government cost estimates.

No. 2 to OST

Update Volpe's procedures to require the use of risk-mitigation controls if the contractor's accounting system cannot be evaluated with current audit information prior to award of a cost-reimbursement contract, and document the contract file.

No. 3 to OST

Develop and provide refresher training for Volpe's contracting personnel on the Federal Acquisition Regulation, Transportation Acquisition Manual, and Volpe's requirements and guidance for establishing contract and task order files that provide complete and accurate records of all actions

No. 4 to OST

Obtain incurred cost audits for its Monitoring and Technical Assistance Contractor (MTAC) cost-reimbursable contracts or document the rationale for not obtaining these audits in the contract file.

No. 5 to OST

Update the Volpe April 2018 invoice review policy to require contracting officials to verify that the appropriate indirect rates have been charged.

No. 6 to FRA

Develop, finalize, and implement procedures for FRA and the MTACs to use for all phases of project design oversight reviews and Rail Traffic Controller modeling simulation results.

No. 7 to FRA

Develop and implement a risk-based oversight process for non-safety field inspections to include criteria to determine which prospective projects could benefit at key project phases.

No. 8 to FRA

Revise the Monitoring Procedures to better align with FRA's financial assistance programs and strengthen the MTACs' role in the oversight of FRA financial assistance programs.

No. 9 to FRA

Develop and implement policies and procedures that require the MTACs to follow a consistent process for conducting oversight reviews and documenting deliverables in a manner appropriately scaled for the size, complexity, and type of project.

No. 10 to FRA

Develop and implement procedures that (a) direct the MTACs to describe each recommendation in terms of impact, such as safety or cost; (b) clearly state whether the recommendation is required or optional; and (c) track MTAC recommendations to resolution.

No. 11 to FRA

Develop and implement a process that ensures that completed MTAC oversight reports are uploaded and maintained at regular intervals in FRA's Program Management Tracker database.

Audit Report: AV2019055 issued on 06.25.2019
FAA Needs To Adopt a Risk-Based, Data-Driven Scheduling Process To Improve the Effectiveness of Its Drug Abatement Inspection Program
No. 1 to FAA

Develop and implement a data-driven, risk-based inspection scheduling program in accordance with FAA's Safety Risk Management Policy. The program should include: a. Procedures for re-inspecting companies with identified non-compliances to ensure corrective actions have been implemented and are effective, and b. Procedures for selecting substitute companies in the event of inspection cancellations.

No. 2 to FAA

Develop and implement a process to coordinate and verify the accuracy of aviation company data, including coordinating with FAA Flight Standards, prior to finalizing the inspection schedule.

Audit Report: FI2019054 issued on 06.03.2019
DOT’s Fiscal Year 2018 IPERA Compliance Review
No. 1 to OST

Implement procedures to ensure FHWA provides additional guidance to State and local agencies that receive Highway Planning and Construction funds on the importance of eliminating administrative or process errors and maintaining adequate documentation to support payments requests.

Audit Report: ST2019053 issued on 05.29.2019
Inadequate Data and Guidance Hinder FHWA Force Account Oversight
No. 1 to FHWA

Develop and implement a process for periodically assessing force account risk. Based on the risk assessment, develop and implement procedures for overseeing compliance with Federal force account regulations.

No. 2 to FHWA

Revise force account guidance for the States to clarify when cost-effectiveness determinations are required.

$22,300,000
No. 3 to FHWA

Develop an action plan to collect and review the cost-effectiveness determinations for the 18 projects related to the $22.3 million in unsupported costs. Recover funds associated with projects where force account was not the most cost-effective approach for executing that project.

No. 4 to FHWA

Develop and implement a process for determining when force account can be used for work performed outside the Federal highway right-of-way without complying with Federal requirements.

Audit Report: AV2019052 issued on 05.08.2019
FAA Plans To Modernize Its Outdated Civil Aviation Registry Systems, but Key Decisions and Challenges Remain
No. 1 to FAA

Develop and implement a timeline for making key decisions regarding the Civil Aviation Registry Electronic Services (CARES), such as defining requirements, one system vs. two systems, cloud vs. server architecture, risk-based policies, and what processes FAA could automate.

No. 2 to FAA

Define what desired capabilities are technologically feasible within the Registry's desired timeframes and include in its requirements, in consultation with FAA's Office of Information Technology (AIT).

No. 3 to FAA

Develop and implement a procedure to obtain feedback on CARES from internal and external stakeholders to better ensure that CARES meets the needs of the users of the system.

No. 4 to FAA

Develop and implement a plan for maintaining real-time access to aircraft registration data prior to any potential closure of the Public Documents Room (PDR).

Audit Report: ZA2019051 issued on 05.01.2019
Stronger Guidance and Internal Controls Would Enhance DOT’s Management of Highway and Vehicle Safety R&D Agreements
Closed on 08.13.2019
No. 1 to FHWA

Update financial assistance policies and procedures to address what administrative requirements apply to agreements with for-profitand foreign entities.

Closed on 05.03.2019
No. 2 to FHWA

Finalize and issue policies for signing and administering CRADAs.

$1,600,000
No. 3 to FHWA

Update policies and procedures to determine when it is appropriate to require approval of recipient subcontracts or subawards and communicate this requirement to recipients; review the $12,400 in unapproved subcontractor costs identified in this report; and recover any costs deemed unreasonable. Implementing this recommendation could result in $1.6 million in funds being put to better use.

No. 4 to FHWA

Update the checklist for agreement files that describes what pre-and post-award documentation is required under current DOT and FHWA policies.

No. 5 to NHTSA

Update financial assistance policies and procedures to address what administrative requirements apply to agreements with for-profit and foreign entities.

No. 6 to NHTSA

Update financial assistance policies and procedures to specify what level of review is required to approve a justification for making a financial assistance award without using full and open competitive procedures.

No. 7 to NHTSA

Update financial assistance policies and procedures to specifically address agreements using a work-order structure, including procedures to reduce the risk of using these agreements to circumvent the general requirement to award financial assistance using full and open competitive procedures.

No. 8 to NHTSA

Update the checklist for agreement files that describes what pre- and post-award documentation is required under current DOT and NHTSA policies.

No. 9 to OST

Provide guidance to OAs to reinforce a common definition of R&D for use when determining whether a financial assistance award needs to be identified as R&D.

No. 10 to OST

Develop and implement a risk-based methodology for reviewing a number of grantee reimbursement requests in detail on a regular basis.

Closed on 05.03.2019
$9,900
No. 11 to OST

Recover $1,900 in unallowable costs and take appropriate action to determine whether $8,000 in computer equipment costs was reasonable,and if not, seek recovery of these funds as well.

No. 12 to OST

Update the checklist for agreement files that describes what pre- and post-award documentation is required under current DOT and OST-R policies.

Closed on 11.05.2019
No. 13 to OST

Revise DOT financial assistance policies to require that OAsdefine what administrative requirements apply to agreements with for-profit andforeign recipients.

No. 14 to OST

Revise DOT financial assistance policies to specify what officials are authorized to approve justifications for awarding financial assistance without full and open competition.

No. 15 to OST

Develop and issue guidance to OAs for clearly identifying awards as R&D.

Audit Report: AV2019050 issued on 04.23.2019
FAA Has Taken Steps To Advance the SENSR Program, but Opportunities and Risks Remain
No. 1 to FAA

Develop and implement an integrated Schedule, Budget, and Organizational Chart that incorporates all the partner agencies for the SENSR program.

Closed on 09.25.2019
No. 2 to FAA

Develop and implement a plan to identify and mitigate risks associated with the integration of SENSR into NextGen programs as well as into systems throughout the NAS.

Audit Report: ZA2019049 issued on 04.09.2019
Several Factors Limit DOT’s Ability To Efficiently Utilize Its Office Space
No. 1 to OST

Develop, document, and implement a supplemental guide to DOT's Office Space Design Standard Policy (Policy) to provide the Department and its Operating Administrations (OA) guidance for applying the Agency's utilization standard to existing office space—including those spaces that DOT continues to occupy under new agreements—and clarify those terms related to the application of the standard, as identified in this report—i.e., new acquisitions

$2,100,000
No. 2 to OST

Develop, document, and implement an internal control process to apply when an OA is planning to acquire or continue to occupy an office space that exceeds the Agency's utilization standard. At a minimum, the process should require the OA to justify with documented evidence that it has implemented a different standard based on mission requirements or that applying the Department's standard will not be cost-effective or a best value option. Implementing this recommendation could potentially put $2.1 million in funds to better use by preventing DOT from paying for unneeded space that exceeds the Agency's utilization standard.

No. 3 to OST

Develop, document, and implement a supplemental guide to DOT's Policy to provide OAs guidance on how to determine peak occupancy and accurately calculate the utilization rates for DOT office spaces in compliance with the methodology prescribed in the Policy.

No. 4 to OST

Develop and implement a process for tracking DOT office spaces and their utilization rates. At a minimum, this process should include the ability to track staff counts and a requirement for the OAs to regularly maintain and report up-to-date data.

No. 5 to OST

Develop, document, and implement departmentwide guidance on how all OAs are to conduct regular reviews of their office spaces to identify and execute cost-efficiency opportunities.

Audit Report: ZA2019048 issued on 04.03.2019
FTA has an Opportunity To Further Promote Lessons Learned To Enhance the Protection of Rolling Stock at Transit Agencies
Closed on 05.13.2019
No. 1 to FTA

Supplement FTA's existing guidance by developing and implementing additional procedures to promote lessons learned.

Closed on 05.13.2019
No. 2 to FTA

Provide transit agencies with a centralized source for lessons learned and encourage them to regularly refer to it when updating their processes to protect rolling stock.

Audit Report: SA2019046 issued on 03.27.2019
Report on a Single Audit of the Medallion Foundation, Inc., Anchorage, AK
Closed on 08.14.2019
No. 1 to FAA

Ensures that the Foundation complies with the reporting requirements.

Audit Report: SA2019047 issued on 03.27.2019
Report on a Single Audit of the Native Village Kluti-Kaah, Copper Center, AK
No. 1 to FHWA

Ensures that the Native Village complies with the reporting requirements.

Audit Report: SA2019043 issued on 03.27.2019
Report on a Single Audit of the Southern California Regional Rail Authority, Los Angeles, CA
No. 1 to FTA

Ensures that the Authority complies with the equipment and real property management requirements.

Audit Report: SA2019044 issued on 03.27.2019
Report on a Single Audit of the City of Wolf Point, Wolf Point, MT
No. 1 to FAA

Ensure that the City complies with the procurement and suspension and debarment requirements.

Audit Report: FI2019042 issued on 03.27.2019
Independent Auditors’ Management Letter on the Saint Lawrence Seaway Development Corporation’s Audited Financial Statements for Fiscal Years 2018 and 2017
Closed on 09.19.2019
No. 1 to SLSDC

Provide training to warehouse staff to reinforce the proper procedures for processing and recording inventory transactions.

Closed on 09.19.2019
No. 2 to SLSDC

Continue to work with the service provider to correct system deficiencies that are causing processing errors for returned items.

Audit Report: SA2019045 issued on 03.27.2019
Report on a Single Audit of the St. Joseph County Airport Authority, South Bend, IN
Closed on 08.26.2019
No. 1 to FAA

Ensures that the Authority complies with the special tests and provisions requirements.

Audit Report: QC2019025 issued on 03.26.2019
Quality Control Review of the Management Letter for the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2018 and 2017
No. 1 to FAA

KPMG recommends that FAA perform a review of the accounts payable accrual, including the procurement samples selected and their fiscal year allocation, at a level of precision to identify errors in order to prevent a potential misstatement.

No. 2 to FAA

KPMG recommends that FAA develop and implement policies and procedures to ensure that all assets that meet the criteria for the EC&D liability are included in the facility quantities report and that any converted assets are properly removed and re-included in the report under the new facility contraction.

No. 3 to FAA

KPMG recommends that FAA develop and implement policies and procedures to ensure that all assets are recorded with the appropriate useful life based on the asset dictionary.

No. 4 to FAA

KPMG recommends that FAA develop and implement policies and procedures to ensure accurate accounting for internal use software assets in accordance with SFFAS 10.

Audit Report: SA2019038 issued on 03.26.2019
Report on a Single Audit of the City of Long Beach, Long Beach, NY
No. 1 to FTA

Ensures that the City complies with the allowable costs/cost principles requirements.

$1,656
No. 2 to FTA

Recovers $1,656 from the City, if applicable.

Audit Report: SA2019039 issued on 03.26.2019
Report on a Single Audit of the Greater New Haven Transit District, Hamden, CT
No. 1 to FTA

Ensures that the District complies with the activities allowed or unallowed requirements.

Closed on 07.31.2019
$221,551
No. 2 to FTA

Recovers $221,551 from the District, if applicable.

Audit Report: SA2019032 issued on 03.26.2019
Report on a Single Audit of the Metro Regional Transit Authority, Akron, OH
No. 1 to FTA

Ensure that the Metro Regional Transit Authority complies with the special tests and provisions requirements.

Audit Report: SA2019033 issued on 03.26.2019
Report on a Single Audit of the Worcester Regional Transit Authority, Worcester, MA
Closed on 07.31.2019
No. 1 to FTA

Ensures that the Authority complies with the cash management requirements.

Audit Report: SA2019040 issued on 03.26.2019
Report on a Single Audit of the City of Bangor, Bangor, ME
Closed on 07.29.2019
No. 1 to FTA

Ensures that the City complies with procurement and suspension and debarment requirements.

Closed on 07.29.2019
$81,888
No. 2 to FTA

Recovers $81,888 from the City, if applicable.

Audit Report: SA2019034 issued on 03.26.2019
Report on a Single Audit of the Puerto Rico Highways and Transportation Authority, San Juan, PR
No. 1 to FTA

Ensures that the Authority complies with the subrecipient monitoring requirements.

No. 2 to FHWA

Ensures that the Authority complies with the activities allowed or unallowed requirements.

$74,746
No. 3 to FHWA

Recovers $74,746 from the Authority, if applicable.

Audit Report: SA2019041 issued on 03.26.2019
Report on a Single Audit of the State of West Virginia, Charleston, WV
No. 1 to FHWA

Ensures that the State complies with period of performance requirements.

$3,644,218
No. 2 to FHWA

Recovers $3,644,218 from the State, if applicable.

No. 3 to FHWA

Ensures that the State complies with the special tests and provisions requirements.

$2,877,461
No. 4 to FHWA

Recovers $2,877,461 from the State, if applicable.

Audit Report: SA2019035 issued on 03.26.2019
Report on a Single Audit of the City of Phoenix, Phoenix, AZ
No. 1 to FTA

Ensures that the City complies with the subrecipient monitoring requirements.

Audit Report: SA2019036 issued on 03.26.2019
Report on a Single Audit of the New Mexico Department of Transportation, Santa Fe, NM
No. 1 to FHWA

Ensures that the Department complies with the subrecipient monitoring requirements.

Audit Report: SA2019037 issued on 03.26.2019
Report on a Single Audit of Macon-Bibb County, Macon, GA
No. 1 to OST

Ensures that the County complies with the reporting requirements.

Audit Report: SA2019026 issued on 03.25.2019
Report on a Single Audit of the City of Columbus, Columbus, IN (2016)
No. 1 to FTA

Ensure that the City comply with the Allowable Costs/Cost Principles requirement.

$83,547
No. 2 to FTA

Recover $83,547 from the City, if applicable.

No. 3 to FTA

Ensure that the City comply with the Allowable Costs/Cost Principles requirements.

$30,335
No. 4 to FTA

Recover $30,335 from the City, if applicable.

No. 5 to FTA

Ensure that the City comply with cash management requirements.

$13,465
No. 6 to FTA

Recover $13,465 from the City, if applicable.

Audit Report: SA2019029 issued on 03.25.2019
Report on a Single Audit of White County, Monticello, IN (2017)
Closed on 07.31.2019
No. 1 to FAA

Ensures that the County complies with the Reporting requirements.

Audit Report: SA2019030 issued on 03.25.2019
Report on a Single Audit of White County, Monticello, IN (2016)
Closed on 07.31.2019
No. 1 to FAA

Ensures that the County complies with the Reporting requirements.

Audit Report: SA2019027 issued on 03.25.2019
Report on a Single Audit of the City of Columbus, Columbus, IN (2017)
No. 1 to FTA

Ensure that the City complies with the activities allowed or unallowed requirements.

$41,733
No. 2 to FTA

Recover $41,733 from the City, if applicable.

No. 3 to FTA

Ensure that the City complies with the allowable costs/cost principles requirements.

$107,181
No. 4 to FTA

Recover $107,181 from the City, if applicable.

No. 5 to FTA

Ensure that the City complies with the matching, level of effort, earmarking requirements.

$8,067
No. 6 to FTA

Recover $8,067 from the City, if applicable.

Audit Report: SA2019031 issued on 03.25.2019
Report on a Single Audit of the Frankfort Airport Authority, Frankfort, IN
Closed on 07.31.2019
No. 1 to FAA

Ensures that the Authority complies with the internal control requirements.

Audit Report: SA2019028 issued on 03.25.2019
Report on a Single Audit of the Massachusetts Bay Transit Authority, Boston, MA
No. 1 to FTA

Ensures that the Authority complies with the equipment and real property management requirements.

No. 2 to FTA

Ensures that the Authority complies with the reporting requirements.

No. 3 to OST

Ensures that the Authority complies with the reporting requirements.

Audit Report: AV2019021 issued on 03.20.2019
FAA Has Made Progress But Additional Actions Remain To Implement Congressionally Mandated Cyber Initiatives
Closed on 10.28.2019
No. 1 to FAA

Develop a plan with target dates to address the Working Group's four deferred recommendations to enhance aircraft systems cybersecurity.

No. 2 to FAA

Develop a plan with target dates to finalize the application of CyRM to the mission support and research and development areas, and determine when full application of CyRM will occur.

No. 3 to FAA

Establish priorities for FAA-led research and development activities and incorporate these priorities into the budget process.

Audit Report: FI2019023 issued on 03.20.2019
FISMA 2018: DOT’s Information Security Program and Practices
No. 1 to OST

Develop policy and procedures to verify and validate theaccuracy and completeness of the Department's key FISMA information repositoryand tool, currently the Cyber Security Assessment and Management tool (CSAM).

No. 2 to OST

Direct OCIO to follow policy and conduct annual cybersecurity performance analysis reviews of OAs' cybersecurity programs, and submit reports to OAs with recommendations to address cybersecurity weaknesses.

No. 3 to OST

Develop a process and policy where applicable to ensure the Department develops and maintain a comprehensive and accurate inventory of cloud systems, contractor systems, and websites that the public can access.

No. 4 to OST

Direct OST to prioritize and resolve COE security weaknesses identified by assessor, and develop POA&Ms that realistically reflect resources and timeframes for completions of these actions.

No. 5 to OST

Direct OST to establish MOUs that delineate the responsibilities for COE common controls with each of the following OAs: FHWA, FMCSA, FRA, FTA, OIG, MARAD, SLSDC, and NHTSA.

No. 6 to OST

Direct OAs (FAA, FHWA, FMCSA, FRA, FTA, OST, PHMSA, MARAD, and NHTSA) with weaknesses in data protection and privacy to update the status and develop POA&Ms to address the weaknesses.

No. 7 to OST

Update specialized training guidance in DOT Cybersecurity Action Memos policy and DOT Cybersecurity Compendium policy to clearly define requirements.

No. 8 to OST

Enhance security awareness training policy to define processes to tailor this training to DOT's unique environment and use feedback to enhance its program.

No. 9 to OST

Develop and define a taxonomy that describes the content of the hardware and software inventory and the process to assemble, verify and maintain adequate support for the inventory data as well as the related information reported to OMB and other external parties.

No. 10 to OST

Develop a process to define its performance measures--that consider DOT's business environment--to assess the effectiveness of DOT's information security program, including its ISCM program.

No. 11 to OST

Using NIST guidance, test and authorize CDM applications (such as BigFix) that have been placed into operation on DOT's networks without proper security control assessments.

No. 12 to OST

Provide enterprise wide specialized training on contingencyplanning and testing on a periodic basis to appropriate security officials andstakeholders. Training should reinforcecrucial role contingency planning and testing plays in an effective informationsecurity program.

Audit Report: QC2019024 issued on 03.20.2019
Quality Control Review of the Management Letter for the Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2018 and 2017
No. 1 to FAA

KPMG recommends that ESC develop, implement, and document a timeline for journal vouchers to be approved and posted.

No. 2 to FAA

KPMG recommends that ESC establish a review control, with the appropriate level of precision, to ensure journal vouchers are posted in a timely manner and in accordance with the above policy.

No. 3 to FHWA

KPMG recommends that FHWA management develop and implement a process to require documentation of the UPACS audit log review to be maintained to include documentation of the date reviewed, person who reviewed the log, and any follow-up actions required.

No. 4 to FHWA

KPMG recommends that FHWA management update the UPACS standard operating procedures or other appropriate documentation to reflect the new audit log review process.

No. 5 to FHWA

KPMG recommends that FHWA management develop a process to ensure the review of FMIS5 application access is completed by all divisions.

No. 6 to FHWA

KPMG recommends that FHWA management update the FMIS5 standard operating procedures or other appropriate documentation to reflect the new review process.

No. 7 to FHWA

KPMG recommends that FHWA management strengthen policies and procedures that require terminated user accounts to be removed from UPACS in a timely manner.

No. 8 to FHWA

KPMG recommends that FHWA management update the UPACS standard operating procedures documents to reflect the new requirements.

Audit Report: ST2019020 issued on 03.13.2019
FHWA Lacks Adequate Oversight and Guidance for Engineer’s Estimates
No. 1 to FHWA

Develop and implement an action plan that establishes target action dates and assigns responsibility for following up on the key recommendations from the 2015 National Review of State Cost Estimation Practice.

No. 2 to FHWA

Update FHWA's Guidelines on Preparing Engineer's Estimate, Bid Reviews, and Evaluation (2004 Guidance) to include: a. Estimating guidance for more recent project delivery methods, such as design-build and construction manager/general contractor and, b. Guidelines to account for contingencies and inflation when developing Engineer's Estimates.

No. 3 to FHWA

Assess the validity and applicability of the threshold in FHWA's 2004 Guidance that is used to measure the accuracy of Engineer's Estimates.

No. 4 to FHWA

Develop and implement an oversight process for Engineer's Estimates that assesses whether States are following FHWA's guidance and thresholds.

Audit Report: ST2019019 issued on 03.06.2019
FHWA Needs To Clarify Roles and Processes for Approving and Monitoring Public-Private Partnerships
No. 1 to FHWA

Require FHWA Headquarters and Division Offices to follow established procedures for reviewing and approving initial financial plans to ensure they include an assessment of the appropriateness of a P3 for project delivery.

No. 2 to FHWA

Revise and issue guidance to communicate to FHWA staff and stakeholders the processes FHWA will use to take Federal stewardship considerations into account in approving P3 projects. This guidance should address FHWA's role, if any, in the assessment of traffic and revenue assumptions.

No. 3 to FHWA

Develop and issue Agencywide guidance identifying risks specific to P3 projects that Division Offices should consider in their risk assessments of State and local transportation agencies' Federal-aid construction programs.

No. 4 to FHWA

Consult with the Build America Bureau to define FHWA's and the Bureau's roles and responsibilities during the Operations and Maintenance phase for P3 projects.

No. 5 to FHWA

Develop and issue guidance to internal and external stakeholders communicating the processes FHWA will use to oversee P3 projects, including during the Operations and Maintenance phase for P3 projects that remain funded by Federal loans.

Audit Report: SA2019017 issued on 02.13.2019
Report on a Single Audit of the Kiowa Tribe of Oklahoma, Carnegie, OK
No. 1 to FHWA

Ensures that the Tribe complies with the procurement and suspension and debarment requirements.

$1,531,442
No. 2 to FHWA

We recommend that FHWA recovers $1,531,442 from the Tribe, if applicable.

Audit Report: AV2019015 issued on 12.18.2018
Most Public Agencies Comply With Passenger Facility Charge Program Requirements, But FAA Can Improve the Use of Its Oversight Tools
No. 1 to FAA

Establish specific timeframes for issuing audit reports and verify that public agencies' independent audits are performed annually.

No. 2 to FAA

Update FAA's policy and procedures to require Airport District Offices (ADO) to obtain and review complete audit reports and ensure all required audit opinions are included.

No. 3 to FAA

Develop and implement procedures to ensure PFC expenditures at the Gary, IN, airport are independently audited, including the $18.3 million identified in our report.

No. 4 to FAA

Develop and implement policies and procedures for verifying that public agencies report accurate PFC collection and expenditure information to FAA.

No. 5 to FAA

Develop and implement policies and procedures that require ADO staff to consistently record certain items in the System of Airport Reporting database to enhance its oversight of the PFC program, such as the receipt of independent audit reports, PFC-related findings reported by independent auditors, follow-up actions and comments discussed with the public agency, status of audit findings, and whether the findings are repeated from prior years.

No. 6 to FAA

Develop a methodology to review completed PFC projects that determines whether they are achieving intended program goals, and identifies best practices and opportunities for improvement.

Audit Report: FI2019014 issued on 12.04.2018
DOT Has Not Met Federal Targets for Implementing Components of Its Information Security Continuous Monitoring Program
No. 1 to OST

To improve the DOT's information security continuous monitoring program, DOT Chief Information Officer needs to update the department's federal information security modernization act standard operating procedures to include steps for verifying the accuracyand completeness of the Federal Aviation Administration's (FAA) CrossAgency Priority (CAP) goal metrics.

No. 2 to FAA

To improve the accuracy and completeness of the data FAA uses to report on its CAP goal metrics, the Federal Aviation Administrator needs to implement procedures that: define the requirements for selecting the operating systems to be monitored; criteria for determining which tools should be used to collect data for the CAP goal metrics; and verify the accuracy and completeness of the CAP goal metrics.

No. 3 to FAA

To improve the accuracy and completeness of the data FAA uses to report on its CAP goal metrics, the Federal Aviation Administrator needs to develop and implement controls for verifying, validating, and retainingdata used to report on CAP performance-based goal metrics.

Audit Report: AV2019013 issued on 11.27.2018
FAA Remains Several Years Away From a Standardized Controller Scheduling Tool
No. 1 to FAA

Develop an implementation plan for deploying a scheduling system for controllers that includes schedule milestones, system requirements, risk assessment and mitigation, and funding requirements.

No. 2 to FAA

Assess and quantify the expected benefits of a customized controller scheduling tool.

Audit Report: QC2019011 issued on 11.15.2018
Quality Control Review of the Independent Auditor’s Report on the Surface Transportation Board’s Audited Financial Statements for Fiscal Years 2018 and 2017
No. 1 to STB

LSC recommends STB discuss with ESC officials the need to substantially strengthen its system of review over financial information processed for the STB.

No. 2 to STB

LSC recommends STB require ESC to determine the cause(s) for the instances of incorrect and/or improper accounting and financial reporting of STB data, and to take appropriate corrective actions to address these continuing problems.

No. 3 to STB

LSC recommends STB ensure that the proper accounting procedures are in place and operating effectively for year-end financial statements when posting the costs incurred by contractors with advances.

No. 4 to STB

LSC recommends STB develop a STB policy that: 1) implements the BFS guidance relating to interagency agreements; 2) identifies the responsibilities for the STB and its service provider; and 3) establishes a standard set of processes that support the recording, reporting, reconciliation, and measurement of intergovernmental activity and any identified differences.

No. 5 to STB

LSC recommends STB ensure that actions are taken prior to the end of the fiscal year to address the differences identified in the FY 2018 report.

Audit Report: QC2019010 issued on 11.15.2018
Quality Control Review of the Independent Auditor’s Report on the Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2018 and 2017
No. 1 to FAA

KPMG recommends that DOT management develop sufficient procedures and controls to address the identified GITC control deficiencies.

No. 2 to FAA

KPMG recommends that DOT management monitor progress to ensure that the GITC procedures and controls are implemented and operating effectively.

No. 3 to FHWA

KPMG recommends that DOT Management perform a thorough and detailed review of the overall TIFIA cashflow model functionality and implementation to ensure that all assumptions areproperly applied in the execution of the cash flow projections.

No. 4 to FHWA

KPMG recommends that DOT consider automating the calculations that are performed manually to reduce risk of misapplication of assumptions due to human error.

Audit Report: QC2019009 issued on 11.14.2018
Quality Control Review of the Independent Auditor’s Report on the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2018 and 2017
No. 1 to FAA

KPMG recommends that FAA management develop sufficient procedures and controls to address the identified GITC control deficiencies.

No. 2 to FAA

KPMG recommends that FAA management monitor progress to ensure that the GITC procedures and controls are implemented and operating effectively.

No. 3 to FAA

KPMG recommends that FAA management design and document policies, procedures, and controls related to the review of inventory shop orders that include standardized reports, an appropriate precision threshold for required analysis or follow-up, and evidence of review.

No. 4 to FAA

KPMG recommends that FAA management design and implement policies and procedures to conduct a held for repair unit cost calculation review, including approvals of adjustments due to unique circumstances.

No. 5 to FAA

KPMG recommends that FAA management revise its existing policy of expensing all projects initiated via RE&D funding, to include projects that have progressed beyond the preliminary design stage, and design and implement controls at the appropriate level of precision to determine whether projects should be expensed or capitalized, in accordance with the applicable accounting standards.

Audit Report: QC2019007 issued on 11.13.2018
Quality Control Review of the Independent Auditor’s Report on the National Transportation Safety Board’s Financial Statements for Fiscal Years 2018 and 2017
Closed on 09.18.2019
No. 1 to NTSB

Allmond recommends that NTSB management redesign itsprovisioning process to require that when access is modified a new systemaccess request form is completed to reflect this change.

Closed on 09.18.2019
No. 2 to NTSB

Allmond recommends NTSB require the completion andsubmission of an Oracle Federal Financial (OFF) User Access Form to the serviceprovider immediately upon separation of an OFF user from the agency and monitoragency separations on a weekly basis to align with user access terminationpolicies in place for other agency information systems.

Audit Report: FI2019008 issued on 11.13.2018
Independent Auditors’ Report on the St. Lawrence Seaway Development Corporation’s Financial Statements for Fiscal Years 2018 and 2017
Closed on 09.19.2019
No. 1 to SLSDC

Retrain responsible property custodians on the proper procedures for retiring and disposing of assets in a timely manner.

Closed on 09.19.2019
No. 2 to SLSDC

Strengthen policies and controls to assess construction in progress projects to expense costs that are no longer capitalizable.

Closed on 09.19.2019
No. 3 to SLSDC

Perform a review of the net book values for recorded PP&E assets to ensure no other anomalies for converted assets or conversion errors occurred and make adjustments to correct asset values if needed.

Audit Report: AV2019005 issued on 11.07.2018
Opportunities Exist for FAA To Strengthen Its Review and Oversight Processes for Unmanned Aircraft System Waivers
No. 1 to FAA

Conduct a workforce assessment of the staff assigned to review airspace waiver and authorization requests to determine if Air Traffic Organization (ATO) staffing is adequate, and take appropriate action based on the results.

Closed on 10.15.2019
No. 2 to FAA

Assess performance statistics for ATO's non-automated airspace waiver request process to determine if establishing volume and timeliness goals would enhance the process and if so, develop and implement these goals.

Closed on 04.22.2019
No. 3 to FAA

Use performance metrics for Low Altitude Authorization and Notification Capability (LAANC) to evaluate the system's effect on application processing volume and timeliness and take appropriate action based on the results.

Closed on 03.06.2019
No. 4 to FAA

Develop and implement internal controls to improve consistency in the use of standard template responses when corresponding with applicants regarding requests for information.

Closed on 08.28.2019
No. 5 to FAA

Update National Flight Standards Work Program Guidelines to require field offices perform inspections on a sample of commercial UAS operators in their area for a 2-year period, which will increase available inspection data for creating a risk profile of UAS.

Closed on 04.17.2019
No. 6 to FAA

Using available inspection and risk data, develop a baseline risk assessment profile of small commercial UAS operators, including those operators with waivers and airspace authorizations, to inform inspector surveillance planning decisions, as well as procedures to periodically update this risk assessment profile using future inspection data.

Closed on 08.28.2019
No. 7 to FAA

Issue guidance to field offices regarding where and how to obtain Agency information on waiver and/or authorization-holding UAS operators, to help inform their inspection planning.

Closed on 02.12.2019
No. 8 to FAA

Provide clarifying guidance to UAS operators on FAA's website or by other means regarding the small UAS rule provision relating to operations "over people."

Audit Report: AV2019004 issued on 11.07.2018
FAA Has Taken Steps To Address ERAM Outages, but Some Vulnerabilities Remain
No. 1 to FAA

Develop and implement contingency plan testing to validatethe effectiveness of techniques and procedures to react to and recover fromERAM outages, with air traffic controllers' and maintenance technicians'participation.

No. 2 to FAA

Evaluate, develop, and implement training, consistent with NIST guidelines, for maintenance technicians and air traffic control staff forresponding to ERAM in degraded system conditions and outages.

No. 3 to FAA

Upon completion of the safety review regarding removing ERAM's current backup system, determine what backup capability is required for ERAM and then develop and implement that capability.

Audit Report: QC2019001 issued on 10.24.2018
Quality Control Review of an Independent Auditor’s Report on the Surface Transportation Board’s Information Security Program and Practices
No. 1 to STB

Fully develop and implement a risk management strategy and the supporting procedures for maintaining an accurate system inventory.

Closed on 07.19.2019
No. 2 to STB

Develop a configuration management plan with supporting policies and procedures and ensure that the existing Change Management Charter aligns with the plan.

No. 3 to STB

Develop an ICAM strategy to guide its ICAM process and activities, and modify existing identity and access management policies and procedures to adequately address: a.) Processes to request, modify, and revoke privileged and non-privileged access; and b.) Processes to ensure separation of duties within the organization.

Closed on 07.19.2019
No. 4 to STB

Fully implement the use of PIV cards for personnel to access STB's facilities.

No. 5 to STB

Develop a privacy program, including related plans, policies and procedures, for the protection of personally identifiable information that is collected used, maintained, shared and disposed of by STB's information systems. Furthermore, identify roles and responsibilities for data exfiltration exercises.

Closed on 07.19.2019
No. 6 to STB

Develop an Incident Response plan in accordance with NIST 800-61, rev. 2.

Closed on 05.02.2019
No. 7 to STB

Modify incident response policies and procedures to incorporate the most recent incident attack vectors taxonomy in accordance with US-CERT.

Audit Report: SA2018096 issued on 09.12.2018
Report on a Single Audit of the Territory of American Samoa, Pago Pago, AS
No. 1 to FAA

Ensures that the Territory complies with the equipment and real property requirements.

No. 2 to FAA

Ensures that the Territory complies with the special tests and provisions requirements.

$264,077
No. 3 to FAA

Recovers $264,077 from the Territory, if applicable.

Audit Report: QC2018095 issued on 09.12.2018
Quality Control Review of the Independent Service Auditor’s Report on DOT’s Enterprise Services Center
Closed on 04.18.2019
Sensitive
No. 1 to OST

Sensitive information redacted

Closed on 12.17.2018
Sensitive
No. 2 to OST

Sensitive information redacted

Closed on 07.29.2019
No. 3 to OST

Ensure that Access Control Officers complete the quarterly access reviews over the current active user accounts and associated roles within Delphi Financial Application, including iSupplier, to help ensure access is authorized and commensurate with job responsibilities.

Closed on 12.17.2018
Sensitive
No. 4 to OST

Sensitive information redacted

Closed on 04.18.2019
Sensitive
No. 5 to OST

Sensitive information redacted

Closed on 12.17.2018
Sensitive
No. 6 to OST

Sensitive information redacted

Closed on 12.17.2018
Sensitive
No. 7 to OST

Sensitive information redacted

Closed on 07.23.2019
Sensitive
No. 8 to OST

Sensitive information redacted

Closed on 07.23.2019
Sensitive
No. 9 to OST

Sensitive information redacted

Closed on 04.29.2019
Sensitive
No. 10 to OST

Sensitive information redacted

Closed on 08.28.2019
Sensitive
No. 11 to OST

Sensitive information redacted

Audit Report: SA2018097 issued on 09.12.2018
Report on a Single Audit of the Navajo Nation, Window Rock, AZ
No. 1 to FHWA

We recommend that FHWA ensures that the Navajo Nation complies with the equipment and real property requirements.

Audit Report: SA2018098 issued on 09.12.2018
Report on a Single Audit of the National Railroad Passenger Corporation and Subsidiaries (Amtrak), Washington, DC
No. 1 to FRA

Ensures that AMTRAK complies with the equipment and real property management requirements.

Audit Report: FI2018101 issued on 09.12.2018
Improvements Are Needed To Strengthen FAA’s Oversight of eInvoicing and AIP Grant Payments
No. 1 to FAA

Develop and implement controls for periodically verifying that RO/ADO program managers are implementing FAA's policy for (a) assigning and monitoring grantee risk ratings, as required; (b) performing manual approvals, when required; and (c) performing quarterly reviews and, when applicable, modifying grantee risk ratings according to FAA guidance.

Closed on 09.24.2019
No. 2 to FAA

Formally request that OST Delphi system managers modify the wording of the warning message to AIP grantees to specifically state when documentation has not been attached to payment requests and that such documentation is required by FAA policy and the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERA).

Closed on 09.24.2019
No. 3 to FAA

Formally request that OST Delphi system managers implement a function that denies AIP payments to grantees that do not provide the required supporting documentation at the time of the payment request.

No. 4 to FAA

Update FAA policy to include the availability of existing Delphi eInvoicing training and communicate the policy revision to all AIP grantees.

$102,323
No. 5 to FAA

Develop and implement a plan to recover the $102,323 in questioned and unsupported costs identified in this report.

No. 6 to FAA

Communicate to AIP grantees FAA's policy requirement for maintaining all original documentation that supports grant payments and confirm that all grantees have acknowledged this requirement.

No. 7 to FAA

Update AIP payment policy to include a specific requirement that grantees submit payment requests on invoiced costs incurred up to the allowable Federal share, and communicate the revision to all AIP grantees.

No. 8 to FAA

Improve existing training for RO/ADO program managers to follow the AIP Handbook requirements for amending grant agreements when expanding project descriptions.

Audit Report: SA2018099 issued on 09.12.2018
Report on a Single Audit of the Republic of Palau, Koror, PW
Closed on 07.30.2019
No. 1 to FAA

Ensures that the Republic complies with the equipment and real property management requirements.

Audit Report: SA2018100 issued on 09.12.2018
Report on a Single Audit of the Middletown Transit District, Middletown, CT
Closed on 07.31.2019
No. 1 to FTA

Ensures that the District complies with the procurement and suspension and debarment requirements.

Audit Report: SA2018088 issued on 09.11.2018
Report on a Single Audit of the State of Vermont, Montpelier, VT
Closed on 08.14.2019
No. 1 to NHTSA

Ensures that the State complies with the reporting requirements.

Closed on 08.14.2019
No. 2 to NHTSA

Ensures that the State complies with the matching, level of effort, earmarking requirements.

Audit Report: SA2018089 issued on 09.11.2018
Report on a Single Audit of the Metropolitan Transit Authority of Harris County, Houston, TX
Closed on 08.14.2019
No. 1 to FTA

Ensures that the Authority complies with the subrecipient monitoring requirements.

Audit Report: SA2018090 issued on 09.11.2018
Report on a Single Audit of the Chicago Transit Authority, Chicago, IL
Closed on 07.30.2019
No. 1 to FTA

Ensures that the Authority complies with the reporting requirements.

Audit Report: SA2018091 issued on 09.11.2018
Report on a Single Audit of the State of Michigan, Lansing, MI
Closed on 09.24.2019
No. 1 to NHTSA

Ensures that the State complies with the matching, level of effort, earmarking requirements.

Audit Report: SA2018092 issued on 09.11.2018
Report on a Single Audit of the Confederated Tribes of the Colville Reservation, Nespelem, WA
Closed on 08.14.2019
No. 1 to FHWA

Ensures that the Confederated Tribes complies with the reporting requirements.

Audit Report: SA2018086 issued on 09.11.2018
Report on a Single Audit of the South Carolina Department of Transportation, Columbia, SC
Closed on 07.17.2019
No. 1 to FHWA

Ensures that the SC DOT complies with proper accounting requirements for accounts receivable and accounts payable.

Audit Report: SA2018093 issued on 09.11.2018
Report on a Single Audit of the Mississippi Coast Transportation Authority, Gulfport, MS
Closed on 05.24.2019
No. 1 to FTA

Ensures that the Authority complies with the matching requirements.

Closed on 07.18.2019
$2,787
No. 2 to FTA

Recovers $2,787 from the Authority, if applicable.

Audit Report: SA2018087 issued on 09.11.2018
Report on a Single Audit of Rutgers University, Piscataway, NJ
No. 1 to OST

Ensures that the University complies with the allowable costs/cost principles requirements.

$8,954
No. 2 to OST

Recovers $8,954 from the University, if applicable.

No. 3 to FTA

ensures that the University complies with the allowable costs/cost principles requirements.

$9,377
No. 4 to FTA

Recovers $9,377 from the University, if applicable.

Audit Report: SA2018094 issued on 09.11.2018
Report on a Single Audit of the Commonwealth of the Northern Mariana Islands, Saipan, MP
No. 1 to FHWA

Ensures that the Commonwealth complies with the equipment and real property management requirements.

Audit Report: SA2018080 issued on 09.10.2018
Report on a Single Audit of the City and County of Honolulu, Honolulu, HI
No. 1 to FTA

Ensures that the City and County complies with the activities allowed or unallowed and allowable costs/cost principles requirements.

$24,080,771
No. 2 to FTA

Recovers $24,080,771 from the City and County, if applicable.

No. 3 to FTA

Ensures that the City and County complies with the reporting requirements.

Audit Report: SA2018085 issued on 09.10.2018
Report on a Single Audit of the Crow Tribe of Indians, Crow Agency, MT
No. 1 to FHWA

Ensures that the Tribe complies with the cash management requirements.

$3,077,574
No. 2 to FHWA

Recovers $3,077,574 from the Tribe, if applicable.

No. 3 to FHWA

Ensures that the Tribe complies with the activities allowed/allowable costs and cost principles requirements.

$22,691
No. 4 to FHWA

Recovers $22,691 from the Tribe, if applicable.

No. 5 to FHWA

Ensures that the Tribe complies with the equipment and real property requirements.

No. 6 to FHWA

Ensures that the Tribe complies with the period of performance requirements.

No. 7 to FHWA

Ensures that the Tribe complies with the special tests and provisions requirements.

Audit Report: SA2018078 issued on 09.10.2018
Report on a Single Audit of the Capital Area Transit Authority, Lansing, MI
No. 1 to FTA

Ensures that the Authority complies with the cash management requirements.

$30,641
No. 2 to FTA

We recommend FTA recovers $30,641 from the Authority, if applicable.

Audit Report: SA2018081 issued on 09.10.2018
Report on a Single Audit of the State of Louisiana, Baton Rouge, LA
Closed on 09.26.2019
No. 1 to FTA

Ensures that the State complies with the subrecipient monitoring requirements.

Closed on 09.26.2019
$106,181
No. 2 to FTA

Recovers $106,181 from the State, if applicable.

Audit Report: SA2018079 issued on 09.10.2018
Report on a Single Audit of the State of Montana, Helena, MT
No. 1 to FHWA

Ensures that the State complies with the cash management requirements.

No. 2 to FHWA

Ensures that the State complies with the subrecipient monitoring requirements.

Closed on 07.17.2019
No. 3 to FHWA

Ensures that the State complies with the activities allowed or unallowed requirements.

Closed on 07.17.2019
$900,000
No. 4 to FHWA

Recovers $900,000 from the State, if applicable.

Closed on 07.17.2019
$143,000
No. 5 to FHWA

Recovers $143,000 from the State, if applicable.

No. 6 to FHWA

Ensures that the State complies with the special tests and provisions requirements.

Closed on 07.30.2019
No. 7 to FTA

Ensures that the State complies with the reporting requirements.

Audit Report: SA2018082 issued on 09.10.2018
Report on a Single Audit of the Massachusetts Bay Transportation Authority, Boston, MA
No. 1 to FTA

Ensures that the Authority complies with the equipment and real property management requirements.

No. 2 to OST

Ensures that the Authority complies with the equipment and real property management requirements.

Audit Report: SA2018083 issued on 09.10.2018
Report on a Single Audit of the City of Union City, Union City, CA
Closed on 09.03.2019
No. 1 to FTA

Ensures that the City complies with the subrecipient monitoring requirements.

$2,780,059
No. 2 to FTA

Recovers $2,780,059 from the City, if applicable.

Audit Report: SA2018084 issued on 09.10.2018
Report on a Single Audit of the City of Atlanta, Atlanta, GA
No. 1 to OST

Ensures that the City complies with reporting requirements.

No. 2 to OST

Ensures that the City complies with subrecipient monitoring requirements.

Audit Report: ST2018076 issued on 08.22.2018
DOT Operating Administrations Can Better Enable Referral of Potentially Criminal Activity to OIG
No. 1 to OST

Update DOT Orders 8000.8 and 8000.5A and make them available to DOT employees.

No. 2 to OST

Require that Operating Administrations align any criminal referral procedures with updated DOT Orders.

No. 3 to OST

Implement an annual mandatory training requirement on DOT employees' responsibility to report fraud, waste, and abuse to the OIG and requirements in DOT Orders 8000.8 and 8000.5A.

Audit Report: SA2018075 issued on 08.22.2018
Report on a Single Audit of the Metropolitan Council of the Twin Cities Area, St. Paul, MN
Closed on 08.27.2019
No. 1 to FTA

Ensures that the Council complies with the special tests and provisions requirements.

Audit Report: SA2018072 issued on 08.22.2018
Report on a Single Audit of the Utah Transit Authority, Salt Lake City, UT
Closed on 07.17.2019
No. 1 to FTA

Ensures that the Authority complies with the equipment and real property management requirements.

Audit Report: SA2018073 issued on 08.22.2018
Report on a Single Audit of the State of Nebraska, Lincoln, NE
No. 1 to FTA

Ensures that the State complies with the subrecipient monitoring requirements.

$99,226
No. 2 to FTA

We recommend FTA recovers $99,226 from the State, if applicable.

Audit Report: SA2018074 issued on 08.22.2018
Report on a Single Audit of the Government of Guam, Hagatna, GU
No. 1 to FHWA

Ensures that Guam complies with the equipment and real property management requirements.

Audit Report: SA2018069 issued on 08.15.2018
Report on a Single Audit of the Puerto Rico Highways and Transportation Authority, San Juan, PR
No. 1 to FTA

Ensures that the Authority complies with subrecipient monitoring requirements.

No. 2 to FHWA

Ensures that the Authority complies with special tests and provisions requirements.

No. 3 to FHWA

Ensures that the Authority complies with the matching requirements.

Audit Report: SA2018070 issued on 08.15.2018
Report on a Single Audit of the State of Rhode Island and Providence Plantations, Providence, RI
Closed on 07.17.2019
No. 1 to FHWA

Ensures that the State complies with the special tests and provisions requirements.

Closed on 07.17.2019
$214,516
No. 2 to FHWA

Recovers $214,516 from the State, if applicable.

Audit Report: SA2018066 issued on 08.15.2018
Report on a Single Audit of the State of North Carolina, Raleigh, NC
Closed on 04.30.2019
No. 1 to FHWA

Ensures that the State complies with the special tests and provisions requirements.

Audit Report: SA2018067 issued on 08.15.2018
Report on a Single Audit of the San Francisco Municipal Transportation Agency, San Francisco, CA
No. 1 to FTA

Ensures that the Agency complies with the procurement and suspension and debarment requirements.

$214,494
No. 2 to FTA

Recovers $214,494 from the Agency, if applicable.

Audit Report: SA2018068 issued on 08.15.2018
Report on a Single Audit of the North Coast Railroad Authority, Ukiah, CA
No. 1 to OST

Ensures that the Authority complies with the reporting requirements.

Audit Report: SA2018063 issued on 08.06.2018
Report on a Single Audit of the Wyoming Department of Transportation, Cheyenne, WY
No. 1 to FHWA

Ensures that the Wyoming DOT complies with the reporting requirements.

Audit Report: SA2018064 issued on 08.06.2018
Report on a Single Audit of the Commonwealth of Pennsylvania, Harrisburg, PA
Closed on 08.27.2019
No. 1 to FHWA

Ensures that the Commonwealth complies with the subrecipient monitoring requirements.

Audit Report: SA2018065 issued on 08.06.2018
Report on a Single Audit of the State of Indiana, Indianapolis, IN
Closed on 08.27.2019
No. 1 to FHWA

Ensures that the State complies with the special tests and provisions requirements.

Audit Report: ST2018062 issued on 07.18.2018
NHTSA’s Management of Light Passenger Vehicle Recalls Lacks Adequate Processes and Oversight
Closed on 06.04.2019
No. 1 to NHTSA

Develop and implement a risk-based process to monitor manufacturers' reporting of recall remedy, scope, and risk information. The process should include taking appropriate steps with manufacturers that are not in compliance, including enforcement actions when necessary, as well as verifying information submitted by manufacturers, and identifying and addressing potential inadequacies of recall remedies and scope.

Closed on 06.20.2019
No. 2 to NHTSA

Develop and implement a risk-based process—with specific timelines—that provides guidance for Office of Defects Investigation staff on identifying recalls with missing communications (e.g., dealer notifications, technical service bulletins), taking appropriate action to resolve the deficiency, and documenting the outcomes in an official recordkeeping system.

Closed on 06.20.2019
No. 3 to NHTSA

In accordance with the Government Accountability Office's Standards for Internal Control in the Federal Government and NHTSA's procedures, develop, implement, and document management controls, including a supervisory review process, for monitoring recall remedies, scope, and risk reporting and oversight of recall implementation.

Closed on 03.05.2019
No. 4 to NHTSA

Develop a training curriculum on staff responsibilities for updated recall monitoring and oversight processes, and provide this training to Office of Defects Investigation and Office of Vehicle Safety Compliance staff.

Closed on 05.21.2019
No. 5 to NHTSA

Update the recall reporting portal and issue written guidance to identify all recall scope, risk, and completion rate information that regulations require manufacturers to submit.

Closed on 05.21.2019
No. 6 to NHTSA

Document lessons learned from the Takata recalls, and develop and implement a plan for applying those lessons to help manufacturers improve completion rates of other recalls.

Audit Report: AV2018060 issued on 07.10.2018
FAA Has Not Fully Addressed Safety Concerns Regarding the American Airlines Flight Test Program
No. 1 to FAA

Conduct an independent review of FAA's oversight of American Airlines' flight operations to determine whether controls are in place and effective in preventing single points of failure; develop and implement corrective actions, if necessary.

No. 2 to FAA

Modify the existing tool used to evaluate the objectivity of inspectors to incorporate risk factors such as non-routine operations and the length of time inspectors oversee the same air carrier.

No. 3 to FAA

Develop and implement controls requiring oversight office staff to resolve complaints and follow key policy requirements such as directly contacting complainants and documenting investigations.

No. 4 to FAA

Establish and implement criteria for evaluating correspondence to ensure safety complaints are routed to FAA's Office of Audit and Evaluation.

No. 5 to FAA

Develop and implement inspector guidance on FAA's oversight requirements for flight test operations.

Closed on 10.31.2018
No. 6 to FAA

Provide the Allied Pilots Association with a revised response to its complaint based on results from the October 2017 independent assessment of the American Airlines flight test program.

Closed on 10.31.2018
No. 7 to FAA

Develop and implement a corrective action plan to address the recommendations made by the October 2017 independent assessment of the American Airlines flight test program.

Audit Report: FI2018059 issued on 07.03.2018
Opportunities Exist To Further Strengthen the Security Controls of FAA’s Data Communications Program
No. 1 to FAA

Update and remediate the completion dates in the plans of action and milestones for SI-02.A and CM07.A.2 to ensure that the confidentiality, integrity, and availability of the system are not at risk.

Audit Report: AV2018057 issued on 06.27.2018
Underlying Data Quality Issues Hinder the Staffing and Placement of FAA’s Maintenance Technicians
No. 1 to FAA

Determine the impact of new hire training and certification time and fatigue mitigation requirements on technician staffing and incorporate into the maintenance technician staffing process.

No. 2 to FAA

Determine the impact of equipment age on workload and maintenance technician staffing needs and incorporate this factor into the staffing model, if found to be statistically significant.

No. 3 to FAA

Review and update the Facility, Service, and Equipment Profile policy to require user training and recurring data-validation reviews at the Support Center and national levels at defined intervals prior to running the staffing model.

No. 4 to FAA

Develop and implement a process to reduce and standardize codes in the Labor Distribution Reporting (LDR) system to improve accounting for direct maintenance workload.

No. 5 to FAA

Determine if the newly standardized LDR data are reliable for direct maintenance workloads in the Technical Operations Staffing Model, and if so, develop and implement an action plan with milestones to replace the workload assessments with LDR data.

No. 6 to FAA

Revise the current standard operating procedure, Tier 1/2/3 Staffing Allocations and Tier 1 Watch Coverage Requirements to: a. Define the job series and clarify whether system specialists and System Support Center coordinators are included in the Tier 1, 2, and 3 staffing targets;and b. Require annual review, validation, and updating of staffing allocation targets.

Audit Report: AV2018058 issued on 06.27.2018
FAA Faces Challenges in Implementing and Measuring the Effectiveness of Its 2015 Runway Safety Call to Action Initiatives
Closed on 09.30.2019
No. 1 to FAA

Update the target delivery dates for initiatives that are still in progress, including those without target delivery dates, and implement procedures for continually updating delivery dates and descriptions of initiatives as changes are made.

No. 2 to FAA

Develop and include in the monitoring plan quantifiable metrics or other indicators that can measure the effectiveness of the initiatives.

Closed on 09.30.2019
No. 3 to FAA

Consolidate duplicate initiatives within the monitoring plan.

Audit Report: ST2018056 issued on 05.30.2018
PHMSA Has an Opportunity To Refine Its Guidance and Performance Reporting for the Pipeline Safety Research and Development Program
Closed on 05.17.2019
No. 1 to PHMSA

Develop and issue comprehensive policy and procedures for the Pipeline Safety Research and Development Program that includes guidance for: a. notifying a wider spectrum of stakeholder representatives about future Research and Development forums, in order to increase their participation; b. addressing how the results of Research and Development forums are incorporated into the program plan; c. conducting all steps in the conflict-of-interest process; and d. following up with researchers on benefits and uses.

Closed on 04.18.2019
No. 2 to PHMSA

Complete upgrades to the conflict-of-interest portion of the Research and Development Management Information System.

No. 3 to PHMSA

Use Performance Improvement Council best practices to update future biennial Update Reports to Congress, to include additional context, such as analyses of current performance metrics and an evaluation of program success, trends, and anomalies.

Audit Report: FI2018055 issued on 05.14.2018
DOT’s Fiscal Year 2017 IPERA Compliance Review
Closed on 05.31.2018
No. 1 to OST

Implement procedures to ensure the Federal Transit Administration distributes guidance to selected grantee recipients on the importance of accurate submission and proper review of timesheets to improve proper allocation of labor efforts and the identification and retention of required documentation to support a payment as proper in the Emergency Relief Program-Disaster Relief Appropriations Act program.

Closed on 05.31.2018
No. 2 to OST

Work with the Office of Inspector General (OIG) to ensure it provides additional, clear, and precise travel guidance to employees and approving officials on the preparation and proper review of travel vouchers to improve the allocation of travel expenses in OIG-DRAA fund activity.

Closed on 11.02.2018
No. 3 to OST

Work with OIG to ensure it updates its travel guidance to add instructions on how to split or allocate DRAA-related travel expenses to the appropriate accounting codes including codes for indirect costs and trains employees how to use this guidance.

Audit Report: SA2018054 issued on 05.02.2018
Report on Single Audit of the Naknek Native Village Council, Naknek, AK
No. 1 to FHWA

Ensures that the Council complies with the cash management requirements.

$666,482
No. 2 to FHWA

Recovers $666,482 from the Council, if necessary.

Audit Report: SA2018052 issued on 05.02.2018
Report on Single Audit of the State of Ohio, Columbus, OH
Closed on 05.28.2019
No. 1 to FHWA

Ensures the State complies with the period of performance requirements.

$5,824
No. 2 to FHWA

Determine the allowability of the $5,824 transaction, then review all construction projects to ensure that expenditures were properly paid within the period of performance, and recover any additional questioned costs, if applicable.

Audit Report: SA2018053 issued on 05.02.2018
Report on Single Audit of the City of Portland, Portland, ME
Closed on 07.31.2018
No. 1 to FAA

Ensures that the City complies with the reporting requirements.

Audit Report: SA2018044 issued on 04.30.2018
Report on Single Audit of the New Mexico Department of Transportation, Santa Fe, NM
Closed on 05.24.2019
No. 1 to NHTSA

Ensures that the NM DOT complies with the activities allowed or unallowed requirements.

No. 2 to FHWA

Ensures that the NM DOT complies with the subrecipient monitoring requirements.

Audit Report: SA2018051 issued on 04.30.2018
Report on Single Audit of Valley County, Glasgow, MT
No. 1 to FAA

Ensures that the County complies with the equipment and real property requirements.

Audit Report: SA2018045 issued on 04.30.2018
Report on Single Audit of the Orange County Transportation Authority, Orange, CA
No. 1 to FTA

Ensures that the Authority complies with the procurement and suspension and debarment requirements.

No. 2 to FTA

Ensures that the Authority complies with the subrecipient monitoring requirements.

Audit Report: SA2018046 issued on 04.30.2018
Report on Single Audit of the Highways Division, Department of Transportation, State of Hawaii, Honolulu, HI
No. 1 to FHWA

Ensures that the State complies with the special tests and provisions reqirements.

Audit Report: SA2018042 issued on 04.30.2018
Report on Single Audit of the City of Albany, Albany, OR
Closed on 07.18.2019
No. 1 to FTA

Ensures that the City complies with the allowable cost/cost principles requirements.

Closed on 08.22.2019
$21,265
No. 2 to FTA

Recovers $21,265 from the City, if applicable.

Closed on 07.31.2019
No. 3 to FTA

Ensures that the City complies with the allowable cost/cost principles requirements.

Closed on 08.14.2019
$37,543
No. 4 to FTA

Recovers $37,543 from the City, if applicable.

Audit Report: SA2018047 issued on 04.30.2018
Report on Single Audit of the City of Phoenix, Phoenix, AZ
Closed on 05.24.2019
No. 1 to FTA

Ensures that the City complies with the Subrecipient monitoring requirements.

Audit Report: SA2018048 issued on 04.30.2018
Report on Single Audit of the Dallas Area Rapid Transit, Dallas, TX
Closed on 07.30.2019
No. 1 to FTA

Ensures that the DART complies with the allowable costs/cost principles requirements.

Closed on 07.30.2019
$122,558
No. 2 to FTA

We recommend FTA recovers $122,558 from the DART, if applicale.

Closed on 07.17.2019
No. 3 to FTA

Ensures that the DART complies with the cash management requirements.

Audit Report: SA2018043 issued on 04.30.2018
Report on Single Audit of the Gulfport-Biloxi Regional Airport Authority, Gulfport, MS
Closed on 05.24.2019
No. 1 to FAA

Ensures that the Authority complies with the allowable costs/cost principles requirements.

Closed on 04.30.2019
$38,339
No. 2 to FAA

We recommend FAA recovers $38,339 from the Authority, if applicable.

Audit Report: SA2018049 issued on 04.30.2018
Report on Single Audit of Suffolk County, Hauppauge, NY
Closed on 05.24.2019
No. 1 to FTA

Ensures that the County complies with the equipment and real property management requirements.

Audit Report: SA2018050 issued on 04.30.2018
Report on Single Audit of the Greene County Regional Airport Authority, Xenia, OH
Closed on 09.27.2018
No. 1 to FAA

Ensures that the Authority complies with the reporting requirements.

Audit Report: AV2018041 issued on 04.17.2018
FAA Needs To More Accurately Account for Airport Sponsors’ Grandfathered Payments
Closed on 12.18.2018
No. 1 to FAA

Provide written guidance specifically to grandfathered sponsors on what constitutes a grandfathered payment and how to accurately report grandfathered payments.

Closed on 09.24.2019
No. 2 to FAA

Develop and implement an internal control process to verify the accuracy of reports on grandfathered payments.

Closed on 05.18.2018
$509,727
No. 3 to FAA

In accordance with Federal law, consider the State of Hawaii exceeding its statutory limit on the use of revenues for non-airport purposes as a factor in reducing AIP discretionary funds awarded to the State. Implementation of this recommendation could put $509,727 in funds to better use.

Audit Report: ZA2018040 issued on 04.11.2018
FAA’s Management and Oversight Are Inadequate To Secure Timely and Cost-Efficient Agency-Leased Offices and Warehouses
Closed on 03.29.2019
No. 1 to FAA

Revise and document a standardized data entry and validation process for the Service Areas to follow to help ensure consistent and accurate REMS data entry.

$14,572,294
No. 2 to FAA

Develop, document, and implement a new lease approval process that will allow for more timely decisions and for improved coordination with Service Area staff on the status of the decisions made during this process. Implementing this recommendation could potentially put $14.6 million in funds to better use due to missed rent reduction opportunities, which timely and coordinated lease efficiency opportunity decisions could have potentially prevented.

Closed on 04.25.2019
No. 3 to FAA

Improve and document methods used to share and communicate Headquarters lease policies, guidance, and initiatives to all real estate staff members in the Service Areas.

No. 4 to FAA

Revise and document lease policy and templates to clarify that the indefinite holdover clause should only be used in office and warehouse leases where mission-critical safety equipment or functions are housed, and document a process to verify this policy is followed.

Closed on 06.07.2019
No. 5 to FAA

Revise, document, and implement a procedure to require and verify that for any office or warehouse lease whose firm-term portion is greater than one year, an analysis showing use of a firm-term lease is advantageous to the Agency is documented in the lease file.

Closed on 06.07.2019
No. 6 to FAA

Revise and document the real estate strategic planning process so that it: (1) provides for annual updates and (2) increase Service Area involvement and awareness.

Closed on 06.07.2019
No. 7 to FAA

Develop and implement a method for increasing the likelihood that LOBs provide the necessary funding to implement agreed upon lease efficiency opportunities.

Closed on 01.31.2019
$111,138
No. 8 to FAA

Develop, document, and implement controls to (1) reconcile and validate the accuracy of lease payments that are made during the term of the lease and (2) verify that any lease payment made has an active and valid lease associated with it. Implementing this recommendation could potentially put $111,138 in funds to better use for uncollected interest on erroneous lease payments.

Closed on 05.01.2019
$9,964
No. 9 to FAA

Take appropriate action to address the $9,964 in improper payments identified in this report.

Closed on 04.16.2019
No. 10 to FAA

Provide additional guidance and/or training to FAA staff to reinforce existing policy regarding: (1) the proper coding of payments captured under each of the various lease-related object class codes in the Agency's accounting system, Delphi; and (2) the requirement for approving officials to ensure the accuracy of accounting codes.

Closed on 06.07.2019
No. 11 to FAA

Develop, document, and implement a process to ensure that for any new or succeeding office space lease that does not meet the utilization standard, a justification is developed and documented in the lease file as to why the application of the Agency's space utilization standard is not cost effective.

Closed on 05.10.2019
$22,939,569
No. 12 to FAA

Revise, document, and implement an internal control process to regularly track and assess the utilization rate for all office space leases in the Agency's current portfolio using data that is updated for accuracy on a regular basis. Implementing this recommendation could potentially put $22.9 million in funds to better use by preventing FAA from paying rent on unneeded space in excess of its utilization standard.

Audit Report: ST2018039 issued on 03.28.2018
Gaps in USMMA’s Sexual Assault Prevention and Response Program Limit Its Effectiveness
Closed on 09.25.2018
No. 1 to MARAD

Update policy or develop procedures to place a greater emphasis on prevention in the SAPR training program and incorporate the Centers for Disease Control's elements of a comprehensive prevention program, such as providing bystander intervention training at all levels (students, faculty, staff, and leadership).

Closed on 02.28.2019
No. 2 to MARAD

Complete a Sexual Assault Review Board review of all Academy policies and procedures, including the Midshipmen Regulations, to identify any gaps or inconsistencies with SAPR messaging and revise the policies and procedures accordingly.

Closed on 08.15.2019
No. 3 to MARAD

Communicate the revised policies and procedures to all Academy stakeholders.

Closed on 05.15.2019
No. 4 to MARAD

Establish and formalize in policy or procedures methodologies to evaluate the effectiveness of the SAPR program and its practices, including metrics to evaluate training outcomes.

Closed on 02.11.2019
No. 5 to MARAD

Revise sexual assault policies and procedures and sexual harassment policies to clearly provide for documenting, tracking, and maintaining reports, such as by cross-referencing to the records maintenance standard operating procedure.

Closed on 07.09.2019
No. 6 to MARAD

Develop and implement procedures for prioritizing responses to recommendations based on risk and aligning resources accordingly.

Closed on 09.13.2019
No. 7 to MARAD

Develop and implement controls to ensure staff at all levels and faculty are held accountable for taking actions to support the SAPR program, including completing assigned action items.

Closed on 03.20.2019
No. 8 to MARAD

Align the investigative reporting practice with the standard operating procedure for investigating an unrestricted report of sexual assault.

Closed on 03.18.2019
No. 9 to MARAD

Develop and implement a procedure for reporting, investigating, and responding to sexual harassment complaints.

Closed on 05.25.2018
No. 10 to MARAD

Develop and implement a procedure for validating the Academy's data on reported sexual assault and sexual harassment incidents.

Audit Report: SA2018031 issued on 03.13.2018
Report on Single Audit of the Metropolitan Transportation Authority, New York, NY
No. 1 to OST

Ensure that the Authority complies with the procurement and suspension and debarment requirements.

Audit Report: SA2018032 issued on 03.13.2018
Report on Single Audit of the Fort Worth Transportation Authority, Fort Worth, TX
Closed on 09.20.2018
No. 1 to FTA

Ensure that the Authority complies with the reporting requirements.

Audit Report: SA2018033 issued on 03.13.2018
Report on Single Audit of the Metro Regional Transit Authority, Akron, OH
Closed on 09.25.2018
No. 1 to FTA

Ensure that the Authority complies with the special tests and provisions requirements.

Audit Report: SA2018034 issued on 03.13.2018
Report on Single Audit of the Metropolitan Atlanta Rapid Transit Authority, Atlanta, GA
Closed on 07.18.2019
No. 1 to FTA

Ensure that the Authority complies with the procurement and suspension and debarment requirements.

Audit Report: SA2018035 issued on 03.13.2018
Report on Single Audit of the Washington Metropolitan Area Transit Authority, Washington, DC
Closed on 08.27.2019
No. 1 to FTA

Ensure that the Authority complies with the equipment and real property management requirements.

Closed on 07.30.2019
No. 2 to FTA

Ensure that the Authority complies with the special tests and provisions requirements.

$76,572
No. 3 to FTA

We recommend FTA recovers $76,572 from the Authority, if applicable.

Audit Report: SA2018036 issued on 03.13.2018
Report on Single Audit of the Metropolitan Transportation Commission, San Francisco, CA
No. 1 to OST

Ensure that the Commission complies with the reporting requirements.

Audit Report: SA2018037 issued on 03.13.2018
Report on Single Audit of the City of Hattiesburg, Hattiesburg, MS
Closed on 04.30.2019
No. 1 to FAA

Ensure that the City complies with the reporting requirements.

Audit Report: AV2018030 issued on 03.06.2018
FAA Needs To Strengthen Its Management Controls Over the Use and Oversight of NextGen Developmental Funding
No. 1 to FAA

Define the projects that are considered pre-implementation (developmental) in the Agency budget guidance and Acquisition Management System policy and validate that developmental projects align with the definition and are funded under the appropriate budget activity.

No. 2 to FAA

Develop and implement a quality control checklist with criteria for determining when the use of incremental funding prior to PLA approval is permissible.

No. 3 to FAA

Develop and implement a control for enforcing the PMA limits on the assessment of program management fees for various administrative and contract support specified in the Agency's standard operating procedures.

Closed on 10.24.2018
No. 4 to FAA

Update PMA standard operating procedures to include a control that ensures project requirements are met before transferring expiring funds into the PMA account.

Closed on 08.21.2018
No. 5 to FAA

Amend the PLA close-out process to include the statement of outcomes and statement that work was concluded or if follow-on work is required.

No. 6 to FAA

Establish and implement a mechanism for providing oversight of developmental funding, to include records of decision regarding selecting, justifying, and measuring the outcomes of PLAs to ensure FAA is funding the highest priority work.

Audit Report: ZA2018029 issued on 02.28.2018
Improvements Could Be Made in FAA’s Award and Oversight of SE2020 Acquisition Program Task Orders
No. 1 to FAA

Revise AMS to include policy or guidance on justifying the use of program management task orders and a process for implementing assessment fees for multiple-award contracts.

No. 2 to FAA

Update SE2020's standard operating procedure for competition of SE2020 task orders, including strengthening procedures for follow-on awards.

No. 3 to FAA

Strengthen and document procedures to collect and analyze SE2020 task-order timeliness data to sustain improvements in task order award time.

No. 4 to FAA

Revise AMS to include policy or guidance for multiple-awards contracts to address acquisition planning, such as estimating contract hours and costs and overall contract estimates.

$44,000
No. 5 to FAA

Strengthen, document, and implement controls for SE2020 invoice review to comply with the Prompt Payment Act. Implementation of this recommendation could put up to $44,000 in funds to better use.

No. 6 to FAA

Revise AMS to include policy or guidance for multiple-award contracts to describe the appropriate structure for fee payments in cost plus fixed-fee contracts.

No. 7 to FAA

Obtain direct and indirect cost audits for all SE2020 prime contractors for all base contract years, or document the risk assessments performed to justify when cost audits are not performed.

No. 8 to FAA

Revise AMS to include policy or guidance for obtaining direct and indirect cost audits for multiple-award cost-reimbursable contracts or to perform risk assessments to justify not obtaining them.

No. 9 to FAA

Enhance procedures and controls to require SE2020 staff with responsibility for oversight of task orders to track and document vendor performance through its Performance-Based Contract Monitoring (PBCM) system.

No. 10 to FAA

Revise AMS to require FAA's acquisition program office that manages multiple-award contract vehicles to develop and maintain comprehensive program management and governance plans.

No. 11 to FAA

Revise AMS to strengthen multiple-award contract oversight and management framework to ensure such multiple-award contracts follow sound business practices and AMS policies and procedures.

Audit Report: ST2018028 issued on 02.28.2018
Improvements Are Needed To Strengthen the Benefit-Cost Analysis Process for the TIGER Discretionary Grant Program
Closed on 09.07.2018
No. 1 to OST

Provide detailed guidance for consistent BCA reviews, including whether reviewers should perform research to correct or complete missing information in project applications.

Closed on 09.27.2018
No. 2 to OST

Establish and implement requirements regarding how BCA reviewers should document and maintain support for their reviews.

Closed on 09.27.2018
No. 3 to OST

Define the C&C team's role in the BCA review process to include the necessary steps to carry out a systematic review.

Closed on 09.07.2018
No. 4 to OST

Revise policy and guidance to include the standardized BCA review template and the requirement that a single responsible official finalize BCA reviews.

Audit Report: QC2018025 issued on 02.14.2018
Quality Control Review of the Management Letter for the National Transportation Safety Board’s Audited Financial Statements for Fiscal Years 2017 and 2016
Closed on 12.19.2018
No. 1 to NTSB

Allmond recommends NTSB enhance current policies and procedures over the review of year-end accruals by including a look-back analysis which compares disbursements made early in the subsequent fiscal year to the accrual estimated through the current process in order to identify items which should be included in its year-end accrual. In addition, if significant differences are identified, determine the appropriate corrective action necessary to increase the accuracy of its accrual estimation process.

No. 2 to NTSB

Almond recommends that NTSB redesign the provisioning process to include that the system access request accurately describes the access required for each user and that when access is modified a new system access request form is completed to reflect this change.

Audit Report: QC2018024 issued on 02.12.2018
Quality Control Review of the Management Letter for the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2017 and 2016
Closed on 12.14.2018
No. 1 to FAA

KPMG recommends that management document their consideration of any factors that could impact the estimate in the current FY when preparing the annual grant accrual estimate.

Closed on 12.14.2018
No. 2 to FAA

KPMG recommends that management further document their analysis over the lookback review. Management should consider all factors that could result in a variance between the accrual and lookback calculation, make a determination as to the potential impact in the current year accrual calculation and ensuring the documented factors are accurately described and necessary revisions to the methodology are made.

Closed on 12.14.2018
No. 3 to FAA

KPMG recommends that management implement controls at the appropriate level of precision to ensure expense transactions are accurate, valid and properly posted to the general ledger.

Closed on 12.14.2018
No. 4 to FAA

KPMG recommends that management develop and implement its policies and procedures to ensure invoices are reviewed at the appropriate level of precision to ensure that amounts are properly expensed or capitalized. KPMG also recommends that management require appropriate level of detail from their contractors in order to effectively distinguish capital transactions from expense transactions.

No. 5 to FAA

KPMG recommends that the FAA perform a review of the AP accrual, including the procurement samples used for the percentage allocation, at a level of detail or precision to identify errors in order to prevent a misstatement.

Closed on 12.14.2018
No. 6 to FAA

KPMG recommends that LCSS implement policies and procedures to ensure LCSS user access is approved prior to the access being granted. In addition, KPMG recommends that LCSS management maintain documentation of the approvals, and ensure that user account request tickets are maintained properly.

Closed on 12.14.2018
No. 7 to FAA

KPMG recommends that the LCSS implement the procedures outlined by the LCSS System Security Plan to ensure that terminated and inactive users are removed appropriately and timely.

Closed on 12.14.2018
No. 8 to FAA

KPMG recommends that LCSS implement a process to review user access on a periodic basis.

Closed on 12.14.2018
No. 9 to FAA

KPMG recommends that the LCSS implement policies and procedures to ensure that periodic access reviews have a defined timeline, frequency, and provide adequate detail for the reviewer to determine if access is appropriate based on the user's roles and responsibilities.

Audit Report: QC2018023 issued on 02.12.2018
Quality Control Review of the Management Letter for Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2017 and 2016
Closed on 12.14.2018
No. 1 to FTA

KPMG recommends that FTA enhance its grant accrual retrospective review procedures to include a review, and adjustment, if necessary, of grantee expenditures used in the retrospective review to ensure such data is relevant and reliable.

No. 2 to FHWA

KPMG recommends FHWA strengthen policies and procedures to ensure that terminated users' access is removed timely from UPACS and the application it supports, in accordance with the DOT Cybersecurity Compendium guidelines.

Audit Report: ST2018019 issued on 01.31.2018
Estimates Show Commercial Driver Detention Increases Crash Risks and Costs, but Current Data Limit Further Analysis
No. 1 to FMCSA

Collaborate with industry stakeholders to develop and implement a plan to collect and analyze reliable, accurate, and representative data on the frequency and severity of driver detention times.

Audit Report: AV2018020 issued on 01.31.2018
FAA Completed STARS at Large TRACONs, but Challenges in Delivering NextGen Capabilities Remain
Closed on 11.05.2019
No. 1 to FAA

Finalize a timeline for identifying the remaining STARS requirements, including the additional requirements for the "post-implementation enhancements," and quantify the impact these requirements will have on software implementation milestones.

Closed on 08.21.2019
No. 2 to FAA

Implement a process in the FAA Requirements Management Plan to track and document when and how new requirements are validated and prioritized.

Closed on 09.25.2018
No. 3 to FAA

Redesign the power supply configuration of STARS rack assemblies to eliminate series connected power strips in the next STARS technical refresh of the 11 TRACONs.

No. 4 to FAA

Resolve the electrical configuration issue of the STARS rack assemblies at each of the 11 TRACONs by either: (a) obtaining approval for the configuration from a nationally recognized testing laboratory or (b) assessing and documenting risks posed by the STARS rack assemblies installed at each of the 11 facilities and FAA's acceptance of that risk on air traffic operations.

Audit Report: FI2018018 issued on 01.29.2018
DATA Act: Report on DOT’s Submission
Closed on 03.26.2018
No. 1 to OST

Determine whether utility obligations are reportable for DATA Act purposes.

Closed on 03.07.2018
No. 2 to OST

Improve controls to ensure that SLSDC excludes its zero dollar invoice related transactions from submissions.

Closed on 05.16.2018
No. 3 to OST

Improve controls to ensure that FAA excludes micro- purchases from submissions.

Audit Report: FI2018017 issued on 01.24.2018
FISMA 2017: DOT’s Information Security Posture Is Still Not Effective
No. 1 to OST

Require MARAD, NHTSA, OST, and SLSDC to develop and disseminate policies and procedures for their risk management programs that include the appropriate elements such as criteria for making risk based decisions.

No. 2 to OST

Implement controls to verify that information on threat activity has been communicated to senior agency officials and require retention of supporting documentation.

No. 3 to OST

For the COE and FAA, update procedures and practices for monitoring and authorizing common security controls to (a) require supporting documentation for controls continual assessments, (b) complete reauthorization assessments for the controls, (c) finalize guidance for customers' use of controls, and (d) establish communication protocols between authorizing officials and common control providers regarding control status and risks.

No. 4 to FAA

Verify that FAA's criteria regarding designation and definition of contractor systems conforms to DOT guidance, and that systems are correctly classified.

No. 5 to OST

Implement controls to continuously monitor and work with components to ensure network administrators are informed and action is taken to disable system accounts when users no longer require access or have been inactive beyond established thresholds.

No. 6 to OST

Complete PIV enablement and requirements for remaining information systems, except those that are subject to exclusions that are documented and approved.

No. 7 to OST

Take action to fully implement mandatory use of PIV cards for VDI access.

No. 8 to OST

Implement processes verifying that personnel performing certain security related roles receive specialized training needed to meet OCIO guidance.

Audit Report: QC2018016 issued on 01.17.2018
Quality Control Review of the Assessment of DOT’s Protection of Privacy Information
Closed on 08.20.2018
No. 1 to FAA

KPMG recommends that FAA Privacy Program conduct a review of its privacy program to identify changes needed to ensure that system's privacy plans are completed in accordance with the DOT Privacy Risk Management Policy.

No. 2 to FAA

KPMG recommends that FAA System Owner of System #2 ensure the system Privacy Plan includes all requirements established by the DOT Chief Privacy Officer in the privacy threshold assessment (PTA) and the adjudication statement is implemented.

No. 3 to FAA

KPMG recommends that FAA System Owner of System #5 ensure that the encryption protections for data at rest and during transit are implemented in accordance with the DOT Privacy Risk Management Policy.

No. 4 to FAA

KPMG recommends that FAA System Owner of System #5 confirm that the session time-out functionality has been implemented.

No. 5 to FAA

KPMG recommends that FAA System Owner of System #8 ensure that the encryption protections for data at rest are implemented in accordance with the DOT Privacy Risk Management Policy.

Closed on 02.07.2019
No. 6 to FAA

KPMG recommends that FAA System Owner of System #9 provide system specific and/or specialized/role based privacy job aides as needed to personnel who maintain and/or have access to PII data.

No. 7 to FAA

KPMG recommends that FAA System Owner of System #9 Ensure the Privacy Plan including all requirements established by the DOT Chief Privacy Officer in the PTA adjudication statement is implemented.

No. 8 to FAA

KPMG recommends that FAA System Owner of System #9 implement memoranda of understanding or similar agreements for internal sharing of PII.

Closed on 07.26.2018
No. 9 to FAA

KPMG recommends that FAA System Owner of System #9 ensure that encryption protections for data at rest is implemented in accordance with the DOT Privacy Risk Management Policy.

Closed on 07.26.2018
No. 10 to FAA

KPMG recommends that FAA System Owner of System #9 ensure that the Plan of Action and Milestones (POA&M) for encryption protections for data at rest is actively monitored and updated as changes occur prior to the estimated closure date of December 19, 2017.

No. 11 to OST

KPMG recommends that Office of the Secretary of Transportation Departmental Chief Privacy Officer establish a continuous monitoring (CM) program for privacy supportive security controls to ensure PII systems remain compliant with DOT Privacy Risk Management policy.

Closed on 08.26.2019
No. 12 to OST

KPMG recommends that Office of the Secretary of Transportation System Owner of System #15 ensure that the encryption protections for data at rest and during transit have been implemented in accordance with the DOT Privacy Risk Management Policy.

Audit Report: QC2018015 issued on 01.17.2018
Quality Control Review of DOT’s Implementation of Earned Value Management Practices
Closed on 05.29.2018
No. 1 to MARAD

Establish a work breakdown structure, consistent with the DOT Earned Value Managment Implementation Guide standard, for investment projects when required by the DOT EVM Policy.

Closed on 06.06.2018
No. 2 to FTA

Establish a work breakdown structure, consistent with the DOT Earned Value Managment Implementation Guide standard, for investment projects when required by the DOT EVM Policy.

Closed on 03.25.2019
No. 3 to OST

Ensure that artifacts illustrating implementation and execution of EVM are in accordance with the DOT EVM policy.

Closed on 03.25.2019
No. 4 to OST

Retain evidence of the required EVM artifacts.

Audit Report: ST2018014 issued on 01.10.2018
FHWA Lacks Detailed Guidance on Infrastructure Resilience for Emergency Relief Projects and a Process To Track Related Improvements
No. 1 to FHWA

Revise the Emergency Relief Manual to include a definition of resilience improvement and identify procedures States should use to incorporate resilience into ERP-funded projects.

No. 2 to FHWA

Develop and implement a process to identify best practices for improving the resilience of emergency relief projects and share them with Division Offices and State DOTs.

No. 3 to FHWA

Develop and implement a process to track the consideration of resilience improvements for emergency relief projects and their associated costs.

Audit Report: QC2018013 issued on 12.20.2017
Quality Control Review for DOT’s Implementation of Enterprise Architecture
No. 1 to OST

KPMG recommends OST direct the OCIO to work with OAs' CIOs to conduct the required annual assessment of the DOT's and OA's EA programs against the GAO's EA Management Maturity Model.

No. 2 to OST

KPMG recommends OST supplement the existing DOT EA Policy with operational guidance to clarify EA artifacts required by the DOT EA policy.

Closed on 06.07.2018
No. 3 to NHTSA

KPMG recommends NHTSA formally approve and distribute their OA level EA policy, otherwise the OA will rely on the DOT EA policy.

Closed on 08.23.2019
No. 4 to FHWA

KPMG recommends FHWA formally approve and distribute their OA level EA policy, otherwise the OA will rely on the DOT EA policy.

Closed on 08.21.2018
No. 5 to FRA

KPMG recommends FRA retain evidence of the training provided to individuals with EA IT responsibility.

Closed on 12.17.2018
No. 6 to FTA

KPMG recommends FTA retain evidence of the training provided to individuals with EA IT responsibility.

Closed on 08.21.2018
No. 7 to NHTSA

KPMG recommends NHTSA retain evidence of the training provided to individuals with EA IT responsibility.

Closed on 08.21.2018
No. 8 to PHMSA

KPMG recommends PHMSA retain evidence of the training provided to individuals with EA IT responsibility.

Closed on 06.07.2018
No. 9 to PHMSA

KPMG recommends PHMSA produce and maintain evidence of EA reviews of IT investment risks that demonstrate alignment with appropriate DOT EA segments and DOT and OA EA standards.

Closed on 08.23.2019
No. 10 to OST

KPMG recommends OST require that the EA artifacts illustrating implementation and execution of EA are in accordance with DOT EA policy.

Closed on 07.26.2018
No. 11 to OST

KPMG recommends OST retain evidence of the required EA artifacts.

Audit Report: AV2018012 issued on 12.19.2017
FAA Oversight Is Not Keeping Pace With the Changes Occurring in the Regional Airline Industry
No. 1 to FAA

Revise the Safety Assurance System (SAS) risk-assessment tool to include weighted factors for each organizational risk evaluated by inspectors.

No. 2 to FAA

Update the scoring system and instructions in the Financial Condition Assessment Decision Aid to reflect that 10 characteristics are being evaluated.

No. 3 to FAA

Develop and provide additional guidance and training to inspectors to clarify the differences in the choices (word pictures) provided in the decision aids.

No. 4 to FAA

Reevaluate the decision aids to validate that: a. They include the appropriate areas of focus during reviews of the financial condition and transition or growth of regional air carriers; b.The weighting of the focus areas correlates to their potential impact on risks associated with financial distress or rapid growth or downsizing.

No. 5 to FAA

Revise validated guidance to emphasize the importance of completing decision aids periodically for baseline comparisons.

No. 6 to FAA

Implement a retention policy for completed decision aids so they will be available to inspectors for comparison and analysis during risk assessments.

No. 7 to FAA

Develop and provide guidance and training to show inspectors how to detect triggers that require the completion of a decision aid, as well as the importance of using decision aids to adjust surveillance.

Closed on 08.23.2019
No. 8 to FAA

Refine policies and procedures for collecting and analyzing safety data and metrics from regional airlines sector-wide and sharing that information with FAA's Flight Standards Offices.

No. 9 to FAA

Revise Agency guidance on risk-management processes to recommend adjustments to surveillance when the risk score is identified as high or document a reason for not adjusting surveillance given the risk.

No. 10 to FAA

Revise inspector guidance to provide actions inspectors should take after risks are identified through complaints, including reaching out to other offices if necessary and ensuring planned surveillance of the issue is actually completed.

Audit Report: FI2018011 issued on 12.11.2017
FAA Needs To Enhance the Oversight and Management of Its Overflight Fee Program
Closed on 02.28.2018
No. 1 to FAA

Develop and implement policies and procedures to retain the original data files for purposes of validating the accuracy of the data being used to compute overflight fees.

Closed on 07.02.2018
No. 2 to FAA

Develop a timeline that indicates when FAA overflight-fee officials will start using updated software (that meet its system reliability requirements) for computing fees.

Closed on 02.28.2018
No. 3 to FAA

Develop and implement internal controls to oversee overflight-fee contractors, specifically, to review and approve flight data before the contractor submits them for billing.

Closed on 03.02.2018
No. 4 to FAA

Develop and implement internal controls to oversee Enterprise Services Center employees and require debt-collection training to ensure overflight fees are properly billed.

Closed on 03.02.2018
No. 5 to FAA

Establish policies and procedures that require staff to appropriately apply Federal laws and regulations and exclude aircraft users that are exempt or meet exception rules from receiving invoices for overflight fees.

$18,760,000
No. 6 to FAA

Develop and implement policies and procedures to ensure that overflight-fee collection activities comply with Department of the Treasury requirements, such as:a. Ensuring debtors are given due process; implementation of this recommendation could put $1.48 million in funds to better use.b. Assessing late charges on all delinquent debts; implementation of this recommendation could put $9.3 million in funds to better use.c. Making timely referrals of delinquent overflight fees to Treasury; implementation of this recommendation could put $7.98 million in funds to better use.

Audit Report: ST2018010 issued on 11.21.2017
PHMSA Has Improved Its Workforce Management but Planning, Hiring, and Retention Challenges Remain
Closed on 03.13.2019
No. 1 to PHMSA

Develop a comprehensive workforce plan by implementing the existing Human Capital Framework in accordance with the Department's Workforce Planning Guide.

Closed on 03.13.2019
No. 2 to PHMSA

Include in the workforce plan an assessment of whether the Agency should use retention incentives and, if appropriate, a plan for seeking authority to use retention incentives at levels above the fiscal year 2010 cap.

No. 3 to PHMSA

Include in the workforce plan an assessment of whether the Agency should use a special rate of pay for general engineers (series 0801) and, if appropriate, a plan for seeking authority to establish a higher rate of basic pay.

Audit Report: QC2018008 issued on 11.15.2017
Report on the Quality Control Review of the Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2017 and 2016
Closed on 12.19.2018
No. 1 to FAA

KPMG recommends that management continue to refine the EC&D estimation methodology to ensure that the methodology is based on relevant, sufficient, and reliable data that is supported by sufficient appropriate audit evidence.

Closed on 12.19.2018
No. 2 to FAA

KPMG recommends that management review any refinements to the methodology to ensure that the estimate is presented and disclosed in the financial statements in conformity with applicable accounting principles.

Closed on 12.19.2018
No. 3 to FAA

KPMG recommends that management establish appropriate communication channels with personnel outside of the Financial Statements and Reporting Division to ensure proper communication and coordination related to the calculation of material financial statement information

Closed on 12.19.2018
No. 4 to FAA

KPMG recommends that management perform an adequate review and approval of the accounting estimates, including: 1) Review of sources of relevant factors; 2) Review of development of assumptions; 3) Review of reasonableness of assumptions and resulting estimates; and 4) Consideration of changes in previously established methods to arrive at accounting estimates.

Closed on 12.14.2018
No. 5 to FHWA

KPMG recommends that DOT establish a review control, with the appropriate level of precision, over the cash flow projections to ensure that the inputs are relevant and reliable.

No. 6 to FHWA

KPMG recommends that DOT review the overall cash flow model functionality and implementation to ensure that all assumptions are properly applied, documented, and supported in the execution of the cash flow projections.

No. 7 to FHWA

KPMG recommends that DOT consider automating the calculations that are performed manually to reduce the risk of misapplication of assumptions due to human error.

Closed on 12.14.2018
No. 8 to OST

KPMG recommends that the Department complete the internal reviews currently planned or being performed, and properly report the results in compliance with the ADA, if necessary.

Audit Report: QC2018007 issued on 11.14.2017
Quality Control Review for the Surface Transportation Board’s Audited Financial Statements for Fiscal Years 2017 and 2016 (restated)
Closed on 12.19.2018
No. 1 to STB

STB and its accounting service provider should implement accounting processes for estimating and recording the value of goods and/or services provided by vendors for open obligations, with and without an advance.

Closed on 12.19.2018
No. 2 to STB

Develop written policies to: obtain invoices supporting the value of goods and services provided by vendors with advances so permanent reductions can be made to reduce the value of individual advances, close out advances where all services have been provided, and recoup all unused advance funding; including those currently outstanding.

Closed on 12.19.2018
No. 3 to STB

Strengthen monitoring controls of financial management operations performed by the agency's accounting service provider. Develop policies, procedures and review checklists to ensure that monitoring processes are performed consistently and documented as required by GAO internal control standards.

Closed on 12.19.2018
No. 4 to STB

Work with the accounting service provider to strengthen the service provider's quality control processes, and obtain documented assurances that quality control reviews have been performed on financial statements presented to the agency for audit

Closed on 09.27.2018
No. 5 to STB

Determine the reasons that abnormal general ledger account balances were not identified, researched, and corrected, as appropriate despite the assurances provided in response to the same issues reported in the FY 2016 financial statement audit report. Implement additional controls to ensure abnormal account balances are properly identified, researched, and appropriate corrective actions are taken.

Audit Report: QC2018006 issued on 11.13.2017
Report on the Quality Control Review of the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2017 and 2016
Closed on 12.14.2018
No. 1 to FAA

KPMG recommends that management continue to refine the EC&D estimation methodology to ensure that the methodology is based on relevant, sufficient, and reliable data which is properly supported by sufficient appropriate audit evidence.

Closed on 12.14.2018
No. 2 to FAA

KPMG recommends that management review any refinements to the methodology to ensure that the estimate is presented in conformity with applicable accounting principles and that the related disclosure is adequate.

Closed on 12.14.2018
No. 3 to FAA

KPMG recommends that management establish appropriate communication channels with personnel outside of the Financial Statements and Reporting Division to ensure proper communication and coordination related to the calculation of material financial statement information.

Closed on 12.14.2018
No. 4 to FAA

KPMG recommends that management perform an adequate review and approval of the accounting estimates, including: 1) Review of sources of relevant factors; 2) Review of development of assumptions; 3) Review of reasonableness of assumptions and resulting estimates; and 4) Consideration of changes in previously established methods to arrive at accounting estimates.

Closed on 12.14.2018
No. 5 to FAA

KPMG recommends that management develop and implement policies and procedures to ensure that only assets that exist and that may require future decommissioning and cleanup activities are included in the EC&D liability estimate.

Audit Report: FI2018003 issued on 11.08.2017
Report on the Audited Financial Statements for Fiscal Year 2017 - Saint Lawrence Seaway Development Corporation
Closed on 07.31.2018
No. 1 to SLSDC

Improve and implement reconciliation (walkthrough) procedures during the financial statement preparation process to ensure information included in its financial statements is supported by underlying accounting records and transactions.

Closed on 09.19.2019
No. 2 to SLSDC

Develop and implement accounting policies and procedures to recognize and record SLSDC's share of activities related to the operation of the South Channel Span of the Seaway International Bridge.

Closed on 09.19.2019
No. 3 to SLSDC

Develop and implement accounting policies and procedures to recognize and record SLSDC's expense activity associated with executed bridge repair service job orders.

No. 4 to SLSDC

Develop and implement accounting policies and procedures to recognize and record SLSDC's liabilities with SIBC for open service job orders.

Closed on 07.31.2018
No. 5 to SLSDC

Establish controls to ensure the appropriate useful lives of assets are recorded in the accounting system when new assets are placed into service.

Closed on 07.31.2018
No. 6 to SLSDC

Establish controls to review the nature and scope of projects prior to closure and conversion to PP&E to ensure that assets are properly recorded in the PP&E records.

Closed on 05.30.2018
No. 7 to SLSDC

Update asset disposal policy to better define procedures for disposal and establish specific parameters for timely completion.

Closed on 05.30.2018
No. 8 to SLSDC

Enhance certificates of disposal to include asset ID numbers to expedite disposal actions.

Closed on 12.19.2018
No. 9 to SLSDC

Perform a complete physical inventory of PP&E as required by SLSDC policy and research any differences identified.

Closed on 05.30.2018
No. 10 to SLSDC

Update the property records to include the serial numbers for buoys.

Closed on 05.30.2018
No. 11 to SLSDC

Coordinate with the Department of the Treasury to determine the appropriate treatment and custody of its funds currently held by SIBC.

Audit Report: FI2018002 issued on 10.26.2017
The Surface Transportation Board’s Information Security Program Is Not Effective
Closed on 07.19.2019
No. 1 to STB

Complete implementation of policies and procedures for: a. Risk management, including a risk management plan and assessment, b. System authorization, and c. Plans of actions and milestones.

Closed on 11.07.2018
No. 2 to STB

Complete the system reauthorization of the STB LAN.

Closed on 11.07.2018
No. 3 to STB

Complete service level agreements or similar documents that permit STB or its auditor to perform tests and/or obtain supporting documentation to demonstrate that cloud systems are properly authorized to operate.

Closed on 07.19.2019
No. 4 to STB

Define specifications and acquire an automated solution to assist with the risk management program.

Closed on 04.26.2019
No. 5 to STB

Develop policies and procedures for the implementation of an information security architecture.

Closed on 05.28.2019
No. 6 to STB

Modify existing procedures to fully address identification, reporting, and resolution of information system flaws, including timely patch installation.

Closed on 11.07.2018
No. 7 to STB

Incorporate missing elements into its enterprise-wide configuration management plan such as a change control board charter

Closed on 06.07.2019
No. 8 to STB

Modify identity and access management policies and procedures to adequately address: a. Reviews of as-is states, desired states and a transition plan.b. Processes for assigning personnel risk designations prior to granting access to its systems.c. Processes for developing, documenting, and maintaining access agreements for individuals with system access.d. Requirements for remote access

No. 9 to STB

Conduct a needs assessment to formally determine the organization's awareness and training needs, including but not limited to developing and implementing a formal process for assessing the skills, knowledge, and abilities of its workforce.

No. 10 to STB

Develop and implement a formal process for measuring the effectiveness of its security awareness and training program.

No. 11 to STB

Modify the training plan to include missing elements such as funding, goals and use of technology.

No. 12 to STB

Develop and implement an ISCM program that, at a minimum provides awareness of threats and vulnerabilities.

Closed on 05.28.2019
No. 13 to STB

Modify its policies and procedures to address missing components such as incident detection and analysis; incident prioritization, containment, eradication, and recovery; coordination, information sharing, and reporting; incident response training and testing, and considerations for major incidents

No. 14 to STB

Implement its contingency planning policy by performing business impact analyses, updating or completing system contingency plans, testing contingency plans, performing necessary backups and obtaining an adequate alternate processing site, it needed.

Audit Report: ZA2017106 issued on 09.26.2017
OSDBU Lacks Effective Processes for Establishing, Overseeing, and Managing Its Small Business Transportation Resource Centers
Closed on 09.24.2018
No. 1 to OST

Develop and implement written policies and procedures for establishing new Centers or making adjustments to existing ones—including determining each Center's initial financial resource needs, changes to funding levels, locations, geographic areas of coverage, and small business/client populations.

Closed on 06.01.2018
No. 2 to OST

Conduct a baseline program needs assessment of current funding levels, locations, geographic areas of coverage, and small business/client populations to be served—and take corrective actions as needed to meet determined needs.

Closed on 06.01.2018
No. 3 to OST

Develop and implement an action plan for increasing future competition for Center operation.

Closed on 02.08.2019
No. 4 to OST

Develop and implement performance measures for cooperative agreement requirements that assess how well the Centers achieve program objectives and desired outcomes

Closed on 09.24.2018
No. 5 to OST

Implement policies and procedures to ensure OSDBU personnel comply with existing monitoring requirements for conducting annual performance evaluations and site visits

$69,312
No. 6 to OST

Recover the $69,312.00 in improper payments for unallowable labor charges

Closed on 09.24.2018
$1,168,907
No. 7 to OST

Implement policies and procedures to ensure that OSDBU's financial management practices comply with appropriation law, Federal regulations, and the Department's Financial Assistance Guidance Manual. Implementing this recommendation could potentially put $1,168,907 in funds to better use.

Closed on 06.01.2018
No. 8 to OST

Take action to correct the $346,927 in improper payments related to OSDBU's financial management practices identified in this report.

Closed on 09.24.2018
No. 9 to OST

Deobligate the $57,758 remaining on cooperative agreements that have ended, as identified by this audit as funds that could have been put to better use

No. 10 to OST

Develop and implement a process to perform periodic financial assistance management reviews of OSDBU to ensure that OSDBU is informed about and complies with existing financial management assistance laws, regulations, and guidance.

Audit Report: SA2017104 issued on 09.26.2017
Report on Single Audit of the City of Lawton, OK
Closed on 11.05.2018
No. 1 to FTA

Ensures that the City complies with period of availability requirements.

Closed on 11.05.2018
$23,598
No. 2 to FTA

Recovers $23,598 from the City, if applicable.

Audit Report: SA2017105 issued on 09.26.2017
Report on Single Audit of the National Railroad Passenger Corporation and Subsidiaries (Amtrak) Washington, D.C.
Closed on 02.26.2018
No. 1 to FRA

Ensures that Amtrak complies with equipment and real property management requirements.

Audit Report: SA2017086 issued on 09.12.2017
Report on Single Audit of the Delaware River and Bay Authority, New Castle, DE
Closed on 04.30.2019
No. 1 to FAA

Ensures that the Authority complies with period of performance requirements.

Closed on 04.30.2019
$44,589
No. 2 to FAA

Recovers $44,589 from the Authority, if applicable.

Audit Report: SA2017090 issued on 09.11.2017
Report on Single Audit of the Arapahoe County Public Airport Authority, Englewood, CO
No. 1 to FAA

Ensures that the Authority complies with special tests and provisions-revenue diversion requirements.

$1,611,898
No. 2 to FAA

Recovers $1,611,898 from the Authority, if applicable.

Audit Report: ZA2017098 issued on 09.11.2017
DOT and FAA Lack Adequate Controls Over Their Use and Management of Other Transaction Agreements
No. 1 to FAA

Develop and implement policies and procedures, including a standard identification method, for tracking other transaction agreements (OTA).

No. 2 to FAA

Develop and implement criteria that: a. Describe when an OTA should be used rather than a contract or grant; b. Require awarding officials to document their rationale for using OTAs rather than contracts or grants.

No. 3 to FAA

Develop and implement policies and procedures to state when Acquisition Management System guidance, FAA financial assistance policies, and other requirements and guidance such as requirements for Independent Government Cost Estimates, including OTAs in Single Audits, and conflicts of interest analysis apply to OTAs.

No. 4 to FAA

Develop and implement policies to report OTA awards that involve Federal funds to USASpending.gov.

No. 5 to FAA

Establish documentation requirements for all types of OTAs, and develop and implement policies and procedures for maintaining complete files for the agreements, including evidence of legal reviews.

No. 6 to FAA

Develop and implement policies and procedures to ensure that OTAs are awarded and administered by properly authorized (warranted) officials, including: a. Creating and regularly maintaining a comprehensive list of awarding officials, the various types of agreements (e.g., contract, grant, OTA, reimbursable agreement, interagency agreement) they are authorized to sign, dollar limits (if any), and the dates the authority began and ended when applicable; b. Clarifying the Acquisition Management System to specify when it is appropriate to use an OTA that is also an interagency agreement or reimbursable agreement, and to specify what warrant authorities are required for officials signing these agreements.

No. 7 to FAA

Assess whether OTAs signed by individuals without proper authorization represent unauthorized commitments, and take appropriate corrective actions.

No. 8 to FAA

Develop and implement policies and procedures to standardize and enforce provisions of Tower Operating Agreement OTAs as a condition of providing air traffic control services, including: a. A procedure to provide for periodic inspections of the tower environment to detect problems that have an impact on FAA contract controllers and respond to them; b. Requiring all airport sponsors to sign Tower Operating Agreements.

$2,200,000
No. 9 to FAA

Renegotiate tower leases requiring rent payments to airport sponsors to secure no-cost leases. Implementation of this recommendation could put $2.2 million in Federal funds to better use.

$19,000
No. 10 to FAA

Recover the $19,000 overpayment to an OTA tower construction recipient, determine whether FAA overpaid other recipients on its tower construction agreements, and recover any overpayments and interest not applied to the construction projects.

No. 11 to FAA

Develop and implement policies and procedures for tower construction OTAs that at a minimum address aligning payments to actual needs and disposing of leftover funds and interest earned on advanced funds.

Closed on 05.24.2019
No. 12 to FAA

Develop a business case for the award of a new OTA, or an extension of the current OTA, to conduct research at and manage the Florida Test Bed that includes the potential for competition and a cost-benefit analysis that examines facility utilization (whether onsite or via remote access) and potential for cost sharing.

Closed on 04.22.2019
No. 13 to FAA

Follow DOT's cybersecurity policy, and track access and usage of OTA-covered information systems, including those at the Florida Test Bed.

No. 14 to OST

Update the Financial Assistance Guidance Manual and other policies to reflect current authorities and oversight needs for OTAs, and clarify which provisions of the manual and other policies apply to these agreements.

No. 15 to OST

Resolve, with the assistance of legal counsel, whether FAA is required to follow the Department’s Financial Assistance Guidance Manual and other policies for OTAs.

Closed on 09.21.2018
No. 16 to PHMSA

Revise and implement policies and procedures for conducting pre-award reviews that assess the price reasonableness of each OTA.

Closed on 09.20.2017
No. 17 to PHMSA

Designate in writing which officials are authorized to award OTAs.

Audit Report: SA2017079 issued on 09.11.2017
Report on Single Audit of the Wyoming Department of Transportation, Cheyenne, WY
Closed on 09.28.2017
No. 1 to FHWA

Ensures that the State DOT complies with subrecipient monitoring requirements.

Closed on 02.26.2018
No. 2 to FTA

Ensures that the State DOT complies with subrecipient monitoring requirements.

Audit Report: SA2017078 issued on 09.11.2017
Report on Single Audit of Itawamba County, Fulton, MS
No. 1 to MARAD

Ensures that the County complies with allowable costs/costs principles requirements.

$84,365
No. 2 to MARAD

Recovers $84,365 (2013-020 ($4,385) and 2013-022 ($79,980)) from the County, if applicable.

Audit Report: SA2017096 issued on 09.11.2017
Report on Single Audit of the Commonwealth Ports Authority, Saipan, MP
Closed on 07.25.2018
No. 1 to FAA

Ensures that the Authority complies with equipment and real property requirements.

Audit Report: SA2017080 issued on 09.11.2017
Report on Single Audit of the State of Rhode Island and Providence Plantations, Providence, RI
Closed on 07.25.2018
No. 1 to FHWA

Ensures that the State complies with special tests and provisions requirements.

Closed on 06.05.2018
$118,713
No. 2 to FHWA

Recovers $118,713 from the State, if applicable (Finding 2016-043).

Closed on 10.30.2017
No. 3 to FRA

Ensures that the State complies with special tests and provisions - wage rate requirements (Finding 2016-047).

Audit Report: SA2017083 issued on 09.11.2017
Report on Single Audit of the Government of Guam, Hagatna, GU
No. 1 to FHWA

Ensures that the Government of Guam complies with equipment and real property management requirements.

Audit Report: SA2017091 issued on 09.11.2017
Report on Single Audit of the Government of U.S. Virgin Islands, Charlotte Amelie, VI