Recommendation Dashboard

skip-to-content
-A A +A

OIG’s Office of Auditing and Evaluation makes recommendations to the Department of Transportation and a few independent transportation entities to correct deficiencies and encourage improvements in the safety, economy, efficiency, and management of their programs and operations. Our audit report findings and conclusions explain the basis for the specific corrective actions we recommend. This Recommendation Dashboard provides more information than ever before about the current status of OIG recommendations, which we plan to update on a weekly basis. For more information, see answers to frequently asked questions.

Open Recommendations

 

Open Financial Recommendations

 
Audit Report: ST2018062 issued on 07.18.2018
NHTSA’s Management of Light Passenger Vehicle Recalls Lacks Adequate Processes and Oversight
No. 1 to NHTSA

Develop and implement a risk-based process to monitor manufacturers' reporting of recall remedy, scope, and risk information. The process should include taking appropriate steps with manufacturers that are not in compliance, including enforcement actions when necessary, as well as verifying information submitted by manufacturers, and identifying and addressing potential inadequacies of recall remedies and scope.

No. 2 to NHTSA

Develop and implement a risk-based process—with specific timelines—that provides guidance for Office of Defects Investigation staff on identifying recalls with missing communications (e.g., dealer notifications, technical service bulletins), taking appropriate action to resolve the deficiency, and documenting the outcomes in an official recordkeeping system.

No. 3 to NHTSA

In accordance with the Government Accountability Office's Standards for Internal Control in the Federal Government and NHTSA's procedures, develop, implement, and document management controls, including a supervisory review process, for monitoring recall remedies, scope, and risk reporting and oversight of recall implementation.

No. 4 to NHTSA

Develop a training curriculum on staff responsibilities for updated recall monitoring and oversight processes, and provide this training to Office of Defects Investigation and Office of Vehicle Safety Compliance staff.

No. 5 to NHTSA

Update the recall reporting portal and issue written guidance to identify all recall scope, risk, and completion rate information that regulations require manufacturers to submit.

No. 6 to NHTSA

Document lessons learned from the Takata recalls, and develop and implement a plan for applying those lessons to help manufacturers improve completion rates of other recalls.

Audit Report: AV2018060 issued on 07.10.2018
FAA Has Not Fully Addressed Safety Concerns Regarding the American Airlines Flight Test Program
No. 1 to FAA

Conduct an independent review of FAA's oversight of American Airlines' flight operations to determine whether controls are in place and effective in preventing single points of failure; develop and implement corrective actions, if necessary.

No. 2 to FAA

Modify the existing tool used to evaluate the objectivity of inspectors to incorporate risk factors such as non-routine operations and the length of time inspectors oversee the same air carrier.

No. 3 to FAA

Develop and implement controls requiring oversight office staff to resolve complaints and follow key policy requirements such as directly contacting complainants and documenting investigations.

No. 4 to FAA

Establish and implement criteria for evaluating correspondence to ensure safety complaints are routed to FAA's Office of Audit and Evaluation.

No. 5 to FAA

Develop and implement inspector guidance on FAA's oversight requirements for flight test operations.

No. 6 to FAA

Provide the Allied Pilots Association with a revised response to its complaint based on results from the October 2017 independent assessment of the American Airlines flight test program.

No. 7 to FAA

Develop and implement a corrective action plan to address the recommendations made by the October 2017 independent assessment of the American Airlines flight test program.

Audit Report: FI2018059 issued on 07.03.2018
Opportunities Exist To Further Strengthen the Security Controls of FAA’s Data Communications Program
No. 1 to FAA

Update and remediate the completion dates in the plans of action and milestones for SI-02.A and CM07.A.2 to ensure that the confidentiality, integrity, and availability of the system are not at risk.

Audit Report: AV2018057 issued on 06.27.2018
Underlying Data Quality Issues Hinder the Staffing and Placement of FAA’s Maintenance Technicians
No. 1 to FAA

Determine the impact of new hire training and certification time and fatigue mitigation requirements on technician staffing and incorporate into the maintenance technician staffing process.

No. 2 to FAA

Determine the impact of equipment age on workload and maintenance technician staffing needs and incorporate this factor into the staffing model, if found to be statistically significant.

No. 3 to FAA

Review and update the Facility, Service, and Equipment Profile policy to require user training and recurring data-validation reviews at the Support Center and national levels at defined intervals prior to running the staffing model.

No. 4 to FAA

Develop and implement a process to reduce and standardize codes in the Labor Distribution Reporting (LDR) system to improve accounting for direct maintenance workload.

No. 5 to FAA

Determine if the newly standardized LDR data are reliable for direct maintenance workloads in the Technical Operations Staffing Model, and if so, develop and implement an action plan with milestones to replace the workload assessments with LDR data.

No. 6 to FAA

Revise the current standard operating procedure, Tier 1/2/3 Staffing Allocations and Tier 1 Watch Coverage Requirements to: a. Define the job series and clarify whether system specialists and System Support Center coordinators are included in the Tier 1, 2, and 3 staffing targets;and b. Require annual review, validation, and updating of staffing allocation targets.

Audit Report: AV2018058 issued on 06.27.2018
FAA Faces Challenges in Implementing and Measuring the Effectiveness of Its 2015 Runway Safety Call to Action Initiatives
No. 1 to FAA

Update the target delivery dates for initiatives that are still in progress, including those without target delivery dates, and implement procedures for continually updating delivery dates and descriptions of initiatives as changes are made.

No. 2 to FAA

Develop and include in the monitoring plan quantifiable metrics or other indicators that can measure the effectiveness of the initiatives.

No. 3 to FAA

Consolidate duplicate initiatives within the monitoring plan.

Audit Report: ST2018056 issued on 05.30.2018
PHMSA Has an Opportunity To Refine Its Guidance and Performance Reporting for the Pipeline Safety Research and Development Program
No. 1 to PHMSA

Develop and issue comprehensive policy and procedures for the Pipeline Safety Research and Development Program that includes guidance for: a. notifying a wider spectrum of stakeholder representatives about future Research and Development forums, in order to increase their participation; b. addressing how the results of Research and Development forums are incorporated into the program plan; c. conducting all steps in the conflict-of-interest process; and d. following up with researchers on benefits and uses.

No. 2 to PHMSA

Complete upgrades to the conflict-of-interest portion of the Research and Development Management Information System.

No. 3 to PHMSA

Use Performance Improvement Council best practices to update future biennial Update Reports to Congress, to include additional context, such as analyses of current performance metrics and an evaluation of program success, trends, and anomalies.

Audit Report: FI2018055 issued on 05.14.2018
DOT’s Fiscal Year 2017 IPERA Compliance Review
Closed on 05.31.2018
No. 1 to OST

Implement procedures to ensure the Federal Transit Administration distributes guidance to selected grantee recipients on the importance of accurate submission and proper review of timesheets to improve proper allocation of labor efforts and the identification and retention of required documentation to support a payment as proper in the Emergency Relief Program-Disaster Relief Appropriations Act program.

Closed on 05.31.2018
No. 2 to OST

Work with the Office of Inspector General (OIG) to ensure it provides additional, clear, and precise travel guidance to employees and approving officials on the preparation and proper review of travel vouchers to improve the allocation of travel expenses in OIG-DRAA fund activity.

No. 3 to OST

Work with OIG to ensure it updates its travel guidance to add instructions on how to split or allocate DRAA-related travel expenses to the appropriate accounting codes including codes for indirect costs and trains employees how to use this guidance.

Audit Report: SA2018054 issued on 05.02.2018
Report on Single Audit of the Naknek Native Village Council, Naknek, AK
No. 1 to FHWA

Ensures that the Council complies with the cash management requirements.

$666,482
No. 2 to FHWA

Recovers $666,482 from the Council, if necessary.

Audit Report: SA2018052 issued on 05.02.2018
Report on Single Audit of the State of Ohio, Columbus, OH
No. 1 to FHWA

Ensures the State complies with the period of performance requirements.

$5,824
No. 2 to FHWA

Determine the allowability of the $5,824 transaction, then review all construction projects to ensure that expenditures were properly paid within the period of performance, and recover any additional questioned costs, if applicable.

Audit Report: SA2018053 issued on 05.02.2018
Report on Single Audit of the City of Portland, Portland, ME
Closed on 07.31.2018
No. 1 to FAA

Ensures that the City complies with the reporting requirements.

Audit Report: SA2018046 issued on 04.30.2018
Report on Single Audit of the Highways Division, Department of Transportation, State of Hawaii, Honolulu, HI
No. 1 to FHWA

Ensures that the State complies with the special tests and provisions reqirements.

Audit Report: SA2018042 issued on 04.30.2018
Report on Single Audit of the City of Albany, Albany, OR
No. 1 to FTA

Ensures that the City complies with the allowable cost/cost principles requirements.

$21,265
No. 2 to FTA

Recovers $21,265 from the City, if applicable.

No. 3 to FTA

Ensures that the City complies with the allowable cost/cost principles requirements.

$37,543
No. 4 to FTA

Recovers $37,543 from the City, if applicable.

Audit Report: SA2018047 issued on 04.30.2018
Report on Single Audit of the City of Phoenix, Phoenix, AZ
No. 1 to FTA

Ensures that the City complies with the Subrecipient monitoring requirements.

Audit Report: SA2018048 issued on 04.30.2018
Report on Single Audit of the Dallas Area Rapid Transit, Dallas, TX
No. 1 to FTA

Ensures that the DART complies with the allowable costs/cost principles requirements.

$122,558
No. 2 to FTA

We recommend FTA recovers $122,558 from the DART, if applicale.

No. 3 to FTA

Ensures that the DART complies with the cash management requirements.

Audit Report: SA2018043 issued on 04.30.2018
Report on Single Audit of the Gulfport-Biloxi Regional Airport Authority, Gulfport, MS
No. 1 to FAA

Ensures that the Authority complies with the allowable costs/cost principles requirements.

$38,339
No. 2 to FAA

We recommend FAA recovers $38,339 from the Authority, if applicable.

Audit Report: SA2018049 issued on 04.30.2018
Report on Single Audit of Suffolk County, Hauppauge, NY
No. 1 to FTA

Ensures that the County complies with the equipment and real property management requirements.

Audit Report: SA2018050 issued on 04.30.2018
Report on Single Audit of the Greene County Regional Airport Authority, Xenia, OH
No. 1 to FAA

Ensures that the Authority complies with the reporting requirements.

Audit Report: SA2018044 issued on 04.30.2018
Report on Single Audit of the New Mexico Department of Transportation, Santa Fe, NM
No. 1 to NHTSA

Ensures that the NM DOT complies with the activities allowed or unallowed requirements.

No. 2 to FHWA

Ensures that the NM DOT complies with the subrecipient monitoring requirements.

Audit Report: SA2018051 issued on 04.30.2018
Report on Single Audit of Valley County, Glasgow, MT
No. 1 to FAA

Ensures that the County complies with the equipment and real property requirements.

Audit Report: SA2018045 issued on 04.30.2018
Report on Single Audit of the Orange County Transportation Authority, Orange, CA
No. 1 to FTA

Ensures that the Authority complies with the procurement and suspension and debarment requirements.

No. 2 to FTA

Ensures that the Authority complies with the subrecipient monitoring requirements.

Audit Report: AV2018041 issued on 04.17.2018
FAA Needs To More Accurately Account for Airport Sponsors’ Grandfathered Payments
No. 1 to FAA

Provide written guidance specifically to grandfathered sponsors on what constitutes a grandfathered payment and how to accurately report grandfathered payments.

No. 2 to FAA

Develop and implement an internal control process to verify the accuracy of reports on grandfathered payments.

Closed on 05.18.2018
$509,727
No. 3 to FAA

In accordance with Federal law, consider the State of Hawaii exceeding its statutory limit on the use of revenues for non-airport purposes as a factor in reducing AIP discretionary funds awarded to the State. Implementation of this recommendation could put $509,727 in funds to better use.

Audit Report: ZA2018040 issued on 04.11.2018
FAA’s Management and Oversight Are Inadequate To Secure Timely and Cost-Efficient Agency-Leased Offices and Warehouses
No. 1 to FAA

Revise and document a standardized data entry and validation process for the Service Areas to follow to help ensure consistent and accurate REMS data entry.

$14,572,294
No. 2 to FAA

Develop, document, and implement a new lease approval process that will allow for more timely decisions and for improved coordination with Service Area staff on the status of the decisions made during this process. Implementing this recommendation could potentially put $14.6 million in funds to better use due to missed rent reduction opportunities, which timely and coordinated lease efficiency opportunity decisions could have potentially prevented.

No. 3 to FAA

Improve and document methods used to share and communicate Headquarters lease policies, guidance, and initiatives to all real estate staff members in the Service Areas.

No. 4 to FAA

Revise and document lease policy and templates to clarify that the indefinite holdover clause should only be used in office and warehouse leases where mission-critical safety equipment or functions are housed, and document a process to verify this policy is followed.

No. 5 to FAA

Revise, document, and implement a procedure to require and verify that for any office or warehouse lease whose firm-term portion is greater than one year, an analysis showing use of a firm-term lease is advantageous to the Agency is documented in the lease file.

No. 6 to FAA

Revise and document the real estate strategic planning process so that it: (1) provides for annual updates and (2) increase Service Area involvement and awareness.

No. 7 to FAA

Develop and implement a method for increasing the likelihood that LOBs provide the necessary funding to implement agreed upon lease efficiency opportunities.

$111,138
No. 8 to FAA

Develop, document, and implement controls to (1) reconcile and validate the accuracy of lease payments that are made during the term of the lease and (2) verify that any lease payment made has an active and valid lease associated with it. Implementing this recommendation could potentially put $111,138 in funds to better use for uncollected interest on erroneous lease payments.

$9,964
No. 9 to FAA

Take appropriate action to address the $9,964 in improper payments identified in this report.

No. 10 to FAA

Provide additional guidance and/or training to FAA staff to reinforce existing policy regarding: (1) the proper coding of payments captured under each of the various lease-related object class codes in the Agency's accounting system, Delphi; and (2) the requirement for approving officials to ensure the accuracy of accounting codes.

No. 11 to FAA

Develop, document, and implement a process to ensure that for any new or succeeding office space lease that does not meet the utilization standard, a justification is developed and documented in the lease file as to why the application of the Agency's space utilization standard is not cost effective.

$22,939,569
No. 12 to FAA

Revise, document, and implement an internal control process to regularly track and assess the utilization rate for all office space leases in the Agency's current portfolio using data that is updated for accuracy on a regular basis. Implementing this recommendation could potentially put $22.9 million in funds to better use by preventing FAA from paying rent on unneeded space in excess of its utilization standard.

Audit Report: ST2018039 issued on 03.28.2018
Gaps in USMMA’s Sexual Assault Prevention and Response Program Limit Its Effectiveness
No. 1 to MARAD

Update policy or develop procedures to place a greater emphasis on prevention in the SAPR training program and incorporate the Centers for Disease Control's elements of a comprehensive prevention program, such as providing bystander intervention training at all levels (students, faculty, staff, and leadership).

No. 2 to MARAD

Complete a Sexual Assault Review Board review of all Academy policies and procedures, including the Midshipmen Regulations, to identify any gaps or inconsistencies with SAPR messaging and revise the policies and procedures accordingly.

No. 3 to MARAD

Communicate the revised policies and procedures to all Academy stakeholders.

No. 4 to MARAD

Establish and formalize in policy or procedures methodologies to evaluate the effectiveness of the SAPR program and its practices, including metrics to evaluate training outcomes.

No. 5 to MARAD

Revise sexual assault policies and procedures and sexual harassment policies to clearly provide for documenting, tracking, and maintaining reports, such as by cross-referencing to the records maintenance standard operating procedure.

No. 6 to MARAD

Develop and implement procedures for prioritizing responses to recommendations based on risk and aligning resources accordingly.

No. 7 to MARAD

Develop and implement controls to ensure staff at all levels and faculty are held accountable for taking actions to support the SAPR program, including completing assigned action items.

No. 8 to MARAD

Align the investigative reporting practice with the standard operating procedure for investigating an unrestricted report of sexual assault.

No. 9 to MARAD

Develop and implement a procedure for reporting, investigating, and responding to sexual harassment complaints.

Closed on 05.25.2018
No. 10 to MARAD

Develop and implement a procedure for validating the Academy's data on reported sexual assault and sexual harassment incidents.

Audit Report: SA2018035 issued on 03.13.2018
Report on Single Audit of the Washington Metropolitan Area Transit Authority, Washington, DC
No. 1 to FTA

Ensure that the Authority complies with the equipment and real property management requirements.

No. 2 to FTA

Ensure that the Authority complies with the special tests and provisions requirements.

$76,572
No. 3 to FTA

We recommend FTA recovers $76,572 from the Authority, if applicable.

Audit Report: SA2018036 issued on 03.13.2018
Report on Single Audit of the Metropolitan Transportation Commission, San Francisco, CA
No. 1 to OST

Ensure that the Commission complies with the reporting requirements.

Audit Report: SA2018037 issued on 03.13.2018
Report on Single Audit of the City of Hattiesburg, Hattiesburg, MS
No. 1 to FAA

Ensure that the City complies with the reporting requirements.

Audit Report: SA2018031 issued on 03.13.2018
Report on Single Audit of the Metropolitan Transportation Authority, New York, NY
No. 1 to FRA

Ensure that the Authority complies with the procurement and suspension and debarment requirements.

Audit Report: SA2018032 issued on 03.13.2018
Report on Single Audit of the Fort Worth Transportation Authority, Fort Worth, TX
No. 1 to FTA

Ensure that the Authority complies with the reporting requirements.

Audit Report: SA2018033 issued on 03.13.2018
Report on Single Audit of the Metro Regional Transit Authority, Akron, OH
No. 1 to FTA

Ensure that the Authority complies with the special tests and provisions requirements.

Audit Report: SA2018034 issued on 03.13.2018
Report on Single Audit of the Metropolitan Atlanta Rapid Transit Authority, Atlanta, GA
No. 1 to FTA

Ensure that the Authority complies with the procurement and suspension and debarment requirements.

Audit Report: AV2018030 issued on 03.06.2018
FAA Needs To Strengthen Its Management Controls Over the Use and Oversight of NextGen Developmental Funding
No. 1 to FAA

Define the projects that are considered pre-implementation (developmental) in the Agency budget guidance and Acquisition Management System policy and validate that developmental projects align with the definition and are funded under the appropriate budget activity.

No. 2 to FAA

Develop and implement a quality control checklist with criteria for determining when the use of incremental funding prior to PLA approval is permissible.

No. 3 to FAA

Develop and implement a control for enforcing the PMA limits on the assessment of program management fees for various administrative and contract support specified in the Agency's standard operating procedures.

No. 4 to FAA

Update PMA standard operating procedures to include a control that ensures project requirements are met before transferring expiring funds into the PMA account.

No. 5 to FAA

Amend the PLA close-out process to include the statement of outcomes and statement that work was concluded or if follow-on work is required.

No. 6 to FAA

Establish and implement a mechanism for providing oversight of developmental funding, to include records of decision regarding selecting, justifying, and measuring the outcomes of PLAs to ensure FAA is funding the highest priority work.

Audit Report: ST2018028 issued on 02.28.2018
Improvements Are Needed To Strengthen the Benefit-Cost Analysis Process for the TIGER Discretionary Grant Program
No. 1 to OST

Provide detailed guidance for consistent BCA reviews, including whether reviewers should perform research to correct or complete missing information in project applications.

No. 2 to OST

Establish and implement requirements regarding how BCA reviewers should document and maintain support for their reviews.

No. 3 to OST

Define the C&C team's role in the BCA review process to include the necessary steps to carry out a systematic review.

No. 4 to OST

Revise policy and guidance to include the standardized BCA review template and the requirement that a single responsible official finalize BCA reviews.

Audit Report: ZA2018029 issued on 02.28.2018
Improvements Could Be Made in FAA’s Award and Oversight of SE2020 Acquisition Program Task Orders
No. 1 to FAA

Revise AMS to include policy or guidance on justifying the use of program management task orders and a process for implementing assessment fees for multiple-award contracts.

No. 2 to FAA

Update SE2020's standard operating procedure for competition of SE2020 task orders, including strengthening procedures for follow-on awards.

No. 3 to FAA

Strengthen and document procedures to collect and analyze SE2020 task-order timeliness data to sustain improvements in task order award time.

No. 4 to FAA

Revise AMS to include policy or guidance for multiple-awards contracts to address acquisition planning, such as estimating contract hours and costs and overall contract estimates.

$44,000
No. 5 to FAA

Strengthen, document, and implement controls for SE2020 invoice review to comply with the Prompt Payment Act. Implementation of this recommendation could put up to $44,000 in funds to better use.

No. 6 to FAA

Revise AMS to include policy or guidance for multiple-award contracts to describe the appropriate structure for fee payments in cost plus fixed-fee contracts.

No. 7 to FAA

Obtain direct and indirect cost audits for all SE2020 prime contractors for all base contract years, or document the risk assessments performed to justify when cost audits are not performed.

No. 8 to FAA

Revise AMS to include policy or guidance for obtaining direct and indirect cost audits for multiple-award cost-reimbursable contracts or to perform risk assessments to justify not obtaining them.

No. 9 to FAA

Enhance procedures and controls to require SE2020 staff with responsibility for oversight of task orders to track and document vendor performance through its Performance-Based Contract Monitoring (PBCM) system.

No. 10 to FAA

Revise AMS to require FAA's acquisition program office that manages multiple-award contract vehicles to develop and maintain comprehensive program management and governance plans.

No. 11 to FAA

Revise AMS to strengthen multiple-award contract oversight and management framework to ensure such multiple-award contracts follow sound business practices and AMS policies and procedures.

Audit Report: QC2018025 issued on 02.14.2018
Quality Control Review of the Management Letter for the National Transportation Safety Board’s Audited Financial Statements for Fiscal Years 2017 and 2016
No. 1 to NTSB

Allmond recommends NTSB enhance current policies and procedures over the review of year-end accruals by including a look-back analysis which compares disbursements made early in the subsequent fiscal year to the accrual estimated through the current process in order to identify items which should be included in its year-end accrual. In addition, if significant differences are identified, determine the appropriate corrective action necessary to increase the accuracy of its accrual estimation process.

No. 2 to NTSB

Almond recommends that NTSB redesign the provisioning process to include that the system access request accurately describes the access required for each user and that when access is modified a new system access request form is completed to reflect this change.

Audit Report: QC2018024 issued on 02.12.2018
Quality Control Review of the Management Letter for the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2017 and 2016
No. 1 to FAA

KPMG recommends that management document their consideration of any factors that could impact the estimate in the current FY when preparing the annual grant accrual estimate.

No. 2 to FAA

KPMG recommends that management further document their analysis over the lookback review. Management should consider all factors that could result in a variance between the accrual and lookback calculation, make a determination as to the potential impact in the current year accrual calculation and ensuring the documented factors are accurately described and necessary revisions to the methodology are made.

No. 3 to FAA

KPMG recommends that management implement controls at the appropriate level of precision to ensure expense transactions are accurate, valid and properly posted to the general ledger.

No. 4 to FAA

KPMG recommends that management develop and implement its policies and procedures to ensure invoices are reviewed at the appropriate level of precision to ensure that amounts are properly expensed or capitalized. KPMG also recommends that management require appropriate level of detail from their contractors in order to effectively distinguish capital transactions from expense transactions.

No. 5 to FAA

KPMG recommends that the FAA perform a review of the AP accrual, including the procurement samples used for the percentage allocation, at a level of detail or precision to identify errors in order to prevent a misstatement.

No. 6 to FAA

KPMG recommends that LCSS implement policies and procedures to ensure LCSS user access is approved prior to the access being granted. In addition, KPMG recommends that LCSS management maintain documentation of the approvals, and ensure that user account request tickets are maintained properly.

No. 7 to FAA

KPMG recommends that the LCSS implement the procedures outlined by the LCSS System Security Plan to ensure that terminated and inactive users are removed appropriately and timely.

No. 8 to FAA

KPMG recommends that LCSS implement a process to review user access on a periodic basis.

No. 9 to FAA

KPMG recommends that the LCSS implement policies and procedures to ensure that periodic access reviews have a defined timeline, frequency, and provide adequate detail for the reviewer to determine if access is appropriate based on the user's roles and responsibilities.

Audit Report: QC2018023 issued on 02.12.2018
Quality Control Review of the Management Letter for Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2017 and 2016
No. 1 to FTA

KPMG recommends that FTA enhance its grant accrual retrospective review procedures to include a review, and adjustment, if necessary, of grantee expenditures used in the retrospective review to ensure such data is relevant and reliable.

No. 2 to FHWA

KPMG recommends FHWA strengthen policies and procedures to ensure that terminated users' access is removed timely from UPACS and the application it supports, in accordance with the DOT Cybersecurity Compendium guidelines.

Audit Report: AV2018020 issued on 01.31.2018
FAA Completed STARS at Large TRACONs, but Challenges in Delivering NextGen Capabilities Remain
No. 1 to FAA

Finalize a timeline for identifying the remaining STARS requirements, including the additional requirements for the post-implementation enhancements

No. 2 to FAA

Implement a process in the FAA Requirements Management Plan to track and document when and how new requirements are validated and prioritized.

No. 3 to FAA

Redesign the power supply configuration of STARS rack assemblies to eliminate series connected power strips in the next STARS technical refresh of the 11 TRACONs.

No. 4 to FAA

Resolve the electrical configuration issue of the STARS rack assemblies at each of the 11 TRACONs by either: (a) obtaining approval for the configuration from a nationally recognized testing laboratory or (b) assessing and documenting risks posed by the STARS rack assemblies installed at each of the 11 facilities and FAA's acceptance of that risk on air traffic operations.

Audit Report: ST2018019 issued on 01.31.2018
Estimates Show Commercial Driver Detention Increases Crash Risks and Costs, but Current Data Limit Further Analysis
No. 1 to FMCSA

Collaborate with industry stakeholders to develop and implement a plan to collect and analyze reliable, accurate, and representative data on the frequency and severity of driver detention times.

Audit Report: FI2018018 issued on 01.29.2018
DATA Act: Report on DOT’s Submission
Closed on 03.26.2018
No. 1 to OST

Determine whether utility obligations are reportable for DATA Act purposes.

Closed on 03.07.2018
No. 2 to OST

Improve controls to ensure that SLSDC excludes its zero dollar invoice related transactions from submissions.

Closed on 05.16.2018
No. 3 to OST

Improve controls to ensure that FAA excludes micro- purchases from submissions.

Audit Report: FI2018017 issued on 01.24.2018
FISMA 2017: DOT’s Information Security Posture Is Still Not Effective
No. 1 to OST

Require MARAD, NHTSA, OST, and SLSDC to develop and disseminate policies and procedures for their risk management programs that include the appropriate elements such as criteria for making risk based decisions.

No. 2 to OST

Implement controls to verify that information on threat activity has been communicated to senior agency officials and require retention of supporting documentation.

No. 3 to OST

For the COE and FAA, update procedures and practices for monitoring and authorizing common security controls to (a) require supporting documentation for controls continual assessments, (b) complete reauthorization assessments for the controls, (c) finalize guidance for customers' use of controls, and (d) establish communication protocols between authorizing officials and common control providers regarding control status and risks.

No. 4 to FAA

Verify that FAA's criteria regarding designation and definition of contractor systems conforms to DOT guidance, and that systems are correctly classified.

No. 5 to OST

Implement controls to continuously monitor and work with components to ensure network administrators are informed and action is taken to disable system accounts when users no longer require access or have been inactive beyond established thresholds.

No. 6 to OST

Complete PIV enablement and requirements for remaining information systems, except those that are subject to exclusions that are documented and approved.

No. 7 to OST

Take action to fully implement mandatory use of PIV cards for VDI access.

No. 8 to OST

Implement processes verifying that personnel performing certain security related roles receive specialized training needed to meet OCIO guidance.

Audit Report: QC2018015 issued on 01.17.2018
Quality Control Review of DOT’s Implementation of Earned Value Management Practices
Closed on 05.29.2018
No. 1 to MARAD

Establish a work breakdown structure, consistent with the DOT Earned Value Managment Implementation Guide standard, for investment projects when required by the DOT EVM Policy.

No. 2 to FTA

Establish a work breakdown structure, consistent with the DOT Earned Value Managment Implementation Guide standard, for investment projects when required by the DOT EVM Policy.

No. 3 to OST

Ensure that artifacts illustrating implementation and execution of EVM are in accordance with the DOT EVM policy.

No. 4 to OST

Retain evidence of the required EVM artifacts.

Audit Report: QC2018016 issued on 01.17.2018
Quality Control Review of the Assessment of DOT’s Protection of Privacy Information
No. 1 to FAA

KPMG recommends that FAA Privacy Program conduct a review of its privacy program to identify changes needed to ensure that system's privacy plans are completed in accordance with the DOT Privacy Risk Management Policy.

No. 2 to FAA

KPMG recommends that FAA System Owner of System #2 ensure the system Privacy Plan includes all requirements established by the DOT Chief Privacy Officer in the privacy threshold assessment (PTA) and the adjudication statement is implemented.

No. 3 to FAA

KPMG recommends that FAA System Owner of System #5 ensure that the encryption protections for data at rest and during transit are implemented in accordance with the DOT Privacy Risk Management Policy.

No. 4 to FAA

KPMG recommends that FAA System Owner of System #5 confirm that the session time-out functionality has been implemented.

No. 5 to FAA

KPMG recommends that FAA System Owner of System #8 ensure that the encryption protections for data at rest are implemented in accordance with the DOT Privacy Risk Management Policy.

No. 6 to FAA

KPMG recommends that FAA System Owner of System #9 provide system specific and/or specialized/role based privacy job aides as needed to personnel who maintain and/or have access to PII data.

No. 7 to FAA

KPMG recommends that FAA System Owner of System #9 Ensure the Privacy Plan including all requirements established by the DOT Chief Privacy Officer in the PTA adjudication statement is implemented.

No. 8 to FAA

KPMG recommends that FAA System Owner of System #9 implement memoranda of understanding or similar agreements for internal sharing of PII.

Closed on 07.26.2018
No. 9 to FAA

KPMG recommends that FAA System Owner of System #9 ensure that encryption protections for data at rest is implemented in accordance with the DOT Privacy Risk Management Policy.

Closed on 07.26.2018
No. 10 to FAA

KPMG recommends that FAA System Owner of System #9 ensure that the Plan of Action and Milestones (POA&M) for encryption protections for data at rest is actively monitored and updated as changes occur prior to the estimated closure date of December 19, 2017.

No. 11 to OST

KPMG recommends that Office of the Secretary of Transportation Departmental Chief Privacy Officer establish a continuous monitoring (CM) program for privacy supportive security controls to ensure PII systems remain compliant with DOT Privacy Risk Management policy.

No. 12 to OST

KPMG recommends that Office of the Secretary of Transportation System Owner of System #15 ensure that the encryption protections for data at rest and during transit have been implemented in accordance with the DOT Privacy Risk Management Policy.

Audit Report: ST2018014 issued on 01.10.2018
FHWA Lacks Detailed Guidance on Infrastructure Resilience for Emergency Relief Projects and a Process To Track Related Improvements
No. 1 to FHWA

Revise the Emergency Relief Manual to include a definition of resilience improvement and identify procedures States should use to incorporate resilience into ERP-funded projects.

No. 2 to FHWA

Develop and implement a process to identify best practices for improving the resilience of emergency relief projects and share them with Division Offices and State DOTs.

No. 3 to FHWA

Develop and implement a process to track the consideration of resilience improvements for emergency relief projects and their associated costs.

Audit Report: QC2018013 issued on 12.20.2017
Quality Control Review for DOT’s Implementation of Enterprise Architecture
No. 1 to OST

KPMG recommends OST direct the OCIO to work with OAs' CIOs to conduct the required annual assessment of the DOT's and OA's EA programs against the GAO's EA Management Maturity Model.

No. 2 to OST

KPMG recommends OST supplement the existing DOT EA Policy with operational guidance to clarify EA artifacts required by the DOT EA policy.

No. 3 to NHTSA

KPMG recommends NHTSA formally approve and distribute their OA level EA policy, otherwise the OA will rely on the DOT EA policy.

No. 4 to FHWA

KPMG recommends FHWA formally approve and distribute their OA level EA policy, otherwise the OA will rely on the DOT EA policy.

No. 5 to FRA

KPMG recommends FRA retain evidence of the training provided to individuals with EA IT responsibility.

No. 6 to FTA

KPMG recommends FTA retain evidence of the training provided to individuals with EA IT responsibility.

No. 7 to NHTSA

KPMG recommends NHTSA retain evidence of the training provided to individuals with EA IT responsibility.

No. 8 to PHMSA

KPMG recommends PHMSA retain evidence of the training provided to individuals with EA IT responsibility.

No. 9 to PHMSA

KPMG recommends PHMSA produce and maintain evidence of EA reviews of IT investment risks that demonstrate alignment with appropriate DOT EA segments and DOT and OA EA standards.

No. 10 to OST

KPMG recommends OST require that the EA artifacts illustrating implementation and execution of EA are in accordance with DOT EA policy.

Closed on 07.26.2018
No. 11 to OST

KPMG recommends OST retain evidence of the required EA artifacts.

Audit Report: AV2018012 issued on 12.19.2017
FAA Oversight Is Not Keeping Pace With the Changes Occurring in the Regional Airline Industry
No. 1 to FAA

Revise the Safety Assurance System (SAS) risk-assessment tool to include weighted factors for each organizational risk evaluated by inspectors.

No. 2 to FAA

Update the scoring system and instructions in the Financial Condition Assessment Decision Aid to reflect that 10 characteristics are being evaluated.

No. 3 to FAA

Develop and provide additional guidance and training to inspectors to clarify the differences in the choices (word pictures) provided in the decision aids.

No. 4 to FAA

Reevaluate the decision aids to validate that: a. They include the appropriate areas of focus during reviews of the financial condition and transition or growth of regional air carriers; b.The weighting of the focus areas correlates to their potential impact on risks associated with financial distress or rapid growth or downsizing.

No. 5 to FAA

Revise validated guidance to emphasize the importance of completing decision aids periodically for baseline comparisons.

No. 6 to FAA

Implement a retention policy for completed decision aids so they will be available to inspectors for comparison and analysis during risk assessments.

No. 7 to FAA

Develop and provide guidance and training to show inspectors how to detect triggers that require the completion of a decision aid, as well as the importance of using decision aids to adjust surveillance.

No. 8 to FAA

Refine policies and procedures for collecting and analyzing safety data and metrics from regional airlines sector-wide and sharing that information with FAA's Flight Standards Offices.

No. 9 to FAA

Revise Agency guidance on risk-management processes to recommend adjustments to surveillance when the risk score is identified as high or document a reason for not adjusting surveillance given the risk.

No. 10 to FAA

Revise inspector guidance to provide actions inspectors should take after risks are identified through complaints, including reaching out to other offices if necessary and ensuring planned surveillance of the issue is actually completed.

Audit Report: FI2018011 issued on 12.11.2017
FAA Needs To Enhance the Oversight and Management of Its Overflight Fee Program
Closed on 02.28.2018
No. 1 to FAA

Develop and implement policies and procedures to retain the original data files for purposes of validating the accuracy of the data being used to compute overflight fees.

Closed on 07.02.2018
No. 2 to FAA

Develop a timeline that indicates when FAA overflight-fee officials will start using updated software (that meet its system reliability requirements) for computing fees.

Closed on 02.28.2018
No. 3 to FAA

Develop and implement internal controls to oversee overflight-fee contractors, specifically, to review and approve flight data before the contractor submits them for billing.

Closed on 03.02.2018
No. 4 to FAA

Develop and implement internal controls to oversee Enterprise Services Center employees and require debt-collection training to ensure overflight fees are properly billed.

Closed on 03.02.2018
No. 5 to FAA

Establish policies and procedures that require staff to appropriately apply Federal laws and regulations and exclude aircraft users that are exempt or meet exception rules from receiving invoices for overflight fees.

$18,760,000
No. 6 to FAA

Develop and implement policies and procedures to ensure that overflight-fee collection activities comply with Department of the Treasury requirements, such as:a. Ensuring debtors are given due process; implementation of this recommendation could put $1.48 million in funds to better use.b. Assessing late charges on all delinquent debts; implementation of this recommendation could put $9.3 million in funds to better use.c. Making timely referrals of delinquent overflight fees to Treasury; implementation of this recommendation could put $7.98 million in funds to better use.

Audit Report: ST2018010 issued on 11.21.2017
PHMSA Has Improved Its Workforce Management but Planning, Hiring, and Retention Challenges Remain
No. 1 to PHMSA

Develop a comprehensive workforce plan by implementing the existing Human Capital Framework in accordance with the Department's Workforce Planning Guide.

No. 2 to PHMSA

Include in the workforce plan an assessment of whether the Agency should use retention incentives and, if appropriate, a plan for seeking authority to use retention incentives at levels above the fiscal year 2010 cap.

No. 3 to PHMSA

Include in the workforce plan an assessment of whether the Agency should use a special rate of pay for general engineers (series 0801) and, if appropriate, a plan for seeking authority to establish a higher rate of basic pay.

Audit Report: QC2018008 issued on 11.15.2017
Report on the Quality Control Review of the Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2017 and 2016
No. 1 to FAA

KPMG recommends that management continue to refine the EC&D estimation methodology to ensure that the methodology is based on relevant, sufficient, and reliable data that is supported by sufficient appropriate audit evidence.

No. 2 to FAA

KPMG recommends that management review any refinements to the methodology to ensure that the estimate is presented and disclosed in the financial statements in conformity with applicable accounting principles.

No. 3 to FAA

KPMG recommends that management establish appropriate communication channels with personnel outside of the Financial Statements and Reporting Division to ensure proper communication and coordination related to the calculation of material financial statement information

No. 4 to FAA

KPMG recommends that management perform an adequate review and approval of the accounting estimates, including: 1) Review of sources of relevant factors; 2) Review of development of assumptions; 3) Review of reasonableness of assumptions and resulting estimates; and 4) Consideration of changes in previously established methods to arrive at accounting estimates.

No. 5 to FHWA

KPMG recommends that DOT establish a review control, with the appropriate level of precision, over the cash flow projections to ensure that the inputs are relevant and reliable.

No. 6 to FHWA

KPMG recommends that DOT review the overall cash flow model functionality and implementation to ensure that all assumptions are properly applied, documented, and supported in the execution of the cash flow projections.

No. 7 to FHWA

KPMG recommends that DOT consider automating the calculations that are performed manually to reduce the risk of misapplication of assumptions due to human error.

No. 8 to OST

KPMG recommends that the Department complete the internal reviews currently planned or being performed, and properly report the results in compliance with the ADA, if necessary.

Audit Report: QC2018007 issued on 11.14.2017
Quality Control Review for the Surface Transportation Board’s Audited Financial Statements for Fiscal Years 2017 and 2016 (restated)
No. 1 to STB

STB and its accounting service provider should implement accounting processes for estimating and recording the value of goods and/or services provided by vendors for open obligations, with and without an advance.

No. 2 to STB

Develop written policies to: obtain invoices supporting the value of goods and services provided by vendors with advances so permanent reductions can be made to reduce the value of individual advances, close out advances where all services have been provided, and recoup all unused advance funding; including those currently outstanding.

No. 3 to STB

Strengthen monitoring controls of financial management operations performed by the agency's accounting service provider. Develop policies, procedures and review checklists to ensure that monitoring processes are performed consistently and documented as required by GAO internal control standards.

No. 4 to STB

Work with the accounting service provider to strengthen the service provider's quality control processes, and obtain documented assurances that quality control reviews have been performed on financial statements presented to the agency for audit

No. 5 to STB

Determine the reasons that abnormal general ledger account balances were not identified, researched, and corrected, as appropriate despite the assurances provided in response to the same issues reported in the FY 2016 financial statement audit report. Implement additional controls to ensure abnormal account balances are properly identified, researched, and appropriate corrective actions are taken.

Audit Report: QC2018006 issued on 11.13.2017
Report on the Quality Control Review of the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2017 and 2016
No. 1 to FAA

KPMG recommends that management continue to refine the EC&D estimation methodology to ensure that the methodology is based on relevant, sufficient, and reliable data which is properly supported by sufficient appropriate audit evidence.

No. 2 to FAA

KPMG recommends that management review any refinements to the methodology to ensure that the estimate is presented in conformity with applicable accounting principles and that the related disclosure is adequate.

No. 3 to FAA

KPMG recommends that management e stablish appropriate communication channels with personnel outside of the Financial Statements and Reporting Division to ensure proper communication and coordination related to the calculation of material financial statement information.

No. 4 to FAA

KPMG recommends that management perform an adequate review and approval of the accounting estimates, including: 1) Review of sources of relevant factors; 2) Review of development of assumptions; 3) Review of reasonableness of assumptions and resulting estimates; and 4) Consideration of changes in previously established methods to arrive at accounting estimates.

No. 5 to FAA

KPMG recommends that management develop and implement policies and procedures to ensure that only assets that exist and that may require future decommissioning and cleanup activities are included in the EC&D liability estimate.

Audit Report: FI2018003 issued on 11.08.2017
Report on the Audited Financial Statements for Fiscal Year 2017 - Saint Lawrence Seaway Development Corporation
Closed on 07.31.2018
No. 1 to SLSDC

Improve and implement reconciliation (walkthrough) procedures during the financial statement preparation process to ensure information included in its financial statements is supported by underlying accounting records and transactions.

No. 2 to SLSDC

Develop and implement accounting policies and procedures to recognize and record SLSDC's share of activities related to the operation of the South Channel Span of the Seaway International Bridge.

No. 3 to SLSDC

Develop and implement accounting policies and procedures to recognize and record SLSDC's expense activity associated with executed bridge repair service job orders.

No. 4 to SLSDC

Develop and implement accounting policies and procedures to recognize and record SLSDC's liabilities with SIBC for open service job orders.

Closed on 07.31.2018
No. 5 to SLSDC

Establish controls to ensure the appropriate useful lives of assets are recorded in the accounting system when new assets are placed into service.

Closed on 07.31.2018
No. 6 to SLSDC

Establish controls to review the nature and scope of projects prior to closure and conversion to PP&E to ensure that assets are properly recorded in the PP&E records.

Closed on 05.30.2018
No. 7 to SLSDC

Update asset disposal policy to better define procedures for disposal and establish specific parameters for timely completion.

Closed on 05.30.2018
No. 8 to SLSDC

Enhance certificates of disposal to include asset ID numbers to expedite disposal actions.

No. 9 to SLSDC

Perform a complete physical inventory of PP&E as required by SLSDC policy and research any differences identified.

Closed on 05.30.2018
No. 10 to SLSDC

Update the property records to include the serial numbers for buoys.

Closed on 05.30.2018
No. 11 to SLSDC

Coordinate with the Department of the Treasury to determine the appropriate treatment and custody of its funds currently held by SIBC.

Audit Report: FI2018002 issued on 10.26.2017
The Surface Transportation Board’s Information Security Program Is Not Effective
No. 1 to STB

Complete implementation of policies and procedures for: a. Risk management, including a risk management plan and assessment, b. System authorization, and c. Plans of actions and milestones.

No. 2 to STB

Complete the system reauthorization of the STB LAN.

No. 3 to STB

Complete service level agreements or similar documents that permit STB or its auditor to perform tests and/or obtain supporting documentation to demonstrate that cloud systems are properly authorized to operate.

No. 4 to STB

Define specifications and acquire an automated solution to assist with the risk management program.

No. 5 to STB

Develop policies and procedures for the implementation of an information security architecture.

No. 6 to STB

Modify existing procedures to fully address identification, reporting, and resolution of information system flaws, including timely patch installation.

No. 7 to STB

Incorporate missing elements into its enterprise-wide configuration management plan such as a change control board charter.

No. 8 to STB

Modify identity and access management policies and procedures to adequately address: a. Reviews of as-is states, desired states and a transition plan. b. Processes for assigning personnel risk designations prior to granting access to its systems.c. Processes for developing, documenting, and maintaining access agreements for individuals with system access. d. Requirements for remote access

No. 9 to STB

Conduct a needs assessment to formally determine the organization's awareness and training needs, including but not limited to developing and implementing a formal process for assessing the skills, knowledge, and abilities of its workforce.

No. 10 to STB

Develop and implement a formal process for measuring the effectiveness of its security awareness and training program.

No. 11 to STB

Modify the training plan to include missing elements such as funding, goals and use of technology.

No. 12 to STB

Develop and implement an ISCM program that, at a minimum provides awareness of threats and vulnerabilities.

No. 13 to STB

Modify its policies and procedures to address missing components such as incident detection and analysis; incident prioritization, containment, eradication, and recovery; coordination, information sharing, and reporting; incident response training and testing, and considerations for major incidents.

No. 14 to STB

Implement its contingency planning policy by performing business impact analyses, updating or completing system contingency plans, testing contingency plans, performing necessary backups and obtaining an adequate alternate processing site, it needed.

Audit Report: ZA2017106 issued on 09.26.2017
OSDBU Lacks Effective Processes for Establishing, Overseeing, and Managing Its Small Business Transportation Resource Centers
No. 1 to OST

Develop and implement written policies and procedures for establishing new Centers or making adjustments to existing ones—including determining each Center's initial financial resource needs, changes to funding levels, locations, geographic areas of coverage, and small business/client populations.

Closed on 06.01.2018
No. 2 to OST

Conduct a baseline program needs assessment of current funding levels, locations, geographic areas of coverage, and small business/client populations to be served—and take corrective actions as needed to meet determined needs.

Closed on 06.01.2018
No. 3 to OST

Develop and implement an action plan for increasing future competition for Center operation.

No. 4 to OST

Develop and implement performance measures for cooperative agreement requirements that assess how well the Centers achieve program objectives and desired outcomes

No. 5 to OST

Implement policies and procedures to ensure OSDBU personnel comply with existing monitoring requirements for conducting annual performance evaluations and site visits

$69,312
No. 6 to OST

Recover the $69,312.00 in improper payments for unallowable labor charges

$1,168,907
No. 7 to OST

Implement policies and procedures to ensure that OSDBU's financial management practices comply with appropriation law, Federal regulations, and the Department's Financial Assistance Guidance Manual. Implementing this recommendation could potentially put $1,168,907 in funds to better use.

Closed on 06.01.2018
No. 8 to OST

Take action to correct the $346,927 in improper payments related to OSDBU's financial management practices identified in this report.

No. 9 to OST

Deobligate the $57,758 remaining on cooperative agreements that have ended, as identified by this audit as funds that could have been put to better use

No. 10 to OST

Develop and implement a process to perform periodic financial assistance management reviews of OSDBU to ensure that OSDBU is informed about and complies with existing financial management assistance laws, regulations, and guidance.

Audit Report: SA2017104 issued on 09.26.2017
Report on Single Audit of the City of Lawton, OK
No. 1 to FTA

Ensures that the City complies with period of availability requirements.

$23,598
No. 2 to FTA

Recovers $23,598 from the City, if applicable.

Audit Report: SA2017105 issued on 09.26.2017
Report on Single Audit of the National Railroad Passenger Corporation and Subsidiaries (Amtrak) Washington, D.C.
Closed on 02.26.2018
No. 1 to FRA

Ensures that Amtrak complies with equipment and real property management requirements.

Audit Report: SA2017086 issued on 09.12.2017
Report on Single Audit of the Delaware River and Bay Authority, New Castle, DE
No. 1 to FAA

Ensures that the Authority complies with period of performance requirements.

$44,589
No. 2 to FAA

Recovers $44,589 from the Authority, if applicable.

Audit Report: SA2017092 issued on 09.11.2017
Report on Single Audit of the U.S. Virgin Islands Port Authority, Charlotte Amelie West, VI
No. 1 to FAA

Ensures that the Authority complies with procurement, suspension, and debarment requirements.

Audit Report: ZA2017098 issued on 09.11.2017
DOT and FAA Lack Adequate Controls Over Their Use and Management of Other Transaction Agreements
No. 1 to FAA

Develop and implement policies and procedures, including a standard identification method, for tracking other transaction agreements (OTA).

No. 2 to FAA

Develop and implement criteria that: a. Describe when an OTA should be used rather than a contract or grant; b. Require awarding officials to document their rationale for using OTAs rather than contracts or grants.

No. 3 to FAA

Develop and implement policies and procedures to state when Acquisition Management System guidance, FAA financial assistance policies, and other requirements and guidance such as requirements for Independent Government Cost Estimates, including OTAs in Single Audits, and conflicts of interest analysis apply to OTAs.

No. 4 to FAA

Develop and implement policies to report OTA awards that involve Federal funds to USASpending.gov.

No. 5 to FAA

Establish documentation requirements for all types of OTAs, and develop and implement policies and procedures for maintaining complete files for the agreements, including evidence of legal reviews.

No. 6 to FAA

Develop and implement policies and procedures to ensure that OTAs are awarded and administered by properly authorized (warranted) officials, including: a. Creating and regularly maintaining a comprehensive list of awarding officials, the various types of agreements (e.g., contract, grant, OTA, reimbursable agreement, interagency agreement) they are authorized to sign, dollar limits (if any), and the dates the authority began and ended when applicable; b. Clarifying the Acquisition Management System to specify when it is appropriate to use an OTA that is also an interagency agreement or reimbursable agreement, and to specify what warrant authorities are required for officials signing these agreements.

No. 7 to FAA

Assess whether OTAs signed by individuals without proper authorization represent unauthorized commitments, and take appropriate corrective actions.

No. 8 to FAA

Develop and implement policies and procedures to standardize and enforce provisions of Tower Operating Agreement OTAs as a condition of providing air traffic control services, including: a. A procedure to provide for periodic inspections of the tower environment to detect problems that have an impact on FAA contract controllers and respond to them; b. Requiring all airport sponsors to sign Tower Operating Agreements.

$2,200,000
No. 9 to FAA

Renegotiate tower leases requiring rent payments to airport sponsors to secure no-cost leases. Implementation of this recommendation could put $2.2 million in Federal funds to better use.

$19,000
No. 10 to FAA

Recover the $19,000 overpayment to an OTA tower construction recipient, determine whether FAA overpaid other recipients on its tower construction agreements, and recover any overpayments and interest not applied to the construction projects.

No. 11 to FAA

Develop and implement policies and procedures for tower construction OTAs that at a minimum address aligning payments to actual needs and disposing of leftover funds and interest earned on advanced funds.

No. 12 to FAA

Develop a business case for the award of a new OTA, or an extension of the current OTA, to conduct research at and manage the Florida Test Bed that includes the potential for competition and a cost-benefit analysis that examines facility utilization (whether onsite or via remote access) and potential for cost sharing.

No. 13 to FAA

Follow DOT's cybersecurity policy, and track access and usage of OTA-covered information systems, including those at the Florida Test Bed.

No. 14 to OST

Update the Financial Assistance Guidance Manual and other policies to reflect current authorities and oversight needs for OTAs, and clarify which provisions of the manual and other policies apply to these agreements.

No. 15 to OST

Update the Financial Assistance Guidance Manual and other policies to reflect current authorities and oversight needs for OTAs, and clarify which provisions of the manual and other policies apply to these agreements.

No. 16 to PHMSA

Revise and implement policies and procedures for conducting pre-award reviews that assess the price reasonableness of each OTA.

Closed on 09.20.2017
No. 17 to PHMSA

Designate in writing which officials are authorized to award OTAs.

Audit Report: SA2017076 issued on 09.11.2017
Report on Single Audit of the State of Nebraska, Lincoln, NE
Closed on 03.27.2018
No. 1 to FHWA

Ensures that the State complies with allowable cost principles requirements.

Closed on 03.27.2018
$176,050
No. 2 to FHWA

Recovers $176,050 from the State, if applicable.

No. 3 to FTA

Ensures that the State complies with subrecipient monitoring requirements.

$438,118
No. 4 to FTA

Recovers $438,118 from the State, if applicable.

Audit Report: SA2017081 issued on 09.11.2017
Report on Single Audit of the Massachusetts Bay Transportation Authority, Boston, MA
No. 1 to FTA

Ensures that the Authority complies with allowable costs/cost principles requirements.

No. 2 to FTA

Ensures that the Authority complies with equipment and real property management requirements.

Audit Report: SA2017085 issued on 09.11.2017
Report on Single Audit of the Territory of American Samoa, Pago Pago, AS
No. 1 to FAA

Ensures that the Territory complies with equipment and real property management Requirements.

Audit Report: SA2017093 issued on 09.11.2017
Report on Single Audit of the City of Petersburg, Petersburg, VA
No. 1 to FTA

Ensures that the City complies with cash management requirements.

$66,667
No. 2 to FTA

Recovers $66,667 from the City, if applicable.

Audit Report: SA2017082 issued on 09.11.2017
Report on Single Audit of the Puerto Rico Metropolitan Bus Authority, San Juan, PR
No. 1 to FTA

Ensures that the Authority complies with equipment and real property management requirements.

Audit Report: SA2017094 issued on 09.11.2017
Report on Single Audit of the City of Wichita, Wichita, KS
Closed on 07.31.2018
No. 1 to FTA

Ensures that the City complies with special test and provisions-wage rate requirements.

Audit Report: SA2017087 issued on 09.11.2017
Report on Single Audit of PACE, the Suburban Bus Division of the Regional Transportation Authority, Arlington Heights, IL
Closed on 07.31.2018
No. 1 to FTA

We recommend FTA ensures that the Division complies with reporting requirements.

Audit Report: SA2017089 issued on 09.11.2017
Report on Single Audit of Jefferson County, Golden, CO
No. 1 to FAA

Ensures that the County complies with cash management requirements.

No. 2 to FAA

Ensures that the County complies with procurement, suspension and debarment requirements.

No. 3 to FAA

Ensures that the County complies with special tests and provisions-wage rate requirements.

Audit Report: SA2017097 issued on 09.11.2017
Report on Single Audit of the State of Florida, Tallahassee, FL
No. 1 to FHWA

Ensures that the State complies with matching, level of effort, earmarking requirements.

$252,644
No. 2 to FHWA

Recovers $252,644 from the State, if applicable.

Audit Report: SA2017077 issued on 09.11.2017
Report on Single Audit of the State of Connecticut, Hartford, CT
Closed on 09.28.2017
No. 1 to FHWA

Ensures that the State complies with activities allowed or unallowed requirements.

Closed on 09.28.2017
$60,800
No. 2 to FHWA

Recovers $60,800 from the State, if applicable.

Audit Report: SA2017088 issued on 09.11.2017
Report on Single Audit of the Greater Portland Transit District, Portland, ME
Closed on 10.30.2017
No. 1 to FTA

Ensures that the District complies with special tests and provisions-wage rate requirements.

Audit Report: SA2017095 issued on 09.11.2017
Report on Single Audit of the Turtle Mountain Band of Chippewa Indians, Belcourt, ND
No. 1 to FHWA

Ensures that the Tribe complies with activities allowed or unallowed and allowable costs/cost principles requirements.

$675
No. 2 to FHWA

Determine an amount of questioned costs and recover from the Tribe, if applicable.

Audit Report: SA2017079 issued on 09.11.2017
Report on Single Audit of the Wyoming Department of Transportation, Cheyenne, WY
Closed on 09.28.2017
No. 1 to FHWA

Ensures that the State DOT complies with subrecipient monitoring requirements.

Closed on 02.26.2018
No. 2 to FTA

Ensures that the State DOT complies with subrecipient monitoring requirements.

Audit Report: SA2017078 issued on 09.11.2017
Report on Single Audit of Itawamba County, Fulton, MS
No. 1 to MARAD

Ensures that the County complies with allowable costs/costs principles requirements.

$84,365
No. 2 to MARAD

Recovers $84,365 (2013-020 ($4,385) and 2013-022 ($79,980)) from the County, if applicable.

Audit Report: SA2017090 issued on 09.11.2017
Report on Single Audit of the Arapahoe County Public Airport Authority, Englewood, CO
No. 1 to FAA

Ensures that the Authority complies with special tests and provisions-revenue diversion requirements.

$1,611,898
No. 2 to FAA

Recovers $1,611,898 from the Authority, if applicable.

Audit Report: SA2017096 issued on 09.11.2017
Report on Single Audit of the Commonwealth Ports Authority, Saipan, MP
Closed on 07.25.2018
No. 1 to FAA

Ensures that the Authority complies with equipment and real property requirements.

Audit Report: SA2017080 issued on 09.11.2017
Report on Single Audit of the State of Rhode Island and Providence Plantations, Providence, RI
Closed on 07.25.2018
No. 1 to FHWA

Ensures that the State complies with special tests and provisions requirements.

Closed on 06.05.2018
$118,713
No. 2 to FHWA

Recovers $118,713 from the State, if applicable (Finding 2016-043).

Closed on 10.30.2017
No. 3 to FRA

Ensures that the State complies with special tests and provisions - wage rate requirements (Finding 2016-047).

Audit Report: SA2017083 issued on 09.11.2017
Report on Single Audit of the Government of Guam, Hagatna, GU
No. 1 to FHWA

Ensures that the Government of Guam complies with equipment and real property management requirements.

Audit Report: SA2017091 issued on 09.11.2017
Report on Single Audit of the Government of U.S. Virgin Islands, Charlotte Amelie, VI
No. 1 to FHWA

Ensures that the Government complies with equipment and real property management requirements.

No. 2 to FHWA

Ensures that the Government complies with Special tests and provisions-wage rate requirements.

Audit Report: SA2017084 issued on 09.11.2017
Report on Single Audit of Livingston County, Howell, MI
Closed on 07.25.2018
No. 1 to FTA

Ensures that the County complies with period of performance requirements.

Closed on 07.25.2018
$21,025
No. 2 to FTA

Recovers $21,025 from the County, if applicable.

Audit Report: AV2017075 issued on 09.05.2017
Greater Adherence to ADS-B Contract Terms May Generate Better Performance and Cost Savings for FAA
No. 1 to FAA

Require the contactor to report on all seven technical performance measures to provide FAA with the ability to determine whether all performance requirements are being met and contractually required products and services are being received.

Closed on 11.17.2017
No. 2 to FAA

To disclose the total cumulative costs for the contract, identify and report the potential range or maximum value of incentive fees payable under the contract, about $78 million, when reporting to managers, Congress, and other stakeholders.

Closed on 07.05.2018
No. 3 to FAA

Modify the contract to clearly identify the differences between critical service specifications for ADS-B and the technical performance measures for ADS-B services that are used for computing incentive awards.

Closed on 07.30.2018
No. 4 to FAA

Conduct and document a review of incentive fee implementation to ensure that it motivates the contractor to exceed the contract specifications and also minimizes performance violations as stated in the H.7 clause. Consider adjustments to the incentive fee implementation as a result of the review.

Closed on 11.17.2017
No. 5 to FAA

Enforce the H.33 clause to reveal capital asset cost and gain necessary pricing information for use in negotiating additions and enhancements to the ADS-B contract as has occurred on at least nine occasions previously.

No. 6 to FAA

Conduct and document an analysis to determine whether or not duplicate subscription fee payments are being made due to radio stations that support multiple service volumes.

No. 7 to FAA

Strengthen future acquisitions by adding or modifying guidance to AMS to incorporate concepts from the OMB Capital Programming Guide on considering the use of successive or incrementally priced contract, orders, or contract line items when acquiring or developing systems spanning many years. This guidance may be incorporated into planned guidance regarding the use of modular contracting concepts.

Closed on 02.16.2018
No. 8 to FAA

Strengthen future acquisitions by expanding guidance in the AMS or the FAA Pricing Guide to: (1) better describe the process for (a) evaluating price reasonableness and (b) determining cost realism when evaluating proposals, to include a review of quantities and types of hardware proposed; and (2) include in existing oversight processes a check to ensure that independent government cost estimates and life cycle cost estimates are not established based solely on the awardee's proposal.

Closed on 11.17.2017
No. 9 to FAA

Strengthen future acquisitions by requiring that contracting officers and specialists in the Surveillance Contracting Branch keep hard and/or electronic back-up copies of contract file information in the contract file; keep the contract up to date, including modifications or changes such as partial acceptance, methodology for partial acceptance, pricing matrix adjustments, and other agreements created by correspondence outside the contract; and ensure that in Agency computers, a complete and accurate record of all contract actions and supporting documentation is established and maintained in real time.

Audit Report: QC2017074 issued on 08.30.2017
Quality Control Review of the Controls over DOT’s Enterprise Services Center
Closed on 12.06.2017
Sensitive
No. 1 to OST

Sensitive information redacted

Closed on 12.06.2017
Sensitive
No. 2 to OST

Sensitive information redacted

Closed on 09.11.2017
Sensitive
No. 3 to OST

Sensitive information redacted

Closed on 09.11.2017
Sensitive
No. 4 to OST

Sensitive information redacted

Sensitive
No. 5 to OST

Sensitive information redacted

Closed on 09.11.2017
Sensitive
No. 6 to OST

Sensitive information redacted

Sensitive
No. 7 to OST

Sensitive information redacted

Sensitive
No. 8 to OST

Sensitive information redacted

Sensitive
No. 9 to OST

Sensitive information redacted

Closed on 09.12.2017
Sensitive
No. 10 to OST

Sensitive information redacted

Sensitive
No. 11 to OST

   Sensitive information redacted

Sensitive
No. 12 to OST

Sensitive information redacted

Audit Report: SA2017068 issued on 08.09.2017
Report on Single Audit of the State of Vermont, Montpelier, VT
Closed on 09.28.2017
No. 1 to FAA

Ensures that the State complies with activities allowed or unallowed requirements.

Closed on 09.28.2017
No. 2 to FAA

Ensures that the State complies with special tests and provisions requirements.

Closed on 09.28.2017
No. 3 to OST

Ensures that the State complies with procurement and suspension and debarment requirements.

Audit Report: SA2017069 issued on 08.09.2017
Report on Single Audit of the State of North Carolina, Raleigh, NC
Closed on 09.28.2017
No. 1 to FHWA

Ensures that the State complies with special tests and provisions requirements.

Audit Report: SA2017070 issued on 08.09.2017
Report on Single Audit of the State of New Jersey, Trenton, NJ
Closed on 10.30.2017
No. 1 to NHTSA

Ensures that the State complies with subrecipient monitoring requirements.

Audit Report: SA2017071 issued on 08.09.2017
Report on Single Audit of the Yuma County Intergovernmental Public Transportation Authority, Yuma, AZ
No. 1 to FTA

Ensures that the County complies with Allowable Costs/Costs Principles requirements.

$171,265
No. 2 to FTA

Recovers $171,265 from the County, if applicable.

Audit Report: SA2017072 issued on 08.09.2017
Report on Single Audit of the City and County of Honolulu, Honolulu, HI
No. 1 to FTA

Ensures that the City and County complies with special tests and provisions - wage rate requirements.()

Audit Report: SA2017073 issued on 08.09.2017
Report on Single Audit of the State of Tennessee, Nashville, TN
No. 1 to FHWA

Ensures that the State complies with procurement and suspension and debarment requirements.

$466,262
No. 2 to FHWA

Recovers $466,262 from the State, if applicable.

No. 3 to FHWA

Ensures that the State complies with special tests and provisions requirements.

Closed on 09.28.2017
$78,578
No. 4 to FHWA

Recovers $78,578 from the State, if applicable.

Audit Report: SA2017067 issued on 08.09.2017
Report on Single Audit of the San Francisco Bay Area Rapid Transit District, Oakland, CA
Closed on 02.26.2018
No. 1 to FTA

Ensures that the District complies with special tests and provisions - wage-rate requirements.

Audit Report: FI2017066 issued on 08.07.2017
Cybersecurity Planning Weaknesses May Hinder the Efficient Use of Future Resources
No. 1 to OST

Update OCIO-WCF billing procedures to ensure billings are accurately and consistently applied to intra-agency agreements for products and services, within specified scopes of work and periods of performance.

No. 2 to OST

Document OCIO's process for preparing cost estimates that support its cybersecurity budget request and maintaining support documentation justifying the basis of estimates.

No. 3 to OST

Implement the DOT Enterprise Program Management Review Framework and procedures for maintaining support documentation that complies with OMB design and planning requirements to justify its IT investments, including the Virtual Desktop Infrastructure and the Continuous Monitoring Software, and require the use of planning tools such as cost-benefit analyses to monitor the costs, schedule, and performance goals.

No. 4 to OST

Develop and manage a business case consistent with OMB guidance for cybersecurity investments, and ensure that Continuous Diagnostic and Mitigation program is incorporated into that investment for reporting of costs, and other criteria as required by OMB.

No. 5 to OST

Develop and implement a process specifying how OCIO prioritizes its cybersecurity IT investments, and follow through on its plan to develop separate plans that include which cybersecurity projects it plans to focus on to address near-term threats, important tactical cybersecurity goals, and remediation challenges.

Audit Report: ST2017065 issued on 07.25.2017
FMCSA Strengthened Controls for Timely and Quality Reviews of High-Risk Carriers, but Data Challenges Remain to Assess Effectiveness
Closed on 01.03.2018
No. 1 to FMCSA

Develop a plan with milestones to evaluate how FMCSA establishes baseline parameters for its quality assurance tools.

No. 2 to FMCSA

Update information systems to capture the explicit identification of compliance reviews as either comprehensive or focused, and the Behavior Analysis and Safety Improvement Categories assigned and reviewed.

Audit Report: ST2017064 issued on 07.19.2017
PHMSA Is Establishing Controls for Technical Assistance Grants but Needs To Improve Its Award and Oversight Processes
Closed on 03.29.2018
No. 1 to PHMSA

Finalize the Agency's grants management manual and include controls to document that all grant management steps have been accomplished before a grant is awarded or closed, as well as steps to address alleged prohibited uses of Technical Assistance Grant funds.

Closed on 09.11.2017
No. 2 to PHMSA

Finalize the Technical Assistance Grant program's Business Process Documentation.

Closed on 08.31.2017
No. 3 to PHMSA

Revise the grant agreement template for Technical Assistance Grants to include the statutory language prohibition against using program funds for direct advocacy.

Audit Report: AV2017063 issued on 06.26.2017
FAA Has Taken Steps To Identify Flight Deck Vulnerabilities but Needs To Enhance Its Mitigation Efforts
No. 1 to FAA

Develop and implement a process for field level inspectors to coordinate with TSA on programs with closely related safety and security responsibilities, such as results of air carrier cockpit access program audits.

Sensitive
No. 2 to FAA

Sensitive information redacted

No. 3 to FAA

Publish an FAA Notice to inspectors that communicates the existence of AC 120-110 and RTCA Report DO-329, highlights the blocking methods orchestrated by the Special Committee, and directs inspectors to communicate this information to the carriers they oversee.

No. 4 to FAA

Require air carriers to conduct a Safety Risk Assessment (under FAA’s Safety Management System) of their current secondary barrier methods using all information from the 2011 RTCA report on secondary barriers, either as a stand-alone Notice or incorporated into another Notice recommended above.

Closed on 06.06.2018
No. 5 to FAA

Meet with air carriers and TSA to discuss best practices that may be used to enhance cockpit security and reduce crew complacency.

Closed on 08.03.2018
No. 6 to FAA

Conduct outreach to industry and DHS to assess flight attendant concerns on additional training needed to better prepare for emergency situations, such as a crewmember lockout from the cockpit.

Audit Report: SA2017052 issued on 06.06.2017
Report on Single Audit of the City of Tracy, Tracy, CA
No. 1 to FTA

Ensures that the City complies with Allowable Costs/Cost Principles Requirements. ()

$147,515
No. 2 to FTA

Recovers $147,515 from the City, if applicable.

No. 3 to FTA

Ensures that the City complies with Reporting Requirements.

Closed on 09.28.2017
No. 4 to FAA

Ensures that the City complies with Reporting Requirements.

Audit Report: SA2017056 issued on 06.06.2017
Report on Single Audit of Sioux City, Sioux City, IA
No. 1 to FAA

Ensures that the City complies with Cash Management Requirements.

$36,579
No. 2 to FAA

Recovers $36,579 from the City, if applicable.

Audit Report: SA2017061 issued on 06.06.2017
Report on Single Audit of the New Mexico Department of Transportation, Santa Fe, NM
Closed on 10.30.2017
No. 1 to FHWA

Ensures that the Department complies with Subrecipient Monitoring Requirements.

No. 2 to FTA

Ensures that the Department complies with Subrecipient Monitoring Requirements.

Audit Report: SA2017057 issued on 06.06.2017
Report on Single Audit of the State of Hawaii Department of Transportation, Highways Division, Honolulu, HI
Closed on 03.27.2018
No. 1 to FHWA

Ensures that the State DOT Highways Division complies with Special Tests and Provisions-Wage Requirements.

Closed on 09.28.2017
No. 2 to FHWA

Ensures that the State DOT Highways Division complies with Subrecipient Monitoring Requirements.

Audit Report: SA2017062 issued on 06.06.2017
Report on Single Audit of the South Carolina Department of Transportation, Columbia, SC
Closed on 02.26.2018
No. 1 to FHWA

Ensures that the DOT complies with Internal Control Requirements.

Audit Report: SA2017058 issued on 06.06.2017
Report on Single Audit of the San Francisco Municipal Transportation Agency, San Francisco, CA
No. 1 to FTA

Ensures that the Agency complies with Allowable Costs/Cost Principles Requirements.

$9,189
No. 2 to FTA

Recovers $9,189 from the Agency, if applicable.

Closed on 01.31.2018
No. 3 to FHWA

Ensures that the Agency complies with Allowable Costs/Cost Principles Requirements.

Closed on 01.31.2018
$26,665
No. 4 to FHWA

Recovers $26,665 from the Agency, if applicable.

Audit Report: SA2017053 issued on 06.06.2017
Report on Single Audit of the Washington Metropolitan Area Transit Authority, Washington, DC
No. 1 to FTA

Ensures that the Authority complies with Special Tests and Provisions Requirements.

$29,116
No. 2 to FTA

Determine their portion of the $ 29,116 in Questioned Costs and recovers from the Authority, if applicable.

Closed on 01.31.2018
No. 3 to FTA

Ensures that the Authority complies with Equipment and Real Property Management Requirements.

Audit Report: SA2017054 issued on 06.06.2017
Report on Single Audit of the Midcoast Regional Redevelopment Authority, Brunswick, ME
Closed on 07.27.2017
No. 1 to FAA

Ensures that the Authority complies with Reporting Requirements.( )

Closed on 07.27.2017
No. 2 to FAA

Ensures that the Authority complies with Cash Management Requirements.

Audit Report: SA2017059 issued on 06.06.2017
Report on Single Audit of the City of Albany, Albany, OR
No. 1 to FTA

Ensures that the City complies with Allowable Costs/Cost Principles Requirements.

$41,494
No. 2 to FTA

Recovers $41,494 from the City, if applicable.

Audit Report: SA2017055 issued on 06.06.2017
Report on Single Audit of the Southeastern Pennsylvania Transportation Authority, Philadelphia, PA
Closed on 01.31.2018
No. 1 to FTA

Ensures that the Authority complies with Procurement and Suspension and Debarment Requirements.

Audit Report: SA2017060 issued on 06.06.2017
Report on Single Audit of the Fairbanks North Star Borough, Fairbanks, AK
No. 1 to FTA

Ensures that the Borough complies with Allowable Costs/Costs Principles Requirements.

$191,777
No. 2 to FTA

Recovers $191,777 from the Borough, if applicable.

Audit Report: FI2017051 issued on 05.31.2017
FAA’s Security Controls Are Insufficient for Its En Route Automation Modernization Program
Sensitive
No. 1 to FAA

Sensitive information redacted

Closed on 12.29.2017
Sensitive
No. 2 to FAA

Sensitive information redacted

Closed on 08.30.2017
Sensitive
No. 3 to FAA

Sensitive information redacted

Sensitive
No. 4 to FAA

Sensitive information redacted

Sensitive
No. 5 to FAA

Sensitive information redacted

Closed on 12.29.2017
Sensitive
No. 6 to FAA

Sensitive information redacted

Closed on 03.29.2018
Sensitive
No. 7 to FAA

Sensitive information redacted

Closed on 12.29.2017
Sensitive
No. 8 to FAA

Sensitive information redacted

Audit Report: AV2017050 issued on 05.31.2017
FAA Has Not Ensured All Check Pilots Meet Training and Observation Requirements
No. 1 to FAA

Modify periodic training provided to FAA inspectors to include information on the importance of verifying check pilot qualifications prior to approval.

No. 2 to FAA

Clarify inspector guidance on performing and documenting APD training and observations to ensure authorization requirements are fulfilled.

No. 3 to FAA

Modify internal audit policies to ensure FAA audits provide accurate and thorough assessments of APD oversight at each office.

No. 4 to FAA

Develop and implement guidance requiring inspectors, or their designees, to verify that check pilots have met training requirements prior to performing recurrent observations.

No. 5 to FAA

Modify requirements within the risk-based oversight tool (SAS) for inspectors to ensure a sufficient number of check pilot records are evaluated to assess the accuracy of air carrier training.

No. 6 to FAA

Clarify surveillance requirements and the inspectors' role overseeing check pilots under AQP.

No. 7 to FAA

Develop and implement a training program on how to approve and oversee check pilots under AQPs for inspectors assigned to carriers using those programs.

Audit Report: AV2017049 issued on 05.30.2017
Enhancements Are Needed to FAA’s Oversight of the Suspected Unapproved Parts Program
Closed on 01.19.2018
No. 1 to FAA

Develop guidance and provide training to Hotline employees on how to accurately record specific data about Suspected Unapproved Parts (SUP) in FAA's database.

No. 2 to FAA

Develop a management control to ensure that all SUPs reports received by local inspection offices are submitted to the Hotline for processing.

Closed on 01.19.2018
No. 3 to FAA

Develop a management control to ensure FAA Hotline employees conduct trend analyses in accordance with the Hotline's guidance.

No. 4 to FAA

Develop a management control to ensure inspectors adhere to guidance when conducting SUPs investigations.

Closed on 07.19.2017
No. 5 to FAA

Revise FAA's risk-based oversight system to incorporate a risk indicator for manufacturers where unapproved parts have been found.

Closed on 06.06.2017
No. 6 to FAA

Require FAA Headquarters officials to forward all confirmed SUPs cases to Federal law enforcement agencies, whether or not criminal activity is suspected, in accordance with the letter agreement.

Closed on 07.26.2018
No. 7 to FAA

Coordinate with DOT's Office of Inspector General to determine the need for its investigators to receive all improper maintenance cases, including those initially reported as SUPs as well as those reported directly to FAA.

Closed on 08.10.2017
No. 8 to FAA

Require FAA Headquarters officials to provide quarterly SUPs investigation reports to Federal law enforcement agencies, in accordance with the letter of agreement.

Closed on 04.17.2018
No. 9 to FAA

Develop a management control to ensure inspectors issue UPNs consistently when notifying the aviation industry about unapproved parts.

No. 10 to FAA

Develop a management control to ensure inspectors follow existing guidance requiring operators to remove unapproved parts from use and their inventories.

Closed on 02.14.2018
No. 11 to FAA

Include a "best practice" in the SUPs Advisory Circular to encourage industry to register to receive automated notifications about unapproved parts.

Audit Report: FI2017048 issued on 05.10.2017
DOT’s Fiscal Year 2016 Improper Payment Reporting Does Not Comply With IPERA Requirements
Closed on 06.29.2017
No. 1 to OST

Implement procedures to ensure selected Federal Aviation Administration employees receive additional guidance on procure-to-pay procedures needed to support Facilities and Equipment - Disaster Relief Appropriation Act program payments as proper.

Closed on 07.10.2017
No. 2 to OST

Implement procedures to ensure the Federal Railroad Administration provides training to select grant recipients regarding the root causes of administrative errors and the identification and retention of required documentation to support a payment as proper in the High-Speed Intercity Passenger Rail program.

Closed on 06.15.2017
No. 3 to OST

Implement procedures to ensure the Federal Transit Administration distributes guidance to grant recipients on the proper procedure for submitting payments that adhere to the grant agreement terms in the Formula Grants and Passenger Rail Investment and Improvement Act program.

Audit Report: ST2017047 issued on 05.09.2017
Review of Major Western Capital Projects Points to Overall Improvements Needed in FTA’s Financial Guidance and Oversight
Closed on 11.07.2017
No. 1 to FTA

Establish and implement controls to ensure the FMOCs meet contractual requirements to include in all Financial Capacity Assessment reports:a. Complete project ratings that are in accordance with all elements of FTA's rating criteria; andb. Sensitivity testing performed.

Closed on 11.01.2017
No. 2 to FTA

Require that FMOCs include in their Financial Capacity Assessment reports the rationales for all testing decisions and parameters selected for testing.

Closed on 10.12.2017
No. 3 to FTA

Establish and implement controls to ensure FTA regional staff follow the existing Federal Financial Report review procedures which require reviewing the reports and documenting the reviews.

Closed on 04.20.2018
$37,000,000
No. 4 to FTA

Complete a financial analysis of all SFMTA's Federal expenditures incurred on the Central Subway project, including its indirect expenses, as reported in the Federal Financial Reports to quantify the amount of Federal funds to be reimbursed to FTA. Implementation of this recommendation could put at least $37 million in Federal funds to better use.

Closed on 02.13.2018
No. 5 to FTA

Revise FTA's policy guidance to include requirements identifying which project's third party agreements are critical versus those that are not, and which agreements are required to be completed and in place prior to FFGA approvals, to mitigate risks to project cost and schedule due to uncompleted third party agreements.

Audit Report: ZA2017046 issued on 05.08.2017
Opportunities Exist for FAA To Strengthen Its Award and Oversight of eFAST Procurements
$314,000,000
No. 1 to FAA

Develop and implement a process to require contracting officers to re-verify and document a firm's small/disadvantaged eligibility prior to awarding each individual procurement awarded under an eFAST master ordering agreement. Implementation of this recommendation could put $314 million in funds to better use by awarding those dollars to firms whose small/disadvantaged eligibility status was verified at the time of individual procurement award.

Closed on 12.13.2017
No. 2 to FAA

Develop and implement a process to periodically verify that justifications required by AMS section T3.2.4.A.6(c) are documented for each time and material type procurement awarded under an eFAST master ordering agreement, and that the justification addresses each of the four elements required (including explanations for why any of the individual elements were not addressed).

Closed on 12.13.2017
No. 3 to FAA

Strengthen guidance on utilizing performance-based contracting methods in service contracting, and train contracting and program staff how to use these methods in procurements awarded under an eFAST master ordering agreement.

Closed on 10.25.2017
No. 4 to FAA

Develop and implement a process to periodically verify that eFAST contracting officers are tracking contracting officer representatives' certifications and documenting them in the procurement files.

Closed on 10.25.2017
No. 5 to FAA

Develop and implement a process to promote regular communication between eFAST contracting officers and contracting officer representatives during the period of performance for procurements awarded under an eFAST master ordering agreement.

Closed on 12.13.2017
No. 6 to FAA

Develop and implement a process to promote contracting officer representatives to document and follow oversight plans for procurements awarded under an eFAST master ordering agreement, tailoring each plan to the procurement's unique risks and circumstances.

Closed on 12.13.2017
No. 7 to FAA

Develop and implement a process requiring contracting officer representatives to determine and document how they will validate that statement of work acceptance criteria have been met for each procurement awarded under an eFAST master ordering agreement.

Closed on 12.13.2017
No. 8 to FAA

Develop and implement a process requiring contracting officer representatives to maintain documented evidence of oversight for each procurement awarded under an eFAST master ordering agreement in either the official procurement files on FAA's eFAST Knowledge Services Network workspace, or in a format that is also accessible at any time to the eFAST office

Audit Report: ST2017045 issued on 05.03.2017
FRA Has Taken Steps To Improve Safety Data Reporting, but Lacks Standard Procedures and Training for Compliance Audits
Closed on 12.07.2017
No. 1 to FRA

Update reporting guidance so users can more efficiently and accurately identify reporting requirements for different accident and incident types and better understand the definitions of terms used on reporting forms.

Closed on 12.07.2017
No. 2 to FRA

Implement routine or Web-accessible training or other outreach to improve how information is provided to railroad reporting officers and enhance their understanding of key reporting requirements and common reporting errors.

Closed on 12.11.2017
No. 3 to FRA

Develop and implement a standard method for identifying and listing railroads in each FRA Region subject to 49 CFR Part 225 requirements.

Closed on 01.02.2018
No. 4 to FRA

Develop and implement procedures for tracking 49 CFR Part 225 audits of non-Class I railroads and identifying entities exempt from 49 CFR Part 225 reporting requirements.

Closed on 01.02.2018
No. 5 to FRA

Establish a risk-based prioritization for auditing non-Class I railroads every 5 years. Part of the prioritization process should include determining whether any higher-risk non-Class I railroads should be audited more frequently.

Closed on 05.02.2018
No. 6 to FRA

Formalize the 49 CFR Part 225 audit process with written guidance that identifies basic procedures, standards of evidence, and common sources of information, along with a process to update these standards and reevaluate audit priorities or scope when necessary.

Closed on 05.02.2018
No. 7 to FRA

Develop and initiate regular training to FRA staff responsible for 49 CFR Part 225 audits and establish a procedure to update the training when necessary.

Audit Report: SA2017042 issued on 04.24.2017
Report on Single Audit of the Metropolitan Transportation Commission, San Francisco, CA
No. 1 to OST

Ensure the Commission complies with Reporting Requirements.

Audit Report: SA2017043 issued on 04.24.2017
Report on Single Audit of the City of Miles City, MT
Closed on 09.28.2017
No. 1 to FAA

Ensure the City complies with Cash Management Requirements.

Audit Report: SA2017044 issued on 04.24.2017
Report on Single Audit of the Hopi Tribe, Kykotsmovi, AZ
No. 1 to FHWA

Ensure the Tribe complies with Procurement, Suspension and Debarment Requirements.

$25,646
No. 2 to FHWA

Recover $25,646 from the Tribe, if applicable.

Audit Report: SA2017041 issued on 04.24.2017
Report on Single Audit of the National Railroad Passenger Corporation and Subsidiaries (Amtrak), Washington, D.C.
Closed on 07.27.2017
No. 1 to FRA

Ensure that Amtrak complies with Equipment and Real Property Management Requirements.

Audit Report: SA2017035 issued on 03.28.2017
Report on Single Audit of the Metropolitan Transportation Authority, New York, NY
Closed on 01.31.2018
No. 1 to FTA

Ensure the Authority complies with the Procurement, Suspension and Debarment Requirements.

Closed on 01.31.2018
$129,378
No. 2 to FTA

Recover $129,378 from the Authority, if applicable.

Audit Report: SA2017036 issued on 03.28.2017
Report on Single Audit the Commonwealth Ports Authority, Saipan, MP
Closed on 07.24.2017
No. 1 to FAA

Ensure that the Authority complies with the Equipment and Real Property Requirements.

Audit Report: SA2017037 issued on 03.28.2017
Report on Single Audit of the Association of Village Council Presidents, Bethel, AK Self-Initiated
Closed on 07.27.2017
No. 1 to FHWA

Ensure that the Association complies with the Allowable Costs/Cost Principles Requirements.

Closed on 07.27.2017
No. 2 to FHWA

Ensure that the Association complies with the Reporting Requirements.

Audit Report: SA2017038 issued on 03.28.2017
Report on Single Audit the Government of the U.S. Virgin Islands, Charlotte Amalie, VI
No. 1 to FHWA

Ensure that the Government complies with the Equipment and Real Property Management Requirements.

No. 2 to FHWA

Ensure that the Government complies with the Special Tests and Provisions - Wage Rate Requirements.

Audit Report: SA2017033 issued on 03.28.2017
Report on Single Audit of the National Academy of Sciences, Washington, DC
Closed on 07.24.2017
No. 1 to FAA

Ensure the Academy complies with the Subrecipients Monitoring Requirements.

Closed on 07.27.2017
No. 2 to FHWA

Ensure the Academy complies with the Subrecipients Monitoring Requirements.

Closed on 07.31.2017
No. 3 to FRA

Ensure the Academy complies with the Subrecipients Monitoring Requirements.

Audit Report: SA2017039 issued on 03.28.2017
Report on Single Audit of Calhoun County, Pittsboro, MS
Closed on 07.27.2017
No. 1 to FAA

Ensure that the County complies with the Cash Management Requirements.

Closed on 07.27.2017
No. 2 to FAA

Ensure that the County complies with the Davis-Bacon Act Requirements.

Closed on 07.27.2017
$293,899
No. 3 to FAA

Recover $293,899 from the County, if applicable.

Closed on 07.27.2017
No. 4 to FAA

Ensure that the County complies with the Procurement and Suspension and Debarment Requirements.

Audit Report: SA2017034 issued on 03.28.2017
Report on Single Audit of the City of Langdon, Langdon, ND
Closed on 07.27.2017
No. 1 to FAA

Ensure the City complies with the Allowable Costs/Cost Principles Requirements.

Closed on 07.27.2017
$26,820
No. 2 to FAA

Recover $26,820 from the City, if applicable.

Audit Report: ST2017029 issued on 03.06.2017
Vulnerabilities Exist in Implementing Initiatives Under MAP-21 Subtitle C To Accelerate Project Delivery
Closed on 07.06.2017
No. 1 to FHWA

Require Division Offices to have documentation substantiating how each innovative technology and practice meets eligibility requirements for the projects under Section 1304 at the time of approval.

No. 2 to FHWA

Develop and implement an oversight mechanism to periodically evaluate the effectiveness of State environmental review performances that assume DOT's environmental review responsibilities under Section 1313.

Closed on 03.20.2017
No. 3 to FHWA

Finalize a plan for collecting and tracking data on CEs to meet mandatory reporting requirements for Section 1323.

No. 4 to FHWA

Establish target completion dates for the remaining planned actions for MAP-21 Subtitle C provisions that are in progress.

Closed on 08.25.2017
No. 5 to FHWA

Update the policy and FHWA Website to clearly reflect and convey the most current requirements for the use of Project and Program Action Information System (PAPAI).

Audit Report: AV2017028 issued on 02.15.2017
While FAA Took Steps Intended To Improve Its Controller Hiring Process, the Agency Did Not Effectively Implement Its New Policies
Closed on 08.21.2017
No. 1 to FAA

Develop a system to individually track applicants through the hiring process, which will maintain the integrity of the data supplied by the medical and security clearance processes.

Closed on 02.23.2017
No. 2 to FAA

Establish a process to address applicants that receive a tentative offer letter but fail to initiate the medical and/or security clearance processes.

Audit Report: QC2017026 issued on 02.07.2017
Quality Control Review of the Management Letter for the Audit of Fiscal Years 2016 and 2015 Financial Statements of the Federal Aviation Administration (FAA)
Closed on 06.14.2018
No. 1 to FAA

KPMG recommends that FAA Management revise procedures to ensure manual journal vouchers are reviewed timely and within the timeframes established by the policies.

Closed on 06.14.2018
No. 2 to FAA

KPMG recommends that FAA perform an analysis to determine the materiality of the expense transactions currently not included in the accounts payable accrual. If the amount is determined to be immaterial, management should develop and implement guidance to document its assessment and recognition decisions, in accordance with SFFAC No. 5, as it relates to liabilities for non-grant expense transactions and specifically decisions to not accrue for certain transactions. If the amount is determined to be material, management should revise its accounts payable policies to include all material payables in the accrual at year-end.

No. 3 to FAA

KPMG recommends that FAA refine its policies and procedures to ensure purchase orders and invoices are reviewed at the appropriate level of precision to ensure that amounts are properly expensed or capitalized.

Closed on 07.27.2017
No. 4 to FAA

KPMG recommends that FAA management properly document and implement procedures to update policies and procedures over physical access to the data center to be in compliance witht he DOT Cybersecurity Compendium.

Closed on 07.27.2017
No. 5 to FAA

KPMG recommends that FAA management properly document and implement procedures to maintain accurate and detailed user listing of individuals granted access to the data center.

Closed on 07.27.2017
No. 6 to FAA

KPMG recommends that FAA management properly document and implement procedures to perform periodic reviews of access rights for existing data center users.

Audit Report: ST2017024 issued on 02.07.2017
FHWA’s Oversight Does Not Ensure Division Offices Fully Comply With Project Agreement and Modification Requirements
Closed on 11.13.2017
No. 1 to FHWA

Develop controls to prevent the same FHWA official from signing lines 2 and 3 on project agreements and modifications and develop a plan, procedures, and time frame for FHWA from its headquarters office to monitor Division Offices' authorization processes and verify that they comply with FHWA authorization policy.

No. 2 to FHWA

Revise existing controls to require more than one State DOT official signature on project agreement and modification requests consistent with Federal Internal Control Standards.

$1,100,000,000
No. 3 to FHWA

Develop and implement internal controls to prevent FHWA authorization of construction projects after State DOT advertisement for bid or contract award to ensure compliance with Federal regulations. Implementation of internal controls could have put an estimated $1.1 billion in Federal funds to better use.

Closed on 04.23.2018
No. 4 to FHWA

Add mandatory data fields for project end dates, CFDA numbers, and indirect costs to FMIS as quickly as possible to ensure compliance with Uniform Guidance.

Audit Report: QC2017025 issued on 02.07.2017
Quality Control Review of the Management Letter for the Audit of Fiscal Years 2016 and 2015 Financial Statements of the Department of Transportation (DOT)
Closed on 06.08.2018
No. 1 to FTA

KPMG recommends that FTA revise its policies and procedures for monitoring obligations in order to more timely identify and de-obligate stale obligations by periodically monitoring grants that become inactive during the current fiscal year.

Closed on 06.08.2018
No. 2 to OST

KPMG recommends that DOT develop and implement guidance to formally document its assessments and recognition decisions, in accordance with Statements of Federal Financial Accounting Concepts (SFFAC) No. 5 Definitions of Element and Basic Recognition Criteria for Accrual-Basis Financial Statements , as it relates to liabilities of exchange transactions, specifically those decisions to depart from GAAP based on materiality.

Closed on 06.08.2018
No. 3 to FTA

KPMG recommends that FTA and ESC management revise procedures to ensure manual JVs are reviewed, by the designated FTA approver, within the timeframe established by existing policies.

Closed on 06.08.2018
No. 4 to FHWA

KPMG recommends that FHWA management develop and implement procedures and processes that require periodic reviews of the audit logs generated by the application. In accordance with the DOT Cybersecurity Compendium requirements, the procedures should include the items being reviewed and the frequency within which the reviews should occur.

Closed on 06.08.2018
No. 5 to FHWA

KPMG recommends that FHWA management update the System Security Plan to reflect the new requirements for audit log reporting and reviews.

Closed on 06.08.2018
No. 6 to FHWA

KPMG recommends that FHWA management configure the system to send automated activity alerts that would notify the appropriate individuals and allow them to track suspicious activities within the system. Identify alerts that need to be generated by the system application, and develop mechanisms to generate automated alerts to notify the appropriate individuals to perform actions if an alert is generated.

No. 7 to FHWA

KPMG recommendes that FHWA strengthen policies and procedures to ensure that terminated users' access is removed timely, in accordance with the DOT Cybersecurity Compendium guidelines.

Closed on 06.08.2018
No. 8 to FHWA

KPMG recommends that FHWA update policies and procedures to restrict programmer's access from production libraries and datasets to ensure appropriate segregation of duties

Closed on 06.08.2018
No. 9 to OST

KPMG recommends that OST management develop and implement privileged service account review procedures to ensure that privileged service accounts are reviewed, at least semi-annually, for continued appropriateness, based on the principle of least privileged.

Closed on 06.08.2018
No. 10 to OST

KPMG recommends that the ITSS enhance data center review policy and procedures to ensure all access is reviewed for appropriateness timely, in accordance with DOT Cybersecurity Compendium guidelines.

Audit Report: ZA2017021 issued on 01.17.2017
New Disadvantaged Business Enterprise Participation Is Decreasing at the Nation’s Largest Airports, and Certification Barriers Exist
Closed on 06.07.2017
No. 1 to OST

Update the current list of active certifying authorities for each State Unified Certification Program and implement procedures for regularly maintaining and publishing the list.

Closed on 05.23.2018
No. 2 to OST

Issue guidance to certifying authorities on steps to take to ensure compliance with the regulatory requirements for the timely processing of all applications for certification.

No. 3 to OST

Require FAA, FHWA, and FTA to develop and implement a joint plan and schedule for reviewing certifying authorities within the 52 UCPs. Include within the joint plan an assessment of whether required timeframes for processing certification applications are being met and whether mandatory certification training is being completed.

Closed on 05.23.2018
No. 4 to OST

Establish procedures to periodically review, update, and publish the mandatory certification training program required by the FAA Modernization Reform Act of 2012.

No. 5 to OST

Issue guidance to certifying authorities on the steps they must take to ensure persons performing certification functions or involved in the certification process are properly trained prior to being allowed to approve applications.

No. 6 to OST

Institute procedures for maintaining a current list of certification staff who need and have completed the mandatory training.

No. 7 to OST

Develop and implement an advanced training program on topics requested by certifying authorities, identified in compliance reviews, determined by DOCR, or identified in this report (i.e., the examination of business structures/affiliations, reviews of personal net worth, verification of ownership and control, detailed site-visit reports, and fraud awareness).

No. 8 to OST

Develop and implement a train the trainer program for the three Operating Administrations to deliver consistent guidance and training to their recipients on all aspects of the DBE program.

No. 9 to OST

Publicize best practices such as those identified in this report relating to certification practices.

Closed on 02.20.2018
No. 10 to FAA

Implement a process to periodically monitor, analyze, and report to DOCR on significant or noteworthy changes in DBE participation at the large and medium hub airports. As part of this process, include a requirement that FAA's reports to DOCR identify the reasons noted by recipients for drops in participation and recommend actions to address them, as appropriate.

Closed on 11.06.2017
No. 11 to FAA

Require certification reviews to assess whether the certifying authority is (a) meeting required timeframes for processing instate and interstate applications and (b) ensuring staff have completed mandatory certification training.

Audit Report: AV2017020 issued on 01.11.2017
Although FAA Has Taken Steps To Improve Its Operational Contingency Plans, Significant Work Remains To Mitigate the Effects of Major System Disruptions
No. 1 to FAA

Develop and implement a policy requiring annual contingency plan training for en route and terminal controllers that includes procedures for managing airspace divestment and the loss of communications and/or surveillance capabilities.

Closed on 06.28.2018
No. 2 to FAA

Develop and implement an internal control to test and certify the function of emergency equipment, including "power-fail" phones, flashlights, and other communication equipment at all air traffic facilities semiannually to ensure the equipment operates as intended.

Closed on 11.15.2017
No. 3 to FAA

Convene NextGen program officials to evaluate, expedite, and complete a report on how planned NextGen capabilities can enhance the resiliency and continuity of NAS operations and mitigate the impact of future air traffic control disruptions.

No. 4 to FAA

Establish a process and requirement to validate airspace divestment plans annually to ensure the plans can be executed and technical requirements are up-to-date based on current technology.

No. 5 to FAA

Develop airspace divestment plans for oceanic airspace, and develop and implement the technical requirements needed to support all new plans.

No. 6 to FAA

Update the Automated Contingency Tool (ACT2) or develop and implement a new automated tool that complies with FAA Order 1900.47 to collect, manage, and disseminate operational contingency plans and lessons learned documentation to all air traffic facilities.

No. 7 to FAA

Establish a process for developing baseline contingency metrics, analyzing contingency trends and root causes, and annually disseminating the results to Air Traffic Organization personnel.

No. 8 to FAA

Develop a procedure to include aviation industry stakeholders in post-contingency events at the FAA Command Center to discuss lessons learned and explore possible solutions to mitigate the impact of future air traffic disruptions.

Audit Report: ST2017019 issued on 01.05.2017
FHWA Needs To Strengthen Its Oversight of State Transportation Improvement Programs
No. 1 to FHWA

Establish minimum documentation requirements for FPFs and STIPs in guidance to Division Offices.

No. 2 to FHWA

Develop and implement an oversight process to monitor and provide feedback to Division Offices on their review and approval of STIPs, and ensure Division Offices comply with Federal regulations, especially in regard to verifying fiscal constraint and the States' cost estimation processes.

No. 3 to FHWA

Establish a centralized relational database to collect FPF information from the Division Offices and track recommendations and related corrective actions.

No. 4 to FHWA

Complete the update of the MOAs on coordination with FTA.

No. 5 to FHWA

Identify best practices of FHWA Division and FTA Regional Offices on coordination for development of Title VI plans, and distribute the best practices agency-wide.

Audit Report: AV2017018 issued on 12.01.2016
FAA Lacks a Risk-Based Oversight Process for Civil Unmanned Aircraft Systems
Closed on 03.30.2017
No. 1 to FAA

Establish specific milestones to update and maintain UAS guidance to keep pace with technological developments and incorporate inspector feedback.

Closed on 03.28.2017
No. 2 to FAA

Develop comprehensive and updated training for safety inspectors on UAS technologies and Agency rules and guidance related to UAS oversight.

No. 3 to FAA

Initiate a periodic process to perform inspections of commercial UAS operators based on operational factors (e.g., location, number of operations, and type of activity) to verify knowledge of and compliance with FAA requirements and to inform the development of a risk-based oversight plan.

No. 4 to FAA

Design and implement a risk-based and prioritized oversight plan for UAS to help ensure safe operations of UAS.

No. 5 to FAA

Develop and implement a process to coordinate existing disparate UAS databases within FAA to facilitate data mining and safety analysis.

No. 6 to FAA

Implement a process to share UAS data with field oversight offices to assist inspectors in risk-based and proactive oversight of civil UAS operations.

Audit Report: QC2017017 issued on 11.30.2016
Quality Control Review of the Management Letter for the Audit of Fiscal Years 2016 and 2015 for the National Transportation Safety Board
Closed on 03.29.2017
No. 1 to NTSB

Implement an internal control procedure requiring an independent review to be performed over the OPM imputed cost calculation to ensure the calculation is accurate and the appropriate basic pay amounts are used.

Audit Report: AV2017015 issued on 11.16.2016
FAA Achieved Most of the Anticipated Cost Savings From Contracting Out Flight Service Stations, but Needs To Determine the Future Direction of the Program
No. 1 to FAA

Communicate to airspace users the potential changes coming to the flight service program, including how future services may be delivered, estimated timeframes for the changes, and steps users can take to prepare for the changes.

Closed on 03.27.2017
No. 2 to FAA

Develop a list of FAA orders and oversight processes that will require modification due to the planned flight service program changes.

No. 3 to FAA

Develop an oversight framework that is commensurate with program changes before awarding the next flight services contract and implement the framework shortly after the program changes are put into effect.

Audit Report: QC2017013 issued on 11.15.2016
Quality Control Review of the Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2016 and 2015
Closed on 06.08.2018
No. 1 to FTA

KPMG recommends that the Chief Information Officers of DOT and FTA develop policies, procedures and controls to address the provisioning of IT access, vulnerability management, system audit log review and change management control deficiencies identified in the FTA financial IT systems.

Closed on 06.08.2018
No. 2 to FTA

KPMG recommends that the Chief Information Officers of DOT and FTA monitor progress to ensure that procedures and controls are appropriately designed, implemented, and maintained.

Closed on 06.08.2018
No. 3 to FTA

KPMG recommends that the Chief Information Officers of DOT and FTA establish procedures and controls, at the appropriate level of precision, for unusual or infrequent events (e.g. system implementations) by establishing an IT steering committee that is composed of management from all relevant stakeholder functional areas, including the IT office, program office, and financial reporting office to ensure that system implementation meets the needs of all users and that policies, procedures, and system controls are appropriately redesigned, as necessary, to respond to the process changes resulting from the system implementation.

Closed on 06.08.2018
No. 4 to FTA

KPMG recommends that the Chief Information Officer of FTA execute a Service Level Agreement with all external service providers that defines the level of service expected from the service provider and appropriately identifies and delineates the roles and responsibilities of the service provider and the end user entity.

Closed on 06.08.2018
No. 5 to FTA

KPMG recommends that the Chief Information Officer of FTA d esign and implement policies and procedures to formally request, obtain, and review the external service provider's SSAE No. 16 report, and evaluate any deficiencies and end user considerations noted in the report.

Closed on 06.08.2018
No. 6 to FTA

KPMG recommends that the Chief Information Officer of FTA document the required procedures for assessing the impact of identified deficiencies, noted in the external service provider's SSAE No. 16 report, which may impact FTA, to ensure appropriate end user controls are in place to mitigate those noted deficiencies.

Closed on 06.08.2018
No. 7 to FTA

KPMG recommends that FTA enhance the grant accrual retrospective review policies, procedures, and controls to ensure that the retrospective review is performed at the appropriate level of precision, using relevant and reliable data inputs (complete and accurate FFR data);

Closed on 06.08.2018
No. 8 to FTA

KPMG recommends that FTA establish procedures and controls over the completeness and accuracy of the data inputs used in the grant accrual calculation.

Closed on 06.08.2018
No. 9 to FTA

KPMG recommends that FTA enhance the methodology and consider creating a user checklist of each of the program elements and appropriation codes that should be selected as inputs.

Closed on 06.08.2018
No. 10 to FTA

KPMG recommends that FTA establish policies and procedures for handling deviations from the standard methodology, including maintaining the evidence to support the deviation.

Closed on 06.08.2018
No. 11 to FTA

KPMG recommends that FTA establish a review control, with the appropriate level of precision, over the grant accrual calculation.

Closed on 06.08.2018
No. 12 to FTA

KPMG recommends that FTA perform an analysis and calculate an independent grant accrual for abnormalities in grantee spending patterns, in particular when a grantee is placed on suspension or restricted drawdowns as the billing cycle days for such grantees are not indicative of the true accrual period for that expenditure category.

No. 13 to FHWA

KPMG recommends that FHWA establish a review control, with the appropriate level of precision, over the cash flow projections to ensure that the inputs to the Subsidy Calculator are relevant and reliable.

No. 14 to FHWA

KPMG recommends that FHWA review the overall cash flow model functionality and implementation to ensure that all assumptions are properly applied, documented, and supported in the execution of the cash flow projections.

No. 15 to FHWA

KPMG recommends that FHWA consider automating the calculations that are performed manually to reduce the risk of misapplication of assumptions due to human error.

Closed on 03.02.2017
No. 16 to FRA

KPMG recommends that DOT follow established policies and procedures designed to prevent Anti-Deficiency Act violation.

Closed on 03.02.2017
No. 17 to FRA

KPMG recommend that DOT increase training and communications with personnel responsible for performing the established policies and procedures.

Closed on 06.08.2018
No. 18 to FTA

KPMG recommended that DOT improve its general information technology controls at FTA, as noted above (under Section A - Lack of Sufficient General Information Technology Controls at FTA), to ensure that DOT's financial management systems comply with the requirements of the FFMIA.

Audit Report: QC2017014 issued on 11.15.2016
Quality Control Review of the Saint Lawrence Seaway Development Corporation’s Audited Financial Statements for Fiscal Years 2016 and 2015
Closed on 06.30.2017
No. 1 to SLSDC

Should consider implementing additional procedures to monitor the activity of the funds held at Seaway International Bridge Corporation, Ltd. (SIBC) on their behalf for future bridge repair and operations, throughout the fiscal year.

Closed on 06.27.2018
No. 2 to SLSDC

The Saint Lawrence Seaway Development Corporation (Corporation) should implement procedures to record the activity of funds held at Seaway International Bridge Corporation, Ltd. (SIBC) within the financial records of the Corporation on a more frequent basis.

Audit Report: QC2017011 issued on 11.14.2016
Quality Control Review of the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2016 and 2015
Closed on 06.12.2018
No. 1 to FAA

Establish procedures and controls, at the appropriate level of precision, for unusual or infrequent events (e.g. system implementations, changes in accounting principles, or implementation of new accounting standards) in order to prevent or detect and correct a misstatement to the financial statements. Specifically for IT system implementations, establish an IT steering committee that is composed of management from all relevant stakeholder functional areas, including the IT office, program office, and financial reporting office to ensure that system implementation meets the needs of all users and that policies, procedures, and system controls are appropriately redesigned, as necessary, to respond to the process changes resulting from the system implementation

Closed on 06.12.2018
No. 2 to FAA

Establish policies, procedures, and controls over the periodic review of inventory unit values and develop the process for extracting the necessary reports and recording the adjustments in LCSS.

Closed on 06.14.2018
No. 3 to FAA

Establish policies, procedures, and controls to ensure that the inventory values assigned by LCSS are appropriate based on the asset condition.

Closed on 06.14.2018
No. 4 to FAA

Establish policies, procedures, and controls to reconcile the inventory items that exist in the warehouse and are recorded in WMS with the inventory items recorded in LCSS.

Closed on 06.14.2018
No. 5 to FAA

Perform an analysis of inventory by accounting groups and condition classifications to ensure that assets are recorded in LCSS with the appropriate condition code and the appropriate value

Closed on 06.14.2018
No. 6 to FAA

Provide training to the repair shop technicians on the new process of applying costs to LCSS shop orders to ensure repair costs are completely and accurately recorded.

No. 7 to FAA

Revise its policies and procedures to ensure that all assets, regardless of whether or not the assets were capitalized into PPE or expensed, that may require future decommissioning and cleanup activities are included in the liability.

Audit Report: QC2017010 issued on 11.10.2016
Quality Control Review for the Surface Transportation Board’s Audited Consolidated Financial Statements for Fiscal Year 2016
Closed on 02.08.2017
No. 1 to STB

STB officials should ensure that unfunded FECA liabilities and FECA actuarial liabilities are calculated and included in year-end financial statements and related footnotes.

No. 2 to STB

STB officials should ensure that significant abnormal general ledger balances are researched and corrected prior to preparation of financial reports.

Audit Report: AV2017009 issued on 11.10.2016
Total Costs, Schedules, and Benefits of FAA’s NextGen Transformational Programs Remain Uncertain
No. 1 to FAA

Develop and implement Agency-wide guidance for a uniform approach to segmentation that provides a common format to aid the management of multiple, complex, and interrelated programs needed to achieve NextGen capabilities for transforming the NAS.

Audit Report: FI2017008 issued on 11.09.2016
DOT Continues to Make Progress, but the Department’s Information Security Posture Is Still Not Effective
No. 1 to OST

Take action to work with all OAs to complete expired authorizations and reinforce or strengthen policy requiring systems be reauthorized prior to their expiration dates.

No. 2 to OST

Take action to work with all OAs to perform a thorough CSAM quality review to ensure system documentation matches what is entered into CSAM. At a minimum, the review should verify that: (1) system authorization dates in CSAM match what is approved by the authorizing official; (2) POAMs are created and reported once a security weakness is found; and (3) authorizing officials are provided accurate documentation on all risks accepted.

No. 3 to OST

Take action to work with FAA, FHWA, FMCSA, FTA, MARAD, NHTSA, and OST to develop risk acceptance memos for the expired systems identified in this report.

No. 4 to OST

The Deputy Secretary, or his designee, take action to work with OST COE, FTA, and FAA, the common control providers, to report and update risk acceptance for shared controls that are not implemented in DOT's Repository (e.g., CSAM) per FISMA, OMB, and DOT requirements.

No. 5 to FAA

Take action to work with FAA and require them to review CSAM POA&M entries, and identify and correct cases where multiple weaknesses were entered as one.

No. 6 to OST

Perform a review of CSAM POA&Ms and assess if the entries are compliant with DOT policy. For deficient data, require OAs to provide a corrective action plan.

No. 7 to OST

The Deputy Secretary, or his designee, take action to identify and document OST COE compensating controls when used to address security weaknesses in CSAM and system authorizations.

No. 8 to OST

The Deputy Secretary, or his designee, take action to report/update OST COE security weaknesses found during vulnerability assessments in DOT's Repository (e.g., CSAM) per FISMA, OMB, and DOT requirements.

Audit Report: FI2017006 issued on 11.07.2016
Improvements Increase DOT’s Compliance With the Reducing Over-Classification Act
No. 1 to OST

Implement protocols or practices to identify DOT employees outside FAA who are missing nondisclosure forms and have each of these employees complete the agreement.

Closed on 04.19.2017
No. 2 to OST

Implement protocols or practices to reinforce guidance on the marking of classified documents and to periodically assess compliance.

No. 3 to OST

Dedicate additional resources to oversee FAA's self-inspection program.

No. 4 to FAA

Implement protocols or practices to identify FAA employees who are missing nondisclosure forms and have each of these employees complete the agreement.

No. 5 to FAA

Implement protocols or practices to reinforce guidance on the marking of classified documents and to periodically assess compliance.

No. 6 to FAA

Identify all employees whose duties significantly involve the creation, handling, or management of classified information, and update any performance plan that is missing a critical element on management of classified information.

No. 7 to FAA

Implement protocols or practices to enhance the quality of self-inspection reports and to periodically assess compliance.

Audit Report: ST2017004 issued on 11.02.2016
Improvements in FTA’s Safety Oversight Policies and Procedures Could Strengthen Program Implementation and Address Persistent Challenges
Closed on 05.11.2018
No. 1 to FTA

Finalize and issue policies and procedures for assuming direct safety oversight authority, including criteria and decision-making processes, and communicate the policies and procedures within the Agency.

Closed on 05.11.2018
No. 2 to FTA

Communicate the policies and procedures for assuming direct safety oversight to the rail transit industry.

Closed on 05.11.2018
No. 3 to FTA

Finalize and issue policies and procedures for relinquishing oversight authority to ensure an efficient transition of responsibilities back to the SSOA and communicate the policies and procedures within the Agency.

Closed on 05.11.2018
No. 4 to FTA

Communicate the policies and procedures for relinquishing direct safety oversight to the rail transit industry.

Closed on 12.22.2017
No. 5 to FTA

Finalize a plan with milestones to create a data-driven, risk-based safety oversight system.

Closed on 03.26.2018
No. 6 to FTA

Update FTA's methodology to meet the triennial SSOA audit requirement for all SSOAs.

Closed on 04.20.2018
No. 7 to FTA

Finalize a plan with milestones for periodically updating the National Safety Plan.

Audit Report: ST2017002 issued on 10.14.2016
Insufficient Guidance, Oversight, and Coordination Hinder PHMSA’s Full Implementation of Mandates and Recommendations
Closed on 09.18.2017
No. 1 to PHMSA

Develop and issue an agency-wide policy for implementing mandates and recommendations. The policy should, at a minimum, establish: a) Specific roles, responsibilities, and authorities of the Chief Counsel, Chief Safety Officer, and the Associate Administrators for Pipeline and Hazardous Materials Safety; b) Requirements for developing a plan to address each mandate and recommendation; c) Requirements for assigning responsibilities to each team member, in particular to team leads, for carrying out this policy; d) Requirements for retaining documentation in accordance with the Department of Transportation records management policy; and e) Management controls including oversight processes for the implementation of mandates and recommendations.

Closed on 03.13.2017
No. 2 to PHMSA

Develop and implement a rulemaking prioritization process that requires assessment of risk.

No. 3 to PHMSA

Develop written agreements with the FAA, FMCSA, and FRA on appropriate coordination for rulemaking and the international standards development process. At a minimum, the agreements should cover roles and responsibilities, communication protocols, and required documentation on decisions.

No. 4 to PHMSA

Provide guidance to OHMS on implementing its written agreements with other Operating Administrations.

No. 5 to PHMSA

Develop and implement an internal policy on the dispute resolution process that includes criteria and timeframes for when to use the process.

Audit Report: FI2017001 issued on 10.13.2016
DOT Cybersecurity Incident Handling Is Ineffective and Incomplete
No. 1 to OST

Enforce DOT's current policy for incident monitoring to ensure the Cyber Security Management Center's access to FAA's NAS systems and departmental cloud systems, or update the policy to reflect the unique reporting structures between DOT and FAA.

No. 2 to OST

Establish policy and controls for the use of maintenance data terminals to reduce the incidence of malware on these terminals

No. 3 to OST

Implement a ranking method for incidents.

No. 4 to OST

Require OAs to provide their network maps to the Cyber Security Management Center.

Audit Report: SA2016105 issued on 09.19.2016
County of Lackawanna Transit System Authority, Scranton, PA
No. 1 to FTA

Ensure the Authority complies with the Reporting Requirements.

No. 2 to FTA

Ensure the Authority complies with the Cash Management Requirements.

No. 3 to FTA

Ensure the Authority complies with the Special Tests and Provisions Requirements.

Audit Report: SA2016115 issued on 09.19.2016
Texoma Area Paratransit System, Inc., Sherman, TX
Closed on 05.25.2017
No. 1 to FTA

Ensure TAPS complies with the Special Tests and Provisions Requirements.

Closed on 05.25.2017
No. 2 to FTA

Ensure TAPS complies with Activities Allowed or Unallowed, Allowable Costs/Cost Principles Requirements.

Closed on 05.25.2017
No. 3 to FTA

Ensure TAPS complies with Cash Management Requirements.

Closed on 05.25.2017
No. 4 to FTA

Ensure TAPS complies with Equipment and Real Property Management Requirements.

Closed on 05.25.2017
No. 5 to FTA

Ensure TAPS complies with Matching, Level of Effort, and Earmarking Requirements.

Closed on 05.25.2017
No. 6 to FTA

Ensure TAPS complies with Procurement and Suspension and Debarment Requirements.

Closed on 05.25.2017
No. 7 to FTA

Ensure TAPS complies with Reporting Requirements.

Audit Report: SA2016107 issued on 09.19.2016
State of Illinois, Springfield, IL
Closed on 07.27.2017
No. 1 to FHWA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

Closed on 07.27.2017
No. 2 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements. (Findings 2015-069 (Wage Rate requirements) & 2015-072 (Construction Materials Sampling and Testing)).

Closed on 07.27.2017
No. 3 to OST

Ensure the State complies with the Special Tests and Provisions Requirements. (Finding 2015-069 (Wage Rate requirements).

Closed on 07.27.2017
No. 4 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements.

Closed on 07.27.2017
No. 5 to FHWA

Ensure the State complies with the Information System Requirements.

Closed on 03.30.2017
No. 6 to FAA

Ensure the State complies with the Information System Requirements.

Closed on 07.27.2017
No. 7 to OST

Ensure the State complies with the Information System Requirements.

Closed on 07.27.2017
No. 8 to FHWA

Ensure the State complies with the Reporting Requirements (Finding 2015-073).

Closed on 02.01.2017
No. 9 to FRA

Ensure the State complies with the Reporting Requirements (Finding 2015-073).

Closed on 07.27.2017
No. 10 to OST

Ensure the State complies with the Reporting Requirements (Finding 2015-073 & 2015-074).

Audit Report: SA2016111 issued on 09.19.2016
Assiniboine and Sioux Tribes of the Fort Peck Indian Reservation, Poplar, MT
No. 1 to FHWA

Ensure the Tribes comply with Davis-Bacon Act Requirements.

Audit Report: SA2016106 issued on 09.19.2016
State of West Virginia, Charleston, WV
Closed on 03.30.2017
No. 1 to FHWA

Ensure the State complies with the Activities Allowed or Unallowed and Allowable Costs/Cost Principles Requirements.

Closed on 03.30.2017
$29,901
No. 2 to FHWA

Recover $29,901 from the State, if applicable.

Audit Report: SA2016112 issued on 09.19.2016
Government of Guam, Hagatna, Guam
Closed on 12.16.2016
No. 1 to FHWA

Ensure the Government of Guam complies with Equipment and Real Property Management Requirements.

Audit Report: SA2016108 issued on 09.19.2016
State of New Mexico, Department of Public Safety, Santa Fe, NM
Closed on 05.25.2017
No. 1 to NHTSA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

Closed on 05.25.2017
$29,500
No. 2 to NHTSA

Determine their portion of the $59,000 in Questioned Costs and recover from the State, if applicable.

Closed on 03.30.2017
No. 3 to FMCSA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

Closed on 03.30.2017
$29,500
No. 4 to FMCSA

Determine their portion of the $59,000 in Questioned Costs and recover from the State, if applicable.

Closed on 05.25.2017
No. 5 to NHTSA

Ensure the State complies with the Reporting Requirements.

Closed on 03.30.2017
No. 6 to FMCSA

Ensure the State complies with the Reporting Requirements.

Audit Report: SA2016113 issued on 09.19.2016
Texoma Area Paratransit System, Inc., Sherman, TX
Closed on 05.25.2017
No. 1 to FTA

Ensure the TAPS complies with the Special Tests and Provisions Requirements.

Closed on 05.25.2017
No. 2 to FTA

Ensure TAPS complies with Activities Allowed or Unallowed, Allowable Costs/Cost Principles Requirements.

Closed on 05.25.2017
No. 3 to FTA

Ensure TAPS complies with Cash Management Requirements.

Closed on 05.25.2017
No. 4 to FTA

Ensure TAPS complies with Equipment and Real Property Management Requirements.

Closed on 05.25.2017
No. 5 to FTA

Ensure TAPS complies with Matching, Level of Effort, and Earmarking Requirements.

Closed on 05.25.2017
No. 6 to FTA

Ensure TAPS complies with Procurement and Suspension and Debarment Requirements.

Closed on 05.25.2017
No. 7 to FTA

Ensure TAPS complies with Reporting Requirements.

Audit Report: SA2016103 issued on 09.19.2016
State of Rhode Island Providence Plantations, Providence, RI
Closed on 11.28.2016
No. 1 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements.

Closed on 09.30.2016
$138,091
No. 2 to FHWA

Recover $138,091 from the State, if applicable.

Audit Report: SA2016104 issued on 09.19.2016
State of Vermont, Montpelier, VT
Closed on 05.25.2017
No. 1 to FAA

Ensure the State complies with Reporting Requirements.

Audit Report: SA2016109 issued on 09.19.2016
State of Colorado, Denver, CO
Closed on 05.25.2017
No. 1 to FHWA

Ensure the State complies with the Reporting Requirements.

Closed on 03.30.2017
No. 2 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements.

Audit Report: SA2016114 issued on 09.19.2016
Virgin Islands Port Authority, St. Thomas, VI
Closed on 11.28.2016
No. 1 to FAA

Ensure the Port Authority complies with Special Tests and Provisions (Wage Rate) Requirements. Requirements.

Audit Report: SA2016110 issued on 09.19.2016
State of Michigan, Lansing, MI
Closed on 03.30.2017
No. 1 to FHWA

Ensure the State complies with the Activities Allowed or Unallowed Requirements.

Audit Report: SA2016101 issued on 09.12.2016
State of Florida, Tallahassee, FL
No. 1 to FHWA

Ensure the State complies with Matching, Level of Effort, and Earmarking Requirements.

Closed on 05.25.2017
$26,110
No. 2 to FHWA

Recover $26,110 from the State, if applicable.

Closed on 07.31.2017
No. 3 to FHWA

Ensure the State complies with Special Tests and Provisions Requirements.

Closed on 11.30.2016
No. 4 to FTA

Ensure the State complies with Reporting Requirements.

Audit Report: SA2016102 issued on 09.12.2016
State of Alaska, Juneau, AK
Closed on 11.30.2016
No. 1 to FHWA

Ensure the State complies with Allowable Costs/Cost Principles Requirements.

Closed on 11.30.2016
$43,045
No. 2 to FHWA

Recover $43,045 (Question Cost of $42,557 related to finding 2015-040 and $488 related to 2015-041) from the State, if applicable.

Audit Report: SA2016098 issued on 09.12.2016
City of Jackson, Jackson, MS
Closed on 11.30.2016
No. 1 to FTA

Ensure the City complies with the Davis-Bacon Act (Wage Rate) Requirements.

Closed on 11.30.2016
No. 2 to FTA

Ensure the City complies with the Procurement and Suspension and Debarment Requirements.

Audit Report: SA2016099 issued on 09.12.2016
Territory of American Samoa, Pago Pago, American Samoa
Closed on 02.01.2017
No. 1 to FAA

Ensure the Territory complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016100 issued on 09.12.2016
State of Indiana, Indianapolis, IN
Closed on 11.28.2016
No. 1 to FHWA

Ensure the State complies with Special Tests and Provisions (Wage Rate) Requirements.

Audit Report: FI2016097 issued on 09.08.2016
DOT’s Conference Spending Policies Reflect Federal Requirements, but Ineffective Controls Do Not Ensure Compliance
No. 1 to OST

Revise Department-wide policies and procedures to clarify how to accurately identify and report conferences and conference-related activities and require Operating Administrations to review their policies and procedures and revise as needed to align with the Department.

No. 2 to OST

Develop and implement procedures for tracking, compiling, and maintaining conference costs data.

No. 3 to OST

Require Operating Administrations to reconcile their conferences expenditures and publicly report actual conference costs incurred as required by OMB.

No. 4 to OST

Revise the Department's travel reimbursement policy to clarify conference travel expenditures that can be claimed and enforce the revised policy to prevent double reimbursements, unentitled per diem reimbursements, and other overpayments.

Closed on 08.17.2017
$1,589
No. 5 to OST

Collect $1,589 of overpaid per diem reimbursements from conference travelers as identified in this report.

$856,009
No. 6 to OST

Develop and implement additional internal controls to help ensure Department-wide compliance with Federal laws, regulations, and OMB requirements on conference approval, reporting, and spending—including compliance with OMB Memorandum M-12-12, which prohibits incurring obligations prior to proper approval. Implementation of internal controls could have put $856,009 in funds to better use.

Audit Report: QC2016096 issued on 08.31.2016
Quality Control Review of Controls over DOT’s Enterprise Services Center
Sensitive
No. 1 to FAA

Sensitive information redacted

Sensitive
No. 2 to FAA

Sensitive information redacted

Closed on 10.13.2016
Sensitive
No. 3 to FAA

Sensitive information redacted

Audit Report: AV2016094 issued on 08.25.2016
FAA Lacks a Clear Process for Identifying and Coordinating NextGen Long-Term Research and Development
No. 1 to FAA

Establish and document a process with clear roles and responsibilities for identifying and prioritizing long-term R&D for air traffic management and related efforts.

No. 2 to FAA

Link the long-term vision for NextGen, once completed, with current R&D efforts to identify any additional R&D that may be required.

Closed on 03.29.2017
No. 3 to FAA

Finalize the MOU that establishes the organizational structure and responsibilities for FAA and its partner agencies.

Closed on 02.23.2017
No. 4 to FAA

Update the RTT document to include: a. Assignments by position instead of by name; b. Updated organization names and roles; and c. Current projects in an annex rather than in the main document to allow for easier updates.

No. 5 to FAA

Have SPC's six high-priority NextGen capabilities validated by an external entity, such as the REDAC to ensure that they are on the critical path for NextGen development, as well as ensure that there are not other areas that warrant additional attention.

Audit Report: ST2016095 issued on 08.25.2016
FHWA Does Not Effectively Ensure States Account for Preliminary Engineering Costs and Reimburse Funds as Required
No. 1 to FHWA

Conduct an assessment of the risks and existing controls associated with the Division Offices' oversight of State's processes to track PE projects, and identify improvements to Division Office oversight.

No. 2 to FHWA

Conduct an assessment of the accuracy and completeness of PE project authorizations. Correct any errors in FMIS projects that should be coded as PE as a result of this assessment.

No. 3 to FHWA

Update FHWA Order 5020.1 or develop Agency guidance to state FHWA's policy concerning compliance with Title 23 U.S.C. Section 102(b ), including the following: a) Define when a project progresses to right-of-way or construction; b) Describe accurate coding parameters for PE projects in FMIS; c) Define the means of tracking the 10-year limit for PE projects, including those involving multiple Federal project numbers; d) Define recordkeeping and documentation expectations for tracking reimbursements, extending the 10-year limit, and decisions not to pursue reimbursements; e) Define roles and responsibilities for Division Offices and FHWA Headquarters for consistent oversight and enforcement of PE requirements before and after the 10-year limit; f) Define FHWA Headquarters' policy on resolving differences arising between Division Offices and States regarding required PE actions.

$1,100,000,000
No. 4 to FHWA

Obtain a legal determination from the Office of the Secretary to permit SPES projects and similar funding agreements and establish internal controls to ensure compliance with Federal requirements. Implementing this recommendation could put the $1.1 billion in PE funds to better use.

$3,300,000,000
No. 5 to FHWA

Develop and implement financial controls and processes to monitor PE projects exceeding the 10-year limit, approved extensions, and reimbursements not pursued when PE projects do not progress within the 10-year limit. Implementing this recommendation could put $3.3 billion in PE funds to better use.

No. 6 to FHWA

Develop performance measures that track compliance with the 10-year limit and report progress.

$143,000,000
No. 7 to FHWA

For the $143 million in PE projects questioned in this report without adequate justification for time extensions or avoided repayments, obtain from the States appropriate support or repayment of PE expenditures as required.

Audit Report: SA2016080 issued on 08.05.2016
Puerto Rico and Municipal Islands Maritime Transport Authority, San Juan, PR
Closed on 05.25.2017
No. 1 to FTA

Ensure the Authority complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016085 issued on 08.05.2016
State of Tennessee, Nashville, TN
Closed on 07.27.2017
No. 1 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements.

Closed on 07.27.2017
$83,782
No. 2 to FHWA

Recover $83,782 from the State, if applicable.

Closed on 05.25.2017
No. 3 to FTA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

Closed on 05.25.2017
$12,555
No. 4 to FTA

Recover $12,555 from the State, if applicable.

Audit Report: SA2016081 issued on 08.05.2016
Puerto Rico Metropolitan Bus Authority, San Juan, PR
Closed on 11.30.2016
No. 1 to FTA

Ensure that the Authority complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016086 issued on 08.05.2016
San Francisco Bay Area Rapid Transit District, Oakland, CA
Closed on 02.26.2018
No. 1 to FTA

Ensure the District complies with Special Tests and Provisions (Wage Rate) Requirements.

Audit Report: SA2016082 issued on 08.05.2016
State of California, Sacramento, CA
Closed on 02.01.2017
No. 1 to FRA

Ensure the State complies with the Special Tests and Provisions Requirements.

Audit Report: SA2016087 issued on 08.05.2016
North Coast Railroad Authority, Ukiah, CA
No. 1 to OST

Ensure the Authority Complies with Reporting Requirements.

No. 2 to OST

Ensure the Authority complies with Fixed Charge Coverage Ratio Requirements.

Audit Report: SA2016083 issued on 08.05.2016
State of New Jersey, Trenton, NJ
Closed on 03.30.2017
No. 1 to NHTSA

Ensure the State complies with the Reporting Requirements.

Closed on 03.30.2017
No. 2 to NHTSA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

Closed on 03.30.2017
No. 3 to NHTSA

Ensure the City complies with the Subrecipient Monitoring Requirements.

Audit Report: SA2016088 issued on 08.05.2016
Waccamaw Regional Transportation Authority, Conway, SC
Closed on 11.28.2016
No. 1 to FTA

Ensure the Authority complies with the Cash Management Requirements.

Closed on 11.28.2016
$65,842
No. 2 to FTA

Recover $65,842 from the Authority, if applicable.

Audit Report: SA2016084 issued on 08.05.2016
State of North Carolina, Raleigh, NC
Closed on 05.25.2017
No. 1 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements. (Findings 2015-017, 018, 019, and 020).

Closed on 11.28.2016
No. 2 to FRA

Ensure the State complies with the Special Tests and Provisions Requirements (Finding 2015-021).

Audit Report: SA2016078 issued on 08.05.2016
City and County of Honolulu, Honolulu, HI
Closed on 05.25.2017
No. 1 to FTA

Ensure the City and County complies with the Special Tests and Provisions (Wage Rate) Requirements.

Audit Report: SA2016079 issued on 08.05.2016
Commonwealth of Pennsylvania, Harrisburg, PA
Closed on 09.30.2016
No. 1 to FHWA

Ensure the Commonwealth complies with the Subrecipient Monitoring Requirements.

Audit Report: ZA2016077 issued on 07.21.2016
FTA Can Improve Its Oversight of Hurricane Sandy Relief Funds
Closed on 07.29.2016
$17,700,000
No. 1 to FTA

Recover the $17.7 million in ineligible DRAA funds.

Closed on 08.10.2017
No. 2 to FTA

Implement oversight procedures to follow up on identified risks, such as expenditures denied for inclusion in a grant.

Closed on 03.16.2017
No. 3 to FTA

Implement procedures to ensure change order reviews conducted by FTA and integrity monitors include steps to evaluate whether change orders are approved in accordance with FTA policy.

Closed on 09.26.2016
No. 4 to FTA

Direct MTA and NYCT to implement procedures to ensure that change orders have documented management approvals and dated signatures before they are issued, per FTA policy.

Closed on 12.02.2016
No. 5 to FTA

Revise FTA's change order approval policy to address the use of blanket approvals to clearly state whether they are allowable or not. If allowable, establish parameters for their use.

Audit Report: SA2016071 issued on 06.16.2016
State of Nebraska, Lincoln, NE
Closed on 11.30.2017
No. 1 to FTA

Ensure the State complies with the Subrecipient Monitoring Requirements.

$111,807
No. 2 to FTA

Recover $111,807 from the State, if applicable.

Closed on 11.30.2017
No. 3 to FTA

Ensure the State complies with the Reporting Requirements.

Audit Report: SA2016072 issued on 06.16.2016
State of South Dakota, Pierre, SD
Closed on 11.30.2016
No. 1 to FTA

Ensure the State complies with the Subrecipient Monitoring Requirements.

Closed on 11.30.2016
$237,996
No. 2 to FTA

Recover $237,996 from the State, if applicable.

Audit Report: SA2016073 issued on 06.16.2016
City of Dubuque, Dubuque, IA
Closed on 07.31.2018
No. 1 to FTA

Ensure the City complies with the Matching, Level of Effort, and Earmarking Requirements.

Audit Report: SA2016074 issued on 06.16.2016
Yolo County Transportation District, Woodland, CA
Closed on 11.30.2016
No. 1 to FTA

Ensure the District complies with the Allowable Costs/Cost Principles Requirements.

Closed on 11.30.2016
$11,641
No. 2 to FTA

Recover $11,641 from the District, if applicable.

Audit Report: SA2016069 issued on 06.16.2016
City of Atlanta, Atlanta, GA
Closed on 07.27.2017
No. 1 to OST

Ensure the City complies with the Subrecipient Monitoring Requirements.

Audit Report: SA2016070 issued on 06.16.2016
State of Georgia, Atlanta, GA
Closed on 09.28.2017
No. 1 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements.

Audit Report: AV2016068 issued on 06.16.2016
Improvements Needed in DOT’s Process for Identifying Unfair or Deceptive Practices in Airline Frequent Flyer Programs
Closed on 09.29.2016
No. 1 to OST

Provide training to DOT analysts on what constitutes unfair and deceptive practices.

No. 2 to OST

Define what constitutes reasonable notice for consumers regarding changes to frequent flyer programs' terms and conditions, and require airlines to provide such notice.

Audit Report: AV2016067 issued on 05.31.2016
FAA Lacks Sufficient Oversight of the Aircraft Rescue and Fire Fighting Program
Closed on 02.08.2017
No. 1 to FAA

Establish minimum requirements for inspectors' review of airports' compliance with Aircraft Rescue and Fire Fighting regulations.

Closed on 03.30.2017
No. 2 to FAA

Update the inspection checklist for Airport Certification Inspections to include these requirements: a. determining whether airports have conducted tests of fire-extinguishing agents; b. reviewing vehicle maintenance records; c. reviewing training materials; and d. reviewing the type of foam airports use to ensure airports meet Federal requirements.

Closed on 01.30.2018
No. 3 to FAA

Document what items were reviewed to determine airport compliance under the Aircraft Rescue and Fire Fighting requirements in the inspection checklist for Airport Certification Inspections to include: a. which vehicles were reviewed to determine compliance with each regulation, such as which vehicles were inspected for their ability to discharge agent and execute the response time tests; b. which personnel protective equipment were inspected; and c. dates of the full scale triennial emergency exercise and annual review of the Airport Emergency Plan.

Closed on 02.13.2017
No. 4 to FAA

Provide training to inspectors on the updated inspection checklist for Airport Certification Inspections.

Closed on 01.30.2018
No. 5 to FAA

Implement the requirement under FAA's Compliance and Enforcement Policy for FAA Headquarters to review regional inspection program activities of the Aircraft Rescue and Fire Fighting program on a 3-year cycle.

Closed on 12.15.2016
No. 6 to FAA

Issue guidance to airport inspectors clarifying when inspectors should: (1) issue a formal Letter of Investigation and (2) investigate serious discrepancies to determine and document the cause of these discrepancies.

Closed on 03.30.2017
No. 7 to FAA

Require FAA to periodically analyze Aircraft Rescue and Fire Fighting enforcement data nationwide to identify airports with serious Aircraft Rescue and Fire Fighting violations and verify they are corrected to prevent future discrepancies with the regulations. Document analysis and steps to ensure violations are corrected.

No. 8 to FAA

Develop a process to ensure the Office of Airports reports its Aircraft Rescue and Fire Fighting enforcement actions to FAA's Enforcement Information System database according to FAA Order 2150.3B.

No. 9 to FAA

Require inspectors to review airports' training materials and other documentation that shows the items taught during each of its training classes used for Aircraft Rescue and Fire Fighting personnel in each of the Aircraft Rescue and Fire Fighting areas required under 14 CFR Part 139 to ensure airports train personnel in a manner authorized by FAA.

No. 10 to FAA

Identify and implement best practices regarding the content, length, and methods of teaching each of the 11 Aircraft Rescue and Fire Fighting subject areas.

Audit Report: FI2016066 issued on 05.13.2016
DOT’s Fiscal Year 2015 Improper Payment Reporting Does Not Comply with IPERA Requirements
Closed on 03.23.2017
No. 1 to OST

Publish future year outlays in the AFRs that match the President's Budget as required by OMB A-136.

Closed on 09.26.2016
No. 2 to OST

Monitor FHWA's progress on the new corrective actions they initiated to reduce the HPC program improper payments and achieve the FY16 reduction target rates.

Audit Report: ZA2016064 issued on 05.09.2016
Weaknesses Identified in Volpe’s Cost Accounting Practices for the V-TRIPS Contract
Closed on 07.11.2017
No. 1 to OST

Require Volpe to implement written cost accounting policies and procedures that comply with Federal accounting standards and DOT policies.

Closed on 03.09.2017
No. 2 to OST

Work with Volpe to identify those recommendations deemed appropriate from the 2015 draft Deloitte report and take action to implement them.

Closed on 03.31.2017
$4,960,165
No. 3 to OST

Require Volpe to comply with the RMA limits specified in DOT Order 2300.6E, provide an annual accounting of the RMA, and work with the Office of General Counsel to establish a legally appropriate plan to resolve the excess $5 million in the RMA as of 2015.

No. 4 to OST

Improve Volpe's internal management controls—including timely reconciliations (e.g., invoices to appropriate funding sources)—to prevent, detect, and correct billing errors, such as those identified in this report.

Audit Report: ZA2016065 issued on 05.09.2016
FAA Lacks Adequate Controls To Accurately Track and Award Its Sole Source Contracts
No. 1 to FAA

Establish and implement a standard operating proced ure to verify the accuracy of F AA's sole-source contract data submitted to OST for annual reporting to Congress.

No. 2 to FAA

Establish and implement additional actions to re duce the use of sole-source contracting, including the use of performance measures that are tracked periodically. At a minimum, these actions should include steps to address FAA's acquisition of proprietary technologies.

No. 3 to FAA

Establish and implement a standardized process for identifying and assessing potential follow-on procurements, to improve FAA's ability to identify requirements that can be competed in the future.

No. 4 to FAA

Establish and implement an oversight process to adequately review sole-source procurements prior to award to ensure that they comply with AMS pre-award requirements.

No. 5 to FAA

Update AMS policy and guidance to cla rify pre-award requirements fo r sole-source awards. At a minimum, FAA should clarify policy and guidance related to procurement plans, conflict of interest agreements, pre-award public announcements, market analysis, sole-source justifications, IGCEs, and simplified acquisition procedures.

Audit Report: SA2016062 issued on 04.27.2016
State of Louisiana, Baton Rouge, LA
Closed on 02.01.2017
No. 1 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements. (Findings 2015-14 and 2015-17).

Closed on 02.01.2017
No. 2 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements. (Finding 2015-17).

Closed on 02.01.2017
$639,030
No. 3 to FHWA

Recover $639,030 from the State, if applicable (Finding 2015-017).

Closed on 02.01.2017
$19,472
No. 4 to FHWA

Recover $19,472 from the State, if applicable (Finding 2015-17).

Closed on 02.01.2017
No. 5 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements.

Closed on 11.28.2016
No. 6 to NHTSA

Ensure the State complies with the Period of Availability of Funds Requirements.

Closed on 11.28.2016
$737,895
No. 7 to NHTSA

Recover $737,895 from the State, if applicable.

Audit Report: SA2016061 issued on 04.27.2016
Washington Metropolitan Area Transit Authority, Washington DC
No. 1 to FTA

Ensure the Authority complies with the Allowable Costs/Cost Principles Requirements.

Closed on 09.30.2016
$27,385,100
No. 2 to FTA

Recover $27,385,124 (Questioned Costs of $23,582,013 relate to findings 2015-005 and 2015-006. Questioned Costs of $3,803,111 relate to finding 2015-015) from the Authority, if applicable.

No. 3 to FTA

Ensure the Authority complies with the Special Tests and Provisions Requirements.

No. 4 to FTA

Ensure the Authority complies with the Cash Management Requirements.

Closed on 01.31.2018
No. 5 to FTA

Ensure the Authority complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016063 issued on 04.27.2016
Virgin Islands Port Authority, St. Thomas, VI
Closed on 08.31.2016
No. 2 to FAA

Ensure the Authority complies with the Equipment and Real Property Management Requirements.

Audit Report: ST2016059 issued on 04.21.2016
FRA Lacks Guidance on Overseeing Compliance with Bridge Safety Standards
Closed on 11.09.2016
No. 1 to FRA

Issue guidance for specialists to implement a data-driven, risk-based methodology for prioritizing bridge safety reviews.

Closed on 08.07.2017
No. 2 to FRA

Develop and implement a plan to identify and regularly update a comprehensive list of entities regulated by FRA's bridge safety standards.

Closed on 10.17.2016
No. 3 to FRA

Issue guidance that defines how bridge safety specialists should conduct their oversight reviews.

Closed on 05.20.2016
No. 4 to FRA

Require that bridge safety specialists report all instances of regulatory non-compliance in their reviews as defects.

Closed on 10.17.2016
No. 5 to FRA

Issue guidance that defines how bridge safety specialists should track and follow-up on identified issues of regulatory non-compliance to verify that owners take remedial actions.

Closed on 05.20.2016
No. 6 to FRA

Issue guidance that defines when and how bridge safety specialists should recommend civil penalties for non-compliance with Bridge Safety Standards.

Audit Report: ST2016058 issued on 04.12.2016
FTA Monitored Grantees’ Corrective Actions, but Lacks Policy and Guidance To Oversee Grantees With Restricted Access to Federal Funds
Closed on 01.12.2017
No. 1 to FTA

Develop and issue policies and guidance for overseeing grantees under Federal funding restrictions. At a minimum, these policies and guidance should address: a. reviewing grantee invoices; b. tracking corrective actions for grantees who have been placed on Federal funding restriction, including roles and responsibilities of those involved in monitoring and oversight; c. improving documentation of grantees' actions used to justify closure of recommendations; and d. centrally documenting FTA's oversight of grantees under Federal Funding restrictions in a manner that allows it to identify and address common problems and nationwide trends.

Audit Report: ZA2016057 issued on 03.28.2016
FTA Did Not Adequately Verify PATH’s Compliance With Federal Procurement Requirements for the Salt Mitigation of Tunnels Project
Closed on 07.06.2016
No. 2 to FTA

Enforce FTA's Hurricane Sandy oversight requirement to conduct quarterly Salt Mitigation Project change order reviews that test PATH's compliance with FTA procurement requirements.

Audit Report: FI2016056 issued on 03.22.2016
The Volpe Center’s Information Technology Infrastructure Is at Risk for Compromise
Closed on 05.09.2017
Sensitive
No. 1 to RITA

Sensitive information redacted

Closed on 01.27.2017
No. 2 to RITA

Implement security measures for protecting PII in accordance with DOT Chief Information Officer Departmental Privacy Risk Management Policy.

No. 3 to RITA

Install a network-based intrusion detection and prevention solution to complement the current host-based systems, enabling more comprehensive and accurate detection and prevention of malicious activity on the network, including traffic coming from trusted connections.

Closed on 11.01.2016
No. 4 to RITA

Implement a network admission control solution to ensure only authorized users can access network resources.

Closed on 03.21.2017
No. 5 to RITA

Conduct regular vulnerability assessments and scans of the LAN to identify known vulnerabilities and common misconfigurations, and implement a policy that holds system administrators accountable for remediating identified vulnerabilities.

Closed on 03.21.2017
No. 6 to RITA

Develop and execute interconnection security agreements with clients that it contracts with for network space on the IT infrastructure in accordance with NIST and DOT policy and guidelines.

Closed on 03.21.2017
No. 7 to RITA

Develop and maintain a complete inventory of authorized network devices accessible to staff who monitor departmental networks.

Closed on 11.01.2016
No. 8 to RITA

Implement a procedure to require the ISSM's approval before any device, including virtualized and other non-physical IT devices, is connected to the LAN, to include development and project systems.

Audit Report: SA2016051 issued on 03.16.2016
Joint Programs of the Shoshone and Arapaho Tribes of the Wind River Reservation, Fort Washakie, WY
No. 1 to FHWA

Ensure the Shoshone and Arapaho Tribes comply with the Special Tests and Provisions Requirements.

Audit Report: SA2016052 issued on 03.16.2016
Dallas Area Rapid Transit, Dallas, TX
Closed on 09.30.2016
No. 1 to FTA

Ensure that Dallas Area Rapid Transit complies with the Reporting Requirements.

Audit Report: SA2016053 issued on 03.16.2016
Nanwalek IRA Council, Nanwalek, AK
No. 1 to FHWA

Ensure the Council complies with the Allowable Costs/Cost Principles Requirements.

$255,941
No. 2 to FHWA

Recover $255,941 from the Council, if applicable.

Audit Report: SA2016047 issued on 03.16.2016
Klawock Cooperative Association, Klawock, AK
Closed on 09.30.2016
No. 1 to FHWA

Ensure the Association complies with the Activities Allowed or Unallowed and Allowable Costs/Cost Principles Requirements.

$10,719
No. 2 to FHWA

Recover $10,719 from the Association, if applicable.

No. 3 to FHWA

Ensure the Association complies with the Subrecipient Monitoring Requirements.

Closed on 09.30.2016
$78,502
No. 4 to FHWA

Recover $78,502 from the Association, if applicable.

Audit Report: SA2016054 issued on 03.16.2016
State of Hawaii, Department of Transportation, Highways Division, Honolulu, HI
Closed on 05.23.2016
No. 1 to FHWA

Ensure the State complies with the Davis-Bacon Act Requirements.

Closed on 03.30.2017
No. 2 to NHTSA

Ensure the State complies with the Cash Management Requirements.

Audit Report: SA2016055 issued on 03.16.2016
City of Charlotte, Charlotte, NC
Closed on 08.31.2016
No. 1 to OST

Ensure the City complies with the Reporting Requirements.

Audit Report: SA2016048 issued on 03.16.2016
City of Port Arthur, Port Arthur, TX
Closed on 09.30.2016
No. 1 to FTA

Ensure the City of Port Arthur complies with the Cash Management and Reporting Requirements.

Audit Report: SA2016049 issued on 03.16.2016
Jicarilla Apache Nation Governmental Services Department, Dulce, NM
Closed on 09.30.2016
No. 1 to FHWA

Ensure the Jicarilla Apache Nation complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016050 issued on 03.16.2016
State of New York, Albany, NY
Closed on 05.31.2017
No. 1 to FHWA

Ensure the State of New York complies with the Reporting Requirements.

Audit Report: SA2016045 issued on 03.11.2016
PACE, the Suburban Bus Division of the Regional Transportation Authority, Arlington Heights, IL
Closed on 08.31.2016
No. 1 to FTA

Ensure that PACE complies with the Activities Allowed or Unallowed Requirements.

Closed on 07.31.2018
$222,972
No. 2 to FTA

Recover $222,972 from PACE, if applicable.

Audit Report: SA2016041 issued on 03.11.2016
Westchester County, White Plains, NY
Closed on 09.30.2016
No. 1 to FTA

Ensure the County complies with the Reporting Requirements.

Audit Report: SA2016046 issued on 03.11.2016
Metropolitan Transportation Authority, New York, NY
Closed on 11.30.2017
No. 1 to FTA

Ensure the Authority complies with the Procurement Requirements.

Closed on 12.16.2016
$2,029,700
No. 2 to FTA

Recover $2,029,701 from the Authority, if applicable.

Audit Report: SA2016042 issued on 03.11.2016
Washington Metropolitan Area Transit Authority, Washington, DC
Closed on 07.27.2017
No. 1 to FTA

Ensure the Authority complies with the Reporting Requirements.

Closed on 07.27.2017
No. 2 to FTA

Ensure the Authority complies with the Activities Allowed or Unallowed and Allowable Costs/Cost Principles Requirements.

Closed on 09.30.2016
$729,610
No. 3 to FTA

Recover $729,610 ($661,246 on Finding 017, $59,391 on Finding 018, and $8,973 on Finding 019) from the Authority, if applicable.

Closed on 07.27.2017
No. 4 to FTA

Ensure the Authority complies with the Equipment and Real Property Management Requirements.

Closed on 07.27.2017
No. 5 to FTA

Ensure the Authority complies with the Procurement and Suspension and Debarment Requirements.

Closed on 07.27.2017
No. 6 to FTA

Ensure the Authority complies with the Special Tests and Provisions Requirements.

Audit Report: SA2016036 issued on 03.11.2016
Federated States of Micronesia National Government, Palikir, Micronesia
Closed on 02.01.2017
No. 1 to FAA

Ensure the Micronesia National Government complies with the Allowable Costs/Cost Principles Requirements.

Closed on 12.16.2016
$49,760
No. 2 to FAA

Recover $49,760 from the Micronesia National Government, if applicable.

Closed on 12.16.2016
No. 3 to FAA

Ensure the Micronesia National Government Complies with the Reporting Requirements.

Closed on 07.24.2017
No. 4 to FAA

Ensure the Micronesia National Government Complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016040 issued on 03.11.2016
Greene County Transit Board, Xenia, OH
Closed on 08.31.2016
No. 1 to FTA

Ensure the County complies with the Allowable Costs/Cost Principles Requirements.

Closed on 08.31.2016
$19,989
No. 2 to FTA

Recover $19,989 from the County, if applicable.

Audit Report: SA2016038 issued on 03.11.2016
City of Kansas City, Kansas City, MO
Closed on 06.29.2016
No. 1 to FAA

Ensure the City complies with the Reporting Requirements.

Closed on 11.28.2016
No. 2 to OST

Ensure the City complies with the Activities Allowed or Unallowed Requirements.

Closed on 11.28.2016
No. 3 to FTA

Ensure the City complies with the Activities Allowed or Unallowed Requirements.

Audit Report: SA2016039 issued on 03.11.2016
Crow Tribe of Indians, Crow Agency, MT
No. 1 to FHWA

Ensure the Tribe complies with the Cash Management Requirements.

$2,773,489
No. 2 to FHWA

Recover $2,773,489 from the Tribe, if applicable.

Audit Report: SA2016043 issued on 03.11.2016
Jacksonville Transportation Authority, Jacksonville, FL
Closed on 03.30.2017
No. 1 to FTA

Ensure the Authority complies with the Procurement and Suspension and Debarment Requirements.

Closed on 03.27.2018
$289,870
No. 2 to FTA

Recover $289,870 from the Authority, if applicable.

Audit Report: SA2016028 issued on 03.08.2016
North Coast Railroad Authority, Ukiah, CA
No. 1 to OST

Ensure the Authority complies with the Reporting Requirements.

Closed on 07.31.2016
No. 2 to FRA

Ensure that Authority complies with the fixed charge coverage ratio Agreement with FRA.

Audit Report: SA2016030 issued on 03.08.2016
Neponset Valley Transportation Management Association Inc., Woburn, MA
Closed on 09.30.2016
No. 1 to FTA

Ensure the Association complies with the Activities Allowed or Unallowed and Allowable Costs/Cost Principles Requirements.

Closed on 09.30.2016
$14,003
No. 2 to FTA

Recover $14,003 from the Association, if applicable.

Audit Report: SA2016031 issued on 03.08.2016
National Railroad Passenger Corporation and Subsidiaries Amtrak, Washington, DC
Closed on 07.31.2016
No. 1 to FRA

Ensure that Amtrak complies with the Equipment and Real Property Requirements.

Closed on 07.31.2016
No. 2 to FRA

Ensure that Amtrak complies with Special Tests and Provisions Requirements.

Audit Report: SA2016025 issued on 03.08.2016
Metropolitan Transportation Commission Oakland, CA
Closed on 09.30.2016
No. 1 to FTA

Ensure the Commission complies with the Reporting Requirements.

Audit Report: SA2016027 issued on 03.08.2016
Regional Transportation District, Denver, CO
Closed on 12.16.2016
No. 1 to FHWA

Ensure the District complies with the Period of Availability Requirements.

Closed on 11.28.2016
$162,010
No. 2 to FHWA

Recover $162,010 from the District, if applicable.

Closed on 11.28.2016
$93,184
No. 3 to FHWA

Recover $93,184 from the District, if applicable. This affects finding #2013-2.

Closed on 12.16.2016
No. 4 to FHWA

Ensure the District complies with the Special Tests and Provisions Requirements.

Audit Report: FI2016024 issued on 03.03.2016
Multiple DOT Operating Administrations Lack Effective Information System Disaster Recovery Plans and Exercises
Closed on 04.13.2017
No. 1 to FMCSA

Develop, document, and implement user and system-level data backup processes for the FMCSA Enforcement Management Information System.

Closed on 01.30.2017
No. 2 to FRA

Develop, document, and implement user and system-level data backup processes for the FRA Railroad Safety Information System.

No. 3 to FMCSA

Specify alternate telecommunications services including necessary agreements for the FMCSA Enforcement Management Information System contingency plan.

Closed on 09.13.2017
No. 4 to PHMSA

Specify alternate telecommunications services including necessary agreements for the PHMSA Hazardous Materials Information System contingency plan.

Closed on 01.30.2017
No. 5 to FHWA

Update the contingency plans for the two FHWA systems: (1) Fiscal Management Information System and (2) Rapid Approval and State Payment System (RASPS) by: a. Developing a Business Impact Analysis for their two selected systems. b. Identifying allowable system unavailability timelines such as Maximum Tolerable Downtime (MTD) and Recovery Time Objective (RTO) for their system contingency plans. c. Reevaluating both systems' alternate backup data storage sites so they are geographically dispersed from the primary system operational site as required by DOT policy. d. Implementing a process for ensuring the encryption of backup data prior to transferring the data offsite.