COVID-19: To Protect Mission Critical Workers, OSHA Could Leverage Inspection Collaboration Opportunities With External Federal Agencies
Audit Report to OSHA,
19-22-003-10-105 issued on 03/31/2022
2 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OSHA | | $0 | We recommend the Assistant Secretary for Occupational Safety and Health develop an OSHA outreach plan to be activated during a large-scale safety and health crises such as the COVID-19 pandemic that (a) identifies external federal agencies with enforcement or oversight personnel who are active on worksites and (b) defines how OSHA will collaborate with those agencies. OSHA should consider incorporating into the plan: a process to identify and document highly visible, safety and health hazards for large-scale safety and health crises; a plan for how OSHA will conduct related outreach and training on those hazards and how to refer them to OSHA; and a tracking system for agency referrals and outcomes of those referrals, using that information to periodically inform the outreach plan on areas and types of guidance and training the agencies’ oversight and enforcement personnel need. |
| 002 | OSHA | | $0 | We recommend the Assistant Secretary for Occupational Safety and Health explore mechanisms to enhance collaboration, such as MOUs or other written agreements using GAO’s seven key features for collaboration, and incorporate a process to utilize those mechanisms into the outreach plan. |
Longshore and Harbor Workers’ Compensation Act Special Fund Financial Statements and Independent Auditors’ Report
September 30, 2020 And 2019
Audit Report to OWCP,
22-22-005-04-432 issued on 03/31/2022
1 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OWCP | | $0 | We recommend that the Director of Division of Federal Employees’, Longshore and Harbor Workers Compensation develop and implement monitoring controls to ensure Claim Examiners are promptly following up with beneficiaries when the LS-200 and/or LS-267 forms are not provided or are inaccurate. |
District of Columbia Workmen’s Compensation Act Special Fund Financial Statements and Independent Auditors’ Report
September 30, 2020 And 2019
Audit Report to OWCP,
22-22-006-04-432 issued on 03/31/2022
1 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OWCP | | $0 | We recommend that the Director of Division of Federal Employees’, Longshore and Harbor Workers Compensation develop and implement monitoring controls to ensure Claim Examiners are promptly following up with beneficiaries when the LS 200/267 forms are not provided or are inaccurate. |
COVID-19: Delays in Providing Grant Relief Assistance Jeopardizes Goals Of A $366 Million Employment And Training Program
Audit Report to ETA,
19-22-002-03-391 issued on 01/28/2022
4 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training: Provide dedicated technical assistance to the states of Florida, New York, Nevada, and Louisiana to assist them in attaining planned goals. If no specific plan of action is provided or is not being met by grantees, ETA should recoup any DWG funding where the states cannot demonstrate their ability to achieve their planned goals by the end of the grant period. |
| 002 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training: Continue to closely monitor the remaining COVID-19 DWG awards to ensure attainment of performance goals and objectives and provide technical assistance as needed throughout the grant lifecycle. To the extent permitted by law, any of the remaining funds (determined as not needed) should be returned to the Department of Treasury or recouped as soon as practicable so that these funds would become available for other allowable purposes. |
| 003 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training: Amend TEGL No. 12-19 to include timeline provisions for when disaster relief grantees should begin providing relief to those impacted by a disaster. |
| 004 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training: Amend TEGL No. 12-19 to include technical assistance provisions for grantees that fail to meet the 60-day requirement for submitting full applications. |
FY 2021 FISMA DOL Information Security Report: Information Security Continuous Monitoring Controls Remain Deficient
Audit Report to OASAM,
23-22-001-07-725 issued on 01/28/2022
18 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OASAM | | $0 | We recommend the CIO: Enforce DOL requirements for authorizing connections and effective implementation of Interconnection Service Agreements. |
| 002 | OASAM | | $0 | We recommend the CIO: Implement changes in oversight that enforce DOL requirements for the performance of the monthly continuous monitoring checklist for CSPs in accordance with the DOL CSH. |
| 003 | OASAM | | $0 | We recommend the CIO: Develop and implement a centralized process or mechanism for tracking monthly reviews of CSPs. |
| 004 | OASAM | | $0 | We recommend the CIO: Enforce DOL requirements for implementing, auditing, testing and documenting exceptions to baseline configurations. |
| 005 | OASAM | | $0 | We recommend the CIO: Ensure DOL maintains a complete and accurate inventory of its hardware and software assets. |
| 006 | OASAM | | $0 | We recommend the CIO: Enhance the management oversight by OCIO to enforce DOL requirements for the performance of annual reviews of unsecure functions, ports, protocols, and services. |
| 007 | OASAM | | $0 | We recommend the CIO: Execute the OCIO and AO oversight process to ensure compliance with DOL requirements for the performance of Security Impact Analysis (SIA)s prior to the implementation of system changes. |
| 008 | OASAM | | $0 | We recommend the CIO: Implement a centralized process to monitor vulnerabilities for information systems to ensure that each vulnerability is remediated within the Computer Security Handbook (CSH) defined timeframe. |
| 009 | OASAM | | $0 | We recommend the CIO: Implement a centralized process for OCIO to ensure a proper background investigation has been completed prior to activating any information system accounts associated with the individual. |
| 010 | OASAM | | $0 | We recommend the CIO: Implement a control to retain rules of behavior acknowledgements, access authorizations, other required documentation for authorized system access, and periodic user access reviews. OCIO should monitor this control to ensure each FISMA-reportable system is compliant with the DOL CSH account management policies. |
| 011 | OASAM | | $0 | We recommend the CIO: Strengthen the OCIO controls to monitor system owners to ensure they implement appropriate audit logging controls in accordance with the Computer Security Handbook (CSH). |
| 012 | OASAM | | $0 | We recommend the CIO: Implement a process to enforce DOL’s requirement for, when a change in Authorizing Official (AO) occurs, that the system authorization is reviewed, and a new authorization decision document is signed. |
| 013 | OASAM | | $0 | We recommend the CIO: Develop clear standards for the documentation of information security controls and enforce the adherence to these standards through OCIO monitoring processes for developing, reviewing and maintaining system security plans and documentation. |
| 014 | OASAM | | $0 | We recommend the CIO: Enhance the OCIO oversight of the DOL ISCM strategy at the enterprise and system level and ensure DOL systems have an implemented system-level continuous monitoring strategy. |
| 015 | OASAM | | $0 | We recommend the CIO: Implement changes in operations, management and oversight that enforces DOL requirements for the timely completion of security control assessments. |
| 016 | OASAM | | $0 | We recommend the CIO: Implement changes in operations, management and oversight that enforces DOL requirements for the timely completion of contingency plan tests. |
| 017 | OASAM | | $0 | We recommend the CIO: Enhance the OCIO monitoring of the completion of the required annual training by individuals with CP responsibilities. |
| 018 | OASAM | | $0 | We recommend the CIO: Enhance the OCIO monitoring and oversight of system owners to complete BIAs. |
Quality Control Review of the Single Audit for the Center For Workforce Inclusion, Inc. For The Year Ended June 30, 2020
Audit Report to ETA,
24-22-001-03-360 issued on 01/06/2022
2 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | ETA | | $0 | We recommend the Firm communicate with the Employment & Training Administration (the responsible DOL agency) once it has conducted internal control and compliance testing of the subrecipients’ financial and programmatic reporting. |
| 002 | ETA | | $0 | We recommend the Firm communicate with the Employment & Training Administration (the responsible DOL agency) once it has reviewed and updated the FY 2020 single audit report in the event reportable conditions result from the firm performing additional work, as required by auditing standards, include all reportable conditions that are supported by the audit documentation and reflect the additional audit procedures performed in the update of the report. |
Management Advisory Comments Identified in an Audit of the Consolidated Financial Statements, For the Year Ended September 30, 2021
Audit Report to OCFO,
22-22-004-13-001 issued on 12/20/2021
9 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OCFO | | $0 | We recommend the Director of OWCP reinforce existing policies and procedures requiring the completion of the review and approval of the Transaction Balancing sign-off sheet timely. |
| 002 | OCFO | | $0 | We recommend the Director of OWCP provide additional training to the reviewers regarding responsibilities and expectations when reviewing changes to claimant information to ensure reviews are completed timely and consistently. |
| 003 | OCFO | | $0 | We recommend the Chief Financial Officer update the policies and procedures to ensure that when adjustments are made to the financial statements any revised variances that exceed the acceptable threshold are properly investigated and documented, and the flux analysis is reviewed again. |
| 004 | OCFO | ETA | $0 | We recommend the Principal Deputy Assistant Secretary for ETA provide reinforcement to reviewers to ensure reviews are performed at the appropriate level of precision. |
| 005 | OCFO | ETA | $0 | We recommend that the Principal Deputy Assistant Secretary for ETA implement monitoring controls to periodically verify that management controls for estimates are operating effectively. |
| 006 | OCFO | VETS | $0 | We recommend the Assistant Secretary for VETS monitor indirect cost schedule expiration dates and work with grantees to establish new cost allocation plans prior to grant closeout. |
| 007 | OCFO | | $0 | We recommend the Chief Financial Officer continue their efforts to fully implement the revised ERM process and ensure that all necessary risk assessments are completed at both the individual agency level and at the agency-wide level. |
| 008 | OCFO | | $0 | We recommend the Chief Information Officer enhance vulnerability scanning monitoring controls and procedures to track and remediate outstanding vulnerabilities in a timely manner. |
| 009 | OCFO | | $0 | We recommend the Chief Information Officer formally document decisions in a memorandum when accepting the risks of not remediating findings and obtain the necessary approvals from management. |
Independent Auditors' Report on DOL's FY 2021 CFS
Audit Report to OCFO,
22-22-003-13-001 issued on 11/19/2021
5 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for Employment and Training develop policies and procedures to coordinate with State Workforce Agencies to obtain the necessary information needed to support related balances and assumptions, and to perform benchmarking and/or other analyses to validate new assumptions. |
| 002 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for Employment and Training amend policies and procedures to provide specific steps to be performed during the reviews and the documentation requirements, which should include the specific items reviewed, analyses performed, and conclusions reached. |
| 003 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for Employment and Training maintain documentation of the reviews performed to assess the reasonableness of the underlying data, assumptions, and formulas used in the models that is sufficiently detailed to evidence the specific items reviewed, analysis performed, and conclusions reached. |
| 004 | OCFO | | $0 | We recommend the Acting Chief Financial Officer develop policies and procedures to ensure that the accounting treatment for significant transactions are appropriately researched and documented prior to recording the transaction to the general ledger. |
| 005 | OCFO | | $0 | We recommend the Acting Chief Financial Officer enhance management review controls over the amounts that are presented in the notes to the financial statements. |
COVID-19: Safety and Remote Learning Challenges Continue for Job Corps
Audit Report to ETA,
19-22-001-03-370 issued on 11/12/2021
4 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | ETA | | $0 | We recommend the Acting Assistant Secretary for Employment and Training require Job Corps: Implement continuous monitoring to ensure centers adhere to Job Corps COVID-19 safety protocols (e.g., use of social distancing markers, installation of barriers, and reconfiguration of furniture to accommodate social distancing). |
| 002 | ETA | | $0 | We recommend the Acting Assistant Secretary for Employment and Training require Job Corps: Develop and revise additional COVID-19 safety protocols as needed to align with current recommendations and advice from the CDC, other experts, and stakeholders to ensure the safety of students and staff at the campuses, including supporting efforts to attain a 100 percent vaccination rate for all students and staff. |
| 003 | ETA | | $0 | We recommend the Acting Assistant Secretary for Employment and Training require Job Corps: Identify learning gaps that occurred during campus closures and procedures Job Corps needs to take to help students fill in those gaps. |
| 004 | ETA | | $0 | We recommend the Acting Assistant Secretary for Employment and Training require Job Corps: Increase oversight of remote instructional programs to ensure students receive the training and resources to complete their programs in a timely way. |
The U.S. Department of Labor Digital Accountability and Transparency Act Audit of 2014 Peformance Audit
Audit Report to OCFO,
22-22-002-13-001 issued on 11/08/2021
3 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OCFO | | $0 | We recommend that the Acting Chief Financial Officer design and implement controls to validate that data files represent the appropriate period before they are uploaded to the Data Act broker system. |
| 002 | OCFO | | $0 | We recommend that the Acting Chief Financial Officer update its policies and procedures to require that warnings are promptly resolved prior the certification of the data files. |
| 003 | OCFO | | $0 | We recommend that the Acting Chief Financial Officer design and implement controls to enable the detection and correction of missing and inaccurate data elements in the data files and document the resolution of the findings. |
ETA did not Sufficiently Plan and Execute the American Apprenticeship Initiative Grant Program
Audit Report to ETA,
05-21-004-03-375 issued on 09/30/2021
7 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | ETA | | $155,582,864 | We recommend the Assistant Secretary for Employment and Training Administration improve funding opportunity announcements for discretionary grant programs by:
a. Evaluating program goals using the SMART concept or a similar approach, and including required metrics that directly measure the success of each program goal, are clear, and are easily verifiable;
b. Having a scoring element covering completeness of applicant proposals for items requested in the announcement that reduces in points when the proposal is missing an element(s), significantly changes the wording of an element(s), or incorrectly addresses an element(s); and
c. Identifying targeted occupations in the FOA language and/or scoring elements, or requiring submission of the career pathway to an H-1B occupation as support during apprenticeship program registrations or apprentice registrations. |
| 002 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training Administration develop standard operating procedures for discretionary grant programs, which include internal controls resulting in ETA:
a. Identifying information needed from grantees for participant level data, quarterly reporting, or program evaluation, prior to submitting the information collection request to OMB;
b. Having a complete system and supporting documentation (e.g., user guide, data dictionary, business rules) ready by day one of the grant program with appropriate system controls;
c. Obtaining OMB approval numbers for any new information collections prior to collecting information from grantees, verifying the reporting system fields correlate to the approved OMB information collection request, and submitting violations timely to OMB; and
d. Conducting compliance reviews prior to awarding grants; using the review results to change applicant scoring or include a condition of award in applicable grants; awarding each grant prior to or on the start of each grantee’s period of performance; and accurately reporting to the public on the grant program. |
| 003 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training Administration delete or oversee the deletion of duplicate apprentice and pre-apprentice records in the AAI reporting system, and populate missing or correct inaccurate Social Security numbers and contact information if the contractor can still use updated information for its AAI grant program evaluation. |
| 004 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training Administration provide training to ETA personnel on the key requirements and expected timeframes in submitting information collection requests to OMB. |
| 005 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training Administration submit ETA’s violation of the Paperwork Reduction Act to OMB in the annual information collection budget for OMB control number 1205-0528. |
| 006 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training Administration develop a process to perform data analysis and other sufficient checks to verify completeness and accuracy of data in ETA systems and achievement of desired outcomes during grant programs. |
| 007 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training Administration establish internal controls to verify participant eligibility, verify submitted ETA Forms 671 (Program Registration and Apprenticeship Agreement) are the current OMB approved version and completed correctly, and encourage use of interim credentials when the form indicates a competency or hybrid model apprenticeship. |
COVID-19: The Pandemic Highlighted the Need to Strengthen Wage and Hour Division's Enforcement Controls
Audit Report to WHD,
19-21-008-15-001 issued on 09/30/2021
5 recommendations, of which 1 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | WHD | | $0 | We recommend the Acting Administrator for the Wage and Hour Division implement a control to perform periodic reviews to determine if staff properly handled potential complaints in accordance with WHD's complaint requirements. |
| 002 | WHD | | $0 | We recommend the Acting Administrator for the Wage and Hour Division develop a mechanism to enable the agency to determine how effective conciliations are at getting back wage payments to workers, and address any weaknesses identified in ensuring complainants received owed back wages prior to closing conciliations. |
| 003 | WHD | | $0 | We recommend the Acting Administrator for the Wage and Hour Division update its policy for selecting a conclude reason in its database to require staff to use a reason that would allow WHD to determine the outcome of the conciliation. |
| 004 | WHD | | $0 | We recommend the Acting Administrator for the Wage and Hour Division assess the effectiveness of remote investigations and incorporate best practices into its operating procedures. |
DOL’s IT Governance Lacked the Framework Necessary to Support the Overall Mission
Audit Report to OSEC,
23-21-002-01-001 issued on 09/30/2021
5 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OSEC | | $0 | We recommend the Deputy Secretary reorganize the CIO position to have a direct reporting relationship to the Deputy Secretary and independent of ASAM. |
| 002 | OSEC | | $0 | We recommend the Deputy Secretary Ensure the CIO is a lead member with voting rights of DOL’s executive strategy and management boards and committees including but not limited to the MRB, ESS Governance Board, COVID-19 Coordination team, and ERMC. |
| 003 | OSEC | | $0 | We recommend the Deputy Secretary reassess the incorporation of BLS and OCFO as part of IT Shared Services within 2021, and document the reasoning for the decision reached. |
| 004 | OSEC | | $0 | We recommend the Deputy Secretary establish an MOU or other agreement between the OCIO and all departmental agencies to establish and state the roles and responsibilities of IT between each set of respective agencies. |
| 005 | OSEC | | $0 | We recommend the Deputy Secretary codify the policies and procedures that define IT governance and key supporting IT elements. |
OSHA’s Diminished Enforcement Left More Workers At Risk For Exposure To Silica
Audit Report to OSHA,
02-21-003-10-105 issued on 09/29/2021
3 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OSHA | | $0 | We recommend that the Acting Assistant Secretary for Occupational Safety and Health implement a policy for future emphasis programs, that minimizes the lapse in enforcement between canceled, revised or new programs. |
| 002 | OSHA | | $0 | We recommend that the Acting Assistant Secretary for Occupational Safety and Health provide the OIG with “read-only” access to OIS to facilitate data requests on future audits. |
| 003 | OSHA | | $0 | We recommend that the Acting Assistant Secretary for Occupational Safety and Health establish meaningful goals and processes to assess whether OSHA’s outreach events are achieving the desired results, in reaching a targeted number of workers at risk of exposure to silica. |
Unemployment Insurance Overpayments Related to Work Search Underscore the Need for More Consistent State Requirements
Audit Report to ETA,
04-21-001-03-315 issued on 09/29/2021
4 recommendations, of which 1 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 002 | ETA | | $0 | We recommend the following to the Principal Deputy Assistant Secretary of Employment and Training: Examine the effectiveness of Benefit Accuracy Measurement’s contact verification process to ensure it reflects the current methods claimants use to seek work. |
| 003 | ETA | | $0 | We recommend the following to the Principal Deputy Assistant Secretary of Employment and Training: Provide guidance to states notifying them that formal and informal warnings are not permissible under Federal work search law. |
| 004 | ETA | | $0 | We recommend the following to the Principal Deputy Assistant Secretary of Employment and Training: Include in the UI improper payment estimate: (1) overpayments related to work search formal and informal warnings; and (2) payments to claimants who provide no or insufficient documentation to support eligibility with respect to work search, consistent with the Middle Class Tax Relief and Job Creation Act and OMB guidance that defines improper payments. |
The U.S. Department of Labor Complied with the PIIA for FY 2020, but Reported Unemployment Insurance Did Not Represent Total Program Year Expenses
Audit Report to OCFO,
22-21-007-13-001 issued on 08/06/2021
1 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OCFO | | $0 | We recommend that DOL management develop procedures to ensure changes to its improper payment process are communicated to OMB in a timely manner and those communications are properly maintained for subsequent review and inspection. |
Alert Memorandum: The Employment and Training Administration Does Not Require the National Association of State Workforce Agencies to Report Suspected Unemployment Insurance Fraud Data to the Office of Inspector General or DOL’s Employment and Training Administration.
Audit Report to ETA,
19-21-006-03-315 issued on 07/01/2021
2 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | ETA | | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training take immediate action to require NASWA to refer information to ETA and the OIG on suspected fraud, waste, abuse, mismanagement, or misconduct, per DLMS 8-106(D)(3). Such actions could include modification of ETA’s grant award or issuance of unemployment insurance program policy guidance to ensure ETA complies with the notice requirement and its grantees comply with the reporting requirements of the DLMS. |
| 002 | ETA | | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training continue to work with the OIG and, within 30 days of this memorandum, meet with the OIG to develop a permanent approach to OIG access to IDH data. |
Alert Memorandum: The Employment and Training Administration Needs to Issue Guidance to Ensure State Workforce Agencies Provide Requested Unemployment Insurance Data to the Office of Inspector General
Audit Report to ETA,
19-21-005-03-315 issued on 06/18/2021
5 recommendations, of which 1 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | ETA | | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training: Amend 20 CFR 603.5 and 603.6(a) through the rulemaking process to reinforce that UI information must be provided to DOL OIG for all IG engagements authorized under the IG Act, including audits, evaluations, and investigations. |
| 002 | ETA | | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training: Issue a new UIPL within 15 days of this memorandum to instruct SWAs that disclosure of information to the OIG for audits, evaluations, and investigations is mandatory without need for a subpoena, and that the OIG will notify SWAs directly of current and future information disclosure requirements, to include data elements. |
| 003 | ETA | | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training: Ensure the new UIPL guidance advises SWAs that they may not require the OIG to enter into data sharing agreements as a prerequisite to disclosure of information to the OIG for audits, consistent with the IG Act and federal law. |
| 005 | ETA | | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training: Continue to work with the OIG, and within 30 days of the memorandum, meet with the OIG to develop a permanent approach for OIG access to UI data. |
Covid-19: States Struggled To Implement Cares Act Unemployment Insurance Programs
Audit Report to ETA,
19-21-004-03-315 issued on 05/28/2021
4 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | ETA | | $0 | We recommend the following to the Principal Deputy Assistant Secretary for Employment and Training conduct a study to assess the technological needs of the UI programs to determine the capabilities that need to be upgraded or replaced; the features necessary to effectively respond to rapid changes in the volume of claims in times of emergency or high unemployment; the capabilities needed to ensure effective and equitable delivery of benefits; and the capabilities to minimize fraudulent activities. |
| 002 | ETA | | $33,745,677,576 | Continue to work with states to develop, operate, and maintain a modular set of technological capabilities to modernize the delivery of UI benefits that is sufficient to manage and process sudden spikes in claims volume during emergencies or high unemployment. |
| 003 | ETA | | $0 | Assist states with claims, overpayment, and fraud reporting to create clear and accurate information. Then use the overpayment and fraud reporting to prioritize and assist states with fraud detection and recovery. |
| 004 | ETA | | $0 | Develop standards for providing clear and reasonable timeframes to implement temporary programs to establish expectations for prompt benefit payments to claimants. |
MSHA Can Improve How Violations Are Issued, Terminated, Modified, and Vacated
Audit Report to MSHA,
05-21-002-06-001 issued on 03/31/2021
10 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Provide refresher training to inspectors and supervisors on complying with MSHA guidance for each violation type. |
| 002 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Provide training on how to determine the subsequent inspection when multiple inspections overlap, enter violations into the system in the same chronological order identified, be specific when writing the “Area or Equipment” entry, and when it is appropriate to list “No area affected” for an order. |
| 003 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Update system controls to improve compliance of MSHA violations with the Mine Act and MSHA guidance in the following instances: a. Verify only authorized violation types used; b. Include all required phrases automatically in the “Condition or Practice” entry when the inspector selects 103(a) citations, 104(g)(1) orders, 104(e)(1)/104(e)(2) orders, or 107(a) orders; c. Ensure 104(d) orders and 104(g)(1) orders cite eligible CFR sections; d. Verify the correlations between the CFR or Mine Act sections of 104(b) orders and the original violation; e. Verify 104(d)(1) orders, 104(d)(2) orders, 104(e)(1) orders, and 104(e)(2) orders reference the correct “initial action” by including additional crucial attributes in the system controls, such as issue date, event number, and event start date; f. Verify orders have the “Area or Equipment” entry populated when initially issuing the violation; g. Apply system controls to modifications done directly in MCAS, such as modifications due to court decisions or settlements; h. Identify modifications needed to other violations when vacating or modifying a violation; i. Verify the reasonableness of the due dates and provide warnings to inspectors when due dates appear longer than necessary; and j. Provide a warning message to inspectors when trying to issue a safeguard at a mine that would lead to multiple safeguards citing the same regulation issued for a single mine. |
| 004 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Update the Citation and Order Writing Handbook to clarify situations when multiple safeguards can be issued for a single mine and to correct any examples that do not comply with the instructions listed in the Handbook. |
| 005 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Improve the violations termination process by decreasing the percentage of future untimely terminations, improving the use of 104(b) orders, and not allowing due dates to be extended unless for specific, justified reasons listed on the violation form. |
| 006 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Provide training on how to write specific supporting reasons on the violation forms or other documentation (e.g., vacate memos) when extending, modifying, or vacating violations. |
| 007 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Develop a metric to measure performance and an internal control to verify timely uploading of violations from the inspector’s laptop/tablet into MCAS. |
| 008 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Complete periodic reviews to determine whether MSHA personnel are meeting the timely upload and recording of violations in MCAS, terminating violations by the due date, and effectively using 104(b) orders. |
| 009 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Simplify the design of the supervisory checklists by revising compound questions into simple questions answerable by a single response (yes, no, or not applicable) and provide refresher training on the quantity completion requirements, how to properly complete and review the checklist, and the importance of providing feedback using the checklist. |
| 010 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Work with the Solicitor’s Office and the Federal Mine Safety and Health Review Commission to implement a process to ensure violations listed in settlement agreements or court decisions still comply with the Mine Act and Mathies test. |
COVID-19: Increased Worksite Complaints and Reduced OSHA Inspections Leave U.S. Workers’ Safety at Increased Risk
Audit Report to OSHA,
19-21-003-10-105 issued on 02/25/2021
4 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OSHA | | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health. Improve OSHA’s inspection strategy by prioritizing very high and high-risk employers for COVID-19 related onsite inspections as businesses reopen and increase operations in various localities across the United States. |
| 002 | OSHA | | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health. Ensure remote inspections are tracked retroactive to February 1, 2020. |
| 003 | OSHA | | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health. Compare remote inspections to onsite inspections, and at a minimum provide analysis that addresses their frequency and timeliness for identifying and abating worksite hazards. |
| 004 | OSHA | | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health. Analyze and determine whether establishing an infectious disease specific ETS is necessary to help control the spread of COVID-19 as employees return to worksites. |
Alert Memorandum: The Employment and Training Administration (ETA) Needs to Ensure State Workforce Agencies (SWA) Implement Effective Unemployment Insurance Program Fraud Controls for High Risk Areas
Audit Report to ETA,
19-21-002-03-315 issued on 02/22/2021
2 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | ETA | | $5,409,966,198 | We recommend the Principal Deputy Assistant Secretary of Employment and Training establish effective controls, in collaboration with SWAs, to mitigate fraud and other improper payments to ineligible claimants, including the areas identified in the memorandum: UI benefits paid to multi-state claimants, claimants who used the social security numbers of deceased individuals, potentially ineligible federal inmates, and claimants with suspicious email accounts. Effective controls will help prevent similar or greater amounts of fraud and allow those funds to be put to better use. |
| 002 | ETA | | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training work with Congress to establish legislation requiring SWAs to cross match high-risk areas, including the four areas identified in the memo. |
FY 2020 FISMA DOL Information Security Report: Progress Needed to Improve Risk Management and Continuous Monitoring Information Security Controls
Audit Report to OASAM,
23-21-001-07-725 issued on 12/22/2020
25 recommendations, of which 7 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 002 | OASAM | | $0 | Complete, approve, and implement its Enterprise Architecture and related artifacts. |
| 006 | OASAM | | $0 | Provide training to responsible personnel over the third-party continuous monitoring review checklist. |
| 007 | OASAM | | $0 | Validate that the classification of DOL systems is in accordance with policy, and that system interconnections are appropriately documented within its inventory. |
| 008 | OASAM | | $0 | Develop, define, implement, and monitor change management key performance indicators that align DOL’s goals and objectives. |
| 009 | OASAM | | $0 | Enforce DOL policies and procedures regarding separation of duties so developers do not possess the ability to migrate changes to production. |
| 010 | OASAM | | $0 | Enforce DOL security baseline polices with DOL’s CSPs and develop a security configuration checklist for the CSPs. |
| 011 | OASAM | | $0 | Implement a process for approving deviations from established configuration settings. |
| 012 | OASAM | | $0 | Provide training to responsible personnel addressing the new guidance for operational activities, including the patch management process. |
| 013 | OASAM | | $0 | Provide additional resources to support operational activities during unforeseen circumstances. |
| 015 | OASAM | | $0 | Reinforce the PIV Exemption approval process through training. |
| 016 | OASAM | | $0 | Implement a process for periodic review or monitoring of PIV Exemptions to ensure the process is operating effectively. |
| 017 | OASAM | | $0 | Implement policies and procedures regarding user access reviews for tenants that reside on the platform as a service in accordance with requirements outlined in the DOL CSH. |
| 018 | OASAM | | $0 | Provide additional resources to support the security requirements and a training over the application user access review process, as documented in the DOL CSH. |
| 020 | OASAM | | $0 | Document the responsibilities of control activities for tenants that reside on the PaaS through policies and procedures that include user activity reviews in accordance with requirements outlined in the DOL policy. |
| 021 | OASAM | | $0 | Provide training over the application user activity review process. |
| 023 | OASAM | | $0 | Develop sufficiently defined quantitative and qualitative metrics that provide meaningful indications of security status and trend analysis at all risk management tiers. |
| 024 | OASAM | | $0 | Monitor contingency plan testing and exercises through examination of after-action reviews. |
| 025 | OASAM | | $0 | Validate that systems have received either the appropriate classification or risk waiver that would exempt the system from specific security requirements. |
Management Advisory Comments Identified in an Audit of the Consolidated Financial Statements, For the Year Ended September 30, 2020
Audit Report to OCFO,
22-21-005-13-001 issued on 12/18/2020
20 recommendations, of which 11 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OCFO | | $0 | We recommend that the CFO, in conjunction with management of other key agencies within DOL, enhance the related policies and procedures to clarify how agencies should perform and document their identification, assessment, and response to risks, and how DOL should aggregate and assess those risks for the entity as a whole. |
| 002 | OCFO | | $0 | We recommend that the Director of the OWCP reinforce with the service provider the requirements to obtain DEEOIC’s approval for medical bills exceeding the applicable review thresholds prior to payment. |
| 003 | OCFO | | $0 | We recommend that the Director of the OWCP implement a monitoring control to periodically verify that the service provider has sent all medical bills over the applicable thresholds to DEEOIC management for approval prior to payment. |
| 009 | OCFO | MULTI | $0 | We recommend that the Assistant Secretary for Policy and the Assistant Secretary for VETS enforce accountability of grant officers and closeout specialists to incentivize timely execution and process improvement. |
| 010 | OCFO | OASAM | $0 | We recommend that the Assistant Secretary for Policy and the Assistant Secretary for VETS continue to fully implement monitoring controls to track the status of grants during their closeout processes to ensure proper follow-up and timely execution. |
| 011 | OCFO | MULTI | $0 | We recommend that the Assistant Secretary for Policy and the Assistant Secretary for VETS administer grant closeout continuous improvement trainings for all agencies to address inconsistent grant closeout implementation concerns. |
| 012 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for ETA provide continued training to FPOs, emphasizing the revised expectations of the corrective action plan. |
| 013 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for ETA enforce accountability of the FPOs to facilitate timely and successful remediation of delinquent grant cost reports. |
| 014 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for ETA enhance monitoring controls to track the status of delinquent cost reports to ensure timely acceptance by the FPOs. |
DOL Did Not Demonstrate It Followed A Sound Process in Promulgating the 2017 Tip Rule Notice of Proposed Rulemaking
Audit Report to WHD,
17-21-001-15-001 issued on 12/11/2020
5 recommendations, of which 1 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 01 | WHD | MULTI | $0 | Develop policies and procedures to document its rationale and supporting evidence for key decisions in the development of economic regulatory analysis. |
| 02 | WHD | MULTI | $0 | Develop policies and procedures to document its rationale and supporting evidence when DOL determines the prescribed regulatory guidance does not apply |
| 03 | WHD | | $0 | Enforce policies and procedures that require employees to maintain records that document government business. Employees should not be discouraged from maintaining such records. |
| 04 | WHD | | $0 | Develop policies and procedures to ensure that after a regulatory action has been published in the Federal Register, or otherwise issued to the public, DOL identify for the public in a complete, clear, and simple manner the substantive changes between the draft submitted to OIRA for review and the action subsequently announced. |
Region IX Whistleblower Protection Program Complaints Were Not Complete or Timely
Audit Report to OSHA,
02-21-001-10-105 issued on 11/23/2020
4 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OSHA | | $0 | Explore solutions to improve case management, including tracking completion of the essential elements and alerting the investigator and supervisor when there are periods of inactivity on an investigation. |
| 002 | OSHA | | $0 | Develop and implement a system to track and monitor the work performed by FTEs to better allocate personnel costs by program and ensure resources are used as intended. |
| 003 | OSHA | | $0 | Continue efforts to find solutions to developing a reasonable balance between the quality and timeliness of investigations. |
| 004 | OSHA | | $0 | Ensure OSHA issues an updated WIM by the end of FY 2021 and complete desk guides for all applicable statutes. |
MSHA Needs to Improve Efforts to Protect Coal Miners From Respirable Crystalline Silica
Audit Report to MSHA,
05-21-001-06-001 issued on 11/12/2020
3 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | MSHA | | $0 | Adopt a lower legal exposure limit for silica in coal mines based on current scientific evidence. |
| 002 | MSHA | | $0 | Establish a separate standard for silica that allows MSHA to issue citations and monetary penalties when violations of its silica exposure limit occur. |
| 003 | MSHA | | $0 | Enhance its sampling program to increase the frequency of inspector samples where needed (e.g., by implementing a risk-based approach). |
Special Report on the Federal Employees' Compensation Act Special Benefit Fund
Audit Report to OWCP,
22-21-001-04-431 issued on 10/30/2020
2 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OWCP | | $0 | We recommend that the Director of OWCP complete follow-up actions to determine the claimants' continuing eligibility and the correct amount of the payments, as applicable, and the appropriate resolution of any differences. |
| 002 | OWCP | | $0 | We recommend that the Director of OWCP revise the design of the control in place related to the periodic secondary review of the PERS to require that the review covers the entire fiscal year, and the documentation maintained related to the review is sufficiently detailed to include information such as the specific attributes review for each case, the quantitative impact of exceptions identified, and follow-up actions performed to address them. |
DOL Needs to Do More to Implement the Geospatial Data Act of 2018
Audit Report to OSEC,
23-20-004-01-001 issued on 09/30/2020
2 recommendations, of which 1 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 002 | OSEC | | $0 | We recommend the Chief Data Officer: Create and implement strategies and internal planning that ensure compliance with the GDA, and update geospatial planning strategies once data standards and guidance are issued. |
ETA Should Do More to Assist Vulnerable States Prepare for Disaster Unemployment Assistance Program Implementation
Audit Report to ETA,
04-20-002-03-315 issued on 09/29/2020
3 recommendations, of which 1 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 002 | ETA | | $0 | Create a rapid response team consisting of Federal and state officials capable of providing technical and other assistance to states impacted by major disasters. |
| 003 | ETA | | $95,699 | Recover $95,699 in questioned costs from the FLDEO and VIDOL for participants whose eligibility they could not substantiate. |
DOL Needs To Do More To Secure Employees' Personally Identifiable Information in the Travel Management System
Audit Report to OCFO, 23-20-003-13-001 issued on 09/10/2020
2 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OCFO | | $0 | Establish and implement procedures to ensure E2 account management practices enforce DOL’s security policies. |
| 002 | OCFO | | $0 | Establish and implement procedures to ensure E2 is managed in compliance with contractual security requirements and DOL computer security policies for contracted information systems. |
COVID-19: OSHA Needs to Improve Its Handling of Whistleblower Complaints During the Pandemic
Audit Report to OSHA,
19-20-010-10-105 issued on 08/14/2020
3 recommendations, of which 1 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 002 | OSHA | | $0 | Continue to monitor and evaluate the Region II triage pilot and consider extending the triage process to all regions to expedite screening whistleblower complaints. |
| 003 | OSHA | | $0 | Develop a caseload management plan to more equitably distribute whistleblower complaints received amongst investigators. |
COVID-19: More Can Be Done to Mitigate Risk to Unemployment Compensation Under The CARES Act
Audit Report to ETA,
19-20-008-03-315 issued on 08/07/2020
4 recommendations, of which 2 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 002 | ETA | | $0 | Include CARES Act UI transactions in the BAM or develop an alternative methodology to reliably estimate improper payments for those programs. |
| 004 | ETA | | $0 | Issue guidance directing states to provide routine access to state UI claimant data, in order to prevent and detect fraud. |
COVID-19: MSHA Faces Multiple Challenges in Responding to the Pandemic
Audit Report to MSHA,
19-20-006-06-001 issued on 07/24/2020
2 recommendations, of which 1 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health monitor the: Potential backlog of suspended and reduced enforcement activities and develop a plan to manage the backlog once full operations resume. |
Alert Memorandum: Vulnerability in OWCP FECA Bill Pay Processing System
Audit Report to OWCP, 50-20-001-04-430 issued on 05/07/2020
1 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 01 | OWCP | | $0 | This recommendation contains sensitive information and will not be posted. |
OFCCP Did Not Show It Adequately Enforced EEO Requirements on Federal Construction Contracts.
Audit Report to OFCCP,
04-20-001-14-001 issued on 03/27/2020
2 recommendations, of which 1 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 002 | OFCCP | | $0 | Update participation goals for minorities and females, and implement processes to keep all participation goals current. |
Review of the Occupational Safety and Health Administration's Referral to and Reclamation of Debt from the U.S. Department of the Treasury.
Audit Report to OSHA,
22-20-006-10-001 issued on 03/16/2020
4 recommendations, of which 3 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 003 | OSHA | | $0 | We recommend the Assistant Secretary for OSHA revise OSHA’s Debt Collection Procedures to comply with OMB Circular A-129. |
FY 2019 FISMA DOL Information Security Report Implementation of Security Tools Hindered by Insufficient Planning
Audit Report to OASAM,
23-20-002-07-725 issued on 12/23/2019
20 recommendations, of which 8 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 002 | OASAM | | $0 | Implement technologies for both DOL and the Bureau of Labor Statistics to detect and prevent unauthorized hardware and software from connecting to the local DOL network. |
| 003 | OASAM | | $0 | Verify that annual assessments of third-party providers, including cloud service providers, are formally documented, reviewed, and signed by appropriate levels of management. |
| 005 | OASAM | | $0 | Develop and implement performance metrics for configuration management. |
| 006 | OASAM | | $0 | Design and implement controls and policies to formally perform and document the periodic review of baseline configuration scans across DOL servers and databases. |
| 007 | OASAM | | $0 | Design and implement controls to monitor DOL assets for missing patches, service packs, hot fixes, and other software updates that are not associated with a CVE. |
| 008 | OASAM | | $0 | Enhance vulnerability scanning monitoring controls and procedures to track and remediate outstanding vulnerabilities in a timely manner. |
| 011 | OASAM | | $0 | Finalize the implementation of the access control technologies. |
| 012 | OASAM | | $0 | Develop and implement access control performance metrics. |
| 013 | OASAM | | $0 | Design and implement controls to perform and document a periodic review of audit logs that report privileged user activity. |
| 015 | OASAM | | $0 | Implement data encryption configurations/solutions at the server level for data at rest for sensitive information (PII). |
| 016 | OASAM | | $0 | Update the ISCM strategy guide with current ISCM performance metrics. |
| 019 | OASAM | | $0 | Develop and implement contingency planning performance metrics. |
Management Advisory Comments Identified in an Audit of the Consolidated Financial Statements, For the Year Ended September 30, 2019
Audit Report to OCFO,
22-20-005-13-001 issued on 12/19/2019
20 recommendations, of which 14 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 009 | OCFO | OASAM | $0 | The Chief Information Officer coordinate efforts among the DOL agencies to design and implement procedures and controls to address account management, in key financial feeder systems. |
| 010 | OCFO | OASAM | $0 | The Chief Information Officer monitor the agencies’ progress to ensure that established procedures and controls are operating effectively and maintained. |
| 011 | OCFO | OASAM | $0 | The Chief Information Officer enforce separation of duties among users assigned access to the DOL’s systems’ infrastructure layers to the extent possible. When not possible, an approved risk exemption waiver should be obtained and effective monitoring controls should be developed and implemented. |
| 012 | OCFO | OASAM | $0 | The Chief Information Officer segregate permissions such that production system administrators who have their privileged activities logged are not able to modify, update, or delete source log data to the extent possible and if not possible, include this risk consideration in a formal, signed risk exemption waiver. |
| 015 | OCFO | OASAM | $0 | The Chief Information Officer maintain a current and accurate population of production servers and work with system owners to update that population when server transitions or changes occur outside of any regularly scheduled maintenance updates. |
| 016 | OCFO | OASAM | $0 | The Chief Information Officer enhance vulnerability scanning monitoring controls and procedures to track and remediate outstanding vulnerabilities in a timely manner. |
Stronger Controls Needed Over Web Application Security
Audit Report to OASAM,
23-20-001-07-725 issued on 11/14/2019
3 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OASAM | | $0 | Establish and maintain a comprehensive inventory of web applications, identifying which applications are public-facing and contain sensitive information. Such an inventory should itemize all system interfaces with the web application for the purpose of ensuring the applications are properly secured and to enable a quick response when new vulnerabilities are encountered. |
| 002 | OASAM | | $0 | Review and update DOL POA&M policy to ensure agency corrective actions and timeframes are implemented. |
| 003 | OASAM | | $0 | Establish and verify the implementation of Department-wide policies and procedures specific to associated risks to web applications, securing web servers, and web application programming. |
ETA Had No Reasonable Assurance that $183 Million in TST Funds Helped Get H-1B Jobs
Audit Report to ETA,
06-19-001-03-391 issued on 09/27/2019
3 recommendations, of which 2 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 002 | ETA | | $0 | We recommend that the Assistant Secretary for Employment and Training oversee and monitor the development and implementation of monitoring procedures to ensure future H-1B training grantees provide the proposed training to help participants obtain employment in an H-1B occupation or advance along the career pathway. |
Job Corps Should do More to Prevent Cheating in High School Programs
Audit Report to ETA,
26-19-001-03-370 issued on 09/25/2019
5 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training require Job Corps establish basic preventative controls for cheating for all high school programs operated by centers. |
| 002 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training require Job Corps ensure centers partner only with those school providers with established cheating or academic integrity policies that include basic preventative controls. |
| 003 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training require Job Corps ensure reviews of high school programs are ongoing, consistent, and routine and, at a minimum, cover key controls to detect cheating. |
| 004 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training require Job Corps regularly collect and analyze center-wide data for unusual trends or outcomes to detect cheating. |
| 005 | ETA | | $0 | We recommend the Assistant Secretary for Employment and Training require Job Corps develop a centralized process to ensure deficiencies are timely mitigated and address their root causes. |
MSHA Can Improve Its Pre-Assessment Conferencing Program
Audit Report to MSHA,
05-19-001-06-001 issued on 09/23/2019
9 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health provide training to Conference Litigation Representatives and district management on how to write specific supporting reasons for conference decisions in conference files and violation forms. |
| 002 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health provide training to district management on how provide effective oversight over the pre-assessment conference program. The training should focus on reviewing the conference file and the system data for completeness and accuracy. Note: This recommendation applies to issues 1 (conference files) and 3 (system data). |
| 003 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health review each district’s process to ensure Conference Litigation Representatives consistently, in a way that does not create embarrassment or conflict, communicate the reasons they modify or vacate violations with supervisors and issuing inspectors and participate in staff meetings and at district training sessions for inspection personnel. |
| 004 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health develop MSHA Standardized Information System reports showing a summary of conference decisions that Conference Litigation Representatives can use as their monthly report and changes made to violation form attributes through conferencing decisions that MSHA can use to identify high-risk attributes and research the root causes for trends. |
| 005 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health revise the Alternative Case Resolution Handbook to require districts to document reasons supporting conference decisions to uphold a violation. The reason for an uphold decision should explain why any new evidence presented by the operator at the conference did not persuade MSHA to change the violation. |
| 006 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health revise the Alternative Case Resolution Handbook to clarify requirements for CLR monthly reporting. For example, the guidance should address the method(s) allowed and the minimum level of detail that CLRs should describe in the report. |
| 007 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health provide training on how to populate MSHA’s Standardized Information System from the conference files and the importance of the importance of filling in all data fields. The training should focus on defining the required conferencing fields in MSIS to populate, identifying what documentation in the conference file to use when populating each field, and defining appropriate times to cancel a conference. |
| 008 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health update MSHA’s Standardized Information System with two system controls that require users to populate all required fields and prevent personnel from entering dates in the wrong order. |
| 009 | MSHA | | $0 | We recommend the Assistant Secretary for Mine Safety and Health perform periodic reviews of MSHA’s Standardized Information System data to ensure that districts are accurately populating it and marking conferences as completed in a timely manner. |
MSHA Did Not Evaluate Whether Civil Monetary Penalties Effectively Deterred Unsafe Mine Operations
Audit Report to MSHA,
23-19-002-06-001 issued on 08/16/2019
2 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | MSHA | | $0 | Develop metrics for the CMP program that will allow review and measurement of its effect on changing operator behavior to deter unsafe mine operations. |
| 002 | MSHA | | $0 | Implement controls to ensure good standing of operators with regard to safety record and delinquency status prior to assigning a legal mine identification number or changing the legal ownership structure of a mine. |
Report Title Contains Sensitive Information
Audit Report to OASAM, 50-19-002-07-725 issued on 06/17/2019
2 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 01 | OASAM | | $0 | This recommendation contains sensitive information and will not be posted. |
| 02 | OASAM | | $0 | This recommendation contains sensitive information and will not be posted. |
OSHA Procedures for Issuing Guidance Were Not Adequate and Mostly Not Followed
Audit Report to OSHA,
02-19-001-10-105 issued on 03/28/2019
4 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OSHA | | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Establish procedures to require staff to demonstrate that issuing a document as guidance is appropriate under APA and OSH Act requirements. |
| 002 | OSHA | | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Maintain complete records to demonstrate compliance with OSHA criteria for issuance. |
| 003 | OSHA | | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Establish and enforce a monitoring function to ensure its staff fully comply with written procedures and maintain complete records that demonstrate guidance meets criteria for issuance. |
| 004 | OSHA | | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Train officials and staff as needed on their roles and responsibilities for internal controls related to the issuance of guidance and the potential risks of disregarding or circumventing controls. |
FY 2018 FISMA DOL Information Security Report
Audit Report to OASAM,
23-19-001-07-725 issued on 03/13/2019
5 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OASAM | | $0 | Conduct a risk assessment to identify the root causes of the identified deficiencies; |
| 002 | OASAM | | $0 | Document, track, and implement milestones and corrective actions to timely remediate all identified deficiencies that have been communicated to DOL management. |
| 003 | OASAM | | $0 | Coordinate efforts among the DOL agencies to design and implement procedures and controls to address account management, system access settings, configuration management, system audit log configuration and reviews, and patching and vulnerability management control deficiencies in key financial feeder systems. |
| 004 | OASAM | | $0 | Monitor the agencies’ ongoing progress to ensure that established procedures and controls are operating effectively; |
| 005 | OASAM | | $0 | Develop and implement performance metrics that will be used to manage and measure the effectiveness of the DOL information security program. |
Experience Works, Inc. Misused more than $4 million in SCSEP Funds
Audit Report to ETA,
26-18-002-03-360 issued on 09/28/2018
6 recommendations, of which 5 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 006 | ETA | | $0 | Principal Deputy Assistant Secretary for Employment and Training require ETA to improve its monitoring of SCSEP grant funds to ensure grantee operations are consistent with the agency mission, in compliance with laws and regulations, and with minimal potential for waste, fraud, and mismanagement. This includes providing monitoring staff guidance and training to perform effective risk assessments and monitoring reviews. |
OSHA Needs to Improve the Guidance for its Fatality and Severe Injury Reporting Program to Better Protect Workers
Audit Report to OSHA,
02-18-203-10-105 issued on 09/13/2018
4 recommendations, of which 3 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OSHA | | $0 | We recommend that the Acting Assistant Secretary for Occupational Safety and Health develop formal guidance and train staff on how to detect and prevent underreporting of fatalities and severe injuries. |
DOL Did Not Comply with Improper Payments Elimination and Recovery Act for FY 2017
Audit Report to OCFO,
03-18-002-13-001 issued on 05/15/2018
5 recommendations, of which 4 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 005 | OCFO | | $0 | Maintain its current focus on increasing its technical assistance and funding to states to improve the improper payment reduction strategies in order to ensure compliance with the improper paymentsestimate rate threshold. |
ETA Violated the Bona Fide Needs Rule and the Antideficiency Act
Audit Report to ETA,
26-17-002-03-370 issued on 09/21/2017
5 recommendations, of which 4 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 004 | ETA | | $0 | We recommended the Deputy Assistant Secretary for Employment and Training require ETA to report, in accordance with 31 USC, §1351, §1517(b), the Antideficiency Act violations caused by the bona fide needs rule violations identified in this report. |
Interim Report on Audit of Pharmaceutical Management In DOL Benefit Programs OWCP Needs Better Controls Over Compounded Prescription Drugs
Audit Report to OWCP,
03-17-001-04-431 issued on 05/23/2017
16 recommendations, of which 15 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 003 | OWCP | | $0 | Ensure the Existence of Prescriber/ Claimant Relationship |
MSHA Needs to Provide Better Oversight of Emergency Response Plans
Audit Report to MSHA,
05-17-002-06-001 issued on 03/31/2017
9 recommendations, of which 3 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001a | MSHA | | $0 | We recommend the Deputy Assistant Secretary for Mine Safety and Health reissue PPL P16-V-01 to clarify the mine operators’ responsibility for local coordination under the MINER Act. The revision should inform mine operators to insert language in their ERP referencing the call lists posted at the mine if the ERP does not include them. |
| 001b | MSHA | | $0 | We recommend the Deputy Assistant Secretary for Mine Safety and Health reissue PPL P16-V-01 to clarify the mine operators’ responsibility for local coordination under the MINER Act. The revision should clarify how a mine operator establishes procedures for coordination and communication between the operator, mine rescue teams, and local emergency response personnel and makes provisions for familiarizing local rescue personnel with surface functions that may be required in the course of mine rescue work. |
| 002 | MSHA | | $0 | Maintain an ERP review checklist on MSHA’s website that is updated when requirements change. |
| 003 | MSHA | | $0 | Standardize the ERP review and approval processes and tools across MSHA districts. At minimum, the procedures should specify the a. type of reviews (specialist and/or inspector) the districts should be completing and the frequency for each type of review, b. steps the reviewer should take for a specialist review versus an inspector review and the tools (e.g., standardized review checklist) to use during each review, and c. dates (e.g., Date Received and Decision Date) to enter into the tracking system and instructions on where to obtain each date. |
| 004 | MSHA | | $0 | Issue additional guidance and provide refresher training on how to enter ERP data into the tracking system and use the tracking system to provide oversight. |
| 005 | MSHA | | $0 | Implement a process for headquarters and district personnel to manage the ERP program more effectively by periodically (e.g., quarterly or semi-annually) reviewing reports from the tracking system. |
| 009 | MSHA | | $0 | Issue regulations or guidance to make mine operators aware of tools currently available on MSHA’s website they can use when developing their ERPs and clarify when mine operators should submit an ERP and whether mine operators can exclude certain information from the ERP. |
EBSA Did Not Have the Ability to Protect the Estimated 79 Million Plan Participants in Self-Insured Health Plans from Improper Denials of Health Claims
Audit Report to EBSA,
05-17-001-12-121 issued on 11/18/2016
5 recommendations, of which 4 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | EBSA | | $0 | We recommend the Assistant Secretary for Employee Benefits Security reduce or eliminate exemption thresholds for small plans. |
FISMA FISCAL YEAR 2015: Ongoing Security Deficiencies Exist
Audit Report to OASAM, 23-16-002-07-725 issued on 09/30/2016
2 recommendations, of which 1 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 01 | OASAM | | $0 | This recommendation contains sensitive information and will not be posted. |
Investigative Advisory Report Weaknesses Contributing to Fraud in the Unemployment Insurance Program
Audit Report to ETA,
50-15-001-03-315 issued on 07/24/2015
6 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | ETA | | $0 | ETA should recommend that SWAs require that all claims be paid by physical check, direct deposited into a checking or savings account, or deposited on a debit card issued by state approved vendors, similar to the debit cards used by the USDASupplemental Nutrition Assistance Program (SNAP). These cards provide for account holder verification. USDA reports that the use of these debit cards has contributed to a significant reduction in benefit fraud over the last decade. |
| 001a | ETA | | $0 | ETA should consider a policy that requires all states to grant the OIG unfettered access to their UI records. This would eliminate the need for subpoenaing UI debit card transaction records by contractually providing OIG access to the following: 1) complete UI records, and 2) UI debit card transaction records, similar to the access given to USDA for the SNAP program. The USDA program uses an electronic "audit trail" from debit card transactions to identify suspicious activity. Their anti-fraud system monitors electronic transaction activity and identifies suspicious activity for analysis and investigation. Currently, some of the SWAs, to include NY, require a subpoena before OIG is permitted access to UI records. Other states, like VA for example, require the OIG to pay a service fee for access to the records. These added steps are cumbersome and often cause unnecessary delays in OIG criminal investigations. |
| 002 | ETA | | $0 | ETA should recommend that SWAs develop a plan to identify multiple claims that originate from the same IP addresses, or from IP addresses from outside the United States, to minimize threats and fraud. In addition, consideration should be given to development of a database where all 53 SWAs will begin recording and sharing incoming IP addresses using a central data collection and exchange point, where common IP addresses can be researched using data analytics to identify and share information concerning potential fraud rings. |
| 002a | ETA | | $0 | In order to reduce claimant anonymity, ETA should recommend that SWAs consider additional verification within 30 days of initial filing if the claim was filed from an identified anonymous IP address or with other fraud indicators. Current regulations permit the SWAs to request photo IDs to validate identity. States should suspend payment of benefits and conduct further investigation if requested information is not provided or the information provided does not resolve identity concerns. |
| 003 | ETA | | $0 | ETA should recommend that SWAs provide all identified fraudulent claimant information into a shared database that can be queried to identify the filing of fraudulent claims against multiple states. One possibility would be to use the existing ETA Fraud Portal, which would make the portal a powerful tool in UI Fraud detection for the SWAs. |
| 004 | ETA | | $0 | ETA should recommend that SWAs remove auto-populating of any data, specifically employer data, in their systems. Claimants should be required to fill out all employer contact information correctly and completely. |
| 005 | ETA | | $0 | ETA should work with all SWAs to strengthen existing systematic audit controls to track access to Pll information. This access data can then be used by investigators and/or a data analytics team to determine if an employee accessed an account that they should not have accessed, or to identify trends of employee access connected to fraudulent claims. |
| 005a | ETA | | $0 | ETA should recommend that SWAs conduct pre-employment and periodic background and credit checks for those employees with direct access to Pll data related to the UI program, and take appropriate actions with regards to employees who have negative results related to periodic suitability investigations. |
| 006 | ETA | | $0 | ETA should identify best practices and strategies for communication between tax operations and benefit operations, and work with the SWAs to adopt them. |
| 006a | ETA | | $0 | ETA should consider as a part of their national strategy the establishment of a data analytics project that focuses on delinquent employers who have failed to pay unemployment taxes and cross match that data against existing UI claims. These projects should be consistent among the SWAs to ensure that data can be shared between the SWAs through the use of the fraud portal or the UI Integrity Center of Excellence. |
Limited-Scope Audits Provide Inadequate Protections to Retirement Plan Participants
Audit Report to EBSA,
05-14-005-12-121 issued on 09/30/2014
5 recommendations, of which 4 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 002 | EBSA | | $0 | We recommend the Assistant Secretary for Employee Benefits Security provide additional formal guidance to plan administrators to identify and adequately support the fair value of plan assets. |
OWCP's Efforts to Detect and Prevent FECA Improper Payments Have Not Addressed Known Weaknesses
Audit Report to OWCP,
03-12-001-04-431 issued on 02/15/2012
5 recommendations, of which 4 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 004 | OWCP | | $0 | OWCP Acting Diretor develop effective procedures, including seeking legislative authority to conduct matches with SSA retirement records, to ensure that claimants who receive SSA retirement benefits are identified timely and their FECA benefits are adjusted accordingly. |
Ineffective Accounting for Sensitive Information Technology Hardware and Software Assets Places DOL at Significant Risk
Audit Report to OASAM,
23-11-001-07-001 issued on 03/31/2011
6 recommendations, of which 0 are closedStatus | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
---|
| 001 | OASAM | | $0 | Assess and take appropriate measures to ensure reports of lost, missing or stolen sensitive IT assets have not resulted. |
| 002 | OASAM | | $0 | Perform a full inventory of the Department’s IT assets that is accurate and complete including an update of the information into a viable inventory management system. |
| 003 | OASAM | | $0 | Consolidate all inventory systems though out DOL to eliminate duplication, realize cost savings, and strengthen inventory. |
| 004 | OASAM | | $0 | Perform required reviews of program agencies’ inventory practices and procedures to ensure full participation in the inventory process across the Department and compliance with Federal information system requirements. |
| 005 | OASAM | | $0 | Develop policies for disposal of sensitive IT assets that presently lack coherent policy. |
| 006 | OASAM | | $0 | Integrate a reliable electronic procurement system with a viable inventory system along with the financial systems to ensure seamless interoperability. |