Recommendation Dashboard

skip-to-content

OIG’s Office of Auditing and Evaluation makes recommendations to DOT to correct deficiencies and encourage improvements in the safety, economy, efficiency, and management of the Department’s programs and operations. Our audit report findings and conclusions explain the basis for the specific corrective actions we recommend. This Recommendation Dashboard provides more information than ever before about the current status of OIG recommendations, which we plan to update on a weekly basis. For more information, see answers to frequently asked questions.

Open Recommendations

 

Open Financial Recommendations

 
Audit Report: ST2017029 issued on 03.06.2017
Vulnerabilities Exist in Implementing Initiatives Under MAP-21 Subtitle C To Accelerate Project Delivery
No. 1 to FHWA

Require Division Offices to have documentation substantiating how each innovative technology and practice meets eligibility requirements for the projects under Section 1304 at the time of approval.

No. 2 to FHWA

Develop and implement an oversight mechanism to periodically evaluate the effectiveness of State environmental review performances that assume DOT's environmental review responsibilities under Section 1313.

No. 3 to FHWA

Finalize a plan for collecting and tracking data on CEs to meet mandatory reporting requirements for Section 1323.

No. 4 to FHWA

Establish target completion dates for the remaining planned actions for MAP-21 Subtitle C provisions that are in progress.

No. 5 to FHWA

Update the policy and FHWA Website to clearly reflect and convey the most current requirements for the use of Project and Program Action Information System (PAPAI).

Audit Report: AV2017028 issued on 02.15.2017
While FAA Took Steps Intended To Improve Its Controller Hiring Process, the Agency Did Not Effectively Implement Its New Policies
No. 1 to FAA

Develop a system to individually track applicants through the hiring process, which will maintain the integrity of the data supplied by the medical and security clearance processes.

Closed on 02.23.2017
No. 2 to FAA

Establish a process to address applicants that receive a tentative offer letter but fail to initiate the medical and/or security clearance processes.

Audit Report: QC2017026 issued on 02.07.2017
Quality Control Review of the Management Letter for the Audit of Fiscal Years 2016 and 2015 Financial Statements of the Federal Aviation Administration (FAA)
No. 1 to FAA

KPMG recommends that FAA Managment revise procedures to ensure manual journal vouchers are reviewed timely and within the timeframes established by the policies.

No. 2 to FAA

KPMG recommends that FAA perform an analysis to determine the materiality of the expense transactions currently not included in the accounts payable accrual. If the amount is determined to be immaterial, management should develop and implement guidance to document its assessment and recognition decisions, in accordance with SFFAC No. 5, as it relates to liabilities for non-grant expense transactions and specifically decisions to not accrue for certain transactions. If the amount is determined to be material, management should revise its accounts payable policies to include all material payables in the accrual at year-end.

No. 3 to FAA

KPMG recommends that FAA refine its policies and procedures to ensure purchase orders and invoices are reviewed at the appropriate level of precision to ensure that amounts are properly expensed or capitalized.

No. 4 to FAA

KPMG recommends that FAA management properly document and implement procedures to update policies and procedures over physical access to the data center to be in compliance with the DOT Cybersecurity Compendium.

No. 5 to FAA

KPMG recommends that FAA management properly document and implement procedures to maintain accurate and detailed user listings of individuals granted access to the data center.

No. 6 to FAA

KPMG recommends that FAA management properly document and implement procedures to perform periodic reviews of access rights for existing data center users.

Audit Report: QC2017025 issued on 02.07.2017
Quality Control Review of the Management Letter for the Audit of Fiscal Years 2016 and 2015 Financial Statements of the Department of Transportation (DOT)
No. 1 to FTA

KPMG recommends that FTA revise its policies and procedures for monitoring obligations in order to more timely identify and de-obligate stale obligations by periodically monitoring grants that become inactive during the current fiscal year.

No. 2 to OST

KPMG recommends that DOT develop and implement guidance to formally document its assessments and recognition decisions, in accordance with Statements of Federal Financial Accounting Concepts (SFFAC) No. 5 Definitions of Element and Basic Recognition Criteria for Accrual-Basis Financial Statements , as it relates to liabilities of exchange transactions, specifically those decisions to depart from GAAP based on materiality.

No. 3 to FTA

KPMG recommends that FTA and ESC management revise procedures to ensure manual JVs are reviewed, by the designated FTA approver, within the timeframe established by existing policies.

No. 4 to FHWA

KPMG recommends that FHWA management develop and implement procedures and processes that require periodic reviews of the audit logs generated by the application. In accordance with the DOT Cybersecurity Compendium requirements, the procedures should include the items being reviewed and the frequency within which the reviews should occur.

No. 5 to FHWA

KPMG recommends that FHWA management update the System Security Plan to reflect the new requirements for audit log reporting and reviews.

No. 6 to FHWA

KPMG recommends that FHWA management configure the system to send automated activity alerts that would notify the appropriate individuals and allow them to track suspicious activities within the system. Identify alerts that need to be generated by the system application, and develop mechanisms to generate automated alerts to notify the appropriate individuals to perform actions if an alert is generated.

No. 7 to FHWA

KPMG recommendes that FHWA strengthen policies and procedures to ensure that terminated users' access is removed timely, in accordance with the DOT Cybersecurity Compendium guidelines.

No. 8 to FHWA

KPMG recommends that FHWA update policies and procedures to restrict programmer's access from production libraries and datasets to ensure appropriate segregation of duties

No. 9 to OST

KPMG recommends that OST management develop and implement privileged service account review procedures to ensure that privileged service accounts are reviewed, at least semi-annually, for continued appropriateness, based on the principle of least privileged.

No. 10 to OST

KPMG recommends that the ITSS enhance data center review policy and procedures to ensure all access is reviewed for appropriateness timely, in accordance with DOT Cybersecurity Compendium guidelines.

Audit Report: ZA2017021 issued on 01.17.2017
New Disadvantaged Business Enterprise Participation Is Decreasing at the Nation’s Largest Airports, and Certification Barriers Exist
No. 1 to OST

Update the current list of active certifying authorities for each State Unified Certification Program and implement procedures for regularly maintaining and publishing the list.

No. 2 to OST

Issue guidance to certifying authorities on steps to take to ensure compliance with the regulatory requirements for the timely processing of all applications for certification.

No. 3 to OST

Require FAA, FHWA, and FTA to develop and implement a joint plan and schedule for reviewing certifying authorities within the 52 UCPs. Include within the joint plan an assessment of whether required timeframes for processing certification applications are being met and whether mandatory certification training is being completed.

No. 4 to OST

Establish procedures to periodically review, update, and publish the mandatory certification training program required by the FAA Modernization Reform Act of 2012.

No. 5 to OST

Issue guidance to certifying authorities on the steps they must take to ensure persons performing certification functions or involved in the certification process are properly trained prior to being allowed to approve applications.

No. 6 to OST

Institute procedures for maintaining a current list of certification staff who need and have completed the mandatory training.

No. 7 to OST

Develop and implement an advanced training program on topics requested by certifying authorities, identified in compliance reviews, determined by DOCR, or identified in this report (i.e., the examination of business structures/affiliations, reviews of personal net worth, verification of ownership and control, detailed site-visit reports, and fraud awareness).

No. 8 to OST

Develop and implement a train the trainer program for the three Operating Administrations to deliver consistent guidance and training to their recipients on all aspects of the DBE program.

No. 9 to OST

Publicize best practices such as those identified in this report relating to certification practices.

No. 10 to FAA

Implement a process to periodically monitor, analyze, and report to DOCR on significant or noteworthy changes in DBE participation at the large and medium hub airports. As part of this process, include a requirement that FAA's reports to DOCR identify the reasons noted by recipients for drops in participation and recommend actions to address them, as appropriate.

No. 11 to FAA

Require certification reviews to assess whether the certifying authority is (a) meeting required timeframes for processing instate and interstate applications and (b) ensuring staff have completed mandatory certification training.

Audit Report: AV2017020 issued on 01.11.2017
Although FAA Has Taken Steps To Improve Its Operational Contingency Plans, Significant Work Remains To Mitigate the Effects of Major System Disruptions
No. 1 to FAA

Develop and implement a policy requiring annual contingency plan training for en route and terminal controllers that includes procedures for managing airspace divestment and the loss of communications and/or surveillance capabilities.

No. 2 to FAA

Develop and implement an internal control to test and certify the function of emergency equipment, including power-fail phones, flashlights, and other communication equipment at all air traffic facilities semiannually to ensure the equipment operates as intended.

No. 3 to FAA

Convene NextGen program officials to evaluate, expedite, and complete a report on how planned NextGen capabilities can enhance the resiliency and continuity of NAS operations and mitigate the impact of future air traffic control disruptions.

No. 4 to FAA

Establish a process and requirement to validate airspace divestment plans annually to ensure the plans can be executed and technical requirements are up-to-date based on current technology.

No. 5 to FAA

Develop airspace divestment plans for oceanic airspace, and develop and implement the technical requirements needed to support all new plans.

No. 6 to FAA

Update the Automated Contingency Tool (ACT2) or develop and implement a new automated tool that complies with FAA Order 1900.47 to collect, manage, and disseminate operational contingency plans and lessons learned documentation to all air traffic facilities.

No. 7 to FAA

Establish a process for developing baseline contingency metrics, analyzing contingency trends and root causes, and annually disseminating the results to Air Traffic Organization personnel.

No. 8 to FAA

Develop a procedure to include aviation industry stakeholders in post-contingency events at the FAA Command Center to discuss lessons learned and explore possible solutions to mitigate the impact of future air traffic disruptions.

Audit Report: ST2017019 issued on 01.05.2017
FHWA Needs To Strengthen Its Oversight of State Transportation Improvement Programs
No. 1 to FHWA

Establish minimum documentation requirements for FPFs and STIPs in guidance to Division Offices.

No. 2 to FHWA

Develop and implement an oversight process to monitor and provide feedback to Division Offices on their review and approval of STIPs, and ensure Division Offices comply with Federal regulations, especially in regard to verifying fiscal constraint and the States' cost estimation processes.

No. 3 to FHWA

Establish a centralized relational database to collect FPF information from the Division Offices and track recommendations and related corrective actions.

No. 4 to FHWA

Complete the update of the MOAs on coordination with FTA.

No. 5 to FHWA

Identify best practices of FHWA Division and FTA Regional Offices on coordination for development of Title VI plans, and distribute the best practices agency-wide.

Audit Report: AV2017018 issued on 12.01.2016
FAA Lacks a Risk-Based Oversight Process for Civil Unmanned Aircraft Systems
No. 1 to FAA

Establish specific milestones to update and maintain UAS guidance to keep pace with technological developments and incorporate inspector feedback.

No. 2 to FAA

Develop comprehensive and updated training for safety inspectors on UAS technologies and Agency rules and guidance related to UAS oversight.

No. 3 to FAA

Initiate a periodic process to perform inspections of commercial UAS operators based on operational factors (e.g., location, number of operations, and type of activity) to verify knowledge of and compliance with FAA requirements and to inform the development of a risk-based oversight plan.

No. 4 to FAA

Design and implement a risk-based and prioritized oversight plan for UAS to help ensure safe operations of UAS.

No. 5 to FAA

Develop and implement a process to coordinate existing disparate UAS databases within FAA to facilitate data mining and safety analysis.

No. 6 to FAA

Implement a process to share UAS data with field oversight offices to assist inspectors in risk-based and proactive oversight of civil UAS operations.

Audit Report: QC2017017 issued on 11.30.2016
Quality Control Review of the Management Letter for the Audit of Fiscal Years 2016 and 2015 for the National Transportation Safety Board
No. 1 to NTSB

Implement an internal control procedure requiring an independent review to be performed over the OPM imputed cost calculation to ensure the calculation is accurate and the appropriate basic pay amounts are used.

Audit Report: AV2017015 issued on 11.16.2016
FAA Achieved Most of the Anticipated Cost Savings From Contracting Out Flight Service Stations, but Needs To Determine the Future Direction of the Program
No. 1 to FAA

Communicate to airspace users the potential changes coming to the flight service program, including how future services may be delivered, estimated timeframes for the changes, and steps users can take to prepare for the changes.

No. 2 to FAA

Develop a list of FAA orders and oversight processes that will require modification due to the planned flight service program changes.

No. 3 to FAA

Develop an oversight framework that is commensurate with program changes before awarding the next flight services contract and implement the framework shortly after the program changes are put into effect.

Audit Report: QC2017013 issued on 11.15.2016
Quality Control Review of the Department of Transportation’s Audited Consolidated Financial Statements for Fiscal Years 2016 and 2015
No. 1 to FTA

KPMG recommends that the Chief Information Officers of DOT and FTA develop policies, procedures and controls to address the provisioning of IT access, vulnerability management, system audit log review and change management control deficiencies identified in the FTA financial IT systems.

No. 2 to FTA

KPMG recommends that the Chief Information Officers of DOT and FTA monitor progress to ensure that procedures and controls are appropriately designed, implemented, and maintained.

No. 3 to FTA

KPMG recommends that the Chief Information Officers of DOT and FTA establish procedures and controls, at the appropriate level of precision, for unusual or infrequent events (e.g. system implementations) by establishing an IT steering committee that is composed of management from all relevant stakeholder functional areas, including the IT office, program office, and financial reporting office to ensure that system implementation meets the needs of all users and that policies, procedures, and system controls are appropriately redesigned, as necessary, to respond to the process changes resulting from the system implementation.

No. 4 to FTA

KPMG recommends that the Chief Information Officer of FTA execute a Service Level Agreement with all external service providers that defines the level of service expected from the service provider and appropriately identifies and delineates the roles and responsibilities of the service provider and the end user entity.

No. 5 to FTA

KPMG recommends that the Chief Information Officer of FTA d esign and implement policies and procedures to formally request, obtain, and review the external service provider's SSAE No. 16 report, and evaluate any deficiencies and end user considerations noted in the report.

No. 6 to FTA

KPMG recommends that the Chief Information Officer of FTA document the required procedures for assessing the impact of identified deficiencies, noted in the external service provider's SSAE No. 16 report, which may impact FTA, to ensure appropriate end user controls are in place to mitigate those noted deficiencies.

No. 7 to FTA

KPMG recommends that FTA enhance the grant accrual retrospective review policies, procedures, and controls to ensure that the retrospective review is performed at the appropriate level of precision, using relevant and reliable data inputs (complete and accurate FFR data);

No. 8 to FTA

KPMG recommends that FTA establish procedures and controls over the completeness and accuracy of the data inputs used in the grant accrual calculation.

No. 9 to FTA

KPMG recommends that FTA enhance the methodology and consider creating a user checklist of each of the program elements and appropriation codes that should be selected as inputs.

No. 10 to FTA

KPMG recommends that FTA establish policies and procedures for handling deviations from the standard methodology, including maintaining the evidence to support the deviation.

No. 11 to FTA

KPMG recommends that FTA establish a review control, with the appropriate level of precision, over the grant accrual calculation.

No. 12 to FTA

KPMG recommends that FTA perform an analysis and calculate an independent grant accrual for abnormalities in grantee spending patterns, in particular when a grantee is placed on suspension or restricted drawdowns as the billing cycle days for such grantees are not indicative of the true accrual period for that expenditure category.

No. 13 to FHWA

KPMG recommends that FHWA establish a review control, with the appropriate level of precision, over the cash flow projections to ensure that the inputs to the Subsidy Calculator are relevant and reliable.

No. 14 to FHWA

KPMG recommends that FHWA review the overall cash flow model functionality and implementation to ensure that all assumptions are properly applied, documented, and supported in the execution of the cash flow projections.

No. 15 to FHWA

KPMG recommends that FHWA consider automating the calculations that are performed manually to reduce the risk of misapplication of assumptions due to human error.

Closed on 03.02.2017
No. 16 to FRA

KPMG recommends that DOT follow established policies and procedures designed to prevent Anti-Deficiency Act violation.

Closed on 03.02.2017
No. 17 to FRA

KPMG recommend that DOT increase training and communications with personnel responsible for performing the established policies and procedures.

No. 18 to FTA

KPMG recommended that DOT improve its general information technology controls at FTA, as noted above (under Section A - Lack of Sufficient General Information Technology Controls at FTA), to ensure that DOT's financial management systems comply with the requirements of the FFMIA.

Audit Report: QC2017014 issued on 11.15.2016
Quality Control Review of the Saint Lawrence Seaway Development Corporation’s Audited Financial Statements for Fiscal Years 2016 and 2015
No. 1 to SLSDC

Should consider implementing additional procedures to monitor the activity of the funds held at Seaway International Bridge Corporation, Ltd. (SIBC) on their behalf for future bridge repair and operations, throughout the fiscal year.

No. 2 to SLSDC

The Saint Lawrence Seaway Development Corporation (Corporation) should implement procedures to record the activity of funds held at Seaway International Bridge Corporation, Ltd. (SIBC) within the financial records of the Corporation on a more frequent basis.

Audit Report: QC2017011 issued on 11.14.2016
Quality Control Review of the Federal Aviation Administration’s Audited Consolidated Financial Statements for Fiscal Years 2016 and 2015
No. 1 to FAA

Establish procedures and controls, at the appropriate level of precision, for unusual or infrequent events (e.g. system implementations, changes in accounting principles, or implementation of new accounting standards) in order to prevent or detect and correct a misstatement to the financial statements. Specifically for IT system implementations, establish an IT steering committee that is composed of management from all relevant stakeholder functional areas, including the IT office, program office, and financial reporting office to ensure that system implementation meets the needs of all users and that policies, procedures, and system controls are appropriately redesigned, as necessary, to respond to the process changes resulting from the system implementation

No. 2 to FAA

Establish policies, procedures, and controls over the periodic review of inventory unit values and develop the process for extracting the necessary reports and recording the adjustments in LCSS.

No. 3 to FAA

Establish policies, procedures, and controls to ensure that the inventory values assigned by LCSS are appropriate based on the asset condition.

No. 4 to FAA

Establish policies, procedures, and controls to reconcile the inventory items that exist in the warehouse and are recorded in WMS with the inventory items recorded in LCSS.

No. 5 to FAA

Perform an analysis of inventory by accounting groups and condition classifications to ensure that assets are recorded in LCSS with the appropriate condition code and the appropriate value

No. 6 to FAA

Provide training to the repair shop technicians on the new process of applying costs to LCSS shop orders to ensure repair costs are completely and accurately recorded.

No. 7 to FAA

Revise its policies and procedures to ensure that all assets, regardless of whether or not the assets were capitalized into PPE or expensed, that may require future decommissioning and cleanup activities are included in the liability.

Audit Report: QC2017010 issued on 11.10.2016
Quality Control Review for the Surface Transportation Board’s Audited Consolidated Financial Statements for Fiscal Year 2016
Closed on 02.08.2017
No. 1 to STB

STB officials should ensure that unfunded FECA liabilities and FECA actuarial liabilities are calculated and included in year-end financial statements and related footnotes.

No. 2 to STB

STB officials should ensure that significant abnormal general ledger balances are researched and corrected prior to preparation of financial reports.

Audit Report: AV2017009 issued on 11.10.2016
Total Costs, Schedules, and Benefits of FAA’s NextGen Transformational Programs Remain Uncertain
No. 1 to FAA

Develop and implement Agency-wide guidance for a uniform approach to segmentation that provides a common format to aid the management of multiple, complex, and interrelated programs needed to achieve NextGen capabilities for transforming the NAS.

Audit Report: FI2017008 issued on 11.09.2016
DOT Continues to Make Progress, but the Department’s Information Security Posture Is Still Not Effective
No. 1 to OST

Take action to work with all OAs to complete expired authorizations and reinforce or strengthen policy requiring systems be reauthorized prior to their expiration dates.

No. 2 to OST

Take action to work with all OAs to perform a thorough CSAM quality review to ensure system documentation matches what is entered into CSAM. At a minimum, the review should verify that: (1) system authorization dates in CSAM match what is approved by the authorizing official; (2) POAMs are created and reported once a security weakness is found; and (3) authorizing officials are provided accurate documentation on all risks accepted.

No. 3 to OST

Take action to work with FAA, FHWA, FMCSA, FTA, MARAD, NHTSA, and OST to develop risk acceptance memos for the expired systems identified in this report.

No. 4 to OST

The Deputy Secretary, or his designee, take action to work with OST COE, FTA, and FAA, the common control providers, to report and update risk acceptance for shared controls that are not implemented in DOT's Repository (e.g., CSAM) per FISMA, OMB, and DOT requirements.

No. 5 to FAA

Take action to work with FAA and require them to review CSAM POA&M entries, and identify and correct cases where multiple weaknesses were entered as one.

No. 6 to OST

Perform a review of CSAM POA&Ms and assess if the entries are compliant with DOT policy. For deficient data, require OAs to provide a corrective action plan.

No. 7 to OST

The Deputy Secretary, or his designee, take action to identify and document OST COE compensating controls when used to address security weaknesses in CSAM and system authorizations.

No. 8 to OST

The Deputy Secretary, or his designee, take action to report/update OST COE security weaknesses found during vulnerability assessments in DOT's Repository (e.g., CSAM) per FISMA, OMB, and DOT requirements.

Audit Report: FI2017006 issued on 11.07.2016
Improvements Increase DOT’s Compliance With the Reducing Over-Classification Act
No. 1 to OST

Implement protocols or practices to identify DOT employees outside FAA who are missing nondisclosure forms and have each of these employees complete the agreement.

No. 2 to OST

Implement protocols or practices to reinforce guidance on the marking of classified documents and to periodically assess compliance.

No. 3 to OST

Dedicate additional resources to oversee FAA's self-inspection program.

No. 4 to FAA

Implement protocols or practices to identify FAA employees who are missing nondisclosure forms and have each of these employees complete the agreement.

No. 5 to FAA

Implement protocols or practices to reinforce guidance on the marking of classified documents and to periodically assess compliance.

No. 6 to FAA

Identify all employees whose duties significantly involve the creation, handling, or management of classified information, and update any performance plan that is missing a critical element on management of classified information.

No. 7 to FAA

Implement protocols or practices to enhance the quality of self-inspection reports and to periodically assess compliance.

Audit Report: ST2017004 issued on 11.02.2016
Improvements in FTA’s Safety Oversight Policies and Procedures Could Strengthen Program Implementation and Address Persistent Challenges
No. 1 to FTA

Finalize and issue policies and procedures for assuming direct safety oversight authority, including criteria and decision-making processes, and communicate the policies and procedures within the Agency.

No. 2 to FTA

Communicate the policies and procedures for assuming direct safety oversight to the rail transit industry.

No. 3 to FTA

Finalize and issue policies and procedures for relinquishing oversight authority to ensure an efficient transition of responsibilities back to the SSOA and communicate the policies and procedures within the Agency.

No. 4 to FTA

Communicate the policies and procedures for relinquishing direct safety oversight to the rail transit industry.

No. 5 to FTA

Finalize a plan with milestones to create a data-driven, risk-based safety oversight system.

No. 6 to FTA

Update FTA's methodology to meet the triennial SSOA audit requirement for all SSOAs.

No. 7 to FTA

Finalize a plan with milestones for periodically updating the National Safety Plan.

Audit Report: ST2017002 issued on 10.14.2016
Insufficient Guidance, Oversight, and Coordination Hinder PHMSA’s Full Implementation of Mandates and Recommendations
No. 1 to PHMSA

Develop and issue an agency-wide policy for implementing mandates and recommendations. The policy should, at a minimum, establish: a) Specific roles, responsibilities, and authorities of the Chief Counsel, Chief Safety Officer, and the Associate Administrators for Pipeline and Hazardous Materials Safety; b) Requirements for developing a plan to address each mandate and recommendation; c) Requirements for assigning responsibilities to each team member, in particular to team leads, for carrying out this policy; d) Requirements for retaining documentation in accordance with the Department of Transportation records management policy; and e) Management controls including oversight processes for the implementation of mandates and recommendations.

Closed on 03.13.2017
No. 2 to PHMSA

Develop and implement a rulemaking prioritization process that requires assessment of risk.

No. 3 to PHMSA

Develop written agreements with the FAA, FMCSA, and FRA on appropriate coordination for rulemaking and the international standards development process. At a minimum, the agreements should cover roles and responsibilities, communication protocols, and required documentation on decisions.

No. 4 to PHMSA

Provide guidance to OHMS on implementing its written agreements with other Operating Administrations.

No. 5 to PHMSA

Develop and implement an internal policy on the dispute resolution process that includes criteria and timeframes for when to use the process.

Audit Report: FI2017001 issued on 10.13.2016
DOT Cybersecurity Incident Handling Is Ineffective and Incomplete
No. 1 to OST

Enforce DOT's current policy for incident monitoring to ensure the Cyber Security Management Center's access to FAA's NAS systems and departmental cloud systems, or update the policy to reflect the unique reporting structures between DOT and FAA.

No. 2 to OST

Establish policy and controls for the use of maintenance data terminals to reduce the incidence of malware on these terminals

No. 3 to OST

Implement a ranking method for incidents.

No. 4 to OST

Require OAs to provide their network maps to the Cyber Security Management Center.

Audit Report: SA2016107 issued on 09.19.2016
State of Illinois, Springfield, IL
No. 1 to FHWA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

No. 2 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements. (Findings 2015-069 (Wage Rate requirements) & 2015-072 (Construction Materials Sampling and Testing)).

No. 3 to OST

Ensure the State complies with the Special Tests and Provisions Requirements. (Finding 2015-069 (Wage Rate requirements).

No. 4 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements.

No. 5 to FHWA

Ensure the State complies with the Information System Requirements.

No. 6 to FAA

Ensure the State complies with the Information System Requirements.

No. 7 to OST

Ensure the State complies with the Information System Requirements.

No. 8 to FHWA

Ensure the State complies with the Reporting Requirements (Finding 2015-073).

Closed on 02.01.2017
No. 9 to FRA

Ensure the State complies with the Reporting Requirements (Finding 2015-073).

No. 10 to OST

Ensure the State complies with the Reporting Requirements (Finding 2015-073 & 2015-074).

Audit Report: SA2016112 issued on 09.19.2016
Government of Guam, Hagatna, Guam
Closed on 12.16.2016
No. 1 to FHWA

Ensure the Government of Guam complies with Equipment and Real Property Management Requirements.

Audit Report: SA2016106 issued on 09.19.2016
State of West Virginia, Charleston, WV
No. 1 to FHWA

Ensure the State complies with the Activities Allowed or Unallowed and Allowable Costs/Cost Principles Requirements.

$29,901
No. 2 to FHWA

Recover $29,901 from the State, if applicable..

Audit Report: SA2016115 issued on 09.19.2016
Texoma Area Paratransit System, Inc., Sherman, TX
No. 1 to FTA

Ensure TAPS complies with the Special Tests and Provisions Requirements.

No. 2 to FTA

Ensure TAPS complies with Activities Allowed or Unallowed, Allowable Costs/Cost Principles Requirements.

No. 3 to FTA

Ensure TAPS complies with Cash Management Requirements.

No. 4 to FTA

Ensure TAPS complies with Equipment and Real Property Management Requirements.

No. 5 to FTA

Ensure TAPS complies with Matching, Level of Effort, and Earmarking Requirements.

No. 6 to FTA

Ensure TAPS complies with Procurement and Suspension and Debarment Requirements.

No. 7 to FTA

Ensure TAPS complies with Reporting Requirements.

Audit Report: SA2016108 issued on 09.19.2016
State of New Mexico, Department of Public Safety, Santa Fe, NM
No. 1 to NHTSA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

$29,500
No. 2 to NHTSA

Determine their portion of the $59,000 in Questioned Costs and recover from the State, if applicable.

No. 3 to FMCSA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

$29,500
No. 4 to FMCSA

Determine their portion of the $59,000 in Questioned Costs and recover from the State, if applicable.

No. 5 to NHTSA

Ensure the State complies with the Reporting Requirements.

No. 6 to FMCSA

Ensure the State complies with the Reporting Requirements.

Audit Report: SA2016113 issued on 09.19.2016
Texoma Area Paratransit System, Inc., Sherman, TX
No. 1 to FTA

Ensure the TAPS complies with the Special Tests and Provisions Requirements.

No. 2 to FTA

Ensure TAPS complies with Activities Allowed or Unallowed, Allowable Costs/Cost Principles Requirements.

No. 3 to FTA

Ensure TAPS complies with Cash Management Requirements.

No. 4 to FTA

Ensure TAPS complies with Equipment and Real Property Management Requirements.

No. 5 to FTA

Ensure TAPS complies with Matching, Level of Effort, and Earmarking Requirements.

No. 6 to FTA

Ensure TAPS complies with Procurement and Suspension and Debarment Requirements.

No. 7 to FTA

Ensure TAPS complies with Reporting Requirements.

Audit Report: SA2016103 issued on 09.19.2016
State of Rhode Island Providence Plantations, Providence, RI
Closed on 11.28.2016
No. 1 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements.

Closed on 09.30.2016
$138,091
No. 2 to FHWA

Recover $138,091 from the State, if applicable.

Audit Report: SA2016104 issued on 09.19.2016
State of Vermont, Montpelier, VT
No. 1 to FAA

Ensure the State complies with Reporting Requirements.

Audit Report: SA2016109 issued on 09.19.2016
State of Colorado, Denver, CO
No. 1 to FHWA

Ensure the State complies with the Reporting Requirements.

No. 2 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements.

Audit Report: SA2016105 issued on 09.19.2016
County of Lackawanna Transit System Authority, Scranton, PA
No. 1 to FTA

Ensure the Authority complies with the Reporting Requirements.

No. 2 to FTA

Ensure the Authority complies with the Cash Management Requirements.

No. 3 to FTA

Ensure the Authority complies with the Special Tests and Provisions Requirements.

Audit Report: SA2016114 issued on 09.19.2016
Virgin Islands Port Authority, St. Thomas, VI
Closed on 11.28.2016
No. 1 to FAA

Ensure the Port Authority complies with Special Tests and Provisions (Wage Rate) Requirements. Requirements.

Audit Report: SA2016110 issued on 09.19.2016
State of Michigan, Lansing, MI
No. 1 to FHWA

Ensure the State complies with the Activities Allowed or Unallowed Requirements.

Audit Report: SA2016111 issued on 09.19.2016
Assiniboine and Sioux Tribes of the Fort Peck Indian Reservation, Poplar, MT
No. 1 to FHWA

Ensure the Tribes comply with Davis-Bacon Act Requirements.

Audit Report: SA2016101 issued on 09.12.2016
State of Florida, Tallahassee, FL
No. 1 to FHWA

Ensure the State complies with Matching, Level of Effort, and Earmarking Requirements.

$26,110
No. 2 to FHWA

Recover $26,110 from the State, if applicable.

No. 3 to FHWA

Ensure the State complies with Special Tests and Provisions Requirements.

Closed on 11.30.2016
No. 4 to FTA

Ensure the State complies with Reporting Requirements.

Audit Report: SA2016102 issued on 09.12.2016
State of Alaska, Juneau, AK
Closed on 11.30.2016
No. 1 to FHWA

Ensure the State complies with Allowable Costs/Cost Principles Requirements.

Closed on 11.30.2016
$43,045
No. 2 to FHWA

Recover $43,045 (Question Cost of $42,557 related to finding 2015-040 and $488 related to 2015-041) from the State, if applicable.

Audit Report: SA2016098 issued on 09.12.2016
City of Jackson, Jackson, MS
Closed on 11.30.2016
No. 1 to FTA

Ensure the City complies with the Davis-Bacon Act (Wage Rate) Requirements.

Closed on 11.30.2016
No. 2 to FTA

Ensure the City complies with the Procurement and Suspension and Debarment Requirements.

Audit Report: SA2016099 issued on 09.12.2016
Territory of American Samoa, Pago Pago, American Samoa
Closed on 02.01.2017
No. 1 to FAA

Ensure the Territory complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016100 issued on 09.12.2016
State of Indiana, Indianapolis, IN
Closed on 11.28.2016
No. 1 to FHWA

Ensure the State complies with Special Tests and Provisions (Wage Rate) Requirements.

Audit Report: FI2016097 issued on 09.08.2016
DOT’s Conference Spending Policies Reflect Federal Requirements, but Ineffective Controls Do Not Ensure Compliance
No. 1 to OST

Revise Department-wide policies and procedures to clarify how to accurately identify and report conferences and conference-related activities and require Operating Administrations to review their policies and procedures and revise as needed to align with the Department.

No. 2 to OST

Develop and implement procedures for tracking, compiling, and maintaining conference costs data.

No. 3 to OST

Require Operating Administrations to reconcile their conferences expenditures and publicly report actual conference costs incurred as required by OMB.

No. 4 to OST

Revise the Department's travel reimbursement policy to clarify conference travel expenditures that can be claimed and enforce the revised policy to prevent double reimbursements, unentitled per diem reimbursements, and other overpayments.

$1,589
No. 5 to OST

Collect $1,589 of overpaid per diem reimbursements from conference travelers as identified in this report.

$856,009
No. 6 to OST

Develop and implement additional internal controls to help ensure Department-wide compliance with Federal laws, regulations, and OMB requirements on conference approval, reporting, and spending—including compliance with OMB Memorandum M-12-12, which prohibits incurring obligations prior to proper approval. Implementation of internal controls could have put $856,009 in funds to better use.

Audit Report: QC2016096 issued on 08.31.2016
Quality Control Review of Controls over DOT’s Enterprise Services Center
Sensitive
No. 1 to FAA

Sensitive information redacted

Sensitive
No. 2 to FAA

Sensitive information redacted

Closed on 10.13.2016
Sensitive
No. 3 to FAA

Sensitive information redacted

Audit Report: ST2016095 issued on 08.25.2016
FHWA Does Not Effectively Ensure States Account for Preliminary Engineering Costs and Reimburse Funds as Required
No. 1 to FHWA

Conduct an assessment of the risks and existing controls associated with the Division Offices' oversight of State's processes to track PE projects, and identify improvements to Division Office oversight.

No. 2 to FHWA

Conduct an assessment of the accuracy and completeness of PE project authorizations. Correct any errors in FMIS projects that should be coded as PE as a result of this assessment.

No. 3 to FHWA

Update FHWA Order 5020.1 or develop Agency guidance to state FHWA's policy concerning compliance with Title 23 U.S.C. Section 102(b ), including the following: a) Define when a project progresses to right-of-way or construction; b) Describe accurate coding parameters for PE projects in FMIS; c) Define the means of tracking the 10-year limit for PE projects, including those involving multiple Federal project numbers; d) Define recordkeeping and documentation expectations for tracking reimbursements, extending the 10-year limit, and decisions not to pursue reimbursements; e) Define roles and responsibilities for Division Offices and FHWA Headquarters for consistent oversight and enforcement of PE requirements before and after the 10-year limit; f) Define FHWA Headquarters' policy on resolving differences arising between Division Offices and States regarding required PE actions.

$1,100,000,000
No. 4 to FHWA

Obtain a legal determination from the Office of the Secretary to permit SPES projects and similar funding agreements and establish internal controls to ensure compliance with Federal requirements. Implementing this recommendation could put the $1.1 billion in PE funds to better use.

$3,300,000,000
No. 5 to FHWA

Develop and implement financial controls and processes to monitor PE projects exceeding the 10-year limit, approved extensions, and reimbursements not pursued when PE projects do not progress within the 10-year limit. Implementing this recommendation could put $3.3 billion in PE funds to better use.

No. 6 to FHWA

Develop performance measures that track compliance with the 10-year limit and report progress.

$143,000,000
No. 7 to FHWA

For the $143 million in PE projects questioned in this report without adequate justification for time extensions or avoided repayments, obtain from the States appropriate support or repayment of PE expenditures as required.

Audit Report: AV2016094 issued on 08.25.2016
FAA Lacks a Clear Process for Identifying and Coordinating NextGen Long-Term Research and Development
No. 1 to FAA

Establish and document a process with clear roles and responsibilities for identifying and prioritizing long-term R&D for air traffic management and related efforts.

No. 2 to FAA

Link the long-term vision for NextGen, once completed, with current R&D efforts to identify any additional R&D that may be required.

No. 3 to FAA

Finalize the MOU that establishes the organizational structure and responsibilities for FAA and its partner agencies.

Closed on 02.23.2017
No. 4 to FAA

Update the RTT document to include: a. Assignments by position instead of by name; b. Updated organization names and roles; and c. Current projects in an annex rather than in the main document to allow for easier updates.

No. 5 to FAA

Have SPC's six high-priority NextGen capabilities validated by an external entity, such as the REDAC to ensure that they are on the critical path for NextGen development, as well as ensure that there are not other areas that warrant additional attention.

Audit Report: SA2016086 issued on 08.05.2016
San Francisco Bay Area Rapid Transit District, Oakland, CA
No. 1 to FTA

Ensure the District complies with Special Tests and Provisions (Wage Rate) Requirements.

Audit Report: SA2016082 issued on 08.05.2016
State of California, Sacramento, CA
Closed on 02.01.2017
No. 1 to FRA

Ensure the State complies with the Special Tests and Provisions Requirements.

Audit Report: SA2016087 issued on 08.05.2016
North Coast Railroad Authority, Ukiah, CA
No. 1 to OST

Ensure the Authority Complies with Reporting Requirements.

No. 2 to OST

Ensure the Authority complies with Fixed Charge Coverage Ratio Requirements.

Audit Report: SA2016083 issued on 08.05.2016
State of New Jersey, Trenton, NJ
No. 1 to NHTSA

Ensure the State complies with the Reporting Requirements.

No. 2 to NHTSA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

No. 3 to NHTSA

Ensure the City complies with the Subrecipient Monitoring Requirements.

Audit Report: SA2016088 issued on 08.05.2016
Waccamaw Regional Transportation Authority, Conway, SC
Closed on 11.28.2016
No. 1 to FTA

Ensure the Authority complies with the Cash Management Requirements.

Closed on 11.28.2016
$65,842
No. 2 to FTA

Recover $65,842 from the Authority, if applicable.

Audit Report: SA2016084 issued on 08.05.2016
State of North Carolina, Raleigh, NC
No. 1 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements. (Findings 2015-017, 018, 019, and 020).

Closed on 11.28.2016
No. 2 to FRA

Ensure the State complies with the Special Tests and Provisions Requirements (Finding 2015-021).

Audit Report: SA2016085 issued on 08.05.2016
State of Tennessee, Nashville, TN
No. 1 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements.

$83,782
No. 2 to FHWA

Recover $83,782 from the State, if applicable.

No. 3 to FTA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

$12,555
No. 4 to FTA

Recover $12,555 from the State, if applicable.

Audit Report: SA2016078 issued on 08.05.2016
City and County of Honolulu, Honolulu, HI
No. 1 to FTA

Ensure the City and County complies with the Special Tests and Provisions (Wage Rate) Requirements.

Audit Report: SA2016079 issued on 08.05.2016
Commonwealth of Pennsylvania, Harrisburg, PA
Closed on 09.30.2016
No. 1 to FHWA

Ensure the Commonwealth complies with the Subrecipient Monitoring Requirements.

Audit Report: SA2016080 issued on 08.05.2016
Puerto Rico and Municipal Islands Maritime Transport Authority, San Juan, PR
No. 1 to FTA

Ensure the Authority complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016081 issued on 08.05.2016
Puerto Rico Metropolitan Bus Authority, San Juan, PR
Closed on 11.30.2016
No. 1 to FTA

Ensure that the Authority complies with the Equipment and Real Property Management Requirements.

Audit Report: ZA2016077 issued on 07.21.2016
FTA Can Improve Its Oversight of Hurricane Sandy Relief Funds
Closed on 07.29.2016
$17,700,000
No. 1 to FTA

Recover the $17.7 million in ineligible DRAA funds.

No. 2 to FTA

Implement oversight procedures to follow up on identified risks, such as expenditures denied for inclusion in a grant.

No. 3 to FTA

Implement procedures to ensure change order reviews conducted by FTA and integrity monitors include steps to evaluate whether change orders are approved in accordance with FTA policy.

Closed on 09.26.2016
No. 4 to FTA

Direct MTA and NYCT to implement procedures to ensure that change orders have documented management approvals and dated signatures before they are issued, per FTA policy.

Closed on 12.02.2016
No. 5 to FTA

Revise FTA's change order approval policy to address the use of blanket approvals to clearly state whether they are allowable or not. If allowable, establish parameters for their use.

Audit Report: SA2016072 issued on 06.16.2016
State of South Dakota, Pierre, SD
Closed on 11.30.2016
No. 1 to FTA

Ensure the State complies with the Subrecipient Monitoring Requirements.

Closed on 11.30.2016
$237,996
No. 2 to FTA

Recover $237,996 from the State, if applicable.

Audit Report: SA2016073 issued on 06.16.2016
City of Dubuque, Dubuque, IA
No. 1 to FTA

Ensure the City complies with the Matching, Level of Effort, and Earmarking Requirements.

Audit Report: SA2016074 issued on 06.16.2016
Yolo County Transportation District, Woodland, CA
Closed on 11.30.2016
No. 1 to FTA

Ensure the District complies with the Allowable Costs/Cost Principles Requirements.

Closed on 11.30.2016
$11,641
No. 2 to FTA

Recover $11,641 from the District, if applicable.

Audit Report: SA2016069 issued on 06.16.2016
City of Atlanta, Atlanta, GA
No. 1 to OST

Ensure the City complies with the Subrecipient Monitoring Requirements.

Audit Report: SA2016070 issued on 06.16.2016
State of Georgia, Atlanta, GA
No. 1 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements.

Audit Report: SA2016071 issued on 06.16.2016
State of Nebraska, Lincoln, NE
No. 1 to FTA

Ensure the State complies with the Subrecipient Monitoring Requirements.

$111,807
No. 2 to FTA

Recover $111,807 from the State, if applicable.

No. 3 to FTA

Ensure the State complies with the Reporting Requirements.

Audit Report: AV2016068 issued on 06.16.2016
Improvements Needed in DOT’s Process for Identifying Unfair or Deceptive Practices in Airline Frequent Flyer Programs
Closed on 09.29.2016
No. 1 to OST

Provide training to DOT analysts on what constitutes unfair and deceptive practices.

No. 2 to OST

Define what constitutes reasonable notice for consumers regarding changes to frequent flyer programs' terms and conditions, and require airlines to provide such notice.

Audit Report: AV2016067 issued on 05.31.2016
FAA Lacks Sufficient Oversight of the Aircraft Rescue and Fire Fighting Program
Closed on 02.08.2017
No. 1 to FAA

Establish minimum requirements for inspectors' review of airports' compliance with Aircraft Rescue and Fire Fighting regulations.

No. 2 to FAA

Update the inspection checklist for Airport Certification Inspections to include these requirements: a. determining whether airports have conducted tests of fire-extinguishing agents; b. reviewing vehicle maintenance records; c. reviewing training materials; and d. reviewing the type of foam airports use to ensure airports meet Federal requirements.

No. 3 to FAA

Document what items were reviewed to determine airport compliance under the Aircraft Rescue and Fire Fighting requirements in the inspection checklist for Airport Certification Inspections to include: a. which vehicles were reviewed to determine compliance with each regulation, such as which vehicles were inspected for their ability to discharge agent and execute the response time tests; b. which personnel protective equipment were inspected; and c. dates of the full scale triennial emergency exercise and annual review of the Airport Emergency Plan.

Closed on 02.13.2017
No. 4 to FAA

Provide training to inspectors on the updated inspection checklist for Airport Certification Inspections.

No. 5 to FAA

Implement the requirement under FAA's Compliance and Enforcement Policy for FAA Headquarters to review regional inspection program activities of the Aircraft Rescue and Fire Fighting program on a 3-year cycle.

Closed on 12.15.2016
No. 6 to FAA

Issue guidance to airport inspectors clarifying when inspectors should: (1) issue a formal Letter of Investigation and (2) investigate serious discrepancies to determine and document the cause of these discrepancies.

No. 7 to FAA

Require FAA to periodically analyze Aircraft Rescue and Fire Fighting enforcement data nationwide to identify airports with serious Aircraft Rescue and Fire Fighting violations and verify they are corrected to prevent future discrepancies with the regulations. Document analysis and steps to ensure violations are corrected.

No. 8 to FAA

Develop a process to ensure the Office of Airports reports its Aircraft Rescue and Fire Fighting enforcement actions to FAA's Enforcement Information System database according to FAA Order 2150.3B.

No. 9 to FAA

Require inspectors to review airports' training materials and other documentation that shows the items taught during each of its training classes used for Aircraft Rescue and Fire Fighting personnel in each of the Aircraft Rescue and Fire Fighting areas required under 14 CFR Part 139 to ensure airports train personnel in a manner authorized by FAA.

No. 10 to FAA

Identify and implement best practices regarding the content, length, and methods of teaching each of the 11 Aircraft Rescue and Fire Fighting subject areas.

Audit Report: FI2016066 issued on 05.13.2016
DOT’s Fiscal Year 2015 Improper Payment Reporting Does Not Comply with IPERA Requirements
No. 1 to OST

Publish future year outlays in the AFRs that match the President's Budget as required by OMB A-136.

Closed on 09.26.2016
No. 2 to OST

Monitor FHWA's progress on the new corrective actions they initiated to reduce the HPC program improper payments and achieve the FY16 reduction target rates.

Audit Report: ZA2016065 issued on 05.09.2016
FAA Lacks Adequate Controls To Accurately Track and Award Its Sole Source Contracts
No. 1 to FAA

Establish and implement a standard operating proced ure to verify the accuracy of F AA's sole-source contract data submitted to OST for annual reporting to Congress.

No. 2 to FAA

Establish and implement additional actions to re duce the use of sole-source contracting, including the use of performance measures that are tracked periodically. At a minimum, these actions should include steps to address FAA's acquisition of proprietary technologies.

No. 3 to FAA

Establish and implement a standardized process for identifying and assessing potential follow-on procurements, to improve FAA's ability to identify requirements that can be competed in the future.

No. 4 to FAA

Establish and implement an oversight process to adequately review sole-source procurements prior to award to ensure that they comply with AMS pre-award requirements.

No. 5 to FAA

Update AMS policy and guidance to cla rify pre-award requirements fo r sole-source awards. At a minimum, FAA should clarify policy and guidance related to procurement plans, conflict of interest agreements, pre-award public announcements, market analysis, sole-source justifications, IGCEs, and simplified acquisition procedures.

Audit Report: ZA2016064 issued on 05.09.2016
Weaknesses Identified in Volpe’s Cost Accounting Practices for the V-TRIPS Contract
No. 1 to OST

Require Volpe to implement written cost accounting policies and procedures that comply with Federal accounting standards and DOT policies.

Closed on 03.09.2017
No. 2 to OST

Work with Volpe to identify those recommendations deemed appropriate from the 2015 draft Deloitte report and take action to implement them.

$4,960,165
No. 3 to OST

Require Volpe to comply with the RMA limits specified in DOT Order 2300.6E, provide an annual accounting of the RMA, and work with the Office of General Counsel to establish a legally appropriate plan to resolve the excess $5 million in the RMA as of 2015.

No. 4 to OST

Improve Volpe's internal management controls—including timely reconciliations (e.g., invoices to appropriate funding sources)—to prevent, detect, and correct billing errors, such as those identified in this report.

Audit Report: SA2016062 issued on 04.27.2016
State of Louisiana, Baton Rouge, LA
Closed on 02.01.2017
No. 1 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements. (Findings 2015-14 and 2015-17).

Closed on 02.01.2017
No. 2 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements. (Finding 2015-17).

Closed on 02.01.2017
$639,030
No. 3 to FHWA

Recover $639,030 from the State, if applicable (Finding 2015-017).

Closed on 02.01.2017
$19,472
No. 4 to FHWA

Recover $19,472 from the State, if applicable (Finding 2015-17).

Closed on 02.01.2017
No. 5 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements.

Closed on 11.28.2016
No. 6 to NHTSA

Ensure the State complies with the Period of Availability of Funds Requirements.

Closed on 11.28.2016
$737,895
No. 7 to NHTSA

Recover $737,895 from the State, if applicable.

Audit Report: SA2016061 issued on 04.27.2016
Washington Metropolitan Area Transit Authority, Washington DC
No. 1 to FTA

Ensure the Authority complies with the Allowable Costs/Cost Principles Requirements.

Closed on 09.30.2016
$27,385,100
No. 2 to FTA

Recover $27,385,124 (Questioned Costs of $23,582,013 relate to findings 2015-005 and 2015-006. Questioned Costs of $3,803,111 relate to finding 2015-015) from the Authority, if applicable.

No. 3 to FTA

Ensure the Authority complies with the Special Tests and Provisions Requirements.

No. 4 to FTA

Ensure the Authority complies with the Cash Management Requirements.

No. 5 to FTA

Ensure the Authority complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016063 issued on 04.27.2016
Virgin Islands Port Authority, St. Thomas, VI
Closed on 08.31.2016
No. 2 to FAA

Ensure the Authority complies with the Equipment and Real Property Management Requirements.

Audit Report: ST2016059 issued on 04.21.2016
FRA Lacks Guidance on Overseeing Compliance with Bridge Safety Standards
Closed on 11.09.2016
No. 1 to FRA

Issue guidance for specialists to implement a data-driven, risk-based methodology for prioritizing bridge safety reviews.

No. 2 to FRA

Develop and implement a plan to identify and regularly update a comprehensive list of entities regulated by FRA's bridge safety standards.

Closed on 10.17.2016
No. 3 to FRA

Issue guidance that defines how bridge safety specialists should conduct their oversight reviews.

Closed on 05.20.2016
No. 4 to FRA

Require that bridge safety specialists report all instances of regulatory non-compliance in their reviews as defects.

Closed on 10.17.2016
No. 5 to FRA

Issue guidance that defines how bridge safety specialists should track and follow-up on identified issues of regulatory non-compliance to verify that owners take remedial actions.

Closed on 05.20.2016
No. 6 to FRA

Issue guidance that defines when and how bridge safety specialists should recommend civil penalties for non-compliance with Bridge Safety Standards.

Audit Report: ST2016058 issued on 04.12.2016
FTA Monitored Grantees’ Corrective Actions, but Lacks Policy and Guidance To Oversee Grantees With Restricted Access to Federal Funds
Closed on 01.12.2017
No. 1 to FTA

Develop and issue policies and guidance for overseeing grantees under Federal funding restrictions. At a minimum, these policies and guidance should address: a. reviewing grantee invoices; b. tracking corrective actions for grantees who have been placed on Federal funding restriction, including roles and responsibilities of those involved in monitoring and oversight; c. improving documentation of grantees' actions used to justify closure of recommendations; and d. centrally documenting FTA's oversight of grantees under Federal Funding restrictions in a manner that allows it to identify and address common problems and nationwide trends.

Audit Report: ZA2016057 issued on 03.28.2016
FTA Did Not Adequately Verify PATH’s Compliance With Federal Procurement Requirements for the Salt Mitigation of Tunnels Project
Closed on 07.06.2016
No. 2 to FTA

Enforce FTA's Hurricane Sandy oversight requirement to conduct quarterly Salt Mitigation Project change order reviews that test PATH's compliance with FTA procurement requirements.

Audit Report: FI2016056 issued on 03.22.2016
The Volpe Center’s Information Technology Infrastructure Is at Risk for Compromise
Sensitive
No. 1 to RITA

Sensitive information redacted

Closed on 01.27.2017
No. 2 to RITA

Implement security measures for protecting PII in accordance with DOT Chief Information Officer Departmental Privacy Risk Management Policy.

No. 3 to RITA

Install a network-based intrusion detection and prevention solution to complement the current host-based systems, enabling more comprehensive and accurate detection and prevention of malicious activity on the network, including traffic coming from trusted connections.

Closed on 11.01.2016
No. 4 to RITA

Implement a network admission control solution to ensure only authorized users can access network resources.

No. 5 to RITA

Conduct regular vulnerability assessments and scans of the LAN to identify known vulnerabilities and common misconfigurations, and implement a policy that holds system administrators accountable for remediating identified vulnerabilities.

No. 6 to RITA

Develop and execute interconnection security agreements with clients that it contracts with for network space on the IT infrastructure in accordance with NIST and DOT policy and guidelines.

No. 7 to RITA

Develop and maintain a complete inventory of authorized network devices accessible to staff who monitor departmental networks.

Closed on 11.01.2016
No. 8 to RITA

Implement a procedure to require the ISSM's approval before any device, including virtualized and other non-physical IT devices, is connected to the LAN, to include development and project systems.

Audit Report: SA2016052 issued on 03.16.2016
Dallas Area Rapid Transit, Dallas, TX
Closed on 09.30.2016
No. 1 to FTA

Ensure that Dallas Area Rapid Transit complies with the Reporting Requirements.

Audit Report: SA2016053 issued on 03.16.2016
Nanwalek IRA Council, Nanwalek, AK
No. 1 to FHWA

Ensure the Council complies with the Allowable Costs/Cost Principles Requirements.

$255,941
No. 2 to FHWA

Recover $255,941 from the Council, if applicable.

Audit Report: SA2016047 issued on 03.16.2016
Klawock Cooperative Association, Klawock, AK
Closed on 09.30.2016
No. 1 to FHWA

Ensure the Association complies with the Activities Allowed or Unallowed and Allowable Costs/Cost Principles Requirements.

$10,719
No. 2 to FHWA

Recover $10,719 from the Association, if applicable.

No. 3 to FHWA

Ensure the Association complies with the Subrecipient Monitoring Requirements.

Closed on 09.30.2016
$78,502
No. 4 to FHWA

Recover $78,502 from the Association, if applicable.

Audit Report: SA2016054 issued on 03.16.2016
State of Hawaii, Department of Transportation, Highways Division, Honolulu, HI
Closed on 05.23.2016
No. 1 to FHWA

Ensure the State complies with the Davis-Bacon Act Requirements.

No. 2 to NHTSA

Ensure the State complies with the Cash Management Requirements.

Audit Report: SA2016055 issued on 03.16.2016
City of Charlotte, Charlotte, NC
Closed on 08.31.2016
No. 1 to OST

Ensure the City complies with the Reporting Requirements.

Audit Report: SA2016048 issued on 03.16.2016
City of Port Arthur, Port Arthur, TX
Closed on 09.30.2016
No. 1 to FTA

Ensure the City of Port Arthur complies with the Cash Management and Reporting Requirements.

Audit Report: SA2016049 issued on 03.16.2016
Jicarilla Apache Nation Governmental Services Department, Dulce, NM
Closed on 09.30.2016
No. 1 to FHWA

Ensure the Jicarilla Apache Nation complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016050 issued on 03.16.2016
State of New York, Albany, NY
No. 1 to FHWA

Ensure the State of New York complies with the Reporting Requirements.

Audit Report: SA2016051 issued on 03.16.2016
Joint Programs of the Shoshone and Arapaho Tribes of the Wind River Reservation, Fort Washakie, WY
No. 1 to FHWA

Ensure the Shoshone and Arapaho Tribes comply with the Special Tests and Provisions Requirements.

Audit Report: SA2016041 issued on 03.11.2016
Westchester County, White Plains, NY
Closed on 09.30.2016
No. 1 to FTA

Ensure the County complies with the Reporting Requirements.

Audit Report: SA2016046 issued on 03.11.2016
Metropolitan Transportation Authority, New York, NY
No. 1 to FTA

Ensure the Authority complies with the Procurement Requirements.

Closed on 12.16.2016
$2,029,700
No. 2 to FTA

Recover $2,029,701 from the Authority, if applicable.

Audit Report: SA2016042 issued on 03.11.2016
Washington Metropolitan Area Transit Authority, Washington, DC
No. 1 to FTA

Ensure the Authority complies with the Reporting Requirements.

No. 2 to FTA

Ensure the Authority complies with the Activities Allowed or Unallowed and Allowable Costs/Cost Principles Requirements.

Closed on 09.30.2016
$729,610
No. 3 to FTA

Recover $729,610 ($661,246 on Finding 017, $59,391 on Finding 018, and $8,973 on Finding 019) from the Authority, if applicable.

No. 4 to FTA

Ensure the Authority complies with the Equipment and Real Property Management Requirements.

No. 5 to FTA

Ensure the Authority complies with the Procurement and Suspension and Debarment Requirements.

No. 6 to FTA

Ensure the Authority complies with the Special Tests and Provisions Requirements.

Audit Report: SA2016036 issued on 03.11.2016
Federated States of Micronesia National Government, Palikir, Micronesia
Closed on 02.01.2017
No. 1 to FAA

Ensure the Micronesia National Government complies with the Allowable Costs/Cost Principles Requirements.

Closed on 12.16.2016
$49,760
No. 2 to FAA

Recover $49,760 from the Micronesia National Government, if applicable.

Closed on 12.16.2016
No. 3 to FAA

Ensure the Micronesia National Government Complies with the Reporting Requirements.

No. 4 to FAA

Ensure the Micronesia National Government Complies with the Equipment and Real Property Management Requirements.

Audit Report: SA2016040 issued on 03.11.2016
Greene County Transit Board, Xenia, OH
Closed on 08.31.2016
No. 1 to FTA

Ensure the County complies with the Allowable Costs/Cost Principles Requirements.

Closed on 08.31.2016
$19,989
No. 2 to FTA

Recover $19,989 from the County, if applicable.

Audit Report: SA2016038 issued on 03.11.2016
City of Kansas City, Kansas City, MO
Closed on 06.29.2016
No. 1 to FAA

Ensure the City complies with the Reporting Requirements.

Closed on 11.28.2016
No. 2 to OST

Ensure the City complies with the Activities Allowed or Unallowed Requirements.

Closed on 11.28.2016
No. 3 to FTA

Ensure the City complies with the Activities Allowed or Unallowed Requirements.

Audit Report: SA2016045 issued on 03.11.2016
PACE, the Suburban Bus Division of the Regional Transportation Authority, Arlington Heights, IL
Closed on 08.31.2016
No. 1 to FTA

Ensure that PACE complies with the Activities Allowed or Unallowed Requirements.

$222,972
No. 2 to FTA

Recover $222,972 from PACE, if applicable.

Audit Report: SA2016043 issued on 03.11.2016
Jacksonville Transportation Authority, Jacksonville, FL
No. 1 to FTA

Ensure the Authority complies with the Procurement and Suspension and Debarment Requirements.

$289,870
No. 2 to FTA

Recover $289,870 from the Authority, if applicable.

Audit Report: SA2016039 issued on 03.11.2016
Crow Tribe of Indians, Crow Agency, MT
No. 1 to FHWA

Ensure the Tribe complies with the Cash Management Requirements.

$2,773,489
No. 2 to FHWA

Recover $2,773,489 from the Tribe, if applicable.

Audit Report: SA2016030 issued on 03.08.2016
Neponset Valley Transportation Management Association Inc., Woburn, MA
Closed on 09.30.2016
No. 1 to FTA

Ensure the Association complies with the Activities Allowed or Unallowed and Allowable Costs/Cost Principles Requirements.

Closed on 09.30.2016
$14,003
No. 2 to FTA

Recover $14,003 from the Association, if applicable.

Audit Report: SA2016031 issued on 03.08.2016
National Railroad Passenger Corporation and Subsidiaries Amtrak, Washington, DC
Closed on 07.31.2016
No. 1 to FRA

Ensure that Amtrak complies with the Equipment and Real Property Requirements.

Closed on 07.31.2016
No. 2 to FRA

Ensure that Amtrak complies with Special Tests and Provisions Requirements.

Audit Report: SA2016025 issued on 03.08.2016
Metropolitan Transportation Commission Oakland, CA
Closed on 09.30.2016
No. 1 to FTA

Ensure the Commission complies with the Reporting Requirements.

Audit Report: SA2016027 issued on 03.08.2016
Regional Transportation District, Denver, CO
Closed on 12.16.2016
No. 1 to FHWA

Ensure the District complies with the Period of Availability Requirements.

Closed on 11.28.2016
$162,010
No. 2 to FHWA

Recover $162,010 from the District, if applicable.

Closed on 11.28.2016
$93,184
No. 3 to FHWA

Recover $93,184 from the District, if applicable. This affects finding #2013-2.

Closed on 12.16.2016
No. 4 to FHWA

Ensure the District complies with the Special Tests and Provisions Requirements.

Audit Report: SA2016028 issued on 03.08.2016
North Coast Railroad Authority, Ukiah, CA
No. 1 to OST

Ensure the Authority complies with the Reporting Requirements.

Closed on 07.31.2016
No. 2 to FRA

Ensure that Authority complies with the fixed charge coverage ratio Agreement with FRA.

Audit Report: FI2016024 issued on 03.03.2016
Multiple DOT Operating Administrations Lack Effective Information System Disaster Recovery Plans and Exercises
No. 1 to FMCSA

Develop, document, and implement user and system-level data backup processes for the FMCSA Enforcement Management Information System.

Closed on 01.30.2017
No. 2 to FRA

Develop, document, and implement user and system-level data backup processes for the FRA Railroad Safety Information System.

No. 3 to FMCSA

Specify alternate telecommunications services including necessary agreements for the FMCSA Enforcement Management Information System contingency plan.

No. 4 to PHMSA

Specify alternate telecommunications services including necessary agreements for the PHMSA Hazardous Materials Information System contingency plan.

Closed on 01.30.2017
No. 5 to FHWA

Update the contingency plans for the two FHWA systems: (1) Fiscal Management Information System and (2) Rapid Approval and State Payment System (RASPS) by: a. Developing a Business Impact Analysis for their two selected systems. b. Identifying allowable system unavailability timelines such as Maximum Tolerable Downtime (MTD) and Recovery Time Objective (RTO) for their system contingency plans. c. Reevaluating both systems' alternate backup data storage sites so they are geographically dispersed from the primary system operational site as required by DOT policy. d. Implementing a process for ensuring the encryption of backup data prior to transferring the data offsite.

Closed on 11.21.2016
No. 6 to FAA

Conduct annual functional contingency plan testing for FAA systems, including (1) Enhanced Flight Standards Automation System and (2) Web-based Operations Safety System.

Closed on 01.30.2017
No. 7 to FRA

Conduct annual functional contingency plan testing for the FRA Railroad Safety Information System.

No. 8 to FMCSA

Conduct annual functional contingency plan testing for the FMCSA Enforcement Management Information System.

Closed on 01.30.2017
No. 9 to PHMSA

Conduct annual functional contingency plan testing for the PHMSA Hazardous Materials Information System.

Audit Report: QC2016022 issued on 02.25.2016
Quality Control Review of the Management Letter for DOT’s Financial Statements for Fiscal Years 2015 and 2014
No. 1 to FTA

KPMG recommends FTA revise its grant accrual retrospective review procedures to ensure that the retrospective review is performed at the appropriate level of precision using relevant and reliable data inputs (including FFR reporting, UDO balances, and grant disbursements) and any resulting material adjustments are properly made to the grant accrual methodology.

Closed on 07.21.2016
No. 2 to FRA

KPMG recommended that FRA revise its grant accrual retrospective review procedures to ensure that the retrospective review is performed at the appropriate level of precision to prevent and/or detect a material misstatement and that all significant variances are researched and documented in order to assess the reasonableness of the grant accrual methodology.

No. 3 to FTA

KPMG recommends FTArevise its policies and procedures for monitoring obligations in order to more timely identify and de-obligate stale obligations.

$108,687,594
No. 4 to FHWA

KPMG recommends FHWA continue to emphasize the timely de-obligation of all stale obligations identified through the revised Supplemental Internal Procedures for the Review, Validation, and Testing of Inactive Obligations.

No. 5 to OST

KPMG recommends DOT develop and implement guidance to formally document its assessments and recognition decisions, in accordance with SFFAC No. 5, as it relates to liabilities of exchange transactions, specifically those decisions to depart from GAAP based on materiality.

No. 6 to OST

KPMG recommends IT Shared Services enhance data center procedures to ensure all access requests and approvals are retained in accordance with applicable DOT policies.

No. 7 to OST

KPMG recommends OST enhance account review processes and procedures to ensure that privileged service accounts are periodically reviewed for continued appropriateness, based on the principle of least privileged.

No. 8 to OST

KPMG recommends DOT Develop and implement policies and procedures, including increasing the level of precision of the quarterly review of Delphi access, to remove application access for separated employees and contractors immediately upon termination or when it is determined that a user's access is no longer required.

Audit Report: QC2016023 issued on 02.25.2016
Quality Control Review of the Management Letter for FAA’s Financial Statements for Fiscal Years 2015 and 2014
No. 1 to FAA

KPMG recommends FAA management revise policies and procedures to ensure proper segregation of duties over the processing of manual JVs at FAA HQ.

No. 2 to FAA

KPMG recommends FAA management emphasize the timely de-obligation of inactive UCOs identified during management's monitoring and review process.

No. 3 to FAA

KPMG recommends FAA management finalize the policies and procedures that specify the number of days within which property identified for disposal should be retired and recorded in the fixed asset sub-ledger.

No. 4 to FAA

KPMG recommends FAA provide training to the various regions and property owners on the new policies and procedures noted in recommendation.

No. 5 to FAA

KPMG recommends FAA continue to perform procedures to assess the amount of assets identified for retirement, by the various regions and property owners, which have not yet been recorded in the general ledger as of September 30th and record an accrual, as needed.

No. 6 to FAA

KPMG recommends FAA strengthen policies and procedures over the ER liability to include requirement to revalidate all key data inputs and assumptions on an annual basis.

No. 7 to FAA

KPMG recommends FAA strengthen policies and procedures over the ER liability to include requirement to document the key assumptions applied in the calculation of the liability.

No. 8 to FAA

KPMG recommends FAA strengthen policies and procedures over the estimation of the EC&D liability to include requirements to revalidate all key data inputs and assumptions on an annual basis.

No. 9 to FAA

KPMG recommends FAA strengthen policies and procedures over the estimation of the EC&D liability to include requirements to document the key assumptions applied in the calculation of the liability.

No. 10 to FAA

KPMG recommends FAA strengthen policies and procedures over the estimation of the EC&D liability to include requirements to review the reasonableness of the formulas and calculations in the estimate.

No. 11 to FAA

KPMG recommends FAA develop and implement procedures requiring periodic independent reviews of audit logs. The procedures should require reviews to be documented, include the items being reviewed, and the frequency within which the reviews should occur.

No. 12 to FAA

KPMG recommends FAA management develop and implement procedures requiring periodic reviews of audit logs for all platforms, including the database. The procedures should include the items being reviewed and the frequency within which the reviews should occur. Lastly, the System Security Plan (SSP) should be updated to reflect the new implementation.

No. 13 to FAA

KPMG recommends FAA management complete the implementation of procedures for granting physical access to the data center.

No. 14 to FAA

KPMG recommends FAA management complete the implementation of procedures for retaining authorizing documents and maintaining user listings of individuals that are granted access.

No. 15 to FAA

KPMG recommends FAA management complete the implementation of procedures for performing periodic reviews of access rights for existing data center users.

No. 16 to FAA

KPMG recommends FAA management complete the relocation of the system, as soon as possible, to a secure data center with strong physical access controls.

No. 17 to FAA

KPMG recommends FAA management update the SSP and relevant policies and procedures to ensure segregation of duties is maintained throughout the change management process. If restricting developers' access to production libraries and datasets is not technically feasible or not operationally practical, FAA should identify a compensating control, such as independently conducting and documenting a periodic review of audit logs to identify inappropriate and unauthorized changes implemented outside of the formal change management process.

No. 18 to FAA

KPMG recommends FAA management apply system patches for weaknesses identified in monthly vulnerability scans to strengthen patch management controls in the system environment.

No. 19 to FAA

KPMG recommends FAA management strengthen password complexity configurations for both systems, in accordance with the DOT Cyber Security Compendium; or,

No. 20 to FAA

KPMG recommends FAA management obtain a waiver from the DOT Chief Information Officer to relieve FAA of the implementation requirements within the DOT Cyber Security Compendium.

No. 21 to FAA

KPMG recommends FAA management develop and implement policies and procedures, including increasing the level of precision of the quarterly review of user access, to remove application access for separated employees and contractors immediately upon termination or when determined that a user's access is no longer required.

Audit Report: ST2016020 issued on 02.24.2016
FRA’s Oversight of Hazardous Materials Shipments Lacks Comprehensive Risk Evaluation and Focus on Deterrence
Closed on 02.28.2017
No. 1 to FRA

Require the Office of Railroad Safety to periodically perform a comprehensive hazardous materials transportation risk assessment that identifies and assesses the relationship among the regional and national risks associated with achieving program objectives.

Closed on 02.28.2017
No. 2 to FRA

Issue guidance to regions that provides detailed information on the tools available to guide resource allocation decisions and the data feeding each tool, and sets expectations for how regions should incorporate these tools, including the comprehensive risk assessment conducted by the Office of Safety, into resource allocation decisions.

Closed on 10.20.2016
No. 3 to FRA

Develop new FRA Secure Site reports or other tools that meet hazardous materials inspectors' needs for access to inspection data from other regions and provide training on their use.

Closed on 10.19.2016
No. 4 to FRA

Update guidance to inspectors on writing violation reports to include detailed information on how and when to recommend a penalty that differs from the guidelines and what to include in the violation report to support the recommendation.

Closed on 09.16.2016
No. 5 to FRA

Strengthen Office of Chief Counsel procedures for processing penalties at the penalty assessment stage to require attorneys to document their considerations of the penalty assessment factors in 49 USC § 5123 for every violation of hazardous materials regulations.

Closed on 02.28.2017
No. 6 to FRA

Require the Office of Chief Counsel to provide to regional hazardous materials specialists an annual report or regular access to information on penalty amounts for each violation in closed cases.

Closed on 05.09.2016
No. 7 to FRA

Amend Agency policy and procedures to require all staff, including inspectors, to directly report to OIG all suspected criminal violations and instances of fraud, waste, and abuse.

Audit Report: ST2016021 issued on 02.24.2016
Additional Efforts Are Needed To Ensure NHTSA’s Full Implementation of OIG’s 2011 Recommendations
No. 1 to NHTSA

Develop and implement enforcement mechanisms (internal controls) and periodically assess compliance with established policies. At a minimum, these mechanisms should address: a. retaining and storing pre-investigation documentation, b. linking each issue evaluation discussed at a Defects Assessment Panel meeting with the corresponding minutes for that meeting, c. assessing the need for third-party assistance prior to obtaining that assistance, d. assessing and adjusting timeliness goals, e. using the investigation documentation checklist, and f. protecting consumers' personally identifiable information.

No. 2 to NHTSA

Designate responsibility for executing ODI's training plan.

Audit Report: FI2016019 issued on 02.04.2016
FAA’s Security Controls Are Insufficient for Large Terminal Radar Approach Control Facilities
Closed on 01.31.2017
Sensitive
No. 1 to FAA

Sensitive information redacted

Sensitive
No. 2 to FAA

Sensitive information redacted

Sensitive
No. 3 to FAA

Sensitive information redacted

Closed on 01.31.2017
Sensitive
No. 4 to FAA

Sensitive information redacted

Sensitive
No. 5 to FAA

Sensitive information redacted

Sensitive
No. 6 to FAA

Sensitive information redacted

Audit Report: FI2016016 issued on 01.20.2016
FAA Lacks Effective Internal Controls for Oversight of Accountable Personal Property
Closed on 03.29.2016
No. 1 to FAA

Notify custodial area managers of their responsibility to maintain custodians for all cost centers an d property custodians of their responsibility for ensuring accurate, complete, and timely physical inventories in accordance with FAA policy and procedures.

Closed on 04.25.2016
No. 2 to FAA

Develop and implement a measureable approach that holds custodians accountable for the completeness and accuracy of property records within their cost centers.

Closed on 05.31.2016
No. 3 to FAA

Implement an automatic alert function to officially notify and remind property custodians when a required triennial inventory is coming due.

Closed on 05.31.2016
No. 4 to FAA

Develop and implement a plan to conduct and certify inventory counts for all cost centers with non-capitalized accountable property that are identified in FAA's property management system and resolve discrepancies in accordance with FAA policy.

No. 5 to FAA

Establish a control that ensures that all IT assets acquired using the SAVES contract are recorded in FAA's property management system within 30 days.

Closed on 11.23.2016
No. 6 to FAA

Develop agency-wide procedures for the timely update of records for IT equipment exchanged via the ITAMS program.

Closed on 08.08.2016
No. 7 to FAA

Develop a timeline for completion and continue performing a comprehensive review of all FAA cost centers with accountable property in FAA's property management system to identify old or inactive cost centers, transfer affected property in accordance with FAA policy, and block custodians and delegates from adding new property to these cost centers.

Closed on 04.25.2016
No. 8 to FAA

Evaluate opportunities to expand the use of EAV in property management, including an automated solution that enables information from EAV to automatically update property records.

Audit Report: AV2016015 issued on 01.15.2016
FAA Reforms Have Not Achieved Expected Cost, Efficiency, and Modernization Outcomes
Closed on 03.09.2017
No. 1 to FAA

Identify and implement Agency-wide cost-saving initiatives and develop appropriate timelines and metrics to measure whether the initiatives are successful.

Closed on 09.15.2016
No. 2 to FAA

When reporting on major acquisitions, identify the current estimated costs for each acquisition system, including all segments. Separately identify cumulative amounts for acquisition costs, technical refresh, and other enhancements in order to identify the total baselined/rebaselined costs for each system and account for the way funds are being used when reporting to managers, Congress, and other stakeholders.

No. 3 to FAA

Review and identify Federal and industry best practices and guidance from OMB and the Federal CIO that may be incorporated into AMS for acquiring major capital investments and IT systems, including the use of successive contracts that are separately priced and the use of modular concepts when planning and purchasing IT, and determine which are appropriate for incorporation into AMS.

Audit Report: AV2016014 issued on 01.11.2016
FAA Continues To Face Challenges in Ensuring Enough Fully Trained Controllers at Critical Facilities
Closed on 12.15.2016
No. 1 to FAA

Develop and implement a methodology with completion dates for determining en route staffing ranges, as suggested by the National Academy of Sciences.

Closed on 09.01.2016
No. 2 to FAA

Document and use the results of Operational Planning and Scheduling tool when annually negotiating controller work schedules at each facility.

Audit Report: AV2016013 issued on 01.07.2016
Enhanced FAA Oversight Could Reduce Hazards Associated With Increased Use of Flight Deck Automation
No. 1 to FAA

Develop guidance defining pilot monitoring metrics that air carriers can use to train and evaluate pilots.

No. 2 to FAA

Develop standards to determine whether pilots receive sufficient training opportunities to develop, maintain, and demonstrate manual flying skills.

Audit Report: ST2016011 issued on 12.10.2015
Weaknesses in MARAD’s Management Controls for Risk Mitigation, Workforce Development, and Program Implementation Hinder the Agency’s Ability To Meet Its Mission
Closed on 02.22.2016
No. 1 to MARAD

Update policies and procedures to require Program and Performance Office staff to review risk profiles to ensure program managers thoroughly document risks and mitigation strategies.

Closed on 01.08.2016
No. 2 to MARAD

Provide additional training to both program managers and Internal Control Officers on thoroughly documenting risks and mitigation strategies in risk profiles. .

No. 3 to MARAD

Create and implement a plan—including tasks, actions, timelines, and responsible personnel—to fully implement comprehensive competency models for mission-critical occupations.

Closed on 01.10.2017
No. 4 to MARAD

Align Headquarters' and field offices' onboarding policies and procedures to ensure consistent implementation and provision of critical information across the Agency.

Closed on 08.16.2016
No. 5 to MARAD

Update the training policies to reflect the current operating environment and to include a control mechanism to ensure all completed training is tracked in a comprehensive training repository.

No. 6 to MARAD

Contingent upon HHS' response, finalize the expansion of the number of testing-designated positions at fleet sites.

Closed on 08.01.2016
No. 7 to MARAD

Develop supplemental policies and procedures and train fleet supervisors on MARAD's procedures to handle suspected drug use.

No. 8 to MARAD

Update existing MAOs in accordance with established timelines.

Closed on 01.25.2017
No. 9 to MARAD

Update the MAO governing the internal directive system to assign responsibility for monitoring implementation.

Closed on 08.01.2016
No. 10 to MARAD

Develop or update policies and procedures to carry out MARAD's ship disposal responsibilities under Title 40 U.S.C. Section 548, including policies and procedures for:(a.) identifying the universe of Government-owned vessels that meet the statutory criteria for MARAD to serve as the disposal agent; (b.) notifying agencies that own these vessels of MARAD's disposal agent role; (c.) specifying into what accounts MARAD should deposit ship disposal proceeds; and (d.) specifying when and how the Maritime Administrator determines what portion of funds MARAD retains for its heritage property.

Closed on 01.08.2016
No. 11 to MARAD

Update policies and procedures for the Historic Preservation Program to include controls to prevent asset loss.

Closed on 09.08.2016
No. 12 to MARAD

Dispose of excess non-heritage assets identified in the heritage asset inventory.

Closed on 05.10.2016
No. 13 to MARAD

Update VTO policies and procedures to reflect the current range of program responsibilities and processes.

Closed on 02.04.2016
No. 14 to MARAD

Modify policies and procedures to strengthen controls for Gateway Directors' oversight of TIGER grants.

Closed on 08.30.2016
No. 15 to MARAD

Provide additional guidance to fleet sites to standardize NDRF Reserve Fleet Operations' KPI data inputs, and provide more uniform measures of fleet performance.

Closed on 02.22.2016
No. 16 to MARAD

Update the MARAD Internal Control Program directive to include mechanisms for communicating all management control deficiency information to the Program and Performance Office staff for entry into the tracking system.

Audit Report: QC2016009 issued on 11.19.2015
Quality Control Review of the Audited Closing Package Financial Statements for Fiscal Years 2015 and 2014
Closed on 12.12.2016
No. 1 to OST

KPMG recommends that DOT improve controls over financial reporting for the closing package financial statements to ensure that the accompanying notes to the Closing Package are accurately prepared in accordance with the instructions contained in TFM Chapter 4700.

Closed on 12.12.2016
No. 2 to OST

KPMG recommends that DOT improve controls over financial reporting for the closing package financial statements to ensure an appropriate supervisory review of the Closing Package prior to "lock down" with the Department of the Treasury.

Audit Report: QC2016008 issued on 11.16.2015
Quality Control Review of the Department of Transportation’s Audited Financial Statements for Fiscal Years 2015 and 2014
No. 1 to FTA

That the Chief Information Officers of DOT and FTA develop policies, procedures and controls to address the provisioning of IT access, vulnerability management, system audit log review and change management control deficiencies identified in the FTA financial IT systems.

No. 2 to FTA

That the Chief Information Officers of DOT and FTA monitor progress to ensure that procedures and controls are appropriately designed, implemented, and maintained.

No. 3 to FHWA

KPMG recommends that FAA establish procedures and controls over the accrual period revalidation process, including policies to regularly revalidate the accrual periods.

No. 4 to FHWA

KPMG recommends that FAA develop survey questions that more closely align with the relevant data necessary to determine the accrual periods for the four expenditure categories.

No. 5 to FHWA

KPMG recommends FAA document the methodology of how the survey responses are used to determine the accrual period. When a deviation from the standard methodology is necessary; document the reasoning and maintain evidence to support the deviation.

Closed on 09.27.2016
No. 6 to FRA

KPMG recommended that DOT complete the investigation into potential additional Anti-Deficiency Act violations at the FRA.

Closed on 09.27.2016
No. 7 to FRA

KPMG recommended that DOT implement appropriate policies and procedures to prevent future violations.

No. 8 to FTA

KPMG recommends DOT improve its general information technology controls at FTA, as noted above, to ensure that DOT's financial management systems comply with the requirements of the FFMIA.

Audit Report: FI2016001 issued on 11.05.2015
DOT Had Major Success in PIV Implementation, But Problems Persist In Other Cybersecurity Areas
No. 1 to OST

Ensure that the OCIO revises the Departmental policy to document its practice of prohibiting user-based waivers or exclusions for PIV required use for network and system access.

No. 2 to OST

The Deputy Secretary, or his designees, takes the following action to work with the OAs to develop a formal transition plan to the proposed ISCM target architecture that includes but is not limited to: (1) continuously assessing security controls; (2) reviewing system configuration settings; and (3) assessing timely remediation of security weaknesses. During the transition period, establish processes and practices for effectively collecting, validating, and reporting ISCM data.

Closed on 02.06.2017
No. 3 to OST

Ensure that FAA, FHWA, FMCSA, FRA, FTA, NHTSA, MARAD/USMMA, OST, and SLSDC perform actions to immediately disable user accounts that have been inactive for over 90 days, as required by the DOT compendium. Report completion of this effort to OCIO. Create a POA&M to track progress and verify completion of the action.

Closed on 02.06.2017
No. 4 to OST

Work with OAs to develop internal controls to ensure network administrators are informed and action is taken to disable accounts when users no longer require access.

Closed on 11.01.2016
No. 5 to OST

Work with the OCIO to develop a quality assurance process to ensure OAs and network administrators are following DOT Cybersecurity procedures that require them to periodically review user accounts and ensure they are effectively managing these accounts.

Closed on 11.01.2016
No. 6 to OST

Revise DOT's existing Cybersecurity policy to incorporate specific requirements for review and cleanup of service accounts.

Closed on 11.01.2016
No. 7 to OST

Work with the COE's management to ensure review and cleanup activities of service accounts are successfully completed.

No. 8 to OST

Work with FAA to improve its assessment process to meet DOT Cybersecurity Compendium and Security Authorization & Continuous Monitoring Performance Guide. DOT CIO in conjunction with the FAA CIO review the FAA quality assurance process to ensure all security documents are reviewed and updated to reflect the system controls, vulnerabilities, and that the current risks are clearly presented to the authorizing officials.

No. 9 to OST

Work with the OAs to ensure they update open POA&Ms with the required data fields.

Audit Report: ZA2016002 issued on 11.03.2015
New Disadvantaged Business Enterprise Firms Continue To Face Barriers to Obtaining Work at the Nation’s Largest Airports
Closed on 03.03.2017
No. 1 to FAA

Implement a plan for encouraging the participation of ACDBE-certified "goods and services" firms in the car rental industry and promoting their use.

Closed on 04.18.2016
No. 2 to FAA

Issue guidance that corrects the misinterpretation of the statutory and regulatory language that creates an exception for car rental companies from the general requirement to explore direct ownership arrangements as a way to meet ACDBE goals.

Closed on 03.03.2017
No. 3 to FAA

Coordinate with OSDBU to make current Small Business Transportation Resource Center training and assistance accessible to airport DBEs, such as procurement and technical training.

No. 4 to FAA

Re-examine the most recent methodologies used to calculate ACDBE car rental participation goals for the Nation's 65 largest airports, and provide guidance on the goal setting principles to use in calculating ACDBE participation goals. For those airports that did not properly calculate their goals, take action to ensure compliance with DOT guidance.

No. 5 to FAA

In coordination with FAA's Office of Airports, develop and implement a plan to address DBE prompt payment issues with airports and prime contractors.

Closed on 02.05.2016
No. 6 to FAA

Publicize best practices such as those identified in this report relating to prompt payments and uses of online databases.

Audit Report: AV2016001 issued on 10.15.2015
FAA Lacks an Effective Staffing Model and Risk-Based Oversight Process for Organization Designation Authorization
No. 1 to FAA

Determine what additional model inputs and labor distribution codes are needed to identify ODA oversight staffing needs, and report the results to the Aircraft Certification Management Team.

No. 2 to FAA

Develop a process to assess the model results at the office level for potential staffing shortages, determine the validity of the results, and include in a regular written report to the Aircraft Certification Management Team.

No. 3 to FAA

Develop and implement system-based evaluation criteria and risk-based tools to aid ODA team members in targeting their oversight.

Closed on 07.06.2016
No. 4 to FAA

Clarify guidance to ODA oversight staff on the minimum oversight requirements for each oversight team member.

Closed on 03.02.2017
No. 5 to FAA

Provide guidance on data that ODA team members should be analyzing on an ongoing basis, enhance its national summary of biennial audit results to include more specificity, and disseminate it to ODA teams to use in planning their oversight.

Closed on 10.19.2016
No. 6 to FAA

Clarify guidance to engineers and inspectors on actions to take in response to self-audits and develop a process to validate that the audits are being used to identify trends that warrant a need for oversight.

Closed on 10.19.2016
No. 7 to FAA

Provide guidance on the level of sampling required to achieve effective oversight of ODA company personnel performing key aircraft certification functions, and issue sampling guidance to field offices.

No. 8 to FAA

Develop agreements and a process for sharing resources to assure that ODA personnel performing certification and inspection work at supplier and company facilities receive adequate oversight.

No. 9 to FAA

Require annual assessments of audit training provided to ODA oversight personnel for effectiveness, and report the results of the assessment on an annual basis to the Aircraft Certification Management Team.

Audit Report: AV2015112 issued on 09.29.2015
FAA’s Contingency Plans and Security Protocols Were Insufficient at Chicago Air Traffic Control Facilities
Closed on 08.24.2016
No. 1 to FAA

Apply the lessons learned from the Chicago Center incident to the redesign of operational contingency plans for all Center facilities.

No. 2 to FAA

Identify and implement changes needed to improve annual contingency training exercises to simulate more realistic scenarios.

No. 3 to FAA

Evaluate the feasibility and cost of physically separating primary and backup components of critical communication infrastructure when comparing alternative implementation options for all future investments.

No. 4 to FAA

Install a secure wireless network that can provide access to FAA's local area network (LAN) and connectivity to the internet at Center facilities.

Closed on 04.19.2016
No. 5 to FAA

Assess the feasibility and cost of replacing the existing fire suppression systems in critical equipment areas with a waterless system at Center facilities.

No. 6 to FAA

Develop an implementation plan and quantify all costs required for the implementation of each recommendation in FAA's 30-day Review of Contingency Plans.

Closed on 09.21.2016
No. 7 to FAA

Develop an implementation plan and quantify all costs required for the implementation of the 42 recommendations derived from the Comprehensive Security Review.

Audit Report: SA2015109 issued on 09.22.2015
State of Michigan, Lansing, Michigan
Closed on 07.31.2016
No. 1 to FHWA

Ensure the State complies with the Activities Allowed or Unallowable and Allowable Costs/Cost Principles Requirements.

Audit Report: SA2015102 issued on 09.21.2015
State of Colorado, Denver, Colorado
Closed on 07.31.2016
No. 2 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements.

Audit Report: SA2015104 issued on 09.21.2015
State of Illinois, Springfield, Illinois
Closed on 08.31.2016
No. 3 to FHWA

Ensure the State complies with the Activities Allowed or Unallowed Requirements.

Audit Report: SA2015107 issued on 09.21.2015
State of Rhode Island and Providence Plantations, Providence, Rhode Island
Closed on 07.31.2016
No. 1 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements.

Audit Report: SA2015095 issued on 09.15.2015
State of Florida, Tallahassee, Florida
No. 1 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements.

Closed on 05.23.2016
No. 2 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements.

Closed on 03.29.2016
No. 3 to FTA

Ensure the State complies with the Reporting Requirements.

Audit Report: SA2015097 issued on 09.15.2015
City of Long Beach, California
Closed on 07.31.2016
No. 1 to OST

Ensure the City complies with the Reporting Requirements.

Audit Report: SA2015099 issued on 09.15.2015
Metropolitan Council of the Twin Cities Area, St Paul, Minnesota
Closed on 07.31.2016
No. 1 to FTA

Ensure the Council complies with the Subrecipient Monitoring Requirements.

Closed on 07.31.2016
No. 2 to FTA

Ensure the Council complies with the Reporting Requirements.

Audit Report: SA2015088 issued on 09.14.2015
State of Georgia, Atlanta, Georgia
No. 1 to FHWA

Ensure the State complies with the Davis-Bacon Act Requirements.

No. 2 to FHWA

Ensure the State complies with the Subrecipient Monitoring Requirements.

Audit Report: ST2015083 issued on 09.01.2015
FHWA’s FIRE Program Is Addressing State Vulnerabilities, but Opportunities Exist To Make Improvements
Closed on 04.15.2016
No. 1 to FHWA

Develop and implement a mechanism to oversee Division Administrators' decision making process to validate that all material weaknesses have been reported and that materiality has been appropriately assessed.

Closed on 10.06.2016
No. 2 to FHWA

Require Division Offices to clearly document how the financial management reviews responded to the risk assessments or other internal control weaknesses.

Closed on 08.31.2016
No. 3 to FHWA

Require Division Offices to keep complete records for key training related to the FIRE Program and track this information in a centralized system.

Closed on 12.15.2016
No. 4 to FHWA

Require Division Offices to transfer open, pre-existing FMR recommendations and corrective action plans to INPUT.

Audit Report: AV2015081 issued on 08.20.2015
FAA Has Not Effectively Deployed Controller Automation Tools That Optimize Benefits of Performance-Based Navigation
No. 1 to FAA

Establish firm milestones and follow through with all action items required to address TBFM Study Team report recommendations and a process to account for their completion.

Closed on 03.31.2016
No. 2 to FAA

Prioritize actions needed to complete the implementation of enhancements, including Ground Interval Management-Spacing, Terminal Sequencing and Spacing, and Path Stretch which further facilitate PBN use.

No. 3 to FAA

Establish a NAS-wide TBFM user collaboration and information sharing database or tracking system to capture lessons learned by facilities and subject matter experts during TBFM implementation and use.

No. 4 to FAA

Establish a process for creating agreements (e.g., Letters of Agreement), including corresponding procedures, between facilities to accommodate wider use of automation tools and establish a target date for implementing them.

Audit Report: ST2015080 issued on 08.20.2015
Efficiency of FAA’s Air Traffic Control Towers Ranges Widely
$853,000,000
No. 1 to FAA

Identify the factors contributing to greater resource use by the least efficient towers as compared with the relatively efficient towers that we identified, and develop a plan for addressing them.

Audit Report: AV2015079 issued on 08.20.2015
FAA Delays in Establishing a Pilot Records Database Limit Air Carriers’ Access to Background Information
No. 1 to FAA

Develop a clearly defined and expedited schedule for the development and implementation of a PRD, including cost estimates and project timelines.

Closed on 10.27.2015
No. 2 to FAA

As part of the standard PRIA response letter, incorporate a written notification to air carriers that additional records may be available through FOIA and Privacy Act requests.

No. 3 to FAA

Establish the FAA-records portion of the database and develop a single process for air carriers to request and obtain records currently available through PRIA, notices of disapproval, and summaries of enforcement actions in accordance with the Act.

Audit Report: ZA2015071 issued on 07.23.2015
The Department Does Not Fully Ensure Compliance With Contract Closeout Requirements
No. 1 to OST

Implement an oversight process for monitoring compliance with Federal and departmental closeout requirements.

No. 2 to OST

Issue additional departmental guidance on the contract closeout process. At a minimum, this guidance should include requirements for: file retention and storage, contract closeout file documentation, initial funds reviews, closeout of individual task and delivery orders, timely submission of adequate evidence of physical completion, and safeguards to prevent the destruction of contract files before closeout is completed.

No. 3 to OST

Require Operating Administrations' acquisition offices to update or finalize all internal contract closeout policies, including references to key Federal and departmental requirements.

No. 4 to FAA

Implement an oversight process for monitoring compliance with AMS closeout requirements.

No. 5 to FAA

Issue additional AMS guidance on the contract closeout process. At a minimum, this guidance should include requirements for: file retention and storage, contract closeout file documentation, initial funds reviews, timely submission of adequate evidence of physical completion, and safeguards to prevent the destruction of contract files before closeout is completed.

Audit Report: AV2015066 issued on 07.16.2015
FAA Has Not Effectively Implemented Repair Station Oversight in the European Union
Closed on 08.11.2016
No. 1 to FAA

Clarify inspector guidance on how to assess foreign authorities' readiness to assume FAA oversight responsibilities.

Closed on 09.22.2015
No. 2 to FAA

Require future candidate countries for bilateral agreements to inform FAA of completion of initial inspector training prior to FAA transferring its oversight authority.

Closed on 03.08.2016
No. 3 to FAA

Develop standardized instructions for FAA and foreign authority inspectors on how to properly complete inspection checklists.

Closed on 10.21.2015
No. 4 to FAA

Provide training to foreign authority inspectors on areas such as clarifying how to approve an FAA supplement and how to review and accept written confirmation of dangerous goods training programs.

Closed on 11.03.2015
No. 5 to FAA

Revise inspection checklist questions by defining FAA-specific terms and requirements and including references to applicable Special Conditions.

Closed on 10.21.2015
No. 6 to FAA

Develop a control to require all FAA-certificated EU-based repair stations to affirm to foreign authorities whether or not they engage in dangerous goods handling.

No. 7 to FAA

Develop guidance and provide training to FAA inspectors that clarify their current roles and responsibilities as country coordinators.

Closed on 06.03.2016
No. 8 to FAA

Conduct a comparative analysis of the Maintenance Annex Guidance to ensure that FAA inspection procedures and checklists are comparable to EASA's, where possible.

Closed on 09.25.2015
No. 9 to FAA

Revise FAA inspection checklists to ensure that FAA inspectors can clearly document discrepancies related to Part 145 requirements during sampling inspections of EU-based repair stations.

Closed on 02.13.2017
No. 10 to FAA

Revise the Maintenance Annex Guidance to require FAA inspectors to review and accept corrective action plans resulting from aviation authority sampling inspections.

Closed on 02.13.2017
No. 11 to FAA

Require FAA inspectors to obtain all level 1 and level 2 findings from EASA Part 145 inspections to enhance FAA's ability to conduct more accurate risk assessments of EU repair stations.

Closed on 06.07.2016
No. 12 to FAA

Revise the Maintenance Annex Guidance to require FAA inspectors to receive EU-based repair station corrective action plans after completing sampling inspections to be used for risk assessment.

Audit Report: FI2015065 issued on 07.09.2015
Weak Internal Controls for Collecting Delinquent Debt Put Millions of DOT Dollars at Risk
$494,100,000
No. 1 to OST

Develop and implement departmentwide policies and procedures for accurately identifying and reporting delinquent debt and recoveries, and collecting debts in a timely manner. Implementation of this recommendation could put $494.1 million in funds to better use.

No. 2 to OST

Establish clear policies and guidance for overseeing delinquent debt collections made by Operating Administrations and ESC.

No. 3 to OST

Require relevant training for all personnel who are responsible for identifying, collecting, and reporting on delinquent debt.

No. 4 to OST

Direct Operating Administrations that must comply with legal requirements outside of DCIA to develop clear and effective debt collection policies and procedures for their unique requirements and to share these policies and procedures with ESC.

No. 5 to OST

Direct ESC to clarify its SOPs, including (a) delineating the different processes for administrative and loan debts and (b) identifying the Operating Administrations that the SOPs apply to.

No. 6 to OST

Direct Operating Administrations that have loan programs to develop or enhance policies and procedures for complying with their specific requirements for delinquent loan collections.

Audit Report: ST2015063 issued on 06.18.2015
Inadequate Data and Analysis Undermine NHTSA’s Efforts To Identify and Investigate Vehicle Safety Concerns
No. 1 to NHTSA

Develop and implement a method for assessing and improving the quality of early warning reporting data.

Closed on 04.14.2016
No. 2 to NHTSA

Issue guidance or best practices on the format and information that should be included in non-dealer field reports to improve consistency and usefulness.

Closed on 03.30.2016
No. 3 to NHTSA

Require manufacturers to develop and adhere to procedures for complying with early warning reporting requirements; and require ODI to review these procedures periodically.

Closed on 06.27.2016
No. 4 to NHTSA

Expand current data verification processes to assess manufacturers' compliance with regulations to submit complete and accurate early warning reporting data. At minimum, this process should assess how manufacturers assign vehicle codes to specific incidents and how they determine which incidents are reportable.

Closed on 04.29.2016
No. 5 to NHTSA

Develop and implement internal guidance that identifies when and how to use oversight tools to enforce manufacturers' compliance with early warning reporting data requirements.

Closed on 09.30.2015
No. 6 to NHTSA

Provide detailed and specific guidance to consumers on the information they should include in their complaints, as well as the records they should retain (such as police reports and photographs) in the event that ODI contacts them for more information.

No. 7 to NHTSA

Develop an approach that will determine which early warning reporting test scores provide statistically significant indications of potential safety defects.

Closed on 03.14.2017
No. 8 to NHTSA

Periodically assess the performance of the early warning reporting data tests using out-of-sample testing.

Closed on 03.14.2017
No. 9 to NHTSA

Institute periodic external expert reviews of the statistical tests used to analyze early warning reporting data to ensure that these methods are up-to-date and in keeping with best practices.

Closed on 04.18.2016
No. 10 to NHTSA

I mplement a supervisory review process to ensure that all early warning reporting data are analyzed according to ODI policies and procedures.

No. 11 to NHTSA

Develop and implement a quality control process to help ensure complaints are reviewed thoroughly and within a specified timeframe.

Closed on 06.20.2016
No. 12 to NHTSA

Update standardized procedures for identifying, researching, and documenting safety defect trends that consider additional sources of information beyond consumer complaints, such as special crash investigation reports and early warning data.

Closed on 12.02.2015
No. 13 to NHTSA

Document supervisory review throughout the pre-investigative process including data screening.

Closed on 06.20.2016
No. 14 to NHTSA

Evaluate the training needed by pre-investigative staff to identify safety defect trends; and develop and implement a plan for meeting identified needs.

Closed on 01.12.2016
No. 15 to NHTSA

Develop and implement guidance on the amount and type of information needed to determine whether a potential safety defect warrants an investigation proposal and investigation.

Closed on 06.27.2016
No. 16 to NHTSA

Develop a process for prioritizing, assigning responsibility, and establishing periodic reviews of potential safety defects that ODI determines should be monitored.

Closed on 02.05.2016
No. 17 to NHTSA

Document and establish procedures for enforcing timeframes for deciding whether to open investigations; and establish a process for documenting justifications for these decisions.

Audit Report: SA2015048 issued on 06.17.2015
State of Arizona, Phoenix, Arizona
Closed on 09.30.2016
No. 1 to FHWA

Ensure the State complies with the Allowable Costs/Cost Principles Requirements.

Audit Report: SA2015055 issued on 06.17.2015
State of Texas, Comptroller of Public Accounts, Austin, Texas
No. 1 to FHWA

Ensure the State complies with the Davis-Bacon Act Requirements.

Closed on 03.29.2016
No. 2 to FHWA

Ensure the State complies with the Real Property Acquisition and Relocation Assistance and Special Tests and Provisions Requirements.

Closed on 02.29.2016
$76,655
No. 3 to FHWA

Recover $76,655 from the State, if applicable.

Closed on 08.31.2016
No. 4 to FHWA

Ensure the State complies with the Sub recipient Monitoring and Special Tests Provisions Requirements.

Audit Report: SA2015056 issued on 06.17.2015
Highways Division Department of Transportation, State of Hawaii
Closed on 12.10.2015
No. 1 to FHWA

Ensure the State complies with Cash Management Requirements.

No. 2 to NHTSA

Ensure the State complies with Cash Management Requirements.

Closed on 12.10.2015
No. 3 to FHWA

Ensure the State complies with the Davis -Bacon Act Requirements.

Audit Report: SA2015061 issued on 06.17.2015
State of Tennessee, Nashville, Tennessee
Closed on 03.01.2016
No. 1 to FHWA

Ensure the State complies with the Activities Allowed or Unallowed and Allowable Costs/Cost Principles Requirements.

Closed on 11.28.2016
$8,399
No. 2 to FHWA

Recover $8,399 from the State, if applicable.

Closed on 02.29.2016
No. 3 to FTA

Ensure the State complies with the Activities Allowed or Unallowed and/or Allowable Costs/Cost Principles Requirements.

Closed on 05.23.2016
$268,352
No. 4 to FTA

Recover $268,352 ($258,022 and $10,330 ) from the State, if applicable.

Closed on 03.01.2016
No. 5 to FHWA

Ensure the State complies with the Matching, Level of Effort, and Earmarking Requirements.

$3,626,721
No. 6 to FHWA

Recover $3,626,721 from the State, if applicable.

No. 7 to FHWA

Ensure the State complies with the Procurement and Suspension and Debarment Requirements.

No. 8 to FHWA

Ensure the State complies with the Special Tests and Provisions Requirements.

$431,821
No. 9 to FHWA

Recover $431,821 from the State, if applicable.

Audit Report: FI2015047 issued on 06.16.2015
DOT Lacks an Effective Process for Its Transition to Cloud Computing
No. 1 to OST

Develop guidance for acquisition of cloud services, cost and savings analysis, and operational support for use of those services.

No. 2 to OST

Develop a process to verify that non-disclosure agreements and language regarding discovery and investigatory requirements are included in future cloud contracts.

No. 3 to OST

Establish procedures to verify systems are accurately inventoried in CSAM.

No. 4 to OST

Establish FedRAMP compliance guidelines and oversight for the Department, and ensure that each Operating Administration put plans in place to meet FedRAMP requirements.

Audit Report: ST2015046 issued on 06.12.2015
FTA Has Not Fully Implemented Key Internal Controls for Hurricane Sandy Oversight and Future Emergency Relief Efforts
Closed on 05.24.2016
No. 1 to FTA

Implement enhanced review processes for ERP grant applications and grant award approvals that are aligned with the ERP Toolkit's checklists and require documentation in FTA's grant management system in accordance with Federal internal control standards guidance.

Closed on 02.04.2016
No. 2 to FTA

Enhance internal control processes for future force account funding by establishing clear funding criteria for future emergency relief efforts, which include the specific types of applicant documentation required to receive this funding.

Closed on 05.24.2016
No. 3 to FTA

Improve FTA's risk assessment process for future grantee and project risk assessments by: a.) establishing criteria for assigning low, medium, and high risks and b.) requiring documentation that allows others to understand how these criteria inform specific risk assessment ratings and, if applicable, the reason(s) and decision-making for different risk levels assigned to grantee risk assessments and the grantees' project risk assessments.

Closed on 02.04.2016
No. 4 to FTA

Develop and implement enhanced controls to ensure that monthly ERP FFR and MPR review processes, as outlined in the ERP Toolkit, are fully implemented by regional office personnel and documentation is aligned with Federal internal control standards guidance.

Closed on 10.06.2016
No. 5 to FTA

Formalize FTA's process for coordination with FEMA to avoid duplicative payments in providing emergency and disaster-related assistance.

Audit Report: FI2015043 issued on 05.15.2015
DOT’s Fiscal Year 2014 Improper Payment Reporting Generally Complies with IPERA Requirements
No. 1 to OST

We recommend that DOT's Acting Assistant Secretary for Budget and Programs/Chief Financial Officer: Develop a process to provide greater oversight and review of contractors and employees that perform improper payment testing to ensure that the work has an audit trail and is accurate.

Closed on 10.26.2015
No. 2 to OST

We recommend that DOT's Acting Assistant Secretary for Budget and Programs/Chief Financial Officer: Implement procedures to ensure DOT employees and contractors are trained before performing or reviewing improper payment test procedures.

Closed on 05.23.2016
No. 3 to OST

We recommend that DOT's Acting Assistant Secretary for Budget and Programs/Chief Financial Officer: Implement procedures to verify that FTA distributes guidance which increases grantee knowledge of documentation required to support a payment as proper in the FG program.

Closed on 06.28.2016
No. 4 to OST

We recommend that DOT's Acting Assistant Secretary for Budget and Programs/Chief Financial Officer: Implement procedures to verify that FRA distributes guidance which increases grantee knowledge of documentation required to support a payment as proper in the HSIPR program.

Audit Report: ZA2015041 issued on 04.09.2015
Some Deficiencies Exist in DOT’s Enforcement and Oversight of Certification and Warrant Authority for Its Contracting Officers
No. 1 to OST

That the Office of the Senior Procurement Executive address the cases of noncompliance with CO certification and warrant requirements at FMCSA, FRA, MARAD, and NHTSA, as noted in this report. Specifically, the Operating Administrations should ensure that (a) CO warrants are issued in compliance with Federal and departmental requirements and (b) COs obtain and maintain their FAC-C certifications.

Closed on 12.30.2015
No. 2 to OST

We recommend that the office of Senior Procurement Executive update departmental policies to (a) clearly require immediate revocation or modification of warrants upon expiration of FAC-C certifications and (b) define the role of the Operating Administrations' ACMs.

Closed on 12.30.2015
No. 3 to OST

That the Office of the Senior Procurement Executive update departmental policies to require OSPE to conduct periodic reviews of Operating Administrations' compliance with DOT's AWF policy and to correct deficiencies identified during these reviews as necessary.

No. 4 to OST

That the Office of the Senior Procurement Executive direct the Heads of Contracting Activity at each Operating Administration to: (a) develop and implement, oversight procedures to ensure compliance with DOT's AWF policy including procedures for annual reviews of level I and II CO warrants and reviews of level III warrants at least every 2 years to determine if COs remain qualified to perform their duties and there is a continued need for warrants and (b) report to OSPE on their oversight procedures.

No. 5 to OST

That the Office of the Senior Procurement Executive direct the Heads of Contracting Activity at each Operating Administration to (a) review CO warrants to ensure they include required elements and restrictions specified in DOT's AWF policy, (b) address any instances of noncompliance, and (c) report their planned and implemented corrective actions to OSPE within established timeframes.

No. 6 to OST

That the Office of Senior Procurement Executive correct the FAITAS data inaccuracies noted in this report at FTA and MARAD.

Closed on 12.30.2015
No. 7 to OST

That the Office of Senior Procurement Executive update departmental policies to require Operating Administrations monitor FAITAS data to ensure that CO warrant and certification data are current, complete, and accurate.

Audit Report: AV2015039 issued on 04.08.2015
Delays in Meeting Statutory Requirements and Oversight Challenges Reduce FAA’s Opportunities To Enhance HEMS Safety
Closed on 06.14.2016
No. 1 to FAA

Develop helicopter-specific accident reduction goals and communicate them in FAA planning documents and business plans.

Closed on 01.04.2016
No. 2 to FAA

Expand the criteria for dedicated certificate management teams and use of SEP for HEMS operators with 20 to 24 aircraft.

No. 3 to FAA

Conduct a workforce assessment that includes a determination of whether: a. inspectors are at the right locations to provide adequate surveillance of the growing number of HEMS certificates, b. it has the correct number of inspectors with the required specialized knowledge, and c. district office inspector workload is adequately measured in complexity ratings and balanced between district offices.

Closed on 11.22.2016
No. 4 to FAA

Review and revise inspector hiring and training policies so that they provide sufficient flight and aircraft systems experience and training needed for inspectors to successfully accomplish their surveillance duties.

Closed on 11.22.2016
No. 5 to FAA

Develop and implement a plan to provide inspectors access to new technology training opportunities and leverage both airplane and helicopter training if needed in their surveillance requirements.

Audit Report: QC2015037 issued on 03.31.2015
Quality Control Review of the Management Letter for the Audit of the Federal Aviation Administration’s Fiscal Years 2014 and 2013 Financial Statements
No. 1 to FAA

Finalize the policies and procedures that specify the number of days within which property identified for disposal should be retired and recorded in the general ledger.

No. 2 to FAA

Provide training to the various regions and property owners once the policies and procedures noted in recommendation one above are finalized and implemented.

Closed on 12.08.2015
No. 3 to FAA

Perform alternative procedures to assess the materiality of depreciation expense and loss on retirements for assets that were retired in prior years; but, have not been recorded in the general ledger until the current year.

Closed on 12.08.2015
No. 4 to FAA

KPMG recommends that FAA complete a more detailed review of manual journal entries to verify the entry was made in accordance with the appropriate USSGL transaction code.

Closed on 12.08.2015
No. 5 to FAA

KPMG recommends that FAA identify all procedures previously provided by Bureau of Fiscal Services (BFS) to account for the activities of the AATF and incorporate those procedures into the FAA's financial reporting process.

Closed on 12.08.2015
No. 6 to FAA

Develop and implement a process to formally identify, assess, and document the impact of errors, misclassifications and departures from GAAP in the financial statements and accompanying notes, including an assessment as to whether the errors are material in relation to the financial statements as a whole, both in current and future periods.  The assessment should be reviewed by an appropriate level of management.

Closed on 12.08.2015
No. 7 to FAA

KPMG recommends FAA develop and implement monitoring controls to ensure costs and revenues are mapped to the appropriate strategic priority.

Closed on 12.08.2015
No. 8 to FAA

KPMG recommends FAA enhance policies and procedures related to the review of journal vouchers to include a requirement that the initial review of journal vouchers occur before the journal voucher is posted to the general ledger.

Closed on 12.08.2015
No. 9 to FAA

KPMG recommends FAA revise policies and procedures to clarify or remove the second-level review requirement.

Closed on 12.08.2015
No. 10 to FAA

KPMG recommends FAA continue to emphasize the timely de-obligation of inactive UDOs through training and communication to the various lines of business.

Closed on 12.08.2015
No. 11 to FAA

KPMG recommends FAA continue to perform quarterly obligation reviews to monitor the validity of inactive UDOs.

Closed on 12.08.2015
No. 12 to FAA

KPMG recommends FAA correct the set-up of the vendor-trading partner in the vendor table.

Closed on 12.08.2015
No. 13 to FAA

KPMG recommends FAA develop and implement policies and procedures to accumulate a listing of new sites identified during the Environmental Site Cleanup Report (ESCR) preparation period and to assess the impact of the new sites to the Environmental Remediation (ER) liability.

Closed on 12.08.2015
No. 14 to FAA

KPMG recommends FAA develop and implement policies and procedures to specify the number of days within which the checklists related to new sites should be reviewed.

Closed on 12.08.2015
No. 15 to FAA

Enhance their policies and procedures to include the nature and extent of monitoring procedures to be performed by the Regional Office/Airport District Office during their quarterly review of payments made by sponsors with a nominal risk level.

Closed on 12.08.2015
No. 16 to FAA

Enhance monitoring procedures to ensure that expenses are recorded in the proper period and accruals are complete.

Closed on 12.08.2015
No. 17 to FAA

KPMG recommends that the FAA Oklahoma City Enterprise Center enhance its monitoring controls to ensure that someone other that the Human Resource Specialist who prepares the SF50 (Notification of Personnel Action) review the SF50 to verify the information from the employee election form is properly recorded.

Closed on 12.08.2015
No. 18 to FAA

KPMG recommends FAA design and implement procedures to validate the completeness and accuracy of key inputs provided by other organizations within FAA, including a periodic review of the key assumptions.

Closed on 12.08.2015
No. 19 to FAA

KPMG recommends FAA fully research and document its conclusions on the proper treatment of the sick leave buyback provisions in accordance with SFFAS No. 5.

Closed on 12.08.2015
No. 20 to FAA

Ensure that all security weaknesses identified during reviews performed by or on behalf of the agency, including Government Accountability Office audits, financial audits, system status reports, and critical infrastructure vulnerability assessments are included in the Cyber Security Assessment Manager  POA&M tracker for LIS.

No. 21 to FAA

KPMG recommends FAA strengthen password complexity configurations for LIS and SOAR, in accordance with the DOT Cyber Security Compendium.

No. 22 to FAA

KPMG recommends FAA obtain a waiver from the DOT Chief Information Officer to relieve FAA of the implementation requirements within the DOT Cyber Security Compendium.

No. 23 to FAA

KPMG recommends FAA update the LIS SSP to reflect the current security audit log mechanisms in place, and develop and implement procedures requiring periodic reviews of LIS audit logs. The procedures should include the items being reviewed and the frequency within which the reviews should occur.

Closed on 12.08.2015
No. 24 to FAA

Perform semi-annual reviews of all privileged user accounts, and their associated access levels, in accordance with the DOT Cyber Security Compendium, and include documented approval(s).

No. 25 to FAA

KPMG recommends FAA develop and implement procedures for granting physical access to the data center.

No. 26 to FAA

KPMG recommends FAA develop and implement procedures for  retaining authorizing documents for those individuals that are granted access.

No. 27 to FAA

KPMG recommends FAA develop and implement procedures for performing periodic reviews of access rights for existing data center users.

Closed on 12.08.2015
No. 28 to FAA

KPMG recommend that the FAA management develop and implement procedures that require the timely notification of LIS administrator(s) when LIS users are terminated and/or it is determined that a user's access to LIS is no longer required.

Audit Report: QC2015036 issued on 03.31.2015
Quality Control Review of the Management Letter for the Audit of the Department of Transportation’s Fiscal Years 2014 and 2013 Financial Statements
No. 1 to OST

Develop and implement guidance to formally document its assessments and recognition decisions, in accordance with Statement of Federal Financial Accounting Concept No. 5, as it relates to liabilities of exchange transactions, specifically those decisions to depart from GAAP based on materiality.

Closed on 12.08.2015
No. 2 to OST

KPMG recommends DOT automate footnotes, where applicable, to ensure consistency across the Department.

Closed on 12.08.2015
No. 3 to OST

KPMG reocmmends that DOT provide training and instruction, where necessary, to the OAs to ensure the financial reporting guidance is implemented consistently department-wide and to ensure the OAs understand the requirements of each line item on the financial statements and footnotes.

Closed on 12.08.2015
No. 4 to OST

KPMG recommends that DOT revise the financial statement (including footnotes) review checklist to incorporate the financial reporting instruction in order to determine that the financial statements were consistently prepared.

Closed on 12.08.2015
No. 5 to OST

KPMG recommnds that DOT implement an independent review of the DOT Consolidated financial statements to ensure the financial statements are properly consolidated and that the financial reporting guidance has been consistently applied.

No. 6 to FTA

KPMG recommends that FTA revise its grant accrual retrospective review to ensure that the retrospective review is performed with the appropriate level of precision and all data inputs (FFR reporting, UDO balances, grant disbursements) are reasonable and based on relevant and reliable data in order to ensure that all adjustments to the grant accrual or methodology are properly calculated and supported.

Closed on 12.08.2015
No. 7 to FHWA

KPMG recommends that FHWA review the inputs into the cash flow model to ensure that the inputs are complete and accurate and agree to the underlying supporting documentation.

Closed on 12.08.2015
No. 8 to FHWA

KPMG recommends that FHWA review the consolidated financial statements and footnote disclosures to ensure that they are prepared in accordance with the applicable accounting standards and contain all required disclosures.

Closed on 12.08.2015
No. 9 to FHWA

KPMG recommend that FHWA continue to take appropriate measures to ensure the audit logs are reviewed timely and documentation of the review is maintained.

Closed on 12.08.2015
No. 10 to FHWA

KPMG recommend  that  FHWA  management  increase the  level of  precision  of  the monthly  user  access review process to evaluate  user access  based on least  privileged"  necessary to perform their assigned tasks."

Closed on 12.08.2015
No. 11 to FHWA

KPMG recommend that FHWA strengthen its controls for removing access of separated employees and contractors to ensure that access is removed immediately upon termination or at the point in time when access is no longer required, and ensure that other DOT components are aware of the requirement to immediately notify FHWA of separations.

Closed on 12.08.2015
No. 12 to FHWA

KPMG recommend that FHWA management increase the precision of the FMIS user access review to include a review performed at the division level over the appropriateness of user access and access rights.

Closed on 12.08.2015
No. 13 to FTA

KPMG recommend that FTA implement re-authentication requirements, in accordance with the DOT Cyber Security Compendium, in the grant management system utilized by FTA.

Closed on 12.08.2015
No. 14 to FTA

KPMG recommend  that FTA  implement  procedures to remove application  access  for separated  employees and contractors immediately upon termination.

Audit Report: ZA2015035 issued on 03.20.2015
MWAA's Office of Audit Does Not Have an Adequate Quality Assurance and Improvement Program
Closed on 09.26.2016
No. 1 to MWAA

That MWAA's Board of Directors develop and implement a dual reporting structure for the Office of Audit to both the Board and CEO in accordance with IIA standards.

No. 2 to MWAA

That MWAA's Board of Directors ensure that the Vice President of the Office of Audit develop and implement a procedure for periodic assessments of the Office of Audit's quality assurance and improvement program from an office independent from the Office of Audit. This procedure should include annually providing the results of the assessment and, if necessary, an action plan for addressing recommendations to senior management and the Board.

No. 3 to MWAA

That MWAA's Board of Directors ensure that the Vice President of the Office of Audit develop and implement a policy to obtain an external peer review of MWAA's Office of Audit with senior management and the Board participation in the selection of the reviewer. The policy should include providing the results of the assessment and, if necessary, an action plan for addressing recommendations to senior management and the Board.

Closed on 02.29.2016
No. 4 to MWAA

We recommend that MWAA's Board of Directors ensure that the Vice President of the Office of Audit develop and implement a procedure for issuing Office of Audit policies, including approval of the policies by senior management and the Board.

No. 5 to MWAA

That MWAA's Board of Directors ensure that the Vice President of the Office of Audit: Develop and implement Office of Audit policies to include the following: a. obtaining and tracking continuing professional development. b. documenting and controlling audit work paper files. c. documenting individual independence and reporting impairments and remediation of impairments. d. requiring supervisors to review and document the review of all work from planning to reporting, including the review of work papers.

No. 6 to MWAA

That MWAA's Board of Directors ensure that the Vice President of the Office of Audit: Amend and implement the Office of Audit's policy to cite conformance or nonconformance with standards in its audit reports.

Closed on 02.15.2017
No. 7 to MWAA

That MWAA's Board of Directors ensure that the Vice President of the Office of Audit: Develop and implement processes for developing audit plans and conducting risk assessments, including the following: a. consulting with the CEO and other senior management officials when preparing the annual Risk Assessment and Audit Plans and ensuring that discussions and views on these matters are documented for future reference and shared with the Board of Directors. b. annually assessing and documenting auditable activities and their associated risks levels, the Office of Audit's priorities, and the basis for the prioritization.

Audit Report: AV2015034 issued on 03.13.2015
Program and Data Limitations Impede the Effectiveness of FAA’s Hazardous Materials Voluntary Disclosure Reporting Program
No. 1 to FAA

Require air carriers to provide FAA with sufficient evidence of completion of corrective actions and self-audits.

Closed on 03.31.2016
No. 2 to FAA

Close Hazardous Materials Voluntary Disclosure Reporting Program cases only after air carriers provide evidence of completion of corrective actions and self-audits.

No. 3 to FAA

Clarify how Hazardous Materials Voluntary Disclosure Reporting Program requirements are to be met, such as defining what constitutes serious violations and determining under what circumstances repeat violations could be accepted.

No. 4 to FAA

Provide training to the FAA Regions on Hazardous Materials Voluntary Disclosure Reporting Program requirements or policies.

Closed on 03.31.2016
No. 5 to FAA

Verify that FAA Regions consistently meet the requirements of the Hazardous Materials Voluntary Disclosure Reporting Program.

Closed on 09.30.2015
No. 6 to FAA

Require Regions to enter data from Hazardous Materials Voluntary Disclosure Reporting Program cases into the Aviation Hazmat Portal database.

Closed on 09.30.2015
No. 7 to FAA

Verify that FAA Regions record detailed information on voluntary disclosure cases into the Aviation Hazmat Portal database .

No. 8 to FAA

Develop an automated system, such as a Web site, to allow air carriers to report potential violations under the Hazardous Materials Voluntary Disclosure Reporting Program.

No. 9 to FAA

Combine Hazardous Materials Voluntary Disclosure Reporting Program data with data from other sources, such as inspections, to identify trends signifying safety risk.

Audit Report: ST2015029 issued on 03.02.2015
Most FHWA ARRA Projects Will Be Closed Out Before Funds Expire, but Weaknesses in the Project Close-Out Process Persist
Closed on 03.22.2016
No. 1 to FHWA

Implement a national plan that outlines steps for Division Offices to expedite ARRA project closeouts. This plan should include a mechanism to ensure up-to-date estimates of project completion and close-out dates for the remaining active ARRA projects.

No. 2 to FHWA

Develop and implement a mechanism to track States' backlogs of project closeouts for both ARRA and non-ARRA Federal-aid projects.

No. 3 to FHWA

Develop and implement a national strategy to work with the States to reduce annual backlogs of project closeouts.

No. 4 to FHWA

Address all project close-out recommendations made in the 2013 and 2014 PMIT reviews.

No. 5 to FHWA

Monitor project close-out timeliness by developing and implementing national close-out timeframes and performance measures.

No. 6 to FHWA

After implementation of national close-out timeframes and performance measures, review each Division Office's Standard Operating Procedures to assess consistency with FHWA's national policy.

No. 7 to FHWA

Develop and implement a standard definition for the project completion date field in FMIS and require States to manually enter the project completion date into FMIS.

Audit Report: ST2015027 issued on 02.18.2015
FHWA Effectively Oversees Bridge Safety, But Opportunities Exist To Enhance Guidance and Address National Risks
No. 1 to FHWA

Establish a consolidated source of guidance on documenting the National Bridge Inspection Standards oversight reviews in the Assessment Reporting Tool that allows Division Offices to easily identify or locate relevant information.

No. 2 to FHWA

Revise the quality assurance review process to fully communicate the results of the annual reviews to appropriate Division Offices and track the actions taken to address its recommendations.

No. 3 to FHWA

Revise Bridge Program Manual guidance to specify how Division Offices should combine and report results when separate assessments of the National Bridge Inspection Standards oversight metrics are performed.

No. 4 to FHWA

Establish a process for Division Offices to promptly inform the FHWA Headquarters Office of Bridges and Structures when additional resources are needed to complete a review of the State's bridge inspection program and for the Office of Bridges and Structures to coordinate the necessary support.

No. 5 to FHWA

Develop and implement a comprehensive risk management process for NBIPOT to identify, report, and track mitigation actions for high-priority risks to bridge safety at the national level. The process should incorporate best practices consistent with FHWA's risk management framework.

Audit Report: ST2015018 issued on 01.27.2015
FHWA Met Basic Requirements but Can Strengthen Guidance and Controls for Financial and Project Management Plans
No. 1 to FHWA

Develop and implement controls to ensure that FHWA reviews and accepts the initial financial plan before authorizing Federal funds for major project construction.

No. 2 to FHWA

Develop and implement controls to ensure that all Division Offices follow FHWA's financial plan and project management plan guidance when overseeing major projects. Specifically, these controls should ensure that: a) cost estimate reviews assess all major project cost elements, and these cost elements are documented in detail; b) any changes to major project costs between the cost estimate review workshop and the approval of the initial financial plan are documented; c) States submit integrated project schedules that clearly identify the project's critical path, and FHWA uses them to monitor project progress; and d) annual financial plan updates provide updated information on project risks and mitigation strategies.

No. 3 to FHWA

Develop and implement controls to ensure that FHWA Division Offices verify that there is reasonable assurance of sufficient toll-based financing, if applicable, before accepting a project's initial financial plan.

No. 4 to FHWA

Clarify financial plan guidance by: a) defining when States are required to develop baseline project cost estimates and baseline project schedules, as well as specify the level of detail required for these baselines; and b) defining when guidance requirements apply to specific project delivery methods or projects involving alternative financing mechanisms, such as TIFIA loans.

No. 5 to FHWA

Strengthen project management plan guidance by: a) defining what constitutes a significant change that would trigger a project management plan update, including examples; and b) requiring periodic, documented assessments of States' implementation of their project management plans to ensure that States fulfill commitments detailed in their plans.

Audit Report: FI2015015 issued on 12.10.2014
FAA Is Making Progress in Addressing ADS-B’S Security Issues but Weaknesses Still Exist
Closed on 07.26.2016
Sensitive
No. 1 to FAA

Sensitive information redacted

Sensitive
No. 2 to FAA

Sensitive information redacted

Closed on 10.19.2016
Sensitive
No. 3 to FAA

Sensitive information redacted

Closed on 01.31.2017
Sensitive
No. 4 to FAA

Sensitive information redacted

Audit Report: AV2015012 issued on 11.20.2014
Planning for High-Priority NextGen Capabilities Underway, But Much Work Remains for Full Realization of Benefits
Closed on 12.18.2014
No. 1 to FAA

Establish clear lines of responsibility with stakeholders.

Closed on 11.18.2015
No. 2 to FAA

Develop a tool or system to monitor progress against milestones.

No. 3 to FAA

Develop a risk mitigation strategy for missed milestones or as commitments change.

Audit Report: QC2015011 issued on 11.17.2014
Quality Control Review of the Department of Transportation's Audited Financial Statements for Fiscal Year 2014 and 2013
No. 1 to OST

KPMG recommend that the Chief Information Officer of DOT develop procedures and controls to address the provisioning of access and system audit log review control deficiencies identified in the FTA financial IT systems.

No. 2 to FTA

KPMG recommend that the Chief Information Officer of FTA develop procedures and controls to address the provisioning of access and system audit log review control deficiencies identified in the FTA financial IT systems.

No. 3 to OST

KPMG recommend that the Chief Information Officer of DOT Monitor progress to ensure that procedures and controls are appropriately designed, implemented, and maintained.

No. 4 to FTA

KPMG recommend that the Chief Information Officer of FTA monitor progress to ensure that procedures and controls are appropriately designed, implemented, and maintained.

Closed on 12.08.2015
No. 5 to FTA

KPMG recommends that FTA revise their process for monitoring obligations in order to timely identify and de-obligate stale obligations.

Closed on 12.08.2015
No. 6 to OST

KPMG recommend that DOT continues to provide training related to grants management, including the need for timely monitoring and close-out of projects.

Closed on 12.08.2015
$358,500,000
No. 7 to OST

KPMG recommend that all other OAs continue to timely review and monitor grant and non-grant undelivered orders to ensure that the recorded undelivered orders represent goods and services ordered and obligated, but not yet received, or potential amounts still to be claimed.

Closed on 12.08.2015
No. 8 to FHWA

KPMG recommend that FHWA work with OMB to develop and document policies and procedures on the appropriate accounting treatment for the execution and year-end reporting of UCOs entered into with non-Federal entities without an advance of funds.

Closed on 12.08.2015
No. 9 to OST

KPMG recommend that DOT, in conjunction with FHWA, develop a report that reflects a complete population of open UCO balances, by agreement number, as of a period-end date.and that FHWA use the report developed by OST to monitor and review its open UCO balances for completeness, accuracy, and validity

Closed on 09.27.2016
No. 10 to FRA

KPMG recommended that DOT complete the investigation into potential additional Anti-Deficiency Act violations at the FRA.

Closed on 09.27.2016
No. 11 to OST

KPMG recommended that DOT implement appropriate policies and procedures to prevent future violations.

No. 12 to FTA

KPMG recommend that DOT improve its general information technology controls at FTA, as noted above, to ensure that DOT's financial management systems comply with the requirements of the FFMIA.

Audit Report: FI2015009 issued on 11.14.2014
DOT Has Made Progress but Significant Weaknesses in Its Information Security Remain
Closed on 02.11.2016
No. 1 to OST

Revise the Department's AECM policy to develop procedural requirements that document activities components must complete to report and mitigate deficiencies identified through continuous monitoring.

Closed on 02.11.2016
No. 2 to OST

Implement the revised AECM policy and procedural guidance and provide and work with components to establish planned action dates to mitigate deficiencies in their ISCM reporting and addressing security weaknesses.

Closed on 02.11.2016
No. 3 to OST

Establish an enterprise-wide strategy that DOT components must adhere to implement and monitor Information Security Continuous Monitoring for Continuous Diagnostics and Mitigation requirements as outlined in OMB policy and NIST guidance.

Closed on 02.11.2016
No. 4 to OST

Revise the Department's policy to address the mandatory use of a toolset and requisite processes to perform the Information Security Continuous Monitoring tasks outlined by OMB.

No. 5 to OST

Start planning and assessing the impact of the security requirements that will be affected by NIST SP 800-53 revision 4 and NIST 800-53A revision 4.

Closed on 02.11.2016
No. 6 to OST

Revise DOT Cybersecurity policy and guidance to incorporate new or updated security requirements defined by NIST SP 800-53 revision 4 and NIST SP 800-53A revision 4.

Closed on 02.11.2016
No. 7 to OST

Work with components to develop a plan to address NIST 800-53 revision 4 requirements for their systems. Create a POA&M with planned completion date to monitor and track progress.

No. 8 to OST

Work with the components to develop a plan to complete annual SAT training within plan milestones and improve tracking.  Assess training periodically to determine if the component will meet SAT training plan.

Closed on 10.06.2015
No. 9 to FAA

Work with FAA to ensure automated scripts are properly configured to disable inactive user accounts in a timely manner.  Create a POA&M with a planned completion date to monitor and track progress.

No. 10 to OST

Work with the CSMC and individual components (including COE) to develop service level agreements needed to define responsibilities between CSMC and the components.  These agreements should include a detailed description of services between parties, and at a minimum contain: CSMC and component responsibilities, frequency of periodic scans of DOT networks; access privileges to networks, devices, and monitoring tools; hardware and software asset discovery and on-going management requirements; vulnerability scanning.

Closed on 02.11.2016
No. 11 to OST

Revise DOT policy to provide specific guidance for what data, format of data, and how often components should report system security status to the Authorizing Official throughout the continuous monitoring process.

Closed on 02.11.2016
No. 12 to FAA

Work with FAA to revise their plan to effectively transition the remaining 32,266 users to require unprivileged PIV login.  Create a POA&M with a planned completion date to monitor and track progress.

Closed on 10.06.2015
No. 13 to OST

Develop a plan to periodically review waived accounts to determine if they should be transitioned to PIV required status.  Create a POA&M with a planned completion date to monitor and track progress.

Closed on 10.06.2015
No. 14 to OST

Work with components to revise their plans to effectively transition the remaining users to require privileged PIV login.  Create a POA&M with a planned completion date to monitor and track progress.

No. 15 to OST

Work with components to develop or revise their plans to effectively transition the remaining information systems to required PIV login.  Create a POA&M with planned completion dates to monitor and track progress.

No. 16 to OST

Work with the Director of DOT Security to develop or revise their plan to effectively transition the remaining facilities to required PIV cards.

Audit Report: ZA2015003 issued on 10.15.2014
DOT’s Suspension and Debarment Program Continues To Have Insufficient Controls
Closed on 02.11.2016
No. 1 to OST

Implement a detailed process for OSPE staff to regularly evaluate Operating Administrations' compliance with departmental and Federal timeframes for (a) initiating an S&D action (within the DOT S&D Order 45-day requirement) and (B)reporting to SAM (3 days for procurement actions; 5 days for non-procurement actions). This process should include follow-up actions to correct instances of noncompliance.

No. 2 to OST

Require all Operating Administrations to establish or update their S&D procedures to implement Federal S&D requirements and the DOT S&D Order, including a) requiring recipients to report exclusions and b) strongly recommending that recipients of non-procurement agreements check SAM before awarding third-party assistance agreements or contracts.

Closed on 04.18.2016
No. 3 to OST

Implement detailed procedures for regularly verifying the accuracy and completeness of the data reported to the DOT S&D system—including, at a minimum, the key data fields needed for OSPE to assess the timeliness of decisions and reporting.

Closed on 06.23.2016
No. 4 to OST

Develop a data dictionary for the DOT S&D system that defines each data field and identifies which fields to populate. Make this data dictionary available to all relevant stakeholders and include it in DOT S&D system training.

Closed on 03.23.2016
No. 5 to OST

Revise the DOT S&D Order to reflect the transition to SAM—including revised Federal timeframes for entering data into SAM.

Closed on 04.18.2016
No. 6 to OST

Implement a detailed process for OSPE staff to regularly reconcile data in the DOT S&D system and SAM—including steps for identifying and correcting data discrepancies. Using this new process, complete a comprehensive reconciliation of data in the DOT S&D system and SAM, and correct any discrepancies.

Closed on 03.23.2016
No. 7 to OST

Conduct and document quarterly internal S&D meetings with all Operating Administrations and S&D stakeholders, as established in the DOT S&D Order.

Audit Report: AV2015001 issued on 10.09.2014
Oversight Weaknesses Limit DOT’s Ability to Ensure Passenger Protections During Long, On-Board Flight Delays
Closed on 07.06.2016
No. 1 to OST

OST to develop a process for periodically reviewing a sample of the contingency plans that U.S. and foreign carriers have posted on their Web sites to ensure all of the required assurances are included.

Closed on 09.25.2015
No. 2 to OST

Clarify the meaning of easily accessible" in the case of posting carrier contingency plans on their Web sites to ensure consumers can easily access airlines' and airports' obligations to passengers. Clarify the meaning of "easily accessible" in the case of posting carrier contingency plans on their Web sites to ensure consumers can easily access airlines' and airports' obligations to passengers."

Closed on 09.25.2015
No. 3 to OST

Obtain supporting evidence from air carriers, and other entities (i.e., FAA, Customs, and TSA), to verify airline responses when investigating LOBFDs.

No. 4 to OST

Require carriers to keep and maintain records documenting when they: a) Notify passengers about the status of the flight delay; b) Notify passengers when they have the opportunity to deplane; and c) Provide food and water to passengers.

No. 5 to OST

Revise DOT regulations to require carriers - when calculating the length of tarmac delays for reporting purposes - to include the time when an aircraft is at the gate with passengers on board and the crew has not made an announcement to deplane.

No. 6 to OST

Revise DOT regulations and the FAQ to indicate that U.S. and foreign air carriers provide food and water service within 2 hours after passengers no longer have the opportunity to deplane.

No. 7 to OST

Define comfortable cabin temperature and include the requirement in DOT regulations.  In the interim, issue guidance to the industry that defines comfortable cabin temperature.

Audit Report: AV2014130 issued on 09.25.2014
Management Limitations May Hinder FAA’s Ability To Fully Implement and Assess the Effectiveness of Its Runway Safety Initiatives
Closed on 07.14.2016
No. 1 to FAA

Realign the Runway Safety Group outside of FAA's operational lines of business to ensure the office effectively provides oversight and coordinates activities for investigating and mitigating runway incursions.

Closed on 12.02.2014
No. 2 to FAA

Develop a strategy and timeline to hire a permanent director for the Runway Safety Group

Closed on 10.14.2014
No. 3 to FAA

Provide written guidance to regional Runway Safety Offices on how to conduct effective outreach in a resource-constrained environment.

Closed on 12.02.2014
No. 4 to FAA

Update the National Runway Safety Plan and identify all national runway safety-related initiatives, establishing specific and measurable milestones for each initiative.

Closed on 10.28.2016
No. 5 to FAA

Expedite the development of metrics to determine whether runway incursions are actually increasing and to assess the effectiveness of implemented runway safety initiatives.

Audit Report: FI2014129 issued on 09.18.2014
Actions Needed To Enhance Controls Over Travel Cards
Closed on 06.04.2015
No. 1 to OST

Develop and implement controls to detect employees obtaining excessive cash advances.

Closed on 07.10.2015
No. 2 to OST

Provide program officials with quarterly Intellilink reports to help identify cardholder cash advances taken while not on Government travel and develop other cost-beneficial methods to detect unauthorized cash advances.

No. 3 to OST

Develop and implement automated controls to detect unauthorized cash advances and purchases.

No. 4 to FAA

Work with the Department to implement an automated solution, which reduces the costs associated with the labor-intensive process of comparing cardholder travel card activity to travel claims.

Audit Report: SA2014123 issued on 09.17.2014
United States Virgin Island
No. 1 to FHWA

Ensure the USVI complies with Cash Management Requirements.

Audit Report: MH2014117 issued on 09.16.2014
FTA’s National Transit Database: Data Used for Allocating Transit Grants Were Generally Supported
Closed on 04.07.2015
No. 1 to FTA

Establish a process requiring follow up on recurring problems with transit agency data, including outstanding issues identified in prior years' close-out letters.

Closed on 04.07.2015
No. 2 to FTA

Establish FTA standard operating procedures for the NTD data validation process that are signed and approved by FTA.

Closed on 11.17.2016
No. 3 to FTA

Revise triennial review procedures to include an assessment of transit agencies' supporting documentation and controls for NTD data used in the Urbanized Area Formula Program.

Audit Report: AV2014105 issued on 09.11.2014
ADS-B Benefits Are Limited Due to a Lack of Advanced Capabilities and Delays in User Equipage
No. 1 to FAA

Resolve performance problems identified during FAA's independent operational testing on ADS-B. Also, conduct end-to-end testing of the ADS-B system to determine how it can be used by controllers and pilots to safely manage and separate traffic in the NAS during all phases of flight.

Closed on 03.15.2017
No. 2 to FAA

Develop a schedule and plan to expedite the continued development and deployment of SBS Monitor and ensure that the system is adequately staffed and funded so it can effectively access the performance and integrity of the ADS-B system now and as it evolves.

Closed on 10.28.2016
No. 3 to FAA

Develop and implement a plan to improve communications with the aviation community to ensure it understands the intended use of ADS-B services and applications being provided, including that ADS-B initial capabilities are for advisory use only.

No. 4 to FAA

Determine when FAA will be in a position to introduce and support ADS-B In capabilities for congested airports, and identify the changes that may be required for ADS-B ground and air components for using advanced ADS-B In capabilities.

No. 5 to FAA

Develop a clearly defined and expedited schedule for determining the end-state for the ADS-B program with cost and schedule baselines, and provide written notification to Congress and other decision makers so that they have more complete information on the total program cost, schedule, and expected services.

Closed on 03.02.2016
No. 6 to FAA

Determine whether cost savings could be realized by delaying payment of subscription fees for ADS-B services at locations where (a) users are not equipped with rule-compliant avionics to provide and receive ADS-B services at those locations, and (b) air traffic control automation systems have not been modernized to support ADS-B services.

Audit Report: SA2014099 issued on 09.10.2014
State of Hawaii Department of Transportation Highway Division
Closed on 12.10.2015
No. 1 to FHWA

Ensure the Division complies with Cash Management Requirements

No. 2 to NHTSA

Ensure the Division complies with Cash Management Requirements.

Closed on 12.10.2015
No. 3 to FHWA

Ensure the Division complies with Davis-Bacon Requirements.

Closed on 02.29.2016
No. 4 to FHWA

Ensure the Division complies with Allowable Costs/Cost Principles Requirements and recover $ 111,284 from the Division, if applicable.

Closed on 04.21.2015
No. 5 to FHWA

Ensure the Division complies with Reporting Requirements.

Closed on 04.21.2015
No. 6 to NHTSA

Ensure the Division complies with Reporting Requirements.

Closed on 04.21.2015
No. 7 to FHWA

Ensure the Division complies with Subrecipient Monitoring Requirements.

Audit Report: SA2014095 issued on 09.08.2014
State of Tennessee
Closed on 11.28.2016
$46,167
No. 1 to FTA

Ensure the State complies with Allowable Costs/Cost Principles Requirements and recover $ 46,167 from the State; if applicable.

Closed on 03.30.2015
No. 2 to FHWA

We recommend FHWA ensure the State complies with Information Security Requirements.

Closed on 04.21.2015
No. 3 to FTA

We recommend FTA ensure the State complies with Information Security Requirements.

Closed on 03.30.2015
No. 4 to FHWA

We recommend FHWA ensure the State complies with Special Tests and Provisions Requirements

Closed on 03.30.2015
No. 5 to FHWA

We recommend FHWA ensure the State complies with Reporting Requirements

Closed on 04.21.2015
No. 6 to FTA

We recommend FTA ensure the State complies with Reporting Requirements.

Audit Report: SA2014084 issued on 08.01.2014
State of Georgia
No. 1 to FHWA

Ensure the State complies with Subrecipient Monitoring Requirements.

Audit Report: SA2014081 issued on 08.01.2014
Government of the United States Virgin Islands
No. 1 to FHWA

Ensure the Government of the U.S. Virgin Islands complies with Cash Management requirements.

Audit Report: MH2014064 issued on 07.17.2014
PHMSA Has Addressed Most Weaknesses We Identified in Its Special Permit and Approval Processes
Closed on 12.22.2015
No. 1 to PHMSA

Include in the planned approvals desk guide a requirement to use technical safety evaluation forms to document analyses for explosive classification applications.

Closed on 01.31.2017
No. 2 to PHMSA

Develop and implement a plan - including milestones and funding requirements-for resolving the company identifier issue.

Audit Report: AV2014062 issued on 07.09.2014
FAA Lacks the Metrics and Data Needed To Accurately Measure the Outcomes of Its Controller Productivity Initiatives
Closed on 07.13.2016
No. 1 to FAA

Assess current controller productivity initiatives to determine whether they will achieve anticipated cost savings or productivity gains and document the results of this assessment.

Closed on 11.23.2015
No. 2 to FAA

Develop a process to ensure future controller productivity initiatives include measurable milestones and cost and productivity goals.

No. 3 to FAA

Analyze its operational and financial data to identify opportunities to increase controller productivity and reduce operating costs.

No. 4 to FAA

Require controllers to maintain their own time-on-position records by signing in and out in Cru-X/ART.

No. 5 to FAA

Ensure that all facilities implement and use new Cru-X/ART task codes designed to better differentiate the tasks that controllers are completing.

Audit Report: AV2014061 issued on 06.26.2014
FAA Faces Significant Barriers To Safely Integrate Unmanned Aircraft Systems Into the National Airspace System
No. 1 to FAA

Publish a report annually detailing ongoing research activities and progress FAA and other entities are making in their respective areas of responsibility to resolve technical challenges to safe integration of UAS.

No. 2 to FAA

Establish milestones for the work needed to determine the appropriate classification system for unmanned aircraft as a basis for developing the UAS regulatory framework.

Closed on 03.02.2017
No. 3 to FAA

Establish a timeline for developing standardized training and procedures for air traffic controllers responsible for UAS operations.

No. 4 to FAA

Assess and determine the requirements for automated tools to assist air traffic controllers in managing UAS operations in the NAS.

No. 5 to FAA

Create a standardized framework for data sharing and analysis between FAA and UAS operators by (a) validating a sample of the data it currently receive from UAS operators; (b) finalizing an agreement with DoD for pertinent UAS operational data; and (c) completing development of a sharing and analysis database.

No. 6 to FAA

Develop and implement a consistent process to review and approve COAs across FAA regions, adopt measures that increase process efficiency and oversight and provide necessary guidance and training to inspectors.

Closed on 03.03.2017
No. 7 to FAA

Complete airspace simulation and safety studies of the impact of UAS operations on air traffic control across all segments of the NAS.

No. 8 to FAA

Develop a mechanism to verify that the UAS Integration Office, all FAA lines of business, and field safety inspectors are effectively coordinating their UAS efforts.

No. 9 to FAA

Determine the specific types of data and information needed from each of the six planned test ranges to facilitate safe integration of UAS into the NAS.

Closed on 03.02.2017
No. 10 to FAA

Establish a more detailed implementation plan with milestones and prioritized actions needed to advance UAS integration in the near, mid and long term.

No. 11 to FAA

Establish metrics to define progress in meeting implementation milestones as a basis for reporting to Congress.

Audit Report: AV2014060 issued on 06.26.2014
FAA Operational and Programmatic Deficiencies Impede Integration of Runway Safety Technologies
Closed on 09.15.2014
No. 1 to FAA

Develop and implement a plan, in coordination with airport authorities, to address issues, such as construction schedules and site adaptation/design that may impede RWSL's deployment within cost and schedule estimates.

No. 2 to FAA

Develop and finalize timetables as to when ADS-B can be expected to impact surface surveillance systems through the use of moving map information in cockpit displays and surface alerts for pilots.

No. 3 to FAA

Develop specific milestones for integrating ASDE-X, ASSC, RWSL, and ADS-B based on coordination between offices involved in runway safety; identify the offices accountable for achieving these milestones; and publish this information in the FAA National Runway Safety Plan.

Audit Report: AV2014059 issued on 06.19.2014
FAA Is Not Effectively Managing Air Traffic Controller Mid-Term Bargaining Agreements
Closed on 01.12.2015
No. 1 to FAA

Develop a process that ensures all national, regional, and local managers are held accountable when the requirements of FAA Order 3710.18 are not strictly followed.

Closed on 02.04.2016
No. 2 to FAA

Revise standard operating procedures to strictly enforce the involvement of Labor Relations Office (AHR-LMR) representatives during all mid-term bargaining prior to committing the Agency.

Closed on 02.04.2016
No. 3 to FAA

Clarify the roles and responsibilities of the Labor Relations Office (AHR-LMR) and the Labor Technical Liaison.

Closed on 12.08.2016
No. 4 to FAA

Provide refresher training to air traffic managers that interact with NATCA on labor relations management, including legal responsibilities and negotiation skills.

Audit Report: AV2014057 issued on 06.17.2014
FAA Faces Significant Obstacles in Advancing the Implementation and Use of Performance-Based Navigation Procedures
Closed on 04.01.2015
No. 1 to FAA

Complete an action plan to address the Agency's report on Obstacles to Performance Based Navigation Implementation" and develop milestones for when these solutions can be implemented."

No. 2 to FAA

Establish firm requirements and schedules for all NAV Lean initiatives that will provide a basis and justification for future funding requests.

Closed on 04.01.2015
No. 3 to FAA

Establish a process to measure the benefits of the NAV Lean initiatives on an ongoing basis to determine whether NAV Lean is achieving the desired outcomes.

Audit Report: FI2014052 issued on 06.05.2014
Weaknesses Exist in FAA’s Security Controls for the Traffic Flow Management System
Closed on 04.05.2016
Sensitive
No. 1 to FAA

Sensitive information redacted

Closed on 12.16.2014
Sensitive
No. 2 to FAA

Sensitive information redacted

Closed on 12.09.2014
Sensitive
No. 3 to FAA

Sensitive information redacted

Sensitive
No. 4 to FAA

Sensitive information redacted

Closed on 04.05.2016
Sensitive
No. 5 to FAA

Sensitive information redacted

Closed on 12.09.2014
Sensitive
No. 6 to FAA

Sensitive information redacted

Closed on 12.16.2014
Sensitive
No. 7 to FAA

Sensitive information redacted

Audit Report: SA2014045 issued on 05.21.2014
Spirit Lake Tribe, North Dakota
$17,190
No. 1 to FHWA

Recover $17,190 from the Tribe, if applicable.

Audit Report: FI2014037 issued on 04.15.2014
Accuracy And Reliability Of DOT’s Improper Payment Reporting Can Be Improved
No. 1 to OST

That DOT's Assistant Secretary for Budget and Programs/ Chief Financial Officer provide specific documentation requirements and greater oversight of contractors who perform improper payment testing to ensure that the work performed tests actual payments and verifies that each transaction has an audit trail and proper support.

Closed on 12.19.2014
No. 2 to OST

Implement procedures that ensure that all the elements required for IPERA reporting are accurate and supported by documentation.

Closed on 12.19.2014
No. 3 to OST

Reinforce DOT policy that the recovery of duplicate payments must be recorded in DOT's accounting system.

Audit Report: AV2014036 issued on 04.10.2014
Further Actions Are Needed To Improve FAA’s Oversight of the Voluntary Disclosure Reporting Program
No. 1 to FAA

Add dedicated data fields in the VDRP electronic system for air carriers to describe the root cause(s) associated with the non-compliance and identify whether the violation occurred due to the actions of an individual or a systemic problem.

No. 2 to FAA

Require inspectors to evaluate the root causes(s) determination to ensure repeat self-disclosure does not go undetected and potential systemic issues are identified.

No. 3 to FAA

Require inspectors to use the dedicated field within the VDRP electronic system to document the surveillance performed as a result of self-disclosures.

No. 4 to FAA

Require inspectors to ensure that air carriers track any revisions to programs and procedures resulting from VDRP disclosures to prevent future modification without consideration of VDRP requirements.

No. 5 to FAA

Provide familiarization training to inspectors and office managers regarding VDRP guidance that allow the ASAP corrective actions to be used as the comprehensive fix for a voluntary disclosure when certain conditions are met.

No. 6 to FAA

Ensure that inspector's ability to obtain safety data is not further restricted through efforts to streamline voluntary safety programs.

No. 7 to FAA

Develop a mechanism to assist inspectors with surveillance planning, identification of safety issues, and monitoring trends for Part 121 air carrier.

No. 8 to FAA

Analyze VDRP data from a national perspective to aid in the identification of system-wide trends and patterns that represent risks.

Audit Report: FI2014034 issued on 04.02.2014
ARRA Lessons Learned: FTA Needs To Improve Its Grant Oversight To Prevent Improper Payments
Closed on 06.25.2014
$7,343,100
No. 1 to FTA

Determine if improper payments identified in this report are recoverable, and develop and implement a plan to maximize the return of these payments.

Closed on 06.25.2014
No. 2 to FTA

Provide training to regional office personnel on topics specific to force account plans that addresses and clarifies FTA's requirements for reimbursement.

Closed on 06.25.2014
No. 3 to FTA

Modify existing FTA Circulars, instructions to oversight contractors, and training for grantees to reinforce program requirements, including those addressing such certifications as Federal Motor Vehicle Safety Standards and Buy America.

No. 4 to FTA

Implement preventive measures to guard against improper payments, such as periodically requesting payment documentation (i.e. force account plans and current contracts), prior to reimbursing grantees for expenditures.

Closed on 03.31.2015
No. 5 to FTA

Implement controls governing payments to grantees for preventive maintenance force account activities.

Audit Report: FI2014033 issued on 04.01.2014
Inadequate Planning, Limited Revenue, and Rising Costs Undermine Efforts to Sustain Washington, DC’s, Union Station
Closed on 09.29.2015
No. 1 to FRA

That the Secretary and the Federal Railroad Administrator, or their designees, as Chair and member of the Union Station Redevelopment Corporation Board of Directors pursue actions to complete a thorough reserve study for Union Station.

Closed on 03.07.2016
No. 2 to FRA

That the Secretary and the Federal Railroad Administrator, or their designees, as Chair and member of the Union Station Redevelopment Corporation Board of Directors pursue actions to: Update Union Station Redevelopment Corporation's Union Station Master Plan to include coordination with Amtrak, Akridge, and other related stakeholders.

Closed on 07.30.2015
No. 3 to FRA

That the Secretary and the Federal Railroad Administrator, or their designees, as Chair and member of the Union Station Redevelopment Corporation Board of Directors pursue actions to evaluate all possibilities to maximize revenue.

Closed on 03.07.2016
No. 4 to FRA

Define and communicate the extent of FRA's authority in the authority having jurisdiction (AHJ) role to the appropriate parties; designate individuals or offices within FRA to assume responsibility for AHJ tasks; and oversee compliance with building and safety codes, and their process for reviewing and enforcing building code and safety issues that may arise.

Closed on 07.30.2015
No. 5a to FRA

Direct USRC to conduct a building assessment to identify and quantify deficiencies on nonstructural components.

No. 5b to FRA

Direct USRC to perform a full structural analysis on the building's structural components.

Audit Report: QC2014020 issued on 01.15.2014
Quality Control Review of Controls Over DOT's Enterprise Services Center
Closed on 07.28.2016
Sensitive
No. 1 to OST

Sensitive information redacted

Audit Report: AV2014017 issued on 12.18.2013
FAA’s Safety Data Analysis and Sharing System Shows Progress, but More Advanced Capabilities and Inspector Access Remain Limited
No. 1 to FAA

Identify the FAA office with responsibility for disseminating aggregated de-identified ASIAS trends to both field and headquarters levels.

No. 2 to FAA

Establish a mechanism for providing access to aggregated, de-identified ASIAS trends to each level of Flight Standards in a protected manner, including specific reporting frequency.

No. 3 to FAA

Develop and issue guidance on how inspectors are to use aggregated, de-identified ASIAS trends to enhance air carrier safety risk identification and mitigation, including how ASIAS will interact with SAS.

Closed on 03.03.2014
No. 4 to FAA

Include in its planned process to distribute CAST Safety Enhancement information a method for inspectors to provide feedback on the utility of the information provided and how frequently FAA intends to transmit these enhancements.

Audit Report: AV2014016 issued on 12.18.2013
More Comprehensive Data Are Needed To Better Understand The Nation's Flight Delays And Their Causes
Closed on 11.18.2016
No. 1 to OST

Expand the required reporting of on-time performance data to include flights by the code share partners of the reporting carriers.

Closed on 11.18.2016
No. 2 to OST

Increase the number of carriers required to report on-time performance data by reducing the reporting threshold below 1 percent of all domestic passenger revenues.

Closed on 09.23.2015
No. 3 to RITA

Complete ongoing efforts to identify the underlying causes of delays attributed to late arriving aircraft and make them available on BTS's public Web site.

Closed on 09.17.2015
No. 4 to FAA

Establish and implement a policy to periodically update and publish the capacity benchmarks.

Closed on 05.21.2014
No. 5 to FAA

Establish and implement a policy to ensure the consistent preparation, publication, and appropriate distribution of the ATO's Core 30 Monthly Delay Report.

Audit Report: ZA2014018 issued on 12.18.2013
FAA Needs To Improve ATCOTS Contract Management To Achieve Its Air Traffic Controller Training Goals
Closed on 07.12.2016
No. 1 to FAA

Create a training plan that clearly defines all air traffic controller training requirements, including proficiency training and training for new systems. The plan should also specify the training requirements to be performed by FAA certified professional controllers and those to be performed by the contractor.

Closed on 09.23.2015
No. 2 to FAA

Implement a procedure to identify costs related to internal training performed by FAA controllers, such as a timekeeping code to record hours that controllers spend teaching classroom and simulator training, including any overtime hours accrued for training.

Closed on 07.12.2016
No. 3 to FAA

Develop a plan to assess internal resources and verify that controllers will be available to teach training at each facility.

Closed on 11.17.2015
No. 4 to FAA

Update cost estimates, and determine whether (a) training requirements can be met within the current contract value of $859 million, (b) the acquisition should be rebaselined and/or recompeted, or (c) the remaining contract options should be exercised.

Closed on 01.26.2015
No. 5 to FAA

Implement procedures to hold FAA oversight staff accountable for overseeing contractor performance at the facilities, including completing required semi-annual performance evaluations.

Closed on 11.09.2015
No. 6 to FAA

Develop a process to ensure the contract files are maintained as required by FAA's Acquisition Management System.

Closed on 07.03.2014
No. 7 to FAA

Determine whether training innovations should be funded under the ATCOTS contract or competed under a separate contract, and modify the ATCOTS contract to reflect this determination.

Closed on 07.06.2015
$14,100,000
No. 8 to FAA

Determine whether FAA should eliminate the cost incentive fee and modify the contract to a cost-plus-award-fee type.

Closed on 11.09.2015
No. 9 to FAA

Modify the award fees to (a) develop performance measures that motivate contractors to achieve program goals and (b) ensure that fees are paid only for performance that links to key training goals and does not conflict with other contract objectives.

No. 10 to FAA

Perform an integrated baseline review to (a) identify the training requirements that should be included in the budget baseline; (b) identify the risks for maintaining the budget and plans for adequately mitigating those risks; and (c) determine whether resources are sufficient for completing the work.

Audit Report: QC2014015 issued on 12.16.2013
Quality Control Review of the Department of Transportation’s Audited Financial Statements for Fiscal Years 2013 and 2012
Closed on 01.14.2016
$518,000,000
No. 1 to OST

Develop a department-wide requirement for the periodic operating administration certification of the open obligation balance that is inactive for twelve or more months (validity).

Closed on 01.14.2016
No. 2 to OST

Continue to provide department-wide training related to grants management, including the monitoring and close-out process.

Closed on 01.14.2016
No. 3 to OST

Require that FHWA emphasize the timely review and de-obligation of stale obligations in accordance with the revised Financial Integrity Review and Evaluation (FIRE) program.

Closed on 01.14.2016
No. 4 to OST

Require that FTA review their processes for monitoring obligations in order to more timely identify and de-obligate stale obligations.

Closed on 01.14.2016
No. 5 to OST

Develop a report that reflects a complete population of open UCO balances, by agreement number, as of a period-end date.

Closed on 01.14.2016
No. 6 to OST

Implement policies and procedures, whereby the DOT OAs, with material unfilled customer order balances, monitor and review its open UCO balances using the above report for completeness, accuracy, and validity.

Closed on 01.14.2016
No. 7 to OST

Perform a reconciliation of reimbursable expenditures to reimbursable revenue, at the agreement level, to ensure reimbursable revenue is properly recognized in the appropriate accounting period and all material reconciling items are investigated.

Closed on 01.14.2016
No. 8 to OST

Provide training on the execution, monitoring and reporting of UCOs in accordance with the newly established policies and procedures.

Closed on 01.14.2016
No. 9 to OST

Follow the established policies and procedures and finish development of a business intelligence (BI) report to monitor Fund 15X015P633 monthly. In addition, record any necessary year-end accrual and adjusting entries to ensure the full cost recovery program reports a zero balance at year-end.