OFFICE OF INSPECTOR GENERALQuick Links
Filters
Status
Agency
Year
Recommendation Dashboard
The Office of Inspector General (OIG) makes recommendations to the U.S. Department of Labor (DOL) to promote effectiveness, efficiency, economy, and integrity of all DOL programs and operations, including those performed by its contractors and grantees. Recommendations are considered resolved when agency management and the OIG agree on the required corrective actions. After the agreed-upon corrective actions have been completed, the recommendations are considered closed. This Recommendation Dashboard provides the status of OIG recommendations going back to FY 2011.
Keys for Recommendations
- Open - Closed Updated as of May 30, 2023
- Open - Closed Updated as of May 30, 2023
Recommendations by Agency
Filters ☰
Status
Agency
FY Year
Reset
Number ofRecommendations
Monetary Value of Recommendations
Expand / Collapse All Reports 
OWCP Did Not Ensure Best Prices and Allowed Inappropriate, Potentially Lethal Prescriptions in the FECA Program
Audit Report to OWCP, 03-23-001-04-431 issued on 03/31/2023
10 recommendations, of which 0 are closed
10 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OWCP | $321,261,486 | We recommend the Director of OWCP implement a process to ensure competitive prices for the FECA program by regularly evaluating alternate pricing methodologies and other sources — including state fee schedules, ACA FUL, NADAC, MAC lists, market research, and comparable payers — and updating its pricing methodology as appropriate. | ||
| 002 | OWCP | $0 | We recommend the Director of OWCP implement a process to collect drug manufacturer rebates. | ||
| 003 | OWCP | $0 | We recommend the Director of OWCP implement a process to review the effectiveness of policy changes, including: a. documented assessment of prescription information after any changes in the authorization, approval, and/or adjudication process to ensure desired changes are achieved; and b. documented solutions for any performance gaps identified during the review, including follow up testing. | ||
| 004 | OWCP | $0 | We recommend the Director of OWCP implement an ongoing pharmaceutical monitoring and alert program to identify and closely monitor significant changes in costs, prescribing patterns, utilization, sources, and new and novel prescription drugs. | ||
| 005 | OWCP | $0 | We recommend the Director of OWCP establish internal controls that identify prescription drugs payment and management issues in near-real-time, including: a. reviewing all system data fields provided by PBM(s) and bill pay vendor(s); b. determining any additional data fields/elements needed to monitor pharmaceutical spending and track trends over time; c. ensuring a recurring process to receive and immediately review data from the PBM(s) and bill pay vendor(s); and d. using that data review to report regularly to management, medical director, and staff pharmacists for collaborative identification of current and emerging issues. | ||
| 006 | OWCP | $0 | We recommend the Director of OWCP implement a technology solution to perform ongoing prescription claim level reviews in near real-time - including contractual adherence by the PBM, prescription drug pricing discounts, and rebate guarantees - as well as to validate prescription drug pricing methodology. | ||
| 007 | OWCP | $0 | We recommend the Director of OWCP adopt one or more of the widely used and thoroughly vetted evidence based clinical guidelines, such as those from the American College of Occupational and Environmental Medicine and Official Disability Guidelines, in place of treatment suites. | ||
| 008 | OWCP | $0 | We recommend the Director of OWCP develop and deliver ongoing formal training for staff involved in making pharmaceutical decisions, with documentation of participation and post training evaluation. | ||
| 009 | OWCP | $0 | We recommend the Director of OWCP add pharmacists and physicians to provide oversight of the FECA program for oversight and other necessary functions not assigned to the PBM. | ||
| 010 | OWCP | $0 | We recommend the Director of OWCP ensure medical and pharmaceutical experts participate in the development, monitoring, maintenance, improvement, and evaluation of the FECA pharmaceutical program. |
Alert Memorandum: ETA and States Need to Ensure the Use of Identity Verification Service Contractors Results in Equitable Access to UI Benefits and Secure Biometric Data
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Acting Assistant Secretary of Employment and Training provide guidance that ensures SWAs provide upfront, clear, consistent, and fair alternatives to services that rely on facial recognition technology. | ||
| 002 | ETA | $0 | We recommend the Acting Assistant Secretary of Employment and Training require SWAs that use facial recognition technology to test the system for biases and design procedures to mitigate those effects. SWAs need to report findings from bias testing to ETA regarding implementation or use of identity verification services that rely on facial recognition technology. | ||
| 003 | ETA | $0 | We recommend the Acting Assistant Secretary of Employment and Training provide guidance to SWAs to help ensure that contracts with identity verification service providers include requirements on the secure storage of data, destruction of the data once the contract is concluded, and purging of any large datasets collected by identity verification service providers on a regular basis. |
OSHA Needs to Better Address Complaints and Referrals for Increased Worker Safety
Audit Report to OSHA, 02-23-001-10-105 issued on 03/06/2023
3 recommendations, of which 0 are closed
3 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: Modify the Field Operations Manual to include a policy for mandatory interviews of complainants and witnesses or document the rationale for lack thereof and provide training to Compliance Safety and Health Officers on the updated requirements. | ||
| 002 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: Update the Field Operations Manual to require documented case file review and approvals by supervisors and provide training for Compliance Safety and Health Officers to ensure complete documentation of significant decisions and actions. | ||
| 003 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: Establish controls and provide training of Field Operations Manual abatement certification and documentation requirements and create a monitoring process that is reviewed and approved by a supervisor. |
District of Columbia Workmen’s Compensation Act Special Fund Financial Statements and Independent Auditors’ Report September 30, 2021 and 2020
Audit Report to OWCP, 22-23-004-04-432 issued on 02/22/2023
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OWCP | $0 | We recommend that the Director of Division of Federal Employees’, Longshore and Harbor Workers’ Compensation perform a review of the FY 2021 outstanding claimant forms and perform any follow-up procedures as deemed necessary. | ||
| 002 | OWCP | $0 | We recommend that the Director of Division of Federal Employees’, Longshore and Harbor Workers’ Compensation continue implementation of monitoring controls to validate the claims examiners are promptly performing follow-up procedures when the LS-200 and/or LS-267 forms are not timely provided by claimants. |
FY 2022 FISMA DOL Information Security Report: DOL’s Information Security Program Not Remaining Current with Security Requirements
Audit Report to OASAM, 23-23-001-07-725 issued on 02/10/2023
8 recommendations, of which 0 are closed
8 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OASAM | $0 | Update DOL entity-wide and system-level security policies, procedures, and plans to comply with NIST SP 800-53, Rev. 5. | ||
| 002 | OASAM | $0 | Develop and implement policies and procedures to update DOL’s system repository based on a defined frequency. | ||
| 003 | OASAM | $0 | Implement proper quality control to ensure change management processes are being performed for all systems and equipment on the DOL network. | ||
| 004 | OASAM | $0 | Develop Departmental policies and procedures that require all DOL agencies to perform data exfiltration tests to identify gaps in its data exfiltration and network defense | ||
| 005 | OASAM | $0 | Implement data loss prevention tools and alerts based on the results of agencies’ data exfiltration tests. | ||
| 006 | OASAM | $0 | Verify if systems have been appropriately authorized in accordance with DOL’s policy. | ||
| 007 | OASAM | $0 | Enhance incident response activity training to emphasize the importance of submitting required incidents to the US-CERT within the 1-hour timeframe | ||
| 008 | OASAM | $0 | Implement an automated mechanism to report incidents to the US CERT within the 1-hour timeframe. |
Management Advisory Comments Identified in an Audit of the Consolidated Financial Statements, For the Year Ended September 30, 2022
Audit Report to OCFO, 22-23-005-13-001 issued on 01/30/2023
8 recommendations, of which 0 are closed
8 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OCFO | $0 | We recommend the Director of OWCP develop and provide training to claims examiners to reinforce the policies and procedures related to performing PER reviews. | ||
| 002 | OCFO | $0 | We recommend the Director of OWCP design and implement policies and procedures to monitor that the claims examiner reviews are performed in accordance with the [FECA Procedure] Manual. | ||
| 003 | OCFO | $0 | We recommend the Director of OWCP enforce existing policies and procedures for the review of continuing eligibility for Black Lung claims to confirm that benefit eligibility is reviewed when a claimant does not submit required annual documentation and provide additional training to re-enforce such policies and procedures. | ||
| 004 | OCFO | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of ETA implement controls to determine that the Final Determination Letters are issued in accordance with the 2 CFR Part 200. | |
| 005 | OCFO | $0 | We recommend the Director of OWCP implement controls to periodically verify that all medical bills over the applicable thresholds are identified, reviewed, and approved prior to payment. | ||
| 006 | OCFO | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of ETA update the Unemployment Insurance Disbursements standard operating procedures to ensure the reviewers validate the reliability of information used by the preparer in the development of the benefit expense estimate. | |
| 007 | OCFO | $0 | We recommend the Assistant Secretary for ODEP and Deputy Undersecretary of ILAB implement back-up protocols to ensure timely grant closeout when staff shortages occur. | ||
| 008 | OCFO | ETA | $0 | We recommend the Principal Deputy Assistant Secretary for ETA design and implement monitoring controls over FPOs’ review and acceptance of the ETA-9130 cost reports to determine that such review and acceptance is completed within 10 days. |
FY 2022 Independent Auditors' Report on DOL's CFS
Audit Report to OCFO, 22-23-002-13-001 issued on 12/13/2022
3 recommendations, of which 0 are closed
3 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OCFO | $0 | We recommend that the Deputy Chief Financial Officer and the Assistant Secretary for Employment and Training design and implement controls over their respective estimates to ensure management’s review of the estimates are performed at a sufficient level of detail, including the methodology, underlying data, and assumptions used to develop the estimates. | ||
| 002 | OCFO | $0 | We recommend that the Deputy Chief Financial Officer and the Assistant Secretary for Employment and Training maintain documentation of the reviews performed to assess the reasonableness of the methodology, underlying data, and assumptions used to develop the estimates that is sufficiently detailed to evidence the specific items reviewed, analysis performed, and conclusions reached. | ||
| 003 | OCFO | $0 | We recommend that the Deputy Chief Financial Officer and the Assistant Secretary for Employment and Training provide additional training to the reviewers of the estimates to reinforce established policies and procedures, as necessary. |
COVID-19: OSHA’S Enforcement Activities Did Not Sufficiently Protect Workers from Pandemic Health Hazards
Audit Report to OSHA, 19-23-001-10-105 issued on 10/31/2022
5 recommendations, of which 0 are closed
5 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: provide additional training to CSHOs to enforce the recording and reporting standard for fatalities. | ||
| 002 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: update guidance or policy to include supervisory review of inspection files to ensure they contain adequate support for the reasons regarding citation issuance decisions before closing inspections. | ||
| 003 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: develop a plan for a future pandemic or epidemic to collaborate with external agencies on worksite case data and to use this data to maximize rapid response and enforcement actions in worksites. | ||
| 004 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: as part of OSHA’s rulemaking on infectious diseases, require employersto notify all employees of all known positive cases of infectious diseases at the worksite. | ||
| 005 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: develop and implement a tracking tool to ensure OSHA receives and reviews all items CSHOs request during inspections to ensure alleged hazards have been mitigated. |
COVID-19: ETA and States Did Not Protect Pandemic-Related UI Funds from Improper Payments Including Fraud or From Payment Delays
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training: Use data collected from monitoring and BAM reports to identify the areas of highest improper payments including fraud and create a plan to prevent similar issues in future temporary UI benefit programs. | ||
| 002 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training: Require states to have written policies and procedures, which apply lessons learned during the COVID-19 pandemic, to continue eligibility testing and BPC procedures during emergencies or other times of increased claims volume. These policies and procedures should include strategies to pay claimants timely. | ||
| 003 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training: Work with NASWA to update the IDH Participant Agreement to require state to submit the results of their UI fraud investigations. | ||
| 004 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training: Work with NASWA to ensure the IDH cross matches are effective at preventing the types of fraud that were detected during the pandemic and regularly update using the results of state fraud investigations. | ||
| 005 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training: Work with the OIG and states to recover the greatest practicable amount of the $7,092,604 paid to claimants connected to likely fraudulent claims. |
FY 2022 DOL Made Progress In Implementing Geospatial Data Act Requirements, But More Needs To Be Done
Audit Report to OSEC, 23-22-003-01-001 issued on 09/30/2022
3 recommendations, of which 0 are closed
3 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSEC | $0 | We recommend the Chief Data Officer document how DOL is collecting and managing all agency-specific geospatial data. | ||
| 002 | OSEC | $0 | We recommend the Chief Data Officer update policy and procedures to cover other types of geospatial data in completing their 13 responsibilities. | ||
| 003 | OSEC | $0 | We recommend the Chief Data Officer develop a plan to properly fund the implementation and oversight of data quality standards throughout DOL and for its contracts. |
Alert Memorandum: The Office of Workers’ Compensation Programs’ Workers’ Compensation Medical Bill Process System Data Were of Undetermined Reliability
Audit Report to OWCP, 23-22-002-04-001 issued on 09/26/2022
1 recommendations, of which 0 are closed
1 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OWCP | $0 | We recommend the Director of Workers’ Compensation Programs implement internal controls that ensure the quality of OWCP’s medical bill processing data when it is collected, processed, and shared with OWCP’s other systems, program management and staff, and other stakeholders. |
Alert Memo: Potentially Fraudulent Unemployment Insurance Payments in High-Risk Areas Increased to $45.6 Billion
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Assistant Secretary of Employment and Training: Implement immediate measures to ensure SWAs are required to provide ongoing access to the OIG by amending its current guidance to require disclosures to the OIG for audits and investigations as necessary, mandatory, and without time limitation for the proper oversight of the UI program. | ||
| 002 | ETA | $29,581,490,253 | We recommend the Assistant Secretary of Employment and Training: Expedite OIG-related amendments to 20 C.F.R. § 603.6(a) to make ongoing disclosures of UI information to DOL OIG mandatory by expressly adding the U.S. Department of Labor, Office of Inspector General (including its agents and contractors) to the list of required disclosures that are necessary for the proper oversight of the UI program without distinction as to purpose (e.g., audits versus investigations). | ||
| 003 | ETA | $0 | We recommend the Assistant Secretary of Employment and Training: Expedite 603.5(i) to expressly make disclosures of UI information to federal officials for oversight, audits, and investigations of federal programs mandatory. |
The ETA Needs to Ensure SWAs Report Activities Related to CARES Act UI Programs
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Acting Assistant Secretary of Employment and Training: Continue to identify states that have not complied with ETA’s reporting requirements for CARES Act UI programs and work with them to ensure missing reports and information are submitted before commencement of the Department’s FY 2022 financial statement audit. | ||
| 002 | ETA | $0 | We recommend the Acting Assistant Secretary of Employment and Training: Verify the accuracy of reports that cite no activity and ensure corrections are made where warranted. |
The U.S. Department of Labor Did Not Meet Requirements for Compliance with Payment Integrity Information Act for FY 2021
Audit Report to OCFO, 22-22-007-13-001 issued on 07/01/2022
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OCFO | ETA | $0 | We recommend the Principal Assistant Secretary of ETA maintain the current focus on increasing technical assistance and funding to states to improve the improper payment reduction strategies in order to reduce the improper payments estimate rate below the 10 percent threshold, and demonstrate improvement on the rate. | |
| 002 | OCFO | ETA | $0 | We recommend the Principal Assistant Secretary of ETA revise the methodology used to calculate the improper payment information for the FPUC program. |
COVID-19: To Protect Mission Critical Workers, OSHA Could Leverage Inspection Collaboration Opportunities With External Federal Agencies
Audit Report to OSHA, 19-22-003-10-105 issued on 03/31/2022
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health develop an OSHA outreach plan to be activated during a large-scale safety and health crises such as the COVID-19 pandemic that (a) identifies external federal agencies with enforcement or oversight personnel who are active on worksites and (b) defines how OSHA will collaborate with those agencies. OSHA should consider incorporating into the plan: a process to identify and document highly visible, safety and health hazards for large-scale safety and health crises; a plan for how OSHA will conduct related outreach and training on those hazards and how to refer them to OSHA; and a tracking system for agency referrals and outcomes of those referrals, using that information to periodically inform the outreach plan on areas and types of guidance and training the agencies’ oversight and enforcement personnel need. | ||
| 002 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health explore mechanisms to enhance collaboration, such as MOUs or other written agreements using GAO’s seven key features for collaboration, and incorporate a process to utilize those mechanisms into the outreach plan. |
COVID-19: Delays in Providing Grant Relief Assistance Jeopardizes Goals Of A $366 Million Employment And Training Program
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training: Continue to closely monitor the remaining COVID-19 DWG awards to ensure attainment of performance goals and objectives and provide technical assistance as needed throughout the grant lifecycle. To the extent permitted by law, any of the remaining funds (determined as not needed) should be returned to the Department of Treasury or recouped as soon as practicable so that these funds would become available for other allowable purposes. |
FY 2021 FISMA DOL Information Security Report: Information Security Continuous Monitoring Controls Remain Deficient
Audit Report to OASAM, 23-22-001-07-725 issued on 01/28/2022
18 recommendations, of which 3 are closed
18 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OASAM | $0 | We recommend the CIO: Enforce DOL requirements for authorizing connections and effective implementation of Interconnection Service Agreements. | ||
| 002 | OASAM | $0 | We recommend the CIO: Implement changes in oversight that enforce DOL requirements for the performance of the monthly continuous monitoring checklist for CSPs in accordance with the DOL CSH. | ||
| 003 | OASAM | $0 | We recommend the CIO: Develop and implement a centralized process or mechanism for tracking monthly reviews of CSPs. | ||
| 004 | OASAM | $0 | We recommend the CIO: Enforce DOL requirements for implementing, auditing, testing and documenting exceptions to baseline configurations. | ||
| 005 | OASAM | $0 | We recommend the CIO: Ensure DOL maintains a complete and accurate inventory of its hardware and software assets. | ||
| 006 | OASAM | $0 | We recommend the CIO: Enhance the management oversight by OCIO to enforce DOL requirements for the performance of annual reviews of unsecure functions, ports, protocols, and services. | ||
| 007 | OASAM | $0 | We recommend the CIO: Execute the OCIO and AO oversight process to ensure compliance with DOL requirements for the performance of Security Impact Analysis (SIA)s prior to the implementation of system changes. | ||
| 008 | OASAM | $0 | We recommend the CIO: Implement a centralized process to monitor vulnerabilities for information systems to ensure that each vulnerability is remediated within the Computer Security Handbook (CSH) defined timeframe. | ||
| 010 | OASAM | $0 | We recommend the CIO: Implement a control to retain rules of behavior acknowledgements, access authorizations, other required documentation for authorized system access, and periodic user access reviews. OCIO should monitor this control to ensure each FISMA-reportable system is compliant with the DOL CSH account management policies. | ||
| 011 | OASAM | $0 | We recommend the CIO: Strengthen the OCIO controls to monitor system owners to ensure they implement appropriate audit logging controls in accordance with the Computer Security Handbook (CSH). | ||
| 013 | OASAM | $0 | We recommend the CIO: Develop clear standards for the documentation of information security controls and enforce the adherence to these standards through OCIO monitoring processes for developing, reviewing and maintaining system security plans and documentation. | ||
| 014 | OASAM | $0 | We recommend the CIO: Enhance the OCIO oversight of the DOL ISCM strategy at the enterprise and system level and ensure DOL systems have an implemented system-level continuous monitoring strategy. | ||
| 016 | OASAM | $0 | We recommend the CIO: Implement changes in operations, management and oversight that enforces DOL requirements for the timely completion of contingency plan tests. | ||
| 017 | OASAM | $0 | We recommend the CIO: Enhance the OCIO monitoring of the completion of the required annual training by individuals with CP responsibilities. | ||
| 018 | OASAM | $0 | We recommend the CIO: Enhance the OCIO monitoring and oversight of system owners to complete BIAs. |
COVID-19: Safety and Remote Learning Challenges Continue for Job Corps
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training require Job Corps: Implement continuous monitoring to ensure centers adhere to Job Corps COVID-19 safety protocols (e.g., use of social distancing markers, installation of barriers, and reconfiguration of furniture to accommodate social distancing). | ||
| 003 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training require Job Corps: Identify learning gaps that occurred during campus closures and procedures Job Corps needs to take to help students fill in those gaps. | ||
| 004 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training require Job Corps: Increase oversight of remote instructional programs to ensure students receive the training and resources to complete their programs in a timely way. |
ETA did not Sufficiently Plan and Execute the American Apprenticeship Initiative Grant Program
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $155,582,864 | We recommend the Assistant Secretary for Employment and Training Administration improve funding opportunity announcements for discretionary grant programs by: a. Evaluating program goals using the SMART concept or a similar approach, and including required metrics that directly measure the success of each program goal, are clear, and are easily verifiable; b. Having a scoring element covering completeness of applicant proposals for items requested in the announcement that reduces in points when the proposal is missing an element(s), significantly changes the wording of an element(s), or incorrectly addresses an element(s); and c. Identifying targeted occupations in the FOA language and/or scoring elements, or requiring submission of the career pathway to an H-1B occupation as support during apprenticeship program registrations or apprentice registrations. | ||
| 002 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training Administration develop standard operating procedures for discretionary grant programs, which include internal controls resulting in ETA: a. Identifying information needed from grantees for participant level data, quarterly reporting, or program evaluation, prior to submitting the information collection request to OMB; b. Having a complete system and supporting documentation (e.g., user guide, data dictionary, business rules) ready by day one of the grant program with appropriate system controls; c. Obtaining OMB approval numbers for any new information collections prior to collecting information from grantees, verifying the reporting system fields correlate to the approved OMB information collection request, and submitting violations timely to OMB; and d. Conducting compliance reviews prior to awarding grants; using the review results to change applicant scoring or include a condition of award in applicable grants; awarding each grant prior to or on the start of each grantee’s period of performance; and accurately reporting to the public on the grant program. | ||
| 005 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training Administration submit ETA’s violation of the Paperwork Reduction Act to OMB in the annual information collection budget for OMB control number 1205-0528. | ||
| 006 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training Administration develop a process to perform data analysis and other sufficient checks to verify completeness and accuracy of data in ETA systems and achievement of desired outcomes during grant programs. | ||
| 007 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training Administration establish internal controls to verify participant eligibility, verify submitted ETA Forms 671 (Program Registration and Apprenticeship Agreement) are the current OMB approved version and completed correctly, and encourage use of interim credentials when the form indicates a competency or hybrid model apprenticeship. |
COVID-19: The Pandemic Highlighted the Need to Strengthen Wage and Hour Division's Enforcement Controls
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | WHD | $0 | We recommend the Acting Administrator for the Wage and Hour Division implement a control to perform periodic reviews to determine if staff properly handled potential complaints in accordance with WHD's complaint requirements. | ||
| 002 | WHD | $0 | We recommend the Acting Administrator for the Wage and Hour Division develop a mechanism to enable the agency to determine how effective conciliations are at getting back wage payments to workers, and address any weaknesses identified in ensuring complainants received owed back wages prior to closing conciliations. | ||
| 003 | WHD | $0 | We recommend the Acting Administrator for the Wage and Hour Division update its policy for selecting a conclude reason in its database to require staff to use a reason that would allow WHD to determine the outcome of the conciliation. | ||
| 004 | WHD | $0 | We recommend the Acting Administrator for the Wage and Hour Division assess the effectiveness of remote investigations and incorporate best practices into its operating procedures. |
DOL’s IT Governance Lacked the Framework Necessary to Support the Overall Mission
Audit Report to OSEC, 23-21-002-01-001 issued on 09/30/2021
5 recommendations, of which 0 are closed
5 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSEC | $0 | We recommend the Deputy Secretary reorganize the CIO position to have a direct reporting relationship to the Deputy Secretary and independent of ASAM. | ||
| 002 | OSEC | $0 | We recommend the Deputy Secretary Ensure the CIO is a lead member with voting rights of DOL’s executive strategy and management boards and committees including but not limited to the MRB, ESS Governance Board, COVID-19 Coordination team, and ERMC. | ||
| 003 | OSEC | $0 | We recommend the Deputy Secretary reassess the incorporation of BLS and OCFO as part of IT Shared Services within 2021, and document the reasoning for the decision reached. | ||
| 004 | OSEC | $0 | We recommend the Deputy Secretary establish an MOU or other agreement between the OCIO and all departmental agencies to establish and state the roles and responsibilities of IT between each set of respective agencies. | ||
| 005 | OSEC | $0 | We recommend the Deputy Secretary codify the policies and procedures that define IT governance and key supporting IT elements. |
OSHA’s Diminished Enforcement Left More Workers At Risk For Exposure To Silica
Audit Report to OSHA, 02-21-003-10-105 issued on 09/29/2021
3 recommendations, of which 1 are closed
3 recommendations, of which 1 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend that the Acting Assistant Secretary for Occupational Safety and Health implement a policy for future emphasis programs, that minimizes the lapse in enforcement between canceled, revised or new programs. | ||
| 003 | OSHA | $0 | We recommend that the Acting Assistant Secretary for Occupational Safety and Health establish meaningful goals and processes to assess whether OSHA’s outreach events are achieving the desired results, in reaching a targeted number of workers at risk of exposure to silica. |
Unemployment Insurance Overpayments Related to Work Search Underscore the Need for More Consistent State Requirements
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | ETA | $0 | We recommend the following to the Principal Deputy Assistant Secretary of Employment and Training: Examine the effectiveness of Benefit Accuracy Measurement’s contact verification process to ensure it reflects the current methods claimants use to seek work. | ||
| 003 | ETA | $0 | We recommend the following to the Principal Deputy Assistant Secretary of Employment and Training: Provide guidance to states notifying them that formal and informal warnings are not permissible under Federal work search law. | ||
| 004 | ETA | $0 | We recommend the following to the Principal Deputy Assistant Secretary of Employment and Training: Include in the UI improper payment estimate: (1) overpayments related to work search formal and informal warnings; and (2) payments to claimants who provide no or insufficient documentation to support eligibility with respect to work search, consistent with the Middle Class Tax Relief and Job Creation Act and OMB guidance that defines improper payments. |
Alert Memorandum: The Employment and Training Administration Does Not Require the National Association of State Workforce Agencies to Report Suspected Unemployment Insurance Fraud Data to the Office of Inspector General or DOL’s Employment and Training Administration.
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training take immediate action to require NASWA to refer information to ETA and the OIG on suspected fraud, waste, abuse, mismanagement, or misconduct, per DLMS 8-106(D)(3). Such actions could include modification of ETA’s grant award or issuance of unemployment insurance program policy guidance to ensure ETA complies with the notice requirement and its grantees comply with the reporting requirements of the DLMS. | ||
| 002 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training continue to work with the OIG and, within 30 days of this memorandum, meet with the OIG to develop a permanent approach to OIG access to IDH data. |
Alert Memorandum: The Employment and Training Administration Needs to Issue Guidance to Ensure State Workforce Agencies Provide Requested Unemployment Insurance Data to the Office of Inspector General
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training: Amend 20 CFR 603.5 and 603.6(a) through the rulemaking process to reinforce that UI information must be provided to DOL OIG for all IG engagements authorized under the IG Act, including audits, evaluations, and investigations. | ||
| 002 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training: Issue a new UIPL within 15 days of this memorandum to instruct SWAs that disclosure of information to the OIG for audits, evaluations, and investigations is mandatory without need for a subpoena, and that the OIG will notify SWAs directly of current and future information disclosure requirements, to include data elements. | ||
| 003 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training: Ensure the new UIPL guidance advises SWAs that they may not require the OIG to enter into data sharing agreements as a prerequisite to disclosure of information to the OIG for audits, consistent with the IG Act and federal law. |
Covid-19: States Struggled To Implement Cares Act Unemployment Insurance Programs
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the following to the Principal Deputy Assistant Secretary for Employment and Training conduct a study to assess the technological needs of the UI programs to determine the capabilities that need to be upgraded or replaced; the features necessary to effectively respond to rapid changes in the volume of claims in times of emergency or high unemployment; the capabilities needed to ensure effective and equitable delivery of benefits; and the capabilities to minimize fraudulent activities. | ||
| 002 | ETA | $33,745,677,576 | Continue to work with states to develop, operate, and maintain a modular set of technological capabilities to modernize the delivery of UI benefits that is sufficient to manage and process sudden spikes in claims volume during emergencies or high unemployment. | ||
| 003 | ETA | $0 | Assist states with claims, overpayment, and fraud reporting to create clear and accurate information. Then use the overpayment and fraud reporting to prioritize and assist states with fraud detection and recovery. |
MSHA Can Improve How Violations Are Issued, Terminated, Modified, and Vacated
Audit Report to MSHA, 05-21-002-06-001 issued on 03/31/2021
10 recommendations, of which 1 are closed
10 recommendations, of which 1 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Provide refresher training to inspectors and supervisors on complying with MSHA guidance for each violation type. | ||
| 002 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Provide training on how to determine the subsequent inspection when multiple inspections overlap, enter violations into the system in the same chronological order identified, be specific when writing the “Area or Equipment” entry, and when it is appropriate to list “No area affected” for an order. | ||
| 003 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Update system controls to improve compliance of MSHA violations with the Mine Act and MSHA guidance in the following instances: a. Verify only authorized violation types used; b. Include all required phrases automatically in the “Condition or Practice” entry when the inspector selects 103(a) citations, 104(g)(1) orders, 104(e)(1)/104(e)(2) orders, or 107(a) orders; c. Ensure 104(d) orders and 104(g)(1) orders cite eligible CFR sections; d. Verify the correlations between the CFR or Mine Act sections of 104(b) orders and the original violation; e. Verify 104(d)(1) orders, 104(d)(2) orders, 104(e)(1) orders, and 104(e)(2) orders reference the correct “initial action” by including additional crucial attributes in the system controls, such as issue date, event number, and event start date; f. Verify orders have the “Area or Equipment” entry populated when initially issuing the violation; g. Apply system controls to modifications done directly in MCAS, such as modifications due to court decisions or settlements; h. Identify modifications needed to other violations when vacating or modifying a violation; i. Verify the reasonableness of the due dates and provide warnings to inspectors when due dates appear longer than necessary; and j. Provide a warning message to inspectors when trying to issue a safeguard at a mine that would lead to multiple safeguards citing the same regulation issued for a single mine. | ||
| 004 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Update the Citation and Order Writing Handbook to clarify situations when multiple safeguards can be issued for a single mine and to correct any examples that do not comply with the instructions listed in the Handbook. | ||
| 005 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Improve the violations termination process by decreasing the percentage of future untimely terminations, improving the use of 104(b) orders, and not allowing due dates to be extended unless for specific, justified reasons listed on the violation form. | ||
| 006 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Provide training on how to write specific supporting reasons on the violation forms or other documentation (e.g., vacate memos) when extending, modifying, or vacating violations. | ||
| 007 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Develop a metric to measure performance and an internal control to verify timely uploading of violations from the inspector’s laptop/tablet into MCAS. | ||
| 008 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Complete periodic reviews to determine whether MSHA personnel are meeting the timely upload and recording of violations in MCAS, terminating violations by the due date, and effectively using 104(b) orders. | ||
| 010 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Work with the Solicitor’s Office and the Federal Mine Safety and Health Review Commission to implement a process to ensure violations listed in settlement agreements or court decisions still comply with the Mine Act and Mathies test. |
COVID-19: Increased Worksite Complaints and Reduced OSHA Inspections Leave U.S. Workers’ Safety at Increased Risk
Audit Report to OSHA, 19-21-003-10-105 issued on 02/25/2021
4 recommendations, of which 3 are closed
4 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 003 | OSHA | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health. Compare remote inspections to onsite inspections, and at a minimum provide analysis that addresses their frequency and timeliness for identifying and abating worksite hazards. |
Alert Memorandum: The Employment and Training Administration (ETA) Needs to Ensure State Workforce Agencies (SWA) Implement Effective Unemployment Insurance Program Fraud Controls for High Risk Areas
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $5,409,966,198 | We recommend the Principal Deputy Assistant Secretary of Employment and Training establish effective controls, in collaboration with SWAs, to mitigate fraud and other improper payments to ineligible claimants, including the areas identified in the memorandum: UI benefits paid to multi-state claimants, claimants who used the social security numbers of deceased individuals, potentially ineligible federal inmates, and claimants with suspicious email accounts. Effective controls will help prevent similar or greater amounts of fraud and allow those funds to be put to better use. | ||
| 002 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training work with Congress to establish legislation requiring SWAs to cross match high-risk areas, including the four areas identified in the memo. |
FY 2020 FISMA DOL Information Security Report: Progress Needed to Improve Risk Management and Continuous Monitoring Information Security Controls
Audit Report to OASAM, 23-21-001-07-725 issued on 12/22/2020
25 recommendations, of which 8 are closed
25 recommendations, of which 8 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | OASAM | $0 | Complete, approve, and implement its Enterprise Architecture and related artifacts. | ||
| 006 | OASAM | $0 | Provide training to responsible personnel over the third-party continuous monitoring review checklist. | ||
| 007 | OASAM | $0 | Validate that the classification of DOL systems is in accordance with policy, and that system interconnections are appropriately documented within its inventory. | ||
| 008 | OASAM | $0 | Develop, define, implement, and monitor change management key performance indicators that align DOL’s goals and objectives. | ||
| 009 | OASAM | $0 | Enforce DOL policies and procedures regarding separation of duties so developers do not possess the ability to migrate changes to production. | ||
| 010 | OASAM | $0 | Enforce DOL security baseline polices with DOL’s CSPs and develop a security configuration checklist for the CSPs. | ||
| 011 | OASAM | $0 | Implement a process for approving deviations from established configuration settings. | ||
| 012 | OASAM | $0 | Provide training to responsible personnel addressing the new guidance for operational activities, including the patch management process. | ||
| 015 | OASAM | $0 | Reinforce the PIV Exemption approval process through training. | ||
| 016 | OASAM | $0 | Implement a process for periodic review or monitoring of PIV Exemptions to ensure the process is operating effectively. | ||
| 017 | OASAM | $0 | Implement policies and procedures regarding user access reviews for tenants that reside on the platform as a service in accordance with requirements outlined in the DOL CSH. | ||
| 018 | OASAM | $0 | Provide additional resources to support the security requirements and a training over the application user access review process, as documented in the DOL CSH. | ||
| 020 | OASAM | $0 | Document the responsibilities of control activities for tenants that reside on the PaaS through policies and procedures that include user activity reviews in accordance with requirements outlined in the DOL policy. | ||
| 021 | OASAM | $0 | Provide training over the application user activity review process. | ||
| 023 | OASAM | $0 | Develop sufficiently defined quantitative and qualitative metrics that provide meaningful indications of security status and trend analysis at all risk management tiers. | ||
| 024 | OASAM | $0 | Monitor contingency plan testing and exercises through examination of after-action reviews. | ||
| 025 | OASAM | $0 | Validate that systems have received either the appropriate classification or risk waiver that would exempt the system from specific security requirements. |
Management Advisory Comments Identified in an Audit of the Consolidated Financial Statements, For the Year Ended September 30, 2020
Audit Report to OCFO, 22-21-005-13-001 issued on 12/18/2020
20 recommendations, of which 17 are closed
20 recommendations, of which 17 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 009 | OCFO | MULTI | $0 | We recommend that the Assistant Secretary for Policy and the Assistant Secretary for VETS enforce accountability of grant officers and closeout specialists to incentivize timely execution and process improvement. | |
| 010 | OCFO | OASAM | $0 | We recommend that the Assistant Secretary for Policy and the Assistant Secretary for VETS continue to fully implement monitoring controls to track the status of grants during their closeout processes to ensure proper follow-up and timely execution. | |
| 011 | OCFO | MULTI | $0 | We recommend that the Assistant Secretary for Policy and the Assistant Secretary for VETS administer grant closeout continuous improvement trainings for all agencies to address inconsistent grant closeout implementation concerns. |
Region IX Whistleblower Protection Program Complaints Were Not Complete or Timely
Audit Report to OSHA, 02-21-001-10-105 issued on 11/23/2020
4 recommendations, of which 3 are closed
4 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | Explore solutions to improve case management, including tracking completion of the essential elements and alerting the investigator and supervisor when there are periods of inactivity on an investigation. |
MSHA Needs to Improve Efforts to Protect Coal Miners From Respirable Crystalline Silica
Audit Report to MSHA, 05-21-001-06-001 issued on 11/12/2020
3 recommendations, of which 0 are closed
3 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | MSHA | $0 | Adopt a lower legal exposure limit for silica in coal mines based on current scientific evidence. | ||
| 002 | MSHA | $0 | Establish a separate standard for silica that allows MSHA to issue citations and monetary penalties when violations of its silica exposure limit occur. | ||
| 003 | MSHA | $0 | Enhance its sampling program to increase the frequency of inspector samples where needed (e.g., by implementing a risk-based approach). |
DOL Needs To Do More To Secure Employees' Personally Identifiable Information in the Travel Management System
Audit Report to OCFO, 23-20-003-13-001 issued on 09/10/2020
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OCFO | $0 | Establish and implement procedures to ensure E2 account management practices enforce DOL’s security policies. | ||
| 002 | OCFO | $0 | Establish and implement procedures to ensure E2 is managed in compliance with contractual security requirements and DOL computer security policies for contracted information systems. |
COVID-19: More Can Be Done to Mitigate Risk to Unemployment Compensation Under The CARES Act
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | ETA | $0 | Include CARES Act UI transactions in the BAM or develop an alternative methodology to reliably estimate improper payments for those programs. | ||
| 004 | ETA | $0 | Issue guidance directing states to provide routine access to state UI claimant data, in order to prevent and detect fraud. |
OFCCP Did Not Show It Adequately Enforced EEO Requirements on Federal Construction Contracts.
Audit Report to OFCCP, 04-20-001-14-001 issued on 03/27/2020
2 recommendations, of which 1 are closed
2 recommendations, of which 1 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | OFCCP | $0 | Update participation goals for minorities and females, and implement processes to keep all participation goals current. |
Review of the Occupational Safety and Health Administration's Referral to and Reclamation of Debt from the U.S. Department of the Treasury.
Audit Report to OSHA, 22-20-006-10-001 issued on 03/16/2020
4 recommendations, of which 3 are closed
4 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 003 | OSHA | $0 | We recommend the Assistant Secretary for OSHA revise OSHA’s Debt Collection Procedures to comply with OMB Circular A-129. |
FY 2019 FISMA DOL Information Security Report Implementation of Security Tools Hindered by Insufficient Planning
Audit Report to OASAM, 23-20-002-07-725 issued on 12/23/2019
20 recommendations, of which 9 are closed
20 recommendations, of which 9 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | OASAM | $0 | Implement technologies for both DOL and the Bureau of Labor Statistics to detect and prevent unauthorized hardware and software from connecting to the local DOL network. | ||
| 003 | OASAM | $0 | Verify that annual assessments of third-party providers, including cloud service providers, are formally documented, reviewed, and signed by appropriate levels of management. | ||
| 005 | OASAM | $0 | Develop and implement performance metrics for configuration management. | ||
| 006 | OASAM | $0 | Design and implement controls and policies to formally perform and document the periodic review of baseline configuration scans across DOL servers and databases. | ||
| 007 | OASAM | $0 | Design and implement controls to monitor DOL assets for missing patches, service packs, hot fixes, and other software updates that are not associated with a CVE. | ||
| 008 | OASAM | $0 | Enhance vulnerability scanning monitoring controls and procedures to track and remediate outstanding vulnerabilities in a timely manner. | ||
| 011 | OASAM | $0 | Finalize the implementation of the access control technologies. | ||
| 012 | OASAM | $0 | Develop and implement access control performance metrics. | ||
| 013 | OASAM | $0 | Design and implement controls to perform and document a periodic review of audit logs that report privileged user activity. | ||
| 015 | OASAM | $0 | Implement data encryption configurations/solutions at the server level for data at rest for sensitive information (PII). | ||
| 019 | OASAM | $0 | Develop and implement contingency planning performance metrics. |
Management Advisory Comments Identified in an Audit of the Consolidated Financial Statements, For the Year Ended September 30, 2019
Audit Report to OCFO, 22-20-005-13-001 issued on 12/19/2019
20 recommendations, of which 18 are closed
20 recommendations, of which 18 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 009 | OCFO | OASAM | $0 | The Chief Information Officer coordinate efforts among the DOL agencies to design and implement procedures and controls to address account management, in key financial feeder systems. | |
| 010 | OCFO | OASAM | $0 | The Chief Information Officer monitor the agencies’ progress to ensure that established procedures and controls are operating effectively and maintained. |
Job Corps Should do More to Prevent Cheating in High School Programs
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training require Job Corps ensure centers partner only with those school providers with established cheating or academic integrity policies that include basic preventative controls. | ||
| 003 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training require Job Corps ensure reviews of high school programs are ongoing, consistent, and routine and, at a minimum, cover key controls to detect cheating. |
MSHA Can Improve Its Pre-Assessment Conferencing Program
Audit Report to MSHA, 05-19-001-06-001 issued on 09/23/2019
9 recommendations, of which 0 are closed
9 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health provide training to Conference Litigation Representatives and district management on how to write specific supporting reasons for conference decisions in conference files and violation forms. | ||
| 002 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health provide training to district management on how provide effective oversight over the pre-assessment conference program. The training should focus on reviewing the conference file and the system data for completeness and accuracy. Note: This recommendation applies to issues 1 (conference files) and 3 (system data). | ||
| 003 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health review each district’s process to ensure Conference Litigation Representatives consistently, in a way that does not create embarrassment or conflict, communicate the reasons they modify or vacate violations with supervisors and issuing inspectors and participate in staff meetings and at district training sessions for inspection personnel. | ||
| 004 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health develop MSHA Standardized Information System reports showing a summary of conference decisions that Conference Litigation Representatives can use as their monthly report and changes made to violation form attributes through conferencing decisions that MSHA can use to identify high-risk attributes and research the root causes for trends. | ||
| 005 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health revise the Alternative Case Resolution Handbook to require districts to document reasons supporting conference decisions to uphold a violation. The reason for an uphold decision should explain why any new evidence presented by the operator at the conference did not persuade MSHA to change the violation. | ||
| 006 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health revise the Alternative Case Resolution Handbook to clarify requirements for CLR monthly reporting. For example, the guidance should address the method(s) allowed and the minimum level of detail that CLRs should describe in the report. | ||
| 007 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health provide training on how to populate MSHA’s Standardized Information System from the conference files and the importance of the importance of filling in all data fields. The training should focus on defining the required conferencing fields in MSIS to populate, identifying what documentation in the conference file to use when populating each field, and defining appropriate times to cancel a conference. | ||
| 008 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health update MSHA’s Standardized Information System with two system controls that require users to populate all required fields and prevent personnel from entering dates in the wrong order. | ||
| 009 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health perform periodic reviews of MSHA’s Standardized Information System data to ensure that districts are accurately populating it and marking conferences as completed in a timely manner. |
MSHA Did Not Evaluate Whether Civil Monetary Penalties Effectively Deterred Unsafe Mine Operations
Audit Report to MSHA, 23-19-002-06-001 issued on 08/16/2019
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | MSHA | $0 | Develop metrics for the CMP program that will allow review and measurement of its effect on changing operator behavior to deter unsafe mine operations. | ||
| 002 | MSHA | $0 | Implement controls to ensure good standing of operators with regard to safety record and delinquency status prior to assigning a legal mine identification number or changing the legal ownership structure of a mine. |
Report Title Contains Sensitive Information
Audit Report to OASAM, 50-19-002-07-725 issued on 06/17/2019
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 01 | OASAM | $0 | This recommendation contains sensitive information and will not be posted. | ||
| 02 | OASAM | $0 | This recommendation contains sensitive information and will not be posted. |
OSHA Procedures for Issuing Guidance Were Not Adequate and Mostly Not Followed
Audit Report to OSHA, 02-19-001-10-105 issued on 03/28/2019
4 recommendations, of which 0 are closed
4 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Establish procedures to require staff to demonstrate that issuing a document as guidance is appropriate under APA and OSH Act requirements. | ||
| 002 | OSHA | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Maintain complete records to demonstrate compliance with OSHA criteria for issuance. | ||
| 003 | OSHA | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Establish and enforce a monitoring function to ensure its staff fully comply with written procedures and maintain complete records that demonstrate guidance meets criteria for issuance. | ||
| 004 | OSHA | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Train officials and staff as needed on their roles and responsibilities for internal controls related to the issuance of guidance and the potential risks of disregarding or circumventing controls. |
FY 2018 FISMA DOL Information Security Report
Audit Report to OASAM, 23-19-001-07-725 issued on 03/13/2019
5 recommendations, of which 3 are closed
5 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | OASAM | $0 | Document, track, and implement milestones and corrective actions to timely remediate all identified deficiencies that have been communicated to DOL management. | ||
| 005 | OASAM | $0 | Develop and implement performance metrics that will be used to manage and measure the effectiveness of the DOL information security program. |
Experience Works, Inc. Misused more than $4 million in SCSEP Funds
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 006 | ETA | $0 | Principal Deputy Assistant Secretary for Employment and Training require ETA to improve its monitoring of SCSEP grant funds to ensure grantee operations are consistent with the agency mission, in compliance with laws and regulations, and with minimal potential for waste, fraud, and mismanagement. This includes providing monitoring staff guidance and training to perform effective risk assessments and monitoring reviews. |
OSHA Needs to Improve the Guidance for its Fatality and Severe Injury Reporting Program to Better Protect Workers
Audit Report to OSHA, 02-18-203-10-105 issued on 09/13/2018
4 recommendations, of which 3 are closed
4 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend that the Acting Assistant Secretary for Occupational Safety and Health develop formal guidance and train staff on how to detect and prevent underreporting of fatalities and severe injuries. |
ETA Violated the Bona Fide Needs Rule and the Antideficiency Act
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 004 | ETA | $0 | We recommended the Deputy Assistant Secretary for Employment and Training require ETA to report, in accordance with 31 USC, §1351, §1517(b), the Antideficiency Act violations caused by the bona fide needs rule violations identified in this report. |
MSHA Needs to Provide Better Oversight of Emergency Response Plans
Audit Report to MSHA, 05-17-002-06-001 issued on 03/31/2017
9 recommendations, of which 3 are closed
9 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001a | MSHA | $0 | We recommend the Deputy Assistant Secretary for Mine Safety and Health reissue PPL P16-V-01 to clarify the mine operators’ responsibility for local coordination under the MINER Act. The revision should inform mine operators to insert language in their ERP referencing the call lists posted at the mine if the ERP does not include them. | ||
| 001b | MSHA | $0 | We recommend the Deputy Assistant Secretary for Mine Safety and Health reissue PPL P16-V-01 to clarify the mine operators’ responsibility for local coordination under the MINER Act. The revision should clarify how a mine operator establishes procedures for coordination and communication between the operator, mine rescue teams, and local emergency response personnel and makes provisions for familiarizing local rescue personnel with surface functions that may be required in the course of mine rescue work. | ||
| 002 | MSHA | $0 | Maintain an ERP review checklist on MSHA’s website that is updated when requirements change. | ||
| 003 | MSHA | $0 | Standardize the ERP review and approval processes and tools across MSHA districts. At minimum, the procedures should specify the a. type of reviews (specialist and/or inspector) the districts should be completing and the frequency for each type of review, b. steps the reviewer should take for a specialist review versus an inspector review and the tools (e.g., standardized review checklist) to use during each review, and c. dates (e.g., Date Received and Decision Date) to enter into the tracking system and instructions on where to obtain each date. | ||
| 004 | MSHA | $0 | Issue additional guidance and provide refresher training on how to enter ERP data into the tracking system and use the tracking system to provide oversight. | ||
| 005 | MSHA | $0 | Implement a process for headquarters and district personnel to manage the ERP program more effectively by periodically (e.g., quarterly or semi-annually) reviewing reports from the tracking system. | ||
| 009 | MSHA | $0 | Issue regulations or guidance to make mine operators aware of tools currently available on MSHA’s website they can use when developing their ERPs and clarify when mine operators should submit an ERP and whether mine operators can exclude certain information from the ERP. |
EBSA Did Not Have the Ability to Protect the Estimated 79 Million Plan Participants in Self-Insured Health Plans from Improper Denials of Health Claims
Audit Report to EBSA, 05-17-001-12-121 issued on 11/18/2016
5 recommendations, of which 4 are closed
5 recommendations, of which 4 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | EBSA | $0 | We recommend the Assistant Secretary for Employee Benefits Security reduce or eliminate exemption thresholds for small plans. |
FISMA FISCAL YEAR 2015: Ongoing Security Deficiencies Exist
Audit Report to OASAM, 23-16-002-07-725 issued on 09/30/2016
2 recommendations, of which 1 are closed
2 recommendations, of which 1 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 01 | OASAM | $0 | This recommendation contains sensitive information and will not be posted. |
Investigative Advisory Report Weaknesses Contributing to Fraud in the Unemployment Insurance Program
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | ETA | $0 | ETA should recommend that SWAs develop a plan to identify multiple claims that originate from the same IP addresses, or from IP addresses from outside the United States, to minimize threats and fraud. In addition, consideration should be given to development of a database where all 53 SWAs will begin recording and sharing incoming IP addresses using a central data collection and exchange point, where common IP addresses can be researched using data analytics to identify and share information concerning potential fraud rings. | ||
| 002a | ETA | $0 | In order to reduce claimant anonymity, ETA should recommend that SWAs consider additional verification within 30 days of initial filing if the claim was filed from an identified anonymous IP address or with other fraud indicators. Current regulations permit the SWAs to request photo IDs to validate identity. States should suspend payment of benefits and conduct further investigation if requested information is not provided or the information provided does not resolve identity concerns. | ||
| 003 | ETA | $0 | ETA should recommend that SWAs provide all identified fraudulent claimant information into a shared database that can be queried to identify the filing of fraudulent claims against multiple states. One possibility would be to use the existing ETA Fraud Portal, which would make the portal a powerful tool in UI Fraud detection for the SWAs. |
Limited-Scope Audits Provide Inadequate Protections to Retirement Plan Participants
Audit Report to EBSA, 05-14-005-12-121 issued on 09/30/2014
5 recommendations, of which 4 are closed
5 recommendations, of which 4 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | EBSA | $0 | We recommend the Assistant Secretary for Employee Benefits Security provide additional formal guidance to plan administrators to identify and adequately support the fair value of plan assets. |
OWCP's Efforts to Detect and Prevent FECA Improper Payments Have Not Addressed Known Weaknesses
Audit Report to OWCP, 03-12-001-04-431 issued on 02/15/2012
5 recommendations, of which 4 are closed
5 recommendations, of which 4 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 004 | OWCP | $0 | OWCP Acting Director develop effective procedures, including seeking legislative authority to conduct matches with SSA retirement records, to ensure that claimants who receive SSA retirement benefits are identified timely and their FECA benefits are adjusted accordingly. |
Ineffective Accounting for Sensitive Information Technology Hardware and Software Assets Places DOL at Significant Risk
Audit Report to OASAM, 23-11-001-07-001 issued on 03/31/2011
6 recommendations, of which 0 are closed
6 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OASAM | $0 | Assess and take appropriate measures to ensure reports of lost, missing or stolen sensitive IT assets have not resulted. | ||
| 002 | OASAM | $0 | Perform a full inventory of the Department’s IT assets that is accurate and complete including an update of the information into a viable inventory management system. | ||
| 003 | OASAM | $0 | Consolidate all inventory systems though out DOL to eliminate duplication, realize cost savings, and strengthen inventory. | ||
| 004 | OASAM | $0 | Perform required reviews of program agencies’ inventory practices and procedures to ensure full participation in the inventory process across the Department and compliance with Federal information system requirements. | ||
| 005 | OASAM | $0 | Develop policies for disposal of sensitive IT assets that presently lack coherent policy. | ||
| 006 | OASAM | $0 | Integrate a reliable electronic procurement system with a viable inventory system along with the financial systems to ensure seamless interoperability. |
